X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/2115f37ef137d707943a1a5a0f6d0ba6df630cee..59c16ba96441776d59c287cc827c044fb36d4ee8:/blog/index.rss
diff --git a/blog/index.rss b/blog/index.rss
index 8f2094baa9..3983f80396 100644
--- a/blog/index.rss
+++ b/blog/index.rss
@@ -7,1047 +7,375 @@
- No hardcoded config on Debian Edu clients
- http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html
- http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html
- Mon, 9 Aug 2010 20:15:00 +0200
+ TED talks på norsk og NUUG-foredrag - frivillige trengs til teksting
+ http://people.skolelinux.org/pere/blog/TED_talks_p___norsk_og_NUUG_foredrag___frivillige_trengs_til_teksting.html
+ http://people.skolelinux.org/pere/blog/TED_talks_p___norsk_og_NUUG_foredrag___frivillige_trengs_til_teksting.html
+ Fri, 1 Oct 2010 11:00:00 +0200
-<p>As reported earlier, the last few days I have looked at how Debian
-Edu clients are configured, and tried to get rid of all hardcoded
-configuration settings on the clients. I believe the work to be
-mostly done, and the clients seem to work just fine with dynamically
-generated configuration.</p>
-
-<p>What is the point, you might ask? The point is to allow a Debian
-Edu desktop to integrate into an existing network infrastructure
-without any manual configuration.</p>
-
-<p>This is what happens when installing a Debian Edu client here at
-the University of Oslo using PXE. With the PXE installation, I am
-asked for language (Norwegian Bokmål), locality (Norway) and keyboard
-layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
-accept to reformat the hard drive (yes), if I want to submit info to
-popcon.debian.org (no) and root password (secret). After answering
-these questions, the installer goes ahead and does its thing, and
-after around 50 minutes it is done. I press enter to finish the
-installation, and the machine reboots into KDE. When the machine is
-ready and kdm asks for login information, I enter my university
-username and password, am told by kdm that a local home directory has
-been created and that I must log in again, and finally log in with the
-same username and password to the KDE 4.4 desktop. At no point during
-this process did it ask for university specific settings, and all the
-required configuration was dynamically detected using information
-fetched via DHCP and DNS. The roaming workstation is now ready for
-use.</p>
-
-<p>How was this done, you might wonder? First of all, here is the
-list of things that need to be configured on the client to get it
-working properly out of the box:</p>
-
-<ul>
-<li>IP address/netmask and DNS server.</li>
-<li>Web proxy URL.</li>
-<li>LDAP server for NSS directory information (user, group, etc).</li>
-<li>Kerberos server for PAM password checking.</li>
-<li>SMB mount point to access the network home directory. (*)</li>
-<li>Central syslog server to send syslog messages to. (*)</li>
-<li>Sitesummary collector URL to submit info to central server. (*)</li>
-</ul>
-
-<p>(Hm, did I forget anything? Let me knew if I did.)</p>
-
-<p>The points marked (*) are not required to be able to use the
-machine, but needed to provide central storage and allowing system
-administrators to track their machines. Since yesterday, everything
-but the sitesummary collector URL is dynamically discovered at boot
-and installation time in the svn version of Debian Edu.</p>
-
-<p>The IP and DNS setup is fetched during boot using DHCP as usual.
-When a DHCP update arrives, the proxy setup is updated by looking for
-http://wpat/wpad.dat and using the content of this WPAD file to
-configure the http and ftp proxy in /etc/environment and
-/etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
-hook to ensure that the client stops using the Debian Edu proxy when
-it is moved outside the Debian Edu network, and instead uses any local
-proxy present on the new network when it moves around.</p>
-
-<p>The DNS names of the LDAP, Kerberos and syslog server and related
-configuration are generated using DNS information at boot. First the
-installer looks for a host named ldap in the current DNS domain. If
-not found, it looks for _ldap._tcp SRV records in DNS instead. If an
-LDAP server is found, its root DSE entry is requested and the
-attributes namingContexts and defaultNamingContext are used to
-determine which LDAP base to use for NSS. If there are several
-namingContexts attibutes and the defaultNamingContext is present, that
-LDAP subtree is used as the base. If defaultNamingContext is missing,
-the subtrees listed as namingContexts are searched in sequence for any
-object with class posixAccount or posixGroup, and the first one with
-such an object is used as the LDAP base. For Kerberos, a similar
-search is done by first looking for a host named kerberos, and then
-for the _kerberos._tcp SRV record. I've been unable to find a way to
-look up the Kerberos realm, so for this the upper case string of the
-current DNS domain is used.</p>
-
-<p>For the syslog server, the hosts syslog and loghost are searched
-for, and the _syslog._udp SRV record is consulted if no such host is
-found. This algorithm works for both Debian Edu and the University of
-Oslo. A similar strategy would work for locating the sitesummary
-server, but have not been implemented yet. I decided to fetch and
-save these settings during installation, to make sure moving to a
-different network does not change the set of users being allowed to
-log in nor the passwords required to log in. Usernames and passwords
-will be cached by sssd when the user logs in on the Debian Edu
-network, and will not change as the laptop move around. For a
-non-roaming machine, there is no caching, but given that it is
-supposed to stay in place it should not matter much. Perhaps we
-should switch those to use sssd too?</p>
-
-<p>The user's SMB mount point for the network home directory is
-located when the user logs in for the first time. The LDAP server is
-consulted to look for the user's LDAP object and the sambaHomePath
-attribute is used if found. If it isn't found, the home directory
-path fetched from NSS is used instead. Assuming the path is of the
-form /site/server/directory/username, the second part is looked up in
-DNS and used to generate a SMB URL of the form
-smb://server.domain/username. This algorithm works for both Debian
-edu and the University of Oslo. Perhaps there are better attributes
-to use or a better algorithm that works for more sites, but this will
-do for now. :)</p>
-
-<p>This work should make it easier to integrate the Debian Edu clients
-into any LDAP/Kerberos infrastructure, and make the current setup even
-more flexible than before. I suspect it will also work for thin
-client servers, allowing one to easily set up LTSP and hook it into a
-existing network infrastructure, but I have not had time to test this
-yet.</p>
-
-<p>If you want to help out with implementing these things for Debian
-Edu, please contact us on debian-edu@lists.debian.org.</p>
+<p>Frikanalen og NUUG jobber for å få <a href="http://www.ted.com">TED
+talks</a> kringkastet på
+<a href="http://www.frikanalen.no/">Frikanalen</a>, for å gi et mer
+variert innhold på kanalen som i dag sendes på RiksTV, Lyse og
+Uninett. Før innslagene kan sendes må det lages norske undertekster,
+og dette her trengs det frivillige. Det er hundrevis av innslag, men
+mine favoritter er
+<a href="http://www.ted.com/talks/james_randi.html">James Randi</a> og
+<a href="http://www.ted.com/talks/lang/eng/michael_specter_the_danger_of_science_denial.html">Michael
+Specter</a>. Hvis du har litt tid til overs, bli med på å oversette
+TED-foredragene til norsk og få på plass undertekster. TED har
+allerede opplegg på plass for å håndtere oversettelser og
+undertekster. Registrer deg på
+<a href="http://www.ted.com/translate/forted">sidene til TED</a> i
+dag!</p>
+
+<p>NUUG holder også på å få alle opptakene fra NUUG-presentasjonene
+<a href="http://www.nuug.no/pub/video/frikanalen/frontpage.cgi?organization=NUUG">publisert
+på Frikanalen</a>. Foredrag på engelsk må også her tekstes og
+oversettes. Ta kontakt med video@nuug.no hvis du vil bidra med
+teksting og oversetting. Arbeidet koordineres på epostlisten og på
+IRC (#nuug-video på irc.oftc.org), og <a
+href="http://wiki.nuug.no/grupper/video/frikanalen">en wikiside</a>
+brukes som notatblokk for arbeidet. Mest lovende verktøy for dette
+ser i dag ut til å være
+<a href="http://universalsubtitles.org/">Universal Subtitles</a>, som
+lar en bidra med teksting via en nettleser.</p>
- Testing if a file system can be used for home directories...
