1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries tagged debian
</title>
5 <description>Entries tagged debian
</description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
10 <title>Gratulerer med
19-årsdagen, Debian!
</title>
11 <link>http://people.skolelinux.org/pere/blog/Gratulerer_med_19__rsdagen__Debian_.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Gratulerer_med_19__rsdagen__Debian_.html
</guid>
13 <pubDate>Thu,
16 Aug
2012 11:
20:
00 +
0200</pubDate>
14 <description><p
>I dag fyller
15 <a href=
"http://www.debian.org/News/
2012/
20120813">Debian-prosjektet
19
16 år
</a
>. Jeg har fulgt det de siste
12 årene, og er veldig glad for å kunne
17 si gratulerer med dagen, Debian!.
</p
>
22 <title>Song book for Computer Scientists
</title>
23 <link>http://people.skolelinux.org/pere/blog/Song_book_for_Computer_Scientists.html
</link>
24 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Song_book_for_Computer_Scientists.html
</guid>
25 <pubDate>Sun,
24 Jun
2012 13:
30:
00 +
0200</pubDate>
26 <description><p
>Many years ago, while studying Computer Science at the
27 <a href=
"http://www.uit.no/
">University of Tromsø
</a
>, I started
28 collecting computer related songs for use at parties. The original
29 version was written in LaTeX, but a few years ago I got help from
30 Håkon W. Lie, one of the inventors of W3C CSS, to convert it to HTML
31 while keeping the ability to create a nice book in PDF format. I have
32 not had time to maintain the book for a while now, and guess I should
33 put it up on some public version control repository where others can
34 help me extend and update the book. If anyone is volunteering to help
35 me with this, send me an email. Also let me know if there are songs
36 missing in my book.
</p
>
38 <p
>I have not mentioned the book on my blog so far, and it occured to
39 me today that I really should let all my readers share the joys of
40 singing out load about programming, computers and computer networks.
41 Especially now that
<a href=
"http://debconf12.debconf.org/
">Debconf
42 12</a
> is about to start (and I am not going). Want to sing? Check
43 out
<a href=
"http://www.hungry.com/~pere/cs-songbook/
">Petter
's
44 Computer Science Songbook
</a
>.
49 <title>Automatically upgrading server firmware on Dell PowerEdge
</title>
50 <link>http://people.skolelinux.org/pere/blog/Automatically_upgrading_server_firmware_on_Dell_PowerEdge.html
</link>
51 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Automatically_upgrading_server_firmware_on_Dell_PowerEdge.html
</guid>
52 <pubDate>Mon,
21 Nov
2011 12:
00:
00 +
0100</pubDate>
53 <description><p
>At work we have heaps of servers. I believe the total count is
54 around
1000 at the moment. To be able to get help from the vendors
55 when something go wrong, we want to keep the firmware on the servers
56 up to date. If the firmware isn
't the latest and greatest, the
57 vendors typically refuse to start debugging any problems until the
58 firmware is upgraded. So before every reboot, we want to upgrade the
59 firmware, and we would really like everyone handling servers at the
60 university to do this themselves when they plan to reboot a machine.
61 For that to happen we at the unix server admin group need to provide
62 the tools to do so.
</p
>
64 <p
>To make firmware upgrading easier, I am working on a script to
65 fetch and install the latest firmware for the servers we got. Most of
66 our hardware are from Dell and HP, so I have focused on these servers
67 so far. This blog post is about the Dell part.
</P
>
69 <p
>On the Dell FTP site I was lucky enough to find
70 <a href=
"ftp://ftp.us.dell.com/catalog/Catalog.xml.gz
">an XML file
</a
>
71 with firmware information for all
11th generation servers, listing
72 which firmware should be used on a given model and where on the FTP
73 site I can find it. Using a simple perl XML parser I can then
74 download the shell scripts Dell provides to do firmware upgrades from
75 within Linux and reboot when all the firmware is primed and ready to
76 be activated on the first reboot.
</p
>
78 <p
>This is the Dell related fragment of the perl code I am working on.
79 Are there anyone working on similar tools for firmware upgrading all
80 servers at a site? Please get in touch and lets share resources.
</p
>
86 use File::Temp qw(tempdir);
88 # Install needed RHEL packages if missing
90 'XML::Simple
' =
> 'perl-XML-Simple
',
92 for my $module (keys %rhelmodules) {
93 eval
"use $module;
";
95 my $pkg = $rhelmodules{$module};
96 system(
"yum install -y $pkg
");
97 eval
"use $module;
";
101 my $errorsto =
'pere@hungry.com
';
107 sub run_firmware_script {
108 my ($opts, $script) = @_;
110 print STDERR
"fail: missing script name\n
";
113 print STDERR
"Running $script\n\n
";
115 if (
0 == system(
"sh $script $opts
")) { # FIXME correct exit code handling
116 print STDERR
"success: firmware script ran succcessfully\n
";
118 print STDERR
"fail: firmware script returned error\n
";
122 sub run_firmware_scripts {
123 my ($opts, @dirs) = @_;
124 # Run firmware packages
125 for my $dir (@dirs) {
126 print STDERR
"info: Running scripts in $dir\n
";
127 opendir(my $dh, $dir) or die
"Unable to open directory $dir: $!
";
128 while (my $s = readdir $dh) {
129 next if $s =~ m/^\.\.?/;
130 run_firmware_script($opts,
"$dir/$s
");
138 print STDERR
"info: Downloading $url\n
";
139 system(
"wget --quiet \
"$url\
"");
144 my $product = `dmidecode -s system-product-name`;
147 if ($product =~ m/PowerEdge/) {
149 # on RHEL, these pacakges are needed by the firwmare upgrade scripts
150 system(
'yum install -y compat-libstdc++-
33.i686 libstdc++.i686 libxml2.i686 procmail
');
152 my $tmpdir = tempdir(
156 fetch_dell_fw(
'catalog/Catalog.xml.gz
');
157 system(
'gunzip Catalog.xml.gz
');
158 my @paths = fetch_dell_fw_list(
'Catalog.xml
');
159 # -q is quiet, disabling interactivity and reducing console output
160 my $fwopts =
"-q
";
162 for my $url (@paths) {
165 run_firmware_scripts($fwopts, $tmpdir);
167 print STDERR
"error: Unsupported Dell model
'$product
'.\n
";
168 print STDERR
"error: Please report to $errorsto.\n
";
172 print STDERR
"error: Unsupported Dell model
'$product
'.\n
";
173 print STDERR
"error: Please report to $errorsto.\n
";
179 my $url =
"ftp://ftp.us.dell.com/$path
";
183 # Using ftp://ftp.us.dell.com/catalog/Catalog.xml.gz, figure out which
184 # firmware packages to download from Dell. Only work for Linux
185 # machines and
11th generation Dell servers.
186 sub fetch_dell_fw_list {
187 my $filename = shift;
189 my $product = `dmidecode -s system-product-name`;
191 my ($mybrand, $mymodel) = split(/\s+/, $product);
193 print STDERR
"Finding firmware bundles for $mybrand $mymodel\n
";
195 my $xml = XMLin($filename);
197 for my $bundle (@{$xml-
>{SoftwareBundle}}) {
198 my $brand = $bundle-
>{TargetSystems}-
>{Brand}-
>{Display}-
>{content};
199 my $model = $bundle-
>{TargetSystems}-
>{Brand}-
>{Model}-
>{Display}-
>{content};
201 if (
"ARRAY
" eq ref $bundle-
>{TargetOSes}-
>{OperatingSystem}) {
202 $oscode = $bundle-
>{TargetOSes}-
>{OperatingSystem}[
0]-
>{osCode};
204 $oscode = $bundle-
>{TargetOSes}-
>{OperatingSystem}-
>{osCode};
206 if ($mybrand eq $brand
&& $mymodel eq $model
&& "LIN
" eq $oscode)
208 @paths = map { $_-
>{path} } @{$bundle-
>{Contents}-
>{Package}};
211 for my $component (@{$xml-
>{SoftwareComponent}}) {
212 my $componenttype = $component-
>{ComponentType}-
>{value};
214 # Drop application packages, only firmware and BIOS
215 next if
'APAC
' eq $componenttype;
217 my $cpath = $component-
>{path};
218 for my $path (@paths) {
219 if ($cpath =~ m%/$path$%) {
220 push(@paths, $cpath);
228 <p
>The code is only tested on RedHat Enterprise Linux, but I suspect
229 it could work on other platforms with some tweaking. Anyone know a
230 index like Catalog.xml is available from HP for HP servers? At the
231 moment I maintain a similar list manually and it is quickly getting
237 <title>How is booting into runlevel
1 different from single user boots?
</title>
238 <link>http://people.skolelinux.org/pere/blog/How_is_booting_into_runlevel_1_different_from_single_user_boots_.html
</link>
239 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/How_is_booting_into_runlevel_1_different_from_single_user_boots_.html
</guid>
240 <pubDate>Thu,
4 Aug
2011 12:
40:
00 +
0200</pubDate>
241 <description><p
>Wouter Verhelst have some
242 <a href=
"http://grep.be/blog/en/retorts/pere_kubuntu_boot
">interesting
243 comments and opinions
</a
> on my blog post on
244 <a href=
"http://people.skolelinux.org/pere/blog/What_should_start_from__etc_rcS_d__in_Debian____almost_nothing.html
">the
245 need to clean up /etc/rcS.d/ in Debian
</a
> and my blog post about
246 <a href=
"http://people.skolelinux.org/pere/blog/What_is_missing_in_the_Debian_desktop__or_why_my_parents_use_Kubuntu.html
">the
247 default KDE desktop in Debian
</a
>. I only have time to address one
248 small piece of his comment now, and though it best to address the
249 misunderstanding he bring forward:
</p
>
251 <p
><blockquote
>
252 Currently, a system admin has four options: [...] boot to a
253 single-user system (by adding
'single
' to the kernel command line;
254 this runs rcS and rc1 scripts)
255 </blockquote
></p
>
257 <p
>This make me believe Wouter believe booting into single user mode
258 and booting into runlevel
1 is the same. I am not surprised he
259 believe this, because it would make sense and is a quite sensible
260 thing to believe. But because the boot in Debian is slightly broken,
261 runlevel
1 do not work properly and it isn
't the same as single user
262 mode. I
'll try to explain what is actually happing, but it is a bit
263 hard to explain.
</p
>
265 <p
>Single user mode is defined like this in /etc/inittab:
266 "<tt
>~~:S:wait:/sbin/sulogin
</tt
>". This means the only thing that is
267 executed in single user mode is sulogin. Single user mode is a boot
268 state
"between
" the runlevels, and when booting into single user mode,
269 only the scripts in /etc/rcS.d/ are executed before the init process
270 enters the single user state. When switching to runlevel
1, the state
271 is in fact not ending in runlevel
1, but it passes through runlevel
1
272 and end up in the single user mode (see /etc/rc1.d/S03single, which
273 runs
"init -t1 S
" to switch to single user mode at the end of runlevel
274 1. It is confusing that the
'S
' (single user) init mode is not the
275 mode enabled by /etc/rcS.d/ (which is more like the initial boot
278 <p
>This summary might make it clearer. When booting for the first
279 time into single user mode, the following commands are executed:
280 "<tt
>/etc/init.d/rc S; /sbin/sulogin
</tt
>". When booting into
281 runlevel
1, the following commands are executed:
"<tt
>/etc/init.d/rc
282 S; /etc/init.d/rc
1; /sbin/sulogin
</tt
>". A problem show up when
283 trying to continue after visiting single user mode. Not all services
284 are started again as they should, causing the machine to end up in an
285 unpredicatble state. This is why Debian admins recommend rebooting
286 after visiting single user mode.
</p
>
288 <p
>A similar problem with runlevel
1 is caused by the amount of
289 scripts executed from /etc/rcS.d/. When switching from say runlevel
2
290 to runlevel
1, the services started from /etc/rcS.d/ are not properly
291 stopped when passing through the scripts in /etc/rc1.d/, and not
292 started again when switching away from runlevel
1 to the runlevels
293 2-
5. I believe the problem is best fixed by moving all the scripts
294 out of /etc/rcS.d/ that are not
<strong
>required
</strong
> to get a
295 functioning single user mode during boot.
</p
>
297 <p
>I have spent several years investigating the Debian boot system,
298 and discovered this problem a few years ago. I suspect it originates
299 from when sysvinit was introduced into Debian, a long time ago.
</p
>
304 <title>What should start from /etc/rcS.d/ in Debian? - almost nothing
</title>
305 <link>http://people.skolelinux.org/pere/blog/What_should_start_from__etc_rcS_d__in_Debian____almost_nothing.html
</link>
306 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/What_should_start_from__etc_rcS_d__in_Debian____almost_nothing.html
</guid>
307 <pubDate>Sat,
30 Jul
2011 14:
00:
00 +
0200</pubDate>
308 <description><p
>In the Debian boot system, several packages include scripts that
309 are started from /etc/rcS.d/. In fact, there is a bite more of them
310 than make sense, and this causes a few problems. What kind of
311 problems, you might ask. There are at least two problems. The first
312 is that it is not possible to recover a machine after switching to
313 runlevel
1. One need to actually reboot to get the machine back to
314 the expected state. The other is that single user boot will sometimes
315 run into problems because some of the subsystems are activated before
316 the root login is presented, causing problems when trying to recover a
317 machine from a problem in that subsystem. A minor additional point is
318 that moving more scripts out of rcS.d/ and into the other rc#.d/
319 directories will increase the amount of scripts that can run in
320 parallel during boot, and thus decrease the boot time.
</p
>
322 <p
>So, which scripts should start from rcS.d/. In short, only the
323 scripts that _have_ to execute before the root login prompt is
324 presented during a single user boot should go there. Everything else
325 should go into the numeric runlevels. This means things like
326 lm-sensors, fuse and x11-common should not run from rcS.d, but from
327 the numeric runlevels. Today in Debian, there are around
115 init.d
328 scripts that are started from rcS.d/, and most of them should be moved
329 out. Do your package have one of them? Please help us make single
330 user and runlevel
1 better by moving it.
</p
>
332 <p
>Scripts setting up the screen, keyboard, system partitions
333 etc. should still be started from rcS.d/, but there is for example no
334 need to have the network enabled before the single user login prompt
335 is presented.
</p
>
337 <p
>As always, things are not so easy to fix as they sound. To keep
338 Debian systems working while scripts migrate and during upgrades, the
339 scripts need to be moved from rcS.d/ to rc2.d/ in reverse dependency
340 order, ie the scripts that nothing in rcS.d/ depend on can be moved,
341 and the next ones can only be moved when their dependencies have been
342 moved first. This migration must be done sequentially while we ensure
343 that the package system upgrade packages in the right order to keep
344 the system state correct. This will require some coordination when it
345 comes to network related packages, but most of the packages with
346 scripts that should migrate do not have anything in rcS.d/ depending
347 on them. Some packages have already been updated, like the sudo
348 package, while others are still left to do. I wish I had time to work
349 on this myself, but real live constrains make it unlikely that I will
350 find time to push this forward.
</p
>
355 <title>What is missing in the Debian desktop, or why my parents use Kubuntu
</title>
356 <link>http://people.skolelinux.org/pere/blog/What_is_missing_in_the_Debian_desktop__or_why_my_parents_use_Kubuntu.html
</link>
357 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/What_is_missing_in_the_Debian_desktop__or_why_my_parents_use_Kubuntu.html
</guid>
358 <pubDate>Fri,
29 Jul
2011 08:
10:
00 +
0200</pubDate>
359 <description><p
>While at Debconf11, I have several times during discussions
360 mentioned the issues I believe should be improved in Debian for its
361 desktop to be useful for more people. The use case for this is my
362 parents, which are currently running Kubuntu which solve the
365 <p
>I suspect these four missing features are not very hard to
366 implement. After all, they are present in Ubuntu, so if we wanted to
367 do this in Debian we would have a source.
</p
>
371 <li
><strong
>Simple GUI based upgrade of packages.
</strong
> When there
372 are new packages available for upgrades, a icon in the KDE status bar
373 indicate this, and clicking on it will activate the simple upgrade
374 tool to handle it. I have no problem guiding both of my parents
375 through the process over the phone. If a kernel reboot is required,
376 this too is indicated by the status bars and the upgrade tool. Last
377 time I checked, nothing with the same features was working in KDE in
380 <li
><strong
>Simple handling of missing Firefox browser
381 plugins.
</strong
> When the browser encounter a MIME type it do not
382 currently have a handler for, it will ask the user if the system
383 should search for a package that would add support for this MIME type,
384 and if the user say yes, the APT sources will be searched for packages
385 advertising the MIME type in their control file (visible in the
386 Packages file in the APT archive). If one or more packages are found,
387 it is a simple click of the mouse to add support for the missing mime
388 type. If the package require the user to accept some non-free
389 license, this is explained to the user. The entire process make it
390 more clear to the user why something do not work in the browser, and
391 make the chances higher for the user to blame the web page authors and
392 not the browser for any missing features.
</li
>
394 <li
><strong
>Simple handling of missing multimedia codec/format
395 handlers.
</strong
> When the media players encounter a format or codec
396 it is not supporting, a dialog pop up asking the user if the system
397 should search for a package that would add support for it. This
398 happen with things like MP3, Windows Media or H
.264. The selection
399 and installation procedure is very similar to the Firefox browser
400 plugin handling. This is as far as I know implemented using a
401 gstreamer hook. The end result is that the user easily get access to
402 the codecs that are present from the APT archives available, while
403 explaining more on why a given format is unsupported by Ubuntu.
</li
>
405 <li
><strong
>Better browser handling of some MIME types.
</strong
> When
406 displaying a text/plain file in my Debian browser, it will propose to
407 start emacs to show it. If I remember correctly, when doing the same
408 in Kunbutu it show the file as a text file in the browser. At least I
409 know Opera will show text files within the browser. I much prefer the
410 latter behaviour.
</li
>
414 <p
>There are other nice features as well, like the simplified suite
415 upgrader, but given that I am the one mostly doing the dist-upgrade,
416 it do not matter much.
</p
>
418 <p
>I really hope we could get these features in place for the next
419 Debian release. It would require the coordinated effort of several
420 maintainers, but would make the end user experience a lot better.
</p
>
425 <title>Perl modules used by FixMyStreet which are missing in Debian/Squeeze
</title>
426 <link>http://people.skolelinux.org/pere/blog/Perl_modules_used_by_FixMyStreet_which_are_missing_in_Debian_Squeeze.html
</link>
427 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Perl_modules_used_by_FixMyStreet_which_are_missing_in_Debian_Squeeze.html
</guid>
428 <pubDate>Tue,
26 Jul
2011 12:
25:
00 +
0200</pubDate>
429 <description><p
>The Norwegian
<a href=
"http://www.fiksgatami.no/
">FiksGataMi
</A
>
430 site is build on Debian/Squeeze, and this platform was chosen because
431 I am most familiar with Debian (being a Debian Developer for around
10
432 years) because it is the latest stable Debian release which should get
433 security support for a few years.
</p
>
435 <p
>The web service is written in Perl, and depend on some perl modules
436 that are missing in Debian at the moment. It would be great if these
437 modules were added to the Debian archive, allowing anyone to set up
438 their own
<a href=
"http://www.fixmystreet.com
">FixMyStreet
</a
> clone
439 in their own country using only Debian packages. The list of modules
440 missing in Debian/Squeeze isn
't very long, and I hope the perl group
441 will find time to package the
12 modules Catalyst::Plugin::SmartURI,
442 Catalyst::Plugin::Unicode::Encoding, Catalyst::View::TT, Devel::Hide,
443 Sort::Key, Statistics::Distributions, Template::Plugin::Comma,
444 Template::Plugin::DateTime::Format, Term::Size::Any, Term::Size::Perl,
445 URI::SmartURI and Web::Scraper to make the maintenance of FixMyStreet
446 easier in the future.
</p
>
448 <p
>Thanks to the great tools in Debian, getting the missing modules
449 installed on my server was a simple call to
'cpan2deb Module::Name
'
450 and
'dpkg -i
' to install the resulting package. But this leave me
451 with the responsibility of tracking security problems, which I really
452 do not have time for.
