X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/d8e47d7a28ce718ef9d2fb8009c70e5bdbdc0fb1..bd06f9e9dc96e2a8d0dcfa2e60feaba1ddd94948:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 5fcd71a758..79ea984d16 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,720 +20,810 @@
-
Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object
-
2010-06-24 00:35
+
2 Spykee-roboter i hus, nå skal det lekes
+
2010-08-18 13:30
-

A while back, I -complained -about the fact that it is not possible with the provided schemas -for storing DNS and DHCP information in LDAP to combine the two sets -of information into one LDAP object representing a computer.

- -

In the mean time, I discovered that a simple fix would be to make -the dhcpHost object class auxiliary, to allow it to be combined with -the dNSDomain object class, and thus forming one object for one -computer when storing both DHCP and DNS information in LDAP.

- -

If I understand this correctly, it is not safe to do this change -without also changing the assigned number for the object class, and I -do not know enough about LDAP schema design to do that properly for -Debian Edu.

- -

Anyway, for future reference, this is how I believe we could change -the -DHCP -schema to solve at least part of the problem with the LDAP schemas -available today from IETF.

+

Jeg kjøpte nettopp to +Spykee-roboter, for test og +leking. Kjøpte to da det var så billige, og gir meg mulighet til å +eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte +ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde +en liten stabel på lager som de ikke hadde klart å selge ut etter +fjorårets juleinnkjøp, og var villig til å selge for en femtedel av +vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og +det blir morsomt å se hva vi får ut av dette.

+ +

Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon +og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som +jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i +mai. Eneste utfordringen er at kontroller-programvaren kun finnes til +Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til +firmwaren. :)

-
---- dhcp.schema    (revision 65192)
-+++ dhcp.schema    (working copy)
-@@ -376,7 +376,7 @@
- objectclass ( 2.16.840.1.113719.1.203.6.6
-        NAME 'dhcpHost'
-        DESC 'This represents information about a particular client'
--       SUP top
-+       SUP top AUXILIARY
-        MUST cn
-        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
-        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
-
- -

I very much welcome clues on how to do this properly for Debian -Edu/Squeeze. We provide the DHCP schema in our debian-edu-config -package, and should thus be free to rewrite it as we see fit.

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

+
- Tags: debian, debian edu, english, ldap, nuug. + Tags: norsk, nuug.
-
Calling tasksel like the installer, while still getting useful output
-
2010-06-16 14:55
+
Rob Weir: How to Crush Dissent
+
2010-08-15 22:20
-

A few times I have had the need to simulate the way tasksel -installs packages during the normal debian-installer run. Until now, -I have ended up letting tasksel do the work, with the annoying problem -of not getting any feedback at all when something fails (like a -conffile question from dpkg or a download that fails), using code like -this: - -

-export DEBIAN_FRONTEND=noninteractive
-tasksel --new-install
-
- -This would invoke tasksel, let its automatic task selection pick the -tasks to install, and continue to install the requested tasks without -any output what so ever. - -Recently I revisited this problem while working on the automatic -package upgrade testing, because tasksel would some times hang without -any useful feedback, and I want to see what is going on when it -happen. Then it occured to me, I can parse the output from tasksel -when asked to run in test mode, and use that aptitude command line -printed by tasksel then to simulate the tasksel run. I ended up using -code like this: - -
-export DEBIAN_FRONTEND=noninteractive
-cmd="$(in_target tasksel -t --new-install | sed 's/debconf-apt-progress -- //')"
-$cmd
-
- -

The content of $cmd is typically something like "aptitude -q ---without-recommends -o APT::Install-Recommends=no -y install -~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired -~pimportant", which will install the gnome desktop task, the -laptop task and all packages with priority standard , required and -important, just like tasksel would have done it during -installation.

- -

A better approach is probably to extend tasksel to be able to -install packages without using debconf-apt-progress, for use cases -like this.

+

I found the notes from Rob Weir on +how +to crush dissent matching my own thoughts on the matter quite +well. Highly recommended for those wondering which road our society +should go down. In my view we have been heading the wrong way for a +long time.

- Tags: debian, english, nuug. + Tags: english, lenker, nuug, personvern, sikkerhet.
-
Vinmonopolet bryter loven åpenlyst - og flere planlegger å gjøre det samme
-
2010-06-16 11:00
+
No hardcoded config on Debian Edu clients
+
2010-08-09 20:15
-

Dagbladet -melder at Vinmonopolet med bakgrunn i vekterstreiken som pågår i -Norge for tiden, har bestemt seg for med vitende og vilje å bryte -sentralbanklovens paragraf 14 ved å nekte folk å betale med -kontanter, og at flere butikker planlegger å følge deres eksempel. -Jeg synes det er hårreisende hvis de slipper unna med et slikt -soleklart lovbrudd, og lurer på hva slags muligheter jeg vil ha hvis -jeg blir nektet å handle med kontanter. Jeg handler i hovedsak med -kontanter selv, da jeg anser det som en borgerrett å kunne handle -anonymt uten at det blir registrert. For meg er det et angrep på mitt -personvern å nekte å ta imot kontant betaling.

- -

Paragrafen -i sentralbankloven lyder:

+

As reported earlier, the last few days I have looked at how Debian +Edu clients are configured, and tried to get rid of all hardcoded +configuration settings on the clients. I believe the work to be +mostly done, and the clients seem to work just fine with dynamically +generated configuration.

+ +

What is the point, you might ask? The point is to allow a Debian +Edu desktop to integrate into an existing network infrastructure +without any manual configuration.

+ +

This is what happens when installing a Debian Edu client here at +the University of Oslo using PXE. With the PXE installation, I am +asked for language (Norwegian Bokmål), locality (Norway) and keyboard +layout (no-latin1), Debian Edu profile (Roaming Workstation), if I +accept to reformat the hard drive (yes), if I want to submit info to +popcon.debian.org (no) and root password (secret). After answering +these questions, the installer goes ahead and does its thing, and +after around 50 minutes it is done. I press enter to finish the +installation, and the machine reboots into KDE. When the machine is +ready and kdm asks for login information, I enter my university +username and password, am told by kdm that a local home directory has +been created and that I must log in again, and finally log in with the +same username and password to the KDE 4.4 desktop. At no point during +this process did it ask for university specific settings, and all the +required configuration was dynamically detected using information +fetched via DHCP and DNS. The roaming workstation is now ready for +use.

