X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/31ceb3091935028acf2d02934223669b9f1fd8f9..b930b26ee67546bfbe60cde22ac5051e9e51e9ea:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 38db9a0626..fe3f46cc65 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,536 +20,353 @@
-
Robot, reis deg...
-
2010-08-21 22:10
+
How to test if a laptop is working with Linux
+
2010-12-22 14:55
-

I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og -har brukt noen timer til å google etter interessante referanser og -aktuell kildekode for bruk på Linux. Det mest lovende så langt er -ispykee, som har en -BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på -lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for -å fjernstyre roboten. Linux-daemonen implementerer deler av -protokollen som roboten forstår. Etter å ha knotet litt med å oppnå -kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg -måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at -den lytter på IP-port 9000 og 9001, gikk jeg i gang med å finne ut -hvordan jeg kunne snakke med roboten vha. disse portene. Robotbiten -av protokollen er publisert av produsenten med GPL-lisens, slik at det -er mulig å se hvordan protokollen fungerer. Det finnes en java-klient -for Android som så ganske snasen ut, men fant ingen kildekode for -denne. Derimot hadde iphone-løsningen kildekode, så jeg tok -utgangspunkt i den.

- -

Daemonen ville i utgangspunktet forsøke å kontakte den sentrale -tjenesten som iphone-programmet kobler seg til. Jeg skrev dette om -til i stedet å sette opp en nettverkstjeneste på min lokale maskin, -som jeg kan koble meg opp til med telnet og gi kommandoer til roboten -(act, forward, right, left, etc). Det involverte i praksis å bytte ut -socket()/connect() med socket()/bind()/listen()/accept() for å gjøre -klienten om til en tjener.

- -

Mens jeg har forsøkt å få roboten til å bevege seg har min samboer -skrudd sammen resten av roboten for å få montert kamera og plastpynten -(armer, plastfiber for lys). Nå er det hele montert, og roboten er -klar til bruk. Må få flyttet den over til mitt vanlige trådløsnett -før det blir praktisk, men de bitene av protokollen er ikke -implementert i ispykee-daemonen, så der må jeg enten få tak i en mac -eller en windows-maskin, eller implementere det selv.

- -

Vi var tre som kjøpte slike roboter, og vi har blitt enige om å -samle notater og referanser på NUUGs wiki. Ta en titt -der hvis du er nysgjerrig.

+

The last few days I have spent at work here at the University of oslo testing if the new +batch of computers will work with Linux. Every year for the last few +years the university have organized shared bid of a few thousand +computers, and this year HP won the bid. Two different desktops and +five different laptops are on the list this year. We in the UNIX +group want to know which one of these computers work well with RHEL +and Ubuntu, the two Linux distributions we currently handle at the +university.

+ +

My test method is simple, and I share it here to get feedback and +perhaps inspire others to test hardware as well. To test, I PXE +install the OS version of choice, and log in as my normal user and run +a few applications and plug in selected pieces of hardware. When +something fail, I make a note about this in the test matrix and move +on. If I have some spare time I try to report the bug to the OS +vendor, but as I only have the machines for a short time, I rarely +have the time to do this for all the problems I find.

+ +

Anyway, to get to the point of this post. Here is the simple tests +I perform on a new model.

+ + + +

By now I suspect you are really curious what the test results are +for the HP machines I am testing. I'm not done yet, so I will report +the test results later. For now I can report that HP 8100 Elite work +fine, and hibernation fail with HP EliteBook 8440p on Ubuntu Lucid, +and audio fail on RHEL6. Ubuntu Maverik worked with 8440p. As you +can see, I have most machines left to test. One interesting +observation is that Ubuntu Lucid has almost twice the framerate than +RHEL6 with glxgears. No idea why.

- Tags: norsk, nuug, robot. + Tags: debian, debian edu, english.
-
2 Spykee-roboter i hus, nå skal det lekes
-
2010-08-18 13:30
+
Some thoughts on BitCoins
+
2010-12-11 15:10
-

Jeg kjøpte nettopp to -Spykee-roboter, for test og -leking. Kjøpte to da det var så billige, og gir meg mulighet til å -eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte -ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde -en liten stabel på lager som de ikke hadde klart å selge ut etter -fjorårets juleinnkjøp, og var villig til å selge for en femtedel av -vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og -det blir morsomt å se hva vi får ut av dette.

- -

Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon -og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som -jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i -mai. Eneste utfordringen er at kontroller-programvaren kun finnes til -Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til -firmwaren. :)

+

As I continue to explore +BitCoin, I've starting to wonder +what properties the system have, and how it will be affected by laws +and regulations here in Norway. Here are some random notes.

+ +

One interesting thing to note is that since the transactions are +verified using a peer to peer network, all details about a transaction +is known to everyone. This means that if a BitCoin address has been +published like I did with mine in my initial post about BitCoin, it is +possible for everyone to see how many BitCoins have been transfered to +that address. There is even a web service to look at the details for +all transactions. There I can see that my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b +have received 16.06 Bitcoin, the +1LfdGnGuWkpSJgbQySxxCWhv8MHqvwst3 +address of Simon Phipps have received 181.97 BitCoin and the address +1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt +of EFF have received 2447.38 BitCoins so far. Thank you to each and +every one of you that donated bitcoins to support my activity. The +fact that anyone can see how much money was transfered to a given +address make it more obvious why the BitCoin community recommend to +generate and hand out a new address for each transaction. I'm told +there is no way to track which addresses belong to a given person or +organisation without the person or organisation revealing it +themselves, as Simon, EFF and I have done.

+ +

In Norway, and in most other countries, there are laws and +regulations limiting how much money one can transfer across the border +without declaring it. There are money laundering, tax and accounting +laws and regulations I would expect to apply to the use of BitCoin. +If the Skolelinux foundation +(SLX +Debian Labs) were to accept donations in BitCoin in addition to +normal bank transfers like EFF is doing, how should this be accounted? +Given that it is impossible to know if money can across the border or +not, should everything or nothing be declared? What exchange rate +should be used when calculating taxes? Would receivers have to pay +income tax if the foundation were to pay Skolelinux contributors in +BitCoin? I have no idea, but it would be interesting to know.

+ +

For a currency to be useful and successful, it must be trusted and +accepted by a lot of users. It must be possible to get easy access to +the currency (as a wage or using currency exchanges), and it must be +easy to spend it. At the moment BitCoin seem fairly easy to get +access to, but there are very few places to spend it. I am not really +a regular user of any of the vendor types currently accepting BitCoin, +so I wonder when my kind of shop would start accepting BitCoins. I +would like to buy electronics, travels and subway tickets, not herbs +and books. :) The currency is young, and this will improve over time +if it become popular, but I suspect regular banks will start to lobby +to get BitCoin declared illegal if it become popular. I'm sure they +will claim it is helping fund terrorism and money laundering (which +probably would be true, as is any currency in existence), but I +believe the problems should be solved elsewhere and not by blaming +currencies.

