]> pere.pagekite.me Git - homepage.git/blob - blog/index.html
Generated.
[homepage.git] / blog / index.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html>
4 <head>
5 <title>Petter Reinholdtsen</title>
6 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css">
7 <link rel="alternate" title="RSS Feed" href="http://people.skolelinux.org/pere/blog/index.rss" type="application/rss+xml">
8
9 </head>
10 <body>
11
12 <div class="title">
13 <h1>
14 <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
15
16 </h1>
17
18 </div>
19
20
21
22 <div class="entry">
23 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html">Elektronisk stemmegiving er ikke til å stole på - heller ikke i Norge</a></div>
24 <div class="date">2010-08-23 19:30</div>
25 <div class="body">
26 <p>I Norge pågår en prosess for å
27 <a href="http://www.e-valg.dep.no/">innføre elektronisk
28 stemmegiving</a> ved kommune- og stortingsvalg. Dette skal
29 introduseres i 2011. Det er all grunn til å tro at valg i Norge ikke
30 vil være til å stole på hvis dette blir gjennomført. Da det hele var
31 oppe til høring i 2006 forfattet jeg
32 <a href="http://www.nuug.no/dokumenter/valg-horing-2006-09.pdf">en
33 høringsuttalelse fra NUUG</a> (og EFN som hengte seg på) som skisserte
34 hvilke punkter som må oppfylles for at en skal kunne stole på et valg,
35 og elektronisk stemmegiving mangler flere av disse. Elektronisk
36 stemmegiving er for alle praktiske formål å putte ens stemme i en sort
37 boks under andres kontroll, og satse på at de som har kontroll med
38 boksen er til å stole på - uten at en har mulighet til å verifisere
39 dette selv. Det er ikke slik en gjennomfører demokratiske valg.</p>
40
41 <p>Da problemet er fundamentalt med hvordan elektronisk stemmegiving
42 må fungere for at også ikke-krypografer skal kunne delta, har det vært
43 mange rapporter om hvordan elektronisk stemmegiving har sviktet i land
44 etter land. En
45 <a href="http://wiki.nuug.no/uttalelser/2006-elektronisk-stemmegiving">liten
46 samling referanser</a> finnes på NUUGs wiki. Den siste er fra India,
47 der valgkomisjonen har valgt
48 <a href="http://www.freedom-to-tinker.com/blog/jhalderm/electronic-voting-researcher-arrested-over-anonymous-source">å
49 pusse politiet på en forsker</a> som har dokumentert svakheter i
50 valgsystemet.</p>
51
52 <p>Her i Norge har en valgt en annen tilnærming, der en forsøker seg
53 med teknobabbel for å få befolkningen til å tro at dette skal bli
54 sikkert. Husk, elektronisk stemmegiving underminerer de demokratiske
55 valgene i Norge, og bør ikke innføres.</p>
56
57 <p>Den offentlige diskusjonen blir litt vanskelig av at media har
58 valgt å kalle dette "evalg", som kan sies å både gjelde elektronisk
59 opptelling av valget som Norge har gjort siden 60-tallet og som er en
60 svært god ide, og elektronisk opptelling som er en svært dårlig ide.
61 Diskusjonen gir ikke mening hvis en skal diskutere om en er for eller
62 mot "evalg", og jeg forsøker derfor å være klar på at jeg snakker om
63 elektronisk stemmegiving og unngå begrepet "evalg".</p>
64 </div>
65 <div class="tags">
66
67
68
69 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
70
71 </div>
72 </div>
73 <div class="padding"></div>
74
75 <div class="entry">
76 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html">Robot, reis deg...</a></div>
77 <div class="date">2010-08-21 22:10</div>
78 <div class="body">
79 <p>I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og
80 har brukt noen timer til å google etter interessante referanser og
81 aktuell kildekode for bruk på Linux. Det mest lovende så langt er
82 <a href="http://ispykee.toyz.org/">ispykee</a>, som har en
83 BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på
84 lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for
85 å fjernstyre roboten. Linux-daemonen implementerer deler av
86 protokollen som roboten forstår. Etter å ha knotet litt med å oppnå
87 kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg
88 måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at
89 den lytter på IP-port 9000 og 9001, gikk jeg i gang med å finne ut
90 hvordan jeg kunne snakke med roboten vha. disse portene. Robotbiten
91 av protokollen er publisert av produsenten med GPL-lisens, slik at det
92 er mulig å se hvordan protokollen fungerer. Det finnes en java-klient
93 for Android som så ganske snasen ut, men fant ingen kildekode for
94 denne. Derimot hadde iphone-løsningen kildekode, så jeg tok
95 utgangspunkt i den.</p>
96
97 <p>Daemonen ville i utgangspunktet forsøke å kontakte den sentrale
98 tjenesten som iphone-programmet kobler seg til. Jeg skrev dette om
99 til i stedet å sette opp en nettverkstjeneste på min lokale maskin,