- http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
- http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
- Sun, 8 Aug 2010 21:20:00 +0200
+ Bilkollektivet vil ha retten til å se hvor jeg kjører...
+ http://people.skolelinux.org/pere/blog/Bilkollektivet_vil_ha_retten_til____se_hvor_jeg_kj__rer___.html
+ http://people.skolelinux.org/pere/blog/Bilkollektivet_vil_ha_retten_til____se_hvor_jeg_kj__rer___.html
+ Thu, 23 Sep 2010 11:55:00 +0200
-<p>A few years ago, I was involved in a project planning to use
-Windows file servers as home directory servers for Debian
-Edu/Skolelinux machines. This was thought to be no problem, as the
-access would be through the SMB network file system protocol, and we
-knew other sites used SMB with unix and samba as the file server to
-mount home directories without any problems. But, after months of
-struggling, we had to conclude that our goal was impossible.</p>
-
-<p>The reason is simply that while SMB can be used for home
-directories when the file server is Samba running on Unix, this only
-work because of Samba have some extensions and the fact that the
-underlying file system is a unix file system. When using a Windows
-file server, the underlying file system do not have POSIX semantics,
-and several programs will fail if the users home directory where they
-want to store their configuration lack POSIX semantics.</p>
-
-<p>As part of this work, I wrote a small C program I want to share
-with you all, to replicate a few of the problematic applications (like
-OpenOffice.org and GCompris) and see if the file system was working as
-it should. If you find yourself in spooky file system land, it might
-help you find your way out again. This is the fs-test.c source:</p>
-
-<pre>
-/*
- * Some tests to check the file system sematics. Used to verify that
- * CIFS from a windows server do not work properly as a linux home
- * directory.
- * License: GPL v2 or later
- *
- * needs libsqlite3-dev and build-essential installed
- * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
-*/
-
-#define _FILE_OFFSET_BITS 64
-#define _LARGEFILE_SOURCE 1
-#define _LARGEFILE64_SOURCE 1
-
-#define _GNU_SOURCE /* for asprintf() */
-
-#include <errno.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#ifdef TEST_SQLITE
-/*
- * Test sqlite open, as done by gcompris require the libsqlite3-dev
- * package and linking with -lsqlite3. A more low level test is
- * below.
- * See also <URL: http://www.sqlite.org./faq.html#q5 >.
- */
-#include <sqlite3.h>
-#define CREATE_TABLE_USERS \
- "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
-int test_sqlite_open(void) {
- char *zErrMsg;
- char *name = "testsqlite.db";
- sqlite3 *db=NULL;
- unlink(name);
- int rc = sqlite3_open(name, &db);
- if( rc ){
- printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
- sqlite3_close(db);
- return -1;
- }
-
- /* create tables */
- rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL, 0, &zErrMsg);
- if( rc != SQLITE_OK ){
- printf("error: sqlite table create failed: %s\n", zErrMsg);
- sqlite3_close(db);
- return -1;
- }
- printf("info: sqlite worked\n");
- sqlite3_close(db);
- return 0;
-}
-#endif /* TEST_SQLITE */
-
-/*
- * Demonstrate locking issue found in gcompris using sqlite3. This
- * work with ext3, but not with cifs server on Windows 2003. This is
- * done in the sqlite3 library.
- * See also
- * <URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
- * POSIX specification
- * <URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
- */
-int test_gcompris_locking(void) {
- struct flock fl;
- char *name = "testsqlite.db";
- unlink(name);
- int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
- printf("info: testing fcntl locking\n");
-
- fl.l_whence = SEEK_SET;
- fl.l_pid = getpid();
- printf(" Read-locking 1 byte from 1073741824");
- fl.l_start = 1073741824;
- fl.l_len = 1;
- fl.l_type = F_RDLCK;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- printf(" Read-locking 510 byte from 1073741826");
- fl.l_start = 1073741826;
- fl.l_len = 510;
- fl.l_type = F_RDLCK;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- printf(" Unlocking 1 byte from 1073741824");
- fl.l_start = 1073741824;
- fl.l_len = 1;
- fl.l_type = F_UNLCK;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- printf(" Write-locking 1 byte from 1073741824");
- fl.l_start = 1073741824;
- fl.l_len = 1;
- fl.l_type = F_WRLCK;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- printf(" Write-locking 510 byte from 1073741826");
- fl.l_start = 1073741826;
- fl.l_len = 510;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- printf(" Unlocking 2 byte from 1073741824");
- fl.l_start = 1073741824;
- fl.l_len = 2;
- fl.l_type = F_UNLCK;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- close(fd);
- return 0;
-}
-
-/*
- * Test if permissions of freshly created directories allow entries
- * below them. This was a problem with OpenOffice.org and gcompris.
- * Mounting with option 'sync' seem to solve this problem while
- * slowing down file operations.
- */
-int test_subdirectory_creation(void) {
-#define LEVELS 5
- char *path = strdup("test");
- char *dirs[LEVELS];
- int level;
- printf("info: testing subdirectory creation\n");
- for (level = 0; level < LEVELS; level++) {
- char *newpath = NULL;
- if (-1 == mkdir(path, 0777)) {
- printf(" error: Unable to create directory '%s': %s\n",
- path, strerror(errno));
- break;
- }
- asprintf(&newpath, "%s/%s", path, "test");
- free(path);
- path = newpath;
- }
- return 0;
-}
-
-/*
- * Test if symlinks can be created. This was a problem detected with
- * KDE.
- */
-int test_symlinks(void) {
- printf("info: testing symlink creation\n");
- unlink("symlink");
- if (-1 == symlink("file", "symlink"))
- printf(" error: Unable to create symlink\n");
- return 0;
-}
-
-int main(int argc, char **argv) {
- printf("Testing POSIX/Unix sematics on file system\n");
- test_symlinks();
- test_subdirectory_creation();
-#ifdef TEST_SQLITE
- test_sqlite_open();
-#endif /* TEST_SQLITE */
- test_gcompris_locking();
- return 0;
-}
-</pre>
-
-<p>When everything is working, it should print something like
-this:</p>
-
-<pre>
-Testing POSIX/Unix sematics on file system
-info: testing symlink creation
-info: testing subdirectory creation
-info: sqlite worked
-info: testing fcntl locking
- Read-locking 1 byte from 1073741824
- Read-locking 510 byte from 1073741826
- Unlocking 1 byte from 1073741824
- Write-locking 1 byte from 1073741824
- Write-locking 510 byte from 1073741826
- Unlocking 2 byte from 1073741824
-</pre>
-
-<p>I do not remember the exact details of the problems we saw, but one
-of them was with locking, where if I remember correctly, POSIX allow a
-read-only lock to be upgraded to a read-write lock without unlocking
-the read-only lock (while Windows do not). Another was a bug in the
-CIFS/SMB client implementation in the Linux kernel where directory
-meta information would be wrong for a fraction of a second, making
-OpenOffice.org fail to create its deep directory tree because it was
-not allowed to create files in its freshly created directory.</p>
-
-<p>Anyway, here is a nice tool for your tool box, might you never need
-it. :)</p>
+<p>Jeg er med i
+<a href="http://www.bilkollektivet.no/">Bilkollektivet</a> her i Oslo,
+og har inntil i dag vært fornøyd med opplegget. I dag kom det brev
+fra bilkollektivet, der de forteller om nytt webopplegg og nye
+rutiner, og at de har tenkt å angripe min rett til å ferdes anonymt
+som bruker av Bilkollektivet. Det gjorde meg virkelig trist å
+lese.</p>
+
+<p>Brevet datert 2010-09-16 forteller at Bilkollektivet har tenkt å gå
+over til biler med "bilcomputer" og innebygget sporings-GPS som lar
+administrasjonen i bilkollektivet se hvor bilene er til en hver tid,
+noe som betyr at de også kan se hvor jeg kjører når jeg bruker
+Bilkollektivet.
