X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/e22781370f42c3479c619ecbc275ef2e7c64099e..350d73d9c83b01fe16cac24017e3f9bfbd3d6c50:/blog/index.rss diff --git a/blog/index.rss b/blog/index.rss index 961899c3d6..4110ff85a2 100644 --- a/blog/index.rss +++ b/blog/index.rss @@ -7,652 +7,456 @@ - Idea for storing LTSP configuration in LDAP - http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html - http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html - Sun, 11 Jul 2010 22:00:00 +0200 + Some notes on Flash in Debian and Debian Edu + http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html + http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html + Sat, 4 Sep 2010 10:10:00 +0200 -<p>Vagrant mentioned on IRC today that ltsp_config now support -sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin -clients, and that this can be used to fetch configuration from LDAP if -Debian Edu choose to store configuration there.</p> - -<p>Armed with this information, I got inspired and wrote a test module -to get configuration from LDAP. The idea is to look up the MAC -address of the client in LDAP, and look for attributes on the form -ltspconfigsetting=value, and use this to export SETTING=value to the -LTSP clients.</p> - -<p>The goal is to be able to store the LTSP configuration attributes -in a "computer" LDAP object used by both DNS and DHCP, and thus -allowing us to store all information about a computer in one place.</p> - -<p>This is a untested draft implementation, and I welcome feedback on -this approach. A real LDAP schema for the ltspClientAux objectclass -need to be written. Comments, suggestions, etc?</p> - -<blockquote><pre> -# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config -# -# Fetch LTSP client settings from LDAP based on MAC address -# -# Uses ethernet address as stored in the dhcpHost objectclass using -# the dhcpHWAddress attribute or ethernet address stored in the -# ieee802Device objectclass with the macAddress attribute. -# -# This module is written to be schema agnostic, and only depend on the -# existence of attribute names. -# -# The LTSP configuration variables are saved directly using a -# ltspConfig prefix and uppercasing the rest of the attribute name. -# To set the SERVER variable, set the ltspConfigServer attribute. -# -# Some LDAP schema should be created with all the relevant -# configuration settings. Something like this should work: -# -# objectclass ( 1.1.2.2 NAME 'ltspClientAux' -# SUP top -# AUXILIARY -# MAY ( ltspConfigServer $ ltsConfigSound $ ... ) - -LDAPSERVER=$(debian-edu-ldapserver) -if [ "$LDAPSERVER" ] ; then - LDAPBASE=$(debian-edu-ldapserver -b) - for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk '{print $5}'|sort -u) ; do - filter="(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))" - ldapsearch -h "$LDAPSERVER" -b "$LDAPBASE" -v -x "$filter" | \ - grep '^ltspConfig' | while read attr value ; do - # Remove prefix and convert to upper case - attr=$(echo $attr | sed 's/^ltspConfig//i' | tr a-z A-Z) - # bass value on to clients - eval "$attr=$value; export $attr" - done - done -fi -</pre></blockquote> - -<p>I'm not sure this shell construction will work, because I suspect -the while block might end up in a subshell causing the variables set -there to not show up in ltsp-config, but if that is the case I am sure -the code can be restructured to make sure the variables are passed on. -I expect that can be solved with some testing. :)</p> - -<p>If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.</p> +<p>In the <a href="http://popcon.debian.org/unknown/by_vote">Debian +popularity-contest numbers</a>, the adobe-flashplugin package the +second most popular used package that is missing in Debian. The sixth +most popular is flashplayer-mozilla. This is a clear indication that +working flash is important for Debian users. Around 10 percent of the +users submitting data to popcon.debian.org have this package +installed.</p> + +<p>In the report written by Lars Risan in August 2008 +(«<a href="http://wiki.skolelinux.no/Dokumentasjon/Rapporter?action=AttachFile&do=view&target=Skolelinux_i_bruk_rapport_1.0.pdf">Skolelinux +i bruk – Rapport for Hurum kommune, Universitetet i Agder og +stiftelsen SLX Debian Labs</a>»), one of the most important problems +schools experienced with <a href="http://www.skolelinux.org/">Debian +Edu/Skolelinux</a> was the lack of working Flash. A lot of educational +web sites require Flash to work, and lacking working Flash support in +the web browser and the problems with installing it was perceived as a +good reason to stay with Windows.</p> + +<p>I once saw a funny and sad comment in a web forum, where Linux was +said to be the retarded cousin that did not really understand +everything you told him but could work fairly well. This was a +comment regarding the problems Linux have with proprietary formats and +non-standard web pages, and is sad because it exposes a fairly common +understanding of whose fault it is if web pages that only work in for +example Internet Explorer 6 fail to work on Firefox, and funny because +it explain very well how annoying it is for users when Linux +distributions do not work with the documents they receive or the web +pages they want to visit.</p> + +<p>This is part of the reason why I believe it is important for Debian +and Debian Edu to have a well working Flash implementation in the +distribution, to get at least popular sites as Youtube and Google +Video to working out of the box. For Squeeze, Debian have the chance +to include the latest version of Gnash that will make this happen, as +the new release 0.8.8 was published a few weeks ago and is resting in +unstable. The new version work with more sites that version 0.8.7. +The Gnash maintainers have asked for a freeze exception, but the +release team have not had time to reply to it yet. I hope they agree +with me that Flash is important for the Debian desktop users, and thus +accept the new package into Squeeze.