</p
>
457 <title>A Norwegian FixMyStreet have kept me busy the last few weeks
</title>
458 <link>http://people.skolelinux.org/pere/blog/A_Norwegian_FixMyStreet_have_kept_me_busy_the_last_few_weeks.html
</link>
459 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/A_Norwegian_FixMyStreet_have_kept_me_busy_the_last_few_weeks.html
</guid>
460 <pubDate>Sun,
3 Apr
2011 22:
50:
00 +
0200</pubDate>
461 <description><p
>Here is a small update for my English readers. Most of my blog
462 posts have been in Norwegian the last few weeks, so here is a short
463 update in English.
</p
>
465 <p
>The kids still keep me too busy to get much free software work
466 done, but I did manage to organise a project to get a Norwegian port
467 of the British service
468 <a href=
"http://www.fixmystreet.com/
">FixMyStreet
</a
> up and running,
469 and it has been running for a month now. The entire project has been
470 organised by me and two others. Around Christmas we gathered sponsors
471 to fund the development work. In January I drafted a contract with
472 <a href=
"http://www.mysociety.org/
">mySociety
</a
> on what to develop,
473 and in February the development took place. Most of it involved
474 converting the source to use GPS coordinates instead of British
475 easting/northing, and the resulting code should be a lot easier to get
476 running in any country by now. The Norwegian
477 <a href=
"http://www.fiksgatami.no/
">FiksGataMi
</a
> is using
478 <a href=
"http://www.openstreetmap.org/
">OpenStreetmap
</a
> as the map
479 source and the source for administrative borders in Norway, and
480 support for this had to be added/fixed.
</p
>
482 <p
>The Norwegian version went live March
3th, and we spent the weekend
483 polishing the system before we announced it March
7th. The system is
484 running on a KVM instance of Debian/Squeeze, and has seen almost
3000
485 problem reports in a few weeks. Soon we hope to announce the Android
486 and iPhone versions making it even easier to report problems with the
487 public infrastructure.
</p
>
489 <p
>Perhaps something to consider for those of you in countries without
490 such service?
</p
>
495 <title>Using NVD and CPE to track CVEs in locally maintained software
</title>
496 <link>http://people.skolelinux.org/pere/blog/Using_NVD_and_CPE_to_track_CVEs_in_locally_maintained_software.html
</link>
497 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Using_NVD_and_CPE_to_track_CVEs_in_locally_maintained_software.html
</guid>
498 <pubDate>Fri,
28 Jan
2011 15:
40:
00 +
0100</pubDate>
499 <description><p
>The last few days I have looked at ways to track open security
500 issues here at my work with the University of Oslo. My idea is that
501 it should be possible to use the information about security issues
502 available on the Internet, and check our locally
503 maintained/distributed software against this information. It should
504 allow us to verify that no known security issues are forgotten. The
505 CVE database listing vulnerabilities seem like a great central point,
506 and by using the package lists from Debian mapped to CVEs provided by
507 the testing security team, I believed it should be possible to figure
508 out which security holes were present in our free software
509 collection.
</p
>
511 <p
>After reading up on the topic, it became obvious that the first
512 building block is to be able to name software packages in a unique and
513 consistent way across data sources. I considered several ways to do
514 this, for example coming up with my own naming scheme like using URLs
515 to project home pages or URLs to the Freshmeat entries, or using some
516 existing naming scheme. And it seem like I am not the first one to
517 come across this problem, as MITRE already proposed and implemented a
518 solution. Enter the
<a href=
"http://cpe.mitre.org/index.html
">Common
519 Platform Enumeration
</a
> dictionary, a vocabulary for referring to
520 software, hardware and other platform components. The CPE ids are
521 mapped to CVEs in the
<a href=
"http://web.nvd.nist.gov/
">National
522 Vulnerability Database
</a
>, allowing me to look up know security
523 issues for any CPE name. With this in place, all I need to do is to
524 locate the CPE id for the software packages we use at the university.
525 This is fairly trivial (I google for
'cve cpe $package
' and check the
526 NVD entry if a CVE for the package exist).
</p
>
528 <p
>To give you an example. The GNU gzip source package have the CPE
529 name cpe:/a:gnu:gzip. If the old version
1.3.3 was the package to
530 check out, one could look up
531 <a href=
"http://web.nvd.nist.gov/view/vuln/search?cpe=cpe%
3A%
2Fa%
3Agnu%
3Agzip:
1.3.3">cpe:/a:gnu:gzip:
1.3.3
532 in NVD
</a
> and get a list of
6 security holes with public CVE entries.
533 The most recent one is
534 <a href=
"http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-
2010-
0001">CVE-
2010-
0001</a
>,
535 and at the bottom of the NVD page for this vulnerability the complete
536 list of affected versions is provided.
</p
>
538 <p
>The NVD database of CVEs is also available as a XML dump, allowing
539 for offline processing of issues. Using this dump, I
've written a
540 small script taking a list of CPEs as input and list all CVEs
541 affecting the packages represented by these CPEs. One give it CPEs
542 with version numbers as specified above and get a list of open
543 security issues out.
</p
>
545 <p
>Of course for this approach to be useful, the quality of the NVD
546 information need to be high. For that to happen, I believe as many as
547 possible need to use and contribute to the NVD database. I notice
549 <a href=
"https://www.redhat.com/security/data/metrics/rhsamapcpe.txt
">a
550 map from CVE to CPE
</a
>, indicating that they are using the CPE
551 information. I
'm not aware of Debian and Ubuntu doing the same.
</p
>
553 <p
>To get an idea about the quality for free software, I spent some
554 time making it possible to compare the CVE database from Debian with
555 the CVE database in NVD. The result look fairly good, but there are
556 some inconsistencies in NVD (same software package having several
557 CPEs), and some inaccuracies (NVD not mentioning buggy packages that
558 Debian believe are affected by a CVE). Hope to find time to improve
559 the quality of NVD, but that require being able to get in touch with
560 someone maintaining it. So far my three emails with questions and
561 corrections have not seen any reply, but I hope contact can be
562 established soon.
</p
>
564 <p
>An interesting application for CPEs is cross platform package
565 mapping. It would be useful to know which packages in for example
566 RHEL, OpenSuSe and Mandriva are missing from Debian and Ubuntu, and
567 this would be trivial if all linux distributions provided CPE entries
568 for their packages.
</p
>
573 <title>Which module is loaded for a given PCI and USB device?
</title>
574 <link>http://people.skolelinux.org/pere/blog/Which_module_is_loaded_for_a_given_PCI_and_USB_device_.html
</link>
575 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Which_module_is_loaded_for_a_given_PCI_and_USB_device_.html
</guid>
576 <pubDate>Sun,
23 Jan
2011 00:
20:
00 +
0100</pubDate>
577 <description><p
>In the
578 <a href=
"http://packages.qa.debian.org/discover-data
">discover-data
</a
>
579 package in Debian, there is a script to report useful information
580 about the running hardware for use when people report missing
581 information. One part of this script that I find very useful when
582 debugging hardware problems, is the part mapping loaded kernel module
583 to the PCI device it claims. It allow me to quickly see if the kernel
584 module I expect is driving the hardware I am struggling with. To see
585 the output, make sure discover-data is installed and run
586 <tt
>/usr/share/bug/discover-data
3>&1</tt
>. The relevant output on
587 one of my machines like this:
</p
>
591 10de:
03eb i2c_nforce2
594 10de:
03f0 snd_hda_intel
603 <p
>The code in question look like this, slightly modified for
604 readability and to drop the output to file descriptor
3:
</p
>
607 if [ -d /sys/bus/pci/devices/ ] ; then
608 echo loaded pci modules:
610 cd /sys/bus/pci/devices/
611 for address in * ; do
612 if [ -d
"$address/driver/module
" ] ; then
613 module=`cd $address/driver/module ; pwd -P | xargs basename`
614 if grep -q
"^$module
" /proc/modules ; then
615 address=$(echo $address |sed s/
0000://)
616 id=`lspci -n -s $address | tail -n
1 | awk
'{print $
3}
'`
617 echo
"$id $module
"
626 <p
>Similar code could be used to extract USB device module
630 if [ -d /sys/bus/usb/devices/ ] ; then
631 echo loaded usb modules:
633 cd /sys/bus/usb/devices/
634 for address in * ; do
635 if [ -d
"$address/driver/module
" ] ; then
636 module=`cd $address/driver/module ; pwd -P | xargs basename`
637 if grep -q
"^$module
" /proc/modules ; then
638 address=$(echo $address |sed s/
0000://)
639 id=$(lsusb -s $address | tail -n
1 | awk
'{print $
6}
')
640 if [
"$id
" ] ; then
641 echo
"$id $module
"
651 <p
>This might perhaps be something to include in other tools as
657 <title>How to test if a laptop is working with Linux
</title>
658 <link>http://people.skolelinux.org/pere/blog/How_to_test_if_a_laptop_is_working_with_Linux.html
</link>
659 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/How_to_test_if_a_laptop_is_working_with_Linux.html
</guid>
660 <pubDate>Wed,
22 Dec
2010 14:
55:
00 +
0100</pubDate>
661 <description><p
>The last few days I have spent at work here at the
<a
662 href=
"http://www.uio.no/
">University of Oslo
</a
> testing if the new
663 batch of computers will work with Linux. Every year for the last few
664 years the university have organised shared bid of a few thousand
665 computers, and this year HP won the bid. Two different desktops and
666 five different laptops are on the list this year. We in the UNIX
667 group want to know which one of these computers work well with RHEL
668 and Ubuntu, the two Linux distributions we currently handle at the
669 university.
</p
>
671 <p
>My test method is simple, and I share it here to get feedback and
672 perhaps inspire others to test hardware as well. To test, I PXE
673 install the OS version of choice, and log in as my normal user and run
674 a few applications and plug in selected pieces of hardware. When
675 something fail, I make a note about this in the test matrix and move
676 on. If I have some spare time I try to report the bug to the OS
677 vendor, but as I only have the machines for a short time, I rarely
678 have the time to do this for all the problems I find.
</p
>
680 <p
>Anyway, to get to the point of this post. Here is the simple tests
681 I perform on a new model.
</p
>
685 <li
>Is PXE installation working? I
'm testing with RHEL6, Ubuntu Lucid
686 and Ubuntu Maverik at the moment. If I feel like it, I also test with
687 RHEL5 and Debian Edu/Squeeze.
</li
>
689 <li
>Is X.org working? If the graphical login screen show up after
690 installation, X.org is working.
</li
>
692 <li
>Is hardware accelerated OpenGL working? Running glxgears (in
693 package mesa-utils on Ubuntu) and writing down the frames per second
694 reported by the program.
</li
>
696 <li
>Is sound working? With Gnome and KDE, a sound is played when
697 logging in, and if I can hear this the test is successful. If there
698 are several audio exits on the machine, I try them all and check if
699 the Gnome/KDE audio mixer can control where to send the sound. I
700 normally test this by playing
701 <a href=
"http://www.nuug.no/aktiviteter/
20101012-chef/
">a HTML5
702 video
</a
> in Firefox/Iceweasel.
</li
>
704 <li
>Is the USB subsystem working? I test this by plugging in a USB
705 memory stick and see if Gnome/KDE notices this.
</li
>
707 <li
>Is the CD/DVD player working? I test this by inserting any CD/DVD
708 I have lying around, and see if Gnome/KDE notices this.
</li
>
710 <li
>Is any built in camera working? Test using cheese, and see if a
711 picture from the v4l device show up.
</li
>
713 <li
>Is bluetooth working? Use the Gnome/KDE browsing tool to see if
714 any bluetooth devices are discovered. In my office, I normally see a
717 <li
>For laptops, is the SD or Compaq Flash reader working. I have
718 memory modules lying around, and stick them in and see if Gnome/KDE
719 notice this.
</li
>
721 <li
>For laptops, is suspend/hibernate working? I
'm testing if the
722 special button work, and if the laptop continue to work after
725 <li
>For laptops, is the extra buttons working, like audio level,
726 adjusting background light, switching on/off external video output,
727 switching on/off wifi, bluetooth, etc? The set of buttons differ from
728 laptop to laptop, so I just write down which are working and which are
731 <li
>Some laptops have smart card readers, finger print readers,
732 acceleration sensors etc. I rarely test these, as I do not know how
733 to quickly test if they are working or not, so I only document their
734 existence.
</li
>
738 <p
>By now I suspect you are really curious what the test results are
739 for the HP machines I am testing. I
'm not done yet, so I will report
740 the test results later. For now I can report that HP
8100 Elite work
741 fine, and hibernation fail with HP EliteBook
8440p on Ubuntu Lucid,
742 and audio fail on RHEL6. Ubuntu Maverik worked with
8440p. As you
743 can see, I have most machines left to test. One interesting
744 observation is that Ubuntu Lucid has almost twice the frame rate than
745 RHEL6 with glxgears. No idea why.
</p
>
750 <title>Some thoughts on BitCoins
</title>
751 <link>http://people.skolelinux.org/pere/blog/Some_thoughts_on_BitCoins.html
</link>
752 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Some_thoughts_on_BitCoins.html
</guid>
753 <pubDate>Sat,
11 Dec
2010 15:
10:
00 +
0100</pubDate>
754 <description><p
>As I continue to explore
755 <a href=
"http://www.bitcoin.org/
">BitCoin
</a
>, I
've starting to wonder
756 what properties the system have, and how it will be affected by laws
757 and regulations here in Norway. Here are some random notes.
</p
>
759 <p
>One interesting thing to note is that since the transactions are
760 verified using a peer to peer network, all details about a transaction
761 is known to everyone. This means that if a BitCoin address has been
762 published like I did with mine in my initial post about BitCoin, it is
763 possible for everyone to see how many BitCoins have been transfered to
764 that address. There is even a web service to look at the details for
765 all transactions. There I can see that my address
766 <a href=
"http://blockexplorer.com/address/
15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
</a
>
767 have received
16.06 Bitcoin, the
768 <a href=
"http://blockexplorer.com/address/
1LfdGnGuWkpSJgbQySxxCWhv
8MHqvwst
3">1LfdGnGuWkpSJgbQySxxCWhv
8MHqvwst
3</a
>
769 address of Simon Phipps have received
181.97 BitCoin and the address
770 <a href=
"http://blockexplorer.com/address/
1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt
">1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt
</A
>
771 of EFF have received
2447.38 BitCoins so far. Thank you to each and
772 every one of you that donated bitcoins to support my activity. The
773 fact that anyone can see how much money was transfered to a given
774 address make it more obvious why the BitCoin community recommend to
775 generate and hand out a new address for each transaction. I
'm told
776 there is no way to track which addresses belong to a given person or
777 organisation without the person or organisation revealing it
778 themselves, as Simon, EFF and I have done.
</p
>
780 <p
>In Norway, and in most other countries, there are laws and
781 regulations limiting how much money one can transfer across the border
782 without declaring it. There are money laundering, tax and accounting
783 laws and regulations I would expect to apply to the use of BitCoin.
784 If the Skolelinux foundation
785 (
<a href=
"http://linuxiskolen.no/slxdebianlabs/donations.html
">SLX
786 Debian Labs
</a
>) were to accept donations in BitCoin in addition to
787 normal bank transfers like EFF is doing, how should this be accounted?
788 Given that it is impossible to know if money can across the border or
789 not, should everything or nothing be declared? What exchange rate
790 should be used when calculating taxes? Would receivers have to pay
791 income tax if the foundation were to pay Skolelinux contributors in
792 BitCoin? I have no idea, but it would be interesting to know.
</p
>
794 <p
>For a currency to be useful and successful, it must be trusted and
795 accepted by a lot of users. It must be possible to get easy access to
796 the currency (as a wage or using currency exchanges), and it must be
797 easy to spend it. At the moment BitCoin seem fairly easy to get
798 access to, but there are very few places to spend it. I am not really
799 a regular user of any of the vendor types currently accepting BitCoin,
800 so I wonder when my kind of shop would start accepting BitCoins. I
801 would like to buy electronics, travels and subway tickets, not herbs
802 and books. :) The currency is young, and this will improve over time
803 if it become popular, but I suspect regular banks will start to lobby
804 to get BitCoin declared illegal if it become popular. I
'm sure they
805 will claim it is helping fund terrorism and money laundering (which
806 probably would be true, as is any currency in existence), but I
807 believe the problems should be solved elsewhere and not by blaming
808 currencies.
</p
>
810 <p
>The process of creating new BitCoins is called mining, and it is
811 CPU intensive process that depend on a bit of luck as well (as one is
812 competing against all the other miners currently spending CPU cycles
813 to see which one get the next lump of cash). The
"winner
" get
50
814 BitCoin when this happen. Yesterday I came across the obvious way to
815 join forces to increase ones changes of getting at least some coins,
816 by coordinating the work on mining BitCoins across several machines
817 and people, and sharing the result if one is lucky and get the
50
819 <a href=
"http://www.bluishcoder.co.nz/bitcoin-pool/
">BitCoin Pool
</a
>
820 if this sounds interesting. I have not had time to try to set up a
821 machine to participate there yet, but have seen that running on ones
822 own for a few days have not yield any BitCoins througth mining
825 <p
>Update
2010-
12-
15: Found an
<a
826 href=
"http://inertia.posterous.com/reply-to-the-underground-economist-why-bitcoi
">interesting
827 criticism
</a
> of bitcoin. Not quite sure how valid it is, but thought
828 it was interesting to read. The arguments presented seem to be
829 equally valid for gold, which was used as a currency for many years.
</p
>
834 <title>Now accepting bitcoins - anonymous and distributed p2p crypto-money
</title>
835 <link>http://people.skolelinux.org/pere/blog/Now_accepting_bitcoins___anonymous_and_distributed_p2p_crypto_money.html
</link>
836 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Now_accepting_bitcoins___anonymous_and_distributed_p2p_crypto_money.html
</guid>
837 <pubDate>Fri,
10 Dec
2010 08:
20:
00 +
0100</pubDate>
838 <description><p
>With this weeks lawless
839 <a href=
"http://www.salon.com/news/opinion/glenn_greenwald/
2010/
12/
06/wikileaks/index.html
">governmental
840 attacks
</a
> on Wikileak and
841 <a href=
"http://www.salon.com/technology/dan_gillmor/
2010/
12/
06/war_on_speech
">free
842 speech
</a
>, it has become obvious that PayPal, visa and mastercard can
843 not be trusted to handle money transactions.
845 <a href=
"http://webmink.com/
2010/
12/
06/now-accepting-bitcoin/
">Simon
846 Phipps on bitcoin
</a
> reminded me about a project that a friend of
847 mine mentioned earlier. I decided to follow Simon
's example, and get
848 involved with
<a href=
"http://www.bitcoin.org/
">BitCoin
</a
>. I got
849 some help from my friend to get it all running, and he even handed me
850 some bitcoins to get started. I even donated a few bitcoins to Simon
851 for helping me remember BitCoin.
</p
>
853 <p
>So, what is bitcoins, you probably wonder? It is a digital
854 crypto-currency, decentralised and handled using peer-to-peer
855 networks. It allows anonymous transactions and prohibits central
856 control over the transactions, making it impossible for governments
857 and companies alike to block donations and other transactions. The
858 source is free software, and while the key dependency wxWidgets
2.9
859 for the graphical user interface is missing in Debian, the command
860 line client builds just fine. Hopefully Jonas
861 <a href=
"http://bugs.debian.org/
578157">will get the package into
862 Debian
</a
> soon.
</p
>
864 <p
>Bitcoins can be converted to other currencies, like USD and EUR.
865 There are
<a href=
"http://www.bitcoin.org/trade
">companies accepting
866 bitcoins
</a
> when selling services and goods, and there are even
867 currency
"stock
" markets where the exchange rate is decided. There
868 are not many users so far, but the concept seems promising. If you
869 want to get started and lack a friend with any bitcoins to spare,
871 <a href=
"https://freebitcoins.appspot.com/
">some for free
</a
> (
0.05
872 bitcoin at the time of writing). Use
873 <a href=
"http://www.bitcoinwatch.com/
">BitcoinWatch
</a
> to keep an eye
874 on the current exchange rates.
</p
>
876 <p
>As an experiment, I have decided to set up bitcoind on one of my
877 machines. If you want to support my activity, please send Bitcoin
878 donations to the address
879 <b
>15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
</b
>. Thank you!
