X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/02e90efb3a8b84025a752dcd9a893c6ce42a3073..89c527ec6b7ffb3549922017fdc362d27cdecf05:/blog/index.html diff --git a/blog/index.html b/blog/index.html index c191bdd53f..8cd4102548 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,823 +20,1166 @@
-
Elektronisk stemmegiving er ikke til å stole på - heller ikke i Norge
-
2010-08-23 19:30
+
DND hedrer overvåkning av barn med Rosingsprisen
+
2010-11-23 14:15
-

I Norge pågår en prosess for å -innføre elektronisk -stemmegiving ved kommune- og stortingsvalg. Dette skal -introduseres i 2011. Det er all grunn til å tro at valg i Norge ikke -vil være til å stole på hvis dette blir gjennomført. Da det hele var -oppe til høring i 2006 forfattet jeg -en -høringsuttalelse fra NUUG (og EFN som hengte seg på) som skisserte -hvilke punkter som må oppfylles for at en skal kunne stole på et valg, -og elektronisk stemmegiving mangler flere av disse. Elektronisk -stemmegiving er for alle praktiske formål å putte ens stemme i en sort -boks under andres kontroll, og satse på at de som har kontroll med -boksen er til å stole på - uten at en har mulighet til å verifisere -dette selv. Det er ikke slik en gjennomfører demokratiske valg.

- -

Da problemet er fundamentalt med hvordan elektronisk stemmegiving -må fungere for at også ikke-krypografer skal kunne delta, har det vært -mange rapporter om hvordan elektronisk stemmegiving har sviktet i land -etter land. En -liten -samling referanser finnes på NUUGs wiki. Den siste er fra India, -der valgkomisjonen har valgt -å -pusse politiet på en forsker som har dokumentert svakheter i -valgsystemet.

- -

Her i Norge har en valgt en annen tilnærming, der en forsøker seg -med teknobabbel for å få befolkningen til å tro at dette skal bli -sikkert. Husk, elektronisk stemmegiving underminerer de demokratiske -valgene i Norge, og bør ikke innføres.

- -

Den offentlige diskusjonen blir litt vanskelig av at media har -valgt å kalle dette "evalg", som kan sies å både gjelde elektronisk -opptelling av valget som Norge har gjort siden 60-tallet og som er en -svært god ide, og elektronisk opptelling som er en svært dårlig ide. -Diskusjonen gir ikke mening hvis en skal diskutere om en er for eller -mot "evalg", og jeg forsøker derfor å være klar på at jeg snakker om -elektronisk stemmegiving og unngå begrepet "evalg".

+

Jeg registrerer med vond smak i munnen at Den Norske Dataforening +hedrer +overvåkning av barn med Rosingsprisen for kreativitet i år. Jeg +er glad jeg nå er meldt ut av DND.

+ +

Å elektronisk overvåke sine barn er ikke å gjøre dem en tjeneste, +men et overgrep mot individer i utvikling som bør læres opp til å ta +egne valg.

+ +

For å sitere Datatilsynets nye leder, Bjørn Erik Thon, i +et intervju +med Computerworld Norge:

+ +

+- For alle som har barn, meg selv inkludert, er førstetanken at det +hadde vært fint å vite hvor barnet sitt er til enhver tid. Men ungene +har ikke godt av det. De er små individer som skal søke rundt og finne +sine små gjemmesteder og utvide horisonten, uten at foreldrene ser dem +i kortene. Det kan være fristende, men jeg ville ikke gått inn i +dette. +

+ +

Det er skremmende å se at DND mener en tjeneste som legger opp til +slike overgrep bør hedres. Å flytte oppveksten for barn inn i en +virtuell +Panopticon er et +grovt overgrep og vil gjøre skade på barnenes utvikling, og foreldre +burde tenke seg godt om før de gir etter for sine instinkter her.

+ +

Blipper-tjenesten får meg til å tenke på bøkene til +John Twelve +Hawks, som forbilledlig beskriver hvordan et totalitært +overvåkningssamfunn bygges sakte men sikkert rundt oss, satt sammen av +gode intensjoner og manglende bevissthet om hvilke prinsipper et +liberalt demokrati er fundamentert på. Jeg har hatt stor glede av å +lese alle de tre bøkene.

- Tags: norsk, nuug, sikkerhet. + Tags: norsk, personvern, sikkerhet.
-
Robot, reis deg...
-
2010-08-21 22:10
+
Lenny->Squeeze upgrades of the Gnome and KDE desktop, now with apt-get autoremove
+
2010-11-22 14:15
-

I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og -har brukt noen timer til å google etter interessante referanser og -aktuell kildekode for bruk på Linux. Det mest lovende så langt er -ispykee, som har en -BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på -lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for -å fjernstyre roboten. Linux-daemonen implementerer deler av -protokollen som roboten forstår. Etter å ha knotet litt med å oppnå -kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg -måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at -den lytter på IP-port 9000 og 9001, gikk jeg i gang med å finne ut -hvordan jeg kunne snakke med roboten vha. disse portene. Robotbiten -av protokollen er publisert av produsenten med GPL-lisens, slik at det -er mulig å se hvordan protokollen fungerer. Det finnes en java-klient -for Android som så ganske snasen ut, men fant ingen kildekode for -denne. Derimot hadde iphone-løsningen kildekode, så jeg tok -utgangspunkt i den.

- -

Daemonen ville i utgangspunktet forsøke å kontakte den sentrale -tjenesten som iphone-programmet kobler seg til. Jeg skrev dette om -til i stedet å sette opp en nettverkstjeneste på min lokale maskin, -som jeg kan koble meg opp til med telnet og gi kommandoer til roboten -(act, forward, right, left, etc). Det involverte i praksis å bytte ut -socket()/connect() med socket()/bind()/listen()/accept() for å gjøre -klienten om til en tjener.

- -

Mens jeg har forsøkt å få roboten til å bevege seg har min samboer -skrudd sammen resten av roboten for å få montert kamera og plastpynten -(armer, plastfiber for lys). Nå er det hele montert, og roboten er -klar til bruk. Må få flyttet den over til mitt vanlige trådløsnett -før det blir praktisk, men de bitene av protokollen er ikke -implementert i ispykee-daemonen, så der må jeg enten få tak i en mac -eller en windows-maskin, eller implementere det selv.

- -

Vi var tre som kjøpte slike roboter, og vi har blitt enige om å -samle notater og referanser på NUUGs wiki. Ta en titt -der hvis du er nysgjerrig.

+

Michael Biebl suggested to me on IRC, that I changed my automated +upgrade testing of the +Lenny +Gnome and KDE Desktop to do apt-get autoremove when using apt-get. +This seem like a very good idea, so I adjusted by test scripts and +can now present the updated result from today:

+ +

This is for Gnome:

