1 <?xml version=
"1.0" encoding=
"ISO-8859-1"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries from August
2010</title>
5 <description>Entries from August
2010</description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
10 <title>Debian Edu roaming workstation - at the university of Oslo
</title>
11 <link>http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
</guid>
13 <pubDate>Tue,
3 Aug
2010 23:
30:
00 +
0200</pubDate>
15 <p
>The new roaming workstation profile in Debian Edu/Squeeze is fairly
16 similar to the laptop setup am I working on using Ubuntu for the
17 University of Oslo, and just for the heck of it, I tested today how
18 hard it would be to integrate that profile into the university
19 infrastructure. In this case, it is the university LDAP server,
20 Active Directory Kerberos server and SMB mounting from the Netapp file
23 <p
>I was pleasantly surprised that the only three files needed to be
24 changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
25 /etc/mklocaluser.d/
20-debian-edu-config) and one file had to be added
26 (/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
27 Most of the changes were to get the client to use the university LDAP
28 for NSS and Kerberos server for PAM, but one was to change a hard
29 coded DNS domain name in the mklocaluser hook from .intern to
32 <p
>This testing was so encouraging, that I went ahead and adjusted the
33 Debian Edu scripts and setup in subversion to centralise the roaming
34 workstation setup a bit more and avoid the hardcoded DNS domain name,
35 so that when I test this tomorrow, I expect to get away with modifying
36 only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
37 university servers.
</p
>
39 <p
>My goal is to get the clients to have no hardcoded settings and
40 fetch all their initial setup during installation and first boot, to
41 allow them to be inserted also into environments where the default
42 setup in Debian Edu has been changed or as with the university, where
43 the environment is different but provides the protocols Debian Edu
49 <title>Autodetecting Client setup for roaming workstations in Debian Edu
</title>
50 <link>http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html
</link>
51 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html
</guid>
52 <pubDate>Sat,
7 Aug
2010 14:
45:
00 +
0200</pubDate>
54 <p
>A few days ago, I
55 <a href=
"http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
">tried
56 to install
</a
> a Roaming workation profile from Debian Edu/Squeeze
57 while on the university network here at the University of Oslo, and
58 noticed how much had to change to get it operational using the
59 university infrastructure. It was fairly easy, but it occured to me
60 that Debian Edu would improve a lot if I could get the client to
61 connect without any changes at all, and thus let the client configure
62 itself during installation and first boot to use the infrastructure
63 around it. Now I am a huge step further along that road.
</p
>
65 <p
>With our current squeeze-test packages, I can select the roaming
66 workstation profile and get a working laptop connecting to the
67 university LDAP server for user and group and our active directory
68 servers for Kerberos authentication. All this without any
69 configuration at all during installation. My users home directory got
70 a bookmark in the KDE menu to mount it via SMB, with the correct URL.
71 In short, openldap and sssd is correctly configured. In addition to
72 this, the client look for http://wpad/wpad.dat to configure a web
73 proxy, and when it fail to find it no proxy settings are stored in
74 /etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
75 configured to look for the same wpad configuration and also do not use
76 a proxy when at the university network. If the machine is moved to a
77 network with such wpad setup, it would automatically use it when DHCP
78 gave it a IP address.
</p
>
80 <p
>The LDAP server is located using DNS, by first looking for the DNS
81 entry ldap.$domain. If this do not exist, it look for the
82 _ldap._tcp.$domain SRV records and use the first one as the LDAP
83 server. Next, it connects to the LDAP server and search all
84 namingContexts entries for posixAccount or posixGroup objects, and
85 pick the first one as the LDAP base. For Kerberos, a similar
86 algorithm is used to locate the LDAP server, and the realm is the
87 uppercase version of $domain.
</p
>
89 <p
>So, what is not working, you might ask. SMB mounting my home
90 directory do not work. No idea why, but suspected the incorrect
91 Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
92 the cause. These are not properly configured during installation, and
93 had to be hand-edited to get the correct Kerberos realm and server,
94 but SMB mounting still do not work. :(
</p
>
96 <p
>With this automatic configuration in place, I expect a Debian Edu
97 roaming profile installation would be able to automatically detect and
98 connect to any site using LDAP and Kerberos for NSS directory and PAM
99 authentication. It should also work out of the box in a Active
100 Directory environment providing posixAccount and posixGroup objects
101 with UID and GID values.