</p> - jXplorer, a very nice LDAP GUI - http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html - http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html - Fri, 9 Jul 2010 12:55:00 +0200 + My first perl GUI application - controlling a Spykee robot + http://people.skolelinux.org/pere/blog/My_first_perl_GUI_application___controlling_a_Spykee_robot.html + http://people.skolelinux.org/pere/blog/My_first_perl_GUI_application___controlling_a_Spykee_robot.html + Wed, 1 Sep 2010 21:00:00 +0200 -<p>Since -<a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">my -last post</a> about available LDAP tools in Debian, I was told about a -LDAP GUI that is even better than luma. The java application -<a href="http://jxplorer.org/">jXplorer</a> is claimed to be capable of -moving LDAP objects and subtrees using drag-and-drop, and can -authenticate using Kerberos. I have only tested the Kerberos -authentication, but do not have a LDAP setup allowing me to rewrite -LDAP with my test user yet. It is -<a href="http://packages.qa.debian.org/j/jxplorer.html">available in -Debian</a> testing and unstable at the moment. The only problem I -have with it is how it handle errors. If something go wrong, its -non-intuitive behaviour require me to go through some query work list -and remove the failing query. Nothing big, but very annoying.</p> +<p>This evening I made my first Perl GUI application. The last few +days I have worked on a Perl module for controlling my recently +aquired Spykee robots, and the module is now getting complete enought +that it is possible to use it to control the robot driving at least. +It was now time to figure out how to use it to create some GUI to +allow me to drive the robot around. I picked PerlQt as I have had +positive experiences with the Qt API before, and spent a few minutes +browsing the web for examples. Using Qt Designer seemed like a short +cut, so I ended up writing the perl GUI using Qt Designer and +compiling it into a perl program using the puic program from +libqt-perl. Nothing fancy yet, but it got buttons to connect and +drive around.</p> + +<p>The perl module I have written provide a object oriented API for +controlling the robot. Here is an small example on how to use it:</p> + +<p><pre> +use Spykee; +Spykee::discover(sub {$robot{$_[0]} = $_[1]}); +my $host = (keys %robot)[0]; +my $spykee = Spykee->new(); +$spykee->contact($host, "admin", "admin"); +$spykee->left(); +sleep 2; +$spykee->right(); +sleep 2; +$spykee->forward(); +sleep 2; +$spykee->back(); +sleep 2; +$spykee->stop(); +</pre></p> + +<p>Thanks to the release of the source of the robot firmware, I could +peek into the implementation at the other end to figure out how to +implement the protocol used by the robot. I've implemented several of +the commands the robot understand, but is still missing the camera +support to make it possible to control the robot from remote. First I +want to implement support for uploading new firmware and configuring +the wireless network, to make it possible to bootstrap a Spykee robot +without the producers Windows and MacOSX software (I only have Linux, +so I had to ask a friend to come over to get the robot testing +going. :).</p> + +<p>Will release the source to the public soon, but need to figure out +where to make it available first. I will add a link to +<a href="http://wiki.nuug.no/grupper/robot/">the NUUG wiki</a> for +those that want to check back later to find it.</p> - MS Word krøller det til for politiet? - http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html - http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html - Thu, 8 Jul 2010 14:00:00 +0200 + Forslag i stortinget om å stoppe elektronisk stemmegiving i Norge + http://people.skolelinux.org/pere/blog/Forslag_i_stortinget_om____stoppe_elektronisk_stemmegiving_i_Norge.html + http://people.skolelinux.org/pere/blog/Forslag_i_stortinget_om____stoppe_elektronisk_stemmegiving_i_Norge.html + Tue, 31 Aug 2010 21:00:00 +0200 -<p>De siste dagene har Aftenposten -<a href="http://www.aftenposten.no/nyheter/iriks/article3718597.ece">fortalt</a> -<a href="http://www.aftenposten.no/nyheter/iriks/article3724249.ece">hvordan</a> -politet har brukt skriveverktøy som ikke håndterer arabisk tekst og -tekst som skal skrives fra høyre mot venstre når de har laget -løpeseddel for å be om informasjon fra publikum. Resultatet har vært -en uleselig arabisk-bit på løpeseddelen. Feilen har oppstått når -teksten har blitt "kopiert inn i programvare som ikke har støtte for -språk som skrives fra høyre mot venstre", og jeg er ganske sikker på -at det er snakk om Microsoft Office i dette tilfellet. Er det slik at -MS Office i norsk språkdrakt ikke har støtte for tekst som skal -skrives fra høyre mot venstre? Jeg tror alle utgaver av -OpenOffice.org har slik støtte, og det er jo ikke veldig vanskelig å -la slik støtte finnes i alle utgaver av et program hvis støtten først -er utviklet. Aftenpostens melding får meg til å undre om problemet -ville vært unngått hvis politiet brukte OpenOffice.org i stedet for MS -Office.</p> - -<p>Mon tro om det er flere eksempler på at MS Office har ødelagt for -offentlig myndighet?</p> +<p>Ble tipset i dag om at et forslag om å stoppe forsøkene med +elektronisk stemmegiving utenfor valglokaler er +<a href="http://www.stortinget.no/no/Saker-og-publikasjoner/Saker/Sak/?p=46616">til +behandling</a> i Stortinget. +<a href="http://www.stortinget.no/Global/pdf/Representantforslag/2009-2010/dok8-200910-128.pdf">Forslaget</a> +er fremmet av Erna Solberg, Michael Tetzschner og Trond Helleland.</p> + +<p>Håper det får flertall.