+<a href="http://people.skolelinux.org/pere/blog/Anonym_ferdsel_er_en_menneskerett.html">Retten
+til å ferdes anonymt</a> er som tidligere nevnt viktig for meg, og jeg
+finner det uakseptabelt å måtte godta å bli radiomerket for å kunne
+bruke bil. Har ikke satt meg inn i hva som er historien for denne
+endringen, så jeg vet ikke om det er godkjent av
+f.eks. andelseiermøtet. Ser at
+<a href="http://www.bilkollektivet.no/bilbruksregler.26256.no.html">nye
+bilbruksregler</a> med følgende klausul ble vedtatt av styret
+2010-08-26:</p>
+
+<blockquote><p>Andelseier er med dette gjort kjent med at bilene er
+utstyrt med sporingsutstyr, som kan benyttes av Bilkollektivet til å
+spore biler som brukes utenfor gyldig reservasjon.</p></blockquote>
+
+<p>For meg er det prinsipielt uakseptabelt av Bilkollektivet å skaffe
+seg muligheten til å se hvor jeg befinner meg, og det er underordnet
+når informasjonen blir brukt og hvem som får tilgang til den. Får se
+om jeg har energi til å forsøke å endre planene til Bilkollektivet
+eller bare ser meg om etter alternativer.</p>
- Autodetecting Client setup for roaming workstations in Debian Edu
- http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html
- http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html
- Sat, 7 Aug 2010 14:45:00 +0200
+ Oppdatert kart over overvåkningskamera i Norge
+ http://people.skolelinux.org/pere/blog/Oppdatert_kart_over_overv__kningskamera_i_Norge.html
+ http://people.skolelinux.org/pere/blog/Oppdatert_kart_over_overv__kningskamera_i_Norge.html
+ Wed, 22 Sep 2010 20:50:00 +0200
-<p>A few days ago, I
-<a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">tried
-to install</a> a Roaming workation profile from Debian Edu/Squeeze
-while on the university network here at the University of Oslo, and
-noticed how much had to change to get it operational using the
-university infrastructure. It was fairly easy, but it occured to me
-that Debian Edu would improve a lot if I could get the client to
-connect without any changes at all, and thus let the client configure
-itself during installation and first boot to use the infrastructure
-around it. Now I am a huge step further along that road.</p>
-
-<p>With our current squeeze-test packages, I can select the roaming
-workstation profile and get a working laptop connecting to the
-university LDAP server for user and group and our active directory
-servers for Kerberos authentication. All this without any
-configuration at all during installation. My users home directory got
-a bookmark in the KDE menu to mount it via SMB, with the correct URL.
-In short, openldap and sssd is correctly configured. In addition to
-this, the client look for http://wpad/wpad.dat to configure a web
-proxy, and when it fail to find it no proxy settings are stored in
-/etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
-configured to look for the same wpad configuration and also do not use
-a proxy when at the university network. If the machine is moved to a
-network with such wpad setup, it would automatically use it when DHCP
-gave it a IP address.</p>
-
-<p>The LDAP server is located using DNS, by first looking for the DNS
-entry ldap.$domain. If this do not exist, it look for the
-_ldap._tcp.$domain SRV records and use the first one as the LDAP
-server. Next, it connects to the LDAP server and search all
-namingContexts entries for posixAccount or posixGroup objects, and
-pick the first one as the LDAP base. For Kerberos, a similar
-algorithm is used to locate the LDAP server, and the realm is the
-uppercase version of $domain.</p>
-
-<p>So, what is not working, you might ask. SMB mounting my home
-directory do not work. No idea why, but suspected the incorrect
-Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
-the cause. These are not properly configured during installation, and
-had to be hand-edited to get the correct Kerberos realm and server,
-but SMB mounting still do not work. :(</p>
-
-<p>With this automatic configuration in place, I expect a Debian Edu
-roaming profile installation would be able to automatically detect and
-connect to any site using LDAP and Kerberos for NSS directory and PAM
-authentication. It should also work out of the box in a Active
-Directory environment providing posixAccount and posixGroup objects
-with UID and GID values.</p>
-
-<p>If you want to help out with implementing these things for Debian
-Edu, please contact us on debian-edu@lists.debian.org.</p>
+<p>For ca. et og et halvt år siden
+<a href="http://people.skolelinux.org/pere/blog/Kart_over_overv__kningskamera_i_Norge.html">startet
+jeg på et kart over overvåkningskamera i Norge</a>, i regi av
+<a href="http://www.personvern.no/">personvernforeningen</a>. Det har
+blitt oppdatert regelmessing, og jeg oppdaterte det nettopp. Fra den
+spede start med 22 kamera registrert er det nå registrert 54 kamera.
+Det er bare en brøkdel av de kamera som finnes i Norge, men det går
+sakte men sikkert i riktig retning.</p>
+
+<p>Informasjonen registreres fortsatt direkte inn i
+<a href="http://www.openstreetmap.org/">OpenStreetmap</a>, og hentes
+automatisk over i
+<a href="http://people.skolelinux.no/pere/surveillance-norway/">spesialkartet</a>
+når jeg kjører et script for å filtrere ut overvåkningskamera fra
+OSM-dumpen for Norge.</p>
- Debian Edu roaming workstation - at the university of Oslo
- http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
- http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
- Tue, 3 Aug 2010 23:30:00 +0200
+ Anonym ferdsel er en menneskerett
+ http://people.skolelinux.org/pere/blog/Anonym_ferdsel_er_en_menneskerett.html
+ http://people.skolelinux.org/pere/blog/Anonym_ferdsel_er_en_menneskerett.html
+ Wed, 15 Sep 2010 12:15:00 +0200
-<p>The new roaming workstation profile in Debian Edu/Squeeze is fairly
-similar to the laptop setup am I working on using Ubuntu for the
-University of Oslo, and just for the heck of it, I tested today how
-hard it would be to integrate that profile into the university
-infrastructure. In this case, it is the university LDAP server,
-Active Directory Kerberos server and SMB mounting from the Netapp file
-servers.</p>
-
-<p>I was pleasantly surprised that the only three files needed to be
-changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
-/etc/mklocaluser.d/20-debian-edu-config) and one file had to be added
-(/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
-Most of the changes were to get the client to use the university LDAP
-for NSS and Kerberos server for PAM, but one was to change a hard
-coded DNS domain name in the mklocaluser hook from .intern to
-.uio.no.</p>
-
-<p>This testing was so encouraging, that I went ahead and adjusted the
-Debian Edu scripts and setup in subversion to centralise the roaming
-workstation setup a bit more and avoid the hardcoded DNS domain name,
-so that when I test this tomorrow, I expect to get away with modifying
-only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
-university servers.</p>
-
-<p>My goal is to get the clients to have no hardcoded settings and
-fetch all their initial setup during installation and first boot, to
-allow them to be inserted also into environments where the default
-setup in Debian Edu has been changed or as with the university, where
-the environment is different but provides the protocols Debian Edu
-uses.</p>
+<p>Debatten rundt sporveiselskapet i Oslos (Ruter AS) ønske om
+<a href="http://www.aftenposten.no/nyheter/iriks/article3808135.ece">Ã¥
+radiomerke med RFID</a> alle sine kunder og
+<a href="http://www.aftenposten.no/nyheter/article3809746.ece">registerere
+hvor hver og en av oss beveger oss</a> pågår, og en ting som har
+kommet lite frem i debatten er at det faktisk er en menneskerett å
+kunne ferdes anonymt internt i ens eget land.</p>
+
+<p>Fant en grei kilde for dette i et
+<a href="http://www.datatilsynet.no/upload/Microsoft%20Word%20-%2009-01399-2%20H+%C2%A9ringsnotat%20-%20Samferdselsdepartementet%20-%20Utkas%C3%94%C3%87%C2%AA.pdf">skriv
+fra Datatilsynet</a> til Samferdselsdepartementet om tema:</p>
+
+<blockquote><p>Retten til å ferdes anonymt kan utledes av
+menneskerettskonvensjonen artikkel 8 og av EUs personverndirektiv.
