[homepage.git] / blog / tags / english / index.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
 <head>
  <title>Petter Reinholdtsen: Entries Tagged english</title> 
  <link rel="stylesheet" type="text/css" media="screen" href="../../style.css">
  <link rel="alternate" title="RSS Feed" href="english.rss" type="application/rss+xml">
 </head>
 <body>

 <div class="title">
  <h1>
       <a href="../../">Petter Reinholdtsen</a>
      
  </h1>
  
 </div>

 <p>Entries tagged "english".</p>




<div class="entry">
 <div class="title">
 <a href="../../The_sorry_state_of_multimedia_browser_plugins_in_Debian.html">The sorry state of multimedia browser plugins in Debian</a>
 </div>
 <div class="date">
  2008-11-25 00:10
 </div>

 <div class="body">
  
<p>Recently I have spent some time evaluating the multimedia browser
plugins available in Debian Lenny, to see which one we should use by
default in Debian Edu.  We need an embedded video playing plugin with
control buttons to pause or stop the video, and capable of streaming
all the multimedia content available on the web.  The test results and
notes are available on
<a href="http://wiki.debian.org/DebianEdu/BrowserMultimedia">the
Debian wiki</a>.  I was surprised how few of the plugins are able to
fill this need.  My personal video player favorite, VLC, has a really
bad plugin which fail on a lot of the test pages.  A lot of the MIME
types I would expect to work with any free software player (like
video/ogg), just do not work.  And simple formats like the
audio/x-mplegurl format (m3u playlists), just isn't supported by the
totem and vlc plugins.  I hope the situation will improve soon.  No
wonder sites use the proprietary Adobe flash to play video.</p>

<p>For Lenny, we seem to end up with the mplayer plugin.  It seem to
be the only one fitting our needs. :/</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/multimedia">multimedia</a>, <a href="../../tags/web">web</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html">Devcamp brought us closer to the Lenny based Debian Edu release</a>
 </div>
 <div class="date">
  2008-12-07 12:00
 </div>

 <div class="body">
  
<p>This weekend we had a small developer gathering for Debian Edu in
Oslo.  Most of Saturday was used for the general assemly for the
member organization, but the rest of the weekend I used to tune the
LTSP installation.  LTSP now work out of the box on the 10-network.
Acer Aspire One proved to be a very nice thin client, with both
screen, mouse and keybard in a small box.  Was working on getting the
diskless workstation setup configured out of the box, but did not
finish it before the weekend was up.</p>

<p>Did not find time to look at the 4 VGA cards in one box we got from
the Brazilian group, so that will have to wait for the next
development gathering.  Would love to have the Debian Edu installer
automatically detect and configure a multiseat setup when it find one
of these cards.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/ltsp">ltsp</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Software_video_mixer_on_a_USB_stick.html">Software video mixer on a USB stick</a>
 </div>
 <div class="date">
  2008-12-28 15:40
 </div>

 <div class="body">
  
<p>The <a href="http://www.nuug.no/">Norwegian Unix User Group</a> is
recording our montly presentation on video, and recently we have
worked on improving the quality of the recordings by mixing the slides
directly with the video stream.  For this, we use the
<a href="http://dvswitch.alioth.debian.org/">dvswitch</a> package from
the Debian video team.  As this require quite one computer per video
source, and NUUG do not have enough laptops available, we need to
borrow laptops.  And to avoid having to install extra software on
these borrwed laptops, I have wrapped up all the programs needed on a
bootable USB stick.  The software required is dvswitch with assosiated
source, sink and mixer applications and
<a href="http://www.kinodv.org/">dvgrab</a>.  To allow this setup to
work without any configuration, I've patched dvswitch to use
<a href="http://www.avahi.org/">avahi</a> to connect the various parts
together.  And to allow us to use laptops without firewire plugs, I
upgraded dvgrab to the one from Debian/unstable to get one that work
with USB sources.  We have not yet tested this setup in a production
setup, but I hope it will work properly, and allow us to set up a
video mixer in a very short time frame.  We will need it for
<a href="http://www.goopen.no/">Go Open 2009</a>.</p>

<p><a href="http://www.nuug.no/pub/video/bin/usbstick-dvswitch.img.gz">The
USB image</a> is for a 1 GB memory stick, but can be used on any
larger stick as well.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/video">video</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../When_web_browser_developers_make_a_video_player___.html">When web browser developers make a video player...</a>
 </div>
 <div class="date">
  2009-01-17 18:50
 </div>

 <div class="body">
  
<p>As part of the work we do in <a href="http://www.nuug.no">NUUG</a>
to publish video recordings of our monthly presentations, we provide a
page with embedded video for easy access to the recording.  Putting a
good set of HTML tags together to get working embedded video in all
browsers and across all operating systems is not easy.  I hope this
will become easier when the &lt;video&gt; tag is implemented in all
browsers, but I am not sure.  We provide the recordings in several
formats, MPEG1, Ogg Theora, H.264 and Quicktime, and want the
browser/media plugin to pick one it support and use it to play the
recording, using whatever embed mechanism the browser understand.
There is at least four different tags to use for this, the new HTML5
&lt;video&gt; tag, the &lt;object&gt; tag, the &lt;embed&gt; tag and
the &lt;applet&gt; tag.  All of these take a lot of options, and
finding the best options is a major challenge.</p>

<p>I just tested the experimental Opera browser available from <a
href="http://labs.opera.com">labs.opera.com</a>, to see how it handled
a &lt;video&gt; tag with a few video sources and no extra attributes.
I was not very impressed.  The browser start by fetching a picture
from the video stream.  Not sure if it is the first frame, but it is
definitely very early in the recording.  So far, so good. Next,
instead of streaming the 76 MiB video file, it start to download all
of it, but do not start to play the video.  This mean I have to wait
for several minutes for the downloading to finish.  When the download
is done, the playing of the video do not start!  Waiting for the
download, but I do not get to see the video?  Some testing later, I
discover that I have to add the controls="true" attribute to be able
to get a play button to pres to start the video.  Adding
autoplay="true" did not help.  I sure hope this is a misfeature of the
test version of Opera, and that future implementations of the
&lt;video&gt; tag will stream recordings by default, or at least start
playing when the download is done.</p>