</p
>
884 <title>Why isn
't Debian Edu using VLC?
</title>
885 <link>http://people.skolelinux.org/pere/blog/Why_isn_t_Debian_Edu_using_VLC_.html
</link>
886 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Why_isn_t_Debian_Edu_using_VLC_.html
</guid>
887 <pubDate>Sat,
27 Nov
2010 11:
30:
00 +
0100</pubDate>
888 <description><p
>In the latest issue of Linux Journal, the readers choices were
889 presented, and the winner among the multimedia player were VLC.
890 Personally, I like VLC, and it is my player of choice when I first try
891 to play a video file or stream. Only if VLC fail will I drag out
892 gmplayer to see if it can do better. The reason is mostly the failure
893 model and trust. When VLC fail, it normally pop up a error message
894 reporting the problem. When mplayer fail, it normally segfault or
895 just hangs. The latter failure mode drain my trust in the program.
<p
>
897 <p
>But even if VLC is my player of choice, we have choosen to use
898 mplayer in
<a href=
"http://www.skolelinux.org/
">Debian
899 Edu/Skolelinux
</a
>. The reason is simple. We need a good browser
900 plugin to play web videos seamlessly, and the VLC browser plugin is
901 not very good. For example, it lack in-line control buttons, so there
902 is no way for the user to pause the video. Also, when I
903 <a href=
"http://wiki.debian.org/DebianEdu/BrowserMultimedia
">last
904 tested the browser plugins
</a
> available in Debian, the VLC plugin
905 failed on several video pages where mplayer based plugins worked. If
906 the browser plugin for VLC was as good as the gecko-mediaplayer
907 package (which uses mplayer), we would switch.
</P
>
909 <p
>While VLC is a good player, its user interface is slightly
910 annoying. The most annoying feature is its inconsistent use of
911 keyboard shortcuts. When the player is in full screen mode, its
912 shortcuts are different from when it is playing the video in a window.
913 For example, space only work as pause when in full screen mode. I
914 wish it had consisten shortcuts and that space also would work when in
915 window mode. Another nice shortcut in gmplayer is [enter] to restart
916 the current video. It is very nice when playing short videos from the
917 web and want to restart it when new people arrive to have a look at
918 what is going on.
</p
>
923 <title>Lenny-
>Squeeze upgrades of the Gnome and KDE desktop, now with apt-get autoremove
</title>
924 <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades_of_the_Gnome_and_KDE_desktop__now_with_apt_get_autoremove.html
</link>
925 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades_of_the_Gnome_and_KDE_desktop__now_with_apt_get_autoremove.html
</guid>
926 <pubDate>Mon,
22 Nov
2010 14:
15:
00 +
0100</pubDate>
927 <description><p
>Michael Biebl suggested to me on IRC, that I changed my automated
928 upgrade testing of the
929 <a href=
"http://people.skolelinux.org/~pere/debian-upgrade-testing/
">Lenny
930 Gnome and KDE Desktop
</a
> to do
<tt
>apt-get autoremove
</tt
> when using apt-get.
931 This seem like a very good idea, so I adjusted by test scripts and
932 can now present the updated result from today:
</p
>
934 <p
>This is for Gnome:
</p
>
936 <p
>Installed using apt-get, missing with aptitude
</p
>
938 <blockquote
><p
>
950 freedesktop-sound-theme
952 gconf-defaults-service
967 gnome-desktop-environment
971 gnome-session-canberra
976 gstreamer0.10-fluendo-mp3
985 libaprutil1-dbd-sqlite3
988 libboost-date-time1.42
.0
989 libboost-python1.42
.0
990 libboost-thread1.42
.0
992 libchamplain-gtk-
0.4-
0
994 libclutter-gtk-
0.10-
0
1001 libfreerdp-plugins-standard
1016 libgnomepanel2.24-cil
1021 libgtksourceview2.0-common
1022 libmono-addins-gui0.2-cil
1023 libmono-addins0.2-cil
1024 libmono-cairo2.0-cil
1025 libmono-corlib2.0-cil
1026 libmono-i18n-west2.0-cil
1027 libmono-posix2.0-cil
1028 libmono-security2.0-cil
1029 libmono-sharpzip2.84-cil
1030 libmono-system2.0-cil
1033 libndesk-dbus-glib1.0-cil
1034 libndesk-dbus1.0-cil
1044 libtelepathy-farsight0
1053 nautilus-sendto-empathy
1057 python-aptdaemon-gtk
1059 python-beautifulsoup
1074 python-gtksourceview2
1085 python-pkg-resources
1092 python-twisted-conch
1098 python-zope.interface
1103 rhythmbox-plugin-cdrecorder
1110 system-config-printer-udev
1112 telepathy-mission-control-
5
1123 </p
></blockquote
>
1125 <p
>Installed using apt-get, removed with aptitude
</p
>
1127 <blockquote
><p
>
1133 fast-user-switch-applet
1152 libgtksourceview2.0-
0
1154 libsdl1.2debian-alsa
1160 system-config-printer
1165 </p
></blockquote
>
1167 <p
>Installed using aptitude, missing with apt-get
</p
>
1169 <blockquote
><p
>
1170 gstreamer0.10-gnomevfs
1171 </p
></blockquote
>
1173 <p
>Installed using aptitude, removed with apt-get
</p
>
1175 <blockquote
><p
>
1177 </p
></blockquote
>
1179 <p
>This is for KDE:
</p
>
1181 <p
>Installed using apt-get, missing with aptitude
</p
>
1183 <blockquote
><p
>
1185 </p
></blockquote
>
1187 <p
>Installed using apt-get, removed with aptitude
</p
>
1189 <blockquote
><p
>
1192 </p
></blockquote
>
1194 <p
>Installed using aptitude, missing with apt-get
</p
>
1196 <blockquote
><p
>
1210 kdeartwork-emoticons
1212 kdeartwork-theme-icon
1216 kdebase-workspace-bin
1217 kdebase-workspace-data
1231 kscreensaver-xsavers
1246 plasma-dataengines-workspace
1248 plasma-desktopthemes-artwork
1249 plasma-runners-addons
1250 plasma-scriptengine-googlegadgets
1251 plasma-scriptengine-python
1252 plasma-scriptengine-qedje
1253 plasma-scriptengine-ruby
1254 plasma-scriptengine-webkit
1255 plasma-scriptengines
1256 plasma-wallpapers-addons
1257 plasma-widget-folderview
1258 plasma-widget-networkmanagement
1262 xscreensaver-data-extra
1264 xscreensaver-gl-extra
1265 xscreensaver-screensaver-bsod
1266 </p
></blockquote
>
1268 <p
>Installed using aptitude, removed with apt-get
</p
>
1270 <blockquote
><p
>
1272 google-gadgets-common
1290 libggadget-qt-
1.0-
0b
1295 libkonqsidebarplugin4a
1304 libplasma-geolocation-interface4
1306 libplasmagenericshell4
1320 libsmokeknewstuff2-
3
1321 libsmokeknewstuff3-
3
1323 libsmokektexteditor3
1331 libsmokeqtnetwork4-
3
1337 libsmokeqtuitools4-
3
1349 plasma-dataengines-addons
1350 plasma-scriptengine-superkaramba
1351 plasma-widget-lancelot
1352 plasma-widgets-addons
1353 plasma-widgets-workspace
1357 update-notifier-common
1358 </p
></blockquote
>
1360 <p
>Running apt-get autoremove made the results using apt-get and
1361 aptitude a bit more similar, but there are still quite a lott of
1362 differences. I have no idea what packages should be installed after
1363 the upgrade, but hope those that do can have a look.
</p
>
1368 <title>Migrating Xen virtual machines using LVM to KVM using disk images
</title>
1369 <link>http://people.skolelinux.org/pere/blog/Migrating_Xen_virtual_machines_using_LVM_to_KVM_using_disk_images.html
</link>
1370 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Migrating_Xen_virtual_machines_using_LVM_to_KVM_using_disk_images.html
</guid>
1371 <pubDate>Mon,
22 Nov
2010 11:
20:
00 +
0100</pubDate>
1372 <description><p
>Most of the computers in use by the
1373 <a href=
"http://www.skolelinux.org/
">Debian Edu/Skolelinux project
</a
>
1374 are virtual machines. And they have been Xen machines running on a
1375 fairly old IBM eserver xseries
345 machine, and we wanted to migrate
1376 them to KVM on a newer Dell PowerEdge
2950 host machine. This was a
1377 bit harder that it could have been, because we set up the Xen virtual
1378 machines to get the virtual partitions from LVM, which as far as I
1379 know is not supported by KVM. So to migrate, we had to convert
1380 several LVM logical volumes to partitions on a virtual disk file.
</p
>
1383 <a href=
"http://searchnetworking.techtarget.com.au/articles/
35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM
">a
1384 nice recipe
</a
> to do this, and wrote the following script to do the
1385 migration. It uses qemu-img from the qemu package to make the disk
1386 image, parted to partition it, losetup and kpartx to present the disk
1387 image partions as devices, and dd to copy the data. I NFS mounted the
1388 new servers storage area on the old server to do the migration.
</p
>
1394 # http://searchnetworking.techtarget.com.au/articles/
35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM
1399 if [ -z
"$
1" ] ; then
1400 echo
"Usage: $
0 &lt;hostname
&gt;
"
1406 if [ ! -e /dev/vg_data/$host-disk ] ; then
1407 echo
"error: unable to find LVM volume for $host
"
1411 # Partitions need to be a bit bigger than the LVM LVs. not sure why.
1412 disksize=$( lvs --units m | grep $host-disk | awk
'{sum = sum + $
4} END { print int(sum *
1.05) }
')
1413 swapsize=$( lvs --units m | grep $host-swap | awk
'{sum = sum + $
4} END { print int(sum *
1.05) }
')
1414 totalsize=$(( ( $disksize + $swapsize ) ))
1417 #dd if=/dev/zero of=$img bs=
1M count=$(( $disksize + $swapsize ))
1418 qemu-img create $img ${totalsize}MMaking room on the Debian Edu/Sqeeze DVD
1420 parted $img mklabel msdos
1421 parted $img mkpart primary linux-swap
0 $disksize
1422 parted $img mkpart primary ext2 $disksize $totalsize
1423 parted $img set
1 boot on
1426 losetup /dev/loop0 $img
1427 kpartx -a /dev/loop0
1429 dd if=/dev/vg_data/$host-disk of=/dev/mapper/loop0p1 bs=
1M
1430 fsck.ext3 -f /dev/mapper/loop0p1 || true
1431 mkswap /dev/mapper/loop0p2
1433 kpartx -d /dev/loop0
1434 losetup -d /dev/loop0
1437 <p
>The script is perhaps so simple that it is not copyrightable, but
1438 if it is, it is licenced using GPL v2 or later at your discretion.
</p
>
1440 <p
>After doing this, I booted a Debian CD in rescue mode in KVM with
1441 the new disk image attached, installed grub-pc and linux-image-
686 and
1442 set up grub to boot from the disk image. After this, the KVM machines
1443 seem to work just fine.
</p
>
1448 <title>Lenny-
>Squeeze upgrades, apt vs aptitude with the Gnome and KDE desktop
</title>
1449 <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_and_KDE_desktop.html
</link>
1450 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_and_KDE_desktop.html
</guid>
1451 <pubDate>Sat,
20 Nov
2010 22:
50:
00 +
0100</pubDate>
1452 <description><p
>I
'm still running upgrade testing of the
1453 <a href=
"http://people.skolelinux.org/~pere/debian-upgrade-testing/
">Lenny
1454 Gnome and KDE Desktop
</a
>, but have not had time to spend on reporting the
1455 status. Here is a short update based on a test I ran
20101118.
</p
>
1457 <p
>I still do not know what a correct migration should look like, so I
1458 report any differences between apt and aptitude and hope someone else
1459 can see if anything should be changed.
</p
>
1461 <p
>This is for Gnome:
</p
>
1463 <p
>Installed using apt-get, missing with aptitude
</p
>
1465 <blockquote
><p
>
1466 apache2.2-bin aptdaemon at-spi baobab binfmt-support
1467 browser-plugin-gnash cheese-common cli-common cpp-
4.3 cups-pk-helper
1468 dmz-cursor-theme empathy empathy-common finger
1469 freedesktop-sound-theme freeglut3 gconf-defaults-service gdm-themes
1470 gedit-plugins geoclue geoclue-hostip geoclue-localnet geoclue-manual
1471 geoclue-yahoo gnash gnash-common gnome gnome-backgrounds
1472 gnome-cards-data gnome-codec-install gnome-core
1473 gnome-desktop-environment gnome-disk-utility gnome-screenshot
1474 gnome-search-tool gnome-session-canberra gnome-spell
1475 gnome-system-log gnome-themes-extras gnome-themes-more
1476 gnome-user-share gs-common gstreamer0.10-fluendo-mp3
1477 gstreamer0.10-tools gtk2-engines gtk2-engines-pixbuf
1478 gtk2-engines-smooth hal-info hamster-applet libapache2-mod-dnssd
1479 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap
1480 libart2.0-cil libatspi1.0-
0 libboost-date-time1.42
.0
1481 libboost-python1.42
.0 libboost-thread1.42
.0 libchamplain-
0.4-
0
1482 libchamplain-gtk-
0.4-
0 libcheese-gtk18 libclutter-gtk-
0.10-
0
1483 libcryptui0 libcupsys2 libdiscid0 libeel2-data libelf1 libepc-
1.0-
2
1484 libepc-common libepc-ui-
1.0-
2 libfreerdp-plugins-standard
1485 libfreerdp0 libgail-common libgconf2.0-cil libgdata-common libgdata7
1486 libgdl-
1-common libgdu-gtk0 libgee2 libgeoclue0 libgexiv2-
0 libgif4
1487 libglade2.0-cil libglib2.0-cil libgmime2.4-cil libgnome-vfs2.0-cil
1488 libgnome2.24-cil libgnomepanel2.24-cil libgnomeprint2.2-data
1489 libgnomeprintui2.2-common libgnomevfs2-bin libgpod-common libgpod4
1490 libgtk2.0-cil libgtkglext1 libgtksourceview-common
1491 libgtksourceview2.0-common libmono-addins-gui0.2-cil
1492 libmono-addins0.2-cil libmono-cairo2.0-cil libmono-corlib2.0-cil
1493 libmono-i18n-west2.0-cil libmono-posix2.0-cil
1494 libmono-security2.0-cil libmono-sharpzip2.84-cil
1495 libmono-system2.0-cil libmtp8 libmusicbrainz3-
6
1496 libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libopal3.6
.8
1497 libpolkit-gtk-
1-
0 libpt-
1.10.10-plugins-alsa
1498 libpt-
1.10.10-plugins-v4l libpt2.6
.7 libpython2.6 librpm1 librpmio1
1499 libsdl1.2debian libservlet2.4-java libsrtp0 libssh-
4
1500 libtelepathy-farsight0 libtelepathy-glib0 libtidy-
0.99-
0
1501 libxalan2-java libxerces2-java media-player-info mesa-utils
1502 mono-
2.0-gac mono-gac mono-runtime nautilus-sendto
1503 nautilus-sendto-empathy openoffice.org-writer2latex
1504 openssl-blacklist p7zip p7zip-full pkg-config python-
4suite-xml
1505 python-aptdaemon python-aptdaemon-gtk python-axiom
1506 python-beautifulsoup python-bugbuddy python-clientform
1507 python-coherence python-configobj python-crypto python-cupshelpers
1508 python-cupsutils python-eggtrayicon python-elementtree
1509 python-epsilon python-evolution python-feedparser python-gdata
1510 python-gdbm python-gst0.10 python-gtkglext1 python-gtkmozembed
1511 python-gtksourceview2 python-httplib2 python-louie python-mako
1512 python-markupsafe python-mechanize python-nevow python-notify
1513 python-opengl python-openssl python-pam python-pkg-resources
1514 python-pyasn1 python-pysqlite2 python-rdflib python-serial
1515 python-tagpy python-twisted-bin python-twisted-conch
1516 python-twisted-core python-twisted-web python-utidylib python-webkit
1517 python-xdg python-zope.interface remmina remmina-plugin-data
1518 remmina-plugin-rdp remmina-plugin-vnc rhythmbox-plugin-cdrecorder
1519 rhythmbox-plugins rpm-common rpm2cpio seahorse-plugins shotwell
1520 software-center svgalibg1 system-config-printer-udev
1521 telepathy-gabble telepathy-mission-control-
5 telepathy-salut tomboy
1522 totem totem-coherence totem-mozilla totem-plugins
1523 transmission-common xdg-user-dirs xdg-user-dirs-gtk xserver-xephyr
1525 </p
></blockquote
>
1527 Installed using apt-get, removed with aptitude
1529 <blockquote
><p
>
1530 arj bluez-utils cheese dhcdbd djvulibre-desktop ekiga eog
1531 epiphany-extensions epiphany-gecko evolution-exchange
1532 fast-user-switch-applet file-roller gcalctool gconf-editor gdm gedit
1533 gedit-common gnome-app-install gnome-games gnome-games-data
1534 gnome-nettool gnome-system-tools gnome-themes gnome-utils
1535 gnome-vfs-obexftp gnome-volume-manager gnuchess gucharmap
1536 guile-
1.8-libs hal libavahi-compat-libdnssd1 libavahi-core5
1537 libavahi-ui0 libbind9-
50 libbluetooth2 libcamel1.2-
11 libcdio7
1538 libcucul0 libcurl3 libdirectfb-
1.0-
0 libdmx1 libdvdread3
1539 libedata-cal1.2-
6 libedataserver1.2-
9 libeel2-
2.20 libepc-
1.0-
1
1540 libepc-ui-
1.0-
1 libexchange-storage1.2-
3 libfaad0 libgadu3
1541 libgalago3 libgd2-noxpm libgda3-
3 libgda3-common libggz2 libggzcore9
1542 libggzmod4 libgksu1.2-
0 libgksuui1.0-
1 libgmyth0 libgnome-desktop-
2
1543 libgnome-pilot2 libgnomecups1.0-
1 libgnomeprint2.2-
0
1544 libgnomeprintui2.2-
0 libgpod3 libgraphviz4 libgtk-vnc-
1.0-
0
1545 libgtkhtml2-
0 libgtksourceview1.0-
0 libgtksourceview2.0-
0
1546 libgucharmap6 libhesiod0 libicu38 libisccc50 libisccfg50 libiw29
1547 libjaxp1.3-java-gcj libkpathsea4 liblircclient0 libltdl3 liblwres50
1548 libmagick++
10 libmagick10 libmalaga7 libmozjs1d libmpfr1ldbl libmtp7
1549 libmysqlclient15off libnautilus-burn4 libneon27 libnm-glib0
1550 libnm-util0 libopal-
2.2 libosp5 libparted1.8-
10 libpisock9
1551 libpisync1 libpoppler-glib3 libpoppler3 libpt-
1.10.10 libraw1394-
8
1552 libsdl1.2debian-alsa libsensors3 libsexy2 libsmbios2 libsoup2.2-
8
1553 libspeexdsp1 libssh2-
1 libsuitesparse-
3.1.0 libsvga1
1554 libswfdec-
0.6-
90 libtalloc1 libtotem-plparser10 libtrackerclient0
1555 libvoikko1 libxalan2-java-gcj libxerces2-java-gcj libxklavier12
1556 libxtrap6 libxxf86misc1 libzephyr3 mysql-common rhythmbox seahorse
1557 sound-juicer swfdec-gnome system-config-printer totem-common
1558 totem-gstreamer transmission-gtk vinagre vino w3c-dtd-xhtml wodim
1559 </p
></blockquote
>
1561 <p
>Installed using aptitude, missing with apt-get
</p
>
1563 <blockquote
><p
>
1564 gstreamer0.10-gnomevfs
1565 </p
></blockquote
>
1567 <p
>Installed using aptitude, removed with apt-get
</p
>
1569 <blockquote
><p
>
1571 </p
></blockquote
>
1573 <p
>This is for KDE:
</p
>
1575 <p
>Installed using apt-get, missing with aptitude
</p
>
1577 <blockquote
><p
>
1578 autopoint bomber bovo cantor cantor-backend-kalgebra cpp-
4.3 dcoprss
1579 edict espeak espeak-data eyesapplet fifteenapplet finger gettext
1580 ghostscript-x git gnome-audio gnugo granatier gs-common
1581 gstreamer0.10-pulseaudio indi kaddressbook-plugins kalgebra
1582 kalzium-data kanjidic kapman kate-plugins kblocks kbreakout kbstate
1583 kde-icons-mono kdeaccessibility kdeaddons-kfile-plugins
1584 kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
1585 kdeedu kdeedu-data kdeedu-kvtml-data kdegames kdegames-card-data
1586 kdegames-mahjongg-data kdegraphics-kfile-plugins kdelirc
1587 kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
1588 kdepim-kfile-plugins kdepim-kio-plugins kdessh kdetoys kdewebdev
1589 kdiamond kdnssd kfilereplace kfourinline kgeography-data kigo
1590 killbots kiriki klettres-data kmoon kmrml knewsticker-scripts
1591 kollision kpf krosspython ksirk ksmserver ksquares kstars-data
1592 ksudoku kubrick kweather libasound2-plugins libboost-python1.42
.0
1593 libcfitsio3 libconvert-binhex-perl libcrypt-ssleay-perl libdb4.6++
1594 libdjvulibre-text libdotconf1.0 liberror-perl libespeak1