+ +

Installed using apt-get, missing with aptitude

+ +

+ apache2.2-bin + aptdaemon + baobab + binfmt-support + browser-plugin-gnash + cheese-common + cli-common + cups-pk-helper + dmz-cursor-theme + empathy + empathy-common + freedesktop-sound-theme + freeglut3 + gconf-defaults-service + gdm-themes + gedit-plugins + geoclue + geoclue-hostip + geoclue-localnet + geoclue-manual + geoclue-yahoo + gnash + gnash-common + gnome + gnome-backgrounds + gnome-cards-data + gnome-codec-install + gnome-core + gnome-desktop-environment + gnome-disk-utility + gnome-screenshot + gnome-search-tool + gnome-session-canberra + gnome-system-log + gnome-themes-extras + gnome-themes-more + gnome-user-share + gstreamer0.10-fluendo-mp3 + gstreamer0.10-tools + gtk2-engines + gtk2-engines-pixbuf + gtk2-engines-smooth + hamster-applet + libapache2-mod-dnssd + libapr1 + libaprutil1 + libaprutil1-dbd-sqlite3 + libaprutil1-ldap + libart2.0-cil + libboost-date-time1.42.0 + libboost-python1.42.0 + libboost-thread1.42.0 + libchamplain-0.4-0 + libchamplain-gtk-0.4-0 + libcheese-gtk18 + libclutter-gtk-0.10-0 + libcryptui0 + libdiscid0 + libelf1 + libepc-1.0-2 + libepc-common + libepc-ui-1.0-2 + libfreerdp-plugins-standard + libfreerdp0 + libgconf2.0-cil + libgdata-common + libgdata7 + libgdu-gtk0 + libgee2 + libgeoclue0 + libgexiv2-0 + libgif4 + libglade2.0-cil + libglib2.0-cil + libgmime2.4-cil + libgnome-vfs2.0-cil + libgnome2.24-cil + libgnomepanel2.24-cil + libgpod-common + libgpod4 + libgtk2.0-cil + libgtkglext1 + libgtksourceview2.0-common + libmono-addins-gui0.2-cil + libmono-addins0.2-cil + libmono-cairo2.0-cil + libmono-corlib2.0-cil + libmono-i18n-west2.0-cil + libmono-posix2.0-cil + libmono-security2.0-cil + libmono-sharpzip2.84-cil + libmono-system2.0-cil + libmtp8 + libmusicbrainz3-6 + libndesk-dbus-glib1.0-cil + libndesk-dbus1.0-cil + libopal3.6.8 + libpolkit-gtk-1-0 + libpt2.6.7 + libpython2.6 + librpm1 + librpmio1 + libsdl1.2debian + libsrtp0 + libssh-4 + libtelepathy-farsight0 + libtelepathy-glib0 + libtidy-0.99-0 + media-player-info + mesa-utils + mono-2.0-gac + mono-gac + mono-runtime + nautilus-sendto + nautilus-sendto-empathy + p7zip-full + pkg-config + python-aptdaemon + python-aptdaemon-gtk + python-axiom + python-beautifulsoup + python-bugbuddy + python-clientform + python-coherence + python-configobj + python-crypto + python-cupshelpers + python-elementtree + python-epsilon + python-evolution + python-feedparser + python-gdata + python-gdbm + python-gst0.10 + python-gtkglext1 + python-gtksourceview2 + python-httplib2 + python-louie + python-mako + python-markupsafe + python-mechanize + python-nevow + python-notify + python-opengl + python-openssl + python-pam + python-pkg-resources + python-pyasn1 + python-pysqlite2 + python-rdflib + python-serial + python-tagpy + python-twisted-bin + python-twisted-conch + python-twisted-core + python-twisted-web + python-utidylib + python-webkit + python-xdg + python-zope.interface + remmina + remmina-plugin-data + remmina-plugin-rdp + remmina-plugin-vnc + rhythmbox-plugin-cdrecorder + rhythmbox-plugins + rpm-common + rpm2cpio + seahorse-plugins + shotwell + software-center + system-config-printer-udev + telepathy-gabble + telepathy-mission-control-5 + telepathy-salut + tomboy + totem + totem-coherence + totem-mozilla + totem-plugins + transmission-common + xdg-user-dirs + xdg-user-dirs-gtk + xserver-xephyr +

+ +

Installed using apt-get, removed with aptitude

+ +

+ cheese + ekiga + eog + epiphany-extensions + evolution-exchange + fast-user-switch-applet + file-roller + gcalctool + gconf-editor + gdm + gedit + gedit-common + gnome-games + gnome-games-data + gnome-nettool + gnome-system-tools + gnome-themes + gnuchess + gucharmap + guile-1.8-libs + libavahi-ui0 + libdmx1 + libgalago3 + libgtk-vnc-1.0-0 + libgtksourceview2.0-0 + liblircclient0 + libsdl1.2debian-alsa + libspeexdsp1 + libsvga1 + rhythmbox + seahorse + sound-juicer + system-config-printer + totem-common + transmission-gtk + vinagre + vino +

+ +

Installed using aptitude, missing with apt-get

+ +

+ gstreamer0.10-gnomevfs +

+ +

Installed using aptitude, removed with apt-get

+ +

+[nothing] +

+ +

This is for KDE:

+ +

Installed using apt-get, missing with aptitude

+ +

+ ksmserver +

+ +

Installed using apt-get, removed with aptitude

+ +

+ kwin + network-manager-kde +

+ +

Installed using aptitude, missing with apt-get

+ +

+ arts + dolphin + freespacenotifier + google-gadgets-gst + google-gadgets-xul + kappfinder + kcalc + kcharselect + kde-core + kde-plasma-desktop + kde-standard + kde-window-manager + kdeartwork + kdeartwork-emoticons + kdeartwork-style + kdeartwork-theme-icon + kdebase + kdebase-apps + kdebase-workspace + kdebase-workspace-bin + kdebase-workspace-data + kdeeject + kdelibs + kdeplasma-addons + kdeutils + kdewallpapers + kdf + kfloppy + kgpg + khelpcenter4 + kinfocenter + konq-plugins-l10n + konqueror-nsplugins + kscreensaver + kscreensaver-xsavers + ktimer + kwrite + libgle3 + libkde4-ruby1.8 + libkonq5 + libkonq5-templates + libnetpbm10 + libplasma-ruby + libplasma-ruby1.8 + libqt4-ruby1.8 + marble-data + marble-plugins + netpbm + nuvola-icon-theme + plasma-dataengines-workspace + plasma-desktop + plasma-desktopthemes-artwork + plasma-runners-addons + plasma-scriptengine-googlegadgets + plasma-scriptengine-python + plasma-scriptengine-qedje + plasma-scriptengine-ruby + plasma-scriptengine-webkit + plasma-scriptengines + plasma-wallpapers-addons + plasma-widget-folderview + plasma-widget-networkmanagement + ruby + sweeper + update-notifier-kde + xscreensaver-data-extra + xscreensaver-gl + xscreensaver-gl-extra + xscreensaver-screensaver-bsod +

+ +

Installed using aptitude, removed with apt-get

+ +

+ ark + google-gadgets-common + google-gadgets-qt + htdig + kate + kdebase-bin + kdebase-data + kdepasswd + kfind + klipper + konq-plugins + konqueror + ksysguard + ksysguardd + libarchive1 + libcln6 + libeet1 + libeina-svn-06 + libggadget-1.0-0b + libggadget-qt-1.0-0b + libgps19 + libkdecorations4 + libkephal4 + libkonq4 + libkonqsidebarplugin4a + libkscreensaver5 + libksgrd4 + libksignalplotter4 + libkunitconversion4 + libkwineffects1a + libmarblewidget4 + libntrack-qt4-1 + libntrack0 + libplasma-geolocation-interface4 + libplasmaclock4a + libplasmagenericshell4 + libprocesscore4a + libprocessui4a + libqalculate5 + libqedje0a + libqtruby4shared2 + libqzion0a + libruby1.8 + libscim8c2a + libsmokekdecore4-3 + libsmokekdeui4-3 + libsmokekfile3 + libsmokekhtml3 + libsmokekio3 + libsmokeknewstuff2-3 + libsmokeknewstuff3-3 + libsmokekparts3 + libsmokektexteditor3 + libsmokekutils3 + libsmokenepomuk3 + libsmokephonon3 + libsmokeplasma3 + libsmokeqtcore4-3 + libsmokeqtdbus4-3 + libsmokeqtgui4-3 + libsmokeqtnetwork4-3 + libsmokeqtopengl4-3 + libsmokeqtscript4-3 + libsmokeqtsql4-3 + libsmokeqtsvg4-3 + libsmokeqttest4-3 + libsmokeqtuitools4-3 + libsmokeqtwebkit4-3 + libsmokeqtxml4-3 + libsmokesolid3 + libsmokesoprano3 + libtaskmanager4a + libtidy-0.99-0 + libweather-ion4a + libxklavier16 + libxxf86misc1 + okteta + oxygencursors + plasma-dataengines-addons + plasma-scriptengine-superkaramba + plasma-widget-lancelot + plasma-widgets-addons + plasma-widgets-workspace + polkit-kde-1 + ruby1.8 + systemsettings + update-notifier-common +

+ +

Running apt-get autoremove made the results using apt-get and +aptitude a bit more similar, but there are still quite a lott of +differences. I have no idea what packages should be installed after +the upgrade, but hope those that do can have a look.

- Tags: norsk, nuug, robot. + Tags: debian, debian edu, english.
-
2 Spykee-roboter i hus, nå skal det lekes
-
2010-08-18 13:30
+
Migrating Xen virtual machines using LVM to KVM using disk images
+
2010-11-22 11:20
-

Jeg kjøpte nettopp to -Spykee-roboter, for test og -leking. Kjøpte to da det var så billige, og gir meg mulighet til å -eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte -ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde -en liten stabel på lager som de ikke hadde klart å selge ut etter -fjorårets juleinnkjøp, og var villig til å selge for en femtedel av -vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og -det blir morsomt å se hva vi får ut av dette.

