1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>2 Spykee-roboter i hus, nå skal det lekes
</title>
11 <link>http://people.skolelinux.org/pere/blog/
2_Spykee_roboter_i_hus__n___skal_det_lekes.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/
2_Spykee_roboter_i_hus__n___skal_det_lekes.html
</guid>
13 <pubDate>Wed,
18 Aug
2010 13:
30:
00 +
0200</pubDate>
15 <p
>Jeg kjøpte nettopp to
16 <a href=
"http://www.spykee-robot.com/
">Spykee
</a
>-roboter, for test og
17 leking. Kjøpte to da det var så billige, og gir meg mulighet til å
18 eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
19 ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde
20 en liten stabel på lager som de ikke hadde klart å selge ut etter
21 fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
22 vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
23 det blir morsomt å se hva vi får ut av dette.
</p
>
25 <p
>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
26 og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som
27 jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i
28 mai. Eneste utfordringen er at kontroller-programvaren kun finnes til
29 Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
30 firmwaren. :)
</p
>
33 <li
><a href=
"http://en.wikipedia.org/wiki/Spykee
">Wikipedia-oppføring
</a
></li
>
34 <li
><a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html
">Nedlasting av firmware-kilden
</a
></li
>
40 <title>Rob Weir: How to Crush Dissent
</title>
41 <link>http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html
</link>
42 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html
</guid>
43 <pubDate>Sun,
15 Aug
2010 22:
20:
00 +
0200</pubDate>
45 <p
>I found the notes from Rob Weir on
46 <a href=
"http://feedproxy.google.com/~r/robweir/antic-atom/~
3/VGb23-kta8c/how-to-crush-dissent.html
">how
47 to crush dissent
</a
> matching my own thoughts on the matter quite
48 well. Highly recommended for those wondering which road our society
49 should go down. In my view we have been heading the wrong way for a
55 <title>No hardcoded config on Debian Edu clients
</title>
56 <link>http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html
</link>
57 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html
</guid>
58 <pubDate>Mon,
9 Aug
2010 20:
15:
00 +
0200</pubDate>
60 <p
>As reported earlier, the last few days I have looked at how Debian
61 Edu clients are configured, and tried to get rid of all hardcoded
62 configuration settings on the clients. I believe the work to be
63 mostly done, and the clients seem to work just fine with dynamically
64 generated configuration.
</p
>
66 <p
>What is the point, you might ask? The point is to allow a Debian
67 Edu desktop to integrate into an existing network infrastructure
68 without any manual configuration.
</p
>
70 <p
>This is what happens when installing a Debian Edu client here at
71 the University of Oslo using PXE. With the PXE installation, I am
72 asked for language (Norwegian Bokmål), locality (Norway) and keyboard
73 layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
74 accept to reformat the hard drive (yes), if I want to submit info to
75 popcon.debian.org (no) and root password (secret). After answering
76 these questions, the installer goes ahead and does its thing, and
77 after around
50 minutes it is done. I press enter to finish the
78 installation, and the machine reboots into KDE. When the machine is
79 ready and kdm asks for login information, I enter my university
80 username and password, am told by kdm that a local home directory has
81 been created and that I must log in again, and finally log in with the
82 same username and password to the KDE
4.4 desktop. At no point during
83 this process did it ask for university specific settings, and all the
84 required configuration was dynamically detected using information
85 fetched via DHCP and DNS. The roaming workstation is now ready for
88 <p
>How was this done, you might wonder? First of all, here is the
89 list of things that need to be configured on the client to get it
90 working properly out of the box:
</p
>
93 <li
>IP address/netmask and DNS server.
</li
>
94 <li
>Web proxy URL.
</li
>
95 <li
>LDAP server for NSS directory information (user, group, etc).
</li
>
96 <li
>Kerberos server for PAM password checking.
</li
>
97 <li
>SMB mount point to access the network home directory. (*)
</li
>
98 <li
>Central syslog server to send syslog messages to. (*)
</li
>
99 <li
>Sitesummary collector URL to submit info to central server. (*)
</li
>
102 <p
>(Hm, did I forget anything? Let me knew if I did.)
</p
>
104 <p
>The points marked (*) are not required to be able to use the
105 machine, but needed to provide central storage and allowing system
106 administrators to track their machines. Since yesterday, everything
107 but the sitesummary collector URL is dynamically discovered at boot
108 and installation time in the svn version of Debian Edu.
