X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/d5bcd9af2d9bdacfc0854e428796b92819c94ff9..e42f5b1dad855a6ee4fe4dec43b101f4d02a5f2b:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 060f61956e..56e0d3e6d0 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,588 +20,422 @@
-
Parallellized boot seem to hold up well in Debian/testing
-
2010-05-27 23:55
+
Oppdatert kart over overvåkningskamera i Norge
+
2010-09-22 20:50
-

A few days ago, parallel booting was enabled in Debian/testing. -The feature seem to hold up pretty well, but three fairly serious -issues are known and should be solved: - -

- -

All in all not many surprising issues, and all of them seem -solvable before Squeeze is released. In addition to these there are -some packages with bugs in their dependencies and run level settings, -which I expect will be fixed in a reasonable time span.

- -

If you report any problems with dependencies in init.d scripts to -the BTS, please usertag the report to get it to show up at -the -list of usertagged bugs related to this.

- -

Update: Correct bug number to file-rc issue.

+

For ca. et og et halvt år siden +startet +jeg på et kart over overvåkningskamera i Norge, i regi av +personvernforeningen. Det har +blitt oppdatert regelmessing, og jeg oppdaterte det nettopp. Fra den +spede start med 22 kamera registrert er det nå registrert 54 kamera. +Det er bare en brøkdel av de kamera som finnes i Norge, men det går +sakte men sikkert i riktig retning.

+ +

Informasjonen registreres fortsatt direkte inn i +OpenStreetmap, og hentes +automatisk over i + +når jeg kjører et script for å filtrere ut overvåkningskamera fra +OSM-dumpen for Norge.

- Tags: debian, debian edu, english. + Tags: norsk, personvern.
-
More flexible firmware handling in debian-installer
-
2010-05-22 21:30
+
Anonym ferdsel er en menneskerett
+
2010-09-15 12:15
-

After a long break from debian-installer development, I finally -found time today to return to the project. Having to spend less time -working dependency based boot in debian, as it is almost complete now, -definitely helped freeing some time.

- -

A while back, I ran into a problem while working on Debian Edu. We -include some firmware packages on the Debian Edu CDs, those needed to -get disk and network controllers working. Without having these -firmware packages available during installation, it is impossible to -install Debian Edu on the given machine, and because our target group -are non-technical people, asking them to provide firmware packages on -an external medium is a support pain. Initially, I expected it to be -enough to include the firmware packages on the CD to get -debian-installer to find and use them. This proved to be wrong. -Next, I hoped it was enough to symlink the relevant firmware packages -to some useful location on the CD (tried /cdrom/ and -/cdrom/firmware/). This also proved to not work, and at this point I -found time to look at the debian-installer code to figure out what was -going to work.

- -

The firmware loading code is in the hw-detect package, and a closer -look revealed that it would only look for firmware packages outside -the installation media, so the CD was never checked for firmware -packages. It would only check USB sticks, floppies and other -"external" media devices. Today I changed it to also look in the -/cdrom/firmware/ directory on the mounted CD or DVD, which should -solve the problem I ran into with Debian edu. I also changed it to -look in /firmware/, to make sure the installer also find firmware -provided in the initrd when booting the installer via PXE, to allow us -to provide the same feature in the PXE setup included in Debian -Edu.

- -

To make sure firmware deb packages with a license questions are not -activated without asking if the license is accepted, I extended -hw-detect to look for preinst scripts in the firmware packages, and -run these before activating the firmware during installation. The -license question is asked using debconf in the preinst, so this should -solve the issue for the firmware packages I have looked at so far.

- -

If you want to discuss the details of these features, please -contact us on debian-boot@lists.debian.org.

+

Debatten rundt sporveiselskapet i Oslos (Ruter AS) ønske om +å +radiomerke med RFID alle sine kunder og +registerere +hvor hver og en av oss beveger oss pågår, og en ting som har +kommet lite frem i debatten er at det faktisk er en menneskerett å +kunne ferdes anonymt internt i ens eget land.