+ +

How was this done, you might wonder? First of all, here is the +list of things that need to be configured on the client to get it +working properly out of the box:

-
-

§ 14. Tvungent betalingsmiddel

- -

Bankens sedler og mynter er tvungent betalingsmiddel i Norge. Ingen -er pliktig til i én betaling å ta imot mer enn femogtyve mynter av -hver enhet.

- -

Sterkt skadde sedler og mynter er ikke tvungent -betalingsmiddel. Banken gir nærmere forskrifter om erstatning for -bortkomne, brente eller skadde sedler og mynter.

- -

Selv om en avtale inneholder klausul om betaling av en -pengeforpliktelse i gullverdi, kan skyldneren frigjøre seg med tvungne -betalingsmidler uten hensyn til denne klausul.

-
+ -

Det er med bakgrunn i denne lovet ikke tillatt å nekte å ta imot -kontakt betaling. Det er en lov jeg har sans for, og som jeg mener må -håndheves strengt.

+

(Hm, did I forget anything? Let me knew if I did.)

+ +

The points marked (*) are not required to be able to use the +machine, but needed to provide central storage and allowing system +administrators to track their machines. Since yesterday, everything +but the sitesummary collector URL is dynamically discovered at boot +and installation time in the svn version of Debian Edu.

+ +

The IP and DNS setup is fetched during boot using DHCP as usual. +When a DHCP update arrives, the proxy setup is updated by looking for +http://wpat/wpad.dat and using the content of this WPAD file to +configure the http and ftp proxy in /etc/environment and +/etc/apt/apt.conf. I decided to update the proxy setup using a DHCP +hook to ensure that the client stops using the Debian Edu proxy when +it is moved outside the Debian Edu network, and instead uses any local +proxy present on the new network when it moves around.

+ +

The DNS names of the LDAP, Kerberos and syslog server and related +configuration are generated using DNS information at boot. First the +installer looks for a host named ldap in the current DNS domain. If +not found, it looks for _ldap._tcp SRV records in DNS instead. If an +LDAP server is found, its root DSE entry is requested and the +attributes namingContexts and defaultNamingContext are used to +determine which LDAP base to use for NSS. If there are several +namingContexts attibutes and the defaultNamingContext is present, that +LDAP subtree is used as the base. If defaultNamingContext is missing, +the subtrees listed as namingContexts are searched in sequence for any +object with class posixAccount or posixGroup, and the first one with +such an object is used as the LDAP base. For Kerberos, a similar +search is done by first looking for a host named kerberos, and then +for the _kerberos._tcp SRV record. I've been unable to find a way to +look up the Kerberos realm, so for this the upper case string of the +current DNS domain is used.

+ +

For the syslog server, the hosts syslog and loghost are searched +for, and the _syslog._udp SRV record is consulted if no such host is +found. This algorithm works for both Debian Edu and the University of +Oslo. A similar strategy would work for locating the sitesummary +server, but have not been implemented yet. I decided to fetch and +save these settings during installation, to make sure moving to a +different network does not change the set of users being allowed to +log in nor the passwords required to log in. Usernames and passwords +will be cached by sssd when the user logs in on the Debian Edu +network, and will not change as the laptop move around. For a +non-roaming machine, there is no caching, but given that it is +supposed to stay in place it should not matter much. Perhaps we +should switch those to use sssd too?

+ +

The user's SMB mount point for the network home directory is +located when the user logs in for the first time. The LDAP server is +consulted to look for the user's LDAP object and the sambaHomePath +attribute is used if found. If it isn't found, the home directory +path fetched from NSS is used instead. Assuming the path is of the +form /site/server/directory/username, the second part is looked up in +DNS and used to generate a SMB URL of the form +smb://server.domain/username. This algorithm works for both Debian +edu and the University of Oslo. Perhaps there are better attributes +to use or a better algorithm that works for more sites, but this will +do for now. :)

+ +

This work should make it easier to integrate the Debian Edu clients +into any LDAP/Kerberos infrastructure, and make the current setup even +more flexible than before. I suspect it will also work for thin +client servers, allowing one to easily set up LTSP and hook it into a +existing network infrastructure, but I have not had time to test this +yet.

+ +

If you want to help out with implementing these things for Debian +Edu, please contact us on debian-edu@lists.debian.org.

+ +

Update 2010-08-09: Simon Farnsworth gave me a heads-up on how to +detect Kerberos realm from DNS, by looking for _kerberos TXT entries +before falling back to the upper case DNS domain name. Will have to +implement it for Debian Edu. :)

- Tags: norsk, personvern. + Tags: debian edu, english, nuug.
-
Officeshots taking shape
-
2010-06-13 11:40
+
Testing if a file system can be used for home directories...
+
2010-08-08 21:20
-

For those of us caring about document exchange and -interoperability, OfficeShots -is a great service. It is to ODF documents what -BrowserShots is for web -pages.

- -

A while back, I was contacted by Knut Yrvin at the part of Nokia -that used to be Trolltech, who wanted to help the OfficeShots project -and wondered if the University of Oslo where I work would be -interested in supporting the project. I helped him to navigate his -request to the right people at work, and his request was answered with -a spot in the machine room with power and network connected, and Knut -arranged funding for a machine to fill the spot. The machine is -administrated by the OfficeShots people, so I do not have daily -contact with its progress, and thus from time to time check back to -see how the project is doing.

- -

Today I had a look, and was happy to see that the Dell box in our -machine room now is the host for several virtual machines running as -OfficeShots factories, and the project is able to render ODF documents -in 17 different document processing implementation on Linux and -Windows. This is great.

+

A few years ago, I was involved in a project planning to use +Windows file servers as home directory servers for Debian +Edu/Skolelinux machines. This was thought to be no problem, as the +access would be through the SMB network file system protocol, and we +knew other sites used SMB with unix and samba as the file server to +mount home directories without any problems. But, after months of +struggling, we had to conclude that our goal was impossible.

+ +

The reason is simply that while SMB can be used for home +directories when the file server is Samba running on Unix, this only +work because of Samba have some extensions and the fact that the +underlying file system is a unix file system. When using a Windows +file server, the underlying file system do not have POSIX semantics, +and several programs will fail if the users home directory where they +want to store their configuration lack POSIX semantics.