<p>The test page I used (since changed to add more attributes) is
<a href="http://www.nuug.no/aktiviteter/20090113-foredrag-om-foredrag/">available
from the nuug site</a>.  Will have to test it with the new Firefox
too.</p>

<p>In the test process, I discovered a missing feature.  I was unable
to find a way to get the URL of the playing video out of Opera, so I
am not quite sure it picked the Ogg Theora version of the video.  I
sure hope it was using the announced Ogg Theora support. :)</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/english">english</a>, <a href="../../tags/multimedia">multimedia</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/video">video</a>, <a href="../../tags/web">web</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Using_bar_codes_at_a_computing_center.html">Using bar codes at a computing center</a>
 </div>
 <div class="date">
  2009-02-20 08:50
 </div>

 <div class="body">
  
<p>At work with the University of Oslo, we have several hundred computers
in our computing center.  This give us a challenge in tracking the
location and cabling of the computers, when they are added, moved and
removed.  Some times the location register is not updated when a
computer is inserted or moved and we then have to search the room for
the "missing" computer.</p>

<p>In the last issue of Linux Journal, I came across a project
<a href="http://www.libdmtx.org/">libdmtx</a> to write and read bar
code blocks as defined in the
<a href="http://en.wikipedia.org/wiki/Data_Matrix">The Data Matrix
Standard</a>.  This is bar codes that can be read with a normal
digital camera, for example that on a cell phone, and several such bar
codes can be read by libdmtx from one picture.  The bar code standard
allow up to 2 KiB to be written in the tag.  There is another project
with <a href="http://www.terryburton.co.uk/barcodewriter/">a bar code
writer written in postscript</a> capable of creating such bar codes,
but this was the first time I found a tool to read these bar
codes.</p>

<p>It occurred to me that this could be used to tag and track the
machines in our computing center.  If both racks and computers are
tagged this way, we can use a picture of the rack and all its
computers to detect the rack location of any computer in that rack.
If we do this regularly for the entire room, we will find all
locations, and can detect movements and removals.</p>

<p>I decided to test if this would work in practice, and picked a
random rack and tagged all the machines with their names.  Next, I
took pictures with my digital camera, and gave the dmtxread program
these JPEG pictures to see how many tags it could read.  This worked
fairly well.  If the pictures was well focused and not taken from the
side, all tags in the image could be read.  Because of limited space
between the racks, I was unable to get a good picture of the entire
rack, but could without problem read all tags from a picture covering
about half the rack.  I had to limit the search time used by dmtxread
to 60000 ms to make sure it terminated in a reasonable time frame.</p>

<p>My conclusion is that this could work, and we should probably look
at adjusting our computer tagging procedures to use bar codes for
easier automatic tracking of computers.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Checking_server_hardware_support_status_for_Dell__HP_and_IBM_servers.html">Checking server hardware support status for Dell, HP and IBM servers</a>
 </div>
 <div class="date">
  2009-02-28 23:50
 </div>

 <div class="body">
  
<p>At work, we have a few hundred Linux servers, and with that amount
of hardware it is important to keep track of when the hardware support
contract expire for each server.  We have a machine (and service)
register, which until recently did not contain much useful besides the
machine room location and contact information for the system owner for
each machine.  To make it easier for us to track support contract
status, I've recently spent time on extending the machine register to
include information about when the support contract expire, and to tag
machines with expired contracts to make it easy to get a list of such
machines.  I extended a perl script already being used to import
information about machines into the register, to also do some screen
scraping off the sites of Dell, HP and IBM (our majority of machines
are from these vendors), and automatically check the support status
for the relevant machines.  This make the support status information
easily available and I hope it will make it easier for the computer
owner to know when to get new hardware or renew the support contract.
The result of this work documented that 27% of the machines in the
registry is without a support contract, and made it very easy to find
them.  27% might seem like a lot, but I see it more as the case of us
using machines a bit longer than the 3 years a normal support contract
last, to have test machines and a platform for less important
services.  After all, the machines without a contract are working fine
at the moment and the lack of contract is only a problem if any of
them break down.  When that happen, we can either fix it using spare
parts from other machines or move the service to another old
machine.</p>

<p>I believe the code for screen scraping the Dell site was originally
written by Trond Hasle Amundsen, and later adjusted by me and Morten
Werner Forsbring.  The HP scraping was written by me after reading a
nice article in ;login: about how to use WWW::Mechanize, and the IBM
scraping was written by me based on the Dell code.  I know the HTML
parsing could be done using nice libraries, but did not want to
introduce more dependencies.  This is the current incarnation:</p>

<pre>
use LWP::Simple;
use POSIX;
use WWW::Mechanize;
use Date::Parse;
[...]
sub get_support_info {
    my ($machine, $model, $serial, $productnumber) = @_;
    my $str;

    if ( $model =~ m/^Dell / ) {
        # fetch website from Dell support
        my $url = "http://support.euro.dell.com/support/topics/topic.aspx/emea/shared/support/my_systems_info/no/details?c=no&amp;cs=nodhs1&amp;l=no&amp;s=dhs&amp;ServiceTag=$serial";
        my $webpage = get($url);
        return undef unless ($webpage);

        my $daysleft = -1;
        my @lines = split(/\n/, $webpage);
        foreach my $line (@lines) {
            next unless ($line =~ m/Beskrivelse/);
            $line =~ s/&lt;[^>]+?>/;/gm;
            $line =~ s/^.+?;(Beskrivelse;)/$1/;