1595 libfinance-quote-perl libgail-common libgsl0ldbl libhtml-parser-perl
1596 libhtml-tableextract-perl libhtml-tagset-perl libhtml-tree-perl
1597 libio-stringy-perl libkdeedu4 libkdegames5 libkiten4 libkpathsea5
1598 libkrossui4 libmailtools-perl libmime-tools-perl
1599 libnews-nntpclient-perl libopenbabel3 libportaudio2 libpulse-browse0
1600 libservlet2.4-java libspeechd2 libtiff-tools libtimedate-perl
1601 libunistring0 liburi-perl libwww-perl libxalan2-java libxerces2-java
1602 lirc luatex marble networkstatus noatun-plugins
1603 openoffice.org-writer2latex palapeli palapeli-data parley
1604 parley-data poster psutils pulseaudio pulseaudio-esound-compat
1605 pulseaudio-module-x11 pulseaudio-utils quanta-data rocs rsync
1606 speech-dispatcher step svgalibg1 texlive-binaries texlive-luatex
1608 </p
></blockquote
>
1610 <p
>Installed using apt-get, removed with aptitude
</p
>
1612 <blockquote
><p
>
1613 amor artsbuilder atlantik atlantikdesigner blinken bluez-utils cvs
1614 dhcdbd djvulibre-desktop imlib-base imlib11 kalzium kanagram kandy
1615 kasteroids katomic kbackgammon kbattleship kblackbox kbounce kbruch
1616 kcron kdat kdemultimedia-kappfinder-data kdeprint kdict kdvi kedit
1617 keduca kenolaba kfax kfaxview kfouleggs kgeography kghostview
1618 kgoldrunner khangman khexedit kiconedit kig kimagemapeditor
1619 kitchensync kiten kjumpingcube klatin klettres klickety klines
1620 klinkstatus kmag kmahjongg kmailcvt kmenuedit kmid kmilo kmines
1621 kmousetool kmouth kmplot knetwalk kodo kolf kommander konquest kooka
1622 kpager kpat kpdf kpercentage kpilot kpoker kpovmodeler krec
1623 kregexpeditor kreversi ksame ksayit kshisen ksig ksim ksirc ksirtet
1624 ksmiletris ksnake ksokoban kspaceduel kstars ksvg ksysv kteatime
1625 ktip ktnef ktouch ktron kttsd ktuberling kturtle ktux kuickshow
1626 kverbos kview kviewshell kvoctrain kwifimanager kwin kwin4 kwordquiz
1627 kworldclock kxsldbg libakode2 libarts1-akode libarts1-audiofile
1628 libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
1629 libavahi-core5 libavc1394-
0 libbind9-
50 libbluetooth2
1630 libboost-python1.34
.1 libcucul0 libcurl3 libcvsservice0
1631 libdirectfb-
1.0-
0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
1632 libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-
0 libicu38
1633 libiec61883-
0 libindex0 libisccc50 libisccfg50 libiw29
1634 libjaxp1.3-java-gcj libk3b3 libkcal2b libkcddb1 libkdeedu3
1635 libkdegames1 libkdepim1a libkgantt0 libkleopatra1 libkmime2
1636 libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
1637 libksieve0 libktnef1 liblockdev1 libltdl3 liblwres50 libmagick10
1638 libmimelib1c2a libmodplug0c2 libmozjs1d libmpcdec3 libmpfr1ldbl
1639 libneon27 libnm-util0 libopensync0 libpisock9 libpoppler-glib3
1640 libpoppler-qt2 libpoppler3 libraw1394-
8 librss1 libsensors3
1641 libsmbios2 libssh2-
1 libsuitesparse-
3.1.0 libswfdec-
0.6-
90
1642 libtalloc1 libxalan2-java-gcj libxerces2-java-gcj libxtrap6 lskat
1643 mpeglib network-manager-kde noatun pmount tex-common texlive-base
1644 texlive-common texlive-doc-base texlive-fonts-recommended tidy
1645 ttf-dustin ttf-kochi-gothic ttf-sjfonts
1646 </p
></blockquote
>
1648 <p
>Installed using aptitude, missing with apt-get
</p
>
1650 <blockquote
><p
>
1651 dolphin kde-core kde-plasma-desktop kde-standard kde-window-manager
1652 kdeartwork kdebase kdebase-apps kdebase-workspace
1653 kdebase-workspace-bin kdebase-workspace-data kdeutils kscreensaver
1654 kscreensaver-xsavers libgle3 libkonq5 libkonq5-templates libnetpbm10
1655 netpbm plasma-widget-folderview plasma-widget-networkmanagement
1656 xscreensaver-data-extra xscreensaver-gl xscreensaver-gl-extra
1657 xscreensaver-screensaver-bsod
1658 </p
></blockquote
>
1660 <p
>Installed using aptitude, removed with apt-get
</p
>
1662 <blockquote
><p
>
1663 kdebase-bin konq-plugins konqueror
1664 </p
></blockquote
>
1669 <title>Gnash buildbot slave and Debian kfreebsd
</title>
1670 <link>http://people.skolelinux.org/pere/blog/Gnash_buildbot_slave_and_Debian_kfreebsd.html
</link>
1671 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Gnash_buildbot_slave_and_Debian_kfreebsd.html
</guid>
1672 <pubDate>Sat,
20 Nov
2010 07:
20:
00 +
0100</pubDate>
1673 <description><p
>Answering
1674 <a href=
"http://www.listware.net/
201011/gnash-dev/
67431-gnash-dev-buildbot-looking-for-slaves.html
">the
1675 call from the Gnash project
</a
> for
1676 <a href=
"http://www.gnashdev.org:
8010">buildbot
</a
> slaves to test the
1677 current source, I have set up a virtual KVM machine on the Debian
1678 Edu/Skolelinux virtualization host to test the git source on
1679 Debian/Squeeze. I hope this can help the developers in getting new
1680 releases out more often.
</p
>
1682 <p
>As the developers want less main-stream build platforms tested to,
1683 I have considered setting up a
<a
1684 href=
"http://www.debian.org/ports/kfreebsd-gnu/
">Debian/kfreebsd
</a
>
1685 machine as well. I have also considered using the kfreebsd
1686 architecture in Debian as a file server in NUUG to get access to the
5
1687 TB zfs volume we currently use to store DV video. Because of this, I
1688 finally got around to do a test installation of Debian/Squeeze with
1689 kfreebsd. Installation went fairly smooth, thought I noticed some
1690 visual glitches in the cdebconf dialogs (black cursor left on the
1691 screen at random locations). Have not gotten very far with the
1692 testing. Noticed cfdisk did not work, but fdisk did so it was not a
1693 fatal problem. Have to spend some more time on it to see if it is
1694 useful as a file server for NUUG. Will try to find time to set up a
1695 gnash buildbot slave on the Debian Edu/Skolelinux this weekend.
</p
>
1700 <title>Debian in
3D
</title>
1701 <link>http://people.skolelinux.org/pere/blog/Debian_in_3D.html
</link>
1702 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_in_3D.html
</guid>
1703 <pubDate>Tue,
9 Nov
2010 16:
10:
00 +
0100</pubDate>
1704 <description><p
><img src=
"http://thingiverse-production.s3.amazonaws.com/renders/
23/e0/c4/f9/
2b/debswagtdose_preview_medium.jpg
"></p
>
1706 <p
>3D printing is just great. I just came across this Debian logo in
1708 <a href=
"http://blog.thingiverse.com/
2010/
11/
09/participatory-branding/
">the
1709 thingiverse blog
</a
>.
</p
>
1714 <title>Software updates
2010-
10-
24</title>
1715 <link>http://people.skolelinux.org/pere/blog/Software_updates_2010_10_24.html
</link>
1716 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Software_updates_2010_10_24.html
</guid>
1717 <pubDate>Sun,
24 Oct
2010 22:
45:
00 +
0200</pubDate>
1718 <description><p
>Some updates.
</p
>
1720 <p
>My
<a href=
"http://pledgebank.com/gnash-avm2
">gnash pledge
</a
> to
1721 raise money for the project is going well. The lower limit of
10
1722 signers was reached in
24 hours, and so far
13 people have signed it.
1723 More signers and more funding is most welcome, and I am really curious
1724 how far we can get before the time limit of December
24 is reached.
1727 <p
>On the #gnash IRC channel on irc.freenode.net, I was just tipped
1728 about what appear to be a great code coverage tool capable of
1729 generating code coverage stats without any changes to the source code.
1731 <a href=
"http://simonkagstrom.github.com/kcov/index.html
">kcov
</a
>,
1732 and can be used using
<tt
>kcov
&lt;directory
&gt;
&lt;binary
&gt;
</tt
>.
1733 It is missing in Debian, but the git source built just fine in Squeeze
1734 after I installed libelf-dev, libdwarf-dev, pkg-config and
1735 libglib2.0-dev. Failed to build in Lenny, but suspect that is
1736 solvable. I hope kcov make it into Debian soon.
</p
>
1738 <p
>Finally found time to wrap up the release notes for
<a
1739 href=
"http://lists.debian.org/debian-edu-announce/
2010/
10/msg00002.html
">a
1740 new alpha release of Debian Edu
</a
>, and just published the second
1741 alpha test release of the Squeeze based Debian Edu /
1742 <a href=
"http://www.skolelinux.org/
">Skolelinux
</a
>
1743 release. Give it a try if you need a complete linux solution for your
1744 school, including central infrastructure server, workstations, thin
1745 client servers and diskless workstations. A nice touch added
1746 yesterday is RDP support on the thin client servers, for windows
1747 clients to get a Linux desktop on request.
</p
>
1752 <title>Some notes on Flash in Debian and Debian Edu
</title>
1753 <link>http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html
</link>
1754 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html
</guid>
1755 <pubDate>Sat,
4 Sep
2010 10:
10:
00 +
0200</pubDate>
1756 <description><p
>In the
<a href=
"http://popcon.debian.org/unknown/by_vote
">Debian
1757 popularity-contest numbers
</a
>, the adobe-flashplugin package the
1758 second most popular used package that is missing in Debian. The sixth
1759 most popular is flashplayer-mozilla. This is a clear indication that
1760 working flash is important for Debian users. Around
10 percent of the
1761 users submitting data to popcon.debian.org have this package
1762 installed.
</p
>
1764 <p
>In the report written by Lars Risan in August
2008
1765 («
<a href=
"http://wiki.skolelinux.no/Dokumentasjon/Rapporter?action=AttachFile
&do=view
&target=Skolelinux_i_bruk_rapport_1.0.pdf
">Skolelinux
1766 i bruk – Rapport for Hurum kommune, Universitetet i Agder og
1767 stiftelsen SLX Debian Labs
</a
>»), one of the most important problems
1768 schools experienced with
<a href=
"http://www.skolelinux.org/
">Debian
1769 Edu/Skolelinux
</a
> was the lack of working Flash. A lot of educational
1770 web sites require Flash to work, and lacking working Flash support in
1771 the web browser and the problems with installing it was perceived as a
1772 good reason to stay with Windows.
</p
>
1774 <p
>I once saw a funny and sad comment in a web forum, where Linux was
1775 said to be the retarded cousin that did not really understand
1776 everything you told him but could work fairly well. This was a
1777 comment regarding the problems Linux have with proprietary formats and
1778 non-standard web pages, and is sad because it exposes a fairly common
1779 understanding of whose fault it is if web pages that only work in for
1780 example Internet Explorer
6 fail to work on Firefox, and funny because
1781 it explain very well how annoying it is for users when Linux
1782 distributions do not work with the documents they receive or the web
1783 pages they want to visit.
</p
>
1785 <p
>This is part of the reason why I believe it is important for Debian
1786 and Debian Edu to have a well working Flash implementation in the
1787 distribution, to get at least popular sites as Youtube and Google
1788 Video to working out of the box. For Squeeze, Debian have the chance
1789 to include the latest version of Gnash that will make this happen, as
1790 the new release
0.8.8 was published a few weeks ago and is resting in
1791 unstable. The new version work with more sites that version
0.8.7.
1792 The Gnash maintainers have asked for a freeze exception, but the
1793 release team have not had time to reply to it yet. I hope they agree
1794 with me that Flash is important for the Debian desktop users, and thus
1795 accept the new package into Squeeze.
</p
>
1800 <title>Circular package dependencies harms apt recovery
</title>
1801 <link>http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html
</link>
1802 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html
</guid>
1803 <pubDate>Tue,
27 Jul
2010 23:
50:
00 +
0200</pubDate>
1804 <description><p
>I discovered this while doing
1805 <a href=
"http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
">automated
1806 testing of upgrades from Debian Lenny to Squeeze
</a
>. A few packages
1807 in Debian still got circular dependencies, and it is often claimed
1808 that apt and aptitude should be able to handle this just fine, but
1809 some times these dependency loops causes apt to fail.
</p
>
1811 <p
>An example is from todays
1812 <a href=
"http://people.skolelinux.org/~pere/debian-upgrade-testing//test-
20100727-lenny-squeeze-kde-aptitude.txt
">upgrade
1813 of KDE using aptitude
</a
>. In it, a bug in kdebase-workspace-data
1814 causes perl-modules to fail to upgrade. The cause is simple. If a
1815 package fail to unpack, then only part of packages with the circular
1816 dependency might end up being unpacked when unpacking aborts, and the
1817 ones already unpacked will fail to configure in the recovery phase
1818 because its dependencies are unavailable.
</p
>
1820 <p
>In this log, the problem manifest itself with this error:
</p
>
1822 <blockquote
><pre
>
1823 dpkg: dependency problems prevent configuration of perl-modules:
1824 perl-modules depends on perl (
>=
5.10.1-
1); however:
1825 Version of perl on system is
5.10.0-
19lenny
2.
1826 dpkg: error processing perl-modules (--configure):
1827 dependency problems - leaving unconfigured
1828 </pre
></blockquote
>
1830 <p
>The perl/perl-modules circular dependency is already
1831 <a href=
"http://bugs.debian.org/
527917">reported as a bug
</a
>, and will
1832 hopefully be solved as soon as possible, but it is not the only one,
1833 and each one of these loops in the dependency tree can cause similar
1834 failures. Of course, they only occur when there are bugs in other
1835 packages causing the unpacking to fail, but it is rather nasty when
1836 the failure of one package causes the problem to become worse because
1837 of dependency loops.
</p
>
1840 <a href=
"http://lists.debian.org/debian-devel/
2010/
06/msg00116.html
">the
1841 tireless effort by Bill Allombert
</a
>, the number of circular
1843 <a href=
"http://debian.semistable.com/debgraph.out.html
">left in Debian
1844 is dropping
</a
>, and perhaps it will reach zero one day. :)
</p
>
1846 <p
>Todays testing also exposed a bug in
1847 <a href=
"http://bugs.debian.org/
590605">update-notifier
</a
> and
1848 <a href=
"http://bugs.debian.org/
590604">different behaviour
</a
> between
1849 apt-get and aptitude, the latter possibly caused by some circular
1850 dependency. Reported both to BTS to try to get someone to look at
1856 <title>What are they searching for - PowerDNS and ISC DHCP in LDAP
</title>
1857 <link>http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html
</link>
1858 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html
</guid>
1859 <pubDate>Sat,
17 Jul
2010 21:
00:
00 +
0200</pubDate>
1860 <description><p
>This is a
1861 <a href=
"http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
">followup
</a
>
1863 <a href=
"http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html
">previous
1865 <a href=
"http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
">merging
1866 all
</a
> the computer related LDAP objects in Debian Edu.
</p
>
1868 <p
>As a step to try to see if it possible to merge the DNS and DHCP
1869 LDAP objects, I have had a look at how the packages pdns-backend-ldap
1870 and dhcp3-server-ldap in Debian use the LDAP server. The two
1871 implementations are quite different in how they use LDAP.
</p
>
1873 To get this information, I started slapd with debugging enabled and
1874 dumped the debug output to a file to get the LDAP searches performed
1875 on a Debian Edu main-server. Here is a summary.
1877 <p
><strong
>powerdns
</strong
></p
>
1879 <a href=
"http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend
">Clues
1880 on how to
</a
> set up PowerDNS to use a LDAP backend is available on
1883 <p
>PowerDNS have two modes of operation using LDAP as its backend.
1884 One
"strict
" mode where the forward and reverse DNS lookups are done
1885 using the same LDAP objects, and a
"tree
" mode where the forward and
1886 reverse entries are in two different subtrees in LDAP with a structure
1887 based on the DNS names, as in tjener.intern and
1888 2.2.0.10.in-addr.arpa.
</p
>
1890 <p
>In tree mode, the server is set up to use a LDAP subtree as its
1891 base, and uses a
"base
" scoped search for the DNS name by adding
1892 "dc=tjener,dc=intern,
" to the base with a filter for
1893 "(associateddomain=tjener.intern)
" for the forward entry and
1894 "dc=
2,dc=
2,dc=
0,dc=
10,dc=in-addr,dc=arpa,
" with a filter for
1895 "(associateddomain=
2.2.0.10.in-addr.arpa)
" for the reverse entry. For
1896 forward entries, it is looking for attributes named dnsttl, arecord,
1897 nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord,
1898 txtrecord, rprecord, afsdbrecord, keyrecord, aaaarecord, locrecord,
1899 srvrecord, naptrrecord, kxrecord, certrecord, dsrecord, sshfprecord,
1900 ipseckeyrecord, rrsigrecord, nsecrecord, dnskeyrecord, dhcidrecord,
1901 spfrecord and modifytimestamp. For reverse entries it is looking for
1902 the attributes dnsttl, arecord, nsrecord, cnamerecord, soarecord,
1903 ptrrecord, hinforecord, mxrecord, txtrecord, rprecord, aaaarecord,
1904 locrecord, srvrecord, naptrrecord and modifytimestamp. The equivalent
1905 ldapsearch commands could look like this:
</p
>
1907 <blockquote
><pre
>
1908 ldapsearch -h ldap \
1909 -b dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no \
1910 -s base -x
'(associateddomain=tjener.intern)
' dNSTTL aRecord nSRecord \
1911 cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
1912 rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
1913 nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
1914 rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
1916 ldapsearch -h ldap \
1917 -b dc=
2,dc=
2,dc=
0,dc=
10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no \
1918 -s base -x
'(associateddomain=
2.2.0.10.in-addr.arpa)
'
1919 dnsttl, arecord, nsrecord, cnamerecord soarecord ptrrecord \
1920 hinforecord mxrecord txtrecord rprecord aaaarecord locrecord \
1921 srvrecord naptrrecord modifytimestamp
1922 </pre
></blockquote
>
1924 <p
>In Debian Edu/Lenny, the PowerDNS tree mode is used with
1925 ou=hosts,dc=skole,dc=skolelinux,dc=no as the base, and these are two
1926 example LDAP objects used there. In addition to these objects, the
1927 parent objects all th way up to ou=hosts,dc=skole,dc=skolelinux,dc=no
1928 also exist.