100 som jeg kan koble meg opp til med telnet og gi kommandoer til roboten
101 (act, forward, right, left, etc). Det involverte i praksis å bytte ut
102 socket()/connect() med socket()/bind()/listen()/accept() for å gjøre
103 klienten om til en tjener.</p>
104
105 <p>Mens jeg har forsøkt å få roboten til å bevege seg har min samboer
106 skrudd sammen resten av roboten for å få montert kamera og plastpynten
107 (armer, plastfiber for lys). Nå er det hele montert, og roboten er
108 klar til bruk. Må få flyttet den over til mitt vanlige trådløsnett
109 før det blir praktisk, men de bitene av protokollen er ikke
110 implementert i ispykee-daemonen, så der må jeg enten få tak i en mac
111 eller en windows-maskin, eller implementere det selv.</p>
112
113 <p>Vi var tre som kjøpte slike roboter, og vi har blitt enige om å
114 samle notater og referanser på <a
115 href="http://wiki.nuug.no/grupper/robot/">NUUGs wiki</a>. Ta en titt
116 der hvis du er nysgjerrig.</p>
117 </div>
118 <div class="tags">
119
120
121
122 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/robot">robot</a>.
123
124 </div>
125 </div>
126 <div class="padding"></div>
127
128 <div class="entry">
129 <div class="title"><a href="http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html">2 Spykee-roboter i hus, nå skal det lekes</a></div>
130 <div class="date">2010-08-18 13:30</div>
131 <div class="body">
132 <p>Jeg kjøpte nettopp to
133 <a href="http://www.spykee-robot.com/">Spykee</a>-roboter, for test og
134 leking. Kjøpte to da det var så billige, og gir meg mulighet til å
135 eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
136 ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde
137 en liten stabel på lager som de ikke hadde klart å selge ut etter
138 fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
139 vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
140 det blir morsomt å se hva vi får ut av dette.</p>
141
142 <p>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
143 og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som
144 jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i
145 mai. Eneste utfordringen er at kontroller-programvaren kun finnes til
146 Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
147 firmwaren. :)</p>
148
149 <ul>
150 <li><a href="http://en.wikipedia.org/wiki/Spykee">Wikipedia-oppføring</a></li>
151 <li><a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html">Nedlasting av firmware-kilden</a></li>
152 <li><a href="http://wiki.nuug.no/grupper/robot">prosjektwiki hos NUUG</a></li>
153 </ul>
154 </div>
155 <div class="tags">
156
157
158
159 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/robot">robot</a>.
160
161 </div>
162 </div>
163 <div class="padding"></div>
164
165 <div class="entry">
166 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html">Rob Weir: How to Crush Dissent</a></div>
167 <div class="date">2010-08-15 22:20</div>
168 <div class="body">
169 <p>I found the notes from Rob Weir on
170 <a href="http://feedproxy.google.com/~r/robweir/antic-atom/~3/VGb23-kta8c/how-to-crush-dissent.html">how
171 to crush dissent</a> matching my own thoughts on the matter quite
172 well. Highly recommended for those wondering which road our society
173 should go down. In my view we have been heading the wrong way for a
174 long time.</p>
175 </div>
176 <div class="tags">
177
178
179
180 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
181
182 </div>
183 </div>
184 <div class="padding"></div>
185
186 <div class="entry">
187 <div class="title"><a href="http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html">No hardcoded config on Debian Edu clients</a></div>
188 <div class="date">2010-08-09 20:15</div>
189 <div class="body">
190 <p>As reported earlier, the last few days I have looked at how Debian
191 Edu clients are configured, and tried to get rid of all hardcoded
192 configuration settings on the clients. I believe the work to be
193 mostly done, and the clients seem to work just fine with dynamically
194 generated configuration.</p>
195
196 <p>What is the point, you might ask? The point is to allow a Debian
197 Edu desktop to integrate into an existing network infrastructure
198 without any manual configuration.</p>
199
200 <p>This is what happens when installing a Debian Edu client here at
201 the University of Oslo using PXE. With the PXE installation, I am
202 asked for language (Norwegian Bokmål), locality (Norway) and keyboard
203 layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
204 accept to reformat the hard drive (yes), if I want to submit info to
205 popcon.debian.org (no) and root password (secret). After answering
206 these questions, the installer goes ahead and does its thing, and