            my @f = split(/\;/, $line);
            @f = @f[13 .. $#f];
            my $lastend = "";
            while ($f[3] eq "DELL") {
                my ($type, $startstr, $endstr, $days) = @f[0, 5, 7, 10];

                my $start = POSIX::strftime("%Y-%m-%d",
                                            localtime(str2time($startstr)));
                my $end = POSIX::strftime("%Y-%m-%d",
                                          localtime(str2time($endstr)));
                $str .= "$type $start -> $end ";
                @f = @f[14 .. $#f];
                $lastend = $end if ($end gt $lastend);
            }
            my $today = POSIX::strftime("%Y-%m-%d", localtime(time));
            tag_machine_unsupported($machine)
                if ($lastend lt $today);
        }
    } elsif ( $model =~ m/^HP / ) {
        my $mech = WWW::Mechanize->new();
        my $url =
            'http://www1.itrc.hp.com/service/ewarranty/warrantyInput.do';
        $mech->get($url);
        my $fields = {
            'BODServiceID' => 'NA',
            'RegisteredPurchaseDate' => '',
            'country' => 'NO',
            'productNumber' => $productnumber,
            'serialNumber1' => $serial,
        };
        $mech->submit_form( form_number => 2,
                            fields      => $fields );
        # Next step is screen scraping
        my $content = $mech->content();

        $content =~ s/&lt;[^>]+?>/;/gm;
        $content =~ s/\s+/ /gm;
        $content =~ s/;\s*;/;;/gm;
        $content =~ s/;[\s;]+/;/gm;

        my $today = POSIX::strftime("%Y-%m-%d", localtime(time));

        while ($content =~ m/;Warranty Type;/) {
            my ($type, $status, $startstr, $stopstr) = $content =~
                m/;Warranty Type;([^;]+);.+?;Status;(\w+);Start Date;([^;]+);End Date;([^;]+);/;
            $content =~ s/^.+?;Warranty Type;//;
            my $start = POSIX::strftime("%Y-%m-%d",
                                        localtime(str2time($startstr)));
            my $end = POSIX::strftime("%Y-%m-%d",
                                      localtime(str2time($stopstr)));

            $str .= "$type ($status) $start -> $end ";

            tag_machine_unsupported($machine)
                if ($end lt $today);
        }
    } elsif ( $model =~ m/^IBM / ) {
        # This code ignore extended support contracts.
        my ($producttype) = $model =~ m/.*-\[(.{4}).+\]-/;
        if ($producttype &amp;&amp; $serial) {
            my $content =
                get("http://www-947.ibm.com/systems/support/supportsite.wss/warranty?action=warranty&amp;brandind=5000008&amp;Submit=Submit&amp;type=$producttype&amp;serial=$serial");
            if ($content) {
                $content =~ s/&lt;[^>]+?>/;/gm;
                $content =~ s/\s+/ /gm;
                $content =~ s/;\s*;/;;/gm;
                $content =~ s/;[\s;]+/;/gm;

                $content =~ s/^.+?;Warranty status;//;
                my ($status, $end) = $content =~ m/;Warranty status;([^;]+)\s*;Expiration date;(\S+) ;/;

                $str .= "($status) -> $end ";

                my $today = POSIX::strftime("%Y-%m-%d", localtime(time));
                tag_machine_unsupported($machine)
                    if ($end lt $today);
            }
        }
    }
    return $str;
}
</pre>

<p>Here are some examples on how to use the function, using fake
serial numbers.  The information passed in as arguments are fetched
from dmidecode.</p>

<pre>
print get_support_info("hp.host", "HP ProLiant BL460c G1", "1234567890"
                       "447707-B21");
print get_support_info("dell.host", "Dell Inc. PowerEdge 2950", "1234567");
print get_support_info("ibm.host", "IBM eserver xSeries 345 -[867061X]-",
                       "1234567");
</pre>

<p>I would recommend this approach for tracking support contracts for
everyone with more than a few computers to administer. :)</p>

<p>Update 2009-03-06: The IBM page do not include extended support
contracts, so it is useless in that case.  The original Dell code do
not handle extended support contracts either, but has been updated to
do so.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">Time for new  LDAP schemas replacing RFC 2307?</a>
 </div>
 <div class="date">
  2009-03-29 20:30
 </div>

 <div class="body">
  
<p>The state of standardized LDAP schemas on Linux is far from
optimal.  There is RFC 2307 documenting one way to store NIS maps in
LDAP, and a modified version of this normally called RFC 2307bis, with
some modifications to be compatible with Active Directory.  The RFC
specification handle the content of a lot of system databases, but do
not handle DNS zones and DHCP configuration.</p>

<p>In <a href="http://www.skolelinux.org/">Debian Edu/Skolelinux</a>,
we would like to store information about users, SMB clients/hosts,
filegroups, netgroups (users and hosts), DHCP and DNS configuration,
and LTSP configuration in LDAP.  These objects have a lot in common,
but with the current LDAP schemas it is not possible to have one
object per entity.  For example, one need to have at least three LDAP
objects for a given computer, one with the SMB related stuff, one with
DNS information and another with DHCP information.  The schemas
provided for DNS and DHCP are impossible to combine into one LDAP
object.  In addition, it is impossible to implement quick queries for
netgroup membership, because of the way NIS triples are implemented.
It just do not scale.  I believe it is time for a few RFC
specifications to cleam up this mess.</p>

<p>I would like to have one LDAP object representing each computer in
the network, and this object can then keep the SMB (ie host key), DHCP
(mac address/name) and DNS (name/IP address) settings in one place.
It need to be efficently stored to make sure it scale well.</p>

<p>I would also like to have a quick way to map from a user or
computer and to the net group this user or computer is a member.</p>

<p>Active Directory have done a better job than unix heads like myself
in this regard, and the unix side need to catch up.  Time to start a
new IETF work group?</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Returning_from_Skolelinux_developer_gathering.html">Returning from Skolelinux developer gathering</a>
 </div>
 <div class="date">
  2009-03-29 21:00
 </div>