+Her heter det at enkeltpersoners grunnleggende rettigheter og frihet
+må respekteres, særlig retten til privatlivets fred. I både
+personverndirektivet og i den norske personopplysningsloven er
+selvråderetten til hver enkelt et av grunnprinsippene, hovedsaklig
+uttrykt ved at en må gi et frivillig, informert og uttrykkelig
+samtykke til behandling av personopplysninger.</p></blockquote>
+
+<p>For meg er det viktig at jeg kan ferdes anonymt, og det er litt av
+bakgrunnen til at jeg handler med kontanter, ikke har mobiltelefon og
+forventer å kunne reise med bil og kollektivtrafikk uten at det blir
+registrert hvor jeg har vært. Ruter angriper min rett til å ferdes
+uten radiopeiler med sin innføring av RFID-kort, og dokumenterer sitt
+ønske om å registrere hvor kundene befant seg ved å ønske å gebyrlegge
+oss som ikke registrerer oss hver gang vi beveger oss med
+kollektivtrafikken i Oslo. Jeg synes det er hårreisende.</p>
- Circular package dependencies harms apt recovery
- http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html
- http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html
- Tue, 27 Jul 2010 23:50:00 +0200
+ Terms of use for video produced by a Canon IXUS 130 digital camera
+ http://people.skolelinux.org/pere/blog/Terms_of_use_for_video_produced_by_a_Canon_IXUS_130_digital_camera.html
+ http://people.skolelinux.org/pere/blog/Terms_of_use_for_video_produced_by_a_Canon_IXUS_130_digital_camera.html
+ Thu, 9 Sep 2010 23:55:00 +0200
-<p>I discovered this while doing
-<a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">automated
-testing of upgrades from Debian Lenny to Squeeze</a>. A few packages
-in Debian still got circular dependencies, and it is often claimed
-that apt and aptitude should be able to handle this just fine, but
-some times these dependency loops causes apt to fail.</p>
-
-<p>An example is from todays
-<a href="http://people.skolelinux.org/~pere/debian-upgrade-testing//test-20100727-lenny-squeeze-kde-aptitude.txt">upgrade
-of KDE using aptitude</a>. In it, a bug in kdebase-workspace-data
-causes perl-modules to fail to upgrade. The cause is simple. If a
-package fail to unpack, then only part of packages with the circular
-dependency might end up being unpacked when unpacking aborts, and the
-ones already unpacked will fail to configure in the recovery phase
-because its dependencies are unavailable.</p>
-
-<p>In this log, the problem manifest itself with this error:</p>
+<p>A few days ago I had the mixed pleasure of bying a new digital
+camera, a Canon IXUS 130. It was instructive and very disturbing to
+be able to verify that also this camera producer have the nerve to
+specify how I can or can not use the videos produced with the camera.
+Even thought I was aware of the issue, the options with new cameras
+are limited and I ended up bying the camera anyway. What is the
+problem, you might ask? It is software patents, MPEG-4, H.264 and the
+MPEG-LA that is the problem, and our right to record our experiences
+without asking for permissions that is at risk.
+
+<p>On page 27 of the Danish instruction manual, this section is
+written:</p>
-<blockquote><pre>
-dpkg: dependency problems prevent configuration of perl-modules:
- perl-modules depends on perl (>= 5.10.1-1); however:
- Version of perl on system is 5.10.0-19lenny2.
-dpkg: error processing perl-modules (--configure):
- dependency problems - leaving unconfigured
-</pre></blockquote>
-
-<p>The perl/perl-modules circular dependency is already
-<a href="http://bugs.debian.org/527917">reported as a bug</a>, and will
-hopefully be solved as soon as possible, but it is not the only one,
-and each one of these loops in the dependency tree can cause similar
-failures. Of course, they only occur when there are bugs in other
-packages causing the unpacking to fail, but it is rather nasty when
-the failure of one package causes the problem to become worse because
-of dependency loops.</p>
-
-<p>Thanks to
-<a href="http://lists.debian.org/debian-devel/2010/06/msg00116.html">the
-tireless effort by Bill Allombert</a>, the number of circular
-dependencies
-<a href="http://debian.semistable.com/debgraph.out.html">left in Debian
-is dropping</a>, and perhaps it will reach zero one day. :)</p>
+<blockquote>
+<p>This product is licensed under AT&T patents for the MPEG-4 standard
+and may be used for encoding MPEG-4 compliant video and/or decoding
+MPEG-4 compliant video that was encoded only (1) for a personal and
+non-commercial purpose or (2) by a video provider licensed under the
+AT&T patents to provide MPEG-4 compliant video.</p>
+
+<p>No license is granted or implied for any other use for MPEG-4
+standard.</p>
+</blockquote>
-<p>Todays testing also exposed a bug in
-<a href="http://bugs.debian.org/590605">update-notifier</a> and
-<a href="http://bugs.debian.org/590604">different behaviour</a> between
-apt-get and aptitude, the latter possibly caused by some circular
-dependency. Reported both to BTS to try to get someone to look at
-it.</p>
+<p>In short, the camera producer have chosen to use technology
+(MPEG-4/H.264) that is only provided if I used it for personal and
+non-commercial purposes, or ask for permission from the organisations
+holding the knowledge monopoly (patent) for technology used.</p>
+
+<p>This issue has been brewing for a while, and I recommend you to
+read
+"<a href="http://www.osnews.com/story/23236/Why_Our_Civilization_s_Video_Art_and_Culture_is_Threatened_by_the_MPEG-LA">Why
+Our Civilization's Video Art and Culture is Threatened by the
+MPEG-LA</a>" by Eugenia Loli-Queru and
+"<a href="http://webmink.com/2010/09/03/h-264-and-foss/">H.264 Is Not
+The Sort Of Free That Matters</a>" by Simon Phipps to learn more about
+the issue. The solution is to support the
+<a href="http://www.digistan.org/open-standard:definition">free and
+open standards</a> for video, like <a href="http://www.theora.org/">Ogg
+Theora</a>, and avoid MPEG-4 and H.264 if you can.</p>
- First Debian Edu test release (alpha0) based on Squeeze is released
- http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html
- http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html
- Tue, 27 Jul 2010 17:45:00 +0200
+ Navteq bruker 3-12 måneder, OpenStreetmap.org trenger noen dager
+ http://people.skolelinux.org/pere/blog/Navteq_bruker_3_12_m__neder__OpenStreetmap_org_trenger_noen_dager.html
+ http://people.skolelinux.org/pere/blog/Navteq_bruker_3_12_m__neder__OpenStreetmap_org_trenger_noen_dager.html
+ Tue, 7 Sep 2010 21:40:00 +0200
-<p>I just posted this announcement culminating several months of work
-with the next Debian Edu release. Not nearly done, but one major step
-completed.</p>
-
-<blockquote>
-<p>This is the first test release based on Squeeze. The focus of this
-release is to test the user application selection. To have a look,
-install the standalone profile and let the developers know if the set
-of installed packages i.e. applications should be modified. If some
-user application is missing, or if there are some applications that no
-longer make sense to be included in Debian Edu, please let us know.