- -

Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon -og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som -jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i -mai. Eneste utfordringen er at kontroller-programvaren kun finnes til -Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til -firmwaren. :)

+

Most of the computers in use by the +Debian Edu/Skolelinux project +are virtual machines. And they have been Xen machines running on a +fairly old IBM eserver xseries 345 machine, and we wanted to migrate +them to KVM on a newer Dell PowerEdge 2950 host machine. This was a +bit harder that it could have been, because we set up the Xen virtual +machines to get the virtual partitions from LVM, which as far as I +know is not supported by KVM. So to migrate, we had to convert +several LVM logical volumes to partitions on a virtual disk file.

+ +

I found +a +nice recipe to do this, and wrote the following script to do the +migration. It uses qemu-img from the qemu package to make the disk +image, parted to partition it, losetup and kpartx to present the disk +image partions as devices, and dd to copy the data. I NFS mounted the +new servers storage area on the old server to do the migration.

- +
+#!/bin/sh
+
+# Based on
+# http://searchnetworking.techtarget.com.au/articles/35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM
+
+set -e
+set -x
+
+if [ -z "$1" ] ; then
+    echo "Usage: $0 <hostname>"
+    exit 1
+else
+    host="$1"
+fi
+
+if [ ! -e /dev/vg_data/$host-disk ] ; then
+    echo "error: unable to find LVM volume for $host"
+    exit 1
+fi
+
+# Partitions need to be a bit bigger than the LVM LVs.  not sure why.
+disksize=$( lvs --units m | grep $host-disk | awk '{sum = sum + $4} END { print int(sum * 1.05) }')
+swapsize=$( lvs --units m | grep $host-swap | awk '{sum = sum + $4} END { print int(sum * 1.05) }')
+totalsize=$(( ( $disksize + $swapsize ) ))
+
+img=$host.img
+#dd if=/dev/zero of=$img bs=1M count=$(( $disksize + $swapsize ))
+qemu-img create $img ${totalsize}MMaking room on the Debian Edu/Sqeeze DVD
+
+parted $img mklabel msdos
+parted $img mkpart primary linux-swap 0 $disksize
+parted $img mkpart primary ext2 $disksize $totalsize
+parted $img set 1 boot on
+
+modprobe dm-mod
+losetup /dev/loop0 $img
+kpartx -a /dev/loop0
+
+dd if=/dev/vg_data/$host-disk of=/dev/mapper/loop0p1 bs=1M
+fsck.ext3 -f /dev/mapper/loop0p1 || true
+mkswap /dev/mapper/loop0p2
+
+kpartx -d /dev/loop0
+losetup -d /dev/loop0
+
+ +

The script is perhaps so simple that it is not copyrightable, but +if it is, it is licenced using GPL v2 or later at your discretion.

+ +

After doing this, I booted a Debian CD in rescue mode in KVM with +the new disk image attached, installed grub-pc and linux-image-686 and +set up grub to boot from the disk image. After this, the KVM machines +seem to work just fine.

- Tags: norsk, nuug, robot. + Tags: debian, debian edu, english.
-
Rob Weir: How to Crush Dissent
-
2010-08-15 22:20
+
Lenny->Squeeze upgrades, apt vs aptitude with the Gnome and KDE desktop
+
2010-11-20 22:50
-

I found the notes from Rob Weir on -how -to crush dissent matching my own thoughts on the matter quite -well. Highly recommended for those wondering which road our society -should go down. In my view we have been heading the wrong way for a -long time.

+

I'm still running upgrade testing of the +Lenny +Gnome and KDE Desktop, but have not had time to spend on reporting the +status. Here is a short update based on a test I ran 20101118.

+ +

I still do not know what a correct migration should look like, so I +report any differences between apt and aptitude and hope someone else +can see if anything should be changed.

+ +

This is for Gnome:

+ +

Installed using apt-get, missing with aptitude

+ +

+ apache2.2-bin aptdaemon at-spi baobab binfmt-support + browser-plugin-gnash cheese-common cli-common cpp-4.3 cups-pk-helper + dmz-cursor-theme empathy empathy-common finger + freedesktop-sound-theme freeglut3 gconf-defaults-service gdm-themes + gedit-plugins geoclue geoclue-hostip geoclue-localnet geoclue-manual + geoclue-yahoo gnash gnash-common gnome gnome-backgrounds + gnome-cards-data gnome-codec-install gnome-core + gnome-desktop-environment gnome-disk-utility gnome-screenshot + gnome-search-tool gnome-session-canberra gnome-spell + gnome-system-log gnome-themes-extras gnome-themes-more + gnome-user-share gs-common gstreamer0.10-fluendo-mp3 + gstreamer0.10-tools gtk2-engines gtk2-engines-pixbuf + gtk2-engines-smooth hal-info hamster-applet libapache2-mod-dnssd + libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap + libart2.0-cil libatspi1.0-0 libboost-date-time1.42.0 + libboost-python1.42.0 libboost-thread1.42.0 libchamplain-0.4-0 + libchamplain-gtk-0.4-0 libcheese-gtk18 libclutter-gtk-0.10-0 + libcryptui0 libcupsys2 libdiscid0 libeel2-data libelf1 libepc-1.0-2 + libepc-common libepc-ui-1.0-2 libfreerdp-plugins-standard + libfreerdp0 libgail-common libgconf2.0-cil libgdata-common libgdata7 + libgdl-1-common libgdu-gtk0 libgee2 libgeoclue0 libgexiv2-0 libgif4 + libglade2.0-cil libglib2.0-cil libgmime2.4-cil libgnome-vfs2.0-cil + libgnome2.24-cil libgnomepanel2.24-cil libgnomeprint2.2-data + libgnomeprintui2.2-common libgnomevfs2-bin libgpod-common libgpod4 + libgtk2.0-cil libgtkglext1 libgtksourceview-common + libgtksourceview2.0-common libmono-addins-gui0.2-cil + libmono-addins0.2-cil libmono-cairo2.0-cil libmono-corlib2.0-cil + libmono-i18n-west2.0-cil libmono-posix2.0-cil + libmono-security2.0-cil libmono-sharpzip2.84-cil + libmono-system2.0-cil libmtp8 libmusicbrainz3-6 + libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libopal3.6.8 + libpolkit-gtk-1-0 libpt-1.10.10-plugins-alsa + libpt-1.10.10-plugins-v4l libpt2.6.7 libpython2.6 librpm1 librpmio1 + libsdl1.2debian libservlet2.4-java libsrtp0 libssh-4 + libtelepathy-farsight0 libtelepathy-glib0 libtidy-0.99-0 + libxalan2-java libxerces2-java media-player-info mesa-utils + mono-2.0-gac mono-gac mono-runtime nautilus-sendto + nautilus-sendto-empathy openoffice.org-writer2latex + openssl-blacklist p7zip p7zip-full pkg-config python-4suite-xml + python-aptdaemon python-aptdaemon-gtk python-axiom + python-beautifulsoup python-bugbuddy python-clientform + python-coherence python-configobj python-crypto python-cupshelpers + python-cupsutils python-eggtrayicon python-elementtree + python-epsilon python-evolution python-feedparser python-gdata + python-gdbm python-gst0.10 python-gtkglext1 python-gtkmozembed + python-gtksourceview2 python-httplib2 python-louie python-mako + python-markupsafe python-mechanize python-nevow python-notify + python-opengl python-openssl python-pam python-pkg-resources + python-pyasn1 python-pysqlite2 python-rdflib python-serial + python-tagpy python-twisted-bin python-twisted-conch + python-twisted-core python-twisted-web python-utidylib python-webkit + python-xdg python-zope.interface remmina remmina-plugin-data + remmina-plugin-rdp remmina-plugin-vnc rhythmbox-plugin-cdrecorder + rhythmbox-plugins rpm-common rpm2cpio seahorse-plugins shotwell + software-center svgalibg1 system-config-printer-udev + telepathy-gabble telepathy-mission-control-5 telepathy-salut tomboy + totem totem-coherence totem-mozilla totem-plugins + transmission-common xdg-user-dirs xdg-user-dirs-gtk xserver-xephyr + zip +