+ +

The process of creating new BitCoins is called mining, and it is +CPU intensive process that depend on a bit of luck as well (as one is +competing against all the other miners currently spending CPU cycles +to see which one get the next lump of cash). The "winner" get 50 +BitCoin when this happen. Yesterday I came across the obvious way to +join forces to increase ones changes of getting at least some coins, +by coordinating the work on mining BitCoins across several machines +and people, and sharing the result if one is lucky and get the 50 +BitCoins. Check out +BitCoin Pool +if this sounds interesting. I have not had time to try to set up a +machine to participate there yet, but have seen that running on ones +own for a few days have not yield any BitCoins througth mining +yet.

- +

Update 2010-12-15: Found an interesting +criticism of bitcoin. Not quite sure how valid it is, but thought +it was interesting to read. The arguments presented seem to be +equally valid for gold, which was used as a currency for many years.

- Tags: norsk, nuug, robot. + Tags: bitcoin, debian, english, personvern, sikkerhet.
-
Rob Weir: How to Crush Dissent
-
2010-08-15 22:20
+
Pornoskannerne på flyplassene bedrer visst ikke sikkerheten
+
2010-12-11 10:45
-

I found the notes from Rob Weir on -how -to crush dissent matching my own thoughts on the matter quite -well. Highly recommended for those wondering which road our society -should go down. In my view we have been heading the wrong way for a -long time.

+

Via en +blogpost fra Simon Phipps i går, fant jeg en referanse til +en +artikkel i Washington Times som igjen refererer til en artikkel i +det fagfellevurderte tidsskriftet Journal of Transportation Security +med tittelen +"An +evaluation of airport x-ray backscatter units based on image +characteristics" som enkelt konstaterer at +pornoscannerne +som kler av reisende på flyplasser ikke er i stand til å avsløre det +produsenten og amerikanske myndigheter sier de skal avsløre. Kort +sagt, de bedrer ikke sikkerheten. Reisende må altså la ansatte på +flyplasser se dem +nakne eller la seg beføle i skrittet uten grunn. Jeg vil +fortsette å nekte å bruke disse pornoskannerne, unngå flyplasser der +de er tatt i bruk, og reise med andre transportmidler enn fly hvis jeg +kan.

- Tags: english, lenker, nuug, personvern, sikkerhet. + Tags: norsk, personvern, sikkerhet.
-
No hardcoded config on Debian Edu clients
-
2010-08-09 20:15
+
Martin Bekkelund: En stille bønn om Datalagringsdirektivet
+
2010-12-09 21:25
-

As reported earlier, the last few days I have looked at how Debian -Edu clients are configured, and tried to get rid of all hardcoded -configuration settings on the clients. I believe the work to be -mostly done, and the clients seem to work just fine with dynamically -generated configuration.

- -

What is the point, you might ask? The point is to allow a Debian -Edu desktop to integrate into an existing network infrastructure -without any manual configuration.

- -

This is what happens when installing a Debian Edu client here at -the University of Oslo using PXE. With the PXE installation, I am -asked for language (Norwegian Bokmål), locality (Norway) and keyboard -layout (no-latin1), Debian Edu profile (Roaming Workstation), if I -accept to reformat the hard drive (yes), if I want to submit info to -popcon.debian.org (no) and root password (secret). After answering -these questions, the installer goes ahead and does its thing, and -after around 50 minutes it is done. I press enter to finish the -installation, and the machine reboots into KDE. When the machine is -ready and kdm asks for login information, I enter my university -username and password, am told by kdm that a local home directory has -been created and that I must log in again, and finally log in with the -same username and password to the KDE 4.4 desktop. At no point during -this process did it ask for university specific settings, and all the -required configuration was dynamically detected using information -fetched via DHCP and DNS. The roaming workstation is now ready for -use.

- -

How was this done, you might wonder? First of all, here is the -list of things that need to be configured on the client to get it -working properly out of the box:

+

Martin Bekkelund ved +friprog-senteret har skrevet +følgende +korte +oppsummering rundt datalagringsdirektivet, som jeg videreformidler +her.

+ +

Det pågår i disse dager en intens diskusjon om +innføring av Datalagringsdirektivet (DLD) i norsk rett. Kanskje +har du gjort deg opp en mening, kanskje er du usikker. I begge +tilfeller ber jeg deg lese videre.

+ +

Samtlige fagmiljøer, både i Norge og EU, har konkludert med at +DLD ikke bør +innføres på nåværende tidspunkt. Den tekniske kvaliteten på direktivet +er dårlig, det griper uforholdsmessig inn i personvernet, det har +store mangler og viktige spørsmål som hvem som skal ha tilgang og +hvordan data skal lagres er fortsatt uavklart.

    -
  • IP address/netmask and DNS server.
    • -
  • Web proxy URL.
    • -
  • LDAP server for NSS directory information (user, group, etc).
    • -
  • Kerberos server for PAM password checking.
    • -
  • SMB mount point to access the network home directory. (*)
    • -
  • Central syslog server to send syslog messages to. (*)
    • -
  • Sitesummary collector URL to submit info to central server. (*)
    • +
  • EU-ekspertene sier at konsekvensene av Ã¥ benytte vetoretten er minimale
    • +
  • Juristene pÃ¥peker at direktivet er i strid med EMK
    • +
  • Datatilsynet sier direktivet fÃ¥r store konsekvenser for personvernet og at direktivet er irreversibelt
    • +
  • Teknologene sier at sikker lagring ikke er mulig, at det er svært enkelt Ã¥ omgÃ¥ og mulig Ã¥ manipulere data og produsere falske beviser
    • +
  • Pressen sier nei av hensyn til kildevernet
    • +
  • Det er store interne stridigheter i EU. Blant annet har den tyske forfatningsdomstolen funnet at mÃ¥ten DLD er innført pÃ¥ er i strid med tysk grunnlov
    • +
  • Alle de store operatørene og tilbyderne sier nei, av tekniske og personvernmessige Ã¥rsaker
-

(Hm, did I forget anything? Let me knew if I did.)

- -

The points marked (*) are not required to be able to use the -machine, but needed to provide central storage and allowing system -administrators to track their machines. Since yesterday, everything -but the sitesummary collector URL is dynamically discovered at boot -and installation time in the svn version of Debian Edu.