</p> - Lenny->Squeeze upgrades, apt vs aptitude with the Gnome desktop - http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html - http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html - Sat, 3 Jul 2010 23:55:00 +0200 + Broken hard link handling with sshfs + http://people.skolelinux.org/pere/blog/Broken_hard_link_handling_with_sshfs.html + http://people.skolelinux.org/pere/blog/Broken_hard_link_handling_with_sshfs.html + Mon, 30 Aug 2010 19:30:00 +0200 -<p>Here is a short update on my <a -href="http://people.skolelinux.org/~pere/debian-upgrade-testing/">my -Debian Lenny->Squeeze upgrade testing</a>. Here is a summary of the -difference for Gnome when it is upgraded by apt-get and aptitude. I'm -not reporting the status for KDE, because the upgrade crashes when -aptitude try because of missing conflicts -(<a href="http://bugs.debian.org/584861">#584861</a> and -<a href="http://bugs.debian.org/585716">#585716</a>).</p> - -<p>At the end of the upgrade test script, dpkg -l is executed to get a -complete list of the installed packages. Based on this I see these -differences when I did a test run today. As usual, I do not really -know what the correct set of packages would be, but thought it best to -publish the difference.</p> - -<p>Installed using apt-get, missing with aptitude</p> - -<blockquote><p> - at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs - libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common - libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin - libgtksourceview-common libpt-1.10.10-plugins-alsa - libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java - libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip - python-4suite-xml python-eggtrayicon python-gtkhtml2 - python-gtkmozembed svgalibg1 xserver-xephyr zip -</p></blockquote> - -<p>Installed using apt-get, removed with aptitude</p> - -<blockquote><p> - bluez-utils dhcdbd djvulibre-desktop epiphany-gecko - gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager - libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50 - libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3 - libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9 - libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3 - libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9 - libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2 - libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0 - libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0 - libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50 - libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10 - libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4 - libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5 - libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3 - libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8 - libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1 - libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj - libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3 - mysql-common swfdec-gnome totem-gstreamer wodim -</p></blockquote> - -<p>Installed using aptitude, missing with apt-get</p> - -<blockquote><p> - gnome gnome-desktop-environment hamster-applet python-gnomeapplet - python-gnomekeyring python-wnck rhythmbox-plugins xorg - xserver-xorg-input-all xserver-xorg-input-evdev - xserver-xorg-input-kbd xserver-xorg-input-mouse - xserver-xorg-input-synaptics xserver-xorg-video-all - xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati - xserver-xorg-video-chips xserver-xorg-video-cirrus - xserver-xorg-video-dummy xserver-xorg-video-fbdev - xserver-xorg-video-glint xserver-xorg-video-i128 - xserver-xorg-video-i740 xserver-xorg-video-mach64 - xserver-xorg-video-mga xserver-xorg-video-neomagic - xserver-xorg-video-nouveau xserver-xorg-video-nv - xserver-xorg-video-r128 xserver-xorg-video-radeon - xserver-xorg-video-radeonhd xserver-xorg-video-rendition - xserver-xorg-video-s3 xserver-xorg-video-s3virge - xserver-xorg-video-savage xserver-xorg-video-siliconmotion - xserver-xorg-video-sis xserver-xorg-video-sisusb - xserver-xorg-video-tdfx xserver-xorg-video-tga - xserver-xorg-video-trident xserver-xorg-video-tseng - xserver-xorg-video-vesa xserver-xorg-video-vmware - xserver-xorg-video-voodoo -</p></blockquote> - -<p>Installed using aptitude, removed with apt-get</p> - -<blockquote><p> - deskbar-applet xserver-xorg xserver-xorg-core - xserver-xorg-input-wacom xserver-xorg-video-intel - xserver-xorg-video-openchrome -</p></blockquote> - -<p>I was told on IRC that the xorg-xserver package was -<a href="http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120">changed -in git</a> today to try to get apt-get to not remove xorg completely. -No idea when it hits Squeeze, but when it does I hope it will reduce -the difference somewhat. +<p>Just got an email from Tobias Gruetzmacher as a followup on my +<a href="http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html">previous +post about sshfs</a>. He reported another problem with sshfs. It +fail to handle hard links properly. A simple way to spot this is to +look at the . and .. entries in the directory tree. These should have +a link count >1, but on sshfs the count is 1. I just tested to see +what happen when trying to hardlink, and this fail as well:</p> + +<pre> +% ln foo bar +ln: creating hard link `bar' => `foo': Function not implemented +% +</pre> + +<p>I have not yet found time to implement a test for this in my file +system test code, but believe having working hard links is useful to +avoid surprised unix programs. Not as useful as working file locking +and symlinks, which are required to get a working desktop, but useful +nevertheless. :)</p> + +<p>The latest version of the file system test code is available via +git from +<a href="http://github.com/gebi/fs-test">http://github.com/gebi/fs-test</a></p> - Caching password, user and group on a roaming Debian laptop - http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html - http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html - Thu, 1 Jul 2010 11:40:00 +0200 + Sikkerhetsteateret på flyplassene fortsetter + http://people.skolelinux.org/pere/blog/Sikkerhetsteateret_p___flyplassene_fortsetter.html + http://people.skolelinux.org/pere/blog/Sikkerhetsteateret_p___flyplassene_fortsetter.html + Sat, 28 Aug 2010 10:40:00 +0200 -<p>For a laptop, centralized user directories and password checking is -a bit troubling. Laptops are typically used also when not connected -to the network, and it is vital for a user to be able to log in or -unlock the screen saver also when a central server is unavailable. -This is possible by caching passwords and directory information (user -and group attributes) locally, and the packages to do so are available -in Debian. Here follow two recipes to set this up in Debian/Squeeze. -It is also possible to set up in Debian/Lenny, but require more manual -setup there because pam-auth-update is missing in Lenny.</p> - -<h2>LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir</h2> - -This is the traditional method with a twist. The password caching is -provided by libpam-ccreds (version 10-4 or later is needed on -Squeeze), and the directory caching is done by nscd. The directory -lookup and password checking is done using LDAP. If one want to use -Kerberos for password checking the libpam-ldapd package can be -replaced with libpam-krb5 or libpam-heimdal. If one is happy having a -local home directory with the path listed in LDAP, one can use the -pam_mkhomedir module from pam-modules to make this happen instead of -using libpam-mklocaluser. A setup for pam-auth-update to enable -pam_mkhomedir will have to be written until a fix for -<a href="http://bugs.debian.org/568577">bug #568577</a> is in the -archive. Because I believe it is a bad idea to have local home -directories using misleading paths like /site/server/partition/, I -prefer to create a local user with the home directory in /home/. This -is done using the libpam-mklocaluser package.</p> - -<p>These packages need to be installed and configured</p> - -<blockquote><pre> -libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser -</pre></blockquote> - -<p>The ldapd packages will ask for LDAP connection information, and -one have to fill in the values that fits ones own site. Make sure the -PAM part uses encrypted connections, to make sure the password is not -sent in clear text to the LDAP server. I've been unable to get TLS -certificate checking for a self signed certificate working, which make -LDAP authentication unsafe for Debian Edu (nslcd is not checking if it -is talking to the correct LDAP server), and very much welcome feedback -on how to get this working.</p> - -<p>Because nscd do not have a default configuration fit for offline -caching until <a href="http://bugs.debian.org/485282">bug #485282</a> -is fixed, this configuration should be used instead of the one -currently in /etc/nscd.conf. The changes are in the fields -reload-count and positive-time-to-live, and is based on the -instructions I found in the -<a href="http://www.flyn.org/laptopldap/">LDAP for Mobile Laptops</a> -instructions by Flyn Computing.</p> - -<blockquote><pre> - debug-level 0 - reload-count unlimited - paranoia no - - enable-cache passwd yes - positive-time-to-live passwd 2592000 - negative-time-to-live passwd 20 - suggested-size passwd 211 - check-files passwd yes - persistent passwd yes - shared passwd yes - max-db-size passwd 33554432 - auto-propagate passwd yes - - enable-cache group yes - positive-time-to-live group 2592000 - negative-time-to-live group 20 - suggested-size group 211 - check-files group yes - persistent group yes - shared group yes - max-db-size group 33554432 - auto-propagate group yes - - enable-cache hosts no - positive-time-to-live hosts 2592000 - negative-time-to-live hosts 20 - suggested-size hosts 211 - check-files hosts yes - persistent hosts yes - shared hosts yes - max-db-size hosts 33554432 - - enable-cache services yes - positive-time-to-live services 2592000 - negative-time-to-live services 20 - suggested-size services 211 - check-files services yes - persistent services yes - shared services yes - max-db-size services 33554432 -</pre></blockquote> - -<p>While we wait for a mechanism to update /etc/nsswitch.conf -automatically like the one provided in -<a href="http://bugs.debian.org/496915">bug #496915</a>, the file -content need to be manually replaced to ensure LDAP is used as the -directory service on the machine. /etc/nsswitch.conf should normally -look like this:</p> - -<blockquote><pre> -passwd: files ldap -group: files ldap -shadow: files ldap -hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 -networks: files -protocols: files -services: files -ethers: files -rpc: files -netgroup: files ldap -</pre></blockquote> - -<p>The important parts are that ldap is listed last for passwd, group, -shadow and netgroup.</p> - -<p>With these changes in place, any user in LDAP will be able to log -in locally on the machine using for example kdm, get a local home -directory created and have the password as well as user and group -attributes cached. - -<h2>LDAP/Kerberos + nss-updatedb + libpam-ccreds + - libpam-mklocaluser/pam_mkhomedir</h2> - -<p>Because nscd have had its share of problems, and seem to have -problems doing proper caching, I've seen suggestions and recipes to -use nss-updatedb to copy parts of the LDAP database locally when the -LDAP database is available. I have not tested such setup, because I -discovered sssd.