</p
>
103 <p
>If you want to help out with implementing these things for Debian
104 Edu, please contact us on debian-edu@lists.debian.org.
</p
>
109 <title>Testing if a file system can be used for home directories...
</title>
110 <link>http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
</link>
111 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
</guid>
112 <pubDate>Sun,
8 Aug
2010 21:
20:
00 +
0200</pubDate>
114 <p
>A few years ago, I was involved in a project planning to use
115 Windows file servers as home directory servers for Debian
116 Edu/Skolelinux machines. This was thought to be no problem, as the
117 access would be through the SMB network file system protocol, and we
118 knew other sites used SMB with unix and samba as the file server to
119 mount home directories without any problems. But, after months of
120 struggling, we had to conclude that our goal was impossible.
</p
>
122 <p
>The reason is simply that while SMB can be used for home
123 directories when the file server is Samba running on Unix, this only
124 work because of Samba have some extensions and the fact that the
125 underlying file system is a unix file system. When using a Windows
126 file server, the underlying file system do not have POSIX semantics,
127 and several programs will fail if the users home directory where they
128 want to store their configuration lack POSIX semantics.
</p
>
130 <p
>As part of this work, I wrote a small C program I want to share
131 with you all, to replicate a few of the problematic applications (like
132 OpenOffice.org and GCompris) and see if the file system was working as
133 it should. If you find yourself in spooky file system land, it might
134 help you find your way out again. This is the fs-test.c source:
</p
>
138 * Some tests to check the file system sematics. Used to verify that
139 * CIFS from a windows server do not work properly as a linux home
141 * License: GPL v2 or later
143 * needs libsqlite3-dev and build-essential installed
144 * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
147 #define _FILE_OFFSET_BITS
64
148 #define _LARGEFILE_SOURCE
1
149 #define _LARGEFILE64_SOURCE
1
151 #define _GNU_SOURCE /* for asprintf() */
153 #include
&lt;errno.h
>
154 #include
&lt;fcntl.h
>
155 #include
&lt;stdio.h
>
156 #include
&lt;string.h
>
157 #include
&lt;stdlib.h
>
158 #include
&lt;sys/file.h
>
159 #include
&lt;sys/stat.h
>
160 #include
&lt;sys/types.h
>
161 #include
&lt;unistd.h
>
165 * Test sqlite open, as done by gcompris require the libsqlite3-dev
166 * package and linking with -lsqlite3. A more low level test is
168 * See also
&lt;URL: http://www.sqlite.org./faq.html#q5
>.
170 #include
&lt;sqlite3.h
>
171 #define CREATE_TABLE_USERS \
172 "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT );
"
173 int test_sqlite_open(void) {
175 char *name =
"testsqlite.db
";
178 int rc = sqlite3_open(name,
&db);
180 printf(
"error: sqlite open of %s failed: %s\n
", name, sqlite3_errmsg(db));
186 rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL,
0,
&zErrMsg);
187 if( rc != SQLITE_OK ){
188 printf(
"error: sqlite table create failed: %s\n
", zErrMsg);
192 printf(
"info: sqlite worked\n
");
196 #endif /* TEST_SQLITE */
199 * Demonstrate locking issue found in gcompris using sqlite3. This
200 * work with ext3, but not with cifs server on Windows
2003. This is
201 * done in the sqlite3 library.
203 *
&lt;URL:http://www.cygwin.com/ml/cygwin/
2001-
08/msg00854.html
> and the
204 * POSIX specification
205 *
&lt;URL:http://www.opengroup.org/onlinepubs/
009695399/functions/fcntl.html
>.