+ +

Fant en grei kilde for dette i et +skriv +fra Datatilsynet til Samferdselsdepartementet om tema:

+ +

Retten til å ferdes anonymt kan utledes av +menneskerettskonvensjonen artikkel 8 og av EUs personverndirektiv. +Her heter det at enkeltpersoners grunnleggende rettigheter og frihet +må respekteres, særlig retten til privatlivets fred. I både +personverndirektivet og i den norske personopplysningsloven er +selvråderetten til hver enkelt et av grunnprinsippene, hovedsaklig +uttrykt ved at en må gi et frivillig, informert og uttrykkelig +samtykke til behandling av personopplysninger.

+ +

For meg er det viktig at jeg kan ferdes anonymt, og det er litt av +bakgrunnen til at jeg handler med kontanter, ikke har mobiltelefon og +forventer å kunne reise med bil og kollektivtrafikk uten at det blir +registrert hvor jeg har vært. Ruter angriper min rett til å ferdes +uten radiopeiler med sin innføring av RFID-kort, og dokumenterer sitt +ønske om å registrere hvor kundene befant seg ved å ønske å gebyrlegge +oss som ikke registrerer oss hver gang vi beveger oss med +kollektivtrafikken i Oslo. Jeg synes det er hårreisende.

- Tags: debian, debian edu, english. + Tags: norsk, nuug, personvern, sikkerhet.
-
Magnetstripeinnhold i billetter fra Flytoget og Hurtigruten
-
2010-05-21 16:00
+
Terms of use for video produced by a Canon IXUS 130 digital camera
+
2010-09-09 23:55
-

For en stund tilbake kjøpte jeg en magnetkortleser for å kunne -titte på hva som er skrevet inn på magnetstripene til ulike kort. Har -ikke hatt tid til å analysere mange kort så langt, men tenkte jeg -skulle dele innholdet på to kort med mine lesere.

- -

For noen dager siden tok jeg flyet til Harstad og Hurtigruten til -Bergen. Flytoget fra Oslo S til flyplassen ga meg en billett med -magnetstripe. Påtrykket finner jeg følgende informasjon:

- -
-Flytoget Airport Express Train
-
-Fra - Til        : Oslo Sentralstasjon
-Kategori         : Voksen
-Pris             : Nok 170,00
-Herav mva. 8,00% : NOK 12,59
-Betaling         : Kontant
-Til - Fra        : Oslo Lufthavn
-Utstedt:         : 08.05.10
-Gyldig Fra-Til   : 08.05.10-07.11.10
-Billetttype      : Enkeltbillett
-
-102-1015-100508-48382-01-08
-
- -

På selve magnetstripen er innholdet -;E?+900120011=23250996541068112619257138248441708433322932704083389389062603279671261502492655?. -Aner ikke hva innholdet representerer, og det er lite overlapp mellom -det jeg ser trykket på billetten og det jeg ser av tegn i -magnetstripen. Håper det betyr at de bruker kryptografiske metoder -for å gjøre det vanskelig å forfalske billetter.

- -

Den andre billetten er fra Hurtigruten, der jeg mistenker at -strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert -fall den biten vi stakk inn i dørlåsen).

- -

Påtrykket forsiden er følgende:

- -
-Romnummer 727
-Hurtigruten
-Midnatsol
-Reinholdtsen
-Petter
-Bookingno: SAX69   0742193
-Harstad-Bergen
-Dep: 09.05.2010 Arr: 12.05.2010
-Lugar fra Risøyhamn
-Kost: FRO=4
-
- -

På selve magnetstripen er innholdet -;1316010007421930=00000000000000000000?+E?. Heller ikke her -ser jeg mye korrespondanse mellom påtrykk og magnetstripe.