- -

The IP and DNS setup is fetched during boot using DHCP as usual. -When a DHCP update arrives, the proxy setup is updated by looking for -http://wpat/wpad.dat and using the content of this WPAD file to -configure the http and ftp proxy in /etc/environment and -/etc/apt/apt.conf. I decided to update the proxy setup using a DHCP -hook to ensure that the client stops using the Debian Edu proxy when -it is moved outside the Debian Edu network, and instead uses any local -proxy present on the new network when it moves around.

- -

The DNS names of the LDAP, Kerberos and syslog server and related -configuration are generated using DNS information at boot. First the -installer looks for a host named ldap in the current DNS domain. If -not found, it looks for _ldap._tcp SRV records in DNS instead. If an -LDAP server is found, its root DSE entry is requested and the -attributes namingContexts and defaultNamingContext are used to -determine which LDAP base to use for NSS. If there are several -namingContexts attibutes and the defaultNamingContext is present, that -LDAP subtree is used as the base. If defaultNamingContext is missing, -the subtrees listed as namingContexts are searched in sequence for any -object with class posixAccount or posixGroup, and the first one with -such an object is used as the LDAP base. For Kerberos, a similar -search is done by first looking for a host named kerberos, and then -for the _kerberos._tcp SRV record. I've been unable to find a way to -look up the Kerberos realm, so for this the upper case string of the -current DNS domain is used.

- -

For the syslog server, the hosts syslog and loghost are searched -for, and the _syslog._udp SRV record is consulted if no such host is -found. This algorithm works for both Debian Edu and the University of -Oslo. A similar strategy would work for locating the sitesummary -server, but have not been implemented yet. I decided to fetch and -save these settings during installation, to make sure moving to a -different network does not change the set of users being allowed to -log in nor the passwords required to log in. Usernames and passwords -will be cached by sssd when the user logs in on the Debian Edu -network, and will not change as the laptop move around. For a -non-roaming machine, there is no caching, but given that it is -supposed to stay in place it should not matter much. Perhaps we -should switch those to use sssd too?

- -

The user's SMB mount point for the network home directory is -located when the user logs in for the first time. The LDAP server is -consulted to look for the user's LDAP object and the sambaHomePath -attribute is used if found. If it isn't found, the home directory -path fetched from NSS is used instead. Assuming the path is of the -form /site/server/directory/username, the second part is looked up in -DNS and used to generate a SMB URL of the form -smb://server.domain/username. This algorithm works for both Debian -edu and the University of Oslo. Perhaps there are better attributes -to use or a better algorithm that works for more sites, but this will -do for now. :)

- -

This work should make it easier to integrate the Debian Edu clients -into any LDAP/Kerberos infrastructure, and make the current setup even -more flexible than before. I suspect it will also work for thin -client servers, allowing one to easily set up LTSP and hook it into a -existing network infrastructure, but I have not had time to test this -yet.

- -

If you want to help out with implementing these things for Debian -Edu, please contact us on debian-edu@lists.debian.org.

- -

Update 2010-08-09: Simon Farnsworth gave me a heads-up on how to -detect Kerberos realm from DNS, by looking for _kerberos TXT entries -before falling back to the upper case DNS domain name. Will have to -implement it for Debian Edu. :)

+

Jeg liker å tro at jeg er en hyggelig fyr. Jeg har et rent +rulleblad, og med unntak av to fartsbøter har jeg aldri vært en byrde +for samfunnet. Det akter jeg å fortsette med. Det er mange som meg, +lovlydige, pliktoppfyllende borgere som aldri vil utgjøre en trussel +mot noe som helst. Vi synes derfor det er trist og sårende at all vår +atferd skal overvåkes døgnkontinuerlig.

+ +

Understøttet av faglige vurderinger kan du trygt si nei til +DLD.

+ +

Ta kontakt med meg +hvis du har spørsmål om DLD, uansett hva det måtte +gjelde.

+ +

Denne teksten er å anse som Public +Domain. Spre den videre til alle som kan ha nytte av +den!

+

+ +

Siste melding +fra Nettavisen er at regjeringen planlegger å fremme sitt forslag +til implementering av datalagringsdirektivet i morgen, i ly av +fredprisutdelingen for å få minst mulig pressedekning om saken. Vi +får snart se om det stemmer.

- Tags: debian edu, english, nuug. + Tags: norsk, personvern.
-
Testing if a file system can be used for home directories...
-
2010-08-08 21:20
+
Student group continue the work on my Reprap 3D printer
+
2010-12-09 19:30
-

A few years ago, I was involved in a project planning to use -Windows file servers as home directory servers for Debian -Edu/Skolelinux machines. This was thought to be no problem, as the -access would be through the SMB network file system protocol, and we -knew other sites used SMB with unix and samba as the file server to -mount home directories without any problems. But, after months of -struggling, we had to conclude that our goal was impossible.

- -

The reason is simply that while SMB can be used for home -directories when the file server is Samba running on Unix, this only -work because of Samba have some extensions and the fact that the -underlying file system is a unix file system. When using a Windows -file server, the underlying file system do not have POSIX semantics, -and several programs will fail if the users home directory where they -want to store their configuration lack POSIX semantics.

- -

As part of this work, I wrote a small C program I want to share -with you all, to replicate a few of the problematic applications (like -OpenOffice.org and GCompris) and see if the file system was working as -it should. If you find yourself in spooky file system land, it might -help you find your way out again. This is the fs-test.c source:

