X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/e22781370f42c3479c619ecbc275ef2e7c64099e..e42f5b1dad855a6ee4fe4dec43b101f4d02a5f2b:/blog/index.html diff --git a/blog/index.html b/blog/index.html index d5a8d23e38..56e0d3e6d0 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,710 +20,422 @@
-
Idea for storing LTSP configuration in LDAP
-
2010-07-11 22:00
+
Oppdatert kart over overvåkningskamera i Norge
+
2010-09-22 20:50
-

Vagrant mentioned on IRC today that ltsp_config now support -sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin -clients, and that this can be used to fetch configuration from LDAP if -Debian Edu choose to store configuration there.

- -

Armed with this information, I got inspired and wrote a test module -to get configuration from LDAP. The idea is to look up the MAC -address of the client in LDAP, and look for attributes on the form -ltspconfigsetting=value, and use this to export SETTING=value to the -LTSP clients.

- -

The goal is to be able to store the LTSP configuration attributes -in a "computer" LDAP object used by both DNS and DHCP, and thus -allowing us to store all information about a computer in one place.

- -

This is a untested draft implementation, and I welcome feedback on -this approach. A real LDAP schema for the ltspClientAux objectclass -need to be written. Comments, suggestions, etc?

- -
-# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
-#
-# Fetch LTSP client settings from LDAP based on MAC address
-#
-# Uses ethernet address as stored in the dhcpHost objectclass using
-# the dhcpHWAddress attribute or ethernet address stored in the
-# ieee802Device objectclass with the macAddress attribute.
-#
-# This module is written to be schema agnostic, and only depend on the
-# existence of attribute names.
-#
-# The LTSP configuration variables are saved directly using a
-# ltspConfig prefix and uppercasing the rest of the attribute name.
-# To set the SERVER variable, set the ltspConfigServer attribute.
-#
-# Some LDAP schema should be created with all the relevant
-# configuration settings.  Something like this should work:
-# 
-# objectclass ( 1.1.2.2 NAME 'ltspClientAux'
-#     SUP top
-#     AUXILIARY
-#     MAY ( ltspConfigServer $ ltsConfigSound $ ... )
-
-LDAPSERVER=$(debian-edu-ldapserver)
-if [ "$LDAPSERVER" ] ; then
-    LDAPBASE=$(debian-edu-ldapserver -b)
-    for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk '{print $5}'|sort -u) ; do
-	filter="(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))"
-	ldapsearch -h "$LDAPSERVER" -b "$LDAPBASE" -v -x "$filter" | \
-	    grep '^ltspConfig' | while read attr value ; do
-	    # Remove prefix and convert to upper case
-	    attr=$(echo $attr | sed 's/^ltspConfig//i' | tr a-z A-Z)
-	    # bass value on to clients
-	    eval "$attr=$value; export $attr"
-	done
-    done
-fi
-
- -

I'm not sure this shell construction will work, because I suspect -the while block might end up in a subshell causing the variables set -there to not show up in ltsp-config, but if that is the case I am sure -the code can be restructured to make sure the variables are passed on. -I expect that can be solved with some testing. :)

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

+

For ca. et og et halvt år siden +startet +jeg på et kart over overvåkningskamera i Norge, i regi av +personvernforeningen. Det har +blitt oppdatert regelmessing, og jeg oppdaterte det nettopp. Fra den +spede start med 22 kamera registrert er det nå registrert 54 kamera. +Det er bare en brøkdel av de kamera som finnes i Norge, men det går +sakte men sikkert i riktig retning.

+ +

Informasjonen registreres fortsatt direkte inn i +OpenStreetmap, og hentes +automatisk over i + +når jeg kjører et script for å filtrere ut overvåkningskamera fra +OSM-dumpen for Norge.

- Tags: debian, debian edu, english, ldap, nuug. + Tags: norsk, personvern.
-
jXplorer, a very nice LDAP GUI
-
2010-07-09 12:55
+
Anonym ferdsel er en menneskerett
+
2010-09-15 12:15
-

Since -my -last post about available LDAP tools in Debian, I was told about a -LDAP GUI that is even better than luma. The java application -jXplorer is claimed to be capable of -moving LDAP objects and subtrees using drag-and-drop, and can -authenticate using Kerberos. I have only tested the Kerberos -authentication, but do not have a LDAP setup allowing me to rewrite -LDAP with my test user yet. It is -available in -Debian testing and unstable at the moment. The only problem I -have with it is how it handle errors. If something go wrong, its -non-intuitive behaviour require me to go through some query work list -and remove the failing query. Nothing big, but very annoying.