+

A few days ago I had the mixed pleasure of bying a new digital +camera, a Canon IXUS 130. It was instructive and very disturbing to +be able to verify that also this camera producer have the nerve to +specify how I can or can not use the videos produced with the camera. +Even thought I was aware of the issue, the options with new cameras +are limited and I ended up bying the camera anyway. What is the +problem, you might ask? It is software patents, MPEG-4, H.264 and the +MPEG-LA that is the problem, and our right to record our experiences +without asking for permissions that is at risk. + +

On page 27 of the Danish instruction manual, this section is +written:

+ +
+

This product is licensed under AT&T patents for the MPEG-4 standard +and may be used for encoding MPEG-4 compliant video and/or decoding +MPEG-4 compliant video that was encoded only (1) for a personal and +non-commercial purpose or (2) by a video provider licensed under the +AT&T patents to provide MPEG-4 compliant video.

+ +

No license is granted or implied for any other use for MPEG-4 +standard.

+
+ +

In short, the camera producer have chosen to use technology +(MPEG-4/H.264) that is only provided if I used it for personal and +non-commercial purposes, or ask for permission from the organisations +holding the knowledge monopoly (patent) for technology used.

+ +

This issue has been brewing for a while, and I recommend you to +read +"Why +Our Civilization's Video Art and Culture is Threatened by the +MPEG-LA" by Eugenia Loli-Queru and +"H.264 Is Not +The Sort Of Free That Matters" by Simon Phipps to learn more about +the issue. The solution is to support the +free and +open standards for video, like Ogg +Theora, and avoid MPEG-4 and H.264 if you can.

- Tags: norsk, nuug, sikkerhet. + Tags: english, fildeling, multimedia, nuug, opphavsrett, personvern, standard, video, web.
-
Pieces of the roaming laptop puzzle in Debian
-
2010-05-19 19:00
+
Navteq bruker 3-12 måneder, OpenStreetmap.org trenger noen dager
+
2010-09-07 21:40
-

Today, the last piece of the puzzle for roaming laptops in Debian -Edu finally entered the Debian archive. Today, the new -libpam-mklocaluser -package was accepted. Two days ago, two other pieces was accepted -into unstable. The -pam-python -package needed by libpam-mklocaluser, and the -sssd package -passed NEW on Monday. In addition, the -libpam-ccreds -package we need is in experimental (version 10-4) since Saturday, and -hopefully will be moved to unstable soon.

- -

This collection of packages allow for two different setups for -roaming laptops. The traditional setup would be using libpam-ccreds, -nscd and libpam-mklocaluser with LDAP or Kerberos authentication, -which should work out of the box if the configuration changes proposed -for nscd in BTS report -#485282 is implemented. The alternative setup is to use sssd with -libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take -care of the caching of passwords and group information.

- -

I have so far been unable to get sssd to work with the LDAP server -at the University, but suspect the issue is some SSL/GnuTLS related -problem with the server certificate. I plan to update the Debian -package to version 1.2, which is scheduled for next week, and hope to -find time to make sure the next release will include both the -Debian/Ubuntu specific patches. Upstream is friendly and responsive, -and I am sure we will find a good solution.

- -

The idea is to set up the roaming laptops to authenticate using -LDAP or Kerberos and create a local user with home directory in /home/ -when a usre in LDAP logs in via KDM or GDM for the first time, and -cache the password for offline checking, as well as caching group -memberhips and other relevant LDAP information. The -libpam-mklocaluser package was created to make sure the local home -directory is in /home/, instead of /site/server/directory/ which would -be the home directory if pam_mkhomedir was used. To avoid confusion -with support requests and configuration, we do not want local laptops -to have users in a path that is used for the same users home directory -on the home directory servers.

- -

One annoying problem with gdm is that it do not show the PAM -message passed to the user from libpam-mklocaluser when the local user -is created. Instead gdm simply reject the login with some generic -message. The message is shown in kdm, ssh and login, so I guess it is -a bug in gdm. Have not investigated if there is some other message -type that can be used instead to get gdm to also show the message.