</p
>
1930 <blockquote
><pre
>
1931 dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
1933 objectclass: dnsdomain
1934 objectclass: domainrelatedobject
1937 associateddomain: tjener.intern
1939 dn: dc=
2,dc=
2,dc=
0,dc=
10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
1941 objectclass: dnsdomain2
1942 objectclass: domainrelatedobject
1944 ptrrecord: tjener.intern
1945 associateddomain:
2.2.0.10.in-addr.arpa
1946 </pre
></blockquote
>
1948 <p
>In strict mode, the server behaves differently. When looking for
1949 forward DNS entries, it is doing a
"subtree
" scoped search with the
1950 same base as in the tree mode for a object with filter
1951 "(associateddomain=tjener.intern)
" and requests the attributes dnsttl,
1952 arecord, nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord,
1953 mxrecord, txtrecord, rprecord, aaaarecord, locrecord, srvrecord,
1954 naptrrecord and modifytimestamp. For reverse entires it also do a
1955 subtree scoped search but this time the filter is
"(arecord=
10.0.2.2)
"
1956 and the requested attributes are associateddomain, dnsttl and
1957 modifytimestamp. In short, in strict mode the objects with ptrrecord
1958 go away, and the arecord attribute in the forward object is used
1961 <p
>The forward and reverse searches can be simulated using ldapsearch
1962 like this:
</p
>
1964 <blockquote
><pre
>
1965 ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
1966 '(associateddomain=tjener.intern)
' dNSTTL aRecord nSRecord \
1967 cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
1968 rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
1969 nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
1970 rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
1972 ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
1973 '(arecord=
10.0.2.2)
' associateddomain dnsttl modifytimestamp
1974 </pre
></blockquote
>
1976 <p
>In addition to the forward and reverse searches , there is also a
1977 search for SOA records, which behave similar to the forward and
1978 reverse lookups.
</p
>
1980 <p
>A thing to note with the PowerDNS behaviour is that it do not
1981 specify any objectclass names, and instead look for the attributes it
1982 need to generate a DNS reply. This make it able to work with any
1983 objectclass that provide the needed attributes.
</p
>
1985 <p
>The attributes are normally provided in the cosine (RFC
1274) and
1986 dnsdomain2 schemas. The latter is used for reverse entries like
1987 ptrrecord and recent DNS additions like aaaarecord and srvrecord.
</p
>
1989 <p
>In Debian Edu, we have created DNS objects using the object classes
1990 dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
1991 attributes) and domainrelatedobject (for associatedDomain). The use
1992 of structural object classes make it impossible to combine these
1993 classes with the object classes used by DHCP.
</p
>
1995 <p
>There are other schemas that could be used too, for example the
1996 dnszone structural object class used by Gosa and bind-sdb for the DNS
1997 attributes combined with the domainrelatedobject object class, but in
1998 this case some unused attributes would have to be included as well
1999 (zonename and relativedomainname).
</p
>
2001 <p
>My proposal for Debian Edu would be to switch PowerDNS to strict
2002 mode and not use any of the existing objectclasses (dnsdomain,
2003 dnsdomain2 and dnszone) when one want to combine the DNS information
2004 with DHCP information, and instead create a auxiliary object class
2005 defined something like this (using the attributes defined for
2006 dnsdomain and dnsdomain2 or dnszone):
</p
>
2008 <blockquote
><pre
>
2009 objectclass ( some-oid NAME
'dnsDomainAux
'
2012 MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
2013 DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
2014 TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
2015 NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
2016 A6Record $ DNAMERecord
2018 </pre
></blockquote
>
2020 <p
>This will allow any object to become a DNS entry when combined with
2021 the domainrelatedobject object class, and allow any entity to include
2022 all the attributes PowerDNS wants. I
've sent an email to the PowerDNS
2023 developers asking for their view on this schema and if they are
2024 interested in providing such schema with PowerDNS, and I hope my
2025 message will be accepted into their mailing list soon.
</p
>
2027 <p
><strong
>ISC dhcp
</strong
></p
>
2029 <p
>The DHCP server searches for specific objectclass and requests all
2030 the object attributes, and then uses the attributes it want. This
2031 make it harder to figure out exactly what attributes are used, but
2032 thanks to the working example in Debian Edu I can at least get an idea
2033 what is needed without having to read the source code.
</p
>
2035 <p
>In the DHCP server configuration, the LDAP base to use and the
2036 search filter to use to locate the correct dhcpServer entity is
2037 stored. These are the relevant entries from
2038 /etc/dhcp3/dhcpd.conf:
</p
>
2040 <blockquote
><pre
>
2041 ldap-base-dn
"dc=skole,dc=skolelinux,dc=no
";
2042 ldap-dhcp-server-cn
"dhcp
";
2043 </pre
></blockquote
>
2045 <p
>The DHCP server uses this information to nest all the DHCP
2046 configuration it need. The cn
"dhcp
" is located using the given LDAP
2047 base and the filter
"(
&(objectClass=dhcpServer)(cn=dhcp))
". The
2048 search result is this entry:
</p
>
2050 <blockquote
><pre
>
2051 dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
2054 objectClass: dhcpServer
2055 dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
2056 </pre
></blockquote
>
2058 <p
>The content of the dhcpServiceDN attribute is next used to locate the
2059 subtree with DHCP configuration. The DHCP configuration subtree base
2060 is located using a base scope search with base
"cn=DHCP
2061 Config,dc=skole,dc=skolelinux,dc=no
" and filter
2062 "(
&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))
".
2063 The search result is this entry:
</p
>
2065 <blockquote
><pre
>
2066 dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
2069 objectClass: dhcpService
2070 objectClass: dhcpOptions
2071 dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
2072 dhcpStatements: ddns-update-style none
2073 dhcpStatements: authoritative
2074 dhcpOption: smtp-server code
69 = array of ip-address
2075 dhcpOption: www-server code
72 = array of ip-address
2076 dhcpOption: wpad-url code
252 = text
2077 </pre
></blockquote
>
2079 <p
>Next, the entire subtree is processed, one level at the time. When
2080 all the DHCP configuration is loaded, it is ready to receive requests.
2081 The subtree in Debian Edu contain objects with object classes
2082 top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
2083 top/dhcpSubnet, top/dhcpGroup and top/dhcpHost. These provide options
2084 and information about netmasks, dynamic range etc. Leaving out the
2085 details here because it is not relevant for the focus of my
2086 investigation, which is to see if it is possible to merge dns and dhcp
2087 related computer objects.
</p
>
2089 <p
>When a DHCP request come in, LDAP is searched for the MAC address
2090 of the client (
00:
00:
00:
00:
00:
00 in this example), using a subtree
2091 scoped search with
"cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
" as
2092 the base and
"(
&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
2093 00:
00:
00:
00:
00:
00))
" as the filter. This is what a host object look
2096 <blockquote
><pre
>
2097 dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
2100 objectClass: dhcpHost
2101 dhcpHWAddress: ethernet
00:
00:
00:
00:
00:
00
2102 dhcpStatements: fixed-address hostname
2103 </pre
></blockquote
>
2105 <p
>There is less flexiblity in the way LDAP searches are done here.
2106 The object classes need to have fixed names, and the configuration
2107 need to be stored in a fairly specific LDAP structure. On the
2108 positive side, the invidiual dhcpHost entires can be anywhere without
2109 the DN pointed to by the dhcpServer entries. The latter should make
2110 it possible to group all host entries in a subtree next to the
2111 configuration entries, and this subtree can also be shared with the
2112 DNS server if the schema proposed above is combined with the dhcpHost
2113 structural object class.
2115 <p
><strong
>Conclusion
</strong
></p
>
2117 <p
>The PowerDNS implementation seem to be very flexible when it come
2118 to which LDAP schemas to use. While its
"tree
" mode is rigid when it
2119 come to the the LDAP structure, the
"strict
" mode is very flexible,
2120 allowing DNS objects to be stored anywhere under the base cn specified
2121 in the configuration.
</p
>
2123 <p
>The DHCP implementation on the other hand is very inflexible, both
2124 regarding which LDAP schemas to use and which LDAP structure to use.
2125 I guess one could implement ones own schema, as long as the
2126 objectclasses and attributes have the names used, but this do not
2127 really help when the DHCP subtree need to have a fairly fixed
2128 structure.
</p
>
2130 <p
>Based on the observed behaviour, I suspect a LDAP structure like
2131 this might work for Debian Edu:
</p
>
2133 <blockquote
><pre
>
2135 cn=machine-info (dhcpService) - dhcpServiceDN points here
2136 cn=dhcp (dhcpServer)
2137 cn=dhcp-internal (dhcpSharedNetwork/dhcpOptions)
2138 cn=
10.0.2.0 (dhcpSubnet)
2139 cn=group1 (dhcpGroup/dhcpOptions)
2140 cn=dhcp-thinclients (dhcpSharedNetwork/dhcpOptions)
2141 cn=
192.168.0.0 (dhcpSubnet)
2142 cn=group1 (dhcpGroup/dhcpOptions)
2143 ou=machines - PowerDNS base points here
2144 cn=hostname (dhcpHost/domainrelatedobject/dnsDomainAux)
2145 </pre
></blockquote
>
2147 <P
>This is not tested yet. If the DHCP server require the dhcpHost
2148 entries to be in the dhcpGroup subtrees, the entries can be stored
2149 there instead of a common machines subtree, and the PowerDNS base
2150 would have to be moved one level up to the machine-info subtree.
</p
>
2152 <p
>The combined object under the machines subtree would look something
2153 like this:
</p
>
2155 <blockquote
><pre
>
2156 dn: dc=hostname,ou=machines,cn=machine-info,dc=skole,dc=skolelinux,dc=no
2159 objectClass: dhcpHost
2160 objectclass: domainrelatedobject
2161 objectclass: dnsDomainAux
2162 associateddomain: hostname.intern
2163 arecord:
10.11.12.13
2164 dhcpHWAddress: ethernet
00:
00:
00:
00:
00:
00
2165 dhcpStatements: fixed-address hostname.intern
2166 </pre
></blockquote
>
2168 </p
>One could even add the LTSP configuration associated with a given
2169 machine, as long as the required attributes are available in a
2170 auxiliary object class.
</p
>
2175 <title>Combining PowerDNS and ISC DHCP LDAP objects
</title>
2176 <link>http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
</link>
2177 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
</guid>
2178 <pubDate>Wed,
14 Jul
2010 23:
45:
00 +
0200</pubDate>
2179 <description><p
>For a while now, I have wanted to find a way to change the DNS and
2180 DHCP services in Debian Edu to use the same LDAP objects for a given
2181 computer, to avoid the possibility of having a inconsistent state for
2182 a computer in LDAP (as in DHCP but no DNS entry or the other way
2183 around) and make it easier to add computers to LDAP.
</p
>
2185 <p
>I
've looked at how powerdns and dhcpd is using LDAP, and using this
2186 information finally found a solution that seem to work.
</p
>
2188 <p
>The old setup required three LDAP objects for a given computer.
2189 One forward DNS entry, one reverse DNS entry and one DHCP entry. If
2190 we switch powerdns to use its strict LDAP method (ldap-method=strict
2191 in pdns-debian-edu.conf), the forward and reverse DNS entries are
2192 merged into one while making it impossible to transfer the reverse map
2193 to a slave DNS server.
</p
>
2195 <p
>If we also replace the object class used to get the DNS related
2196 attributes to one allowing these attributes to be combined with the
2197 dhcphost object class, we can merge the DNS and DHCP entries into one.
2198 I
've written such object class in the dnsdomainaux.schema file (need
2199 proper OIDs, but that is a minor issue), and tested the setup. It
2200 seem to work.
</p
>
2202 <p
>With this test setup in place, we can get away with one LDAP object
2203 for both DNS and DHCP, and even the LTSP configuration I suggested in
2204 an earlier email. The combined LDAP object will look something like
2207 <blockquote
><pre
>
2208 dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
2210 objectClass: dhcphost
2211 objectclass: domainrelatedobject
2212 objectclass: dnsdomainaux
2213 associateddomain: hostname.intern
2214 arecord:
10.11.12.13
2215 dhcphwaddress: ethernet
00:
00:
00:
00:
00:
00
2216 dhcpstatements: fixed-address hostname
2218 </pre
></blockquote
>
2220 <p
>The DNS server uses the associateddomain and arecord entries, while
2221 the DHCP server uses the dhcphwaddress and dhcpstatements entries
2222 before asking DNS to resolve the fixed-adddress. LTSP will use
2223 dhcphwaddress or associateddomain and the ldapconfig* attributes.
</p
>
2225 <p
>I am not yet sure if I can get the DHCP server to look for its
2226 dhcphost in a different location, to allow us to put the objects
2227 outside the
"DHCP Config
" subtree, but hope to figure out a way to do
2228 that. If I can
't figure out a way to do that, we can still get rid of
2229 the hosts subtree and move all its content into the DHCP Config tree
2230 (which probably should be renamed to be more related to the new
2231 content. I suspect cn=dnsdhcp,ou=services or something like that
2232 might be a good place to put it.
</p
>
2234 <p
>If you want to help out with implementing this for Debian Edu,
2235 please contact us on debian-edu@lists.debian.org.
</p
>
2240 <title>Idea for storing LTSP configuration in LDAP
</title>
2241 <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html
</link>
2242 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html
</guid>
2243 <pubDate>Sun,
11 Jul
2010 22:
00:
00 +
0200</pubDate>
2244 <description><p
>Vagrant mentioned on IRC today that ltsp_config now support
2245 sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
2246 clients, and that this can be used to fetch configuration from LDAP if
2247 Debian Edu choose to store configuration there.
</p
>
2249 <p
>Armed with this information, I got inspired and wrote a test module
2250 to get configuration from LDAP. The idea is to look up the MAC
2251 address of the client in LDAP, and look for attributes on the form
2252 ltspconfigsetting=value, and use this to export SETTING=value to the
2253 LTSP clients.
</p
>
2255 <p
>The goal is to be able to store the LTSP configuration attributes
2256 in a
"computer
" LDAP object used by both DNS and DHCP, and thus
2257 allowing us to store all information about a computer in one place.
</p
>
2259 <p
>This is a untested draft implementation, and I welcome feedback on
2260 this approach. A real LDAP schema for the ltspClientAux objectclass
2261 need to be written. Comments, suggestions, etc?
</p
>
2263 <blockquote
><pre
>
2264 # Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
2266 # Fetch LTSP client settings from LDAP based on MAC address
2268 # Uses ethernet address as stored in the dhcpHost objectclass using
2269 # the dhcpHWAddress attribute or ethernet address stored in the
2270 # ieee802Device objectclass with the macAddress attribute.
2272 # This module is written to be schema agnostic, and only depend on the
2273 # existence of attribute names.
2275 # The LTSP configuration variables are saved directly using a
2276 # ltspConfig prefix and uppercasing the rest of the attribute name.
2277 # To set the SERVER variable, set the ltspConfigServer attribute.
2279 # Some LDAP schema should be created with all the relevant
2280 # configuration settings. Something like this should work:
2282 # objectclass (
1.1.2.2 NAME
'ltspClientAux
'
2285 # MAY ( ltspConfigServer $ ltsConfigSound $ ... )
2287 LDAPSERVER=$(debian-edu-ldapserver)
2288 if [
"$LDAPSERVER
" ] ; then
2289 LDAPBASE=$(debian-edu-ldapserver -b)
2290 for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk
'{print $
5}
'|sort -u) ; do
2291 filter=
"(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))
"
2292 ldapsearch -h
"$LDAPSERVER
" -b
"$LDAPBASE
" -v -x
"$filter
" | \
2293 grep
'^ltspConfig
' | while read attr value ; do
2294 # Remove prefix and convert to upper case
2295 attr=$(echo $attr | sed
's/^ltspConfig//i
' | tr a-z A-Z)
2296 # bass value on to clients
2297 eval
"$attr=$value; export $attr
"
2301 </pre
></blockquote
>
2303 <p
>I
'm not sure this shell construction will work, because I suspect
2304 the while block might end up in a subshell causing the variables set
2305 there to not show up in ltsp-config, but if that is the case I am sure
2306 the code can be restructured to make sure the variables are passed on.
2307 I expect that can be solved with some testing. :)
</p
>
2309 <p
>If you want to help out with implementing this for Debian Edu,
2310 please contact us on debian-edu@lists.debian.org.
</p
>
2312 <p
>Update
2010-
07-
17: I am aware of another effort to store LTSP
2313 configuration in LDAP that was created around year
2000 by
2314 <a href=
"http://www.pcxperience.com/thinclient/documentation/ldap.html
">PC
2315 Xperience, Inc.,
2000</a
>. I found its
2316 <a href=
"http://people.redhat.com/alikins/ltsp/ldap/
">files
</a
> on a
2317 personal home page over at redhat.com.
</p
>
2322 <title>jXplorer, a very nice LDAP GUI
</title>
2323 <link>http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html
</link>
2324 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html
</guid>
2325 <pubDate>Fri,
9 Jul
2010 12:
55:
00 +
0200</pubDate>
2326 <description><p
>Since
2327 <a href=
"http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html
">my
2328 last post
</a
> about available LDAP tools in Debian, I was told about a
2329 LDAP GUI that is even better than luma. The java application
2330 <a href=
"http://jxplorer.org/
">jXplorer
</a
> is claimed to be capable of
2331 moving LDAP objects and subtrees using drag-and-drop, and can
2332 authenticate using Kerberos. I have only tested the Kerberos
2333 authentication, but do not have a LDAP setup allowing me to rewrite
2334 LDAP with my test user yet. It is
2335 <a href=
"http://packages.qa.debian.org/j/jxplorer.html
">available in
2336 Debian
</a
> testing and unstable at the moment. The only problem I
2337 have with it is how it handle errors. If something go wrong, its
2338 non-intuitive behaviour require me to go through some query work list
2339 and remove the failing query. Nothing big, but very annoying.
</p
>
2344 <title>Lenny-
>Squeeze upgrades, apt vs aptitude with the Gnome desktop
</title>
2345 <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html
</link>
2346 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html
</guid>
2347 <pubDate>Sat,
3 Jul
2010 23:
55:
00 +
0200</pubDate>
2348 <description><p
>Here is a short update on my
<a
2349 href=
"http://people.skolelinux.org/~pere/debian-upgrade-testing/
">my
2350 Debian Lenny-
>Squeeze upgrade testing
</a
>. Here is a summary of the
2351 difference for Gnome when it is upgraded by apt-get and aptitude. I
'm
2352 not reporting the status for KDE, because the upgrade crashes when
2353 aptitude try because of missing conflicts
2354 (
<a href=
"http://bugs.debian.org/
584861">#
584861</a
> and
2355 <a href=
"http://bugs.debian.org/
585716">#
585716</a
>).
</p
>
2357 <p
>At the end of the upgrade test script, dpkg -l is executed to get a
2358 complete list of the installed packages. Based on this I see these
2359 differences when I did a test run today. As usual, I do not really
2360 know what the correct set of packages would be, but thought it best to
2361 publish the difference.