+

Debatten rundt sporveiselskapet i Oslos (Ruter AS) ønske om +å +radiomerke med RFID alle sine kunder og +registerere +hvor hver og en av oss beveger oss pågår, og en ting som har +kommet lite frem i debatten er at det faktisk er en menneskerett å +kunne ferdes anonymt internt i ens eget land.

+ +

Fant en grei kilde for dette i et +skriv +fra Datatilsynet til Samferdselsdepartementet om tema:

+ +

Retten til å ferdes anonymt kan utledes av +menneskerettskonvensjonen artikkel 8 og av EUs personverndirektiv. +Her heter det at enkeltpersoners grunnleggende rettigheter og frihet +må respekteres, særlig retten til privatlivets fred. I både +personverndirektivet og i den norske personopplysningsloven er +selvråderetten til hver enkelt et av grunnprinsippene, hovedsaklig +uttrykt ved at en må gi et frivillig, informert og uttrykkelig +samtykke til behandling av personopplysninger.

+ +

For meg er det viktig at jeg kan ferdes anonymt, og det er litt av +bakgrunnen til at jeg handler med kontanter, ikke har mobiltelefon og +forventer å kunne reise med bil og kollektivtrafikk uten at det blir +registrert hvor jeg har vært. Ruter angriper min rett til å ferdes +uten radiopeiler med sin innføring av RFID-kort, og dokumenterer sitt +ønske om å registrere hvor kundene befant seg ved å ønske å gebyrlegge +oss som ikke registrerer oss hver gang vi beveger oss med +kollektivtrafikken i Oslo. Jeg synes det er hårreisende.

- Tags: debian, debian edu, english, ldap, nuug. + Tags: norsk, nuug, personvern, sikkerhet.
-
MS Word krøller det til for politiet?
-
2010-07-08 14:00
+
Terms of use for video produced by a Canon IXUS 130 digital camera
+
2010-09-09 23:55
-

De siste dagene har Aftenposten -fortalt -hvordan -politet har brukt skriveverktøy som ikke håndterer arabisk tekst og -tekst som skal skrives fra høyre mot venstre når de har laget -løpeseddel for å be om informasjon fra publikum. Resultatet har vært -en uleselig arabisk-bit på løpeseddelen. Feilen har oppstått når -teksten har blitt "kopiert inn i programvare som ikke har støtte for -språk som skrives fra høyre mot venstre", og jeg er ganske sikker på -at det er snakk om Microsoft Office i dette tilfellet. Er det slik at -MS Office i norsk språkdrakt ikke har støtte for tekst som skal -skrives fra høyre mot venstre? Jeg tror alle utgaver av -OpenOffice.org har slik støtte, og det er jo ikke veldig vanskelig å -la slik støtte finnes i alle utgaver av et program hvis støtten først -er utviklet. Aftenpostens melding får meg til å undre om problemet -ville vært unngått hvis politiet brukte OpenOffice.org i stedet for MS -Office.

- -

Mon tro om det er flere eksempler på at MS Office har ødelagt for -offentlig myndighet?

+

A few days ago I had the mixed pleasure of bying a new digital +camera, a Canon IXUS 130. It was instructive and very disturbing to +be able to verify that also this camera producer have the nerve to +specify how I can or can not use the videos produced with the camera. +Even thought I was aware of the issue, the options with new cameras +are limited and I ended up bying the camera anyway. What is the +problem, you might ask? It is software patents, MPEG-4, H.264 and the +MPEG-LA that is the problem, and our right to record our experiences +without asking for permissions that is at risk. + +

On page 27 of the Danish instruction manual, this section is +written:

+ +
+

This product is licensed under AT&T patents for the MPEG-4 standard +and may be used for encoding MPEG-4 compliant video and/or decoding +MPEG-4 compliant video that was encoded only (1) for a personal and +non-commercial purpose or (2) by a video provider licensed under the +AT&T patents to provide MPEG-4 compliant video.

+ +

No license is granted or implied for any other use for MPEG-4 +standard.

+
+ +

In short, the camera producer have chosen to use technology +(MPEG-4/H.264) that is only provided if I used it for personal and +non-commercial purposes, or ask for permission from the organisations +holding the knowledge monopoly (patent) for technology used.

+ +

This issue has been brewing for a while, and I recommend you to +read +"Why +Our Civilization's Video Art and Culture is Threatened by the +MPEG-LA" by Eugenia Loli-Queru and +"H.264 Is Not +The Sort Of Free That Matters" by Simon Phipps to learn more about +the issue. The solution is to support the +free and +open standards for video, like Ogg +Theora, and avoid MPEG-4 and H.264 if you can.