+ +

As part of this work, I wrote a small C program I want to share +with you all, to replicate a few of the problematic applications (like +OpenOffice.org and GCompris) and see if the file system was working as +it should. If you find yourself in spooky file system land, it might +help you find your way out again. This is the fs-test.c source:

+ +
+/*
+ * Some tests to check the file system sematics.  Used to verify that
+ * CIFS from a windows server do not work properly as a linux home
+ * directory.
+ * License: GPL v2 or later
+ * 
+ * needs libsqlite3-dev and build-essential installed
+ * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
+*/
+
+#define _FILE_OFFSET_BITS 64
+#define _LARGEFILE_SOURCE 1
+#define _LARGEFILE64_SOURCE 1
+
+#define _GNU_SOURCE /* for asprintf() */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#ifdef TEST_SQLITE
+/*
+ * Test sqlite open, as done by gcompris require the libsqlite3-dev
+ * package and linking with -lsqlite3.  A more low level test is
+ * below.
+ * See also <URL: http://www.sqlite.org./faq.html#q5 >.
+ */
+#include <sqlite3.h>
+#define CREATE_TABLE_USERS                                              \
+  "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
+int test_sqlite_open(void) {
+  char *zErrMsg;
+  char *name = "testsqlite.db";
+  sqlite3 *db=NULL;
+  unlink(name);
+  int rc = sqlite3_open(name, &db);
+  if( rc ){
+    printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
+    sqlite3_close(db);
+    return -1;
+  }
+
+  /* create tables */
+  rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL,  0, &zErrMsg);
+  if( rc != SQLITE_OK ){
+    printf("error: sqlite table create failed: %s\n", zErrMsg);
+    sqlite3_close(db);
+    return -1;
+  }
+  printf("info: sqlite worked\n");
+  sqlite3_close(db);
+  return 0;
+}
+#endif /* TEST_SQLITE */
+
+/*
+ * Demonstrate locking issue found in gcompris using sqlite3.  This
+ * work with ext3, but not with cifs server on Windows 2003.  This is
+ * done in the sqlite3 library.
+ * See also
+ * <URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
+ * POSIX specification
+ * <URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
+ */
+int test_gcompris_locking(void) {
+  struct flock fl;
+  char *name = "testsqlite.db";
+  unlink(name);
+  int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
+  printf("info: testing fcntl locking\n");
+
+  fl.l_whence = SEEK_SET;
+  fl.l_pid    = getpid();
+  printf("  Read-locking 1 byte from 1073741824");
+  fl.l_start  = 1073741824;
+  fl.l_len    = 1;
+  fl.l_type   = F_RDLCK;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  printf("  Read-locking 510 byte from 1073741826");
+  fl.l_start  = 1073741826;
+  fl.l_len    = 510;
+  fl.l_type   = F_RDLCK;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  printf("  Unlocking 1 byte from 1073741824");
+  fl.l_start  = 1073741824;
+  fl.l_len    = 1;
+  fl.l_type   = F_UNLCK;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  printf("  Write-locking 1 byte from 1073741824");
+  fl.l_start  = 1073741824;
+  fl.l_len    = 1;
+  fl.l_type   = F_WRLCK;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  printf("  Write-locking 510 byte from 1073741826");
+  fl.l_start  = 1073741826;
+  fl.l_len    = 510;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  printf("  Unlocking 2 byte from 1073741824");
+  fl.l_start  = 1073741824;
+  fl.l_len    = 2;
+  fl.l_type   = F_UNLCK;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  close(fd);
+  return 0;
+}
+
+/*
+ * Test if permissions of freshly created directories allow entries
+ * below them.  This was a problem with OpenOffice.org and gcompris.
+ * Mounting with option 'sync' seem to solve this problem while
+ * slowing down file operations.
+ */
+int test_subdirectory_creation(void) {
+#define LEVELS 5
+  char *path = strdup("test");
+  char *dirs[LEVELS];
+  int level;
+  printf("info: testing subdirectory creation\n");
+  for (level = 0; level < LEVELS; level++) {
+    char *newpath = NULL;
+    if (-1 == mkdir(path, 0777)) {
+      printf("  error: Unable to create directory '%s': %s\n",
+	     path, strerror(errno));
+      break;
+    }
+    asprintf(&newpath, "%s/%s", path, "test");
+    free(path);
+    path = newpath;
+  }
+  return 0;
+}
+
+/*
+ * Test if symlinks can be created.  This was a problem detected with
+ * KDE.
+ */
+int test_symlinks(void) {
+  printf("info: testing symlink creation\n");
+  unlink("symlink");
+  if (-1 == symlink("file", "symlink"))
+    printf("  error: Unable to create symlink\n");
+  return 0;
+}
+
+int main(int argc, char **argv) {
+  printf("Testing POSIX/Unix sematics on file system\n");
+  test_symlinks();
+  test_subdirectory_creation();
+#ifdef TEST_SQLITE
+  test_sqlite_open();
+#endif /* TEST_SQLITE */
+  test_gcompris_locking();
+  return 0;
+}
+
+ +

When everything is working, it should print something like +this:

+ +
+Testing POSIX/Unix sematics on file system
+info: testing symlink creation
+info: testing subdirectory creation
+info: sqlite worked
+info: testing fcntl locking
+  Read-locking 1 byte from 1073741824
+  Read-locking 510 byte from 1073741826
+  Unlocking 1 byte from 1073741824
+  Write-locking 1 byte from 1073741824
+  Write-locking 510 byte from 1073741826
+  Unlocking 2 byte from 1073741824
+
+ +

I do not remember the exact details of the problems we saw, but one +of them was with locking, where if I remember correctly, POSIX allow a +read-only lock to be upgraded to a read-write lock without unlocking +the read-only lock (while Windows do not). Another was a bug in the +CIFS/SMB client implementation in the Linux kernel where directory +meta information would be wrong for a fraction of a second, making +OpenOffice.org fail to create its deep directory tree because it was +not allowed to create files in its freshly created directory.

+ +

Anyway, here is a nice tool for your tool box, might you never need +it. :)

- Tags: english, standard. + Tags: debian edu, english, nuug.
-
Lenny->Squeeze upgrades, removals by apt and aptitude
-
2010-06-13 09:05
+
Autodetecting Client setup for roaming workstations in Debian Edu
+
2010-08-07 14:45
-

My -testing -of Debian upgrades from Lenny to Squeeze continues, and I've -finally made the upgrade logs available from -http://people.skolelinux.org/pere/debian-upgrade-testing/. -I am now testing dist-upgrade of Gnome and KDE in a chroot using both -apt and aptitude, and found their differences interesting. This time -I will only focus on their removal plans.