</p
>
110 <p
>The IP and DNS setup is fetched during boot using DHCP as usual.
111 When a DHCP update arrives, the proxy setup is updated by looking for
112 http://wpat/wpad.dat and using the content of this WPAD file to
113 configure the http and ftp proxy in /etc/environment and
114 /etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
115 hook to ensure that the client stops using the Debian Edu proxy when
116 it is moved outside the Debian Edu network, and instead uses any local
117 proxy present on the new network when it moves around.
</p
>
119 <p
>The DNS names of the LDAP, Kerberos and syslog server and related
120 configuration are generated using DNS information at boot. First the
121 installer looks for a host named ldap in the current DNS domain. If
122 not found, it looks for _ldap._tcp SRV records in DNS instead. If an
123 LDAP server is found, its root DSE entry is requested and the
124 attributes namingContexts and defaultNamingContext are used to
125 determine which LDAP base to use for NSS. If there are several
126 namingContexts attibutes and the defaultNamingContext is present, that
127 LDAP subtree is used as the base. If defaultNamingContext is missing,
128 the subtrees listed as namingContexts are searched in sequence for any
129 object with class posixAccount or posixGroup, and the first one with
130 such an object is used as the LDAP base. For Kerberos, a similar
131 search is done by first looking for a host named kerberos, and then
132 for the _kerberos._tcp SRV record. I
've been unable to find a way to
133 look up the Kerberos realm, so for this the upper case string of the
134 current DNS domain is used.
</p
>
136 <p
>For the syslog server, the hosts syslog and loghost are searched
137 for, and the _syslog._udp SRV record is consulted if no such host is
138 found. This algorithm works for both Debian Edu and the University of
139 Oslo. A similar strategy would work for locating the sitesummary
140 server, but have not been implemented yet. I decided to fetch and
141 save these settings during installation, to make sure moving to a
142 different network does not change the set of users being allowed to
143 log in nor the passwords required to log in. Usernames and passwords
144 will be cached by sssd when the user logs in on the Debian Edu
145 network, and will not change as the laptop move around. For a
146 non-roaming machine, there is no caching, but given that it is
147 supposed to stay in place it should not matter much. Perhaps we
148 should switch those to use sssd too?
</p
>
150 <p
>The user
's SMB mount point for the network home directory is
151 located when the user logs in for the first time. The LDAP server is
152 consulted to look for the user
's LDAP object and the sambaHomePath
153 attribute is used if found. If it isn
't found, the home directory
154 path fetched from NSS is used instead. Assuming the path is of the
155 form /site/server/directory/username, the second part is looked up in
156 DNS and used to generate a SMB URL of the form
157 smb://server.domain/username. This algorithm works for both Debian
158 edu and the University of Oslo. Perhaps there are better attributes
159 to use or a better algorithm that works for more sites, but this will
160 do for now. :)
</p
>
162 <p
>This work should make it easier to integrate the Debian Edu clients
163 into any LDAP/Kerberos infrastructure, and make the current setup even
164 more flexible than before. I suspect it will also work for thin
165 client servers, allowing one to easily set up LTSP and hook it into a
166 existing network infrastructure, but I have not had time to test this
169 <p
>If you want to help out with implementing these things for Debian
170 Edu, please contact us on debian-edu@lists.debian.org.
</p
>
172 <p
>Update
2010-
08-
09: Simon Farnsworth gave me a heads-up on how to
173 detect Kerberos realm from DNS, by looking for _kerberos TXT entries
174 before falling back to the upper case DNS domain name. Will have to
175 implement it for Debian Edu. :)
</p
>
180 <title>Testing if a file system can be used for home directories...
</title>
181 <link>http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
</link>
182 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
</guid>
183 <pubDate>Sun,
8 Aug
2010 21:
20:
00 +
0200</pubDate>
185 <p
>A few years ago, I was involved in a project planning to use
186 Windows file servers as home directory servers for Debian
187 Edu/Skolelinux machines. This was thought to be no problem, as the
188 access would be through the SMB network file system protocol, and we
189 knew other sites used SMB with unix and samba as the file server to
190 mount home directories without any problems. But, after months of
191 struggling, we had to conclude that our goal was impossible.