- Tags: norsk. + Tags: english, fildeling, multimedia, nuug, opphavsrett, personvern, standard, video, web.
-
Lenny->Squeeze upgrades, apt vs aptitude with the Gnome desktop
-
2010-07-03 23:55
+
Navteq bruker 3-12 måneder, OpenStreetmap.org trenger noen dager
+
2010-09-07 21:40
-

Here is a short update on my my -Debian Lenny->Squeeze upgrade testing. Here is a summary of the -difference for Gnome when it is upgraded by apt-get and aptitude. I'm -not reporting the status for KDE, because the upgrade crashes when -aptitude try because of missing conflicts -(#584861 and -#585716).

- -

At the end of the upgrade test script, dpkg -l is executed to get a -complete list of the installed packages. Based on this I see these -differences when I did a test run today. As usual, I do not really -know what the correct set of packages would be, but thought it best to -publish the difference.

- -

Installed using apt-get, missing with aptitude

- -

- at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs - libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common - libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin - libgtksourceview-common libpt-1.10.10-plugins-alsa - libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java - libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip - python-4suite-xml python-eggtrayicon python-gtkhtml2 - python-gtkmozembed svgalibg1 xserver-xephyr zip -

- -

Installed using apt-get, removed with aptitude

- -

- bluez-utils dhcdbd djvulibre-desktop epiphany-gecko - gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager - libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50 - libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3 - libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9 - libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3 - libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9 - libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2 - libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0 - libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0 - libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50 - libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10 - libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4 - libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5 - libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3 - libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8 - libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1 - libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj - libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3 - mysql-common swfdec-gnome totem-gstreamer wodim -

- -

Installed using aptitude, missing with apt-get

- -

- gnome gnome-desktop-environment hamster-applet python-gnomeapplet - python-gnomekeyring python-wnck rhythmbox-plugins xorg - xserver-xorg-input-all xserver-xorg-input-evdev - xserver-xorg-input-kbd xserver-xorg-input-mouse - xserver-xorg-input-synaptics xserver-xorg-video-all - xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati - xserver-xorg-video-chips xserver-xorg-video-cirrus - xserver-xorg-video-dummy xserver-xorg-video-fbdev - xserver-xorg-video-glint xserver-xorg-video-i128 - xserver-xorg-video-i740 xserver-xorg-video-mach64 - xserver-xorg-video-mga xserver-xorg-video-neomagic - xserver-xorg-video-nouveau xserver-xorg-video-nv - xserver-xorg-video-r128 xserver-xorg-video-radeon - xserver-xorg-video-radeonhd xserver-xorg-video-rendition - xserver-xorg-video-s3 xserver-xorg-video-s3virge - xserver-xorg-video-savage xserver-xorg-video-siliconmotion - xserver-xorg-video-sis xserver-xorg-video-sisusb - xserver-xorg-video-tdfx xserver-xorg-video-tga - xserver-xorg-video-trident xserver-xorg-video-tseng - xserver-xorg-video-vesa xserver-xorg-video-vmware - xserver-xorg-video-voodoo -

- -

Installed using aptitude, removed with apt-get

- -

- deskbar-applet xserver-xorg xserver-xorg-core - xserver-xorg-input-wacom xserver-xorg-video-intel - xserver-xorg-video-openchrome -

- -

I was told on IRC that the xorg-xserver package was -changed -in git today to try to get apt-get to not remove xorg completely. -No idea when it hits Squeeze, but when it does I hope it will reduce -the difference somewhat. +

Jeg ble riktig fascinert av +en +artikkel i Aftenposten om hvor hardt Navteq jobber for å oppdatere +kartene som brukes i navigasjons-GPSer, der det blant annet heter at +"på grunn av teknikken tar det alt fra tre til tolv måneder før +kartene er oppdatert". Når en kjenner hva slags oppdateringshastighet +som er tilgjengelig på +OpenStreetmap som +oppdateres på dugnad, blir det litt trist å se hva noe av det beste en +kan kjøpe for penger får til.

+ +

Fra en endrer kartdataene i databasen til OpenStreetmap tar det +ca. 15 minutter før endringen er synlig på kartet som alle kan se på +web. Dernest overføres det daglig til en kartdump som lastes ned av +personen som lager Garmin-kart for Norge ca. en gang i uken. Med +OpenStreetmap.org og Frikart.no +kan en altså ha korreksjonene på plass i sin Garmin-GPS i løpet av en +uke. Det er også av tekniske årsaker at det tar så langt tid. +Jobbene som tegner kartene, henter ut kartdumpene og konverterer til +Garmin-format tar minutter og timer å gjennomføre, slik at de ikke +gjøres kontinuerlig men kun regelmessing.