 <div class="body">
  
<p>I'm sitting on the train going home from this weekends Debian
Edu/Skolelinux development gathering.  I got a bit done tuning the
desktop, and looked into the dynamic service location protocol
implementation avahi.  It look like it could be useful for us.  Almost
30 people participated, and I believe it was a great environment to
get to know the Skolelinux system.  Walter Bender, involved in the
development of the Sugar educational platform, presented his stuff and
also helped me improve my OLPC installation.  He also showed me that
his Turtle Art application can be used in standalone mode, and we
agreed that I would help getting it packaged for Debian.  As a
standalone application it would be great for Debian Edu.  We also
tried to get the video conferencing working with two OLPCs, but that
proved to be too hard for us.  The application seem to need more work
before it is ready for me.  I look forward to getting home and relax
now. :)</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Standardize_on_protocols_and_formats__not_vendors_and_applications.html">Standardize on protocols and formats, not vendors and applications</a>
 </div>
 <div class="date">
  2009-03-30 11:50
 </div>

 <div class="body">
  
<p>Where I work at the University of Oslo, one decision stand out as a
very good one to form a long lived computer infrastructure.  It is the
simple one, lost by many in todays computer industry: Standardize on
open network protocols and open exchange/storage formats, not applications.
Applications come and go, while protocols and files tend to stay, and
thus one want to make it easy to change application and vendor, while
avoiding conversion costs and locking users to a specific platform or
application.</p>

<p>This approach make it possible to replace the client applications
independently of the server applications.  One can even allow users to
use several different applications as long as they handle the selected
protocol and format.  In the normal case, only one client application
is recommended and users only get help if they choose to use this
application, but those that want to deviate from the easy path are not
blocked from doing so.</p>

<p>It also allow us to replace the server side without forcing the
users to replace their applications, and thus allow us to select the
best server implementation at any moment, when scale and resouce
requirements change.</p>

<p>I strongly recommend standardizing - on open network protocols and
open formats, but I would never recommend standardizing on a single
application that do not use open network protocol or open formats.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/standard">standard</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Recording_video_from_cron_using_VLC.html">Recording video from cron using VLC</a>
 </div>
 <div class="date">
  2009-04-05 10:00
 </div>

 <div class="body">
  
<p>One think I have wanted to figure out for a along time is how to
run vlc from cron to do recording of video streams on the net.  The
task is trivial with mplayer, but I do not really trust the security
of mplayer (it crashes too often on strange input), and thus prefer
vlc.  I finally found a way to do it today.  I spent an hour or so
searching the web for recipes and reading the documentation.  The
hardest part was to get rid of the GUI window, but after finding the
dummy interface, the command line finally presented itself:</p>

<blockquote><pre>URL=http://www.ping.uio.no/video/rms-oslo_2009.ogg
SAVEFILE=rms.ogg
DISPLAY= vlc -q $URL \
  --sout="#duplicate{dst=std{access=file,url='$SAVEFILE'},dst=nodisplay}" \
  --intf=dummy</pre></blockquote>

<p>The command stream the URL and store it in the SAVEFILE by
duplicating the output stream to "nodisplay" and the file, using the
dummy interface.  The dummy interface and the nodisplay output make
sure no X interface is needed.</p>

<p>The cron job then need to start this job with the appropriate URL
and file name to save, sleep for the duration wanted, and then kill
the vlc process with SIGTERM.  Here is a complete script
<tt>vlc-record</tt> to use from <tt>at</tt> or <tt>cron</tt>:</p>

<blockquote><pre>#!/bin/sh
set -e
URL="$1"
SAVEFILE="$2"
DURATION="$3"
DISPLAY= vlc -q "$URL" \
  --sout="#duplicate{dst=std{access=file,url='$SAVEFILE'},dst=nodisplay}" \
  --intf=dummy < /dev/null > /dev/null 2>&1 &
pid=$!
sleep $DURATION
kill $pid
wait $pid</pre></blockquote>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/video">video</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../No_patch_is_not_better_than_a_useless_patch.html">No patch is not better than a useless patch</a>
 </div>
 <div class="date">
  2009-04-28 09:30
 </div>

 <div class="body">
  
<p>Julien Blache
<a href="http://blog.technologeek.org/2009/04/12/214">claim that no
patch is better than a useless patch</a>.  I completely disagree, as a
patch allow one to discuss a concrete and proposed solution, and also
prove that the issue at hand is important enough for someone to spent
time on fixing it.  No patch do not provide any of these positive
properties.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html">Two projects that have improved the quality of free software a lot</a>
 </div>
 <div class="date">
  2009-05-02 15:00
 </div>

 <div class="body">
  
<p>There are two software projects that have had huge influence on the
quality of free software, and I wanted to mention both in case someone
do not yet know them.</p>

<p>The first one is <a href="http://valgrind.org/">valgrind</a>, a
tool to detect and expose errors in the memory handling of programs.
It is easy to use, all one need to do is to run 'valgrind program',
and it will report any problems on stdout.  It is even better if the
program include debug information.  With debug information, it is able
to report the source file name and line number where the problem
occurs.  It can report things like 'reading past memory block in file
X line N, the memory block was allocated in file Y, line M', and
'using uninitialised value in control logic'.  This tool has made it
trivial to investigate reproducible crash bugs in programs, and have
reduced the number of this kind of bugs in free software a lot.