- -
-/*
- * Some tests to check the file system sematics.  Used to verify that
- * CIFS from a windows server do not work properly as a linux home
- * directory.
- * License: GPL v2 or later
- * 
- * needs libsqlite3-dev and build-essential installed
- * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
-*/
-
-#define _FILE_OFFSET_BITS 64
-#define _LARGEFILE_SOURCE 1
-#define _LARGEFILE64_SOURCE 1
-
-#define _GNU_SOURCE /* for asprintf() */
-
-#include <errno.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#ifdef TEST_SQLITE
-/*
- * Test sqlite open, as done by gcompris require the libsqlite3-dev
- * package and linking with -lsqlite3.  A more low level test is
- * below.
- * See also <URL: http://www.sqlite.org./faq.html#q5 >.
- */
-#include <sqlite3.h>
-#define CREATE_TABLE_USERS                                              \
-  "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
-int test_sqlite_open(void) {
-  char *zErrMsg;
-  char *name = "testsqlite.db";
-  sqlite3 *db=NULL;
-  unlink(name);
-  int rc = sqlite3_open(name, &db);
-  if( rc ){
-    printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
-    sqlite3_close(db);
-    return -1;
-  }
-
-  /* create tables */
-  rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL,  0, &zErrMsg);
-  if( rc != SQLITE_OK ){
-    printf("error: sqlite table create failed: %s\n", zErrMsg);
-    sqlite3_close(db);
-    return -1;
-  }
-  printf("info: sqlite worked\n");
-  sqlite3_close(db);
-  return 0;
-}
-#endif /* TEST_SQLITE */
-
-/*
- * Demonstrate locking issue found in gcompris using sqlite3.  This
- * work with ext3, but not with cifs server on Windows 2003.  This is
- * done in the sqlite3 library.
- * See also
- * <URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
- * POSIX specification
- * <URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
- */
-int test_gcompris_locking(void) {
-  struct flock fl;
-  char *name = "testsqlite.db";
-  unlink(name);
-  int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
-  printf("info: testing fcntl locking\n");
-
-  fl.l_whence = SEEK_SET;
-  fl.l_pid    = getpid();
-  printf("  Read-locking 1 byte from 1073741824");
-  fl.l_start  = 1073741824;
-  fl.l_len    = 1;
-  fl.l_type   = F_RDLCK;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  printf("  Read-locking 510 byte from 1073741826");
-  fl.l_start  = 1073741826;
-  fl.l_len    = 510;
-  fl.l_type   = F_RDLCK;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  printf("  Unlocking 1 byte from 1073741824");
-  fl.l_start  = 1073741824;
-  fl.l_len    = 1;
-  fl.l_type   = F_UNLCK;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  printf("  Write-locking 1 byte from 1073741824");
-  fl.l_start  = 1073741824;
-  fl.l_len    = 1;
-  fl.l_type   = F_WRLCK;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  printf("  Write-locking 510 byte from 1073741826");
-  fl.l_start  = 1073741826;
-  fl.l_len    = 510;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  printf("  Unlocking 2 byte from 1073741824");
-  fl.l_start  = 1073741824;
-  fl.l_len    = 2;
-  fl.l_type   = F_UNLCK;
-  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
-  close(fd);
-  return 0;
-}
-
-/*
- * Test if permissions of freshly created directories allow entries
- * below them.  This was a problem with OpenOffice.org and gcompris.
- * Mounting with option 'sync' seem to solve this problem while
- * slowing down file operations.
- */
-int test_subdirectory_creation(void) {
-#define LEVELS 5
-  char *path = strdup("test");
-  char *dirs[LEVELS];
-  int level;
-  printf("info: testing subdirectory creation\n");
-  for (level = 0; level < LEVELS; level++) {
-    char *newpath = NULL;
-    if (-1 == mkdir(path, 0777)) {
-      printf("  error: Unable to create directory '%s': %s\n",
-	     path, strerror(errno));
-      break;
-    }
-    asprintf(&newpath, "%s/%s", path, "test");
-    free(path);
-    path = newpath;
-  }
-  return 0;
-}
-
-/*
- * Test if symlinks can be created.  This was a problem detected with
- * KDE.
- */
-int test_symlinks(void) {
-  printf("info: testing symlink creation\n");
-  unlink("symlink");
-  if (-1 == symlink("file", "symlink"))
-    printf("  error: Unable to create symlink\n");
-  return 0;
-}
-
-int main(int argc, char **argv) {
-  printf("Testing POSIX/Unix sematics on file system\n");
-  test_symlinks();
-  test_subdirectory_creation();
-#ifdef TEST_SQLITE
-  test_sqlite_open();
-#endif /* TEST_SQLITE */
-  test_gcompris_locking();
-  return 0;
-}
-
- -

When everything is working, it should print something like -this:

- -
-Testing POSIX/Unix sematics on file system
-info: testing symlink creation
-info: testing subdirectory creation
-info: sqlite worked
-info: testing fcntl locking
-  Read-locking 1 byte from 1073741824
-  Read-locking 510 byte from 1073741826
-  Unlocking 1 byte from 1073741824
-  Write-locking 1 byte from 1073741824
-  Write-locking 510 byte from 1073741826
-  Unlocking 2 byte from 1073741824
-
- -

I do not remember the exact details of the problems we saw, but one -of them was with locking, where if I remember correctly, POSIX allow a -read-only lock to be upgraded to a read-write lock without unlocking -the read-only lock (while Windows do not). Another was a bug in the -CIFS/SMB client implementation in the Linux kernel where directory -meta information would be wrong for a fraction of a second, making -OpenOffice.org fail to create its deep directory tree because it was -not allowed to create files in its freshly created directory.

- -

Anyway, here is a nice tool for your tool box, might you never need -it. :)

+

A few days ago, I was introduces to some students in the robot +student assosiation Robotica +Osloensis at the University of Oslo where I work, who planned to +get their own 3D printer. They wanted to learn from me based on my +work in the area. After having a short lunch meeting with them, I +offered them to borrow my reprap kit, as I never had time to complete +the build and this seem unlike to change any time soon. I look +forward to see how this goes. This monday their volunteer driver +picked up my kit and drove it to their lab, and tomorrow I am told the +last exam is over so they can start work on getting the 3D printer +operational.

+ +

The robotic group have already build several robots on their own, +and seem capable of getting the reprap operational. I really look +forward to being able to print all the cool 3D designs published on +Thingiverse. I even got +some 3D scans I got made during Dagen@IFI when one of the groups at +the computer science department at the university demonstrated their +very cool 3D scanner.

- Tags: debian edu, english, nuug. + Tags: 3d-printer, english, reprap.
-
Autodetecting Client setup for roaming workstations in Debian Edu
-
2010-08-07 14:45
+
Debian Edu development gathering and General Assembly for FRiSK
+
2010-11-29 18:40
-

A few days ago, I -tried -to install a Roaming workation profile from Debian Edu/Squeeze -while on the university network here at the University of Oslo, and -noticed how much had to change to get it operational using the -university infrastructure. It was fairly easy, but it occured to me -that Debian Edu would improve a lot if I could get the client to -connect without any changes at all, and thus let the client configure -itself during installation and first boot to use the infrastructure -around it. Now I am a huge step further along that road.

- -

With our current squeeze-test packages, I can select the roaming -workstation profile and get a working laptop connecting to the -university LDAP server for user and group and our active directory -servers for Kerberos authentication. All this without any -configuration at all during installation. My users home directory got -a bookmark in the KDE menu to mount it via SMB, with the correct URL. -In short, openldap and sssd is correctly configured. In addition to -this, the client look for http://wpad/wpad.dat to configure a web -proxy, and when it fail to find it no proxy settings are stored in -/etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is -configured to look for the same wpad configuration and also do not use -a proxy when at the university network. If the machine is moved to a -network with such wpad setup, it would automatically use it when DHCP -gave it a IP address.

- -

The LDAP server is located using DNS, by first looking for the DNS -entry ldap.$domain. If this do not exist, it look for the -_ldap._tcp.$domain SRV records and use the first one as the LDAP -server. Next, it connects to the LDAP server and search all -namingContexts entries for posixAccount or posixGroup objects, and -pick the first one as the LDAP base. For Kerberos, a similar -algorithm is used to locate the LDAP server, and the realm is the -uppercase version of $domain.