- -

After installing a Gnome desktop and the laptop task, apt-get wants -to remove 72 packages when dist-upgrading from Lenny to Squeeze. The -surprising part is that it want to remove xorg and all -xserver-xorg-video* drivers. Clearly not a good choice, but I am not -sure why. When asking aptitude to do the same, it want to remove 129 -packages, but most of them are library packages I suspect are no -longer needed. Both of them want to remove bluetooth packages, which -I do not know. Perhaps these bluetooth packages are obsolete?

- -

For KDE, apt-get want to remove 82 packages, among them kdebase -which seem like a bad idea and xorg the same way as with Gnome. Asking -aptitude for the same, it wants to remove 192 packages, none which are -too surprising.

- -

I guess the removal of xorg during upgrades should be investigated -and avoided, and perhaps others as well. Here are the complete list -of planned removals. The complete logs is available from the URL -above. Note if you want to repeat these tests, that the upgrade test -for kde+apt-get hung in the tasksel setup because of dpkg asking -conffile questions. No idea why. I worked around it by using -'echo >> /proc/pidofdpkg/fd/0' to tell dpkg to -continue.

- -

apt-get gnome 72 -
bluez-gnome cupsddk-drivers deskbar-applet gnome - gnome-desktop-environment gnome-network-admin gtkhtml3.14 - iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-1-0 - libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0 - nautilus-cd-burner python-gnome2-desktop python-gnome2-extras - serpentine swfdec-mozilla update-manager xorg xserver-xorg - xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev - xserver-xorg-input-kbd xserver-xorg-input-mouse - xserver-xorg-input-synaptics xserver-xorg-input-wacom - xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark - xserver-xorg-video-ati xserver-xorg-video-chips - xserver-xorg-video-cirrus xserver-xorg-video-cyrix - xserver-xorg-video-dummy xserver-xorg-video-fbdev - xserver-xorg-video-glint xserver-xorg-video-i128 - xserver-xorg-video-i740 xserver-xorg-video-imstt - xserver-xorg-video-intel xserver-xorg-video-mach64 - xserver-xorg-video-mga xserver-xorg-video-neomagic - xserver-xorg-video-nsc xserver-xorg-video-nv - xserver-xorg-video-openchrome xserver-xorg-video-r128 - xserver-xorg-video-radeon xserver-xorg-video-radeonhd - xserver-xorg-video-rendition xserver-xorg-video-s3 - xserver-xorg-video-s3virge xserver-xorg-video-savage - xserver-xorg-video-siliconmotion xserver-xorg-video-sis - xserver-xorg-video-sisusb xserver-xorg-video-tdfx - xserver-xorg-video-tga xserver-xorg-video-trident - xserver-xorg-video-tseng xserver-xorg-video-v4l - xserver-xorg-video-vesa xserver-xorg-video-vga - xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9 - xulrunner-1.9-gnome-support

- -

aptitude gnome 129 - -
bluez-gnome bluez-utils cpp-4.3 cupsddk-drivers dhcdbd - djvulibre-desktop finger gnome-app-install gnome-mount - gnome-network-admin gnome-spell gnome-vfs-obexftp - gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2 - libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2 - libcamel1.2-11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0 - libdirectfb-1.0-0 libdvdread3 libedataserver1.2-9 libeel2-2.20 - libeel2-data libepc-1.0-1 libepc-ui-1.0-1 libfaad0 libgail-common - libgd2-noxpm libgda3-3 libgda3-common libgdl-1-0 libgdl-1-common - libggz2 libggzcore9 libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 - libgnomecups1.0-1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-0 - libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common - libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-0 - libgtksourceview-common libgtksourceview1.0-0 libgucharmap6 - libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++10 - libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off - libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-2.2 - libosp5 libparted1.8-10 libpoppler-glib3 libpoppler3 libpt-1.10.10 - libpt-1.10.10-plugins-alsa libpt-1.10.10-plugins-v4l libraw1394-8 - libsensors3 libslab0 libsmbios2 libsoup2.2-8 libssh2-1 - libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1 libtotem-plparser10 - libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0 - libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6 - libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner - openoffice.org-writer2latex openssl-blacklist p7zip - python-4suite-xml python-eggtrayicon python-gnome2-desktop - python-gnome2-extras python-gtkhtml2 python-gtkmozembed - python-numeric python-sexy serpentine svgalibg1 swfdec-gnome - swfdec-mozilla totem-gstreamer update-manager wodim - xserver-xorg-video-cyrix xserver-xorg-video-imstt - xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga - zip

- -

apt-get kde 82 - -
cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core - kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3 - kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker - kicker-applets knewsticker kolourpaint konq-plugins konqueror korn - kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1 - libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg - xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev - xserver-xorg-input-kbd xserver-xorg-input-mouse - xserver-xorg-input-synaptics xserver-xorg-input-wacom - xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark - xserver-xorg-video-ati xserver-xorg-video-chips - xserver-xorg-video-cirrus xserver-xorg-video-cyrix - xserver-xorg-video-dummy xserver-xorg-video-fbdev - xserver-xorg-video-glint xserver-xorg-video-i128 - xserver-xorg-video-i740 xserver-xorg-video-imstt - xserver-xorg-video-intel xserver-xorg-video-mach64 - xserver-xorg-video-mga xserver-xorg-video-neomagic - xserver-xorg-video-nsc xserver-xorg-video-nv - xserver-xorg-video-openchrome xserver-xorg-video-r128 - xserver-xorg-video-radeon xserver-xorg-video-radeonhd - xserver-xorg-video-rendition xserver-xorg-video-s3 - xserver-xorg-video-s3virge xserver-xorg-video-savage - xserver-xorg-video-siliconmotion xserver-xorg-video-sis - xserver-xorg-video-sisusb xserver-xorg-video-tdfx - xserver-xorg-video-tga xserver-xorg-video-trident - xserver-xorg-video-tseng xserver-xorg-video-v4l - xserver-xorg-video-vesa xserver-xorg-video-vga - xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9