-Also, if a useful application is missing the translation for your
-language of choice, please let us know too.</p>
-
-<p>In addition, feedback and help to polish the desktop (menus,
-artwork, starters, etc.) is appreciated. We would like to ship a nice
-and handy KDE4 desktop targeted for schools out of the box.</p>
-
-<p>The other profiles should be installable, but there is a lot more
-work left to be done before they are ready, so do not expect to
-much.</p>
-
-<p>Changes compared to the lenny based version</p>
-
-<ul>
-<li>Everything from Debian Squeeze
-<ul>
- <li>Desktop environment KDE 4.4 => the new KDE desktop in
- combination with some new artwork
- <li>Web browser Iceweasel 3.5
- <li>OpenOffice.org 3.2
- <li>Educational toolbox GCompris 9.3
- <li>Music creator Rosegarden 10.04.2
- <li>Image editor Gimp 2.6.10
- <li>Virtual universe Celestia 1.6.0
- <li>Virtual stargazer Stellarium 0.10.4
- <li>3D modeler Blender 2.49.2 (new application)
- <li>Video editor Kdenlive 0.7.7 (new application)
-</ul></li>
-<li>Now using Kerberos for password checking (migration not finished).
- Enabled for:
-<ul>
- <li>PAM
- <li>LDAP
- <li>IMAP
- <li>SMTP (sender verification)
-</ul>
-</li>
-<li>New experimental roaming workstation profile for laptops.</li>
-<li>Show welcome page to users when they first log in. The URL is
- fetched from LDAP.</li>
-<li>New LXDE desktop option, in addition to KDE (default) and Gnome.</li>
-<li>General cleanup (not finished)</li>
-</ul>
-<p>The following features are not working as they should</p>
-
-<ul>
-<li>No web based administration tool for creating users and groups. The
- scripts ldap-createuser-krb and ldap-add-user-to-group can be used
- for testing.</li>
-<li>DVD installs are missing debian-installer images for the PXE boot,
- and do not set up the PXE menu on eth0 because of this. LTSP
- clients should still boot from eth1 on thin client servers.</li>
-<li>The restructured KDE menu is not implemented.</li>
-<li>The LDAP server setup need to be reviewed for security.</li>
-<li>The LDAP directory structure need to be reworked.</li>
-<li>Different sets of packages are installed when using the DVD and the
- netinst CD. More packages are installed using the netinst CD.</li>
-<li>The jackd package fail to install. This is believed to be caused by
- some ongoing transition, and hopefully should be solved soon. The
- jackd1 package can be installed manually for those that need it.</li>
-<li>Some packages lack translations. See
- http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status,
- and help out with translations.</li>
-</ul>
-
-<p>To download this multiarch netinstall release you can use</p>
-
-<ul>
-<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
-<li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
-<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</li>
-</ul>
-<p>To download this multiarch dvd release you can use</p>
-
-<ul>
-<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
-<li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
-<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</li>
-</ul>
-
-<p>There is no source DVD available yet. It will be prepared when we
-get closer to the final release.</p>
-
-<p>The MD5SUM of these images are</p>
-
-<ul>
-<li>3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-6.0.0+edua0-CD.iso</li>
-<li>22f2cbfce281d1c6e478be452638675d debian-edu-6.0.0+edua0-DVD.iso</li>
-</ul>
-
-<p>The SHA1SUM of these images are</p>
-<ul>
-<li>c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-6.0.0+edua0-CD.iso</li>
-<li>2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-6.0.0+edua0-DVD.iso</li>
-</ul>
-<p>How to report bugs:
-http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla</p>
-
-<p>Please direct replies to debian-edu@lists.debian.org</p>
-</blockquote>
+<p>Jeg ble riktig fascinert av
+<a href="http://www.aftenposten.no/nyheter/iriks/article3800967.ece">en
+artikkel i Aftenposten</a> om hvor hardt Navteq jobber for å oppdatere
+kartene som brukes i navigasjons-GPSer, der det blant annet heter at
+"på grunn av teknikken tar det alt fra tre til tolv måneder før
+kartene er oppdatert". NÃ¥r en kjenner hva slags oppdateringshastighet
+som er tilgjengelig på
+<a href="http://www.openstreetmap.org/">OpenStreetmap</a> som
+oppdateres på dugnad, blir det litt trist å se hva noe av det beste en
+kan kjøpe for penger får til.</p>
+
+<p>Fra en endrer kartdataene i databasen til OpenStreetmap tar det
+ca. 15 minutter før endringen er synlig på kartet som alle kan se på
+web. Dernest overføres det daglig til en kartdump som lastes ned av
+personen som lager Garmin-kart for Norge ca. en gang i uken. Med
+OpenStreetmap.org og <a href="http://www.frikart.no/">Frikart.no</a>
+kan en altså ha korreksjonene på plass i sin Garmin-GPS i løpet av en
+uke. Det er også av tekniske årsaker at det tar så langt tid.