207 int test_gcompris_locking(void) {
209 char *name =
"testsqlite.db
";
211 int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE,
0644);
212 printf(
"info: testing fcntl locking\n
");
214 fl.l_whence = SEEK_SET;
216 printf(
" Read-locking
1 byte from
1073741824");
217 fl.l_start =
1073741824;
220 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
222 printf(
" Read-locking
510 byte from
1073741826");
223 fl.l_start =
1073741826;
226 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
228 printf(
" Unlocking
1 byte from
1073741824");
229 fl.l_start =
1073741824;
232 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
234 printf(
" Write-locking
1 byte from
1073741824");
235 fl.l_start =
1073741824;
238 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
240 printf(
" Write-locking
510 byte from
1073741826");
241 fl.l_start =
1073741826;
243 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
245 printf(
" Unlocking
2 byte from
1073741824");
246 fl.l_start =
1073741824;
249 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
256 * Test if permissions of freshly created directories allow entries
257 * below them. This was a problem with OpenOffice.org and gcompris.
258 * Mounting with option
'sync
' seem to solve this problem while
259 * slowing down file operations.
261 int test_subdirectory_creation(void) {
263 char *path = strdup(
"test
");
266 printf(
"info: testing subdirectory creation\n
");
267 for (level =
0; level
&lt; LEVELS; level++) {
268 char *newpath = NULL;
269 if (-
1 == mkdir(path,
0777)) {
270 printf(
" error: Unable to create directory
'%s
': %s\n
",
271 path, strerror(errno));
274 asprintf(
&newpath,
"%s/%s
", path,
"test
");
282 * Test if symlinks can be created. This was a problem detected with
285 int test_symlinks(void) {
286 printf(
"info: testing symlink creation\n
");
287 unlink(
"symlink
");
288 if (-
1 == symlink(
"file
",
"symlink
"))
289 printf(
" error: Unable to create symlink\n
");
293 int main(int argc, char **argv) {
294 printf(
"Testing POSIX/Unix sematics on file system\n
");
296 test_subdirectory_creation();
299 #endif /* TEST_SQLITE */
300 test_gcompris_locking();
305 <p
>When everything is working, it should print something like
309 Testing POSIX/Unix sematics on file system
310 info: testing symlink creation
311 info: testing subdirectory creation
313 info: testing fcntl locking
314 Read-locking
1 byte from
1073741824
315 Read-locking
510 byte from
1073741826
316 Unlocking
1 byte from
1073741824
317 Write-locking
1 byte from
1073741824
318 Write-locking
510 byte from
1073741826
319 Unlocking
2 byte from
1073741824
322 <p
>I do not remember the exact details of the problems we saw, but one
323 of them was with locking, where if I remember correctly, POSIX allow a
324 read-only lock to be upgraded to a read-write lock without unlocking
325 the read-only lock (while Windows do not). Another was a bug in the
326 CIFS/SMB client implementation in the Linux kernel where directory
327 meta information would be wrong for a fraction of a second, making
328 OpenOffice.org fail to create its deep directory tree because it was
329 not allowed to create files in its freshly created directory.
</p
>
331 <p
>Anyway, here is a nice tool for your tool box, might you never need
337 <title>No hardcoded config on Debian Edu clients
</title>
338 <link>http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html
</link>
339 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html
</guid>
340 <pubDate>Mon,
9 Aug
2010 20:
15:
00 +
0200</pubDate>
342 <p
>As reported earlier, the last few days I have looked at how Debian
343 Edu clients are configured, and tried to get rid of all hardcoded
344 configuration settings on the clients. I believe the work to be
345 mostly done, and the clients seem to work just fine with dynamically
346 generated configuration.
</p
>
348 <p
>What is the point, you might ask? The point is to allow a Debian
349 Edu desktop to integrate into an existing network infrastructure
350 without any manual configuration.
</p
>
352 <p
>This is what happens when installing a Debian Edu client here at
353 the University of Oslo using PXE. With the PXE installation, I am
354 asked for language (Norwegian Bokmål), locality (Norway) and keyboard
355 layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
356 accept to reformat the hard drive (yes), if I want to submit info to
357 popcon.debian.org (no) and root password (secret). After answering
358 these questions, the installer goes ahead and does its thing, and
359 after around
50 minutes it is done. I press enter to finish the
360 installation, and the machine reboots into KDE. When the machine is
361 ready and kdm asks for login information, I enter my university
362 username and password, am told by kdm that a local home directory has
363 been created and that I must log in again, and finally log in with the
364 same username and password to the KDE
4.4 desktop. At no point during
365 this process did it ask for university specific settings, and all the
366 required configuration was dynamically detected using information
367 fetched via DHCP and DNS. The roaming workstation is now ready for
370 <p
>How was this done, you might wonder? First of all, here is the
371 list of things that need to be configured on the client to get it
372 working properly out of the box:
</p
>
375 <li
>IP address/netmask and DNS server.