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

+

Jeg ble riktig fascinert av +en +artikkel i Aftenposten om hvor hardt Navteq jobber for å oppdatere +kartene som brukes i navigasjons-GPSer, der det blant annet heter at +"på grunn av teknikken tar det alt fra tre til tolv måneder før +kartene er oppdatert". Når en kjenner hva slags oppdateringshastighet +som er tilgjengelig på +OpenStreetmap som +oppdateres på dugnad, blir det litt trist å se hva noe av det beste en +kan kjøpe for penger får til.

+ +

Fra en endrer kartdataene i databasen til OpenStreetmap tar det +ca. 15 minutter før endringen er synlig på kartet som alle kan se på +web. Dernest overføres det daglig til en kartdump som lastes ned av +personen som lager Garmin-kart for Norge ca. en gang i uken. Med +OpenStreetmap.org og Frikart.no +kan en altså ha korreksjonene på plass i sin Garmin-GPS i løpet av en +uke. Det er også av tekniske årsaker at det tar så langt tid. +Jobbene som tegner kartene, henter ut kartdumpene og konverterer til +Garmin-format tar minutter og timer å gjennomføre, slik at de ikke +gjøres kontinuerlig men kun regelmessing.

- Tags: debian edu, english, nuug. + Tags: kart, norsk, nuug.
-
Parallellized boot is now the default in Debian/unstable
-
2010-05-14 22:40
+
Some notes on Flash in Debian and Debian Edu
+
2010-09-04 10:10
-

Since this evening, parallel booting is the default in -Debian/unstable for machines using dependency based boot sequencing. -Apparently the testing of concurrent booting has been wider than -expected, if I am to believe the -input -on debian-devel@, and I concluded a few days ago to move forward -with the feature this weekend, to give us some time to detect any -remaining problems before Squeeze is frozen. If serious problems are -detected, it is simple to change the default back to sequential boot. -The upload of the new sysvinit package also activate a new upstream -version.

- -More information about -dependency -based boot sequencing is available from the Debian wiki. It is -currently possible to disable parallel booting when one run into -problems caused by it, by adding this line to /etc/default/rcS:

- -
-CONCURRENCY=none
-
- -

If you report any problems with dependencies in init.d scripts to -the BTS, please usertag the report to get it to show up at -the -list of usertagged bugs related to this.

+

In the Debian +popularity-contest numbers, the adobe-flashplugin package the +second most popular used package that is missing in Debian. The sixth +most popular is flashplayer-mozilla. This is a clear indication that +working flash is important for Debian users. Around 10 percent of the +users submitting data to popcon.debian.org have this package +installed.

+ +

In the report written by Lars Risan in August 2008 +(«Skolelinux +i bruk – Rapport for Hurum kommune, Universitetet i Agder og +stiftelsen SLX Debian Labs»), one of the most important problems +schools experienced with Debian +Edu/Skolelinux was the lack of working Flash. A lot of educational +web sites require Flash to work, and lacking working Flash support in +the web browser and the problems with installing it was perceived as a +good reason to stay with Windows.

+ +

I once saw a funny and sad comment in a web forum, where Linux was +said to be the retarded cousin that did not really understand +everything you told him but could work fairly well. This was a +comment regarding the problems Linux have with proprietary formats and +non-standard web pages, and is sad because it exposes a fairly common +understanding of whose fault it is if web pages that only work in for +example Internet Explorer 6 fail to work on Firefox, and funny because +it explain very well how annoying it is for users when Linux +distributions do not work with the documents they receive or the web +pages they want to visit.

+ +

This is part of the reason why I believe it is important for Debian +and Debian Edu to have a well working Flash implementation in the +distribution, to get at least popular sites as Youtube and Google +Video to working out of the box. For Squeeze, Debian have the chance +to include the latest version of Gnash that will make this happen, as +the new release 0.8.8 was published a few weeks ago and is resting in +unstable. The new version work with more sites that version 0.8.7. +The Gnash maintainers have asked for a freeze exception, but the +release team have not had time to reply to it yet. I hope they agree +with me that Flash is important for the Debian desktop users, and thus +accept the new package into Squeeze.