+Jobbene som tegner kartene, henter ut kartdumpene og konverterer til
+Garmin-format tar minutter og timer å gjennomføre, slik at de ikke
+gjøres kontinuerlig men kun regelmessing.</p>
- One step closer to single signon in Debian Edu
- http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html
- http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html
- Sun, 25 Jul 2010 10:00:00 +0200
+ Some notes on Flash in Debian and Debian Edu
+ http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html
+ http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html
+ Sat, 4 Sep 2010 10:10:00 +0200
-<p>The last few months me and the other Debian Edu developers have
-been working hard to get the Debian/Squeeze based version of Debian
-Edu/Skolelinux into shape. This future version will use Kerberos for
-authentication, and services are slowly migrated to single signon,
-getting rid of password questions one at the time.</p>
-
-<p>It will also feature a roaming workstation profile with local home
-directory, for laptops that are only some times on the Skolelinux
-network, and for this profile a shortcut is created in Gnome and KDE
-to gain access to the users home directory on the file server. This
-shortcut uses SMB at the moment, and yesterday I had time to test if
-SMB mounting had started working in KDE after we added the cifs-utils
-package. I was pleasantly surprised how well it worked.</p>
-
-<p>Thanks to the recent changes to our samba configuration to get it
-to use Kerberos for authentication, there were no question about user
-password when mounting the SMB volume. A simple click on the shortcut
-in the KDE menu, and a window with the home directory popped
-up. :)</p>
-
-<p>One step closer to a single signon solution out of the box in
-Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now
-also Samba. Next step is Cups and hopefully also NFS.</p>
-
-<p>We had planned a alpha0 release of Debian Edu for today, but thanks
-to the autobuilder administrators for some architectures being slow to
-sign packages, we are still missing the fixed LTSP package we need for
-the release. It was uploaded three days ago with urgency=high, and if
-it had entered testing yesterday we would have been able to test it in
-time for a alpha0 release today. As the binaries for ia64 and powerpc
-still not uploaded to the Debian archive, we need to delay the alpha
-release another day.</p>
-
-<p>If you want to help out with implementing Kerberos for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>In the <a href="http://popcon.debian.org/unknown/by_vote">Debian
+popularity-contest numbers</a>, the adobe-flashplugin package the
+second most popular used package that is missing in Debian. The sixth
+most popular is flashplayer-mozilla. This is a clear indication that
+working flash is important for Debian users. Around 10 percent of the
+users submitting data to popcon.debian.org have this package
+installed.</p>
+
+<p>In the report written by Lars Risan in August 2008
+(«<a href="http://wiki.skolelinux.no/Dokumentasjon/Rapporter?action=AttachFile&do=view&target=Skolelinux_i_bruk_rapport_1.0.pdf">Skolelinux
+i bruk â Rapport for Hurum kommune, Universitetet i Agder og
+stiftelsen SLX Debian Labs</a>»), one of the most important problems
+schools experienced with <a href="http://www.skolelinux.org/">Debian
+Edu/Skolelinux</a> was the lack of working Flash. A lot of educational
+web sites require Flash to work, and lacking working Flash support in
+the web browser and the problems with installing it was perceived as a
+good reason to stay with Windows.</p>
+
+<p>I once saw a funny and sad comment in a web forum, where Linux was
+said to be the retarded cousin that did not really understand
+everything you told him but could work fairly well. This was a
+comment regarding the problems Linux have with proprietary formats and
+non-standard web pages, and is sad because it exposes a fairly common
+understanding of whose fault it is if web pages that only work in for
+example Internet Explorer 6 fail to work on Firefox, and funny because
+it explain very well how annoying it is for users when Linux
+distributions do not work with the documents they receive or the web
+pages they want to visit.</p>
+
+<p>This is part of the reason why I believe it is important for Debian
+and Debian Edu to have a well working Flash implementation in the
+distribution, to get at least popular sites as Youtube and Google
+Video to working out of the box. For Squeeze, Debian have the chance
+to include the latest version of Gnash that will make this happen, as
+the new release 0.8.8 was published a few weeks ago and is resting in
+unstable. The new version work with more sites that version 0.8.7.
+The Gnash maintainers have asked for a freeze exception, but the
+release team have not had time to reply to it yet. I hope they agree
+with me that Flash is important for the Debian desktop users, and thus
+accept the new package into Squeeze.</p>
- Digitale restriksjonsmekanismer fikk meg til å slutte å kjøpe musikk
- http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html
- http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html
- Thu, 22 Jul 2010 23:50:00 +0200
+ My first perl GUI application - controlling a Spykee robot
+ http://people.skolelinux.org/pere/blog/My_first_perl_GUI_application___controlling_a_Spykee_robot.html
+ http://people.skolelinux.org/pere/blog/My_first_perl_GUI_application___controlling_a_Spykee_robot.html
+ Wed, 1 Sep 2010 21:00:00 +0200
-<p>For mange år siden slutte jeg å kjøpe musikk-CDer. à rsaken var at
-musikkbransjen var godt i gang med å selge platene sine med DRM som
-gjorde at jeg ikke fikk spilt av musikken jeg kjøpte på utstyret jeg
-hadde tilgjengelig, dvs. min datamaskin. Det var umulig å se på en
-plate om den var ødelagt eller ikke, og jeg hadde jo allerede en
-anseelig samling med plater, så jeg bestemme meg for å slutte å gi
-penger til en bransje som åpenbart ikke respekterte meg.</p>
-
-<p>Jeg har mange titalls dager med musikk på CD i dag. Det meste er
-lagt i et stort arkiv som kan spilles av fra husets datamaskiner (har
-ikke rukket rippe alt). Jeg ser dermed ikke behovet for å skaffe mer
-musikk. De fleste av mine favoritter er i hus, og jeg er dermed godt
-fornøyd.</p>
-
-<p>Hvis musikkbransjen ønsker mine penger, så må de demonstrere at de
-setter pris på meg som kunde, og ikke skremme meg bort med DRM og
-antydninger om at kundene er kriminelle.</p>
-
-<p>Filmbransjen er like ille, men mens musikk gjerne varer lenge, er
-filmer mer ferskvare. Har dermed ikke helt sluttet å kjøpe filmer, men
-holder meg til DVD-filmer som kan spilles av på mine Linuxbokser.
-Kommer neppe til å ta i bruk Blueray, og ei heller de nye DRM-greiene
-«Ultraviolet» som be annonsert her om dagen.</p>
+<p>This evening I made my first Perl GUI application. The last few
+days I have worked on a Perl module for controlling my recently
+aquired Spykee robots, and the module is now getting complete enought
+that it is possible to use it to control the robot driving at least.
+It was now time to figure out how to use it to create some GUI to
+allow me to drive the robot around. I picked PerlQt as I have had
+positive experiences with the Qt API before, and spent a few minutes
+browsing the web for examples. Using Qt Designer seemed like a short
+cut, so I ended up writing the perl GUI using Qt Designer and
+compiling it into a perl program using the puic program from
+libqt-perl. Nothing fancy yet, but it got buttons to connect and
+drive around.</p>
+
+<p>The perl module I have written provide a object oriented API for
+controlling the robot. Here is an small example on how to use it:</p>
+
+<p><pre>
+use Spykee;
+Spykee::discover(sub {$robot{$_[0]} = $_[1]});
+my $host = (keys %robot)[0];
+my $spykee = Spykee->new();
+$spykee->contact($host, "admin", "admin");
+$spykee->left();
+sleep 2;
+$spykee->right();
+sleep 2;
+$spykee->forward();
+sleep 2;
+$spykee->back();
+sleep 2;
+$spykee->stop();
+</pre></p>
+
+<p>Thanks to the release of the source of the robot firmware, I could
+peek into the implementation at the other end to figure out how to
+implement the protocol used by the robot. I've implemented several of
+the commands the robot understand, but is still missing the camera
+support to make it possible to control the robot from remote. First I
+want to implement support for uploading new firmware and configuring
+the wireless network, to make it possible to bootstrap a Spykee robot
+without the producers Windows and MacOSX software (I only have Linux,
+so I had to ask a friend to come over to get the robot testing
+going. :).</p>
+
+<p>Will release the source to the public soon, but need to figure out
+where to make it available first. I will add a link to
+<a href="http://wiki.nuug.no/grupper/robot/">the NUUG wiki</a> for
+those that want to check back later to find it.</p>
- OpenStreetmap one step closer to having routing on its front page
- http://people.skolelinux.org/pere/blog/OpenStreetmap_one_step_closer_to_having_routing_on_its_front_page.html
- http://people.skolelinux.org/pere/blog/OpenStreetmap_one_step_closer_to_having_routing_on_its_front_page.html
- Sun, 18 Jul 2010 16:45:00 +0200
+ Forslag i stortinget om å stoppe elektronisk stemmegiving i Norge
+ http://people.skolelinux.org/pere/blog/Forslag_i_stortinget_om____stoppe_elektronisk_stemmegiving_i_Norge.html
+ http://people.skolelinux.org/pere/blog/Forslag_i_stortinget_om____stoppe_elektronisk_stemmegiving_i_Norge.html
+ Tue, 31 Aug 2010 21:00:00 +0200
-<p>Thanks to
-<a href="http://feedproxy.google.com/~r/Opengeodata/~3/wUTCzDZk3lc/project-of-the-week-which-way-home">todays
-opengeodata blog entry</a>, I just discovered that the
-OpenStreetmap.org site have gotten
-<a href="http://nroets.dev.openstreetmap.org/demo/index.html?layers=B000FTFTT">support
-for calculating routes</a>. The support is still experimental and
-only available from the development server, until more experience is
-gathered on the user interface and any scalability issues.</p>
-
-<p>Earlier, the routing I knew about using the OpenStreetmap.org data
-was provided by <a href="http://maps.cloudmade.com/">Cloudmade</a>,
-but having it on the main page is required to make everyone aware of
-the issue. I've had people reject Openstreetmap.org as a viable
-alternative for them because the front page lacked routing support,
-and I hope their needs will be catered for when routing show up on the
-www.openstreetmap.org front page.</p>
+<p>Ble tipset i dag om at et forslag om å stoppe forsøkene med
+elektronisk stemmegiving utenfor valglokaler er
+<a href="http://www.stortinget.no/no/Saker-og-publikasjoner/Saker/Sak/?p=46616">til
+behandling</a> i Stortinget.