<p>The second one is
<a href="http://en.wikipedia.org/wiki/Coverity">Coverity</a> which is
a source code checker.  It is able to process the source of a program
and find problems in the logic without running the program.  It
started out as the Stanford Checker and became well known when it was
used to find bugs in the Linux kernel.  It is now a commercial tool
and the company behind it is running
<a href="http://www.scan.coverity.com/">a community service</a> for the
free software community, where a lot of free software projects get
their source checked for free.  Several thousand defects have been
found and fixed so far.  It can find errors like 'lock L taken in file
X line N is never released if exiting in line M', or 'the code in file
Y lines O to P can never be executed'.  The projects included in the
community service project have managed to get rid of a lot of
reliability problems thanks to Coverity.</p>

<p>I believe tools like this, that are able to automatically find
errors in the source, are vital to improve the quality of software and
make sure we can get rid of the crashing and failing software we are
surrounded by today.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Debian_boots_quicker_and_quicker.html">Debian boots quicker and quicker</a>
 </div>
 <div class="date">
  2009-06-24 21:40
 </div>

 <div class="body">
  
<p>I spent Monday and tuesday this week in London with a lot of the
people involved in the boot system on Debian and Ubuntu, to see if we
could find more ways to speed up the boot system.  This was an Ubuntu
funded
<a href="https://wiki.ubuntu.com/FoundationsTeam/BootPerformance/DebianUbuntuSprint">developer
gathering</a>. It was quite productive.  We also discussed the future
of boot systems, and ways to handle the increasing number of boot
issues introduced by the Linux kernel becoming more and more
asynchronous and event base.  The Ubuntu approach using udev and
upstart might be a good way forward.  Time will show.</p>

<p>Anyway, there are a few ways at the moment to speed up the boot
process in Debian.  All of these should be applied to get a quick
boot:</p>

<ul>

<li>Use dash as /bin/sh.</li>

<li>Disable the init.d/hwclock*.sh scripts and make sure the hardware
   clock is in UTC.</li>

<li>Install and activate the insserv package to enable
   <a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
   based boot sequencing</a>, and enable concurrent booting.</li>

</ul>

These points are based on the Google summer of code work done by
<a href="http://initscripts-ng.alioth.debian.org/soc2006-bootsystem/">Carlos
Villegas</a>.

<p>Support for makefile-style concurrency during boot was uploaded to
unstable yesterday.  When we tested it, we were able to cut 6 seconds
from the boot sequence.  It depend on very correct dependency
declaration in all init.d scripts, so I expect us to find edge cases
where the dependences in some scripts are slightly wrong when we start
using this.</p>

<p>On our IRC channel for this effort, #pkg-sysvinit, a new idea was
introduced by Raphael Geissert today, one that could affect the
startup speed as well.  Instead of starting some scripts concurrently
from rcS.d/ and another set of scripts from rc2.d/, it would be
possible to run a of them in the same process.  A quick way to test
this would be to enable insserv and run 'mv /etc/rc2.d/S* /etc/rcS.d/;
insserv'.  Will need to test if that work. :)</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Taking_over_sysvinit_development.html">Taking over sysvinit development</a>
 </div>
 <div class="date">
  2009-07-22 23:00
 </div>

 <div class="body">
  
<p>After several years of frustration with the lack of activity from
the existing sysvinit upstream developer, I decided a few weeks ago to
take over the package and become the new upstream.  The number of
patches to track for the Debian package was becoming a burden, and the
lack of synchronization between the distribution made it hard to keep
the package up to date.</p>

<p>On the new sysvinit team is the SuSe maintainer Dr. Werner Fink,
and my Debian co-maintainer Kel Modderman.  About 10 days ago, I made
a new upstream tarball with version number 2.87dsf (for Debian, SuSe
and Fedora), based on the patches currently in use in these
distributions.  We Debian maintainers plan to move to this tarball as
the new upstream as soon as we find time to do the merge.  Since the
new tarball was created, we agreed with Werner at SuSe to make a new
upstream project at <a href="http://savannah.nongnu.org/">Savannah</a>, and continue
development there.  The project is registered and currently waiting
for approval by the Savannah administrators, and as soon as it is
approved, we will import the old versions from svn and continue
working on the future release.</p>

<p>It is a bit ironic that this is done now, when some of the involved
distributions are moving to upstart as a syvinit replacement.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Debian_has_switched_to_dependency_based_boot_sequencing.html">Debian has switched to dependency based boot sequencing</a>
 </div>
 <div class="date">
  2009-07-27 23:50
 </div>

 <div class="body">
  
<p>Since this evening, with the upload of sysvinit version 2.87dsf-2,
and the upload of insserv version 1.12.0-10 yesterday, Debian unstable
have been migrated to using dependency based boot sequencing.  This
conclude work me and others have been doing for the last three days.
It feels great to see this finally part of the default Debian
installation.  Now we just need to weed out the last few problems that
are bound to show up, to get everything ready for Squeeze.</p>

<p>The next step is migrating /sbin/init from sysvinit to upstart, and
fixing the more fundamental problem of handing the event based
non-predictable kernel in the early boot.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../ISO_still_hope_to_fix_OOXML.html">ISO still hope to fix OOXML</a>
 </div>
 <div class="date">
  2009-08-08 14:00
 </div>

 <div class="body">
  
<p>According to <a
href="http://twerner.blogspot.com/2009/08/defects-of-office-open-xml.html">a
blog post from Torsten Werner</a>, the current defect report for ISO
29500 (ISO OOXML) is 809 pages.  His interesting point is that the
defect report is 71 pages more than the full ODF 1.1 specification.
Personally I find it more interesting that ISO still believe ISO OOXML
can be fixed in ISO.  Personally, I believe it is broken beyon repair,
and I completely lack any trust in ISO for being able to get anywhere
close to solving the problems.  I was part of the Norwegian committee
involved in the OOXML fast track process, and was not impressed with
Standard Norway and ISO in how they handled it.</p>

<p>These days I focus on ODF instead, which seem like a specification
with the future ahead of it.  We are working in NUUG to organise a ODF
seminar this autumn.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/standard">standard</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Relative_popularity_of_document_formats__MS_Office_vs__ODF_.html">Relative popularity of document formats (MS Office vs. ODF)</a>
 </div>
 <div class="date">
  2009-08-12 15:50
 </div>