</li
>
376 <li
>Web proxy URL.
</li
>
377 <li
>LDAP server for NSS directory information (user, group, etc).
</li
>
378 <li
>Kerberos server for PAM password checking.
</li
>
379 <li
>SMB mount point to access the network home directory. (*)
</li
>
380 <li
>Central syslog server to send syslog messages to. (*)
</li
>
381 <li
>Sitesummary collector URL to submit info to central server. (*)
</li
>
384 <p
>(Hm, did I forget anything? Let me knew if I did.)
</p
>
386 <p
>The points marked (*) are not required to be able to use the
387 machine, but needed to provide central storage and allowing system
388 administrators to track their machines. Since yesterday, everything
389 but the sitesummary collector URL is dynamically discovered at boot
390 and installation time in the svn version of Debian Edu.
</p
>
392 <p
>The IP and DNS setup is fetched during boot using DHCP as usual.
393 When a DHCP update arrives, the proxy setup is updated by looking for
394 http://wpat/wpad.dat and using the content of this WPAD file to
395 configure the http and ftp proxy in /etc/environment and
396 /etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
397 hook to ensure that the client stops using the Debian Edu proxy when
398 it is moved outside the Debian Edu network, and instead uses any local
399 proxy present on the new network when it moves around.
</p
>
401 <p
>The DNS names of the LDAP, Kerberos and syslog server and related
402 configuration are generated using DNS information at boot. First the
403 installer looks for a host named ldap in the current DNS domain. If
404 not found, it looks for _ldap._tcp SRV records in DNS instead. If an
405 LDAP server is found, its root DSE entry is requested and the
406 attributes namingContexts and defaultNamingContext are used to
407 determine which LDAP base to use for NSS. If there are several
408 namingContexts attibutes and the defaultNamingContext is present, that
409 LDAP subtree is used as the base. If defaultNamingContext is missing,
410 the subtrees listed as namingContexts are searched in sequence for any
411 object with class posixAccount or posixGroup, and the first one with
412 such an object is used as the LDAP base. For Kerberos, a similar
413 search is done by first looking for a host named kerberos, and then
414 for the _kerberos._tcp SRV record. I
've been unable to find a way to
415 look up the Kerberos realm, so for this the upper case string of the
416 current DNS domain is used.
</p
>
418 <p
>For the syslog server, the hosts syslog and loghost are searched
419 for, and the _syslog._udp SRV record is consulted if no such host is
420 found. This algorithm works for both Debian Edu and the University of
421 Oslo. A similar strategy would work for locating the sitesummary
422 server, but have not been implemented yet. I decided to fetch and
423 save these settings during installation, to make sure moving to a
424 different network does not change the set of users being allowed to
425 log in nor the passwords required to log in. Usernames and passwords
426 will be cached by sssd when the user logs in on the Debian Edu
427 network, and will not change as the laptop move around. For a
428 non-roaming machine, there is no caching, but given that it is
429 supposed to stay in place it should not matter much. Perhaps we
430 should switch those to use sssd too?
</p
>
432 <p
>The user
's SMB mount point for the network home directory is
433 located when the user logs in for the first time. The LDAP server is
434 consulted to look for the user
's LDAP object and the sambaHomePath
435 attribute is used if found. If it isn
't found, the home directory
436 path fetched from NSS is used instead. Assuming the path is of the
437 form /site/server/directory/username, the second part is looked up in
438 DNS and used to generate a SMB URL of the form
439 smb://server.domain/username. This algorithm works for both Debian
440 edu and the University of Oslo. Perhaps there are better attributes
441 to use or a better algorithm that works for more sites, but this will
442 do for now. :)