- -

aptitude kde 192 -
bluez-utils cpp-4.3 cupsddk-drivers cvs dcoprss dhcdbd - djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext - ghostscript-x imlib-base imlib11 indi kandy karm kasteroids - kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat - kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window - kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data - kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data - kdemultimedia-kfile-plugins kdenetwork-kfile-plugins - kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh - kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs - kghostview khelpcenter khexedit kiconedit kitchensync klatin - klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint - kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler - krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver - ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos - kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock - kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile - libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1 - libavahi-core5 libavc1394-0 libavcodec51 libbluetooth2 - libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0 libdatrie0 - libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0 - libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0 - libicu38 libiec61883-0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1 - libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2 - libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1 - libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a - libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9 - libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-8 libsmbios2 - libssh2-1 libsuitesparse-3.1.0 libtalloc1 libtiff-tools - libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java - libxerces2-java-gcj libxtrap6 mpeglib networkstatus - openoffice.org-writer2latex pmount poster psutils quanta quanta-data - superkaramba svgalibg1 tex-common texlive-base texlive-base-bin - texlive-common texlive-doc-base texlive-fonts-recommended - xserver-xorg-video-cyrix xserver-xorg-video-imstt - xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga - xulrunner-1.9

- +

A few days ago, I +tried +to install a Roaming workation profile from Debian Edu/Squeeze +while on the university network here at the University of Oslo, and +noticed how much had to change to get it operational using the +university infrastructure. It was fairly easy, but it occured to me +that Debian Edu would improve a lot if I could get the client to +connect without any changes at all, and thus let the client configure +itself during installation and first boot to use the infrastructure +around it. Now I am a huge step further along that road.

+ +

With our current squeeze-test packages, I can select the roaming +workstation profile and get a working laptop connecting to the +university LDAP server for user and group and our active directory +servers for Kerberos authentication. All this without any +configuration at all during installation. My users home directory got +a bookmark in the KDE menu to mount it via SMB, with the correct URL. +In short, openldap and sssd is correctly configured. In addition to +this, the client look for http://wpad/wpad.dat to configure a web +proxy, and when it fail to find it no proxy settings are stored in +/etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is +configured to look for the same wpad configuration and also do not use +a proxy when at the university network. If the machine is moved to a +network with such wpad setup, it would automatically use it when DHCP +gave it a IP address.

+ +

The LDAP server is located using DNS, by first looking for the DNS +entry ldap.$domain. If this do not exist, it look for the +_ldap._tcp.$domain SRV records and use the first one as the LDAP +server. Next, it connects to the LDAP server and search all +namingContexts entries for posixAccount or posixGroup objects, and +pick the first one as the LDAP base. For Kerberos, a similar +algorithm is used to locate the LDAP server, and the realm is the +uppercase version of $domain.

+ +

So, what is not working, you might ask. SMB mounting my home +directory do not work. No idea why, but suspected the incorrect +Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be +the cause. These are not properly configured during installation, and +had to be hand-edited to get the correct Kerberos realm and server, +but SMB mounting still do not work. :(

+ +

With this automatic configuration in place, I expect a Debian Edu +roaming profile installation would be able to automatically detect and +connect to any site using LDAP and Kerberos for NSS directory and PAM +authentication. It should also work out of the box in a Active +Directory environment providing posixAccount and posixGroup objects +with UID and GID values.

+ +

If you want to help out with implementing these things for Debian +Edu, please contact us on debian-edu@lists.debian.org.

- Tags: debian, debian edu, english. + Tags: debian edu, english, nuug.
-
Åpne trådløsnett er et samfunnsgode
-
2010-06-12 12:45
+
Debian Edu roaming workstation - at the university of Oslo
+
2010-08-03 23:30
-

Veldig glad for å oppdage via -Slashdot -at folk i Finland har forstått at åpne trådløsnett er et samfunnsgode. -Jeg ser på åpne trådløsnett som et fellesgode på linje med retten til -ferdsel i utmark og retten til å bevege seg i strandsonen. Jeg har -glede av åpne trådløsnett når jeg finner dem, og deler gladelig nett -med andre så lenge de ikke forstyrrer min bruk av eget nett. -Nettkapasiteten er sjelden en begrensning ved normal browsing og enkel -SSH-innlogging (som er min vanligste nettbruk), og nett kan brukes til -så mye positivt og nyttig (som nyhetslesing, sjekke været, kontakte -slekt og venner, holde seg oppdatert om politiske saker, kontakte -organisasjoner og politikere, etc), at det for meg er helt urimelig å -blokkere dette for alle som ikke gjør en flue fortred. De som mener -at potensialet for misbruk er grunn nok til å hindre all den positive -og lovlydige bruken av et åpent trådløsnett har jeg dermed ingen -forståelse for. En kan ikke eksistensen av forbrytere styre hvordan -samfunnet skal organiseres. Da får en et kontrollsamfunn de færreste -ønsker å leve i, og det at vi har et samfunn i Norge der tilliten til -hverandre er høy gjør at samfunnet fungerer ganske godt. Det bør vi -anstrenge oss for å beholde.

+

The new roaming workstation profile in Debian Edu/Squeeze is fairly +similar to the laptop setup am I working on using Ubuntu for the +University of Oslo, and just for the heck of it, I tested today how +hard it would be to integrate that profile into the university +infrastructure. In this case, it is the university LDAP server, +Active Directory Kerberos server and SMB mounting from the Netapp file +servers.

+ +

I was pleasantly surprised that the only three files needed to be +changed (/etc/sssd/sssd.conf, /etc/ldap.conf and +/etc/mklocaluser.d/20-debian-edu-config) and one file had to be added +(/usr/share/perl5/Debian/Edu_Local.pm), to get the client working. +Most of the changes were to get the client to use the university LDAP +for NSS and Kerberos server for PAM, but one was to change a hard +coded DNS domain name in the mklocaluser hook from .intern to +.uio.no.

+ +

This testing was so encouraging, that I went ahead and adjusted the +Debian Edu scripts and setup in subversion to centralise the roaming +workstation setup a bit more and avoid the hardcoded DNS domain name, +so that when I test this tomorrow, I expect to get away with modifying +only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the +university servers.