207 after around 50 minutes it is done. I press enter to finish the
208 installation, and the machine reboots into KDE. When the machine is
209 ready and kdm asks for login information, I enter my university
210 username and password, am told by kdm that a local home directory has
211 been created and that I must log in again, and finally log in with the
212 same username and password to the KDE 4.4 desktop. At no point during
213 this process did it ask for university specific settings, and all the
214 required configuration was dynamically detected using information
215 fetched via DHCP and DNS. The roaming workstation is now ready for
216 use.</p>
217
218 <p>How was this done, you might wonder? First of all, here is the
219 list of things that need to be configured on the client to get it
220 working properly out of the box:</p>
221
222 <ul>
223 <li>IP address/netmask and DNS server.</li>
224 <li>Web proxy URL.</li>
225 <li>LDAP server for NSS directory information (user, group, etc).</li>
226 <li>Kerberos server for PAM password checking.</li>
227 <li>SMB mount point to access the network home directory. (*)</li>
228 <li>Central syslog server to send syslog messages to. (*)</li>
229 <li>Sitesummary collector URL to submit info to central server. (*)</li>
230 </ul>
231
232 <p>(Hm, did I forget anything? Let me knew if I did.)</p>
233
234 <p>The points marked (*) are not required to be able to use the
235 machine, but needed to provide central storage and allowing system
236 administrators to track their machines. Since yesterday, everything
237 but the sitesummary collector URL is dynamically discovered at boot
238 and installation time in the svn version of Debian Edu.</p>
239
240 <p>The IP and DNS setup is fetched during boot using DHCP as usual.
241 When a DHCP update arrives, the proxy setup is updated by looking for
242 http://wpat/wpad.dat and using the content of this WPAD file to
243 configure the http and ftp proxy in /etc/environment and
244 /etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
245 hook to ensure that the client stops using the Debian Edu proxy when
246 it is moved outside the Debian Edu network, and instead uses any local
247 proxy present on the new network when it moves around.</p>
248
249 <p>The DNS names of the LDAP, Kerberos and syslog server and related
250 configuration are generated using DNS information at boot. First the
251 installer looks for a host named ldap in the current DNS domain. If
252 not found, it looks for _ldap._tcp SRV records in DNS instead. If an
253 LDAP server is found, its root DSE entry is requested and the
254 attributes namingContexts and defaultNamingContext are used to
255 determine which LDAP base to use for NSS. If there are several
256 namingContexts attibutes and the defaultNamingContext is present, that
257 LDAP subtree is used as the base. If defaultNamingContext is missing,
258 the subtrees listed as namingContexts are searched in sequence for any
259 object with class posixAccount or posixGroup, and the first one with
260 such an object is used as the LDAP base. For Kerberos, a similar
261 search is done by first looking for a host named kerberos, and then
262 for the _kerberos._tcp SRV record. I've been unable to find a way to
263 look up the Kerberos realm, so for this the upper case string of the
264 current DNS domain is used.</p>
265
266 <p>For the syslog server, the hosts syslog and loghost are searched
267 for, and the _syslog._udp SRV record is consulted if no such host is
268 found. This algorithm works for both Debian Edu and the University of
269 Oslo. A similar strategy would work for locating the sitesummary
270 server, but have not been implemented yet. I decided to fetch and
271 save these settings during installation, to make sure moving to a
272 different network does not change the set of users being allowed to
273 log in nor the passwords required to log in. Usernames and passwords
274 will be cached by sssd when the user logs in on the Debian Edu
275 network, and will not change as the laptop move around. For a
276 non-roaming machine, there is no caching, but given that it is
277 supposed to stay in place it should not matter much. Perhaps we
278 should switch those to use sssd too?</p>
279
280 <p>The user's SMB mount point for the network home directory is
281 located when the user logs in for the first time. The LDAP server is
282 consulted to look for the user's LDAP object and the sambaHomePath
283 attribute is used if found. If it isn't found, the home directory
284 path fetched from NSS is used instead. Assuming the path is of the
285 form /site/server/directory/username, the second part is looked up in