</p
>
2363 <p
>Installed using apt-get, missing with aptitude
</p
>
2365 <blockquote
><p
>
2366 at-spi cpp-
4.3 finger gnome-spell gstreamer0.10-gnomevfs
2367 libatspi1.0-
0 libcupsys2 libeel2-data libgail-common libgdl-
1-common
2368 libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
2369 libgtksourceview-common libpt-
1.10.10-plugins-alsa
2370 libpt-
1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
2371 libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
2372 python-
4suite-xml python-eggtrayicon python-gtkhtml2
2373 python-gtkmozembed svgalibg1 xserver-xephyr zip
2374 </p
></blockquote
>
2376 <p
>Installed using apt-get, removed with aptitude
</p
>
2378 <blockquote
><p
>
2379 bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
2380 gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
2381 libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-
50
2382 libbluetooth2 libcamel1.2-
11 libcdio7 libcucul0 libcurl3
2383 libdirectfb-
1.0-
0 libdvdread3 libedata-cal1.2-
6 libedataserver1.2-
9
2384 libeel2-
2.20 libepc-
1.0-
1 libepc-ui-
1.0-
1 libexchange-storage1.2-
3
2385 libfaad0 libgd2-noxpm libgda3-
3 libgda3-common libggz2 libggzcore9
2386 libggzmod4 libgksu1.2-
0 libgksuui1.0-
1 libgmyth0 libgnome-desktop-
2
2387 libgnome-pilot2 libgnomecups1.0-
1 libgnomeprint2.2-
0
2388 libgnomeprintui2.2-
0 libgpod3 libgraphviz4 libgtkhtml2-
0
2389 libgtksourceview1.0-
0 libgucharmap6 libhesiod0 libicu38 libisccc50
2390 libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++
10
2391 libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
2392 libneon27 libnm-glib0 libnm-util0 libopal-
2.2 libosp5
2393 libparted1.8-
10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
2394 libpt-
1.10.10 libraw1394-
8 libsensors3 libsmbios2 libsoup2.2-
8
2395 libssh2-
1 libsuitesparse-
3.1.0 libswfdec-
0.6-
90 libtalloc1
2396 libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
2397 libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
2398 mysql-common swfdec-gnome totem-gstreamer wodim
2399 </p
></blockquote
>
2401 <p
>Installed using aptitude, missing with apt-get
</p
>
2403 <blockquote
><p
>
2404 gnome gnome-desktop-environment hamster-applet python-gnomeapplet
2405 python-gnomekeyring python-wnck rhythmbox-plugins xorg
2406 xserver-xorg-input-all xserver-xorg-input-evdev
2407 xserver-xorg-input-kbd xserver-xorg-input-mouse
2408 xserver-xorg-input-synaptics xserver-xorg-video-all
2409 xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
2410 xserver-xorg-video-chips xserver-xorg-video-cirrus
2411 xserver-xorg-video-dummy xserver-xorg-video-fbdev
2412 xserver-xorg-video-glint xserver-xorg-video-i128
2413 xserver-xorg-video-i740 xserver-xorg-video-mach64
2414 xserver-xorg-video-mga xserver-xorg-video-neomagic
2415 xserver-xorg-video-nouveau xserver-xorg-video-nv
2416 xserver-xorg-video-r128 xserver-xorg-video-radeon
2417 xserver-xorg-video-radeonhd xserver-xorg-video-rendition
2418 xserver-xorg-video-s3 xserver-xorg-video-s3virge
2419 xserver-xorg-video-savage xserver-xorg-video-siliconmotion
2420 xserver-xorg-video-sis xserver-xorg-video-sisusb
2421 xserver-xorg-video-tdfx xserver-xorg-video-tga
2422 xserver-xorg-video-trident xserver-xorg-video-tseng
2423 xserver-xorg-video-vesa xserver-xorg-video-vmware
2424 xserver-xorg-video-voodoo
2425 </p
></blockquote
>
2427 <p
>Installed using aptitude, removed with apt-get
</p
>
2429 <blockquote
><p
>
2430 deskbar-applet xserver-xorg xserver-xorg-core
2431 xserver-xorg-input-wacom xserver-xorg-video-intel
2432 xserver-xorg-video-openchrome
2433 </p
></blockquote
>
2435 <p
>I was told on IRC that the xorg-xserver package was
2436 <a href=
"http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=
9c8080d06c457932d3bfec021c69ac000aa60120
">changed
2437 in git
</a
> today to try to get apt-get to not remove xorg completely.
2438 No idea when it hits Squeeze, but when it does I hope it will reduce
2439 the difference somewhat.
2444 <title>LUMA, a very nice LDAP GUI
</title>
2445 <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html
</link>
2446 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html
</guid>
2447 <pubDate>Mon,
28 Jun
2010 00:
30:
00 +
0200</pubDate>
2448 <description><p
>The last few days I have been looking into the status of the LDAP
2449 directory in Debian Edu, and in the process I started to miss a GUI
2450 tool to browse the LDAP tree. The only one I was able to find in
2451 Debian/Squeeze and Lenny is
2452 <a href=
"http://luma.sourceforge.net/
">LUMA
</a
>, which has proved to
2453 be a great tool to get a overview of the current LDAP directory
2454 populated by default in Skolelinux. Thanks to it, I have been able to
2455 find empty and obsolete subtrees, misplaced objects and duplicate
2456 objects. It will be installed by default in Debian/Squeeze. If you
2457 are working with LDAP, give it a go. :)
</p
>
2459 <p
>I did notice one problem with it I have not had time to report to
2460 the BTS yet. There is no .desktop file in the package, so the tool do
2461 not show up in the Gnome and KDE menus, but only deep down in in the
2462 Debian submenu in KDE. I hope that can be fixed before Squeeze is
2465 <p
>I have not yet been able to get it to modify the tree yet. I would
2466 like to move objects and remove subtrees directly in the GUI, but have
2467 not found a way to do that with LUMA yet. So in the mean time, I use
2468 <a href=
"http://www.lichteblau.com/ldapvi/
">ldapvi
</a
> for that.
</p
>
2470 <p
>If you have tips on other GUI tools for LDAP that might be useful
2471 in Debian Edu, please contact us on debian-edu@lists.debian.org.
</p
>
2473 <p
>Update
2010-
06-
29: Ross Reedstrom tipped us about the
2474 <a href=
"http://packages.qa.debian.org/g/gq.html
">gq
</a
> package as a
2475 useful GUI alternative. It seem like a good tool, but is unmaintained
2476 in Debian and got a RC bug keeping it out of Squeeze. Unless that
2477 changes, it will not be an option for Debian Edu based on Squeeze.
</p
>
2482 <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object
</title>
2483 <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html
</link>
2484 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html
</guid>
2485 <pubDate>Thu,
24 Jun
2010 00:
35:
00 +
0200</pubDate>
2486 <description><p
>A while back, I
2487 <a href=
"http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
">complained
2488 about the fact
</a
> that it is not possible with the provided schemas
2489 for storing DNS and DHCP information in LDAP to combine the two sets
2490 of information into one LDAP object representing a computer.
</p
>
2492 <p
>In the mean time, I discovered that a simple fix would be to make
2493 the dhcpHost object class auxiliary, to allow it to be combined with
2494 the dNSDomain object class, and thus forming one object for one
2495 computer when storing both DHCP and DNS information in LDAP.
</p
>
2497 <p
>If I understand this correctly, it is not safe to do this change
2498 without also changing the assigned number for the object class, and I
2499 do not know enough about LDAP schema design to do that properly for
2500 Debian Edu.
</p
>
2502 <p
>Anyway, for future reference, this is how I believe we could change
2504 <a href=
"http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-
00">DHCP
2505 schema
</a
> to solve at least part of the problem with the LDAP schemas
2506 available today from IETF.
</p
>
2509 --- dhcp.schema (revision
65192)
2510 +++ dhcp.schema (working copy)
2512 objectclass (
2.16.840.1.113719.1.203.6.6
2513 NAME
'dhcpHost
'
2514 DESC
'This represents information about a particular client
'
2518 MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
2519 X-NDS_CONTAINMENT (
'dhcpService
' 'dhcpSubnet
' 'dhcpGroup
') )
2522 <p
>I very much welcome clues on how to do this properly for Debian
2523 Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
2524 package, and should thus be free to rewrite it as we see fit.
</p
>
2526 <p
>If you want to help out with implementing this for Debian Edu,
2527 please contact us on debian-edu@lists.debian.org.
</p
>
2532 <title>Calling tasksel like the installer, while still getting useful output
</title>
2533 <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html
</link>
2534 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html
</guid>
2535 <pubDate>Wed,
16 Jun
2010 14:
55:
00 +
0200</pubDate>
2536 <description><p
>A few times I have had the need to simulate the way tasksel
2537 installs packages during the normal debian-installer run. Until now,
2538 I have ended up letting tasksel do the work, with the annoying problem
2539 of not getting any feedback at all when something fails (like a
2540 conffile question from dpkg or a download that fails), using code like
2543 <blockquote
><pre
>
2544 export DEBIAN_FRONTEND=noninteractive
2545 tasksel --new-install
2546 </pre
></blockquote
>
2548 This would invoke tasksel, let its automatic task selection pick the
2549 tasks to install, and continue to install the requested tasks without
2550 any output what so ever.
2552 Recently I revisited this problem while working on the automatic
2553 package upgrade testing, because tasksel would some times hang without
2554 any useful feedback, and I want to see what is going on when it
2555 happen. Then it occured to me, I can parse the output from tasksel
2556 when asked to run in test mode, and use that aptitude command line
2557 printed by tasksel then to simulate the tasksel run. I ended up using
2560 <blockquote
><pre
>
2561 export DEBIAN_FRONTEND=noninteractive
2562 cmd=
"$(in_target tasksel -t --new-install | sed
's/debconf-apt-progress -- //
')
"
2564 </pre
></blockquote
>
2566 <p
>The content of $cmd is typically something like
"<tt
>aptitude -q
2567 --without-recommends -o APT::Install-Recommends=no -y install
2568 ~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
2569 ~pimportant
</tt
>", which will install the gnome desktop task, the
2570 laptop task and all packages with priority standard , required and
2571 important, just like tasksel would have done it during
2572 installation.
</p
>
2574 <p
>A better approach is probably to extend tasksel to be able to
2575 install packages without using debconf-apt-progress, for use cases
2576 like this.
</p
>
2581 <title>Lenny-
>Squeeze upgrades, removals by apt and aptitude
</title>
2582 <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html
</link>
2583 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html
</guid>
2584 <pubDate>Sun,
13 Jun
2010 09:
05:
00 +
0200</pubDate>
2585 <description><p
>My
2586 <a href=
"http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
">testing
2587 of Debian upgrades
</a
> from Lenny to Squeeze continues, and I
've
2588 finally made the upgrade logs available from
2589 <a href=
"http://people.skolelinux.org/pere/debian-upgrade-testing/
">http://people.skolelinux.org/pere/debian-upgrade-testing/
</a
>.
2590 I am now testing dist-upgrade of Gnome and KDE in a chroot using both
2591 apt and aptitude, and found their differences interesting. This time
2592 I will only focus on their removal plans.
</p
>
2594 <p
>After installing a Gnome desktop and the laptop task, apt-get wants
2595 to remove
72 packages when dist-upgrading from Lenny to Squeeze. The
2596 surprising part is that it want to remove xorg and all
2597 xserver-xorg-video* drivers. Clearly not a good choice, but I am not
2598 sure why. When asking aptitude to do the same, it want to remove
129
2599 packages, but most of them are library packages I suspect are no
2600 longer needed. Both of them want to remove bluetooth packages, which
2601 I do not know. Perhaps these bluetooth packages are obsolete?
</p
>
2603 <p
>For KDE, apt-get want to remove
82 packages, among them kdebase
2604 which seem like a bad idea and xorg the same way as with Gnome. Asking
2605 aptitude for the same, it wants to remove
192 packages, none which are
2606 too surprising.
</p
>
2608 <p
>I guess the removal of xorg during upgrades should be investigated
2609 and avoided, and perhaps others as well. Here are the complete list
2610 of planned removals. The complete logs is available from the URL
2611 above. Note if you want to repeat these tests, that the upgrade test
2612 for kde+apt-get hung in the tasksel setup because of dpkg asking
2613 conffile questions. No idea why. I worked around it by using
2614 '<tt
>echo
>> /proc/
<em
>pidofdpkg
</em
>/fd/
0</tt
>' to tell dpkg to
2617 <p
><b
>apt-get gnome
72</b
>
2618 <br
>bluez-gnome cupsddk-drivers deskbar-applet gnome
2619 gnome-desktop-environment gnome-network-admin gtkhtml3.14
2620 iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-
1-
0
2621 libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0
2622 nautilus-cd-burner python-gnome2-desktop python-gnome2-extras
2623 serpentine swfdec-mozilla update-manager xorg xserver-xorg
2624 xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
2625 xserver-xorg-input-kbd xserver-xorg-input-mouse
2626 xserver-xorg-input-synaptics xserver-xorg-input-wacom
2627 xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
2628 xserver-xorg-video-ati xserver-xorg-video-chips
2629 xserver-xorg-video-cirrus xserver-xorg-video-cyrix
2630 xserver-xorg-video-dummy xserver-xorg-video-fbdev
2631 xserver-xorg-video-glint xserver-xorg-video-i128
2632 xserver-xorg-video-i740 xserver-xorg-video-imstt
2633 xserver-xorg-video-intel xserver-xorg-video-mach64
2634 xserver-xorg-video-mga xserver-xorg-video-neomagic
2635 xserver-xorg-video-nsc xserver-xorg-video-nv
2636 xserver-xorg-video-openchrome xserver-xorg-video-r128
2637 xserver-xorg-video-radeon xserver-xorg-video-radeonhd
2638 xserver-xorg-video-rendition xserver-xorg-video-s3
2639 xserver-xorg-video-s3virge xserver-xorg-video-savage
2640 xserver-xorg-video-siliconmotion xserver-xorg-video-sis
2641 xserver-xorg-video-sisusb xserver-xorg-video-tdfx
2642 xserver-xorg-video-tga xserver-xorg-video-trident
2643 xserver-xorg-video-tseng xserver-xorg-video-v4l
2644 xserver-xorg-video-vesa xserver-xorg-video-vga
2645 xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-
1.9
2646 xulrunner-
1.9-gnome-support
</p
>
2648 <p
><b
>aptitude gnome
129</b
>
2650 <br
>bluez-gnome bluez-utils cpp-
4.3 cupsddk-drivers dhcdbd
2651 djvulibre-desktop finger gnome-app-install gnome-mount
2652 gnome-network-admin gnome-spell gnome-vfs-obexftp
2653 gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2
2654 libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2
2655 libcamel1.2-
11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0
2656 libdirectfb-
1.0-
0 libdvdread3 libedataserver1.2-
9 libeel2-
2.20
2657 libeel2-data libepc-
1.0-
1 libepc-ui-
1.0-
1 libfaad0 libgail-common
2658 libgd2-noxpm libgda3-
3 libgda3-common libgdl-
1-
0 libgdl-
1-common
2659 libggz2 libggzcore9 libggzmod4 libgksu1.2-
0 libgksuui1.0-
1 libgmyth0
2660 libgnomecups1.0-
1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-
0
2661 libgnomeprint2.2-data libgnomeprintui2.2-
0 libgnomeprintui2.2-common
2662 libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-
0
2663 libgtksourceview-common libgtksourceview1.0-
0 libgucharmap6
2664 libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++
10
2665 libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off
2666 libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-
2.2
2667 libosp5 libparted1.8-
10 libpoppler-glib3 libpoppler3 libpt-
1.10.10
2668 libpt-
1.10.10-plugins-alsa libpt-
1.10.10-plugins-v4l libraw1394-
8
2669 libsensors3 libslab0 libsmbios2 libsoup2.2-
8 libssh2-
1
2670 libsuitesparse-
3.1.0 libswfdec-
0.6-
90 libtalloc1 libtotem-plparser10
2671 libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0
2672 libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6
2673 libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner
2674 openoffice.org-writer2latex openssl-blacklist p7zip
2675 python-
4suite-xml python-eggtrayicon python-gnome2-desktop
2676 python-gnome2-extras python-gtkhtml2 python-gtkmozembed
2677 python-numeric python-sexy serpentine svgalibg1 swfdec-gnome
2678 swfdec-mozilla totem-gstreamer update-manager wodim
2679 xserver-xorg-video-cyrix xserver-xorg-video-imstt
2680 xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
2683 <p
><b
>apt-get kde
82</b
>
2685 <br
>cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core
2686 kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3
2687 kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker
2688 kicker-applets knewsticker kolourpaint konq-plugins konqueror korn
2689 kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1
2690 libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg
2691 xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
2692 xserver-xorg-input-kbd xserver-xorg-input-mouse
2693 xserver-xorg-input-synaptics xserver-xorg-input-wacom
2694 xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
2695 xserver-xorg-video-ati xserver-xorg-video-chips
2696 xserver-xorg-video-cirrus xserver-xorg-video-cyrix
2697 xserver-xorg-video-dummy xserver-xorg-video-fbdev
2698 xserver-xorg-video-glint xserver-xorg-video-i128
2699 xserver-xorg-video-i740 xserver-xorg-video-imstt
2700 xserver-xorg-video-intel xserver-xorg-video-mach64
2701 xserver-xorg-video-mga xserver-xorg-video-neomagic
2702 xserver-xorg-video-nsc xserver-xorg-video-nv
2703 xserver-xorg-video-openchrome xserver-xorg-video-r128
2704 xserver-xorg-video-radeon xserver-xorg-video-radeonhd
2705 xserver-xorg-video-rendition xserver-xorg-video-s3
2706 xserver-xorg-video-s3virge xserver-xorg-video-savage
2707 xserver-xorg-video-siliconmotion xserver-xorg-video-sis
2708 xserver-xorg-video-sisusb xserver-xorg-video-tdfx
2709 xserver-xorg-video-tga xserver-xorg-video-trident
2710 xserver-xorg-video-tseng xserver-xorg-video-v4l
2711 xserver-xorg-video-vesa xserver-xorg-video-vga
2712 xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-
1.9</p
>
2714 <p
><b
>aptitude kde
192</b
>
2715 <br
>bluez-utils cpp-
4.3 cupsddk-drivers cvs dcoprss dhcdbd
2716 djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext
2717 ghostscript-x imlib-base imlib11 indi kandy karm kasteroids
2718 kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat
2719 kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
2720 kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data
2721 kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data
2722 kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
2723 kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh
2724 kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs
2725 kghostview khelpcenter khexedit kiconedit kitchensync klatin
2726 klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint
2727 kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler
2728 krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver
2729 ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos
2730 kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock
2731 kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile
2732 libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
2733 libavahi-core5 libavc1394-
0 libavcodec51 libbluetooth2
2734 libboost-python1.34
.1 libcucul0 libcurl3 libcvsservice0 libdatrie0
2735 libdirectfb-
1.0-
0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
2736 libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-
0
2737 libicu38 libiec61883-
0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1
2738 libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2
2739 libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
2740 libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a
2741 libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9
2742 libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-
8 libsmbios2
2743 libssh2-
1 libsuitesparse-
3.1.0 libtalloc1 libtiff-tools
2744 libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java
2745 libxerces2-java-gcj libxtrap6 mpeglib networkstatus
2746 openoffice.org-writer2latex pmount poster psutils quanta quanta-data
2747 superkaramba svgalibg1 tex-common texlive-base texlive-base-bin
2748 texlive-common texlive-doc-base texlive-fonts-recommended
2749 xserver-xorg-video-cyrix xserver-xorg-video-imstt
2750 xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
2751 xulrunner-
1.9</p
>
2757 <title>Automatic upgrade testing from Lenny to Squeeze
</title>
2758 <link>http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
</link>
2759 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
</guid>
2760 <pubDate>Fri,
11 Jun
2010 22:
50:
00 +
0200</pubDate>
2761 <description><p
>The last few days I have done some upgrade testing in Debian, to
2762 see if the upgrade from Lenny to Squeeze will go smoothly. A few bugs
2763 have been discovered and reported in the process
2764 (
<a href=
"http://bugs.debian.org/
585410">#
585410</a
> in nagios3-cgi,
2765 <a href=
"http://bugs.debian.org/
584879">#
584879</a
> already fixed in
2766 enscript and
<a href=
"http://bugs.debian.org/
584861">#
584861</a
> in
2767 kdebase-workspace-data), and to get a more regular testing going on, I
2768 am working on a script to automate the test.
</p
>
2770 <p
>The idea is to create a Lenny chroot and use tasksel to install a
2771 Gnome or KDE desktop installation inside the chroot before upgrading
2772 it. To ensure no services are started in the chroot, a policy-rc.d
2773 script is inserted. To make sure tasksel believe it is to install a
2774 desktop on a laptop, the tasksel tests are replaced in the chroot
2775 (only acceptable because this is a throw-away chroot).