</p> - -<h2>LDAP/Kerberos + sssd + libpam-mklocaluser</h2> - -<p>A more flexible and robust setup than the nscd combination -mentioned earlier that has shown up recently, is the -<a href="https://fedorahosted.org/sssd/">sssd</a> package from Redhat. -It is part of the <a href="http://www.freeipa.org/">FreeIPA</A> project -to provide a Active Directory like directory service for Linux -machines. The sssd system combines the caching of passwords and user -information into one package, and remove the need for nscd and -libpam-ccreds. It support LDAP and Kerberos, but not NIS. Version -1.2 do not support netgroups, but it is said that it will support this -in version 1.5 expected to show up later in 2010. Because the -<a href="http://packages.qa.debian.org/s/sssd.html">sssd package</a> -was missing in Debian, I ended up co-maintaining it with Werner, and -version 1.2 is now in testing. - -<p>These packages need to be installed and configured to get the -roaming setup I want</p> - -<blockquote><pre> -libpam-sss libnss-sss libpam-mklocaluser -</pre></blockquote> - -The complete setup of sssd is done by editing/creating -<tt>/etc/sssd/sssd.conf</tt>. - -<blockquote><pre> -[sssd] -config_file_version = 2 -reconnection_retries = 3 -sbus_timeout = 30 -services = nss, pam -domains = INTERN - -[nss] -filter_groups = root -filter_users = root -reconnection_retries = 3 - -[pam] -reconnection_retries = 3 - -[domain/INTERN] -enumerate = false -cache_credentials = true - -id_provider = ldap -auth_provider = ldap -chpass_provider = ldap - -ldap_uri = ldap://ldap -ldap_search_base = dc=skole,dc=skolelinux,dc=no -ldap_tls_reqcert = never -ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt -</pre></blockquote> - -<p>I got the same problem here with certificate checking. Had to set -"ldap_tls_reqcert = never" to get it working.</p> - -<p>With the libnss-sss package in testing at the moment, the -nsswitch.conf file is update automatically, so there is no need to -modify it manually.</p> - -<p>If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.</p> +<p>Jeg skrev for et halvt år siden hvordan +<a href="http://people.skolelinux.org/pere/blog/Sikkerhet__teater__og_hvordan_gj__re_verden_sikrere.html">samfunnet +kaster bort ressurser på sikkerhetstiltak som ikke fungerer</a>. Kom +nettopp over en +<a href="http://www.askthepilot.com/essays-and-stories/terrorism-tweezers-and-terminal-madness-an-essay-on-security/">historie +fra en pilot fra USA</a> som kommenterer det samme. Jeg mistenker det +kun er uvitenhet og autoritetstro som gjør at så få protesterer. Har +veldig sans for piloten omtalt i <a +href="http://www.aftenposten.no/nyheter/iriks/article2057501.ece">Aftenposten</a> 2007-10-23, +og skulle ønske flere rettet oppmerksomhet mot problemet. Det gir +ikke meg trygghetsfølelse på flyplassene når jeg ser at +flyplassadministrasjonen kaster bort folk, penger og tid på tull i +stedet for ting som bidrar til reell økning av sikkerheten. Det +forteller meg jo at vurderingsevnen til de som burde bidra til økt +sikkerhet er svært sviktende, noe som ikke taler godt for de andre +tiltakene.</p> + +<p>Mon tro hva som skjer hvis det fantes en enkel brosjyre å skrive ut +fra Internet som forklarte hva som er galt med sikkerhetsopplegget på +flyplassene, og folk skrev ut og la en bunke på flyplassene når de +passerte. Kanskje det ville fått flere til å få øynene opp for +problemet.</p> + +<p>Personlig synes jeg flyopplevelsen er blitt så avskyelig at jeg +forsøker å klare meg med tog, bil og båt for å slippe ubehaget. Det +er dog noe vanskelig i det langstrakte Norge og for å kunne besøke de +delene av verden jeg ønsker å nå. Mistenker at flere har det slik, og +at dette går ut over inntjeningen til flyselskapene. Det er antagelig +en god ting sett fra et miljøperspektiv, men det er en annen sak.</p> - LUMA, a very nice LDAP GUI - http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html - http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html - Mon, 28 Jun 2010 00:30:00 +0200 + Skolelinux i Osloskolen + http://people.skolelinux.org/pere/blog/Skolelinux_i_Osloskolen.html + http://people.skolelinux.org/pere/blog/Skolelinux_i_Osloskolen.html + Thu, 26 Aug 2010 22:25:00 +0200 -<p>The last few days I have been looking into the status of the LDAP -directory in Debian Edu, and in the process I started to miss a GUI -tool to browse the LDAP tree. The only one I was able to find in -Debian/Squeeze and Lenny is -<a href="http://luma.sourceforge.net/">LUMA</a>, which has proved to -be a great tool to get a overview of the current LDAP directory -populated by default in Skolelinux. Thanks to it, I have been able to -find empty and obsolete subtrees, misplaced objects and duplicate -objects. It will be installed by default in Debian/Squeeze. If you -are working with LDAP, give it a go. :)</p> - -<p>I did notice one problem with it I have not had time to report to -the BTS yet. There is no .desktop file in the package, so the tool do -not show up in the Gnome and KDE menus, but only deep down in in the -Debian submenu in KDE. I hope that can be fixed before Squeeze is -released.</p> - -<p>I have not yet been able to get it to modify the tree yet. I would -like to move objects and remove subtrees directly in the GUI, but have -not found a way to do that with LUMA yet. So in the mean time, I use -<a href="http://www.lichteblau.com/ldapvi/">ldapvi</a> for that.</p> - -<p>If you have tips on other GUI tools for LDAP that might be useful -in Debian Edu, please contact us on debian-edu@lists.debian.org.</p> - -<p>Update 2010-06-29: Ross Reedstrom tipped us about the -<a href="http://packages.qa.debian.org/g/gq.html">gq</a> package as a -useful GUI alternative. It seem like a good tool, but is unmaintained -in Debian and got a RC bug keeping it out of Squeeze. Unless that -changes, it will not be an option for Debian Edu based on Squeeze.