+ +Installed using apt-get, removed with aptitude + +

+ arj bluez-utils cheese dhcdbd djvulibre-desktop ekiga eog + epiphany-extensions epiphany-gecko evolution-exchange + fast-user-switch-applet file-roller gcalctool gconf-editor gdm gedit + gedit-common gnome-app-install gnome-games gnome-games-data + gnome-nettool gnome-system-tools gnome-themes gnome-utils + gnome-vfs-obexftp gnome-volume-manager gnuchess gucharmap + guile-1.8-libs hal libavahi-compat-libdnssd1 libavahi-core5 + libavahi-ui0 libbind9-50 libbluetooth2 libcamel1.2-11 libcdio7 + libcucul0 libcurl3 libdirectfb-1.0-0 libdmx1 libdvdread3 + libedata-cal1.2-6 libedataserver1.2-9 libeel2-2.20 libepc-1.0-1 + libepc-ui-1.0-1 libexchange-storage1.2-3 libfaad0 libgadu3 + libgalago3 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9 + libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2 + libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0 + libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtk-vnc-1.0-0 + libgtkhtml2-0 libgtksourceview1.0-0 libgtksourceview2.0-0 + libgucharmap6 libhesiod0 libicu38 libisccc50 libisccfg50 libiw29 + libjaxp1.3-java-gcj libkpathsea4 liblircclient0 libltdl3 liblwres50 + libmagick++10 libmagick10 libmalaga7 libmozjs1d libmpfr1ldbl libmtp7 + libmysqlclient15off libnautilus-burn4 libneon27 libnm-glib0 + libnm-util0 libopal-2.2 libosp5 libparted1.8-10 libpisock9 + libpisync1 libpoppler-glib3 libpoppler3 libpt-1.10.10 libraw1394-8 + libsdl1.2debian-alsa libsensors3 libsexy2 libsmbios2 libsoup2.2-8 + libspeexdsp1 libssh2-1 libsuitesparse-3.1.0 libsvga1 + libswfdec-0.6-90 libtalloc1 libtotem-plparser10 libtrackerclient0 + libvoikko1 libxalan2-java-gcj libxerces2-java-gcj libxklavier12 + libxtrap6 libxxf86misc1 libzephyr3 mysql-common rhythmbox seahorse + sound-juicer swfdec-gnome system-config-printer totem-common + totem-gstreamer transmission-gtk vinagre vino w3c-dtd-xhtml wodim +

+ +

Installed using aptitude, missing with apt-get

+ +

+ gstreamer0.10-gnomevfs +

+ +

Installed using aptitude, removed with apt-get

+ +

+[nothing] +

+ +

This is for KDE:

+ +

Installed using apt-get, missing with aptitude

+ +

+ autopoint bomber bovo cantor cantor-backend-kalgebra cpp-4.3 dcoprss + edict espeak espeak-data eyesapplet fifteenapplet finger gettext + ghostscript-x git gnome-audio gnugo granatier gs-common + gstreamer0.10-pulseaudio indi kaddressbook-plugins kalgebra + kalzium-data kanjidic kapman kate-plugins kblocks kbreakout kbstate + kde-icons-mono kdeaccessibility kdeaddons-kfile-plugins + kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window + kdeedu kdeedu-data kdeedu-kvtml-data kdegames kdegames-card-data + kdegames-mahjongg-data kdegraphics-kfile-plugins kdelirc + kdemultimedia-kfile-plugins kdenetwork-kfile-plugins + kdepim-kfile-plugins kdepim-kio-plugins kdessh kdetoys kdewebdev + kdiamond kdnssd kfilereplace kfourinline kgeography-data kigo + killbots kiriki klettres-data kmoon kmrml knewsticker-scripts + kollision kpf krosspython ksirk ksmserver ksquares kstars-data + ksudoku kubrick kweather libasound2-plugins libboost-python1.42.0 + libcfitsio3 libconvert-binhex-perl libcrypt-ssleay-perl libdb4.6++ + libdjvulibre-text libdotconf1.0 liberror-perl libespeak1 + libfinance-quote-perl libgail-common libgsl0ldbl libhtml-parser-perl + libhtml-tableextract-perl libhtml-tagset-perl libhtml-tree-perl + libio-stringy-perl libkdeedu4 libkdegames5 libkiten4 libkpathsea5 + libkrossui4 libmailtools-perl libmime-tools-perl + libnews-nntpclient-perl libopenbabel3 libportaudio2 libpulse-browse0 + libservlet2.4-java libspeechd2 libtiff-tools libtimedate-perl + libunistring0 liburi-perl libwww-perl libxalan2-java libxerces2-java + lirc luatex marble networkstatus noatun-plugins + openoffice.org-writer2latex palapeli palapeli-data parley + parley-data poster psutils pulseaudio pulseaudio-esound-compat + pulseaudio-module-x11 pulseaudio-utils quanta-data rocs rsync + speech-dispatcher step svgalibg1 texlive-binaries texlive-luatex + ttf-sazanami-gothic +

+ +

Installed using apt-get, removed with aptitude

+ +

+ amor artsbuilder atlantik atlantikdesigner blinken bluez-utils cvs + dhcdbd djvulibre-desktop imlib-base imlib11 kalzium kanagram kandy + kasteroids katomic kbackgammon kbattleship kblackbox kbounce kbruch + kcron kdat kdemultimedia-kappfinder-data kdeprint kdict kdvi kedit + keduca kenolaba kfax kfaxview kfouleggs kgeography kghostview + kgoldrunner khangman khexedit kiconedit kig kimagemapeditor + kitchensync kiten kjumpingcube klatin klettres klickety klines + klinkstatus kmag kmahjongg kmailcvt kmenuedit kmid kmilo kmines + kmousetool kmouth kmplot knetwalk kodo kolf kommander konquest kooka + kpager kpat kpdf kpercentage kpilot kpoker kpovmodeler krec + kregexpeditor kreversi ksame ksayit kshisen ksig ksim ksirc ksirtet + ksmiletris ksnake ksokoban kspaceduel kstars ksvg ksysv kteatime + ktip ktnef ktouch ktron kttsd ktuberling kturtle ktux kuickshow + kverbos kview kviewshell kvoctrain kwifimanager kwin kwin4 kwordquiz + kworldclock kxsldbg libakode2 libarts1-akode libarts1-audiofile + libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1 + libavahi-core5 libavc1394-0 libbind9-50 libbluetooth2 + libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0 + libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0 + libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0 libicu38 + libiec61883-0 libindex0 libisccc50 libisccfg50 libiw29 + libjaxp1.3-java-gcj libk3b3 libkcal2b libkcddb1 libkdeedu3 + libkdegames1 libkdepim1a libkgantt0 libkleopatra1 libkmime2 + libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1 + libksieve0 libktnef1 liblockdev1 libltdl3 liblwres50 libmagick10 + libmimelib1c2a libmodplug0c2 libmozjs1d libmpcdec3 libmpfr1ldbl + libneon27 libnm-util0 libopensync0 libpisock9 libpoppler-glib3 + libpoppler-qt2 libpoppler3 libraw1394-8 librss1 libsensors3 + libsmbios2 libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 + libtalloc1 libxalan2-java-gcj libxerces2-java-gcj libxtrap6 lskat + mpeglib network-manager-kde noatun pmount tex-common texlive-base + texlive-common texlive-doc-base texlive-fonts-recommended tidy + ttf-dustin ttf-kochi-gothic ttf-sjfonts +

+ +

Installed using aptitude, missing with apt-get

+ +

+ dolphin kde-core kde-plasma-desktop kde-standard kde-window-manager + kdeartwork kdebase kdebase-apps kdebase-workspace + kdebase-workspace-bin kdebase-workspace-data kdeutils kscreensaver + kscreensaver-xsavers libgle3 libkonq5 libkonq5-templates libnetpbm10 + netpbm plasma-widget-folderview plasma-widget-networkmanagement + xscreensaver-data-extra xscreensaver-gl xscreensaver-gl-extra + xscreensaver-screensaver-bsod +

+ +

Installed using aptitude, removed with apt-get

+ +

+ kdebase-bin konq-plugins konqueror +

- Tags: english, lenker, nuug, personvern, sikkerhet. + Tags: debian, debian edu, english.
-
No hardcoded config on Debian Edu clients
-
2010-08-09 20:15
+
Gnash buildbot slave and Debian kfreebsd
+
2010-11-20 07:20
-

As reported earlier, the last few days I have looked at how Debian -Edu clients are configured, and tried to get rid of all hardcoded -configuration settings on the clients. I believe the work to be -mostly done, and the clients seem to work just fine with dynamically -generated configuration.