</p
>
193 <p
>The reason is simply that while SMB can be used for home
194 directories when the file server is Samba running on Unix, this only
195 work because of Samba have some extensions and the fact that the
196 underlying file system is a unix file system. When using a Windows
197 file server, the underlying file system do not have POSIX semantics,
198 and several programs will fail if the users home directory where they
199 want to store their configuration lack POSIX semantics.
</p
>
201 <p
>As part of this work, I wrote a small C program I want to share
202 with you all, to replicate a few of the problematic applications (like
203 OpenOffice.org and GCompris) and see if the file system was working as
204 it should. If you find yourself in spooky file system land, it might
205 help you find your way out again. This is the fs-test.c source:
</p
>
209 * Some tests to check the file system sematics. Used to verify that
210 * CIFS from a windows server do not work properly as a linux home
212 * License: GPL v2 or later
214 * needs libsqlite3-dev and build-essential installed
215 * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
218 #define _FILE_OFFSET_BITS
64
219 #define _LARGEFILE_SOURCE
1
220 #define _LARGEFILE64_SOURCE
1
222 #define _GNU_SOURCE /* for asprintf() */
224 #include
&lt;errno.h
>
225 #include
&lt;fcntl.h
>
226 #include
&lt;stdio.h
>
227 #include
&lt;string.h
>
228 #include
&lt;stdlib.h
>
229 #include
&lt;sys/file.h
>
230 #include
&lt;sys/stat.h
>
231 #include
&lt;sys/types.h
>
232 #include
&lt;unistd.h
>
236 * Test sqlite open, as done by gcompris require the libsqlite3-dev
237 * package and linking with -lsqlite3. A more low level test is
239 * See also
&lt;URL: http://www.sqlite.org./faq.html#q5
>.
241 #include
&lt;sqlite3.h
>
242 #define CREATE_TABLE_USERS \
243 "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT );
"
244 int test_sqlite_open(void) {
246 char *name =
"testsqlite.db
";
249 int rc = sqlite3_open(name,
&db);
251 printf(
"error: sqlite open of %s failed: %s\n
", name, sqlite3_errmsg(db));
257 rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL,
0,
&zErrMsg);
258 if( rc != SQLITE_OK ){
259 printf(
"error: sqlite table create failed: %s\n
", zErrMsg);
263 printf(
"info: sqlite worked\n
");
267 #endif /* TEST_SQLITE */
270 * Demonstrate locking issue found in gcompris using sqlite3. This
271 * work with ext3, but not with cifs server on Windows
2003. This is
272 * done in the sqlite3 library.
274 *
&lt;URL:http://www.cygwin.com/ml/cygwin/
2001-
08/msg00854.html
> and the
275 * POSIX specification
276 *
&lt;URL:http://www.opengroup.org/onlinepubs/
009695399/functions/fcntl.html
>.
278 int test_gcompris_locking(void) {
280 char *name =
"testsqlite.db
";
282 int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE,
0644);
283 printf(
"info: testing fcntl locking\n
");
285 fl.l_whence = SEEK_SET;
287 printf(
" Read-locking
1 byte from
1073741824");
288 fl.l_start =
1073741824;
291 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
293 printf(
" Read-locking
510 byte from
1073741826");
294 fl.l_start =
1073741826;
297 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
299 printf(
" Unlocking
1 byte from
1073741824");
300 fl.l_start =
1073741824;
303 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
305 printf(
" Write-locking
1 byte from
1073741824");
306 fl.l_start =
1073741824;
309 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
311 printf(
" Write-locking
510 byte from
1073741826");
312 fl.l_start =
1073741826;
314 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
316 printf(
" Unlocking
2 byte from
1073741824");
317 fl.l_start =
1073741824;
320 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
327 * Test if permissions of freshly created directories allow entries
328 * below them. This was a problem with OpenOffice.org and gcompris.
329 * Mounting with option
'sync
' seem to solve this problem while
330 * slowing down file operations.