 <div class="body">
  
<p>Just for fun, I did a search right now on Google for a few file ODF
and MS Office based formats (not to be mistaken for ISO or ECMA
OOXML), to get an idea of their relative usage.  I searched using
'filetype:odt' and equvalent terms, and got these results:</P>

<table>
<tr><th>Type</th><th>ODF</th><th>MS Office</th></tr>
<tr><td>Tekst</td> <td>odt:282000</td> <td>docx:308000</td></tr>
<tr><td>Presentasjon</td> <td>odp:75600</td> <td>pptx:183000</td></tr>
<tr><td>Regneark</td> <td>ods:26500     </td> <td>xlsx:145000</td></tr>
</table>

<p>Next, I added a 'site:no' limit to get the numbers for Norway, and
got these numbers:</p>

<table>
<tr><th>Type</th><th>ODF</th><th>MS Office</th></tr>
<tr><td>Tekst</td> <td>odt:2480 </td> <td>docx:4460</td></tr>
<tr><td>Presentasjon</td> <td>odp:299   </td> <td>pptx:741</td></tr>
<tr><td>Regneark</td> <td>ods:187       </td> <td>xlsx:372</td></tr>
</table>

<p>I wonder how these numbers change over time.</p>

<p>I am aware of Google returning different results and numbers based
on where the search is done, so I guess these numbers will differ if
they are conduced in another country.  Because of this, I did the same
search from a machine in California, USA, a few minutes after the
search done from a machine here in Norway.</p>


<table>
<tr><th>Type</th><th>ODF</th><th>MS Office</th></tr>
<tr><td>Tekst</td> <td>odt:129000</td> <td>docx:308000</td></tr>
<tr><td>Presentasjon</td> <td>odp:44200</td> <td>pptx:93900</td></tr>
<tr><td>Regneark</td> <td>ods:26500     </td> <td>xlsx:82400</td></tr>
</table>

<p>And with 'site:no':

<table>
<tr><th>Type</th><th>ODF</th><th>MS Office</th></tr>
<tr><td>Tekst</td> <td>odt:2480</td> <td>docx:3410</td></tr>
<tr><td>Presentasjon</td> <td>odp:175</td> <td>pptx:604</td></tr>
<tr><td>Regneark</td> <td>ods:186       </td> <td>xlsx:296</td></tr>
</table>

<p>Interesting difference, not sure what to conclude from these
numbers.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/standard">standard</a>, <a href="../../tags/web">web</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Automatic_Munin_and_Nagios_configuration.html">Automatic Munin and Nagios configuration</a>
 </div>
 <div class="date">
  2010-01-27 15:15
 </div>

 <div class="body">
  
<p>One of the new features in the next Debian/Lenny based release of
Debian Edu/Skolelinux, which is scheduled for release in the next few
days, is automatic configuration of the service monitoring system
Nagios.  The previous release had automatic configuration of trend
analysis using Munin, and this Lenny based release take that a step
further.</p>

<p>When installing a Debian Edu Main-server, it is automatically
configured as a Munin and Nagios server.  In addition, it is
configured to be a server for the
<a href="http://wiki.debian.org/DebianEdu/HowTo/SiteSummary">SiteSummary
system</a> I have written for use in Debian Edu.  The SiteSummary
system is inspired by a system used by the University of Oslo where I
work.  In short, the system provide a centralised collector of
information about the computers on the network, and a client on each
computer submitting information to this collector.  This allow for
automatic information on which packages are installed on each machine,
which kernel the machines are using, what kind of configuration the
packages got etc.  This also allow us to automatically generate Munin
and Nagios configuration.</p>

<p>All computers reporting to the sitesummary collector with the
munin-node package installed is automatically enabled as a Munin
client and graphs from the statistics collected from that machine show
up automatically on http://www/munin/ on the Main-server.</p>

<p>All non-laptop computers reporting to the sitesummary collector are
automatically monitored for network presence (ping and any network
services detected).  In addition, all computers (also laptops) with
the nagios-nrpe-server package installed and configured the way
sitesummary would configure it, are monitored for full disks, software
raid status, swap free and other checks that need to run locally on
the machine.</p>

<p>The result is that the administrator on a school using Debian Edu
based on Lenny will be able to check the health of his installation
with one look at the Nagios settings, without having to spend any time
keeping the Nagios configuration up-to-date.</p>

<p>The only configuration one need to do to get Nagios up and running
is to set the password used to get access via HTTP.  The system
administrator need to run "<tt>htpasswd /etc/nagios3/htpasswd.users
nagiosadmin</tt>" to create a nagiosadmin user and set a password for
it to be able to log into the Nagios web pages.  After that,
everything is taken care of.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html">Debian Edu / Skolelinux based on Lenny released, work continues</a>
 </div>
 <div class="date">
  2010-02-11 17:15
 </div>

 <div class="body">
  
<p>On Tuesday, the Debian/Lenny based version of
<a href="http://www.skolelinux.org/">Skolelinux</a> was finally
shipped.  This was a major leap forward for the project, and I am very
pleased that we finally got the release wrapped up.  Work on the first
point release starts imediately, as we plan to get that one out a
month after the major release, to include all fixes for bugs we found
and fixed too late in the release process to include last Tuesday.</p>

<p>Perhaps it even is time for some partying?</p>

<p>After this first point release, my plan is to focus again on the
next major release, based on Squeeze.  We will try to get as many of
the fixes we need into the official Debian packages before the freeze,
and have just a few weeks or months to make it happen.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html">After 6 years of waiting, the Xreset.d feature is implemented</a>
 </div>
 <div class="date">
  2010-03-06 18:15
 </div>

 <div class="body">
  
<p>6 years ago, as part of the Debian Edu development I am involved
in, I asked for a hook in the kdm and gdm setup to run scripts as root
when the user log out.  A bug was submitted against the xfree86-common
package in 2004 (<a href="http://bugs.debian.org/230422">#230422</a>),
and revisited every time Debian Edu was working on a new release.
Today, this finally paid off.</p>