- Tags: debian, debian edu, english. + Tags: debian, debian edu, english, multimedia, video, web.
-
Sitesummary tip: Listing MAC address of all clients
-
2010-05-14 21:10
+
My first perl GUI application - controlling a Spykee robot
+
2010-09-01 21:00
-

In the recent Debian Edu versions, the -sitesummary -system is used to keep track of the machines in the school -network. Each machine will automatically report its status to the -central server after boot and once per night. The network setup is -also reported, and using this information it is possible to get the -MAC address of all network interfaces in the machines. This is useful -to update the DHCP configuration.

- -

To give some idea how to use sitesummary, here is a one-liner to -ist all MAC addresses of all machines reporting to sitesummary. Run -this on the collector host:

- -
-perl -MSiteSummary -e 'for_all_hosts(sub { print join(" ", get_macaddresses(shift)), "\n"; });'
-
- -

This will list all MAC addresses assosiated with all machine, one -line per machine and with space between the MAC addresses.

- -

To allow system administrators easier job at adding static DHCP -addresses for hosts, it would be possible to extend this to fetch -machine information from sitesummary and update the DHCP and DNS -tables in LDAP using this information. Such tool is unfortunately not -written yet.

+

This evening I made my first Perl GUI application. The last few +days I have worked on a Perl module for controlling my recently +aquired Spykee robots, and the module is now getting complete enought +that it is possible to use it to control the robot driving at least. +It was now time to figure out how to use it to create some GUI to +allow me to drive the robot around. I picked PerlQt as I have had +positive experiences with the Qt API before, and spent a few minutes +browsing the web for examples. Using Qt Designer seemed like a short +cut, so I ended up writing the perl GUI using Qt Designer and +compiling it into a perl program using the puic program from +libqt-perl. Nothing fancy yet, but it got buttons to connect and +drive around.

+ +

The perl module I have written provide a object oriented API for +controlling the robot. Here is an small example on how to use it:

+ +

+use Spykee;
+Spykee::discover(sub {$robot{$_[0]} = $_[1]});
+my $host = (keys %robot)[0];
+my $spykee = Spykee->new();
+$spykee->contact($host, "admin", "admin");
+$spykee->left();
+sleep 2;
+$spykee->right();
+sleep 2;
+$spykee->forward();
+sleep 2;
+$spykee->back();
+sleep 2;
+$spykee->stop();
+

+ +

Thanks to the release of the source of the robot firmware, I could +peek into the implementation at the other end to figure out how to +implement the protocol used by the robot. I've implemented several of +the commands the robot understand, but is still missing the camera +support to make it possible to control the robot from remote. First I +want to implement support for uploading new firmware and configuring +the wireless network, to make it possible to bootstrap a Spykee robot +without the producers Windows and MacOSX software (I only have Linux, +so I had to ask a friend to come over to get the robot testing +going. :).

+ +

Will release the source to the public soon, but need to figure out +where to make it available first. I will add a link to +the NUUG wiki for +those that want to check back later to find it.

- Tags: debian, debian edu, english, sitesummary. + Tags: english, nuug, robot.
-
systemd, an interesting alternative to upstart
-
2010-05-13 22:20
+
Forslag i stortinget om å stoppe elektronisk stemmegiving i Norge
+
2010-08-31 21:00
-

The last few days a new boot system called -systemd -has been -introduced - -to the free software world. I have not yet had time to play around -with it, but it seem to be a very interesting alternative to -upstart, and might prove to be -a good alternative for Debian when we are able to switch to an event -based boot system. Tollef is -in the process of getting -systemd into Debian, and I look forward to seeing how well it work. I -like the fact that systemd handles init.d scripts with dependency -information natively, allowing them to run in parallel where upstart -at the moment do not.