332 int test_subdirectory_creation(void) {
334 char *path = strdup(
"test
");
337 printf(
"info: testing subdirectory creation\n
");
338 for (level =
0; level
&lt; LEVELS; level++) {
339 char *newpath = NULL;
340 if (-
1 == mkdir(path,
0777)) {
341 printf(
" error: Unable to create directory
'%s
': %s\n
",
342 path, strerror(errno));
345 asprintf(
&newpath,
"%s/%s
", path,
"test
");
353 * Test if symlinks can be created. This was a problem detected with
356 int test_symlinks(void) {
357 printf(
"info: testing symlink creation\n
");
358 unlink(
"symlink
");
359 if (-
1 == symlink(
"file
",
"symlink
"))
360 printf(
" error: Unable to create symlink\n
");
364 int main(int argc, char **argv) {
365 printf(
"Testing POSIX/Unix sematics on file system\n
");
367 test_subdirectory_creation();
370 #endif /* TEST_SQLITE */
371 test_gcompris_locking();
376 <p
>When everything is working, it should print something like
380 Testing POSIX/Unix sematics on file system
381 info: testing symlink creation
382 info: testing subdirectory creation
384 info: testing fcntl locking
385 Read-locking
1 byte from
1073741824
386 Read-locking
510 byte from
1073741826
387 Unlocking
1 byte from
1073741824
388 Write-locking
1 byte from
1073741824
389 Write-locking
510 byte from
1073741826
390 Unlocking
2 byte from
1073741824
393 <p
>I do not remember the exact details of the problems we saw, but one
394 of them was with locking, where if I remember correctly, POSIX allow a
395 read-only lock to be upgraded to a read-write lock without unlocking
396 the read-only lock (while Windows do not). Another was a bug in the
397 CIFS/SMB client implementation in the Linux kernel where directory
398 meta information would be wrong for a fraction of a second, making
399 OpenOffice.org fail to create its deep directory tree because it was
400 not allowed to create files in its freshly created directory.
</p
>
402 <p
>Anyway, here is a nice tool for your tool box, might you never need
408 <title>Autodetecting Client setup for roaming workstations in Debian Edu
</title>
409 <link>http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html
</link>
410 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html
</guid>
411 <pubDate>Sat,
7 Aug
2010 14:
45:
00 +
0200</pubDate>
413 <p
>A few days ago, I
414 <a href=
"http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
">tried
415 to install
</a
> a Roaming workation profile from Debian Edu/Squeeze
416 while on the university network here at the University of Oslo, and
417 noticed how much had to change to get it operational using the
418 university infrastructure. It was fairly easy, but it occured to me
419 that Debian Edu would improve a lot if I could get the client to
420 connect without any changes at all, and thus let the client configure
421 itself during installation and first boot to use the infrastructure
422 around it. Now I am a huge step further along that road.
</p
>
424 <p
>With our current squeeze-test packages, I can select the roaming
425 workstation profile and get a working laptop connecting to the
426 university LDAP server for user and group and our active directory
427 servers for Kerberos authentication. All this without any
428 configuration at all during installation. My users home directory got
429 a bookmark in the KDE menu to mount it via SMB, with the correct URL.
430 In short, openldap and sssd is correctly configured. In addition to
431 this, the client look for http://wpad/wpad.dat to configure a web
432 proxy, and when it fail to find it no proxy settings are stored in
433 /etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
434 configured to look for the same wpad configuration and also do not use
435 a proxy when at the university network. If the machine is moved to a
436 network with such wpad setup, it would automatically use it when DHCP
437 gave it a IP address.
</p
>
439 <p
>The LDAP server is located using DNS, by first looking for the DNS
440 entry ldap.$domain. If this do not exist, it look for the
441 _ldap._tcp.$domain SRV records and use the first one as the LDAP
442 server. Next, it connects to the LDAP server and search all
443 namingContexts entries for posixAccount or posixGroup objects, and
444 pick the first one as the LDAP base. For Kerberos, a similar
445 algorithm is used to locate the LDAP server, and the realm is the
446 uppercase version of $domain.
</p
>
448 <p
>So, what is not working, you might ask. SMB mounting my home
449 directory do not work. No idea why, but suspected the incorrect
450 Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
451 the cause. These are not properly configured during installation, and
452 had to be hand-edited to get the correct Kerberos realm and server,
453 but SMB mounting still do not work. :(
</p
>
455 <p
>With this automatic configuration in place, I expect a Debian Edu
456 roaming profile installation would be able to automatically detect and
457 connect to any site using LDAP and Kerberos for NSS directory and PAM
458 authentication. It should also work out of the box in a Active
459 Directory environment providing posixAccount and posixGroup objects
460 with UID and GID values.