- -

So, what is not working, you might ask. SMB mounting my home -directory do not work. No idea why, but suspected the incorrect -Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be -the cause. These are not properly configured during installation, and -had to be hand-edited to get the correct Kerberos realm and server, -but SMB mounting still do not work. :(

- -

With this automatic configuration in place, I expect a Debian Edu -roaming profile installation would be able to automatically detect and -connect to any site using LDAP and Kerberos for NSS directory and PAM -authentication. It should also work out of the box in a Active -Directory environment providing posixAccount and posixGroup objects -with UID and GID values.

- -

If you want to help out with implementing these things for Debian -Edu, please contact us on debian-edu@lists.debian.org.

+

On friday, the first Debian Edu / Skolelinux +development +gathering in a long time take place here in Oslo, Norway. I +really look forward to seeing all the good people working on the +Squeeze release. The gathering is open for everyone interested in +learning more about Debian Edu / Skolelinux.

+ +

On Saturday, the Norwegian member organization taking care of +organizing these development gatherings, Fri Programvare i Skolen, +will hold its +General Assembly +for 2010. Membership is open for all, and currently there are 388 +people registered as members. Last year 32 members cast their vote in +the memberdb based election system. I hope more people find time to +vote this year.

@@ -562,284 +379,637 @@ Edu, please contact us on debian-edu@lists.debian.org.

-
Debian Edu roaming workstation - at the university of Oslo
-
2010-08-03 23:30
+
Why isn't Debian Edu using VLC?
+
2010-11-27 11:30
-

The new roaming workstation profile in Debian Edu/Squeeze is fairly -similar to the laptop setup am I working on using Ubuntu for the -University of Oslo, and just for the heck of it, I tested today how -hard it would be to integrate that profile into the university -infrastructure. In this case, it is the university LDAP server, -Active Directory Kerberos server and SMB mounting from the Netapp file -servers.

- -

I was pleasantly surprised that the only three files needed to be -changed (/etc/sssd/sssd.conf, /etc/ldap.conf and -/etc/mklocaluser.d/20-debian-edu-config) and one file had to be added -(/usr/share/perl5/Debian/Edu_Local.pm), to get the client working. -Most of the changes were to get the client to use the university LDAP -for NSS and Kerberos server for PAM, but one was to change a hard -coded DNS domain name in the mklocaluser hook from .intern to -.uio.no.

- -

This testing was so encouraging, that I went ahead and adjusted the -Debian Edu scripts and setup in subversion to centralise the roaming -workstation setup a bit more and avoid the hardcoded DNS domain name, -so that when I test this tomorrow, I expect to get away with modifying -only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the -university servers.

- -

My goal is to get the clients to have no hardcoded settings and -fetch all their initial setup during installation and first boot, to -allow them to be inserted also into environments where the default -setup in Debian Edu has been changed or as with the university, where -the environment is different but provides the protocols Debian Edu -uses.

+

In the latest issue of Linux Journal, the readers choices were +presented, and the winner among the multimedia player were VLC. +Personally, I like VLC, and it is my player of choice when I first try +to play a video file or stream. Only if VLC fail will I drag out +gmplayer to see if it can do better. The reason is mostly the failure +model and trust. When VLC fail, it normally pop up a error message +reporting the problem. When mplayer fail, it normally segfault or +just hangs. The latter failure mode drain my trust in the program.

+ +

But even if VLC is my player of choice, we have choosen to use +mplayer in Debian +Edu/Skolelinux. The reason is simple. We need a good browser +plugin to play web videos seamlessly, and the VLC browser plugin is +not very good. For example, it lack in-line control buttons, so there +is no way for the user to pause the video. Also, when I +last +tested the browser plugins available in Debian, the VLC plugin +failed on several video pages where mplayer based plugins worked. If +the browser plugin for VLC was as good as the gecko-mediaplayer +package (which uses mplayer), we would switch.

+ +

While VLC is a good player, its user interface is slightly +annoying. The most annoying feature is its inconsistent use of +keyboard shortcuts. When the player is in full screen mode, its +shortcuts are different from when it is playing the video in a window. +For example, space only work as pause when in full screen mode. I +wish it had consisten shortcuts and that space also would work when in +window mode. Another nice shortcut in gmplayer is [enter] to restart +the current video. It is very nice when playing short videos from the +web and want to restart it when new people arrive to have a look at +what is going on.

- Tags: debian edu, english, nuug. + Tags: debian, debian edu, english, multimedia, video, web.
-
Circular package dependencies harms apt recovery
-
2010-07-27 23:50
+
DND hedrer overvåkning av barn med Rosingsprisen
+
2010-11-23 14:15
-

I discovered this while doing -automated -testing of upgrades from Debian Lenny to Squeeze. A few packages -in Debian still got circular dependencies, and it is often claimed -that apt and aptitude should be able to handle this just fine, but -some times these dependency loops causes apt to fail.

- -

An example is from todays -upgrade -of KDE using aptitude. In it, a bug in kdebase-workspace-data -causes perl-modules to fail to upgrade. The cause is simple. If a -package fail to unpack, then only part of packages with the circular -dependency might end up being unpacked when unpacking aborts, and the -ones already unpacked will fail to configure in the recovery phase -because its dependencies are unavailable.

- -

In this log, the problem manifest itself with this error:

- -
-dpkg: dependency problems prevent configuration of perl-modules:
- perl-modules depends on perl (>= 5.10.1-1); however:
-  Version of perl on system is 5.10.0-19lenny2.
-dpkg: error processing perl-modules (--configure):
- dependency problems - leaving unconfigured
-
- -

The perl/perl-modules circular dependency is already -reported as a bug, and will -hopefully be solved as soon as possible, but it is not the only one, -and each one of these loops in the dependency tree can cause similar -failures. Of course, they only occur when there are bugs in other -packages causing the unpacking to fail, but it is rather nasty when -the failure of one package causes the problem to become worse because -of dependency loops.

- -

Thanks to -the -tireless effort by Bill Allombert, the number of circular -dependencies -left in Debian -is dropping, and perhaps it will reach zero one day. :)

- -

Todays testing also exposed a bug in -update-notifier and -different behaviour between -apt-get and aptitude, the latter possibly caused by some circular -dependency. Reported both to BTS to try to get someone to look at -it.

+

Jeg registrerer med vond smak i munnen at Den Norske Dataforening +hedrer +overvåkning av barn med Rosingsprisen for kreativitet i år. Jeg +er glad jeg nå er meldt ut av DND.