- -

Unfortunately do systemd have the same problem as upstart regarding -platform support. It only work on recent Linux kernels, and also need -some new kernel features enabled to function properly. This means -kFreeBSD and Hurd ports of Debian will need a port or a different boot -system. Not sure how that will be handled if systemd proves to be the -way forward.

- -

In the mean time, based on the -input -on debian-devel@ regarding parallel booting in Debian, I have -decided to enable full parallel booting as the default in Debian as -soon as possible (probably this weekend or early next week), to see if -there are any remaining serious bugs in the init.d dependencies. A -new version of the sysvinit package implementing this change is -already in experimental. If all go well, Squeeze will be released -with parallel booting enabled by default.

+

Ble tipset i dag om at et forslag om å stoppe forsøkene med +elektronisk stemmegiving utenfor valglokaler er +til +behandling i Stortinget. +Forslaget +er fremmet av Erna Solberg, Michael Tetzschner og Trond Helleland.

+ +

Håper det får flertall.

- Tags: debian, english, nuug. + Tags: norsk, nuug, sikkerhet.
-
Parallellizing the boot in Debian Squeeze - ready for wider testing
-
2010-05-06 23:25
+
Broken hard link handling with sshfs
+
2010-08-30 19:30
-

These days, the init.d script dependencies in Squeeze are quite -complete, so complete that it is actually possible to run all the -init.d scripts in parallell based on these dependencies. If you want -to test your Squeeze system, make sure -dependency -based boot sequencing is enabled, and add this line to -/etc/default/rcS:

- -
-CONCURRENCY=makefile
-
- -

That is it. It will cause sysv-rc to use the startpar tool to run -scripts in parallel using the dependency information stored in -/etc/init.d/.depend.boot, /etc/init.d/.depend.start and -/etc/init.d/.depend.stop to order the scripts. Startpar is configured -to try to start the kdm and gdm scripts as early as possible, and will -start the facilities required by kdm or gdm as early as possible to -make this happen.

- -

Give it a try, and see if you like the result. If some services -fail to start properly, it is most likely because they have incomplete -init.d script dependencies in their startup script (or some of their -dependent scripts have incomplete dependencies). Report bugs and get -the package maintainers to fix it. :)

- -

Running scripts in parallel could be the default in Debian when we -manage to get the init.d script dependencies complete and correct. I -expect we will get there in Squeeze+1, if we get manage to test and -fix the remaining issues.

- -

If you report any problems with dependencies in init.d scripts to -the BTS, please usertag the report to get it to show up at -the -list of usertagged bugs related to this.

+

Just got an email from Tobias Gruetzmacher as a followup on my +previous +post about sshfs. He reported another problem with sshfs. It +fail to handle hard links properly. A simple way to spot this is to +look at the . and .. entries in the directory tree. These should have +a link count >1, but on sshfs the count is 1. I just tested to see +what happen when trying to hardlink, and this fail as well:

+ +
+% ln foo bar
+ln: creating hard link `bar' => `foo': Function not implemented
+%
+
+ +

I have not yet found time to implement a test for this in my file +system test code, but believe having working hard links is useful to +avoid surprised unix programs. Not as useful as working file locking +and symlinks, which are required to get a working desktop, but useful +nevertheless. :)

+ +

The latest version of the file system test code is available via +git from +http://github.com/gebi/fs-test

- Tags: debian, english. + Tags: debian edu, english, nuug.
-
Forcing new users to change their password on first login
-
2010-05-02 13:47
+
Sikkerhetsteateret på flyplassene fortsetter
+
2010-08-28 10:40
-

One interesting feature in Active Directory, is the ability to -create a new user with an expired password, and thus force the user to -change the password on the first login attempt.

- -

I'm not quite sure how to do that with the LDAP setup in Debian -Edu, but did some initial testing with a local account. The account -and password aging information is available in /etc/shadow, but -unfortunately, it is not possible to specify an expiration time for -passwords, only a maximum age for passwords.