</p
>
444 <p
>This work should make it easier to integrate the Debian Edu clients
445 into any LDAP/Kerberos infrastructure, and make the current setup even
446 more flexible than before. I suspect it will also work for thin
447 client servers, allowing one to easily set up LTSP and hook it into a
448 existing network infrastructure, but I have not had time to test this
451 <p
>If you want to help out with implementing these things for Debian
452 Edu, please contact us on debian-edu@lists.debian.org.
</p
>
454 <p
>Update
2010-
08-
09: Simon Farnsworth gave me a heads-up on how to
455 detect Kerberos realm from DNS, by looking for _kerberos TXT entries
456 before falling back to the upper case DNS domain name. Will have to
457 implement it for Debian Edu. :)
</p
>
462 <title>Rob Weir: How to Crush Dissent
</title>
463 <link>http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html
</link>
464 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html
</guid>
465 <pubDate>Sun,
15 Aug
2010 22:
20:
00 +
0200</pubDate>
467 <p
>I found the notes from Rob Weir on
468 <a href=
"http://feedproxy.google.com/~r/robweir/antic-atom/~
3/VGb23-kta8c/how-to-crush-dissent.html
">how
469 to crush dissent
</a
> matching my own thoughts on the matter quite
470 well. Highly recommended for those wondering which road our society
471 should go down. In my view we have been heading the wrong way for a
477 <title>2 Spykee-roboter i hus, nå skal det lekes
</title>
478 <link>http://people.skolelinux.org/pere/blog/
2_Spykee_roboter_i_hus__n___skal_det_lekes.html
</link>
479 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/
2_Spykee_roboter_i_hus__n___skal_det_lekes.html
</guid>
480 <pubDate>Wed,
18 Aug
2010 13:
30:
00 +
0200</pubDate>
482 <p
>Jeg kjøpte nettopp to
483 <a href=
"http://www.spykee-robot.com/
">Spykee
</a
>-roboter, for test og
484 leking. Kjøpte to da det var så billige, og gir meg mulighet til å
485 eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
486 ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde
487 en liten stabel på lager som de ikke hadde klart å selge ut etter
488 fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
489 vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
490 det blir morsomt å se hva vi får ut av dette.
</p
>
492 <p
>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
493 og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som
494 jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i
495 mai. Eneste utfordringen er at kontroller-programvaren kun finnes til
496 Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
497 firmwaren. :)
</p
>
500 <li
><a href=
"http://en.wikipedia.org/wiki/Spykee
">Wikipedia-oppføring
</a
></li
>
501 <li
><a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html
">Nedlasting av firmware-kilden
</a
></li
>
502 <li
><a href=
"http://wiki.nuug.no/grupper/robot
">prosjektwiki hos NUUG
</a
></li
>
508 <title>Robot, reis deg...
</title>
509 <link>http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html
</link>
510 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html
</guid>
511 <pubDate>Sat,
21 Aug
2010 22:
10:
00 +
0200</pubDate>
513 <p
>I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og
514 har brukt noen timer til å google etter interessante referanser og
515 aktuell kildekode for bruk på Linux. Det mest lovende så langt er
516 <a href=
"http://ispykee.toyz.org/
">ispykee
</a
>, som har en
517 BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på
518 lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for
519 å fjernstyre roboten. Linux-daemonen implementerer deler av
520 protokollen som roboten forstår. Etter å ha knotet litt med å oppnå
521 kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg
522 måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at
523 den lytter på IP-port
9000 og
9001, gikk jeg i gang med å finne ut
524 hvordan jeg kunne snakke med roboten vha. disse portene. Robotbiten
525 av protokollen er publisert av produsenten med GPL-lisens, slik at det
526 er mulig å se hvordan protokollen fungerer. Det finnes en java-klient
527 for Android som så ganske snasen ut, men fant ingen kildekode for
528 denne. Derimot hadde iphone-løsningen kildekode, så jeg tok
529 utgangspunkt i den.