286 DNS and used to generate a SMB URL of the form
287 smb://server.domain/username. This algorithm works for both Debian
288 edu and the University of Oslo. Perhaps there are better attributes
289 to use or a better algorithm that works for more sites, but this will
290 do for now. :)</p>
291
292 <p>This work should make it easier to integrate the Debian Edu clients
293 into any LDAP/Kerberos infrastructure, and make the current setup even
294 more flexible than before. I suspect it will also work for thin
295 client servers, allowing one to easily set up LTSP and hook it into a
296 existing network infrastructure, but I have not had time to test this
297 yet.</p>
298
299 <p>If you want to help out with implementing these things for Debian
300 Edu, please contact us on debian-edu@lists.debian.org.</p>
301
302 <p>Update 2010-08-09: Simon Farnsworth gave me a heads-up on how to
303 detect Kerberos realm from DNS, by looking for _kerberos TXT entries
304 before falling back to the upper case DNS domain name. Will have to
305 implement it for Debian Edu. :)</p>
306 </div>
307 <div class="tags">
308
309
310
311 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
312
313 </div>
314 </div>
315 <div class="padding"></div>
316
317 <div class="entry">
318 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">Testing if a file system can be used for home directories...</a></div>
319 <div class="date">2010-08-08 21:20</div>
320 <div class="body">
321 <p>A few years ago, I was involved in a project planning to use
322 Windows file servers as home directory servers for Debian
323 Edu/Skolelinux machines. This was thought to be no problem, as the
324 access would be through the SMB network file system protocol, and we
325 knew other sites used SMB with unix and samba as the file server to
326 mount home directories without any problems. But, after months of
327 struggling, we had to conclude that our goal was impossible.</p>
328
329 <p>The reason is simply that while SMB can be used for home
330 directories when the file server is Samba running on Unix, this only
331 work because of Samba have some extensions and the fact that the
332 underlying file system is a unix file system. When using a Windows
333 file server, the underlying file system do not have POSIX semantics,
334 and several programs will fail if the users home directory where they
335 want to store their configuration lack POSIX semantics.</p>
336
337 <p>As part of this work, I wrote a small C program I want to share
338 with you all, to replicate a few of the problematic applications (like
339 OpenOffice.org and GCompris) and see if the file system was working as
340 it should. If you find yourself in spooky file system land, it might
341 help you find your way out again. This is the fs-test.c source:</p>
342
343 <pre>
344 /*
345 * Some tests to check the file system sematics. Used to verify that
346 * CIFS from a windows server do not work properly as a linux home
347 * directory.
348 * License: GPL v2 or later
349 *
350 * needs libsqlite3-dev and build-essential installed
351 * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
352 */
353
354 #define _FILE_OFFSET_BITS 64
355 #define _LARGEFILE_SOURCE 1
356 #define _LARGEFILE64_SOURCE 1
357
358 #define _GNU_SOURCE /* for asprintf() */
359
360 #include &lt;errno.h>
361 #include &lt;fcntl.h>
362 #include &lt;stdio.h>
363 #include &lt;string.h>
364 #include &lt;stdlib.h>
365 #include &lt;sys/file.h>
366 #include &lt;sys/stat.h>
367 #include &lt;sys/types.h>
368 #include &lt;unistd.h>
369
370 #ifdef TEST_SQLITE
371 /*
372 * Test sqlite open, as done by gcompris require the libsqlite3-dev
373 * package and linking with -lsqlite3. A more low level test is
374 * below.
375 * See also &lt;URL: http://www.sqlite.org./faq.html#q5 >.
376 */
377 #include &lt;sqlite3.h>
378 #define CREATE_TABLE_USERS \
379 "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
380 int test_sqlite_open(void) {
381 char *zErrMsg;
382 char *name = "testsqlite.db";
383 sqlite3 *db=NULL;
384 unlink(name);
385 int rc = sqlite3_open(name, &db);
386 if( rc ){
387 printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
388 sqlite3_close(db);
389 return -1;
390 }
391
392 /* create tables */
393 rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL, 0, &zErrMsg);
394 if( rc != SQLITE_OK ){
395 printf("error: sqlite table create failed: %s\n", zErrMsg);
396 sqlite3_close(db);
397 return -1;
398 }
399 printf("info: sqlite worked\n");
400 sqlite3_close(db);
401 return 0;
402 }
403 #endif /* TEST_SQLITE */
404
405 /*
406 * Demonstrate locking issue found in gcompris using sqlite3. This
407 * work with ext3, but not with cifs server on Windows 2003. This is
408 * done in the sqlite3 library.