</p> +<p>Denne høsten skal endelig alle Osloskolene få mulighet til å bruke +<a href="http://www.skolelinux.org/">Skolelinux</a>. Ny IT-løsning +har vært rullet ut i noen måneder nå, og så vidt jeg fikk vite før +sommeren skulle alle skoler ha nytt opplegg på plass før oppstart nå i +høst. På alle skolene skal en kunne velge ved installasjon om en skal +ha Windows eller Skolelinux på maskinene, og en kan i tillegg +PXE-boote maskinene over nett som tynne klienter eller diskløse +arbeidsstasjoner. Jeg er spent på hvor mange skoler som velger å ta i +bruk Skolelinux, og gleder meg til å se hvordan dette utvikler seg. +Løsningen leveres av +<a href="http://www.logica.no/">Logica</a> med +<a href="http://www.slxdrift.no/">Skolelinux Drift AS</a> som +underleverandør, og jeg har vært involvert i utviklingen av løsningen +via Skolelinux Drift AS siden prosjektet starter. Jeg synes det er +fantastisk at Skolelinux er kommet så langt siden vi startet i 2001 at +alle elevene i Osloskolene nå skal få mulighet til å bruke +løsningen. Jeg håper de vil sette pris på alle de +<a href="http://www.skolelinux.no/linux-signpost/">fantastiske +brukerprogrammene</a> som er tilgjengelig i Skolelinux.</p> - Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object - http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html - http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html - Thu, 24 Jun 2010 00:35:00 +0200 + Broken umask handling with sshfs + http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html + http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html + Thu, 26 Aug 2010 13:30:00 +0200 -<p>A while back, I -<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">complained -about the fact</a> that it is not possible with the provided schemas -for storing DNS and DHCP information in LDAP to combine the two sets -of information into one LDAP object representing a computer.</p> - -<p>In the mean time, I discovered that a simple fix would be to make -the dhcpHost object class auxiliary, to allow it to be combined with -the dNSDomain object class, and thus forming one object for one -computer when storing both DHCP and DNS information in LDAP.</p> - -<p>If I understand this correctly, it is not safe to do this change -without also changing the assigned number for the object class, and I -do not know enough about LDAP schema design to do that properly for -Debian Edu.</p> - -<p>Anyway, for future reference, this is how I believe we could change -the -<a href="http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00">DHCP -schema</a> to solve at least part of the problem with the LDAP schemas -available today from IETF.</p> +<p>My file system sematics program +<a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">presented +a few days ago</a> is very useful to verify that a file system can +work as a unix home directory,and today I had to extend it a bit. I'm +looking into alternatives for home directory access here at the +University of Oslo, and one of the options is sshfs. My friend +Finn-Arne mentioned a while back that they had used sshfs with Debian +Edu, but stopped because of problems. I asked today what the problems +where, and he mentioned that sshfs failed to handle umask properly. +Trying to detect the problem I wrote this addition to my fs testing +script:</p> + +<pre> +mode_t touch_get_mode(const char *name, mode_t mode) { + mode_t retval = 0; + int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, mode); + if (-1 != fd) { + unlink(name); + struct stat statbuf; + if (-1 != fstat(fd, &statbuf)) { + retval = statbuf.st_mode & 0x1ff; + } + close(fd); + } + return retval; +} + +/* Try to detect problem discovered using sshfs */ +int test_umask(void) { + printf("info: testing umask effect on file creation\n"); + + mode_t orig_umask = umask(000); + mode_t newmode; + if (0666 != (newmode = touch_get_mode("foobar", 0666))) { + printf(" error: Wrong file mode %o when creating using mode 666 and umask 000\n", + newmode); + } + umask(007); + if (0660 != (newmode = touch_get_mode("foobar", 0666))) { + printf(" error: Wrong file mode %o when creating using mode 666 and umask 007\n", + newmode); + } + + umask (orig_umask); + return 0; +} + +int main(int argc, char **argv) { + [...] + test_umask(); + return 0; +} +</pre> + +<p>Sure enough. On NFS to a netapp, I get this result:</p> <pre> ---- dhcp.schema (revision 65192) -+++ dhcp.schema (working copy) -@@ -376,7 +376,7 @@ - objectclass ( 2.16.840.1.113719.1.203.6.6 - NAME 'dhcpHost' - DESC 'This represents information about a particular client' -- SUP top -+ SUP top AUXILIARY - MUST cn - MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) - X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') ) +Testing POSIX/Unix sematics on file system +info: testing symlink creation +info: testing subdirectory creation +info: testing fcntl locking + Read-locking 1 byte from 1073741824 + Read-locking 510 byte from 1073741826 + Unlocking 1 byte from 1073741824 + Write-locking 1 byte from 1073741824 + Write-locking 510 byte from 1073741826 + Unlocking 2 byte from 1073741824 +info: testing umask effect on file creation </pre> -<p>I very much welcome clues on how to do this properly for Debian -Edu/Squeeze. We provide the DHCP schema in our debian-edu-config -package, and should thus be free to rewrite it as we see fit.</p> +<p>When mounting the same directory using sshfs, I get this +result:</p> + +<pre> +Testing POSIX/Unix sematics on file system +info: testing symlink creation +info: testing subdirectory creation +info: testing fcntl locking + Read-locking 1 byte from 1073741824 + Read-locking 510 byte from 1073741826 + Unlocking 1 byte from 1073741824 + Write-locking 1 byte from 1073741824 + Write-locking 510 byte from 1073741826 + Unlocking 2 byte from 1073741824 +info: testing umask effect on file creation + error: Wrong file mode 644 when creating using mode 666 and umask 000 + error: Wrong file mode 640 when creating using mode 666 and umask 007 +</pre> + +<p>So, I can conclude that sshfs is better than smb to a Netapp or a +Windows server, but not good enough to be used as a home +directory.