</p
>
462 <p
>If you want to help out with implementing these things for Debian
463 Edu, please contact us on debian-edu@lists.debian.org.
</p
>
468 <title>Debian Edu roaming workstation - at the university of Oslo
</title>
469 <link>http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
</link>
470 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
</guid>
471 <pubDate>Tue,
3 Aug
2010 23:
30:
00 +
0200</pubDate>
473 <p
>The new roaming workstation profile in Debian Edu/Squeeze is fairly
474 similar to the laptop setup am I working on using Ubuntu for the
475 University of Oslo, and just for the heck of it, I tested today how
476 hard it would be to integrate that profile into the university
477 infrastructure. In this case, it is the university LDAP server,
478 Active Directory Kerberos server and SMB mounting from the Netapp file
481 <p
>I was pleasantly surprised that the only three files needed to be
482 changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
483 /etc/mklocaluser.d/
20-debian-edu-config) and one file had to be added
484 (/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
485 Most of the changes were to get the client to use the university LDAP
486 for NSS and Kerberos server for PAM, but one was to change a hard
487 coded DNS domain name in the mklocaluser hook from .intern to
490 <p
>This testing was so encouraging, that I went ahead and adjusted the
491 Debian Edu scripts and setup in subversion to centralise the roaming
492 workstation setup a bit more and avoid the hardcoded DNS domain name,
493 so that when I test this tomorrow, I expect to get away with modifying
494 only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
495 university servers.
</p
>
497 <p
>My goal is to get the clients to have no hardcoded settings and
498 fetch all their initial setup during installation and first boot, to
499 allow them to be inserted also into environments where the default
500 setup in Debian Edu has been changed or as with the university, where
501 the environment is different but provides the protocols Debian Edu
507 <title>Circular package dependencies harms apt recovery
</title>
508 <link>http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html
</link>
509 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html
</guid>
510 <pubDate>Tue,
27 Jul
2010 23:
50:
00 +
0200</pubDate>
512 <p
>I discovered this while doing
513 <a href=
"http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
">automated
514 testing of upgrades from Debian Lenny to Squeeze
</a
>. A few packages
515 in Debian still got circular dependencies, and it is often claimed
516 that apt and aptitude should be able to handle this just fine, but
517 some times these dependency loops causes apt to fail.
</p
>
519 <p
>An example is from todays
520 <a href=
"http://people.skolelinux.org/~pere/debian-upgrade-testing//test-
20100727-lenny-squeeze-kde-aptitude.txt
">upgrade
521 of KDE using aptitude
</a
>. In it, a bug in kdebase-workspace-data
522 causes perl-modules to fail to upgrade. The cause is simple. If a
523 package fail to unpack, then only part of packages with the circular
524 dependency might end up being unpacked when unpacking aborts, and the
525 ones already unpacked will fail to configure in the recovery phase
526 because its dependencies are unavailable.
</p
>
528 <p
>In this log, the problem manifest itself with this error:
</p
>
530 <blockquote
><pre
>
531 dpkg: dependency problems prevent configuration of perl-modules:
532 perl-modules depends on perl (
>=
5.10.1-
1); however:
533 Version of perl on system is
5.10.0-
19lenny
2.
534 dpkg: error processing perl-modules (--configure):
535 dependency problems - leaving unconfigured
536 </pre
></blockquote
>
538 <p
>The perl/perl-modules circular dependency is already
539 <a href=
"http://bugs.debian.org/
527917">reported as a bug
</a
>, and will
540 hopefully be solved as soon as possible, but it is not the only one,
541 and each one of these loops in the dependency tree can cause similar
542 failures. Of course, they only occur when there are bugs in other
543 packages causing the unpacking to fail, but it is rather nasty when
544 the failure of one package causes the problem to become worse because
545 of dependency loops.
</p
>
548 <a href=
"http://lists.debian.org/debian-devel/
2010/
06/msg00116.html
">the
549 tireless effort by Bill Allombert
</a
>, the number of circular
551 <a href=
"http://debian.semistable.com/debgraph.out.html
">left in Debian
552 is dropping
</a
>, and perhaps it will reach zero one day. :)
</p
>
554 <p
>Todays testing also exposed a bug in
555 <a href=
"http://bugs.debian.org/
590605">update-notifier
</a
> and
556 <a href=
"http://bugs.debian.org/
590604">different behaviour
</a
> between
557 apt-get and aptitude, the latter possibly caused by some circular
558 dependency. Reported both to BTS to try to get someone to look at
564 <title>First Debian Edu test release (alpha0) based on Squeeze is released
</title>
565 <link>http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html
</link>
566 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html
</guid>
567 <pubDate>Tue,
27 Jul
2010 17:
45:
00 +
0200</pubDate>
569 <p
>I just posted this announcement culminating several months of work
570 with the next Debian Edu release. Not nearly done, but one major step
574 <p
>This is the first test release based on Squeeze. The focus of this
575 release is to test the user application selection. To have a look,
576 install the standalone profile and let the developers know if the set
577 of installed packages i.e. applications should be modified. If some
578 user application is missing, or if there are some applications that no
579 longer make sense to be included in Debian Edu, please let us know.