409 * See also
410 * &lt;URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
411 * POSIX specification
412 * &lt;URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
413 */
414 int test_gcompris_locking(void) {
415 struct flock fl;
416 char *name = "testsqlite.db";
417 unlink(name);
418 int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
419 printf("info: testing fcntl locking\n");
420
421 fl.l_whence = SEEK_SET;
422 fl.l_pid = getpid();
423 printf(" Read-locking 1 byte from 1073741824");
424 fl.l_start = 1073741824;
425 fl.l_len = 1;
426 fl.l_type = F_RDLCK;
427 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
428
429 printf(" Read-locking 510 byte from 1073741826");
430 fl.l_start = 1073741826;
431 fl.l_len = 510;
432 fl.l_type = F_RDLCK;
433 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
434
435 printf(" Unlocking 1 byte from 1073741824");
436 fl.l_start = 1073741824;
437 fl.l_len = 1;
438 fl.l_type = F_UNLCK;
439 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
440
441 printf(" Write-locking 1 byte from 1073741824");
442 fl.l_start = 1073741824;
443 fl.l_len = 1;
444 fl.l_type = F_WRLCK;
445 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
446
447 printf(" Write-locking 510 byte from 1073741826");
448 fl.l_start = 1073741826;
449 fl.l_len = 510;
450 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
451
452 printf(" Unlocking 2 byte from 1073741824");
453 fl.l_start = 1073741824;
454 fl.l_len = 2;
455 fl.l_type = F_UNLCK;
456 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
457
458 close(fd);
459 return 0;
460 }
461
462 /*
463 * Test if permissions of freshly created directories allow entries
464 * below them. This was a problem with OpenOffice.org and gcompris.
465 * Mounting with option 'sync' seem to solve this problem while
466 * slowing down file operations.
467 */
468 int test_subdirectory_creation(void) {
469 #define LEVELS 5
470 char *path = strdup("test");
471 char *dirs[LEVELS];
472 int level;
473 printf("info: testing subdirectory creation\n");
474 for (level = 0; level &lt; LEVELS; level++) {
475 char *newpath = NULL;
476 if (-1 == mkdir(path, 0777)) {
477 printf(" error: Unable to create directory '%s': %s\n",
478 path, strerror(errno));
479 break;
480 }
481 asprintf(&newpath, "%s/%s", path, "test");
482 free(path);
483 path = newpath;
484 }
485 return 0;
486 }
487
488 /*
489 * Test if symlinks can be created. This was a problem detected with
490 * KDE.
491 */
492 int test_symlinks(void) {
493 printf("info: testing symlink creation\n");
494 unlink("symlink");
495 if (-1 == symlink("file", "symlink"))
496 printf(" error: Unable to create symlink\n");
497 return 0;
498 }
499
500 int main(int argc, char **argv) {
501 printf("Testing POSIX/Unix sematics on file system\n");
502 test_symlinks();
503 test_subdirectory_creation();
504 #ifdef TEST_SQLITE
505 test_sqlite_open();
506 #endif /* TEST_SQLITE */
507 test_gcompris_locking();
508 return 0;
509 }
510 </pre>
511
512 <p>When everything is working, it should print something like
513 this:</p>
514
515 <pre>
516 Testing POSIX/Unix sematics on file system
517 info: testing symlink creation
518 info: testing subdirectory creation
519 info: sqlite worked
520 info: testing fcntl locking
521 Read-locking 1 byte from 1073741824
522 Read-locking 510 byte from 1073741826
523 Unlocking 1 byte from 1073741824
524 Write-locking 1 byte from 1073741824
525 Write-locking 510 byte from 1073741826
526 Unlocking 2 byte from 1073741824
527 </pre>
528
529 <p>I do not remember the exact details of the problems we saw, but one
530 of them was with locking, where if I remember correctly, POSIX allow a
531 read-only lock to be upgraded to a read-write lock without unlocking
532 the read-only lock (while Windows do not). Another was a bug in the
533 CIFS/SMB client implementation in the Linux kernel where directory
534 meta information would be wrong for a fraction of a second, making
535 OpenOffice.org fail to create its deep directory tree because it was
536 not allowed to create files in its freshly created directory.</p>
537
538 <p>Anyway, here is a nice tool for your tool box, might you never need
539 it. :)</p>
540 </div>
541 <div class="tags">
542
543
544
545 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
546
547 </div>
548 </div>
549 <div class="padding"></div>
550
551 <div class="entry">
552 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html">Autodetecting Client setup for roaming workstations in Debian Edu</a></div>
553 <div class="date">2010-08-07 14:45</div>
554 <div class="body">
555 <p>A few days ago, I
556 <a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">tried
557 to install</a> a Roaming workation profile from Debian Edu/Squeeze
558 while on the university network here at the University of Oslo, and
559 noticed how much had to change to get it operational using the
560 university infrastructure. It was fairly easy, but it occured to me
561 that Debian Edu would improve a lot if I could get the client to
562 connect without any changes at all, and thus let the client configure
563 itself during installation and first boot to use the infrastructure
564 around it. Now I am a huge step further along that road.</p>
565
566 <p>With our current squeeze-test packages, I can select the roaming
567 workstation profile and get a working laptop connecting to the
568 university LDAP server for user and group and our active directory
569 servers for Kerberos authentication. All this without any
570 configuration at all during installation. My users home directory got
571 a bookmark in the KDE menu to mount it via SMB, with the correct URL.