+ +

Å elektronisk overvåke sine barn er ikke å gjøre dem en tjeneste, +men et overgrep mot individer i utvikling som bør læres opp til å ta +egne valg.

+ +

For å sitere Datatilsynets nye leder, Bjørn Erik Thon, i +et intervju +med Computerworld Norge:

+ +

+- For alle som har barn, meg selv inkludert, er førstetanken at det +hadde vært fint å vite hvor barnet sitt er til enhver tid. Men ungene +har ikke godt av det. De er små individer som skal søke rundt og finne +sine små gjemmesteder og utvide horisonten, uten at foreldrene ser dem +i kortene. Det kan være fristende, men jeg ville ikke gått inn i +dette. +

+ +

Det er skremmende å se at DND mener en tjeneste som legger opp til +slike overgrep bør hedres. Å flytte oppveksten for barn inn i en +virtuell +Panopticon er et +grovt overgrep og vil gjøre skade på barnenes utvikling, og foreldre +burde tenke seg godt om før de gir etter for sine instinkter her.

+ +

Blipper-tjenesten får meg til å tenke på bøkene til +John Twelve +Hawks, som forbilledlig beskriver hvordan et totalitært +overvåkningssamfunn bygges sakte men sikkert rundt oss, satt sammen av +gode intensjoner og manglende bevissthet om hvilke prinsipper et +liberalt demokrati er fundamentert på. Jeg har hatt stor glede av å +lese alle de tre bøkene.

- Tags: debian, english, nuug. + Tags: norsk, personvern, sikkerhet.
-
First Debian Edu test release (alpha0) based on Squeeze is released
-
2010-07-27 17:45
+
Lenny->Squeeze upgrades of the Gnome and KDE desktop, now with apt-get autoremove
+
2010-11-22 14:15
-

I just posted this announcement culminating several months of work -with the next Debian Edu release. Not nearly done, but one major step -completed.

- -
-

This is the first test release based on Squeeze. The focus of this -release is to test the user application selection. To have a look, -install the standalone profile and let the developers know if the set -of installed packages i.e. applications should be modified. If some -user application is missing, or if there are some applications that no -longer make sense to be included in Debian Edu, please let us know. -Also, if a useful application is missing the translation for your -language of choice, please let us know too.

- -

In addition, feedback and help to polish the desktop (menus, -artwork, starters, etc.) is appreciated. We would like to ship a nice -and handy KDE4 desktop targeted for schools out of the box.

- -

The other profiles should be installable, but there is a lot more -work left to be done before they are ready, so do not expect to -much.

- -

Changes compared to the lenny based version

- -
    -
  • Everything from Debian Squeeze -
      -
    • Desktop environment KDE 4.4 => the new KDE desktop in - combination with some new artwork -
    • Web browser Iceweasel 3.5 -
    • OpenOffice.org 3.2 -
    • Educational toolbox GCompris 9.3 -
    • Music creator Rosegarden 10.04.2 -
    • Image editor Gimp 2.6.10 -
    • Virtual universe Celestia 1.6.0 -
    • Virtual stargazer Stellarium 0.10.4 -
    • 3D modeler Blender 2.49.2 (new application) -
    • Video editor Kdenlive 0.7.7 (new application) -
    • -
  • Now using Kerberos for password checking (migration not finished). - Enabled for: -
      -
    • PAM -
    • LDAP -
    • IMAP -
    • SMTP (sender verification) -
    -
    • -
  • New experimental roaming workstation profile for laptops.
    • -
  • Show welcome page to users when they first log in. The URL is - fetched from LDAP.
    • -
  • New LXDE desktop option, in addition to KDE (default) and Gnome.
    • -
  • General cleanup (not finished)
    • -
-

The following features are not working as they should

- -
    -
  • No web based administration tool for creating users and groups. The - scripts ldap-createuser-krb and ldap-add-user-to-group can be used - for testing.
    • -
  • DVD installs are missing debian-installer images for the PXE boot, - and do not set up the PXE menu on eth0 because of this. LTSP - clients should still boot from eth1 on thin client servers.
    • -
  • The restructured KDE menu is not implemented.
    • -
  • The LDAP server setup need to be reviewed for security.
    • -
  • The LDAP directory structure need to be reworked.
    • -
  • Different sets of packages are installed when using the DVD and the - netinst CD. More packages are installed using the netinst CD.
    • -
  • The jackd package fail to install. This is believed to be caused by - some ongoing transition, and hopefully should be solved soon. The - jackd1 package can be installed manually for those that need it.
    • -
  • Some packages lack translations. See - http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status, - and help out with translations.
    • -
- -

To download this multiarch netinstall release you can use

- - -

To download this multiarch dvd release you can use

- - - -

There is no source DVD available yet. It will be prepared when we -get closer to the final release.

- -

The MD5SUM of these images are

- -
    -
  • 3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-6.0.0+edua0-CD.iso
    • -
  • 22f2cbfce281d1c6e478be452638675d debian-edu-6.0.0+edua0-DVD.iso
    • -
- -

The SHA1SUM of these images are

-
    -
  • c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-6.0.0+edua0-CD.iso
    • -
  • 2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-6.0.0+edua0-DVD.iso
    • -
-

How to report bugs: -http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla

- -

Please direct replies to debian-edu@lists.debian.org

-
+

Michael Biebl suggested to me on IRC, that I changed my automated +upgrade testing of the +Lenny +Gnome and KDE Desktop to do apt-get autoremove when using apt-get. +This seem like a very good idea, so I adjusted by test scripts and +can now present the updated result from today:

+ +

This is for Gnome:

+ +

Installed using apt-get, missing with aptitude

+ +

+ apache2.2-bin + aptdaemon + baobab + binfmt-support + browser-plugin-gnash + cheese-common + cli-common + cups-pk-helper + dmz-cursor-theme + empathy + empathy-common + freedesktop-sound-theme + freeglut3 + gconf-defaults-service + gdm-themes + gedit-plugins + geoclue + geoclue-hostip + geoclue-localnet + geoclue-manual + geoclue-yahoo + gnash + gnash-common + gnome + gnome-backgrounds + gnome-cards-data + gnome-codec-install + gnome-core + gnome-desktop-environment + gnome-disk-utility + gnome-screenshot + gnome-search-tool + gnome-session-canberra + gnome-system-log + gnome-themes-extras + gnome-themes-more + gnome-user-share + gstreamer0.10-fluendo-mp3 + gstreamer0.10-tools + gtk2-engines + gtk2-engines-pixbuf + gtk2-engines-smooth + hamster-applet + libapache2-mod-dnssd + libapr1 + libaprutil1 + libaprutil1-dbd-sqlite3 + libaprutil1-ldap + libart2.0-cil + libboost-date-time1.42.0 + libboost-python1.42.0 + libboost-thread1.42.0 + libchamplain-0.4-0 + libchamplain-gtk-0.4-0 + libcheese-gtk18 + libclutter-gtk-0.10-0 + libcryptui0 + libdiscid0 + libelf1 + libepc-1.0-2 + libepc-common + libepc-ui-1.0-2 + libfreerdp-plugins-standard + libfreerdp0 + libgconf2.0-cil + libgdata-common + libgdata7 + libgdu-gtk0 + libgee2 + libgeoclue0 + libgexiv2-0 + libgif4 + libglade2.0-cil + libglib2.0-cil + libgmime2.4-cil + libgnome-vfs2.0-cil + libgnome2.24-cil + libgnomepanel2.24-cil + libgpod-common + libgpod4 + libgtk2.0-cil + libgtkglext1 + libgtksourceview2.0-common + libmono-addins-gui0.2-cil + libmono-addins0.2-cil + libmono-cairo2.0-cil + libmono-corlib2.0-cil + libmono-i18n-west2.0-cil + libmono-posix2.0-cil + libmono-security2.0-cil + libmono-sharpzip2.84-cil + libmono-system2.0-cil + libmtp8 + libmusicbrainz3-6 + libndesk-dbus-glib1.0-cil + libndesk-dbus1.0-cil + libopal3.6.8 + libpolkit-gtk-1-0 + libpt2.6.7 + libpython2.6 + librpm1 + librpmio1 + libsdl1.2debian + libsrtp0 + libssh-4 + libtelepathy-farsight0 + libtelepathy-glib0 + libtidy-0.99-0 + media-player-info + mesa-utils + mono-2.0-gac + mono-gac + mono-runtime + nautilus-sendto + nautilus-sendto-empathy + p7zip-full + pkg-config + python-aptdaemon + python-aptdaemon-gtk + python-axiom + python-beautifulsoup + python-bugbuddy + python-clientform + python-coherence + python-configobj + python-crypto + python-cupshelpers + python-elementtree + python-epsilon + python-evolution + python-feedparser + python-gdata + python-gdbm + python-gst0.10 + python-gtkglext1 + python-gtksourceview2 + python-httplib2 + python-louie + python-mako + python-markupsafe + python-mechanize + python-nevow + python-notify + python-opengl + python-openssl + python-pam + python-pkg-resources + python-pyasn1 + python-pysqlite2 + python-rdflib + python-serial + python-tagpy + python-twisted-bin + python-twisted-conch + python-twisted-core + python-twisted-web + python-utidylib + python-webkit + python-xdg + python-zope.interface + remmina + remmina-plugin-data + remmina-plugin-rdp + remmina-plugin-vnc + rhythmbox-plugin-cdrecorder + rhythmbox-plugins + rpm-common + rpm2cpio + seahorse-plugins + shotwell + software-center + system-config-printer-udev + telepathy-gabble + telepathy-mission-control-5 + telepathy-salut + tomboy + totem + totem-coherence + totem-mozilla + totem-plugins + transmission-common + xdg-user-dirs + xdg-user-dirs-gtk + xserver-xephyr +

+ +

Installed using apt-get, removed with aptitude

+ +

+ cheese + ekiga + eog + epiphany-extensions + evolution-exchange + fast-user-switch-applet + file-roller + gcalctool + gconf-editor + gdm + gedit + gedit-common + gnome-games + gnome-games-data + gnome-nettool + gnome-system-tools + gnome-themes + gnuchess + gucharmap + guile-1.8-libs + libavahi-ui0 + libdmx1 + libgalago3 + libgtk-vnc-1.0-0 + libgtksourceview2.0-0 + liblircclient0 + libsdl1.2debian-alsa + libspeexdsp1 + libsvga1 + rhythmbox + seahorse + sound-juicer + system-config-printer + totem-common + transmission-gtk + vinagre + vino +

+ +

Installed using aptitude, missing with apt-get

+ +

+ gstreamer0.10-gnomevfs +

+ +

Installed using aptitude, removed with apt-get

+ +

+[nothing] +

+ +

This is for KDE:

+ +

Installed using apt-get, missing with aptitude

+ +

+ ksmserver +

+ +

Installed using apt-get, removed with aptitude

+ +

+ kwin + network-manager-kde +

+ +

Installed using aptitude, missing with apt-get

+ +

+ arts + dolphin + freespacenotifier + google-gadgets-gst + google-gadgets-xul + kappfinder + kcalc + kcharselect + kde-core + kde-plasma-desktop + kde-standard + kde-window-manager + kdeartwork + kdeartwork-emoticons + kdeartwork-style + kdeartwork-theme-icon + kdebase + kdebase-apps + kdebase-workspace + kdebase-workspace-bin + kdebase-workspace-data + kdeeject + kdelibs + kdeplasma-addons + kdeutils + kdewallpapers + kdf + kfloppy + kgpg + khelpcenter4 + kinfocenter + konq-plugins-l10n + konqueror-nsplugins + kscreensaver + kscreensaver-xsavers + ktimer + kwrite + libgle3 + libkde4-ruby1.8 + libkonq5 + libkonq5-templates + libnetpbm10 + libplasma-ruby + libplasma-ruby1.8 + libqt4-ruby1.8 + marble-data + marble-plugins + netpbm + nuvola-icon-theme + plasma-dataengines-workspace + plasma-desktop + plasma-desktopthemes-artwork + plasma-runners-addons + plasma-scriptengine-googlegadgets + plasma-scriptengine-python + plasma-scriptengine-qedje + plasma-scriptengine-ruby + plasma-scriptengine-webkit + plasma-scriptengines + plasma-wallpapers-addons + plasma-widget-folderview + plasma-widget-networkmanagement + ruby + sweeper + update-notifier-kde + xscreensaver-data-extra + xscreensaver-gl + xscreensaver-gl-extra + xscreensaver-screensaver-bsod +