- Tags: debian, debian edu, english. + Tags: kart, norsk, nuug.
-
Caching password, user and group on a roaming Debian laptop
-
2010-07-01 11:40
+
Some notes on Flash in Debian and Debian Edu
+
2010-09-04 10:10
-

For a laptop, centralized user directories and password checking is -a bit troubling. Laptops are typically used also when not connected -to the network, and it is vital for a user to be able to log in or -unlock the screen saver also when a central server is unavailable. -This is possible by caching passwords and directory information (user -and group attributes) locally, and the packages to do so are available -in Debian. Here follow two recipes to set this up in Debian/Squeeze. -It is also possible to set up in Debian/Lenny, but require more manual -setup there because pam-auth-update is missing in Lenny.

- -

LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir

- -This is the traditional method with a twist. The password caching is -provided by libpam-ccreds (version 10-4 or later is needed on -Squeeze), and the directory caching is done by nscd. The directory -lookup and password checking is done using LDAP. If one want to use -Kerberos for password checking the libpam-ldapd package can be -replaced with libpam-krb5 or libpam-heimdal. If one is happy having a -local home directory with the path listed in LDAP, one can use the -pam_mkhomedir module from pam-modules to make this happen instead of -using libpam-mklocaluser. A setup for pam-auth-update to enable -pam_mkhomedir will have to be written until a fix for -bug #568577 is in the -archive. Because I believe it is a bad idea to have local home -directories using misleading paths like /site/server/partition/, I -prefer to create a local user with the home directory in /home/. This -is done using the libpam-mklocaluser package.

- -

These packages need to be installed and configured

- -
-libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
-
- -

The ldapd packages will ask for LDAP connection information, and -one have to fill in the values that fits ones own site. Make sure the -PAM part uses encrypted connections, to make sure the password is not -sent in clear text to the LDAP server. I've been unable to get TLS -certificate checking for a self signed certificate working, which make -LDAP authentication unsafe for Debian Edu (nslcd is not checking if it -is talking to the correct LDAP server), and very much welcome feedback -on how to get this working.

- -

Because nscd do not have a default configuration fit for offline -caching until bug #485282 -is fixed, this configuration should be used instead of the one -currently in /etc/nscd.conf. The changes are in the fields -reload-count and positive-time-to-live, and is based on the -instructions I found in the -LDAP for Mobile Laptops -instructions by Flyn Computing.

- -
-	debug-level		0
-	reload-count		unlimited
-	paranoia		no
-
-	enable-cache		passwd		yes
-	positive-time-to-live	passwd		2592000
-	negative-time-to-live	passwd		20
-	suggested-size		passwd		211
-	check-files		passwd		yes
-	persistent		passwd		yes
-	shared			passwd		yes
-	max-db-size		passwd		33554432
-	auto-propagate		passwd		yes
-
-	enable-cache		group		yes
-	positive-time-to-live	group		2592000
-	negative-time-to-live	group		20
-	suggested-size		group		211
-	check-files		group		yes
-	persistent		group		yes
-	shared			group		yes
-	max-db-size		group		33554432
-	auto-propagate		group		yes
-
-	enable-cache		hosts		no
-	positive-time-to-live	hosts		2592000
-	negative-time-to-live	hosts		20
-	suggested-size		hosts		211
-	check-files		hosts		yes
-	persistent		hosts		yes
-	shared			hosts		yes
-	max-db-size		hosts		33554432
-
-	enable-cache		services	yes
-	positive-time-to-live	services	2592000
-	negative-time-to-live	services	20
-	suggested-size		services	211
-	check-files		services	yes
-	persistent		services	yes
-	shared			services	yes
-	max-db-size		services	33554432
-
- -

While we wait for a mechanism to update /etc/nsswitch.conf -automatically like the one provided in -bug #496915, the file -content need to be manually replaced to ensure LDAP is used as the -directory service on the machine. /etc/nsswitch.conf should normally -look like this:

- -
-passwd:         files ldap
-group:          files ldap
-shadow:         files ldap
-hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
-networks:       files
-protocols:      files
-services:       files
-ethers:         files
-rpc:            files
-netgroup:       files ldap
-
- -

The important parts are that ldap is listed last for passwd, group, -shadow and netgroup.

- -

With these changes in place, any user in LDAP will be able to log -in locally on the machine using for example kdm, get a local home -directory created and have the password as well as user and group -attributes cached. - -

LDAP/Kerberos + nss-updatedb + libpam-ccreds + - libpam-mklocaluser/pam_mkhomedir

- -

Because nscd have had its share of problems, and seem to have -problems doing proper caching, I've seen suggestions and recipes to -use nss-updatedb to copy parts of the LDAP database locally when the -LDAP database is available. I have not tested such setup, because I -discovered sssd.