+ +

My goal is to get the clients to have no hardcoded settings and +fetch all their initial setup during installation and first boot, to +allow them to be inserted also into environments where the default +setup in Debian Edu has been changed or as with the university, where +the environment is different but provides the protocols Debian Edu +uses.

- Tags: fildeling, norsk, nuug, opphavsrett, personvern, sikkerhet. + Tags: debian edu, english, nuug.
-
Automatic upgrade testing from Lenny to Squeeze
-
2010-06-11 22:50
+
Circular package dependencies harms apt recovery
+
2010-07-27 23:50
-

The last few days I have done some upgrade testing in Debian, to -see if the upgrade from Lenny to Squeeze will go smoothly. A few bugs -have been discovered and reported in the process -(#585410 in nagios3-cgi, -#584879 already fixed in -enscript and #584861 in -kdebase-workspace-data), and to get a more regular testing going on, I -am working on a script to automate the test.

- -

The idea is to create a Lenny chroot and use tasksel to install a -Gnome or KDE desktop installation inside the chroot before upgrading -it. To ensure no services are started in the chroot, a policy-rc.d -script is inserted. To make sure tasksel believe it is to install a -desktop on a laptop, the tasksel tests are replaced in the chroot -(only acceptable because this is a throw-away chroot).

- -

A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade -currently always fail because udev refuses to upgrade with the kernel -in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade -is created. The bug report -#566000 make me suspect -this problem do not trigger in a chroot, but I touch the file anyway -to make sure the upgrade go well. Testing on virtual and real -hardware have failed me because of udev so far, and creating this file -do the trick in such settings anyway. This is a -known -issue and the current udev behaviour is intended by the udev -maintainer because he lack the resources to rewrite udev to keep -working with old kernels or something like that. I really wish the -udev upstream would keep udev backwards compatible, to avoid such -upgrade problem, but given that they fail to do so, I guess -documenting the way out of this mess is the best option we got for -Debian Squeeze.

- -

Anyway, back to the task at hand, testing upgrades. This test -script, which I call upgrade-test for now, is doing the -trick:

+

I discovered this while doing +automated +testing of upgrades from Debian Lenny to Squeeze. A few packages +in Debian still got circular dependencies, and it is often claimed +that apt and aptitude should be able to handle this just fine, but +some times these dependency loops causes apt to fail.

+ +

An example is from todays +upgrade +of KDE using aptitude. In it, a bug in kdebase-workspace-data +causes perl-modules to fail to upgrade. The cause is simple. If a +package fail to unpack, then only part of packages with the circular +dependency might end up being unpacked when unpacking aborts, and the +ones already unpacked will fail to configure in the recovery phase +because its dependencies are unavailable.

+ +

In this log, the problem manifest itself with this error:

-#!/bin/sh
-set -ex
-
-if [ "$1" ] ; then
-    desktop=$1
-else
-    desktop=gnome
-fi
-
-from=lenny
-to=squeeze
-
-exec < /dev/null
-unset LANG
-mirror=http://ftp.skolelinux.org/debian
-tmpdir=chroot-$from-upgrade-$to-$desktop
-fuser -mv .
-debootstrap $from $tmpdir $mirror
-chroot $tmpdir aptitude update
-cat > $tmpdir/usr/sbin/policy-rc.d <<EOF
-#!/bin/sh
-exit 101
-EOF
-chmod a+rx $tmpdir/usr/sbin/policy-rc.d
-exit_cleanup() {
-    umount $tmpdir/proc
-}
-mount -t proc proc $tmpdir/proc
-# Make sure proc is unmounted also on failure
-trap exit_cleanup EXIT INT
-
-chroot $tmpdir aptitude -y install debconf-utils
-
-# Make sure tasksel autoselection trigger.  It need the test scripts
-# to return the correct answers.
-echo tasksel tasksel/desktop multiselect $desktop | \
-    chroot $tmpdir debconf-set-selections
-
-# Include the desktop and laptop task
-for test in desktop laptop ; do
-    echo > $tmpdir/usr/lib/tasksel/tests/$test <<EOF
-#!/bin/sh
-exit 2
-EOF
-    chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
-done
-
-DEBIAN_FRONTEND=noninteractive
-DEBIAN_PRIORITY=critical
-export DEBIAN_FRONTEND DEBIAN_PRIORITY
-chroot $tmpdir tasksel --new-install
-
-echo deb $mirror $to main > $tmpdir/etc/apt/sources.list
-chroot $tmpdir aptitude update
-touch $tmpdir/etc/udev/kernel-upgrade
-chroot $tmpdir aptitude -y dist-upgrade
-fuser -mv
+dpkg: dependency problems prevent configuration of perl-modules:
+ perl-modules depends on perl (>= 5.10.1-1); however:
+  Version of perl on system is 5.10.0-19lenny2.
+dpkg: error processing perl-modules (--configure):
+ dependency problems - leaving unconfigured
-

I suspect it would be useful to test upgrades with both apt-get and -with aptitude, but I have not had time to look at how they behave -differently so far. I hope to get a cron job running to do the test -regularly and post the result on the web. The Gnome upgrade currently -work, while the KDE upgrade fail because of the bug in -kdebase-workspace-data

- -

I am not quite sure what kind of extract from the huge upgrade logs -(KDE 167 KiB, Gnome 516 KiB) it make sense to include in this blog -post, so I will refrain from trying. I can report that for Gnome, -aptitude report 760 packages upgraded, 448 newly installed, 129 to -remove and 1 not upgraded and 1024MB need to be downloaded while for -KDE the same numbers are 702 packages upgraded, 507 newly installed, -193 to remove and 0 not upgraded and 1117MB need to be downloaded

- -

I am very happy to notice that the Gnome desktop + laptop upgrade -is able to migrate to dependency based boot sequencing and parallel -booting without a hitch. Was unsure if there were still bugs with -packages failing to clean up their obsolete init.d script during -upgrades, and no such problem seem to affect the Gnome desktop+laptop -packages.

+

The perl/perl-modules circular dependency is already +reported as a bug, and will +hopefully be solved as soon as possible, but it is not the only one, +and each one of these loops in the dependency tree can cause similar +failures. Of course, they only occur when there are bugs in other +packages causing the unpacking to fail, but it is rather nasty when +the failure of one package causes the problem to become worse because +of dependency loops.