</p> + +<p>Update 2010-08-26: Reported the issue in +<a href="http://bugs.debian.org/594498">BTS report #594498</a></p> -<p>If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.</p> +<p>Update 2010-08-27: Michael Gebetsroither report that he found the +script so useful that he created a GIT repository and stored it in +<a href="http://github.com/gebi/fs-test">http://github.com/gebi/fs-test</a>.</p> - Calling tasksel like the installer, while still getting useful output - http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html - http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html - Wed, 16 Jun 2010 14:55:00 +0200 + Elektronisk stemmegiving er ikke til å stole på - heller ikke i Norge + http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html + http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html + Mon, 23 Aug 2010 19:30:00 +0200 -<p>A few times I have had the need to simulate the way tasksel -installs packages during the normal debian-installer run. Until now, -I have ended up letting tasksel do the work, with the annoying problem -of not getting any feedback at all when something fails (like a -conffile question from dpkg or a download that fails), using code like -this: - -<blockquote><pre> -export DEBIAN_FRONTEND=noninteractive -tasksel --new-install -</pre></blockquote> - -This would invoke tasksel, let its automatic task selection pick the -tasks to install, and continue to install the requested tasks without -any output what so ever. - -Recently I revisited this problem while working on the automatic -package upgrade testing, because tasksel would some times hang without -any useful feedback, and I want to see what is going on when it -happen. Then it occured to me, I can parse the output from tasksel -when asked to run in test mode, and use that aptitude command line -printed by tasksel then to simulate the tasksel run. I ended up using -code like this: - -<blockquote><pre> -export DEBIAN_FRONTEND=noninteractive -cmd="$(in_target tasksel -t --new-install | sed 's/debconf-apt-progress -- //')" -$cmd -</pre></blockquote> - -<p>The content of $cmd is typically something like "<tt>aptitude -q ---without-recommends -o APT::Install-Recommends=no -y install -~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired -~pimportant</tt>", which will install the gnome desktop task, the -laptop task and all packages with priority standard , required and -important, just like tasksel would have done it during -installation.</p> - -<p>A better approach is probably to extend tasksel to be able to -install packages without using debconf-apt-progress, for use cases -like this.</p> +<p>I Norge pågår en prosess for å +<a href="http://www.e-valg.dep.no/">innføre elektronisk +stemmegiving</a> ved kommune- og stortingsvalg. Dette skal +introduseres i 2011. Det er all grunn til å tro at valg i Norge ikke +vil være til å stole på hvis dette blir gjennomført. Da det hele var +oppe til høring i 2006 forfattet jeg +<a href="http://www.nuug.no/dokumenter/valg-horing-2006-09.pdf">en +høringsuttalelse fra NUUG</a> (og EFN som hengte seg på) som skisserte +hvilke punkter som må oppfylles for at en skal kunne stole på et valg, +og elektronisk stemmegiving mangler flere av disse. Elektronisk +stemmegiving er for alle praktiske formål å putte ens stemme i en sort +boks under andres kontroll, og satse på at de som har kontroll med +boksen er til å stole på - uten at en har mulighet til å verifisere +dette selv. Det er ikke slik en gjennomfører demokratiske valg.</p> + +<p>Da problemet er fundamentalt med hvordan elektronisk stemmegiving +må fungere for at også ikke-krypografer skal kunne delta, har det vært +mange rapporter om hvordan elektronisk stemmegiving har sviktet i land +etter land. En +<a href="http://wiki.nuug.no/uttalelser/2006-elektronisk-stemmegiving">liten +samling referanser</a> finnes på NUUGs wiki. Den siste er fra India, +der valgkomisjonen har valgt +<a href="http://www.freedom-to-tinker.com/blog/jhalderm/electronic-voting-researcher-arrested-over-anonymous-source">å +pusse politiet på en forsker</a> som har dokumentert svakheter i +valgsystemet.</p> + +<p>Her i Norge har en valgt en annen tilnærming, der en forsøker seg +med teknobabbel for å få befolkningen til å tro at dette skal bli +sikkert. Husk, elektronisk stemmegiving underminerer de demokratiske +valgene i Norge, og bør ikke innføres.</p> + +<p>Den offentlige diskusjonen blir litt vanskelig av at media har +valgt å kalle dette "evalg", som kan sies å både gjelde elektronisk +opptelling av valget som Norge har gjort siden 60-tallet og som er en +svært god ide, og elektronisk opptelling som er en svært dårlig ide. +Diskusjonen gir ikke mening hvis en skal diskutere om en er for eller +mot "evalg", og jeg forsøker derfor å være klar på at jeg snakker om +elektronisk stemmegiving og unngå begrepet "evalg".</p> - Vinmonopolet bryter loven åpenlyst - og flere planlegger å gjøre det samme - http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html - http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html - Wed, 16 Jun 2010 11:00:00 +0200 + Robot, reis deg... + http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html + http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html + Sat, 21 Aug 2010 22:10:00 +0200 -<p><a href="http://www.dagbladet.no/2010/06/16/nyheter/innenriks/streik/arbeidsliv/12157858/">Dagbladet -melder</a> at Vinmonopolet med bakgrunn i vekterstreiken som pågår i -Norge for tiden, har bestemt seg for med vitende og vilje å bryte -sentralbanklovens paragraf 14 ved å nekte folk å betale med -kontanter, og at flere butikker planlegger å følge deres eksempel. -Jeg synes det er hårreisende hvis de slipper unna med et slikt -soleklart lovbrudd, og lurer på hva slags muligheter jeg vil ha hvis -jeg blir nektet å handle med kontanter. Jeg handler i hovedsak med -kontanter selv, da jeg anser det som en borgerrett å kunne handle -anonymt uten at det blir registrert. For meg er det et angrep på mitt -personvern å nekte å ta imot kontant betaling.