</p
>
2777 <p
>A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade
2778 currently always fail because udev refuses to upgrade with the kernel
2779 in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade
2780 is created. The bug report
2781 <a href=
"http://bugs.debian.org/
566000">#
566000</a
> make me suspect
2782 this problem do not trigger in a chroot, but I touch the file anyway
2783 to make sure the upgrade go well. Testing on virtual and real
2784 hardware have failed me because of udev so far, and creating this file
2785 do the trick in such settings anyway. This is a
2786 <a href=
"http://www.linuxquestions.org/questions/debian-
26/failed-dist-upgrade-due-to-udev-config_sysfs_deprecated-nonsense-
804130/
">known
2787 issue
</a
> and the current udev behaviour is intended by the udev
2788 maintainer because he lack the resources to rewrite udev to keep
2789 working with old kernels or something like that. I really wish the
2790 udev upstream would keep udev backwards compatible, to avoid such
2791 upgrade problem, but given that they fail to do so, I guess
2792 documenting the way out of this mess is the best option we got for
2793 Debian Squeeze.
</p
>
2795 <p
>Anyway, back to the task at hand, testing upgrades. This test
2796 script, which I call
<tt
>upgrade-test
</tt
> for now, is doing the
2799 <blockquote
><pre
>
2803 if [
"$
1" ] ; then
2812 exec
&lt; /dev/null
2814 mirror=http://ftp.skolelinux.org/debian
2815 tmpdir=chroot-$from-upgrade-$to-$desktop
2817 debootstrap $from $tmpdir $mirror
2818 chroot $tmpdir aptitude update
2819 cat
> $tmpdir/usr/sbin/policy-rc.d
&lt;
&lt;EOF
2823 chmod a+rx $tmpdir/usr/sbin/policy-rc.d
2827 mount -t proc proc $tmpdir/proc
2828 # Make sure proc is unmounted also on failure
2829 trap exit_cleanup EXIT INT
2831 chroot $tmpdir aptitude -y install debconf-utils
2833 # Make sure tasksel autoselection trigger. It need the test scripts
2834 # to return the correct answers.
2835 echo tasksel tasksel/desktop multiselect $desktop | \
2836 chroot $tmpdir debconf-set-selections
2838 # Include the desktop and laptop task
2839 for test in desktop laptop ; do
2840 echo
> $tmpdir/usr/lib/tasksel/tests/$test
&lt;
&lt;EOF
2844 chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
2847 DEBIAN_FRONTEND=noninteractive
2848 DEBIAN_PRIORITY=critical
2849 export DEBIAN_FRONTEND DEBIAN_PRIORITY
2850 chroot $tmpdir tasksel --new-install
2852 echo deb $mirror $to main
> $tmpdir/etc/apt/sources.list
2853 chroot $tmpdir aptitude update
2854 touch $tmpdir/etc/udev/kernel-upgrade
2855 chroot $tmpdir aptitude -y dist-upgrade
2857 </pre
></blockquote
>
2859 <p
>I suspect it would be useful to test upgrades with both apt-get and
2860 with aptitude, but I have not had time to look at how they behave
2861 differently so far. I hope to get a cron job running to do the test
2862 regularly and post the result on the web. The Gnome upgrade currently
2863 work, while the KDE upgrade fail because of the bug in
2864 kdebase-workspace-data
</p
>
2866 <p
>I am not quite sure what kind of extract from the huge upgrade logs
2867 (KDE
167 KiB, Gnome
516 KiB) it make sense to include in this blog
2868 post, so I will refrain from trying. I can report that for Gnome,
2869 aptitude report
760 packages upgraded,
448 newly installed,
129 to
2870 remove and
1 not upgraded and
1024MB need to be downloaded while for
2871 KDE the same numbers are
702 packages upgraded,
507 newly installed,
2872 193 to remove and
0 not upgraded and
1117MB need to be downloaded
</p
>
2874 <p
>I am very happy to notice that the Gnome desktop + laptop upgrade
2875 is able to migrate to dependency based boot sequencing and parallel
2876 booting without a hitch. Was unsure if there were still bugs with
2877 packages failing to clean up their obsolete init.d script during
2878 upgrades, and no such problem seem to affect the Gnome desktop+laptop
2884 <title>Upstart or sysvinit - as init.d scripts see it
</title>
2885 <link>http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html
</link>
2886 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html
</guid>
2887 <pubDate>Sun,
6 Jun
2010 23:
55:
00 +
0200</pubDate>
2888 <description><p
>If Debian is to migrate to upstart on Linux, I expect some init.d
2889 scripts to migrate (some of) their operations to upstart job while
2890 keeping the init.d for hurd and kfreebsd. The packages with such
2891 needs will need a way to get their init.d scripts to behave
2892 differently when used with sysvinit and with upstart. Because of
2893 this, I had a look at the environment variables set when a init.d
2894 script is running under upstart, and when it is not.
</p
>
2896 <p
>With upstart, I notice these environment variables are set when a
2897 script is started from rcS.d/ (ignoring some irrelevant ones like
2900 <blockquote
><pre
>
2906 UPSTART_EVENTS=startup
2908 UPSTART_JOB=rc-sysinit
2909 </pre
></blockquote
>
2911 <p
>With sysvinit, these environment variables are set for the same
2914 <blockquote
><pre
>
2915 INIT_VERSION=sysvinit-
2.88
2920 </pre
></blockquote
>
2922 <p
>The RUNLEVEL and PREVLEVEL environment variables passed on from
2923 sysvinit are not set by upstart. Not sure if it is intentional or not
2924 to not be compatible with sysvinit in this regard.
</p
>
2926 <p
>For scripts needing to behave differently when upstart is used,
2927 looking for the UPSTART_JOB environment variable seem to be a good
2933 <title>A manual for standards wars...
</title>
2934 <link>http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html
</link>
2935 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html
</guid>
2936 <pubDate>Sun,
6 Jun
2010 14:
15:
00 +
0200</pubDate>
2937 <description><p
>Via the
2938 <a href=
"http://feedproxy.google.com/~r/robweir/antic-atom/~
3/QzU4RgoAGMg/weekly-links-
10.html
">blog
2939 of Rob Weir
</a
> I came across the very interesting essay named
2940 <a href=
"http://faculty.haas.berkeley.edu/shapiro/wars.pdf
">The Art of
2941 Standards Wars
</a
> (PDF
25 pages). I recommend it for everyone
2942 following the standards wars of today.
</p
>
2947 <title>Sitesummary tip: Listing computer hardware models used at site
</title>
2948 <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html
</link>
2949 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html
</guid>
2950 <pubDate>Thu,
3 Jun
2010 12:
05:
00 +
0200</pubDate>
2951 <description><p
>When using sitesummary at a site to track machines, it is possible
2952 to get a list of the machine types in use thanks to the DMI
2953 information extracted from each machine. The script to do so is
2954 included in the sitesummary package, and here is example output from
2955 the Skolelinux build servers:
</p
>
2957 <blockquote
><pre
>
2958 maintainer:~# /usr/lib/sitesummary/hardware-model-summary
2960 Dell Computer Corporation
1
2963 eserver xSeries
345 -[
8670M1X]-
1
2967 </pre
></blockquote
>
2969 <p
>The quality of the report depend on the quality of the DMI tables
2970 provided in each machine. Here there are Intel machines without model
2971 information listed with Intel as vendor and no model, and virtual Xen
2972 machines listed as [no-dmi-info]. One can add -l as a command line
2973 option to list the individual machines.
</p
>
2975 <p
>A larger list is
2976 <a href=
"http://narvikskolen.no/sitesummary/
">available from the the
2977 city of Narvik
</a
>, which uses Skolelinux on all their shools and also
2978 provide the basic sitesummary report publicly. In their report there
2979 are ~
1400 machines. I know they use both Ubuntu and Skolelinux on
2980 their machines, and as sitesummary is available in both distributions,
2981 it is trivial to get all of them to report to the same central
2982 collector.
</p
>
2987 <title>KDM fail at boot with NVidia cards - and no one try to fix it?
</title>
2988 <link>http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
</link>
2989 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
</guid>
2990 <pubDate>Tue,
1 Jun
2010 17:
05:
00 +
0200</pubDate>
2991 <description><p
>It is strange to watch how a bug in Debian causing KDM to fail to
2992 start at boot when an NVidia video card is used is handled. The
2993 problem seem to be that the nvidia X.org driver uses a long time to
2994 initialize, and this duration is longer than kdm is configured to
2997 <p
>I came across two bugs related to this issue,
2998 <a href=
"http://bugs.debian.org/
583312">#
583312</a
> initially filed
2999 against initscripts and passed on to nvidia-glx when it became obvious
3000 that the nvidia drivers were involved, and
3001 <a href=
"http://bugs.debian.org/
524751">#
524751</a
> initially filed against
3002 kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.
</p
>
3004 <p
>To me, it seem that no-one is interested in actually solving the
3005 problem nvidia video card owners experience and make sure the Debian
3006 distribution work out of the box for these users. The nvidia driver
3007 maintainers expect kdm to be set up to wait longer, while kdm expect
3008 the nvidia driver maintainers to fix the driver to start faster, and
3009 while they wait for each other I guess the users end up switching to a
3010 distribution that work for them. I have no idea what the solution is,
3011 but I am pretty sure that waiting for each other is not it.
</p
>
3013 <p
>I wonder why we end up handling bugs this way.
</p
>
3018 <title>Parallellized boot seem to hold up well in Debian/testing
</title>
3019 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
</link>
3020 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
</guid>
3021 <pubDate>Thu,
27 May
2010 23:
55:
00 +
0200</pubDate>
3022 <description><p
>A few days ago, parallel booting was enabled in Debian/testing.
3023 The feature seem to hold up pretty well, but three fairly serious
3024 issues are known and should be solved:
3028 <li
>The wicd package seen to
3029 <a href=
"http://bugs.debian.org/
508289">break NFS mounting
</a
> and
3030 <a href=
"http://bugs.debian.org/
581586">network setup
</a
> when
3031 parallel booting is enabled. No idea why, but the wicd maintainer
3032 seem to be on the case.
</li
>
3034 <li
>The nvidia X driver seem to
3035 <a href=
"http://bugs.debian.org/
583312">have a race condition
</a
>
3036 triggered more easily when parallel booting is in effect. The
3037 maintainer is on the case.
</li
>
3039 <li
>The sysv-rc package fail to properly enable dependency based boot
3040 sequencing (the shutdown is broken) when old file-rc users
3041 <a href=
"http://bugs.debian.org/
575080">try to switch back
</a
> to
3042 sysv-rc. One way to solve it would be for file-rc to create
3043 /etc/init.d/.legacy-bootordering, and another is to try to make
3044 sysv-rc more robust. Will investigate some more and probably upload a
3045 workaround in sysv-rc to help those trying to move from file-rc to
3046 sysv-rc get a working shutdown.
</li
>
3048 </ul
></p
>
3050 <p
>All in all not many surprising issues, and all of them seem
3051 solvable before Squeeze is released. In addition to these there are
3052 some packages with bugs in their dependencies and run level settings,
3053 which I expect will be fixed in a reasonable time span.
</p
>
3055 <p
>If you report any problems with dependencies in init.d scripts to
3056 the BTS, please usertag the report to get it to show up at
3057 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
3058 list of usertagged bugs related to this
</a
>.
</p
>
3060 <p
>Update: Correct bug number to file-rc issue.
</p
>
3065 <title>More flexible firmware handling in debian-installer
</title>
3066 <link>http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html
</link>
3067 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html
</guid>
3068 <pubDate>Sat,
22 May
2010 21:
30:
00 +
0200</pubDate>
3069 <description><p
>After a long break from debian-installer development, I finally
3070 found time today to return to the project. Having to spend less time
3071 working dependency based boot in debian, as it is almost complete now,
3072 definitely helped freeing some time.
</p
>
3074 <p
>A while back, I ran into a problem while working on Debian Edu. We
3075 include some firmware packages on the Debian Edu CDs, those needed to
3076 get disk and network controllers working. Without having these
3077 firmware packages available during installation, it is impossible to
3078 install Debian Edu on the given machine, and because our target group
3079 are non-technical people, asking them to provide firmware packages on
3080 an external medium is a support pain. Initially, I expected it to be
3081 enough to include the firmware packages on the CD to get
3082 debian-installer to find and use them. This proved to be wrong.
3083 Next, I hoped it was enough to symlink the relevant firmware packages
3084 to some useful location on the CD (tried /cdrom/ and
3085 /cdrom/firmware/). This also proved to not work, and at this point I
3086 found time to look at the debian-installer code to figure out what was
3087 going to work.
</p
>
3089 <p
>The firmware loading code is in the hw-detect package, and a closer
3090 look revealed that it would only look for firmware packages outside
3091 the installation media, so the CD was never checked for firmware
3092 packages. It would only check USB sticks, floppies and other
3093 "external
" media devices. Today I changed it to also look in the
3094 /cdrom/firmware/ directory on the mounted CD or DVD, which should
3095 solve the problem I ran into with Debian edu. I also changed it to
3096 look in /firmware/, to make sure the installer also find firmware
3097 provided in the initrd when booting the installer via PXE, to allow us
3098 to provide the same feature in the PXE setup included in Debian
3101 <p
>To make sure firmware deb packages with a license questions are not
3102 activated without asking if the license is accepted, I extended
3103 hw-detect to look for preinst scripts in the firmware packages, and
3104 run these before activating the firmware during installation. The
3105 license question is asked using debconf in the preinst, so this should
3106 solve the issue for the firmware packages I have looked at so far.
</p
>
3108 <p
>If you want to discuss the details of these features, please
3109 contact us on debian-boot@lists.debian.org.
</p
>
3114 <title>Parallellized boot is now the default in Debian/unstable
</title>
3115 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</link>
3116 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</guid>
3117 <pubDate>Fri,
14 May
2010 22:
40:
00 +
0200</pubDate>
3118 <description><p
>Since this evening, parallel booting is the default in
3119 Debian/unstable for machines using dependency based boot sequencing.
3120 Apparently the testing of concurrent booting has been wider than
3121 expected, if I am to believe the
3122 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
3123 on debian-devel@
</a
>, and I concluded a few days ago to move forward
3124 with the feature this weekend, to give us some time to detect any
3125 remaining problems before Squeeze is frozen. If serious problems are
3126 detected, it is simple to change the default back to sequential boot.
3127 The upload of the new sysvinit package also activate a new upstream
3130 More information about
3131 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
3132 based boot sequencing
</a
> is available from the Debian wiki. It is
3133 currently possible to disable parallel booting when one run into
3134 problems caused by it, by adding this line to /etc/default/rcS:
</p
>
3136 <blockquote
><pre
>
3138 </pre
></blockquote
>
3140 <p
>If you report any problems with dependencies in init.d scripts to
3141 the BTS, please usertag the report to get it to show up at
3142 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
3143 list of usertagged bugs related to this
</a
>.
</p
>
3148 <title>Sitesummary tip: Listing MAC address of all clients
</title>
3149 <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</link>
3150 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</guid>
3151 <pubDate>Fri,
14 May
2010 21:
10:
00 +
0200</pubDate>
3152 <description><p
>In the recent Debian Edu versions, the
3153 <a href=
"http://wiki.debian.org/DebianEdu/HowTo/SiteSummary
">sitesummary
3154 system
</a
> is used to keep track of the machines in the school
3155 network. Each machine will automatically report its status to the
3156 central server after boot and once per night. The network setup is
3157 also reported, and using this information it is possible to get the
3158 MAC address of all network interfaces in the machines. This is useful
3159 to update the DHCP configuration.
</p
>
3161 <p
>To give some idea how to use sitesummary, here is a one-liner to
3162 ist all MAC addresses of all machines reporting to sitesummary. Run
3163 this on the collector host:
</p
>
3165 <blockquote
><pre
>
3166 perl -MSiteSummary -e
'for_all_hosts(sub { print join(
" ", get_macaddresses(shift)),
"\n
"; });
'
3167 </pre
></blockquote
>
3169 <p
>This will list all MAC addresses assosiated with all machine, one
3170 line per machine and with space between the MAC addresses.
</p
>
3172 <p
>To allow system administrators easier job at adding static DHCP
3173 addresses for hosts, it would be possible to extend this to fetch
3174 machine information from sitesummary and update the DHCP and DNS
3175 tables in LDAP using this information. Such tool is unfortunately not
3176 written yet.
</p
>
3181 <title>systemd, an interesting alternative to upstart
</title>
3182 <link>http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</link>
3183 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</guid>
3184 <pubDate>Thu,
13 May
2010 22:
20:
00 +
0200</pubDate>
3185 <description><p
>The last few days a new boot system called
3186 <a href=
"http://www.freedesktop.org/wiki/Software/systemd
">systemd
</a
>
3188 <a href=
"http://
0pointer.de/blog/projects/systemd.html
">introduced
</a
>
3190 to the free software world. I have not yet had time to play around
3191 with it, but it seem to be a very interesting alternative to
3192 <a href=
"http://upstart.ubuntu.com/
">upstart
</a
>, and might prove to be
3193 a good alternative for Debian when we are able to switch to an event
3194 based boot system. Tollef is
3195 <a href=
"http://bugs.debian.org/
580814">in the process
</a
> of getting
3196 systemd into Debian, and I look forward to seeing how well it work. I
3197 like the fact that systemd handles init.d scripts with dependency
3198 information natively, allowing them to run in parallel where upstart
3199 at the moment do not.
</p
>
3201 <p
>Unfortunately do systemd have the same problem as upstart regarding
3202 platform support. It only work on recent Linux kernels, and also need
3203 some new kernel features enabled to function properly. This means
3204 kFreeBSD and Hurd ports of Debian will need a port or a different boot
3205 system. Not sure how that will be handled if systemd proves to be the
3206 way forward.
</p
>
3208 <p
>In the mean time, based on the
3209 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
3210 on debian-devel@
</a
> regarding parallel booting in Debian, I have
3211 decided to enable full parallel booting as the default in Debian as
3212 soon as possible (probably this weekend or early next week), to see if
3213 there are any remaining serious bugs in the init.d dependencies. A
3214 new version of the sysvinit package implementing this change is
3215 already in experimental. If all go well, Squeeze will be released
3216 with parallel booting enabled by default.
</p
>
3221 <title>Parallellizing the boot in Debian Squeeze - ready for wider testing
</title>
3222 <link>http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</link>
3223 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</guid>
3224 <pubDate>Thu,
6 May
2010 23:
25:
00 +
0200</pubDate>
3225 <description><p
>These days, the init.d script dependencies in Squeeze are quite
3226 complete, so complete that it is actually possible to run all the
3227 init.d scripts in parallell based on these dependencies. If you want
3228 to test your Squeeze system, make sure
3229 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
3230 based boot sequencing
</a
> is enabled, and add this line to
3231 /etc/default/rcS:
</p
>
3233 <blockquote
><pre
>
3234 CONCURRENCY=makefile
3235 </pre
></blockquote
>
3237 <p
>That is it. It will cause sysv-rc to use the startpar tool to run
3238 scripts in parallel using the dependency information stored in
3239 /etc/init.d/.depend.boot, /etc/init.d/.depend.start and
3240 /etc/init.d/.depend.stop to order the scripts. Startpar is configured
3241 to try to start the kdm and gdm scripts as early as possible, and will
3242 start the facilities required by kdm or gdm as early as possible to
3243 make this happen.
</p
>
3245 <p
>Give it a try, and see if you like the result. If some services
3246 fail to start properly, it is most likely because they have incomplete
3247 init.d script dependencies in their startup script (or some of their
3248 dependent scripts have incomplete dependencies). Report bugs and get
3249 the package maintainers to fix it. :)
</p
>
3251 <p
>Running scripts in parallel could be the default in Debian when we
3252 manage to get the init.d script dependencies complete and correct. I
3253 expect we will get there in Squeeze+
1, if we get manage to test and
3254 fix the remaining issues.
</p
>
3256 <p
>If you report any problems with dependencies in init.d scripts to
3257 the BTS, please usertag the report to get it to show up at
3258 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
3259 list of usertagged bugs related to this
</a
>.
</p
>
3264 <title>Debian has switched to dependency based boot sequencing
</title>
3265 <link>http://people.skolelinux.org/pere/blog/Debian_has_switched_to_dependency_based_boot_sequencing.html
</link>
3266 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_has_switched_to_dependency_based_boot_sequencing.html
</guid>
3267 <pubDate>Mon,
27 Jul
2009 23:
50:
00 +
0200</pubDate>
3268 <description><p
>Since this evening, with the upload of sysvinit version
2.87dsf-
2,
3269 and the upload of insserv version
1.12.0-
10 yesterday, Debian unstable
3270 have been migrated to using dependency based boot sequencing. This
3271 conclude work me and others have been doing for the last three days.