+<a href="http://www.stortinget.no/Global/pdf/Representantforslag/2009-2010/dok8-200910-128.pdf">Forslaget</a>
+er fremmet av Erna Solberg, Michael Tetzschner og Trond Helleland.</p>
+
+<p>Håper det får flertall.</p>
- What are they searching for - PowerDNS and ISC DHCP in LDAP
- http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html
- http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html
- Sat, 17 Jul 2010 21:00:00 +0200
+ Broken hard link handling with sshfs
+ http://people.skolelinux.org/pere/blog/Broken_hard_link_handling_with_sshfs.html
+ http://people.skolelinux.org/pere/blog/Broken_hard_link_handling_with_sshfs.html
+ Mon, 30 Aug 2010 19:30:00 +0200
-<p>This is a
-<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">followup</a>
-on my
-<a href="http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html">previous
-work</a> on
-<a href="http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html">merging
-all</a> the computer related LDAP objects in Debian Edu.</p>
-
-<p>As a step to try to see if it possible to merge the DNS and DHCP
-LDAP objects, I have had a look at how the packages pdns-backend-ldap
-and dhcp3-server-ldap in Debian use the LDAP server. The two
-implementations are quite different in how they use LDAP.</p>
-
-To get this information, I started slapd with debugging enabled and
-dumped the debug output to a file to get the LDAP searches performed
-on a Debian Edu main-server. Here is a summary.
-
-<p><strong>powerdns</strong></p>
-
-<a href="http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend">Clues
-on how to</a> set up PowerDNS to use a LDAP backend is available on
-the web.
-
-<p>PowerDNS have two modes of operation using LDAP as its backend.
-One "strict" mode where the forward and reverse DNS lookups are done
-using the same LDAP objects, and a "tree" mode where the forward and
-reverse entries are in two different subtrees in LDAP with a structure
-based on the DNS names, as in tjener.intern and
-2.2.0.10.in-addr.arpa.</p>
-
-<p>In tree mode, the server is set up to use a LDAP subtree as its
-base, and uses a "base" scoped search for the DNS name by adding
-"dc=tjener,dc=intern," to the base with a filter for
-"(associateddomain=tjener.intern)" for the forward entry and
-"dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa," with a filter for
-"(associateddomain=2.2.0.10.in-addr.arpa)" for the reverse entry. For
-forward entries, it is looking for attributes named dnsttl, arecord,
-nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord,
-txtrecord, rprecord, afsdbrecord, keyrecord, aaaarecord, locrecord,
-srvrecord, naptrrecord, kxrecord, certrecord, dsrecord, sshfprecord,
-ipseckeyrecord, rrsigrecord, nsecrecord, dnskeyrecord, dhcidrecord,
-spfrecord and modifytimestamp. For reverse entries it is looking for
-the attributes dnsttl, arecord, nsrecord, cnamerecord, soarecord,
-ptrrecord, hinforecord, mxrecord, txtrecord, rprecord, aaaarecord,
-locrecord, srvrecord, naptrrecord and modifytimestamp. The equivalent
-ldapsearch commands could look like this:</p>
-
-<blockquote><pre>
-ldapsearch -h ldap \
- -b dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no \
- -s base -x '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
- cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
- rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
- nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
- rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-
-ldapsearch -h ldap \
- -b dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no \
- -s base -x '(associateddomain=2.2.0.10.in-addr.arpa)'
- dnsttl, arecord, nsrecord, cnamerecord soarecord ptrrecord \
- hinforecord mxrecord txtrecord rprecord aaaarecord locrecord \
- srvrecord naptrrecord modifytimestamp
-</pre></blockquote>
-
-<p>In Debian Edu/Lenny, the PowerDNS tree mode is used with
-ou=hosts,dc=skole,dc=skolelinux,dc=no as the base, and these are two
-example LDAP objects used there. In addition to these objects, the
-parent objects all th way up to ou=hosts,dc=skole,dc=skolelinux,dc=no
-also exist.</p>
-
-<blockquote><pre>
-dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
-objectclass: top
-objectclass: dnsdomain
-objectclass: domainrelatedobject
-dc: tjener
-arecord: 10.0.2.2
-associateddomain: tjener.intern
-
-dn: dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
-objectclass: top
-objectclass: dnsdomain2
-objectclass: domainrelatedobject
-dc: 2
-ptrrecord: tjener.intern
-associateddomain: 2.2.0.10.in-addr.arpa
-</pre></blockquote>
-
-<p>In strict mode, the server behaves differently. When looking for
-forward DNS entries, it is doing a "subtree" scoped search with the
-same base as in the tree mode for a object with filter
-"(associateddomain=tjener.intern)" and requests the attributes dnsttl,
-arecord, nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord,
-mxrecord, txtrecord, rprecord, aaaarecord, locrecord, srvrecord,
-naptrrecord and modifytimestamp. For reverse entires it also do a
-subtree scoped search but this time the filter is "(arecord=10.0.2.2)"
-and the requested attributes are associateddomain, dnsttl and
-modifytimestamp. In short, in strict mode the objects with ptrrecord
-go away, and the arecord attribute in the forward object is used
-instead.</p>
+<p>Just got an email from Tobias Gruetzmacher as a followup on my
+<a href="http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html">previous
+post about sshfs</a>. He reported another problem with sshfs. It
+fail to handle hard links properly. A simple way to spot this is to
+look at the . and .. entries in the directory tree. These should have
+a link count >1, but on sshfs the count is 1. I just tested to see
+what happen when trying to hardlink, and this fail as well:</p>
-<p>The forward and reverse searches can be simulated using ldapsearch
-like this:</p>
-
-<blockquote><pre>
-ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
- '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
- cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
- rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
- nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
- rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-
-ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
- '(arecord=10.0.2.2)' associateddomain dnsttl modifytimestamp
-</pre></blockquote>
-
-<p>In addition to the forward and reverse searches , there is also a
-search for SOA records, which behave similar to the forward and
-reverse lookups.</p>
-
-<p>A thing to note with the PowerDNS behaviour is that it do not
-specify any objectclass names, and instead look for the attributes it
-need to generate a DNS reply. This make it able to work with any
-objectclass that provide the needed attributes.</p>
-
-<p>The attributes are normally provided in the cosine (RFC 1274) and
-dnsdomain2 schemas. The latter is used for reverse entries like
-ptrrecord and recent DNS additions like aaaarecord and srvrecord.</p>
-
-<p>In Debian Edu, we have created DNS objects using the object classes
-dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
-attributes) and domainrelatedobject (for associatedDomain). The use
-of structural object classes make it impossible to combine these
-classes with the object classes used by DHCP.</p>
-
-<p>There are other schemas that could be used too, for example the
-dnszone structural object class used by Gosa and bind-sdb for the DNS
-attributes combined with the domainrelatedobject object class, but in
-this case some unused attributes would have to be included as well