</p> - -<p><a href="http://www.lovdata.no/all/tl-19850524-028-003.html#14">Paragrafen -i sentralbankloven</a> lyder:</p> - -<blockquote> -<p>§ 14. Tvungent betalingsmiddel</p> - -<p>Bankens sedler og mynter er tvungent betalingsmiddel i Norge. Ingen -er pliktig til i én betaling å ta imot mer enn femogtyve mynter av -hver enhet.</p> - -<p>Sterkt skadde sedler og mynter er ikke tvungent -betalingsmiddel. Banken gir nærmere forskrifter om erstatning for -bortkomne, brente eller skadde sedler og mynter.</p> - -<p>Selv om en avtale inneholder klausul om betaling av en -pengeforpliktelse i gullverdi, kan skyldneren frigjøre seg med tvungne -betalingsmidler uten hensyn til denne klausul.</p> -</blockquote> - -<p>Det er med bakgrunn i denne lovet ikke tillatt å nekte å ta imot -kontakt betaling. Det er en lov jeg har sans for, og som jeg mener må -håndheves strengt.</p> +<p>I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og +har brukt noen timer til å google etter interessante referanser og +aktuell kildekode for bruk på Linux. Det mest lovende så langt er +<a href="http://ispykee.toyz.org/">ispykee</a>, som har en +BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på +lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for +å fjernstyre roboten. Linux-daemonen implementerer deler av +protokollen som roboten forstår. Etter å ha knotet litt med å oppnå +kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg +måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at +den lytter på IP-port 9000 og 9001, gikk jeg i gang med å finne ut +hvordan jeg kunne snakke med roboten vha. disse portene. Robotbiten +av protokollen er publisert av produsenten med GPL-lisens, slik at det +er mulig å se hvordan protokollen fungerer. Det finnes en java-klient +for Android som så ganske snasen ut, men fant ingen kildekode for +denne. Derimot hadde iphone-løsningen kildekode, så jeg tok +utgangspunkt i den.</p> + +<p>Daemonen ville i utgangspunktet forsøke å kontakte den sentrale +tjenesten som iphone-programmet kobler seg til. Jeg skrev dette om +til i stedet å sette opp en nettverkstjeneste på min lokale maskin, +som jeg kan koble meg opp til med telnet og gi kommandoer til roboten +(act, forward, right, left, etc). Det involverte i praksis å bytte ut +socket()/connect() med socket()/bind()/listen()/accept() for å gjøre +klienten om til en tjener.</p> + +<p>Mens jeg har forsøkt å få roboten til å bevege seg har min samboer +skrudd sammen resten av roboten for å få montert kamera og plastpynten +(armer, plastfiber for lys). Nå er det hele montert, og roboten er +klar til bruk. Må få flyttet den over til mitt vanlige trådløsnett +før det blir praktisk, men de bitene av protokollen er ikke +implementert i ispykee-daemonen, så der må jeg enten få tak i en mac +eller en windows-maskin, eller implementere det selv.</p> + +<p>Vi var tre som kjøpte slike roboter, og vi har blitt enige om å +samle notater og referanser på <a +href="http://wiki.nuug.no/grupper/robot/">NUUGs wiki</a>. Ta en titt +der hvis du er nysgjerrig.</p> - Officeshots taking shape - http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html - http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html - Sun, 13 Jun 2010 11:40:00 +0200 + 2 Spykee-roboter i hus, nå skal det lekes + http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html + http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html + Wed, 18 Aug 2010 13:30:00 +0200 -<p>For those of us caring about document exchange and -interoperability, <a href="http://www.officeshots.org/">OfficeShots</a> -is a great service. It is to ODF documents what -<a href="http://browsershots.org/">BrowserShots</a> is for web -pages.</p> - -<p>A while back, I was contacted by Knut Yrvin at the part of Nokia -that used to be Trolltech, who wanted to help the OfficeShots project -and wondered if the University of Oslo where I work would be -interested in supporting the project. I helped him to navigate his -request to the right people at work, and his request was answered with -a spot in the machine room with power and network connected, and Knut -arranged funding for a machine to fill the spot. The machine is -administrated by the OfficeShots people, so I do not have daily -contact with its progress, and thus from time to time check back to -see how the project is doing.</p> - -<p>Today I had a look, and was happy to see that the Dell box in our -machine room now is the host for several virtual machines running as -OfficeShots factories, and the project is able to render ODF documents -in 17 different document processing implementation on Linux and -Windows. This is great.</p> +<p>Jeg kjøpte nettopp to +<a href="http://www.spykee-robot.com/">Spykee</a>-roboter, for test og +leking. Kjøpte to da det var så billige, og gir meg mulighet til å +eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte +ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde +en liten stabel på lager som de ikke hadde klart å selge ut etter +fjorårets juleinnkjøp, og var villig til å selge for en femtedel av +vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og +det blir morsomt å se hva vi får ut av dette.</p> + +<p>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon +og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som +jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i +mai. Eneste utfordringen er at kontroller-programvaren kun finnes til +Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til +firmwaren. :)</p> + +<ul> +<li><a href="http://en.wikipedia.org/wiki/Spykee">Wikipedia-oppføring</a></li> +<li><a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html">Nedlasting av firmware-kilden</a></li> +<li><a href="http://wiki.nuug.no/grupper/robot">prosjektwiki hos NUUG</a></li> +</ul>