+ +

Thanks to +the +tireless effort by Bill Allombert, the number of circular +dependencies +left in Debian +is dropping, and perhaps it will reach zero one day. :)

+ +

Todays testing also exposed a bug in +update-notifier and +different behaviour between +apt-get and aptitude, the latter possibly caused by some circular +dependency. Reported both to BTS to try to get someone to look at +it.

- Tags: bootsystem, debian, debian edu, english. + Tags: debian, english, nuug.
-
Skolelinux er laget for sentraldrifting, naturligvis
-
2010-06-09 12:30
+
First Debian Edu test release (alpha0) based on Squeeze is released
+
2010-07-27 17:45
-

Det er merkelig hvordan myter om Skolelinux overlever. En slik -myte er at Skolelinux ikke kan sentraldriftes og ha sentralt plasserte -tjenermaskiner. I siste Computerworld Norge er -IT-sjef -Viggo Billdal i Steinkjer intervjuet, og forteller uten -blygsel:

- -

Vi hadde Skolelinux, men det har vi sluttet med. Vi testet -om det lønte seg med Microsoft eller en åpen plattform. Vi fant ut at -Microsoft egentlig var totalt sett bedre egnet. Det var store -driftskostnader med Skolelinux, blant annet på grunn av -desentraliserte servere. Det var komplisert, så vi gikk vekk fra det -og bruker nå bare Windows.

- -

En rask -sjekk mot den norske brukerlista i Skolelinuxprosjektet forteller -at Steinkjers forsøk foregikk fram til 2004/2005, og at Røysing skole -i Steinkjer skal ha vært svært fornøyd med Skolelinux men at kommunen -overkjørte skolen og krevde at de gikk over til Windows. Et søk på -nettet sendte meg til -Dagens -IT nr. 18 2005 hvor en kan lese på side 18:

- -

Inge Tømmerås ved Røysing skole i Steinkjer kjører ennå -Microsoft, men forteller at kompetanseutfordringen med Skolelinux ikke -var så stor. ­ Jeg syntes Skolelinux var utrolig lett å drifte uten -forkunnskaper. Men man må jo selvsagt ha tilgang på ekstern kompetanse -til installasjoner og maskinvarefeil, sier Tømmerås.

- -

Som systemarkitekten bak Skolelinux, kan jeg bare riste på hodet -over påstanden om at Skolelinux krever desentraliserte tjenere. -Skolelinux-arkitekturen er laget for sentralisert drift og plassering -av tjenerne lokalt eller sentralt alt etter behov og nettkapasitet. -Den er modellert på nettverks- og tjenerløsningen som brukes på -Universitetet i Tromsø og Oslo, der jeg jobber med utvikling av -driftstjenester. Dette er det heldigvis noen som har fått med seg, og -jeg er glad for å kunne sitere fra en kommentar på den overnevnte -artikkelen. Min venn og gamle kollega Sturle Sunde forteller der: +

I just posted this announcement culminating several months of work +with the next Debian Edu release. Not nearly done, but one major step +completed.

-

I Flora kommune køyrer vi Skulelinux på skular med alt frå 15 til -meir enn 500 elevar. Dei store skulane har eigen tenar, for det er -mest praktisk. Eg, som er driftsansvarleg for heile nettet, ser -sjeldan dei tenarane fysisk, men at dei står der gjer skulane mindre -avhengige av eksterne linjer som er trege eller dyre. Dei minste -skulane har ikkje eigen tenar. Å bruke sentral tenar er heller ikkje -noko problem. Småskulane klarar seg fint med 1 mbit-linje til ein -sentral tenar eller tenaren på ein større skule.

- -

Det beste med Skulelinux er halvtjukke klientar. Dei treng ikkje -harddisk og brukar minimalt med ressursar på tenaren fordi dei køyrer -programma lokalt. Eit klasserom med 30 sju-åtte år gamle maskiner har -mykje meir CPU og RAM totalt enn nokon moderne tenar til under -millionen. Det trengst to kommandoar på den sentrale tenaren for å -oppdatere alle klientane, både tynne og halvtjukke. Vi har ingen -problem med diskar som ryk heller, som var eit problem før fordi -elevane sat og sparka i maskinene. Og dei krev lite bandbreidde i -nettet, so det er fullt mogleg å køyre slike på småskular med trege -linjer mot tenaren på ein større skule.

- -

Flora kommune har nesten 800 Linux-maskiner i sitt skulenett, og -ein person som tek seg av drift av heile nettet, inkludert tenarar, -klientar, operativsystem, programvare, heimekontorløysing og -administrasjon av brukarar.

- -

No skal det seiast at vi ikkje køyrer rein Skulelinux ut av -boksen. Vi har gjort ein del tilpassingar mot noko Novell-greier som -var der frå før, og som har komplisert installasjonen vår. Etter at -oppsettet var gjort har løysinga vore stabil og kravd minimalt med -arbeid.

-
+

This is the first test release based on Squeeze. The focus of this +release is to test the user application selection. To have a look, +install the standalone profile and let the developers know if the set +of installed packages i.e. applications should be modified. If some +user application is missing, or if there are some applications that no +longer make sense to be included in Debian Edu, please let us know. +Also, if a useful application is missing the translation for your +language of choice, please let us know too.

+ +

In addition, feedback and help to polish the desktop (menus, +artwork, starters, etc.) is appreciated. We would like to ship a nice +and handy KDE4 desktop targeted for schools out of the box.

+ +

The other profiles should be installable, but there is a lot more +work left to be done before they are ready, so do not expect to +much.

+ +

Changes compared to the lenny based version

+ + +

The following features are not working as they should

+ + + +

To download this multiarch netinstall release you can use

+ + +

To download this multiarch dvd release you can use

+ + -

Jeg vet at Narvik, Harstad og Oslo er kommuner der Skolelinux -sentraldriftes med sentrale tjenere. Det forteller meg at Steinkjers -IT-sjef neppe bør skylde på Skolelinux-løsningen for sine 5 år gamle -minner.

+

There is no source DVD available yet. It will be prepared when we +get closer to the final release.

+ +

The MD5SUM of these images are

+ + + +

The SHA1SUM of these images are

+ +

How to report bugs: +http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla

+ +

Please direct replies to debian-edu@lists.debian.org

+
- Tags: debian edu, norsk, nuug. + Tags: debian edu, english, nuug.
-
Upstart or sysvinit - as init.d scripts see it
-
2010-06-06 23:55
+
One step closer to single signon in Debian Edu
+
2010-07-25 10:00
-

If Debian is to migrate to upstart on Linux, I expect some init.d -scripts to migrate (some of) their operations to upstart job while -keeping the init.d for hurd and kfreebsd. The packages with such -needs will need a way to get their init.d scripts to behave -differently when used with sysvinit and with upstart. Because of -this, I had a look at the environment variables set when a init.d -script is running under upstart, and when it is not.