- -

LDAP/Kerberos + sssd + libpam-mklocaluser

- -

A more flexible and robust setup than the nscd combination -mentioned earlier that has shown up recently, is the -sssd package from Redhat. -It is part of the FreeIPA project -to provide a Active Directory like directory service for Linux -machines. The sssd system combines the caching of passwords and user -information into one package, and remove the need for nscd and -libpam-ccreds. It support LDAP and Kerberos, but not NIS. Version -1.2 do not support netgroups, but it is said that it will support this -in version 1.5 expected to show up later in 2010. Because the -sssd package -was missing in Debian, I ended up co-maintaining it with Werner, and -version 1.2 is now in testing. - -

These packages need to be installed and configured to get the -roaming setup I want

- -
-libpam-sss libnss-sss libpam-mklocaluser
-
- -The complete setup of sssd is done by editing/creating -/etc/sssd/sssd.conf. - -
-[sssd]
-config_file_version = 2
-reconnection_retries = 3
-sbus_timeout = 30
-services = nss, pam
-domains = INTERN
-
-[nss]
-filter_groups = root
-filter_users = root
-reconnection_retries = 3
-
-[pam]
-reconnection_retries = 3
-
-[domain/INTERN]
-enumerate = false
-cache_credentials = true
-
-id_provider = ldap
-auth_provider = ldap
-chpass_provider = ldap
-
-ldap_uri = ldap://ldap
-ldap_search_base = dc=skole,dc=skolelinux,dc=no
-ldap_tls_reqcert = never
-ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
-
- -

I got the same problem here with certificate checking. Had to set -"ldap_tls_reqcert = never" to get it working.

- -

With the libnss-sss package in testing at the moment, the -nsswitch.conf file is update automatically, so there is no need to -modify it manually.

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

+

In the Debian +popularity-contest numbers, the adobe-flashplugin package the +second most popular used package that is missing in Debian. The sixth +most popular is flashplayer-mozilla. This is a clear indication that +working flash is important for Debian users. Around 10 percent of the +users submitting data to popcon.debian.org have this package +installed.

+ +

In the report written by Lars Risan in August 2008 +(«Skolelinux +i bruk – Rapport for Hurum kommune, Universitetet i Agder og +stiftelsen SLX Debian Labs»), one of the most important problems +schools experienced with Debian +Edu/Skolelinux was the lack of working Flash. A lot of educational +web sites require Flash to work, and lacking working Flash support in +the web browser and the problems with installing it was perceived as a +good reason to stay with Windows.

+ +

I once saw a funny and sad comment in a web forum, where Linux was +said to be the retarded cousin that did not really understand +everything you told him but could work fairly well. This was a +comment regarding the problems Linux have with proprietary formats and +non-standard web pages, and is sad because it exposes a fairly common +understanding of whose fault it is if web pages that only work in for +example Internet Explorer 6 fail to work on Firefox, and funny because +it explain very well how annoying it is for users when Linux +distributions do not work with the documents they receive or the web +pages they want to visit.

+ +

This is part of the reason why I believe it is important for Debian +and Debian Edu to have a well working Flash implementation in the +distribution, to get at least popular sites as Youtube and Google +Video to working out of the box. For Squeeze, Debian have the chance +to include the latest version of Gnash that will make this happen, as +the new release 0.8.8 was published a few weeks ago and is resting in +unstable. The new version work with more sites that version 0.8.7. +The Gnash maintainers have asked for a freeze exception, but the +release team have not had time to reply to it yet. I hope they agree +with me that Flash is important for the Debian desktop users, and thus +accept the new package into Squeeze.

- Tags: debian edu, english, ldap, nuug. + Tags: debian, debian edu, english, multimedia, video, web.
-
LUMA, a very nice LDAP GUI
-
2010-06-28 00:30
+
My first perl GUI application - controlling a Spykee robot
+
2010-09-01 21:00
-

The last few days I have been looking into the status of the LDAP -directory in Debian Edu, and in the process I started to miss a GUI -tool to browse the LDAP tree. The only one I was able to find in -Debian/Squeeze and Lenny is -LUMA, which has proved to -be a great tool to get a overview of the current LDAP directory -populated by default in Skolelinux. Thanks to it, I have been able to -find empty and obsolete subtrees, misplaced objects and duplicate -objects. It will be installed by default in Debian/Squeeze. If you -are working with LDAP, give it a go. :)

- -

I did notice one problem with it I have not had time to report to -the BTS yet. There is no .desktop file in the package, so the tool do -not show up in the Gnome and KDE menus, but only deep down in in the -Debian submenu in KDE. I hope that can be fixed before Squeeze is -released.