- -

What is the point, you might ask? The point is to allow a Debian -Edu desktop to integrate into an existing network infrastructure -without any manual configuration.

- -

This is what happens when installing a Debian Edu client here at -the University of Oslo using PXE. With the PXE installation, I am -asked for language (Norwegian Bokmål), locality (Norway) and keyboard -layout (no-latin1), Debian Edu profile (Roaming Workstation), if I -accept to reformat the hard drive (yes), if I want to submit info to -popcon.debian.org (no) and root password (secret). After answering -these questions, the installer goes ahead and does its thing, and -after around 50 minutes it is done. I press enter to finish the -installation, and the machine reboots into KDE. When the machine is -ready and kdm asks for login information, I enter my university -username and password, am told by kdm that a local home directory has -been created and that I must log in again, and finally log in with the -same username and password to the KDE 4.4 desktop. At no point during -this process did it ask for university specific settings, and all the -required configuration was dynamically detected using information -fetched via DHCP and DNS. The roaming workstation is now ready for -use.

- -

How was this done, you might wonder? First of all, here is the -list of things that need to be configured on the client to get it -working properly out of the box:

- - - -

(Hm, did I forget anything? Let me knew if I did.)

- -

The points marked (*) are not required to be able to use the -machine, but needed to provide central storage and allowing system -administrators to track their machines. Since yesterday, everything -but the sitesummary collector URL is dynamically discovered at boot -and installation time in the svn version of Debian Edu.

- -

The IP and DNS setup is fetched during boot using DHCP as usual. -When a DHCP update arrives, the proxy setup is updated by looking for -http://wpat/wpad.dat and using the content of this WPAD file to -configure the http and ftp proxy in /etc/environment and -/etc/apt/apt.conf. I decided to update the proxy setup using a DHCP -hook to ensure that the client stops using the Debian Edu proxy when -it is moved outside the Debian Edu network, and instead uses any local -proxy present on the new network when it moves around.

- -

The DNS names of the LDAP, Kerberos and syslog server and related -configuration are generated using DNS information at boot. First the -installer looks for a host named ldap in the current DNS domain. If -not found, it looks for _ldap._tcp SRV records in DNS instead. If an -LDAP server is found, its root DSE entry is requested and the -attributes namingContexts and defaultNamingContext are used to -determine which LDAP base to use for NSS. If there are several -namingContexts attibutes and the defaultNamingContext is present, that -LDAP subtree is used as the base. If defaultNamingContext is missing, -the subtrees listed as namingContexts are searched in sequence for any -object with class posixAccount or posixGroup, and the first one with -such an object is used as the LDAP base. For Kerberos, a similar -search is done by first looking for a host named kerberos, and then -for the _kerberos._tcp SRV record. I've been unable to find a way to -look up the Kerberos realm, so for this the upper case string of the -current DNS domain is used.

- -

For the syslog server, the hosts syslog and loghost are searched -for, and the _syslog._udp SRV record is consulted if no such host is -found. This algorithm works for both Debian Edu and the University of -Oslo. A similar strategy would work for locating the sitesummary -server, but have not been implemented yet. I decided to fetch and -save these settings during installation, to make sure moving to a -different network does not change the set of users being allowed to -log in nor the passwords required to log in. Usernames and passwords -will be cached by sssd when the user logs in on the Debian Edu -network, and will not change as the laptop move around. For a -non-roaming machine, there is no caching, but given that it is -supposed to stay in place it should not matter much. Perhaps we -should switch those to use sssd too?

- -

The user's SMB mount point for the network home directory is -located when the user logs in for the first time. The LDAP server is -consulted to look for the user's LDAP object and the sambaHomePath -attribute is used if found. If it isn't found, the home directory -path fetched from NSS is used instead. Assuming the path is of the -form /site/server/directory/username, the second part is looked up in -DNS and used to generate a SMB URL of the form -smb://server.domain/username. This algorithm works for both Debian -edu and the University of Oslo. Perhaps there are better attributes -to use or a better algorithm that works for more sites, but this will -do for now. :)

- -

This work should make it easier to integrate the Debian Edu clients -into any LDAP/Kerberos infrastructure, and make the current setup even -more flexible than before. I suspect it will also work for thin -client servers, allowing one to easily set up LTSP and hook it into a -existing network infrastructure, but I have not had time to test this -yet.

- -

If you want to help out with implementing these things for Debian -Edu, please contact us on debian-edu@lists.debian.org.

- -

Update 2010-08-09: Simon Farnsworth gave me a heads-up on how to -detect Kerberos realm from DNS, by looking for _kerberos TXT entries -before falling back to the upper case DNS domain name. Will have to -implement it for Debian Edu. :)

+

Answering +the +call from the Gnash project for +buildbot slaves to test the +current source, I have set up a virtual KVM machine on the Debian +Edu/Skolelinux virtualization host to test the git source on +Debian/Squeeze. I hope this can help the developers in getting new +releases out more often.

+ +

As the developers want less main-stream build platforms tested to, +I have considered setting up a Debian/kfreebsd +machine as well. I have also considered using the kfreebsd +architecture in Debian as a file server in NUUG to get access to the 5 +TB zfs volume we currently use to store DV video. Because of this, I +finally got around to do a test installation of Debian/Squeeze with +kfreebsd. Installation went fairly smooth, thought I noticed some +visual glitches in the cdebconf dialogs (black cursor left on the +screen at random locations). Have not gotten very far with the +testing. Noticed cfdisk did not work, but fdisk did so it was not a +fatal problem. Have to spend some more time on it to see if it is +useful as a file server for NUUG. Will try to find time to set up a +gnash buildbot slave on the Debian Edu/Skolelinux this weekend.

- Tags: debian edu, english, nuug. + Tags: debian, debian edu, english, nuug.
-
Testing if a file system can be used for home directories...
-
2010-08-08 21:20
+
Nå er 74 norske overvåkningskamera registert i OpenStreetmap.org
+
2010-11-18 11:25
-

A few years ago, I was involved in a project planning to use -Windows file servers as home directory servers for Debian -Edu/Skolelinux machines. This was thought to be no problem, as the -access would be through the SMB network file system protocol, and we -knew other sites used SMB with unix and samba as the file server to -mount home directories without any problems. But, after months of -struggling, we had to conclude that our goal was impossible.

- -

The reason is simply that while SMB can be used for home -directories when the file server is Samba running on Unix, this only -work because of Samba have some extensions and the fact that the -underlying file system is a unix file system. When using a Windows -file server, the underlying file system do not have POSIX semantics, -and several programs will fail if the users home directory where they -want to store their configuration lack POSIX semantics.

- -

As part of this work, I wrote a small C program I want to share -with you all, to replicate a few of the problematic applications (like -OpenOffice.org and GCompris) and see if the file system was working as -it should. If you find yourself in spooky file system land, it might -help you find your way out again. This is the fs-test.c source:

- -
-/*
- * Some tests to check the file system sematics.  Used to verify that
- * CIFS from a windows server do not work properly as a linux home
- * directory.
- * License: GPL v2 or later
- * 
- * needs libsqlite3-dev and build-essential installed
- * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
-*/
-
-#define _FILE_OFFSET_BITS 64
-#define _LARGEFILE_SOURCE 1
-#define _LARGEFILE64_SOURCE 1
-
-#define _GNU_SOURCE /* for asprintf() */
-
-#include <errno.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#ifdef TEST_SQLITE
-/*
- * Test sqlite open, as done by gcompris require the libsqlite3-dev
- * package and linking with -lsqlite3.  A more low level test is
- * below.
- * See also <URL: http://www.sqlite.org./faq.html#q5 >.
- */
-#include <sqlite3.h>
-#define CREATE_TABLE_USERS                                              \
-  "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
-int test_sqlite_open(void) {
-  char *zErrMsg;
-  char *name = "testsqlite.db";
-  sqlite3 *db=NULL;
-  unlink(name);
-  int rc = sqlite3_open(name, &db);
-  if( rc ){
-    printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
-    sqlite3_close(db);
-    return -1;
-  }
-
-  /* create tables */
-  rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL,  0, &zErrMsg);
-  if( rc != SQLITE_OK ){
-    printf("error: sqlite table create failed: %s\n", zErrMsg);
-    sqlite3_close(db);
-    return -1;
-  }
-  printf("info: sqlite worked\n");
-  sqlite3_close(db);
-  return 0;
-}
-#endif /* TEST_SQLITE */
-
-/*
- * Demonstrate locking issue found in gcompris using sqlite3.  This
- * work with ext3, but not with cifs server on Windows 2003.  This is
- * done in the sqlite3 library.
- * See also
- * <URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
- * POSIX specification
- * <URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
- */
-int test_gcompris_locking(void) {
-  struct flock fl;
-  char *name = "testsqlite.db";
-  unlink(name);
-  int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
-  printf("info: testing fcntl locking\n");
-
-  fl.l_whence = SEEK_SET;
-  fl.l_pid    = getpid();
-  printf("  Read-locking 1 byte from 1073741824");
-  fl.l_start  = 1073741824;
-  fl.l_len    = 1;
-  fl.l_type   = F_RDLCK;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  printf("  Read-locking 510 byte from 1073741826");
-  fl.l_start  = 1073741826;
-  fl.l_len    = 510;
-  fl.l_type   = F_RDLCK;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  printf("  Unlocking 1 byte from 1073741824");
-  fl.l_start  = 1073741824;
-  fl.l_len    = 1;
-  fl.l_type   = F_UNLCK;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  printf("  Write-locking 1 byte from 1073741824");
-  fl.l_start  = 1073741824;
-  fl.l_len    = 1;
-  fl.l_type   = F_WRLCK;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  printf("  Write-locking 510 byte from 1073741826");
-  fl.l_start  = 1073741826;
-  fl.l_len    = 510;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  printf("  Unlocking 2 byte from 1073741824");
-  fl.l_start  = 1073741824;
-  fl.l_len    = 2;
-  fl.l_type   = F_UNLCK;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  close(fd);
-  return 0;
-}
-
-/*
- * Test if permissions of freshly created directories allow entries
- * below them.  This was a problem with OpenOffice.org and gcompris.
- * Mounting with option 'sync' seem to solve this problem while
- * slowing down file operations.
- */
-int test_subdirectory_creation(void) {
-#define LEVELS 5
-  char *path = strdup("test");
-  char *dirs[LEVELS];
-  int level;
-  printf("info: testing subdirectory creation\n");
-  for (level = 0; level < LEVELS; level++) {
-    char *newpath = NULL;
-    if (-1 == mkdir(path, 0777)) {
-      printf("  error: Unable to create directory '%s': %s\n",
-	     path, strerror(errno));
-      break;
-    }
-    asprintf(&newpath, "%s/%s", path, "test");
-    free(path);
-    path = newpath;
-  }
-  return 0;
-}
-
-/*
- * Test if symlinks can be created.  This was a problem detected with
- * KDE.
- */
-int test_symlinks(void) {
-  printf("info: testing symlink creation\n");
-  unlink("symlink");
-  if (-1 == symlink("file", "symlink"))
-    printf("  error: Unable to create symlink\n");
-  return 0;
-}
-
-int main(int argc, char **argv) {
-  printf("Testing POSIX/Unix sematics on file system\n");
-  test_symlinks();
-  test_subdirectory_creation();
-#ifdef TEST_SQLITE
-  test_sqlite_open();
-#endif /* TEST_SQLITE */
-  test_gcompris_locking();
-  return 0;
-}
-
- -

When everything is working, it should print something like -this:

- -
-Testing POSIX/Unix sematics on file system
-info: testing symlink creation
-info: testing subdirectory creation
-info: sqlite worked
-info: testing fcntl locking
-  Read-locking 1 byte from 1073741824
-  Read-locking 510 byte from 1073741826
-  Unlocking 1 byte from 1073741824
-  Write-locking 1 byte from 1073741824
-  Write-locking 510 byte from 1073741826
-  Unlocking 2 byte from 1073741824
-
- -

I do not remember the exact details of the problems we saw, but one -of them was with locking, where if I remember correctly, POSIX allow a -read-only lock to be upgraded to a read-write lock without unlocking -the read-only lock (while Windows do not). Another was a bug in the -CIFS/SMB client implementation in the Linux kernel where directory -meta information would be wrong for a fraction of a second, making -OpenOffice.org fail to create its deep directory tree because it was -not allowed to create files in its freshly created directory.

- -

Anyway, here is a nice tool for your tool box, might you never need -it. :)

+

Jeg oppdaterte nettopp kartet med overvåkningskamera som +jeg +startet for ca. et og et halvt år siden, og nå er det 74 kamera på +plass. I prosessen med å oppdatere kartet oppdaget jeg ved en +tilfeldighet at webreferansen til registermeldingen hos Datatilsynet +nå ikke lenger er gyldig (se +tidligere +melding). Antar Datatilsynet fjerner utdaterte meldinger fra +databasen. Konsekvensen blir at kameraoversikten i OSM må ha med +søkekriteriene som ble brukt for å finne registermeldingen +(dvs. virksomhetsnavn og organisasjonsnummer), slik at eventuelt nye +meldinger for samme kamera kan finnes igjen.

+ +

Det er dukket opp kamera på +kartet +i Bergensområdet, Stavangerområdet, Osloområdet, Gjøvikområdet og i +Troms. Mange områder og kamera mangler, og jeg er overbevist om at +bare en brøkdel av den enorme mengden kamera som nå finnes i det +offentlige rom er registrert så langt. Instrukser for å legge inn +kamera finnes på websiden for kartet hos +personvernforeningen.

- Tags: debian edu, english, nuug. + Tags: norsk, personvern.
-
Autodetecting Client setup for roaming workstations in Debian Edu
-
2010-08-07 14:45
+
Gjendikte sangen "Copying Is Not Theft" på Norsk?
+
2010-11-10 14:40
-

A few days ago, I -tried -to install a Roaming workation profile from Debian Edu/Squeeze -while on the university network here at the University of Oslo, and -noticed how much had to change to get it operational using the -university infrastructure. It was fairly easy, but it occured to me -that Debian Edu would improve a lot if I could get the client to -connect without any changes at all, and thus let the client configure -itself during installation and first boot to use the infrastructure -around it. Now I am a huge step further along that road.

- -

With our current squeeze-test packages, I can select the roaming -workstation profile and get a working laptop connecting to the -university LDAP server for user and group and our active directory -servers for Kerberos authentication. All this without any -configuration at all during installation. My users home directory got -a bookmark in the KDE menu to mount it via SMB, with the correct URL. -In short, openldap and sssd is correctly configured. In addition to -this, the client look for http://wpad/wpad.dat to configure a web -proxy, and when it fail to find it no proxy settings are stored in -/etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is -configured to look for the same wpad configuration and also do not use -a proxy when at the university network. If the machine is moved to a -network with such wpad setup, it would automatically use it when DHCP -gave it a IP address.

- -

The LDAP server is located using DNS, by first looking for the DNS -entry ldap.$domain. If this do not exist, it look for the -_ldap._tcp.$domain SRV records and use the first one as the LDAP -server. Next, it connects to the LDAP server and search all -namingContexts entries for posixAccount or posixGroup objects, and -pick the first one as the LDAP base. For Kerberos, a similar -algorithm is used to locate the LDAP server, and the realm is the -uppercase version of $domain.

- -

So, what is not working, you might ask. SMB mounting my home -directory do not work. No idea why, but suspected the incorrect -Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be -the cause. These are not properly configured during installation, and -had to be hand-edited to get the correct Kerberos realm and server, -but SMB mounting still do not work. :(

- -

With this automatic configuration in place, I expect a Debian Edu -roaming profile installation would be able to automatically detect and -connect to any site using LDAP and Kerberos for NSS directory and PAM -authentication. It should also work out of the box in a Active -Directory environment providing posixAccount and posixGroup objects -with UID and GID values.

- -

If you want to help out with implementing these things for Debian -Edu, please contact us on debian-edu@lists.debian.org.