-(zonename and relativedomainname).</p>
-
-<p>My proposal for Debian Edu would be to switch PowerDNS to strict
-mode and not use any of the existing objectclasses (dnsdomain,
-dnsdomain2 and dnszone) when one want to combine the DNS information
-with DHCP information, and instead create a auxiliary object class
-defined something like this (using the attributes defined for
-dnsdomain and dnsdomain2 or dnszone):</p>
-
-<blockquote><pre>
-objectclass ( some-oid NAME 'dnsDomainAux'
- SUP top
- AUXILIARY
- MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
- DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
- TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
- NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
- A6Record $ DNAMERecord
- ))
-</pre></blockquote>
-
-<p>This will allow any object to become a DNS entry when combined with
-the domainrelatedobject object class, and allow any entity to include
-all the attributes PowerDNS wants. I've sent an email to the PowerDNS
-developers asking for their view on this schema and if they are
-interested in providing such schema with PowerDNS, and I hope my
-message will be accepted into their mailing list soon.</p>
-
-<p><strong>ISC dhcp</strong></p>
-
-<p>The DHCP server searches for specific objectclass and requests all
-the object attributes, and then uses the attributes it want. This
-make it harder to figure out exactly what attributes are used, but
-thanks to the working example in Debian Edu I can at least get an idea
-what is needed without having to read the source code.</p>
-
-<p>In the DHCP server configuration, the LDAP base to use and the
-search filter to use to locate the correct dhcpServer entity is
-stored. These are the relevant entries from
-/etc/dhcp3/dhcpd.conf:</p>
-
-<blockquote><pre>
-ldap-base-dn "dc=skole,dc=skolelinux,dc=no";
-ldap-dhcp-server-cn "dhcp";
-</pre></blockquote>
-
-<p>The DHCP server uses this information to nest all the DHCP
-configuration it need. The cn "dhcp" is located using the given LDAP
-base and the filter "(&(objectClass=dhcpServer)(cn=dhcp))". The
-search result is this entry:</p>
-
-<blockquote><pre>
-dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
-cn: dhcp
-objectClass: top
-objectClass: dhcpServer
-dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-</pre></blockquote>
-
-<p>The content of the dhcpServiceDN attribute is next used to locate the
-subtree with DHCP configuration. The DHCP configuration subtree base
-is located using a base scope search with base "cn=DHCP
-Config,dc=skole,dc=skolelinux,dc=no" and filter
-"(&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))".
-The search result is this entry:</p>
-
-<blockquote><pre>
-dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-cn: DHCP Config
-objectClass: top
-objectClass: dhcpService
-objectClass: dhcpOptions
-dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
-dhcpStatements: ddns-update-style none
-dhcpStatements: authoritative
-dhcpOption: smtp-server code 69 = array of ip-address
-dhcpOption: www-server code 72 = array of ip-address
-dhcpOption: wpad-url code 252 = text
-</pre></blockquote>
-
-<p>Next, the entire subtree is processed, one level at the time. When
-all the DHCP configuration is loaded, it is ready to receive requests.
-The subtree in Debian Edu contain objects with object classes
-top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
-top/dhcpSubnet, top/dhcpGroup and top/dhcpHost. These provide options
-and information about netmasks, dynamic range etc. Leaving out the
-details here because it is not relevant for the focus of my
-investigation, which is to see if it is possible to merge dns and dhcp
-related computer objects.</p>
-
-<p>When a DHCP request come in, LDAP is searched for the MAC address
-of the client (00:00:00:00:00:00 in this example), using a subtree
-scoped search with "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" as
-the base and "(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
-00:00:00:00:00:00))" as the filter. This is what a host object look
-like:</p>
-
-<blockquote><pre>
-dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-cn: hostname
-objectClass: top
-objectClass: dhcpHost
-dhcpHWAddress: ethernet 00:00:00:00:00:00
-dhcpStatements: fixed-address hostname
-</pre></blockquote>
-
-<p>There is less flexiblity in the way LDAP searches are done here.
-The object classes need to have fixed names, and the configuration
-need to be stored in a fairly specific LDAP structure. On the
-positive side, the invidiual dhcpHost entires can be anywhere without
-the DN pointed to by the dhcpServer entries. The latter should make
-it possible to group all host entries in a subtree next to the
-configuration entries, and this subtree can also be shared with the
-DNS server if the schema proposed above is combined with the dhcpHost
-structural object class.
-
-<p><strong>Conclusion</strong></p>
-
-<p>The PowerDNS implementation seem to be very flexible when it come
-to which LDAP schemas to use. While its "tree" mode is rigid when it
-come to the the LDAP structure, the "strict" mode is very flexible,
-allowing DNS objects to be stored anywhere under the base cn specified
-in the configuration.</p>
-
-<p>The DHCP implementation on the other hand is very inflexible, both
-regarding which LDAP schemas to use and which LDAP structure to use.
-I guess one could implement ones own schema, as long as the
-objectclasses and attributes have the names used, but this do not
-really help when the DHCP subtree need to have a fairly fixed
-structure.</p>
-
-<p>Based on the observed behaviour, I suspect a LDAP structure like
-this might work for Debian Edu:</p>
-
-<blockquote><pre>
-ou=services
- cn=machine-info (dhcpService) - dhcpServiceDN points here
- cn=dhcp (dhcpServer)
- cn=dhcp-internal (dhcpSharedNetwork/dhcpOptions)
- cn=10.0.2.0 (dhcpSubnet)
- cn=group1 (dhcpGroup/dhcpOptions)
- cn=dhcp-thinclients (dhcpSharedNetwork/dhcpOptions)
- cn=192.168.0.0 (dhcpSubnet)
- cn=group1 (dhcpGroup/dhcpOptions)
- ou=machines - PowerDNS base points here
- cn=hostname (dhcpHost/domainrelatedobject/dnsDomainAux)
-</pre></blockquote>
-
-<P>This is not tested yet. If the DHCP server require the dhcpHost
-entries to be in the dhcpGroup subtrees, the entries can be stored
-there instead of a common machines subtree, and the PowerDNS base
-would have to be moved one level up to the machine-info subtree.</p>
+<pre>
+% ln foo bar
+ln: creating hard link `bar' => `foo': Function not implemented
+%
+</pre>
-<p>The combined object under the machines subtree would look something
-like this:</p>
-
-<blockquote><pre>
-dn: dc=hostname,ou=machines,cn=machine-info,dc=skole,dc=skolelinux,dc=no
-dc: hostname
-objectClass: top
-objectClass: dhcpHost
-objectclass: domainrelatedobject
-objectclass: dnsDomainAux
-associateddomain: hostname.intern
-arecord: 10.11.12.13
-dhcpHWAddress: ethernet 00:00:00:00:00:00
-dhcpStatements: fixed-address hostname.intern
-</pre></blockquote>
+<p>I have not yet found time to implement a test for this in my file
+system test code, but believe having working hard links is useful to
+avoid surprised unix programs. Not as useful as working file locking
+and symlinks, which are required to get a working desktop, but useful
+nevertheless. :)</p>
-</p>One could even add the LTSP configuration associated with a given
-machine, as long as the required attributes are available in a
-auxiliary object class.</p>
+<p>The latest version of the file system test code is available via
+git from
+<a href="http://github.com/gebi/fs-test">http://github.com/gebi/fs-test</a></p>