- -

I have not yet been able to get it to modify the tree yet. I would -like to move objects and remove subtrees directly in the GUI, but have -not found a way to do that with LUMA yet. So in the mean time, I use -ldapvi for that.

- -

If you have tips on other GUI tools for LDAP that might be useful -in Debian Edu, please contact us on debian-edu@lists.debian.org.

- -

Update 2010-06-29: Ross Reedstrom tipped us about the -gq package as a -useful GUI alternative. It seem like a good tool, but is unmaintained -in Debian and got a RC bug keeping it out of Squeeze. Unless that -changes, it will not be an option for Debian Edu based on Squeeze.

+

This evening I made my first Perl GUI application. The last few +days I have worked on a Perl module for controlling my recently +aquired Spykee robots, and the module is now getting complete enought +that it is possible to use it to control the robot driving at least. +It was now time to figure out how to use it to create some GUI to +allow me to drive the robot around. I picked PerlQt as I have had +positive experiences with the Qt API before, and spent a few minutes +browsing the web for examples. Using Qt Designer seemed like a short +cut, so I ended up writing the perl GUI using Qt Designer and +compiling it into a perl program using the puic program from +libqt-perl. Nothing fancy yet, but it got buttons to connect and +drive around.

+ +

The perl module I have written provide a object oriented API for +controlling the robot. Here is an small example on how to use it:

+ +

+use Spykee;
+Spykee::discover(sub {$robot{$_[0]} = $_[1]});
+my $host = (keys %robot)[0];
+my $spykee = Spykee->new();
+$spykee->contact($host, "admin", "admin");
+$spykee->left();
+sleep 2;
+$spykee->right();
+sleep 2;
+$spykee->forward();
+sleep 2;
+$spykee->back();
+sleep 2;
+$spykee->stop();
+

+ +

Thanks to the release of the source of the robot firmware, I could +peek into the implementation at the other end to figure out how to +implement the protocol used by the robot. I've implemented several of +the commands the robot understand, but is still missing the camera +support to make it possible to control the robot from remote. First I +want to implement support for uploading new firmware and configuring +the wireless network, to make it possible to bootstrap a Spykee robot +without the producers Windows and MacOSX software (I only have Linux, +so I had to ask a friend to come over to get the robot testing +going. :).

+ +

Will release the source to the public soon, but need to figure out +where to make it available first. I will add a link to +the NUUG wiki for +those that want to check back later to find it.

- Tags: debian, debian edu, english, ldap, nuug. + Tags: english, nuug, robot.
-
Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object
-
2010-06-24 00:35
+
Forslag i stortinget om å stoppe elektronisk stemmegiving i Norge
+
2010-08-31 21:00
-

A while back, I -complained -about the fact that it is not possible with the provided schemas -for storing DNS and DHCP information in LDAP to combine the two sets -of information into one LDAP object representing a computer.

- -

In the mean time, I discovered that a simple fix would be to make -the dhcpHost object class auxiliary, to allow it to be combined with -the dNSDomain object class, and thus forming one object for one -computer when storing both DHCP and DNS information in LDAP.

- -

If I understand this correctly, it is not safe to do this change -without also changing the assigned number for the object class, and I -do not know enough about LDAP schema design to do that properly for -Debian Edu.

- -

Anyway, for future reference, this is how I believe we could change -the -DHCP -schema to solve at least part of the problem with the LDAP schemas -available today from IETF.

- -
---- dhcp.schema    (revision 65192)
-+++ dhcp.schema    (working copy)
-@@ -376,7 +376,7 @@
- objectclass ( 2.16.840.1.113719.1.203.6.6
-        NAME 'dhcpHost'
-        DESC 'This represents information about a particular client'
--       SUP top
-+       SUP top AUXILIARY
-        MUST cn
-        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
-        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
-
- -

I very much welcome clues on how to do this properly for Debian -Edu/Squeeze. We provide the DHCP schema in our debian-edu-config -package, and should thus be free to rewrite it as we see fit.

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

+

Ble tipset i dag om at et forslag om å stoppe forsøkene med +elektronisk stemmegiving utenfor valglokaler er +til +behandling i Stortinget. +Forslaget +er fremmet av Erna Solberg, Michael Tetzschner og Trond Helleland.

+ +

Håper det får flertall.