<p>The framework for this feature was today commited to the git
repositry for the xorg package, and the git repository for xdm has
been updated to use this framework.  Next on my agenda is to make sure
kdm and gdm also add code to use this framework.</p>

<p>In Debian Edu, we want to ability to run commands as root when the
user log out, to get rid of runaway processes and do general cleanup
after a user.  With this framework in place, we finally can do that in
a generic way that work with all display managers using this
framework.  My goal is to get all display managers in Debian use it,
similar to how they use the Xsession.d framework today.<p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Kerberos_for_Debian_Edu_Squeeze_.html">Kerberos for Debian Edu/Squeeze?</a>
 </div>
 <div class="date">
  2010-04-14 17:20
 </div>

 <div class="body">
  
<p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
NUUG presentation</a> about Kerberos was inspiring, and reminded me
about the need to start using Kerberos in Skolelinux.  Setting up a
Kerberos server seem to be straight forward, and if we get this in
place a long time before the Squeeze version of Debian freezes, we
have a chance to migrate Skolelinux away from NFSv3 for the home
directories, and over to an architecture where the infrastructure do
not have to trust IP addresses and machines, and instead can trust
users and cryptographic keys instead.</p>

<p>A challenge will be integration and administration.  Is there a
Kerberos implementation for Debian where one can control the
administration access in Kerberos using LDAP groups?  With it, the
school administration will have to maintain access control using flat
files on the main server, which give a huge potential for errors.</p>

<p>A related question I would like to know is how well Kerberos and
pam-ccreds (offline password check) work together.  Anyone know?</p>

<p>Next step will be to use Kerberos for access control in Lwat and
Nagios.  I have no idea how much work that will be to implement.  We
would also need to document how to integrate with Windows AD, as such
shared network will require two Kerberos realms that need to cooperate
to work properly.</p>

<p>I believe a good start would be to start using Kerberos on the
skolelinux.no machines, and this way get ourselves experience with
configuration and integration.  A natural starting point would be
setting up ldap.skolelinux.no as the Kerberos server, and migrate the
rest of the machines from PAM via LDAP to PAM via Kerberos one at the
time.</p>

<p>If you would like to contribute to get this working in Skolelinux,
I recommend you to see the video recording from yesterdays NUUG
presentation, and start using Kerberos at home.  The video show show
up in a few days.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html">Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"</a>
 </div>
 <div class="date">
  2010-04-19 17:10
 </div>

 <div class="body">
  
<p>The last few weeks i have had the pleasure of reading a
thought-provoking collection of essays by Cory Doctorow, on topics
touching copyright, virtual worlds, the future of man when the
conscience mind can be duplicated into a computer and many more. The
book titled "Content: Selected Essays on Technology, Creativity,
Copyright, and the Future of the Future" is available with few
restrictions on the web, for example from
<a href="http://craphound.com/content/">his own site</a>. I read the
epub-version from
<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
strongly recommend this book.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/english">english</a>, <a href="../../tags/fildeling">fildeling</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/opphavsrett">opphavsrett</a>, <a href="../../tags/personvern">personvern</a>, <a href="../../tags/sikkerhet">sikkerhet</a>, <a href="../../tags/web">web</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html">Thoughts on roaming laptop setup for Debian Edu</a>
 </div>
 <div class="date">
  2010-04-28 20:40
 </div>

 <div class="body">
  
<p>For some years now, I have wondered how we should handle laptops in
Debian Edu.  The Debian Edu infrastructure is mostly designed to
handle stationary computers, and less suited for computers that come
and go.</p>

<p>Now I finally believe I have an sensible idea on how to adjust
Debian Edu for laptops, by introducing a new profile for them, for
example called Roaming Workstations.  Here are my thought on this.
The setup would consist of the following:</p>

<ul>

 <li>During installation, the user name of the owner / primary user of
   the laptop is requested and a local home directory is set up for
   the user, with uid and gid information fetched from the LDAP
   server.  This allow the user to work also when offline.  The
   central home directory can be available in a subdirectory on
   request, for example mounted via CIFS.  It could be mounted
   automatically when a user log in while on the Debian Edu network,
   and unmounted when the machine is taken away (network down,
   hibernate, etc), it can be set up to do automatic mounting on
   request (using autofs), or perhaps some GUI button on the desktop
   can be used to access it when needed.  Perhaps it is enough to use
   the fish protocol in KDE?</li>

 <li>Password checking is set up to use LDAP or Kerberos
   authentication when the machine is on the Debian Edu network, and
   to cache the password for offline checking when the machine unable
   to reach the LDAP or Kerberos server.  This can be done using
   <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
   or the Fedora developed
   <a href="https://fedoraproject.org/wiki/Features/SSSD">System
   Security Services Daemon</a> packages.</li>

 <li>File synchronisation with the central home directory is set up
   using a shared directory in both the local and the central home
   directory, using unison.</li>

 <li>Printing should be set up to print to all printers broadcasting
   their existence on the local network, and should then work out of
   the box with CUPS.  For sites needing accurate printer quotas, some
   system with Kerberos authentication or printing via ssh could be
   implemented.</li>

 <li>For users that should have local root access to their laptop,
   sudo should be used to allow this to the local user.</li>

 <li>It would be nice if user and group information from LDAP is
   cached on the client, but given that there are entries for the
   local user and primary group in /etc/, it should not be needed.</li>

</ul>

<p>I believe all the pieces to implement this are in Debian/testing at
the moment.  If we work quickly, we should be able to get this ready
in time for the Squeeze release to freeze.  Some of the pieces need
tweaking, like libpam-ccreds should get support for pam-auth-update
(<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
perhaps debian-edu-config) should get some integration code to stop
its daemon when the LDAP server is unavailable to avoid long timeouts
when disconnected from the net.  If we get Kerberos enabled, we need
to make sure we avoid long timeouts there too.</p>