- -

A freshly created account (using adduser test) will have these -settings in /etc/shadow:

- -
-root@tjener:~# chage -l test
-Last password change                                    : May 02, 2010
-Password expires                                        : never
-Password inactive                                       : never
-Account expires                                         : never
-Minimum number of days between password change          : 0
-Maximum number of days between password change          : 99999
-Number of days of warning before password expires       : 7
-root@tjener:~#
-
- -

The only way I could come up with to create a user with an expired -account, is to change the date of the last password change to the -lowest value possible (January 1th 1970), and the maximum password age -to the difference in days between that date and today. To make it -simple, I went for 30 years (30 * 365 = 10950) and January 2th (to -avoid testing if 0 is a valid value).

- -

After using these commands to set it up, it seem to work as -intended:

- -
-root@tjener:~# chage -d 1 test; chage -M 10950 test
-root@tjener:~# chage -l test
-Last password change                                    : Jan 02, 1970
-Password expires                                        : never
-Password inactive                                       : never
-Account expires                                         : never
-Minimum number of days between password change          : 0
-Maximum number of days between password change          : 10950
-Number of days of warning before password expires       : 7
-root@tjener:~#  
-
- -

So far I have tested this with ssh and console, and kdm (in -Squeeze) login, and all ask for a new password before login in the -user (with ssh, I was thrown out and had to log in again).

- -

Perhaps we should set up something similar for Debian Edu, to make -sure only the user itself have the account password?

- -

If you want to comment on or help out with implementing this for -Debian Edu, please contact us on debian-edu@lists.debian.org.

- -

Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the -shadow(8) page in Debian/testing now state that setting the date of -last password change to zero (0) will force the password to be changed -on the first login. This was not mentioned in the manual in Lenny, so -I did not notice this in my initial testing. I have tested it on -Squeeze, and 'chage -d 0 username' do work there. I have not -tested it on Lenny yet.

- -

Update 2010-05-02-19:05: Jim Paris tells me via email that an -equivalent command to expire a password is 'passwd -e -username', which insert zero into the date of the last password -change.

+

Jeg skrev for et halvt år siden hvordan +samfunnet +kaster bort ressurser på sikkerhetstiltak som ikke fungerer. Kom +nettopp over en +historie +fra en pilot fra USA som kommenterer det samme. Jeg mistenker det +kun er uvitenhet og autoritetstro som gjør at så få protesterer. Har +veldig sans for piloten omtalt i Aftenposten 2007-10-23, +og skulle ønske flere rettet oppmerksomhet mot problemet. Det gir +ikke meg trygghetsfølelse på flyplassene når jeg ser at +flyplassadministrasjonen kaster bort folk, penger og tid på tull i +stedet for ting som bidrar til reell økning av sikkerheten. Det +forteller meg jo at vurderingsevnen til de som burde bidra til økt +sikkerhet er svært sviktende, noe som ikke taler godt for de andre +tiltakene.

+ +

Mon tro hva som skjer hvis det fantes en enkel brosjyre å skrive ut +fra Internet som forklarte hva som er galt med sikkerhetsopplegget på +flyplassene, og folk skrev ut og la en bunke på flyplassene når de +passerte. Kanskje det ville fått flere til å få øynene opp for +problemet.

+ +

Personlig synes jeg flyopplevelsen er blitt så avskyelig at jeg +forsøker å klare meg med tog, bil og båt for å slippe ubehaget. Det +er dog noe vanskelig i det langstrakte Norge og for å kunne besøke de +delene av verden jeg ønsker å nå. Mistenker at flere har det slik, og +at dette går ut over inntjeningen til flyselskapene. Det er antagelig +en god ting sett fra et miljøperspektiv, men det er en annen sak.