- Tags: debian, debian edu, english, ldap, nuug. + Tags: norsk, nuug, sikkerhet.
-
Calling tasksel like the installer, while still getting useful output
-
2010-06-16 14:55
+
Broken hard link handling with sshfs
+
2010-08-30 19:30
-

A few times I have had the need to simulate the way tasksel -installs packages during the normal debian-installer run. Until now, -I have ended up letting tasksel do the work, with the annoying problem -of not getting any feedback at all when something fails (like a -conffile question from dpkg or a download that fails), using code like -this: - -

-export DEBIAN_FRONTEND=noninteractive
-tasksel --new-install
-
- -This would invoke tasksel, let its automatic task selection pick the -tasks to install, and continue to install the requested tasks without -any output what so ever. - -Recently I revisited this problem while working on the automatic -package upgrade testing, because tasksel would some times hang without -any useful feedback, and I want to see what is going on when it -happen. Then it occured to me, I can parse the output from tasksel -when asked to run in test mode, and use that aptitude command line -printed by tasksel then to simulate the tasksel run. I ended up using -code like this: - -
-export DEBIAN_FRONTEND=noninteractive
-cmd="$(in_target tasksel -t --new-install | sed 's/debconf-apt-progress -- //')"
-$cmd
-
- -

The content of $cmd is typically something like "aptitude -q ---without-recommends -o APT::Install-Recommends=no -y install -~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired -~pimportant", which will install the gnome desktop task, the -laptop task and all packages with priority standard , required and -important, just like tasksel would have done it during -installation.

- -

A better approach is probably to extend tasksel to be able to -install packages without using debconf-apt-progress, for use cases -like this.

+

Just got an email from Tobias Gruetzmacher as a followup on my +previous +post about sshfs. He reported another problem with sshfs. It +fail to handle hard links properly. A simple way to spot this is to +look at the . and .. entries in the directory tree. These should have +a link count >1, but on sshfs the count is 1. I just tested to see +what happen when trying to hardlink, and this fail as well:

+ +
+% ln foo bar
+ln: creating hard link `bar' => `foo': Function not implemented
+%
+
+ +

I have not yet found time to implement a test for this in my file +system test code, but believe having working hard links is useful to +avoid surprised unix programs. Not as useful as working file locking +and symlinks, which are required to get a working desktop, but useful +nevertheless. :)

+ +

The latest version of the file system test code is available via +git from +http://github.com/gebi/fs-test

- Tags: debian, english, nuug. + Tags: debian edu, english, nuug.
-
Vinmonopolet bryter loven åpenlyst - og flere planlegger å gjøre det samme
-
2010-06-16 11:00
+
Sikkerhetsteateret på flyplassene fortsetter
+
2010-08-28 10:40
-

Dagbladet -melder at Vinmonopolet med bakgrunn i vekterstreiken som pågår i -Norge for tiden, har bestemt seg for med vitende og vilje å bryte -sentralbanklovens paragraf 14 ved å nekte folk å betale med -kontanter, og at flere butikker planlegger å følge deres eksempel. -Jeg synes det er hårreisende hvis de slipper unna med et slikt -soleklart lovbrudd, og lurer på hva slags muligheter jeg vil ha hvis -jeg blir nektet å handle med kontanter. Jeg handler i hovedsak med -kontanter selv, da jeg anser det som en borgerrett å kunne handle -anonymt uten at det blir registrert. For meg er det et angrep på mitt -personvern å nekte å ta imot kontant betaling.

- -

Paragrafen -i sentralbankloven lyder:

- -
-

§ 14. Tvungent betalingsmiddel

- -

Bankens sedler og mynter er tvungent betalingsmiddel i Norge. Ingen -er pliktig til i én betaling å ta imot mer enn femogtyve mynter av -hver enhet.

- -

Sterkt skadde sedler og mynter er ikke tvungent -betalingsmiddel. Banken gir nærmere forskrifter om erstatning for -bortkomne, brente eller skadde sedler og mynter.

- -

Selv om en avtale inneholder klausul om betaling av en -pengeforpliktelse i gullverdi, kan skyldneren frigjøre seg med tvungne -betalingsmidler uten hensyn til denne klausul.

-
- -

Det er med bakgrunn i denne lovet ikke tillatt å nekte å ta imot -kontakt betaling. Det er en lov jeg har sans for, og som jeg mener må -håndheves strengt.

+

Jeg skrev for et halvt år siden hvordan +samfunnet +kaster bort ressurser på sikkerhetstiltak som ikke fungerer. Kom +nettopp over en +historie +fra en pilot fra USA som kommenterer det samme. Jeg mistenker det +kun er uvitenhet og autoritetstro som gjør at så få protesterer. Har +veldig sans for piloten omtalt i Aftenposten 2007-10-23, +og skulle ønske flere rettet oppmerksomhet mot problemet. Det gir +ikke meg trygghetsfølelse på flyplassene når jeg ser at +flyplassadministrasjonen kaster bort folk, penger og tid på tull i +stedet for ting som bidrar til reell økning av sikkerheten. Det +forteller meg jo at vurderingsevnen til de som burde bidra til økt +sikkerhet er svært sviktende, noe som ikke taler godt for de andre +tiltakene.