580 Also, if a useful application is missing the translation for your
581 language of choice, please let us know too.
</p
>
583 <p
>In addition, feedback and help to polish the desktop (menus,
584 artwork, starters, etc.) is appreciated. We would like to ship a nice
585 and handy KDE4 desktop targeted for schools out of the box.
</p
>
587 <p
>The other profiles should be installable, but there is a lot more
588 work left to be done before they are ready, so do not expect to
591 <p
>Changes compared to the lenny based version
</p
>
594 <li
>Everything from Debian Squeeze
596 <li
>Desktop environment KDE
4.4 =
> the new KDE desktop in
597 combination with some new artwork
598 <li
>Web browser Iceweasel
3.5
599 <li
>OpenOffice.org
3.2
600 <li
>Educational toolbox GCompris
9.3
601 <li
>Music creator Rosegarden
10.04.2
602 <li
>Image editor Gimp
2.6.10
603 <li
>Virtual universe Celestia
1.6.0
604 <li
>Virtual stargazer Stellarium
0.10.4
605 <li
>3D modeler Blender
2.49.2 (new application)
606 <li
>Video editor Kdenlive
0.7.7 (new application)
607 </ul
></li
>
608 <li
>Now using Kerberos for password checking (migration not finished).
614 <li
>SMTP (sender verification)
617 <li
>New experimental roaming workstation profile for laptops.
</li
>
618 <li
>Show welcome page to users when they first log in. The URL is
619 fetched from LDAP.
</li
>
620 <li
>New LXDE desktop option, in addition to KDE (default) and Gnome.
</li
>
621 <li
>General cleanup (not finished)
</li
>
623 <p
>The following features are not working as they should
</p
>
626 <li
>No web based administration tool for creating users and groups. The
627 scripts ldap-createuser-krb and ldap-add-user-to-group can be used
628 for testing.
</li
>
629 <li
>DVD installs are missing debian-installer images for the PXE boot,
630 and do not set up the PXE menu on eth0 because of this. LTSP
631 clients should still boot from eth1 on thin client servers.
</li
>
632 <li
>The restructured KDE menu is not implemented.
</li
>
633 <li
>The LDAP server setup need to be reviewed for security.
</li
>
634 <li
>The LDAP directory structure need to be reworked.
</li
>
635 <li
>Different sets of packages are installed when using the DVD and the
636 netinst CD. More packages are installed using the netinst CD.
</li
>
637 <li
>The jackd package fail to install. This is believed to be caused by
638 some ongoing transition, and hopefully should be solved soon. The
639 jackd1 package can be installed manually for those that need it.
</li
>
640 <li
>Some packages lack translations. See
641 http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status,
642 and help out with translations.
</li
>
645 <p
>To download this multiarch netinstall release you can use
</p
>
648 <li
><a href=
"ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-
6.0.0+edua0-CD.iso
">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-
6.0.0+edua0-CD.iso
</a
></li
>
649 <li
><a href=
"http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-
6.0.0+edua0-CD.iso
">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-
6.0.0+edua0-CD.iso
</a
></li
>
650 <li
>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-
6.0.0+edua0-CD.iso
</li
>
652 <p
>To download this multiarch dvd release you can use
</p
>
655 <li
><a href=
"ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-
6.0.0+edua0-DVD.iso
">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-
6.0.0+edua0-DVD.iso
</a
></li
>
656 <li
><a href=
"http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-
6.0.0+edua0-DVD.iso
">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-
6.0.0+edua0-DVD.iso
</a
></li
>
657 <li
>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-
6.0.0+edua0-DVD.iso
</li
>
660 <p
>There is no source DVD available yet. It will be prepared when we
661 get closer to the final release.