- Tags: debian edu, english, nuug, sikkerhet. + Tags: norsk, nuug, personvern, sikkerhet.
-
Thoughts on roaming laptop setup for Debian Edu
-
2010-04-28 20:40
+
Skolelinux i Osloskolen
+
2010-08-26 22:25
-

For some years now, I have wondered how we should handle laptops in -Debian Edu. The Debian Edu infrastructure is mostly designed to -handle stationary computers, and less suited for computers that come -and go.

- -

Now I finally believe I have an sensible idea on how to adjust -Debian Edu for laptops, by introducing a new profile for them, for -example called Roaming Workstations. Here are my thought on this. -The setup would consist of the following:

- - - -

I believe all the pieces to implement this are in Debian/testing at -the moment. If we work quickly, we should be able to get this ready -in time for the Squeeze release to freeze. Some of the pieces need -tweaking, like libpam-ccreds should get support for pam-auth-update -(#566718) and nslcd (or -perhaps debian-edu-config) should get some integration code to stop -its daemon when the LDAP server is unavailable to avoid long timeouts -when disconnected from the net. If we get Kerberos enabled, we need -to make sure we avoid long timeouts there too.

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

+

Denne høsten skal endelig alle Osloskolene få mulighet til å bruke +Skolelinux. Ny IT-løsning +har vært rullet ut i noen måneder nå, og så vidt jeg fikk vite før +sommeren skulle alle skoler ha nytt opplegg på plass før oppstart nå i +høst. På alle skolene skal en kunne velge ved installasjon om en skal +ha Windows eller Skolelinux på maskinene, og en kan i tillegg +PXE-boote maskinene over nett som tynne klienter eller diskløse +arbeidsstasjoner. Jeg er spent på hvor mange skoler som velger å ta i +bruk Skolelinux, og gleder meg til å se hvordan dette utvikler seg. +Løsningen leveres av +Logica med +Skolelinux Drift AS som +underleverandør, og jeg har vært involvert i utviklingen av løsningen +via Skolelinux Drift AS siden prosjektet starter. Jeg synes det er +fantastisk at Skolelinux er kommet så langt siden vi startet i 2001 at +alle elevene i Osloskolene nå skal få mulighet til å bruke +løsningen. Jeg håper de vil sette pris på alle de +fantastiske +brukerprogrammene som er tilgjengelig i Skolelinux.

- Tags: debian edu, english, nuug. + Tags: debian edu, norsk.
@@ -631,6 +465,14 @@ please contact us on debian-edu@lists.debian.org.

  • May (9)
    • +
  • June (14)
    • + +
  • July (12)
    • + +
  • August (13)
    • + +
  • September (6)
    • +
  • 2009 @@ -684,49 +526,55 @@ please contact us on debian-edu@lists.debian.org.

  • aros (1)
    • -
  • debian (20)
    • +
  • bootsystem (10)
    • + +
  • debian (36)
    • -
  • debian edu (20)
    • +
  • debian edu (44)
    • -
  • english (31)
    • +
  • english (61)
  • fiksgatami (1)
    • -
  • fildeling (6)
    • +
  • fildeling (9)
    • -
  • kart (2)
    • +
  • kart (4)
    • -
  • lenker (1)
    • +
  • ldap (8)
    • + +
  • lenker (2)
  • ltsp (1)
    • -
  • multimedia (5)
    • +
  • multimedia (7)
    • -
  • norsk (65)
    • +
  • norsk (80)
    • -
  • nuug (74)
    • +
  • nuug (104)
    • -
  • opphavsrett (12)
    • +
  • opphavsrett (15)
    • -
  • personvern (11)
    • +
  • personvern (19)
  • reprap (10)
    • +
  • robot (3)
    • +
  • rss (1)
    • -
  • sikkerhet (8)
    • +
  • sikkerhet (15)
    • -
  • sitesummary (1)
    • +
  • sitesummary (3)
    • -
  • standard (11)
    • +
  • standard (14)
  • stavekontroll (1)
    • -
  • video (10)
    • +
  • video (12)
  • vitenskap (1)
    • -
  • web (6)
    • +
  • web (9)