</p
>
531 <p
>Daemonen ville i utgangspunktet forsøke å kontakte den sentrale
532 tjenesten som iphone-programmet kobler seg til. Jeg skrev dette om
533 til i stedet å sette opp en nettverkstjeneste på min lokale maskin,
534 som jeg kan koble meg opp til med telnet og gi kommandoer til roboten
535 (act, forward, right, left, etc). Det involverte i praksis å bytte ut
536 socket()/connect() med socket()/bind()/listen()/accept() for å gjøre
537 klienten om til en tjener.
</p
>
539 <p
>Mens jeg har forsøkt å få roboten til å bevege seg har min samboer
540 skrudd sammen resten av roboten for å få montert kamera og plastpynten
541 (armer, plastfiber for lys). Nå er det hele montert, og roboten er
542 klar til bruk. Må få flyttet den over til mitt vanlige trådløsnett
543 før det blir praktisk, men de bitene av protokollen er ikke
544 implementert i ispykee-daemonen, så der må jeg enten få tak i en mac
545 eller en windows-maskin, eller implementere det selv.
</p
>
547 <p
>Vi var tre som kjøpte slike roboter, og vi har blitt enige om å
548 samle notater og referanser på
<a
549 href=
"http://wiki.nuug.no/grupper/robot/
">NUUGs wiki
</a
>. Ta en titt
550 der hvis du er nysgjerrig.
</p
>
555 <title>Elektronisk stemmegiving er ikke til å stole på - heller ikke i Norge
</title>
556 <link>http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html
</link>
557 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html
</guid>
558 <pubDate>Mon,
23 Aug
2010 19:
30:
00 +
0200</pubDate>
560 <p
>I Norge pågår en prosess for å
561 <a href=
"http://www.e-valg.dep.no/
">innføre elektronisk
562 stemmegiving
</a
> ved kommune- og stortingsvalg. Dette skal
563 introduseres i
2011. Det er all grunn til å tro at valg i Norge ikke
564 vil være til å stole på hvis dette blir gjennomført. Da det hele var
565 oppe til høring i
2006 forfattet jeg
566 <a href=
"http://www.nuug.no/dokumenter/valg-horing-
2006-
09.pdf
">en
567 høringsuttalelse fra NUUG
</a
> (og EFN som hengte seg på) som skisserte
568 hvilke punkter som må oppfylles for at en skal kunne stole på et valg,
569 og elektronisk stemmegiving mangler flere av disse. Elektronisk
570 stemmegiving er for alle praktiske formål å putte ens stemme i en sort
571 boks under andres kontroll, og satse på at de som har kontroll med
572 boksen er til å stole på - uten at en har mulighet til å verifisere
573 dette selv. Det er ikke slik en gjennomfører demokratiske valg.
</p
>
575 <p
>Da problemet er fundamentalt med hvordan elektronisk stemmegiving
576 må fungere for at også ikke-krypografer skal kunne delta, har det vært
577 mange rapporter om hvordan elektronisk stemmegiving har sviktet i land
579 <a href=
"http://wiki.nuug.no/uttalelser/
2006-elektronisk-stemmegiving
">liten
580 samling referanser
</a
> finnes på NUUGs wiki. Den siste er fra India,
581 der valgkomisjonen har valgt
582 <a href=
"http://www.freedom-to-tinker.com/blog/jhalderm/electronic-voting-researcher-arrested-over-anonymous-source
">å
583 pusse politiet på en forsker
</a
> som har dokumentert svakheter i
584 valgsystemet.
</p
>
586 <p
>Her i Norge har en valgt en annen tilnærming, der en forsøker seg
587 med teknobabbel for å få befolkningen til å tro at dette skal bli
588 sikkert. Husk, elektronisk stemmegiving underminerer de demokratiske
589 valgene i Norge, og bør ikke innføres.
</p
>
591 <p
>Den offentlige diskusjonen blir litt vanskelig av at media har
592 valgt å kalle dette
"evalg
", som kan sies å både gjelde elektronisk
593 opptelling av valget som Norge har gjort siden
60-tallet og som er en
594 svært god ide, og elektronisk opptelling som er en svært dårlig ide.
595 Diskusjonen gir ikke mening hvis en skal diskutere om en er for eller
596 mot
"evalg
", og jeg forsøker derfor å være klar på at jeg snakker om
597 elektronisk stemmegiving og unngå begrepet
"evalg
".
</p
>