</p
>
663 <p
>The MD5SUM of these images are
</p
>
666 <li
>3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-
6.0.0+edua0-CD.iso
</li
>
667 <li
>22f2cbfce281d1c6e478be452638675d debian-edu-
6.0.0+edua0-DVD.iso
</li
>
670 <p
>The SHA1SUM of these images are
</p
>
672 <li
>c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-
6.0.0+edua0-CD.iso
</li
>
673 <li
>2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-
6.0.0+edua0-DVD.iso
</li
>
675 <p
>How to report bugs:
676 http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla
</p
>
678 <p
>Please direct replies to debian-edu@lists.debian.org
</p
>
684 <title>One step closer to single signon in Debian Edu
</title>
685 <link>http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html
</link>
686 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html
</guid>
687 <pubDate>Sun,
25 Jul
2010 10:
00:
00 +
0200</pubDate>
689 <p
>The last few months me and the other Debian Edu developers have
690 been working hard to get the Debian/Squeeze based version of Debian
691 Edu/Skolelinux into shape. This future version will use Kerberos for
692 authentication, and services are slowly migrated to single signon,
693 getting rid of password questions one at the time.
</p
>
695 <p
>It will also feature a roaming workstation profile with local home
696 directory, for laptops that are only some times on the Skolelinux
697 network, and for this profile a shortcut is created in Gnome and KDE
698 to gain access to the users home directory on the file server. This
699 shortcut uses SMB at the moment, and yesterday I had time to test if
700 SMB mounting had started working in KDE after we added the cifs-utils
701 package. I was pleasantly surprised how well it worked.
</p
>
703 <p
>Thanks to the recent changes to our samba configuration to get it
704 to use Kerberos for authentication, there were no question about user
705 password when mounting the SMB volume. A simple click on the shortcut
706 in the KDE menu, and a window with the home directory popped
709 <p
>One step closer to a single signon solution out of the box in
710 Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now
711 also Samba. Next step is Cups and hopefully also NFS.
</p
>
713 <p
>We had planned a alpha0 release of Debian Edu for today, but thanks
714 to the autobuilder administrators for some architectures being slow to
715 sign packages, we are still missing the fixed LTSP package we need for
716 the release. It was uploaded three days ago with urgency=high, and if
717 it had entered testing yesterday we would have been able to test it in
718 time for a alpha0 release today. As the binaries for ia64 and powerpc
719 still not uploaded to the Debian archive, we need to delay the alpha
720 release another day.
</p
>
722 <p
>If you want to help out with implementing Kerberos for Debian Edu,
723 please contact us on debian-edu@lists.debian.org.
</p
>
728 <title>Digitale restriksjonsmekanismer fikk meg til å slutte å kjøpe musikk
</title>
729 <link>http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html
</link>
730 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html
</guid>
731 <pubDate>Thu,
22 Jul
2010 23:
50:
00 +
0200</pubDate>
733 <p
>For mange år siden slutte jeg å kjøpe musikk-CDer. Årsaken var at
734 musikkbransjen var godt i gang med å selge platene sine med DRM som
735 gjorde at jeg ikke fikk spilt av musikken jeg kjøpte på utstyret jeg
736 hadde tilgjengelig, dvs. min datamaskin. Det var umulig å se på en
737 plate om den var ødelagt eller ikke, og jeg hadde jo allerede en
738 anseelig samling med plater, så jeg bestemme meg for å slutte å gi
739 penger til en bransje som åpenbart ikke respekterte meg.
</p
>
741 <p
>Jeg har mange titalls dager med musikk på CD i dag. Det meste er
742 lagt i et stort arkiv som kan spilles av fra husets datamaskiner (har
743 ikke rukket rippe alt). Jeg ser dermed ikke behovet for å skaffe mer
744 musikk. De fleste av mine favoritter er i hus, og jeg er dermed godt
747 <p
>Hvis musikkbransjen ønsker mine penger, så må de demonstrere at de
748 setter pris på meg som kunde, og ikke skremme meg bort med DRM og
749 antydninger om at kundene er kriminelle.
</p
>
751 <p
>Filmbransjen er like ille, men mens musikk gjerne varer lenge, er
752 filmer mer ferskvare. Har dermed ikke helt sluttet å kjøpe filmer, men
753 holder meg til DVD-filmer som kan spilles av på mine Linuxbokser.
754 Kommer neppe til å ta i bruk Blueray, og ei heller de nye DRM-greiene
755 «Ultraviolet» som be annonsert her om dagen.
</p
>