572 In short, openldap and sssd is correctly configured. In addition to
573 this, the client look for http://wpad/wpad.dat to configure a web
574 proxy, and when it fail to find it no proxy settings are stored in
575 /etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
576 configured to look for the same wpad configuration and also do not use
577 a proxy when at the university network. If the machine is moved to a
578 network with such wpad setup, it would automatically use it when DHCP
579 gave it a IP address.</p>
580
581 <p>The LDAP server is located using DNS, by first looking for the DNS
582 entry ldap.$domain. If this do not exist, it look for the
583 _ldap._tcp.$domain SRV records and use the first one as the LDAP
584 server. Next, it connects to the LDAP server and search all
585 namingContexts entries for posixAccount or posixGroup objects, and
586 pick the first one as the LDAP base. For Kerberos, a similar
587 algorithm is used to locate the LDAP server, and the realm is the
588 uppercase version of $domain.</p>
589
590 <p>So, what is not working, you might ask. SMB mounting my home
591 directory do not work. No idea why, but suspected the incorrect
592 Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
593 the cause. These are not properly configured during installation, and
594 had to be hand-edited to get the correct Kerberos realm and server,
595 but SMB mounting still do not work. :(</p>
596
597 <p>With this automatic configuration in place, I expect a Debian Edu
598 roaming profile installation would be able to automatically detect and
599 connect to any site using LDAP and Kerberos for NSS directory and PAM
600 authentication. It should also work out of the box in a Active
601 Directory environment providing posixAccount and posixGroup objects
602 with UID and GID values.</p>
603
604 <p>If you want to help out with implementing these things for Debian
605 Edu, please contact us on debian-edu@lists.debian.org.</p>
606 </div>
607 <div class="tags">
608
609
610
611 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
612
613 </div>
614 </div>
615 <div class="padding"></div>
616
617 <div class="entry">
618 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">Debian Edu roaming workstation - at the university of Oslo</a></div>
619 <div class="date">2010-08-03 23:30</div>
620 <div class="body">
621 <p>The new roaming workstation profile in Debian Edu/Squeeze is fairly
622 similar to the laptop setup am I working on using Ubuntu for the
623 University of Oslo, and just for the heck of it, I tested today how
624 hard it would be to integrate that profile into the university
625 infrastructure. In this case, it is the university LDAP server,
626 Active Directory Kerberos server and SMB mounting from the Netapp file
627 servers.</p>
628
629 <p>I was pleasantly surprised that the only three files needed to be
630 changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
631 /etc/mklocaluser.d/20-debian-edu-config) and one file had to be added
632 (/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
633 Most of the changes were to get the client to use the university LDAP
634 for NSS and Kerberos server for PAM, but one was to change a hard
635 coded DNS domain name in the mklocaluser hook from .intern to
636 .uio.no.</p>
637
638 <p>This testing was so encouraging, that I went ahead and adjusted the
639 Debian Edu scripts and setup in subversion to centralise the roaming
640 workstation setup a bit more and avoid the hardcoded DNS domain name,
641 so that when I test this tomorrow, I expect to get away with modifying
642 only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
643 university servers.</p>
644
645 <p>My goal is to get the clients to have no hardcoded settings and
646 fetch all their initial setup during installation and first boot, to
647 allow them to be inserted also into environments where the default
648 setup in Debian Edu has been changed or as with the university, where
649 the environment is different but provides the protocols Debian Edu
650 uses.</p>
651 </div>
652 <div class="tags">
653
654
655
656 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
657
658 </div>
659 </div>
660 <div class="padding"></div>
661
662 <div class="entry">
663 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html">Circular package dependencies harms apt recovery</a></div>
664 <div class="date">2010-07-27 23:50</div>
665 <div class="body">
666 <p>I discovered this while doing
667 <a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">automated
668 testing of upgrades from Debian Lenny to Squeeze</a>. A few packages
669 in Debian still got circular dependencies, and it is often claimed
670 that apt and aptitude should be able to handle this just fine, but
671 some times these dependency loops causes apt to fail.</p>
672
673 <p>An example is from todays
674 <a href="http://people.skolelinux.org/~pere/debian-upgrade-testing//test-20100727-lenny-squeeze-kde-aptitude.txt">upgrade
675 of KDE using aptitude</a>. In it, a bug in kdebase-workspace-data
676 causes perl-modules to fail to upgrade. The cause is simple. If a
677 package fail to unpack, then only part of packages with the circular
678 dependency might end up being unpacked when unpacking aborts, and the
679 ones already unpacked will fail to configure in the recovery phase
680 because its dependencies are unavailable.</p>
681
682 <p>In this log, the problem manifest itself with this error:</p>
683
684 <blockquote><pre>
685 dpkg: dependency problems prevent configuration of perl-modules:
686 perl-modules depends on perl (>= 5.10.1-1); however:
687 Version of perl on system is 5.10.0-19lenny2.
688 dpkg: error processing perl-modules (--configure):
689 dependency problems - leaving unconfigured
690 </pre></blockquote>
691
692 <p>The perl/perl-modules circular dependency is already
693 <a href="http://bugs.debian.org/527917">reported as a bug</a>, and will
694 hopefully be solved as soon as possible, but it is not the only one,
695 and each one of these loops in the dependency tree can cause similar
696 failures. Of course, they only occur when there are bugs in other
697 packages causing the unpacking to fail, but it is rather nasty when
698 the failure of one package causes the problem to become worse because
699 of dependency loops.</p>
700
701 <p>Thanks to
702 <a href="http://lists.debian.org/debian-devel/2010/06/msg00116.html">the
703 tireless effort by Bill Allombert</a>, the number of circular
704 dependencies
705 <a href="http://debian.semistable.com/debgraph.out.html">left in Debian
706 is dropping</a>, and perhaps it will reach zero one day. :)</p>
707
708 <p>Todays testing also exposed a bug in
709 <a href="http://bugs.debian.org/590605">update-notifier</a> and
710 <a href="http://bugs.debian.org/590604">different behaviour</a> between
711 apt-get and aptitude, the latter possibly caused by some circular
712 dependency. Reported both to BTS to try to get someone to look at
713 it.</p>
714 </div>
715 <div class="tags">
716
717
718
719 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
720
721 </div>
722 </div>
723 <div class="padding"></div>
724
725 <div class="entry">
726 <div class="title"><a href="http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html">First Debian Edu test release (alpha0) based on Squeeze is released</a></div>
727 <div class="date">2010-07-27 17:45</div>
728 <div class="body">
729 <p>I just posted this announcement culminating several months of work
730 with the next Debian Edu release. Not nearly done, but one major step
731 completed.</p>
732
733 <blockquote>
734 <p>This is the first test release based on Squeeze. The focus of this
735 release is to test the user application selection. To have a look,
736 install the standalone profile and let the developers know if the set
737 of installed packages i.e. applications should be modified. If some
738 user application is missing, or if there are some applications that no
739 longer make sense to be included in Debian Edu, please let us know.
740 Also, if a useful application is missing the translation for your
741 language of choice, please let us know too.</p>
742
743 <p>In addition, feedback and help to polish the desktop (menus,
744 artwork, starters, etc.) is appreciated. We would like to ship a nice
745 and handy KDE4 desktop targeted for schools out of the box.</p>
746
747 <p>The other profiles should be installable, but there is a lot more
748 work left to be done before they are ready, so do not expect to
749 much.</p>
750
751 <p>Changes compared to the lenny based version</p>
752
753 <ul>
754 <li>Everything from Debian Squeeze
755 <ul>
756 <li>Desktop environment KDE 4.4 => the new KDE desktop in
757 combination with some new artwork
758 <li>Web browser Iceweasel 3.5
759 <li>OpenOffice.org 3.2
760 <li>Educational toolbox GCompris 9.3
761 <li>Music creator Rosegarden 10.04.2
762 <li>Image editor Gimp 2.6.10
763 <li>Virtual universe Celestia 1.6.0
764 <li>Virtual stargazer Stellarium 0.10.4
765 <li>3D modeler Blender 2.49.2 (new application)
766 <li>Video editor Kdenlive 0.7.7 (new application)
767 </ul></li>
768 <li>Now using Kerberos for password checking (migration not finished).