<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="../../Forcing_new_users_to_change_their_password_on_first_login.html">Forcing new users to change their password on first login</a>
 </div>
 <div class="date">
  2010-05-02 13:47
 </div>

 <div class="body">
  
<p>One interesting feature in Active Directory, is the ability to
create a new user with an expired password, and thus force the user to
change the password on the first login attempt.</p>

<p>I'm not quite sure how to do that with the LDAP setup in Debian
Edu, but did some initial testing with a local account.  The account
and password aging information is available in /etc/shadow, but
unfortunately, it is not possible to specify an expiration time for
passwords, only a maximum age for passwords.</p>

<p>A freshly created account (using adduser test) will have these
settings in /etc/shadow:</p>

<blockquote><pre>
root@tjener:~# chage -l test
Last password change                                    : May 02, 2010
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7
root@tjener:~#
</pre></blockquote>

<p>The only way I could come up with to create a user with an expired
account, is to change the date of the last password change to the
lowest value possible (January 1th 1970), and the maximum password age
to the difference in days between that date and today.  To make it
simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
avoid testing if 0 is a valid value).</p>

<p>After using these commands to set it up, it seem to work as
intended:</p>

<blockquote><pre>
root@tjener:~# chage -d 1 test; chage -M 10950 test
root@tjener:~# chage -l test
Last password change                                    : Jan 02, 1970
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10950
Number of days of warning before password expires       : 7
root@tjener:~#  
</pre></blockquote>

<p>So far I have tested this with ssh and console, and kdm (in
Squeeze) login, and all ask for a new password before login in the
user (with ssh, I was thrown out and had to log in again).</p>

<p>Perhaps we should set up something similar for Debian Edu, to make
sure only the user itself have the account password?</p>

<p>If you want to comment on or help out with implementing this for
Debian Edu, please contact us on debian-edu@lists.debian.org.</p>

<p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
shadow(8) page in Debian/testing now state that setting the date of
last password change to zero (0) will force the password to be changed
on the first login.  This was not mentioned in the manual in Lenny, so
I did not notice this in my initial testing.  I have tested it on
Squeeze, and '<tt>chage -d 0 username</tt>' do work there.  I have not
tested it on Lenny yet.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/sikkerhet">sikkerhet</a>.
 
 </div>
</div>
<div class="padding"></div>

 <p style="text-align: right;"><a href="english.rss"><img src="../../xml.gif" alt="RSS Feed" width="36" height="14"></a></p>




<div id="sidebar">

<h2>Archive</h2>
<ul>

<li>2010
<ul>

<li><a href="../../archive/2010/01/">January (2)</a></li>

<li><a href="../../archive/2010/02/">February (1)</a></li>

<li><a href="../../archive/2010/03/">March (3)</a></li>

<li><a href="../../archive/2010/04/">April (3)</a></li>

<li><a href="../../archive/2010/05/">May (1)</a></li>

</ul></li>

<li>2009
<ul>

<li><a href="../../archive/2009/01/">January (8)</a></li>

<li><a href="../../archive/2009/02/">February (8)</a></li>

<li><a href="../../archive/2009/03/">March (12)</a></li>

<li><a href="../../archive/2009/04/">April (10)</a></li>

<li><a href="../../archive/2009/05/">May (9)</a></li>

<li><a href="../../archive/2009/06/">June (3)</a></li>

<li><a href="../../archive/2009/07/">July (4)</a></li>

<li><a href="../../archive/2009/08/">August (3)</a></li>

<li><a href="../../archive/2009/09/">September (1)</a></li>

<li><a href="../../archive/2009/10/">October (2)</a></li>

<li><a href="../../archive/2009/11/">November (3)</a></li>

<li><a href="../../archive/2009/12/">December (3)</a></li>

</ul></li>

<li>2008
<ul>

<li><a href="../../archive/2008/11/">November (5)</a></li>

<li><a href="../../archive/2008/12/">December (7)</a></li>

</ul></li>

</ul>



<h2>Tags</h2>
<ul>

 <li><a href="../../tags/3d-printer">3d-printer (11)</a></li>

 <li><a href="../../tags/amiga">amiga (1)</a></li>

 <li><a href="../../tags/aros">aros (1)</a></li>

 <li><a href="../../tags/debian">debian (14)</a></li>

 <li><a href="../../tags/debian edu">debian edu (15)</a></li>

 <li><a href="../../tags/english">english (24)</a></li>

 <li><a href="../../tags/fiksgatami">fiksgatami (1)</a></li>

 <li><a href="../../tags/fildeling">fildeling (6)</a></li>

 <li><a href="../../tags/kart">kart (2)</a></li>

 <li><a href="../../tags/lenker">lenker (1)</a></li>

 <li><a href="../../tags/ltsp">ltsp (1)</a></li>

 <li><a href="../../tags/multimedia">multimedia (5)</a></li>

 <li><a href="../../tags/norsk">norsk (64)</a></li>

 <li><a href="../../tags/nuug">nuug (71)</a></li>

 <li><a href="../../tags/opphavsrett">opphavsrett (12)</a></li>

 <li><a href="../../tags/personvern">personvern (11)</a></li>

 <li><a href="../../tags/reprap">reprap (10)</a></li>

 <li><a href="../../tags/rss">rss (1)</a></li>

 <li><a href="../../tags/sikkerhet">sikkerhet (7)</a></li>

 <li><a href="../../tags/standard">standard (11)</a></li>

 <li><a href="../../tags/stavekontroll">stavekontroll (1)</a></li>

 <li><a href="../../tags/video">video (10)</a></li>

 <li><a href="../../tags/vitenskap">vitenskap (1)</a></li>

 <li><a href="../../tags/web">web (6)</a></li>

</ul>

</div>
</body>
</html>