+

En genial liten sang om kopiering og tyveri er +Copying Is +Not Theft av Nina Paley. Den vil jeg at +NUUG skal sende på +Frikanalen, men først må vi +fikse norske undertekster eller dubbing. Og i og med at det er en +sang, tror jeg den kanskje bør gjendiktes. + +Selve teksten finner en på bloggen til +tekstforfatteren og den ser slik ut: + +

+

Copying is not theft. +
Stealing a thing leaves one less left +
Copying it makes one thing more; +
that's what copying's for.

+ +

Copying is not theft. +
If I copy yours you have it too +
One for me and one for you +
That's what copies can do

+ +

If I steal your bicycle +
you have to take the bus, +
but if I just copy it +
there's one for each of us!

+ +

Making more of a thing, +
that is what we call "copying" +
Sharing ideas with everyone +
That's why copying +
is +
FUN!

+

+ +

Her er et naivt forsøk på oversettelse, uten noe forsøk på +gjendiktning eller få det til å flyte sammen med melodien.

+ +

+

Kopiering er ikke tyveri. +
Stjeler du en ting er det en mindre igjen +
Kopier den og det er ting til. +
det er derfor vi har kopiering.

+ +

Kopiering er ikke tyveri. +
Hvis jeg kopierer din så har du den fortsatt +
En for meg og en for deg. +
Det er det kopier gir oss

+ +

Hvis jeg stjeler sykkelen din +
så må du ta bussen, +
men hvis jeg bare kopierer den, +
så får vi hver vår!

+ +

Lage mer av en ting, +
det er det vi kaller "kopiering". +
Deler ideer med enhver +
Det er derfor kopiering +
er +
MORSOMT!

+

+ +

Hvis du har forslag til bedre oversettelse eller lyst til å bidra +til å få denne sangen over i norsk språkdrakt, ta kontakt med video +(at) nuug.no.

- Tags: debian edu, english, nuug. + Tags: fildeling, norsk, nuug, opphavsrett, personvern.
-
Debian Edu roaming workstation - at the university of Oslo
-
2010-08-03 23:30
+
Debian in 3D
+
2010-11-09 16:10
-

The new roaming workstation profile in Debian Edu/Squeeze is fairly -similar to the laptop setup am I working on using Ubuntu for the -University of Oslo, and just for the heck of it, I tested today how -hard it would be to integrate that profile into the university -infrastructure. In this case, it is the university LDAP server, -Active Directory Kerberos server and SMB mounting from the Netapp file -servers.

- -

I was pleasantly surprised that the only three files needed to be -changed (/etc/sssd/sssd.conf, /etc/ldap.conf and -/etc/mklocaluser.d/20-debian-edu-config) and one file had to be added -(/usr/share/perl5/Debian/Edu_Local.pm), to get the client working. -Most of the changes were to get the client to use the university LDAP -for NSS and Kerberos server for PAM, but one was to change a hard -coded DNS domain name in the mklocaluser hook from .intern to -.uio.no.

- -

This testing was so encouraging, that I went ahead and adjusted the -Debian Edu scripts and setup in subversion to centralise the roaming -workstation setup a bit more and avoid the hardcoded DNS domain name, -so that when I test this tomorrow, I expect to get away with modifying -only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the -university servers.

- -

My goal is to get the clients to have no hardcoded settings and -fetch all their initial setup during installation and first boot, to -allow them to be inserted also into environments where the default -setup in Debian Edu has been changed or as with the university, where -the environment is different but provides the protocols Debian Edu -uses.

+

+ +

3D printing is just great. I just came across this Debian logo in +3D linked in from +the +thingiverse blog.

- Tags: debian edu, english, nuug. + Tags: 3d-printer, debian, english.
-
Circular package dependencies harms apt recovery
-
2010-07-27 23:50
+
Datatilsynet mangler verktøyet som trengs for å kontrollere kameraovervåkning
+
2010-11-09 14:35
-

I discovered this while doing -automated -testing of upgrades from Debian Lenny to Squeeze. A few packages -in Debian still got circular dependencies, and it is often claimed -that apt and aptitude should be able to handle this just fine, but -some times these dependency loops causes apt to fail.

- -

An example is from todays -upgrade -of KDE using aptitude. In it, a bug in kdebase-workspace-data -causes perl-modules to fail to upgrade. The cause is simple. If a -package fail to unpack, then only part of packages with the circular -dependency might end up being unpacked when unpacking aborts, and the -ones already unpacked will fail to configure in the recovery phase -because its dependencies are unavailable.

- -

In this log, the problem manifest itself with this error:

- -
-dpkg: dependency problems prevent configuration of perl-modules:
- perl-modules depends on perl (>= 5.10.1-1); however:
-  Version of perl on system is 5.10.0-19lenny2.
-dpkg: error processing perl-modules (--configure):
- dependency problems - leaving unconfigured
-
- -

The perl/perl-modules circular dependency is already -reported as a bug, and will -hopefully be solved as soon as possible, but it is not the only one, -and each one of these loops in the dependency tree can cause similar -failures. Of course, they only occur when there are bugs in other -packages causing the unpacking to fail, but it is rather nasty when -the failure of one package causes the problem to become worse because -of dependency loops.

- -

Thanks to -the -tireless effort by Bill Allombert, the number of circular -dependencies -left in Debian -is dropping, and perhaps it will reach zero one day. :)

- -

Todays testing also exposed a bug in -update-notifier and -different behaviour between -apt-get and aptitude, the latter possibly caused by some circular -dependency. Reported both to BTS to try to get someone to look at -it.

+

En stund tilbake ble jeg oppmerksom på at Datatilsynets verktøy for +å holde rede på overvåkningskamera i Norge ikke var egnet til annet +enn å lage statistikk, og ikke kunne brukes for å kontrollere om et +overvåkningskamera i det offentlige rom er lovlig satt opp og +registrert. For å teste hypotesen sendte jeg for noen dager siden +følgende spørsmål til datatilsynet. Det omtalte kameraet står litt +merkelig plassert i veigrøften ved gangstien langs Sandakerveien, og +jeg lurer oppriktig på om det er lovlig plassert og registrert.

+ +

+

Date: Tue, 2 Nov 2010 16:08:20 +0100 +
From: Petter Reinholdtsen <pere (at) hungry.com> +
To: postkasse (at) datatilsynet.no +
Subject: Er overvåkningskameraet korrekt registrert?

+ +

Hei.

+ +

I Nydalen i Oslo er det mange overvåkningskamera, og et av dem er +spesielt merkelig plassert like over et kumlokk. Jeg lurer på om +dette kameraet er korrekt registrert og i henhold til lovverket.

+ +

Finner ingen eierinformasjon på kameraet, og dermed heller ingenting å +søke på i <URL: +http://hetti.datatilsynet.no/melding/report_search.pl >. +Kartreferanse for kameraet er tilgjengelig fra +<URL: +http://people.skolelinux.no/pere/surveillance-norway/?zoom=17&lat=59.94918&lon=10.76962&layers=B0T >. + +

Kan dere fortelle meg om dette kameraet er registrert hos +Datatilsynet som det skal være i henhold til lovverket?

+ +

Det hadde forresten vært fint om rådata fra kameraregisteret var +tilgjengelig på web og regelmessig oppdatert, for å kunne søke på +andre ting enn organisasjonsnavn og -nummer ved å laste det ned og +gjøre egne søk.

+ +

Vennlig hilsen, +
-- +
Petter Reinholdtsen +

+ +

Her er svaret som kom dagen etter:

+ +

+

Date: Wed, 3 Nov 2010 14:44:09 +0100 +
From: "juridisk" <juridisk (at) Datatilsynet.no> +
To: Petter Reinholdtsen +
Subject: VS: Er overvåkningskameraet korrekt registrert? + +

Viser til e-post av 2. november. + +

Datatilsynet er det forvaltningsorganet som skal kontrollere at +personopplysningsloven blir fulgt. Formålet med loven er å verne +enkeltpersoner mot krenking av personvernet gjennom behandling av +personopplysninger.

+ +

Juridisk veiledningstjeneste hos Datatilsynet gir råd og veiledning +omkring personopplysningslovens regler på generelt grunnlag.