769 Enabled for:
770 <ul>
771 <li>PAM
772 <li>LDAP
773 <li>IMAP
774 <li>SMTP (sender verification)
775 </ul>
776 </li>
777 <li>New experimental roaming workstation profile for laptops.</li>
778 <li>Show welcome page to users when they first log in. The URL is
779 fetched from LDAP.</li>
780 <li>New LXDE desktop option, in addition to KDE (default) and Gnome.</li>
781 <li>General cleanup (not finished)</li>
782 </ul>
783 <p>The following features are not working as they should</p>
784
785 <ul>
786 <li>No web based administration tool for creating users and groups. The
787 scripts ldap-createuser-krb and ldap-add-user-to-group can be used
788 for testing.</li>
789 <li>DVD installs are missing debian-installer images for the PXE boot,
790 and do not set up the PXE menu on eth0 because of this. LTSP
791 clients should still boot from eth1 on thin client servers.</li>
792 <li>The restructured KDE menu is not implemented.</li>
793 <li>The LDAP server setup need to be reviewed for security.</li>
794 <li>The LDAP directory structure need to be reworked.</li>
795 <li>Different sets of packages are installed when using the DVD and the
796 netinst CD. More packages are installed using the netinst CD.</li>
797 <li>The jackd package fail to install. This is believed to be caused by
798 some ongoing transition, and hopefully should be solved soon. The
799 jackd1 package can be installed manually for those that need it.</li>
800 <li>Some packages lack translations. See
801 http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status,
802 and help out with translations.</li>
803 </ul>
804
805 <p>To download this multiarch netinstall release you can use</p>
806
807 <ul>
808 <li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
809 <li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
810 <li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</li>
811 </ul>
812 <p>To download this multiarch dvd release you can use</p>
813
814 <ul>
815 <li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
816 <li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
817 <li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</li>
818 </ul>
819
820 <p>There is no source DVD available yet. It will be prepared when we
821 get closer to the final release.</p>
822
823 <p>The MD5SUM of these images are</p>
824
825 <ul>
826 <li>3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-6.0.0+edua0-CD.iso</li>
827 <li>22f2cbfce281d1c6e478be452638675d debian-edu-6.0.0+edua0-DVD.iso</li>
828 </ul>
829
830 <p>The SHA1SUM of these images are</p>
831 <ul>
832 <li>c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-6.0.0+edua0-CD.iso</li>
833 <li>2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-6.0.0+edua0-DVD.iso</li>
834 </ul>
835 <p>How to report bugs:
836 http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla</p>
837
838 <p>Please direct replies to debian-edu@lists.debian.org</p>
839 </blockquote>
840 </div>
841 <div class="tags">
842
843
844
845 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
846
847 </div>
848 </div>
849 <div class="padding"></div>
850
851 <p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14"></a></p>
852
853 <div id="sidebar">
854
855
856
857
858
859 <h2>Archive</h2>
860 <ul>
861
862 <li>2010
863 <ul>
864
865 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
866
867 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
868
869 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
870
871 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
872
873 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
874
875 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
876
877 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
878
879 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (8)</a></li>
880
881 </ul></li>
882
883 <li>2009
884 <ul>
885
886 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
887
888 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
889
890 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
891
892 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
893
894 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
895
896 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
897
898 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
899
900 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
901
902 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
903
904 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
905
906 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
907
908 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
909
910 </ul></li>
911
912 <li>2008
913 <ul>
914
915 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
916
917 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
918
919 </ul></li>
920
921 </ul>
922
923
924
925 <h2>Tags</h2>
926 <ul>
927
928 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>
929
930 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
931
932 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
933
934 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (10)</a></li>
935
936 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (35)</a></li>
937
938 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (40)</a></li>
939
940 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (56)</a></li>
941
942 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>
943
944 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (8)</a></li>
945
946 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (3)</a></li>
947
948 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
949
950 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (2)</a></li>
951
952 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
953
954 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>
955
956 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (74)</a></li>
957
958 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (96)</a></li>
959
960 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (14)</a></li>
961
962 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (15)</a></li>
963
964 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>
965
966 <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (2)</a></li>
967
968 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
969
970 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (12)</a></li>
971
972 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (3)</a></li>
973
974 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (13)</a></li>
975
976 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
977
978 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>
979
980 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
981
982 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (7)</a></li>
983
984 </ul>
985
986 </div>
987
988 <p style="text-align: right">
989 Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v3.7</a>
990 </p>
991 </body>
992 </html>