- -

With upstart, I notice these environment variables are set when a -script is started from rcS.d/ (ignoring some irrelevant ones like -COLUMNS):

- -
-DEFAULT_RUNLEVEL=2
-previous=N
-PREVLEVEL=
-RUNLEVEL=
-runlevel=S
-UPSTART_EVENTS=startup
-UPSTART_INSTANCE=
-UPSTART_JOB=rc-sysinit
-
- -

With sysvinit, these environment variables are set for the same -script.

- -
-INIT_VERSION=sysvinit-2.88
-previous=N
-PREVLEVEL=N
-RUNLEVEL=S
-runlevel=S
-
- -

The RUNLEVEL and PREVLEVEL environment variables passed on from -sysvinit are not set by upstart. Not sure if it is intentional or not -to not be compatible with sysvinit in this regard.

- -

For scripts needing to behave differently when upstart is used, -looking for the UPSTART_JOB environment variable seem to be a good -choice.

+

The last few months me and the other Debian Edu developers have +been working hard to get the Debian/Squeeze based version of Debian +Edu/Skolelinux into shape. This future version will use Kerberos for +authentication, and services are slowly migrated to single signon, +getting rid of password questions one at the time.

+ +

It will also feature a roaming workstation profile with local home +directory, for laptops that are only some times on the Skolelinux +network, and for this profile a shortcut is created in Gnome and KDE +to gain access to the users home directory on the file server. This +shortcut uses SMB at the moment, and yesterday I had time to test if +SMB mounting had started working in KDE after we added the cifs-utils +package. I was pleasantly surprised how well it worked.

+ +

Thanks to the recent changes to our samba configuration to get it +to use Kerberos for authentication, there were no question about user +password when mounting the SMB volume. A simple click on the shortcut +in the KDE menu, and a window with the home directory popped +up. :)

+ +

One step closer to a single signon solution out of the box in +Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now +also Samba. Next step is Cups and hopefully also NFS.

+ +

We had planned a alpha0 release of Debian Edu for today, but thanks +to the autobuilder administrators for some architectures being slow to +sign packages, we are still missing the fixed LTSP package we need for +the release. It was uploaded three days ago with urgency=high, and if +it had entered testing yesterday we would have been able to test it in +time for a alpha0 release today. As the binaries for ia64 and powerpc +still not uploaded to the Debian archive, we need to delay the alpha +release another day.

+ +

If you want to help out with implementing Kerberos for Debian Edu, +please contact us on debian-edu@lists.debian.org.

- Tags: bootsystem, debian, english. + Tags: debian edu, english, nuug, sikkerhet.
-
A manual for standards wars...
-
2010-06-06 14:15
+
Digitale restriksjonsmekanismer fikk meg til å slutte å kjøpe musikk
+
2010-07-22 23:50
-

Via the -blog -of Rob Weir I came across the very interesting essay named -The Art of -Standards Wars (PDF 25 pages). I recommend it for everyone -following the standards wars of today.

+

For mange år siden slutte jeg å kjøpe musikk-CDer. Årsaken var at +musikkbransjen var godt i gang med å selge platene sine med DRM som +gjorde at jeg ikke fikk spilt av musikken jeg kjøpte på utstyret jeg +hadde tilgjengelig, dvs. min datamaskin. Det var umulig å se på en +plate om den var ødelagt eller ikke, og jeg hadde jo allerede en +anseelig samling med plater, så jeg bestemme meg for å slutte å gi +penger til en bransje som åpenbart ikke respekterte meg.

+ +

Jeg har mange titalls dager med musikk på CD i dag. Det meste er +lagt i et stort arkiv som kan spilles av fra husets datamaskiner (har +ikke rukket rippe alt). Jeg ser dermed ikke behovet for å skaffe mer +musikk. De fleste av mine favoritter er i hus, og jeg er dermed godt +fornøyd.

+ +

Hvis musikkbransjen ønsker mine penger, så må de demonstrere at de +setter pris på meg som kunde, og ikke skremme meg bort med DRM og +antydninger om at kundene er kriminelle.

+ +

Filmbransjen er like ille, men mens musikk gjerne varer lenge, er +filmer mer ferskvare. Har dermed ikke helt sluttet å kjøpe filmer, men +holder meg til DVD-filmer som kan spilles av på mine Linuxbokser. +Kommer neppe til å ta i bruk Blueray, og ei heller de nye DRM-greiene +«Ultraviolet» som be annonsert her om dagen.

- Tags: debian, debian edu, english, standard. + Tags: fildeling, norsk, nuug, opphavsrett, personvern.
@@ -763,7 +853,11 @@ following the standards wars of today.

  • May (9)
    • -
  • June (13)
    • +
  • June (14)
    • + +
  • July (12)
    • + +
  • August (6)
    • @@ -820,39 +914,39 @@ following the standards wars of today.

  • bootsystem (10)
    • -
  • debian (28)
    • +
  • debian (35)
    • -
  • debian edu (27)
    • +
  • debian edu (40)
    • -
  • english (40)
    • +
  • english (56)
  • fiksgatami (1)
    • -
  • fildeling (7)
    • +
  • fildeling (8)
    • -
  • kart (2)
    • +
  • kart (3)
    • -
  • ldap (2)
    • +
  • ldap (8)
    • -
  • lenker (1)
    • +
  • lenker (2)
  • ltsp (1)
  • multimedia (5)
    • -
  • norsk (69)
    • +
  • norsk (72)
    • -
  • nuug (78)
    • +
  • nuug (94)
    • -
  • opphavsrett (13)
    • +
  • opphavsrett (14)
    • -
  • personvern (13)
    • +
  • personvern (15)
  • reprap (10)
  • rss (1)
    • -
  • sikkerhet (9)
    • +
  • sikkerhet (11)
  • sitesummary (3)
    • @@ -864,7 +958,7 @@ following the standards wars of today.

  • vitenskap (1)
    • -
  • web (6)
    • +
  • web (7)