+ +

Datatilsynet har dessverre ikke en fullstendig oversikt over alle +kameraer, den oversikten som finner er i vår meldingsdatabase som du +finner her: +http://www.datatilsynet.no/templates/article____211.aspx

+ +

Denne databasen gir en oversikt over virksomheter som har meldt inn +kameraovervåkning. Dersom man ikek vet hvilken virksomhet som er +ansvarlig, er det heller ikke mulig for Datatilsynet å søke dette +opp.

+ +

Webkameraer som har så dårlig oppløsning at man ikke kan gjenkjenne +enkeltpersoner er ikke meldepliktige, da dette ikke anses som +kameraovervåkning i personopplysningslovens forstand. Dersom kameraet +du sikter til er et slikt webkamera, vil det kanskje ikke finnes i +meldingsdatabasen på grunn av dette. Også dersom et kamera med god +oppløsning ikke filmer mennesker, faller det utenfor loven.

+ +

Datatilsynet har laget en veileder som gjennomgår når det er lov å +overvåke med kamera, se lenke: +http://www.datatilsynet.no/templates/article____401.aspx

+ +

Dersom det ikke er klart hvem som er ansvarlig for kameraet, er det +vanskelig for Datatilsynet å ta kontakt med den ansvarlige for å få +avklart om kameraet er satt opp i tråd med tilsynets regelverk. Dersom +du mener at kameraet ikke er lovlig ut fra informasjonen ovenfor, kan +kameraet anmeldes til politiet.

+ +

Med vennlig hilsen

+ +

Maria Bakke +
Juridisk veiledningstjeneste +
Datatilsynet

+

+ +

Personlig synes jeg det bør være krav om å registrere hvert eneste +overvåkningskamera i det offentlige rom hos Datatilsynet, med +kartreferanse og begrunnelse om hvorfor det er satt opp, slik at +enhver borger enkelt kan hente ut kart over områder vi er interessert +i og sjekke om det er overvåkningskamera der som er satt opp uten å +være registert. Slike registreringer skal jo i dag fornyes +regelmessing, noe jeg mistenker ikke blir gjort. Dermed kan kamera +som en gang var korrekt registrert nå være ulovlig satt opp. Det +burde også være bøter for å ha kamera som ikke er korrekt registrert, +slik at en ikke kan ignorere registrering uten at det får +konsekvenser.

+ +

En ide fra England som jeg har sans (lite annet jeg har sans for +når det gjelder overvåkningskamera i England) for er at enhver borger +kan be om å få kopi av det som er tatt opp med et overvåkningskamera i +det offentlige rom, noe som gjør at det kan komme løpende utgifter ved +å sette overvåkningskamera. Jeg tror alt som gjør det mindre +attraktivt å ha overvåkningskamera i det offentlige rom er en god +ting, så et slikt lovverk i Norge tror jeg hadde vært nyttig.

- Tags: debian, english, nuug. + Tags: norsk, personvern, sikkerhet.
-
First Debian Edu test release (alpha0) based on Squeeze is released
-
2010-07-27 17:45
+
Making room on the Debian Edu/Sqeeze DVD
+
2010-11-07 11:45
-

I just posted this announcement culminating several months of work -with the next Debian Edu release. Not nearly done, but one major step -completed.

- -
-

This is the first test release based on Squeeze. The focus of this -release is to test the user application selection. To have a look, -install the standalone profile and let the developers know if the set -of installed packages i.e. applications should be modified. If some -user application is missing, or if there are some applications that no -longer make sense to be included in Debian Edu, please let us know. -Also, if a useful application is missing the translation for your -language of choice, please let us know too.

- -

In addition, feedback and help to polish the desktop (menus, -artwork, starters, etc.) is appreciated. We would like to ship a nice -and handy KDE4 desktop targeted for schools out of the box.

- -

The other profiles should be installable, but there is a lot more -work left to be done before they are ready, so do not expect to -much.

- -

Changes compared to the lenny based version

- -
    -
  • Everything from Debian Squeeze -
      -
    • Desktop environment KDE 4.4 => the new KDE desktop in - combination with some new artwork -
    • Web browser Iceweasel 3.5 -
    • OpenOffice.org 3.2 -
    • Educational toolbox GCompris 9.3 -
    • Music creator Rosegarden 10.04.2 -
    • Image editor Gimp 2.6.10 -
    • Virtual universe Celestia 1.6.0 -
    • Virtual stargazer Stellarium 0.10.4 -
    • 3D modeler Blender 2.49.2 (new application) -
    • Video editor Kdenlive 0.7.7 (new application) -
    • -
  • Now using Kerberos for password checking (migration not finished). - Enabled for: -
      -
    • PAM -
    • LDAP -
    • IMAP -
    • SMTP (sender verification) -
    -
    • -
  • New experimental roaming workstation profile for laptops.
    • -
  • Show welcome page to users when they first log in. The URL is - fetched from LDAP.
    • -
  • New LXDE desktop option, in addition to KDE (default) and Gnome.
    • -
  • General cleanup (not finished)
    • -
-

The following features are not working as they should

- -
    -
  • No web based administration tool for creating users and groups. The - scripts ldap-createuser-krb and ldap-add-user-to-group can be used - for testing.
    • -
  • DVD installs are missing debian-installer images for the PXE boot, - and do not set up the PXE menu on eth0 because of this. LTSP - clients should still boot from eth1 on thin client servers.
    • -
  • The restructured KDE menu is not implemented.
    • -
  • The LDAP server setup need to be reviewed for security.
    • -
  • The LDAP directory structure need to be reworked.
    • -
  • Different sets of packages are installed when using the DVD and the - netinst CD. More packages are installed using the netinst CD.
    • -
  • The jackd package fail to install. This is believed to be caused by - some ongoing transition, and hopefully should be solved soon. The - jackd1 package can be installed manually for those that need it.
    • -
  • Some packages lack translations. See - http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status, - and help out with translations.
    • -
- -

To download this multiarch netinstall release you can use

- - -

To download this multiarch dvd release you can use

- - - -

There is no source DVD available yet. It will be prepared when we -get closer to the final release.

- -

The MD5SUM of these images are

- -
    -
  • 3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-6.0.0+edua0-CD.iso
    • -
  • 22f2cbfce281d1c6e478be452638675d debian-edu-6.0.0+edua0-DVD.iso
    • -
- -

The SHA1SUM of these images are

-
    -
  • c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-6.0.0+edua0-CD.iso
    • -
  • 2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-6.0.0+edua0-DVD.iso
    • -
-

How to report bugs: -http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla

- -

Please direct replies to debian-edu@lists.debian.org

-
+

Prioritising packages for the Debian Edu / +Skolelinux DVD, which is +supposed provide a school with all the services and user applications +needed on the pupils computer network has always been hard. Even +schools without Internet connections should be able to get Debian Edu +working using this DVD.

+ +

The job became a lot harder when apt and aptitude started +installing recommended packages by default. We want the same set of +packages to be installed when using the DVD and the netinst CD, and +that means all recommended packages need to be on the DVD. I created +a patch for debian-cd in BTS +report #601203 to do this, and since this change was applied to +the Debian Edu DVD build, we have been seriously short on space.

+ +

A few days ago we decided to drop blender, wxmaxima and kicad from +the default installation to save space on the DVD, believing that +those needing these applications are few and can get them from the +Debian archive.

+ +

Yesterday, I had a look what source packages to see which packages +were using most space. A few large packages are well know; +openoffice.org, openclipart and fluid-soundfont. But I also +discovered that lilypond used 106 MiB and fglrx-driver used 53 MiB. +The lilypond package is pulled in as a dependency for rosegarden, and +when looking a bit closer I discovered that 99 MiB of the 106 MiB were +the documentation package, which is recommended by the binary package. +I decided to drop this documentation package from our DVD, as most of +our users will use the GUI front-ends and do not need the lilypond +documentation. Similarly, I dropped the non-free fglrx-driver package +which might be installed by d-i when its hardware is detected, as the +free X driver should work.

+ +

With this change, we finally got space for the LXDE and Gnome +desktop packages as well as the language specific packages making the +DVD more useful again.

@@ -876,7 +1219,13 @@ http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla

  • July (12)
    • -
  • August (8)
    • +
  • August (13)
    • + +
  • September (7)
    • + +
  • October (9)
    • + +
  • November (11)
    • @@ -925,7 +1274,7 @@ http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla

    Tags

    -Created by Chronicle v3.7 +Created by Chronicle v3.2