+ +

Installed using aptitude, removed with apt-get

+ +

+ ark + google-gadgets-common + google-gadgets-qt + htdig + kate + kdebase-bin + kdebase-data + kdepasswd + kfind + klipper + konq-plugins + konqueror + ksysguard + ksysguardd + libarchive1 + libcln6 + libeet1 + libeina-svn-06 + libggadget-1.0-0b + libggadget-qt-1.0-0b + libgps19 + libkdecorations4 + libkephal4 + libkonq4 + libkonqsidebarplugin4a + libkscreensaver5 + libksgrd4 + libksignalplotter4 + libkunitconversion4 + libkwineffects1a + libmarblewidget4 + libntrack-qt4-1 + libntrack0 + libplasma-geolocation-interface4 + libplasmaclock4a + libplasmagenericshell4 + libprocesscore4a + libprocessui4a + libqalculate5 + libqedje0a + libqtruby4shared2 + libqzion0a + libruby1.8 + libscim8c2a + libsmokekdecore4-3 + libsmokekdeui4-3 + libsmokekfile3 + libsmokekhtml3 + libsmokekio3 + libsmokeknewstuff2-3 + libsmokeknewstuff3-3 + libsmokekparts3 + libsmokektexteditor3 + libsmokekutils3 + libsmokenepomuk3 + libsmokephonon3 + libsmokeplasma3 + libsmokeqtcore4-3 + libsmokeqtdbus4-3 + libsmokeqtgui4-3 + libsmokeqtnetwork4-3 + libsmokeqtopengl4-3 + libsmokeqtscript4-3 + libsmokeqtsql4-3 + libsmokeqtsvg4-3 + libsmokeqttest4-3 + libsmokeqtuitools4-3 + libsmokeqtwebkit4-3 + libsmokeqtxml4-3 + libsmokesolid3 + libsmokesoprano3 + libtaskmanager4a + libtidy-0.99-0 + libweather-ion4a + libxklavier16 + libxxf86misc1 + okteta + oxygencursors + plasma-dataengines-addons + plasma-scriptengine-superkaramba + plasma-widget-lancelot + plasma-widgets-addons + plasma-widgets-workspace + polkit-kde-1 + ruby1.8 + systemsettings + update-notifier-common +

+ +

Running apt-get autoremove made the results using apt-get and +aptitude a bit more similar, but there are still quite a lott of +differences. I have no idea what packages should be installed after +the upgrade, but hope those that do can have a look.

- Tags: debian edu, english, nuug. + Tags: debian, debian edu, english.
-
One step closer to single signon in Debian Edu
-
2010-07-25 10:00
+
Migrating Xen virtual machines using LVM to KVM using disk images
+
2010-11-22 11:20
-

The last few months me and the other Debian Edu developers have -been working hard to get the Debian/Squeeze based version of Debian -Edu/Skolelinux into shape. This future version will use Kerberos for -authentication, and services are slowly migrated to single signon, -getting rid of password questions one at the time.

- -

It will also feature a roaming workstation profile with local home -directory, for laptops that are only some times on the Skolelinux -network, and for this profile a shortcut is created in Gnome and KDE -to gain access to the users home directory on the file server. This -shortcut uses SMB at the moment, and yesterday I had time to test if -SMB mounting had started working in KDE after we added the cifs-utils -package. I was pleasantly surprised how well it worked.

- -

Thanks to the recent changes to our samba configuration to get it -to use Kerberos for authentication, there were no question about user -password when mounting the SMB volume. A simple click on the shortcut -in the KDE menu, and a window with the home directory popped -up. :)

- -

One step closer to a single signon solution out of the box in -Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now -also Samba. Next step is Cups and hopefully also NFS.

- -

We had planned a alpha0 release of Debian Edu for today, but thanks -to the autobuilder administrators for some architectures being slow to -sign packages, we are still missing the fixed LTSP package we need for -the release. It was uploaded three days ago with urgency=high, and if -it had entered testing yesterday we would have been able to test it in -time for a alpha0 release today. As the binaries for ia64 and powerpc -still not uploaded to the Debian archive, we need to delay the alpha -release another day.

- -

If you want to help out with implementing Kerberos for Debian Edu, -please contact us on debian-edu@lists.debian.org.

+

Most of the computers in use by the +Debian Edu/Skolelinux project +are virtual machines. And they have been Xen machines running on a +fairly old IBM eserver xseries 345 machine, and we wanted to migrate +them to KVM on a newer Dell PowerEdge 2950 host machine. This was a +bit harder that it could have been, because we set up the Xen virtual +machines to get the virtual partitions from LVM, which as far as I +know is not supported by KVM. So to migrate, we had to convert +several LVM logical volumes to partitions on a virtual disk file.

+ +

I found +a +nice recipe to do this, and wrote the following script to do the +migration. It uses qemu-img from the qemu package to make the disk +image, parted to partition it, losetup and kpartx to present the disk +image partions as devices, and dd to copy the data. I NFS mounted the +new servers storage area on the old server to do the migration.

+ +
+#!/bin/sh
+
+# Based on
+# http://searchnetworking.techtarget.com.au/articles/35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM
+
+set -e
+set -x
+
+if [ -z "$1" ] ; then
+    echo "Usage: $0 <hostname>"
+    exit 1
+else
+    host="$1"
+fi
+
+if [ ! -e /dev/vg_data/$host-disk ] ; then
+    echo "error: unable to find LVM volume for $host"
+    exit 1
+fi
+
+# Partitions need to be a bit bigger than the LVM LVs.  not sure why.
+disksize=$( lvs --units m | grep $host-disk | awk '{sum = sum + $4} END { print int(sum * 1.05) }')
+swapsize=$( lvs --units m | grep $host-swap | awk '{sum = sum + $4} END { print int(sum * 1.05) }')
+totalsize=$(( ( $disksize + $swapsize ) ))
+
+img=$host.img
+#dd if=/dev/zero of=$img bs=1M count=$(( $disksize + $swapsize ))
+qemu-img create $img ${totalsize}MMaking room on the Debian Edu/Sqeeze DVD
+
+parted $img mklabel msdos
+parted $img mkpart primary linux-swap 0 $disksize
+parted $img mkpart primary ext2 $disksize $totalsize
+parted $img set 1 boot on
+
+modprobe dm-mod
+losetup /dev/loop0 $img
+kpartx -a /dev/loop0
+
+dd if=/dev/vg_data/$host-disk of=/dev/mapper/loop0p1 bs=1M
+fsck.ext3 -f /dev/mapper/loop0p1 || true
+mkswap /dev/mapper/loop0p2
+
+kpartx -d /dev/loop0
+losetup -d /dev/loop0
+
+ +

The script is perhaps so simple that it is not copyrightable, but +if it is, it is licenced using GPL v2 or later at your discretion.

+ +

After doing this, I booted a Debian CD in rescue mode in KVM with +the new disk image attached, installed grub-pc and linux-image-686 and +set up grub to boot from the disk image. After this, the KVM machines +seem to work just fine.

- Tags: debian edu, english, nuug, sikkerhet. + Tags: debian, debian edu, english.
@@ -873,7 +1043,15 @@ please contact us on debian-edu@lists.debian.org.

  • July (12)
    • -
  • August (7)
    • +
  • August (13)
    • + +
  • September (7)
    • + +
  • October (9)
    • + +
  • November (13)
    • + +
  • December (5)
    • @@ -922,68 +1100,70 @@ please contact us on debian-edu@lists.debian.org.

    Tags

    -Created by Chronicle v3.7 +Created by Chronicle v3.2