+ +

Mon tro hva som skjer hvis det fantes en enkel brosjyre å skrive ut +fra Internet som forklarte hva som er galt med sikkerhetsopplegget på +flyplassene, og folk skrev ut og la en bunke på flyplassene når de +passerte. Kanskje det ville fått flere til å få øynene opp for +problemet.

+ +

Personlig synes jeg flyopplevelsen er blitt så avskyelig at jeg +forsøker å klare meg med tog, bil og båt for å slippe ubehaget. Det +er dog noe vanskelig i det langstrakte Norge og for å kunne besøke de +delene av verden jeg ønsker å nå. Mistenker at flere har det slik, og +at dette går ut over inntjeningen til flyselskapene. Det er antagelig +en god ting sett fra et miljøperspektiv, men det er en annen sak.

- Tags: norsk, personvern. + Tags: norsk, nuug, personvern, sikkerhet.
-
Officeshots taking shape
-
2010-06-13 11:40
+
Skolelinux i Osloskolen
+
2010-08-26 22:25
-

For those of us caring about document exchange and -interoperability, OfficeShots -is a great service. It is to ODF documents what -BrowserShots is for web -pages.

- -

A while back, I was contacted by Knut Yrvin at the part of Nokia -that used to be Trolltech, who wanted to help the OfficeShots project -and wondered if the University of Oslo where I work would be -interested in supporting the project. I helped him to navigate his -request to the right people at work, and his request was answered with -a spot in the machine room with power and network connected, and Knut -arranged funding for a machine to fill the spot. The machine is -administrated by the OfficeShots people, so I do not have daily -contact with its progress, and thus from time to time check back to -see how the project is doing.

- -

Today I had a look, and was happy to see that the Dell box in our -machine room now is the host for several virtual machines running as -OfficeShots factories, and the project is able to render ODF documents -in 17 different document processing implementation on Linux and -Windows. This is great.

+

Denne høsten skal endelig alle Osloskolene få mulighet til å bruke +Skolelinux. Ny IT-løsning +har vært rullet ut i noen måneder nå, og så vidt jeg fikk vite før +sommeren skulle alle skoler ha nytt opplegg på plass før oppstart nå i +høst. På alle skolene skal en kunne velge ved installasjon om en skal +ha Windows eller Skolelinux på maskinene, og en kan i tillegg +PXE-boote maskinene over nett som tynne klienter eller diskløse +arbeidsstasjoner. Jeg er spent på hvor mange skoler som velger å ta i +bruk Skolelinux, og gleder meg til å se hvordan dette utvikler seg. +Løsningen leveres av +Logica med +Skolelinux Drift AS som +underleverandør, og jeg har vært involvert i utviklingen av løsningen +via Skolelinux Drift AS siden prosjektet starter. Jeg synes det er +fantastisk at Skolelinux er kommet så langt siden vi startet i 2001 at +alle elevene i Osloskolene nå skal få mulighet til å bruke +løsningen. Jeg håper de vil sette pris på alle de +fantastiske +brukerprogrammene som er tilgjengelig i Skolelinux.

- Tags: english, standard. + Tags: debian edu, norsk.
@@ -755,7 +467,11 @@ Windows. This is great.

  • June (14)
    • -
  • July (5)
    • +
  • July (12)
    • + +
  • August (13)
    • + +
  • September (6)
    • @@ -812,51 +528,53 @@ Windows. This is great.

  • bootsystem (10)
    • -
  • debian (32)
    • +
  • debian (36)
    • -
  • debian edu (32)
    • +
  • debian edu (44)
    • -
  • english (45)
    • +
  • english (61)
  • fiksgatami (1)
    • -
  • fildeling (7)
    • +
  • fildeling (9)
    • -
  • kart (2)
    • +
  • kart (4)
    • -
  • ldap (6)
    • +
  • ldap (8)
    • -
  • lenker (1)
    • +
  • lenker (2)
  • ltsp (1)
    • -
  • multimedia (5)
    • +
  • multimedia (7)
    • -
  • norsk (70)
    • +
  • norsk (80)
    • -
  • nuug (82)
    • +
  • nuug (104)
    • -
  • opphavsrett (13)
    • +
  • opphavsrett (15)
    • -
  • personvern (13)
    • +
  • personvern (19)
  • reprap (10)
    • +
  • robot (3)
    • +
  • rss (1)
    • -
  • sikkerhet (9)
    • +
  • sikkerhet (15)
  • sitesummary (3)
    • -
  • standard (13)
    • +
  • standard (14)
  • stavekontroll (1)
    • -
  • video (10)
    • +
  • video (12)
  • vitenskap (1)
    • -
  • web (6)
    • +
  • web (9)