3272 It feels great to see this finally part of the default Debian
3273 installation. Now we just need to weed out the last few problems that
3274 are bound to show up, to get everything ready for Squeeze.
</p
>
3276 <p
>The next step is migrating /sbin/init from sysvinit to upstart, and
3277 fixing the more fundamental problem of handing the event based
3278 non-predictable kernel in the early boot.
</p
>
3283 <title>Taking over sysvinit development
</title>
3284 <link>http://people.skolelinux.org/pere/blog/Taking_over_sysvinit_development.html
</link>
3285 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Taking_over_sysvinit_development.html
</guid>
3286 <pubDate>Wed,
22 Jul
2009 23:
00:
00 +
0200</pubDate>
3287 <description><p
>After several years of frustration with the lack of activity from
3288 the existing sysvinit upstream developer, I decided a few weeks ago to
3289 take over the package and become the new upstream. The number of
3290 patches to track for the Debian package was becoming a burden, and the
3291 lack of synchronization between the distribution made it hard to keep
3292 the package up to date.
</p
>
3294 <p
>On the new sysvinit team is the SuSe maintainer Dr. Werner Fink,
3295 and my Debian co-maintainer Kel Modderman. About
10 days ago, I made
3296 a new upstream tarball with version number
2.87dsf (for Debian, SuSe
3297 and Fedora), based on the patches currently in use in these
3298 distributions. We Debian maintainers plan to move to this tarball as
3299 the new upstream as soon as we find time to do the merge. Since the
3300 new tarball was created, we agreed with Werner at SuSe to make a new
3301 upstream project at
<a href=
"http://savannah.nongnu.org/
">Savannah
</a
>, and continue
3302 development there. The project is registered and currently waiting
3303 for approval by the Savannah administrators, and as soon as it is
3304 approved, we will import the old versions from svn and continue
3305 working on the future release.
</p
>
3307 <p
>It is a bit ironic that this is done now, when some of the involved
3308 distributions are moving to upstart as a syvinit replacement.
</p
>
3313 <title>Debian boots quicker and quicker
</title>
3314 <link>http://people.skolelinux.org/pere/blog/Debian_boots_quicker_and_quicker.html
</link>
3315 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_boots_quicker_and_quicker.html
</guid>
3316 <pubDate>Wed,
24 Jun
2009 21:
40:
00 +
0200</pubDate>
3317 <description><p
>I spent Monday and tuesday this week in London with a lot of the
3318 people involved in the boot system on Debian and Ubuntu, to see if we
3319 could find more ways to speed up the boot system. This was an Ubuntu
3321 <a href=
"https://wiki.ubuntu.com/FoundationsTeam/BootPerformance/DebianUbuntuSprint
">developer
3322 gathering
</a
>. It was quite productive. We also discussed the future
3323 of boot systems, and ways to handle the increasing number of boot
3324 issues introduced by the Linux kernel becoming more and more
3325 asynchronous and event base. The Ubuntu approach using udev and
3326 upstart might be a good way forward. Time will show.
</p
>
3328 <p
>Anyway, there are a few ways at the moment to speed up the boot
3329 process in Debian. All of these should be applied to get a quick
3334 <li
>Use dash as /bin/sh.
</li
>
3336 <li
>Disable the init.d/hwclock*.sh scripts and make sure the hardware
3337 clock is in UTC.
</li
>
3339 <li
>Install and activate the insserv package to enable
3340 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
3341 based boot sequencing
</a
>, and enable concurrent booting.
</li
>
3345 These points are based on the Google summer of code work done by
3346 <a href=
"http://initscripts-ng.alioth.debian.org/soc2006-bootsystem/
">Carlos
3349 <p
>Support for makefile-style concurrency during boot was uploaded to
3350 unstable yesterday. When we tested it, we were able to cut
6 seconds
3351 from the boot sequence. It depend on very correct dependency
3352 declaration in all init.d scripts, so I expect us to find edge cases
3353 where the dependences in some scripts are slightly wrong when we start
3354 using this.
</p
>
3356 <p
>On our IRC channel for this effort, #pkg-sysvinit, a new idea was
3357 introduced by Raphael Geissert today, one that could affect the
3358 startup speed as well. Instead of starting some scripts concurrently
3359 from rcS.d/ and another set of scripts from rc2.d/, it would be
3360 possible to run a of them in the same process. A quick way to test
3361 this would be to enable insserv and run
'mv /etc/rc2.d/S* /etc/rcS.d/;
3362 insserv
'. Will need to test if that work. :)
</p
>
3367 <title>BSAs påstander om piratkopiering møter motstand
</title>
3368 <link>http://people.skolelinux.org/pere/blog/BSAs_p_stander_om_piratkopiering_m_ter_motstand.html
</link>
3369 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/BSAs_p_stander_om_piratkopiering_m_ter_motstand.html
</guid>
3370 <pubDate>Sun,
17 May
2009 23:
05:
00 +
0200</pubDate>
3371 <description><p
>Hvert år de siste årene har BSA, lobbyfronten til de store
3372 programvareselskapene som Microsoft og Apple, publisert en rapport der
3373 de gjetter på hvor mye piratkopiering påfører i tapte inntekter i
3374 ulike land rundt om i verden. Resultatene er tendensiøse. For noen
3376 <a href=
"http://global.bsa.org/globalpiracy2008/studies/globalpiracy2008.pdf
">siste
3377 rapport
</a
>, og det er flere kritiske kommentarer publisert de siste
3378 dagene. Et spesielt interessant kommentar fra Sverige,
3379 <a href=
"http://www.idg.se/
2.1085/
1.229795/bsa-hoftade-sverigesiffror
">BSA
3380 höftade Sverigesiffror
</a
>, oppsummeres slik:
</p
>
3383 I sin senaste rapport slår BSA fast att
25 procent av all mjukvara i
3384 Sverige är piratkopierad. Det utan att ha pratat med ett enda svenskt
3385 företag.
"Man bör nog kanske inte se de här siffrorna som helt
3386 exakta
", säger BSAs Sverigechef John Hugosson.
3389 <p
>Mon tro om de er like metodiske når de gjetter på andelen piratkopiering i Norge? To andre kommentarer er
<a
3390 href=
"http://www.vnunet.com/vnunet/comment/
2242134/bsa-piracy-figures-shot-reality
">BSA
3391 piracy figures need a shot of reality
</a
> og
<a
3392 href=
"http://www.michaelgeist.ca/content/view/
3958/
125/
">Does The WIPO
3393 Copyright Treaty Work?
</a
></p
>
3395 <p
>Fant lenkene via
<a
3396 href=
"http://tech.slashdot.org/article.pl?sid=
09/
05/
17/
1632242">oppslag
3397 på Slashdot
</a
>.
</p
>
3402 <title>IDG mener linux i servermarkedet vil vokse med
21% i
2009</title>
3403 <link>http://people.skolelinux.org/pere/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html
</link>
3404 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html
</guid>
3405 <pubDate>Thu,
7 May
2009 22:
30:
00 +
0200</pubDate>
3406 <description><p
>Kom over
3407 <a href=
"http://news.cnet.com/
8301-
13505_3-
10216873-
16.html
">interessante
3408 tall
</a
> fra IDG om utviklingen av linuxservermarkedet. Fikk meg til
3409 å tenke på antall tjenermaskiner ved Universitetet i Oslo der jeg
3410 jobber til daglig. En rask opptelling forteller meg at vi har
490
3411 (
61%) fysiske unix-tjener (mest linux men også noen solaris) og
196
3412 (
25%) windowstjenere, samt
112 (
14%) virtuelle unix-tjenere. Med den
3413 bakgrunnskunnskapen kan jeg godt tro at IDG er inne på noe.
</p
>
3418 <title>Kryptert harddisk - naturligvis
</title>
3419 <link>http://people.skolelinux.org/pere/blog/Kryptert_harddisk___naturligvis.html
</link>
3420 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Kryptert_harddisk___naturligvis.html
</guid>
3421 <pubDate>Sat,
2 May
2009 15:
30:
00 +
0200</pubDate>
3422 <description><p
><a href=
"http://www.dagensit.no/trender/article1658676.ece
">Dagens
3423 IT melder
</a
> at Intel hevder at det er dyrt å miste en datamaskin,
3424 når en tar tap av arbeidstid, fortrolige dokumenter,
3425 personopplysninger og alt annet det innebærer. Det er ingen tvil om
3426 at det er en kostbar affære å miste sin datamaskin, og det er årsaken
3427 til at jeg har kryptert harddisken på både kontormaskinen og min
3428 bærbare. Begge inneholder personopplysninger jeg ikke ønsker skal
3429 komme på avveie, den første informasjon relatert til jobben min ved
3430 Universitetet i Oslo, og den andre relatert til blant annet
3431 foreningsarbeide. Kryptering av diskene gjør at det er lite
3432 sannsynlig at dophoder som kan finne på å rappe maskinene får noe ut
3433 av dem. Maskinene låses automatisk etter noen minutter uten bruk,
3434 og en reboot vil gjøre at de ber om passord før de vil starte opp.
3435 Jeg bruker Debian på begge maskinene, og installasjonssystemet der
3436 gjør det trivielt å sette opp krypterte disker. Jeg har LVM på toppen
3437 av krypterte partisjoner, slik at alt av datapartisjoner er kryptert.
3438 Jeg anbefaler alle å kryptere diskene på sine bærbare. Kostnaden når
3439 det er gjort slik jeg gjør det er minimale, og gevinstene er
3440 betydelige. En bør dog passe på passordet. Hvis det går tapt, må
3441 maskinen reinstalleres og alt er tapt.
</p
>
3443 <p
>Krypteringen vil ikke stoppe kompetente angripere som f.eks. kjøler
3444 ned minnebrikkene før maskinen rebootes med programvare for å hente ut
3445 krypteringsnøklene. Kostnaden med å forsvare seg mot slike angripere
3446 er for min del høyere enn gevinsten. Jeg tror oddsene for at
3447 f.eks. etteretningsorganisasjoner har glede av å titte på mine
3448 maskiner er minimale, og ulempene jeg ville oppnå ved å forsøke å
3449 gjøre det vanskeligere for angripere med kompetanse og ressurser er
3450 betydelige.
</p
>
3455 <title>Two projects that have improved the quality of free software a lot
</title>
3456 <link>http://people.skolelinux.org/pere/blog/Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html
</link>
3457 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html
</guid>
3458 <pubDate>Sat,
2 May
2009 15:
00:
00 +
0200</pubDate>
3459 <description><p
>There are two software projects that have had huge influence on the
3460 quality of free software, and I wanted to mention both in case someone
3461 do not yet know them.
</p
>
3463 <p
>The first one is
<a href=
"http://valgrind.org/
">valgrind
</a
>, a
3464 tool to detect and expose errors in the memory handling of programs.
3465 It is easy to use, all one need to do is to run
'valgrind program
',
3466 and it will report any problems on stdout. It is even better if the
3467 program include debug information. With debug information, it is able
3468 to report the source file name and line number where the problem
3469 occurs. It can report things like
'reading past memory block in file
3470 X line N, the memory block was allocated in file Y, line M
', and
3471 'using uninitialised value in control logic
'. This tool has made it
3472 trivial to investigate reproducible crash bugs in programs, and have
3473 reduced the number of this kind of bugs in free software a lot.
3475 <p
>The second one is
3476 <a href=
"http://en.wikipedia.org/wiki/Coverity
">Coverity
</a
> which is
3477 a source code checker. It is able to process the source of a program
3478 and find problems in the logic without running the program. It
3479 started out as the Stanford Checker and became well known when it was
3480 used to find bugs in the Linux kernel. It is now a commercial tool
3481 and the company behind it is running
3482 <a href=
"http://www.scan.coverity.com/
">a community service
</a
> for the
3483 free software community, where a lot of free software projects get
3484 their source checked for free. Several thousand defects have been
3485 found and fixed so far. It can find errors like
'lock L taken in file
3486 X line N is never released if exiting in line M
', or
'the code in file
3487 Y lines O to P can never be executed
'. The projects included in the
3488 community service project have managed to get rid of a lot of
3489 reliability problems thanks to Coverity.
</p
>
3491 <p
>I believe tools like this, that are able to automatically find
3492 errors in the source, are vital to improve the quality of software and
3493 make sure we can get rid of the crashing and failing software we are
3494 surrounded by today.
</p
>
3499 <title>No patch is not better than a useless patch
</title>
3500 <link>http://people.skolelinux.org/pere/blog/No_patch_is_not_better_than_a_useless_patch.html
</link>
3501 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/No_patch_is_not_better_than_a_useless_patch.html
</guid>
3502 <pubDate>Tue,
28 Apr
2009 09:
30:
00 +
0200</pubDate>
3503 <description><p
>Julien Blache
3504 <a href=
"http://blog.technologeek.org/
2009/
04/
12/
214">claim that no
3505 patch is better than a useless patch
</a
>. I completely disagree, as a
3506 patch allow one to discuss a concrete and proposed solution, and also
3507 prove that the issue at hand is important enough for someone to spent
3508 time on fixing it. No patch do not provide any of these positive
3509 properties.
</p
>
3514 <title>Standardize on protocols and formats, not vendors and applications
</title>
3515 <link>http://people.skolelinux.org/pere/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html
</link>
3516 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html
</guid>
3517 <pubDate>Mon,
30 Mar
2009 11:
50:
00 +
0200</pubDate>
3518 <description><p
>Where I work at the University of Oslo, one decision stand out as a
3519 very good one to form a long lived computer infrastructure. It is the
3520 simple one, lost by many in todays computer industry: Standardize on
3521 open network protocols and open exchange/storage formats, not applications.
3522 Applications come and go, while protocols and files tend to stay, and
3523 thus one want to make it easy to change application and vendor, while
3524 avoiding conversion costs and locking users to a specific platform or
3525 application.
</p
>
3527 <p
>This approach make it possible to replace the client applications
3528 independently of the server applications. One can even allow users to
3529 use several different applications as long as they handle the selected
3530 protocol and format. In the normal case, only one client application
3531 is recommended and users only get help if they choose to use this
3532 application, but those that want to deviate from the easy path are not
3533 blocked from doing so.
</p
>
3535 <p
>It also allow us to replace the server side without forcing the
3536 users to replace their applications, and thus allow us to select the
3537 best server implementation at any moment, when scale and resouce
3538 requirements change.
</p
>
3540 <p
>I strongly recommend standardizing - on open network protocols and
3541 open formats, but I would never recommend standardizing on a single
3542 application that do not use open network protocol or open formats.
</p
>
3547 <title>Returning from Skolelinux developer gathering
</title>
3548 <link>http://people.skolelinux.org/pere/blog/Returning_from_Skolelinux_developer_gathering.html
</link>
3549 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Returning_from_Skolelinux_developer_gathering.html
</guid>
3550 <pubDate>Sun,
29 Mar
2009 21:
00:
00 +
0200</pubDate>
3551 <description><p
>I
'm sitting on the train going home from this weekends Debian
3552 Edu/Skolelinux development gathering. I got a bit done tuning the
3553 desktop, and looked into the dynamic service location protocol
3554 implementation avahi. It look like it could be useful for us. Almost
3555 30 people participated, and I believe it was a great environment to
3556 get to know the Skolelinux system. Walter Bender, involved in the
3557 development of the Sugar educational platform, presented his stuff and
3558 also helped me improve my OLPC installation. He also showed me that
3559 his Turtle Art application can be used in standalone mode, and we
3560 agreed that I would help getting it packaged for Debian. As a
3561 standalone application it would be great for Debian Edu. We also
3562 tried to get the video conferencing working with two OLPCs, but that
3563 proved to be too hard for us. The application seem to need more work
3564 before it is ready for me. I look forward to getting home and relax
3570 <title>Time for new LDAP schemas replacing RFC
2307?
</title>
3571 <link>http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
</link>
3572 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
</guid>
3573 <pubDate>Sun,
29 Mar
2009 20:
30:
00 +
0200</pubDate>
3574 <description><p
>The state of standardized LDAP schemas on Linux is far from
3575 optimal. There is RFC
2307 documenting one way to store NIS maps in
3576 LDAP, and a modified version of this normally called RFC
2307bis, with
3577 some modifications to be compatible with Active Directory. The RFC
3578 specification handle the content of a lot of system databases, but do
3579 not handle DNS zones and DHCP configuration.
</p
>
3581 <p
>In
<a href=
"http://www.skolelinux.org/
">Debian Edu/Skolelinux
</a
>,
3582 we would like to store information about users, SMB clients/hosts,
3583 filegroups, netgroups (users and hosts), DHCP and DNS configuration,
3584 and LTSP configuration in LDAP. These objects have a lot in common,
3585 but with the current LDAP schemas it is not possible to have one
3586 object per entity. For example, one need to have at least three LDAP
3587 objects for a given computer, one with the SMB related stuff, one with
3588 DNS information and another with DHCP information. The schemas
3589 provided for DNS and DHCP are impossible to combine into one LDAP
3590 object. In addition, it is impossible to implement quick queries for
3591 netgroup membership, because of the way NIS triples are implemented.
3592 It just do not scale. I believe it is time for a few RFC
3593 specifications to cleam up this mess.
</p
>
3595 <p
>I would like to have one LDAP object representing each computer in
3596 the network, and this object can then keep the SMB (ie host key), DHCP
3597 (mac address/name) and DNS (name/IP address) settings in one place.
3598 It need to be efficently stored to make sure it scale well.
</p
>
3600 <p
>I would also like to have a quick way to map from a user or
3601 computer and to the net group this user or computer is a member.
</p
>
3603 <p
>Active Directory have done a better job than unix heads like myself
3604 in this regard, and the unix side need to catch up. Time to start a
3605 new IETF work group?
</p
>
3610 <title>Endelig er Debian Lenny gitt ut
</title>
3611 <link>http://people.skolelinux.org/pere/blog/Endelig_er_Debian_Lenny_gitt_ut.html
</link>
3612 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Endelig_er_Debian_Lenny_gitt_ut.html
</guid>
3613 <pubDate>Sun,
15 Feb
2009 11:
50:
00 +
0100</pubDate>
3614 <description><p
>Endelig er
<a href=
"http://www.debian.org/
">Debian
</a
>
3615 <a href=
"http://www.debian.org/News/
2009/
20090214">Lenny
</a
> gitt ut.
3616 Et langt steg videre for Debian-prosjektet, og en rekke nye
3617 programpakker blir nå tilgjengelig for de av oss som bruker den
3618 stabile utgaven av Debian. Neste steg er nå å få
3619 <a href=
"http://www.skolelinux.org/
">Skolelinux
</a
> /
3620 <a href=
"http://wiki.debian.org/DebianEdu/
">Debian Edu
</a
> ferdig
3621 oppdatert for den nye utgaven, slik at en oppdatert versjon kan
3622 slippes løs på skolene. Takk til alle debian-utviklerne som har
3623 gjort dette mulig. Endelig er f.eks. fungerende avhengighetsstyrt
3624 bootsekvens tilgjengelig i stabil utgave, vha pakken
3625 <tt
>insserv
</tt
>.
</p
>
3630 <title>Devcamp brought us closer to the Lenny based Debian Edu release
</title>
3631 <link>http://people.skolelinux.org/pere/blog/Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html
</link>
3632 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html
</guid>
3633 <pubDate>Sun,
7 Dec
2008 12:
00:
00 +
0100</pubDate>
3634 <description><p
>This weekend we had a small developer gathering for Debian Edu in
3635 Oslo. Most of Saturday was used for the general assemly for the
3636 member organization, but the rest of the weekend I used to tune the
3637 LTSP installation. LTSP now work out of the box on the
10-network.
3638 Acer Aspire One proved to be a very nice thin client, with both
3639 screen, mouse and keybard in a small box. Was working on getting the
3640 diskless workstation setup configured out of the box, but did not
3641 finish it before the weekend was up.
</p
>
3643 <p
>Did not find time to look at the
4 VGA cards in one box we got from
3644 the Brazilian group, so that will have to wait for the next
3645 development gathering. Would love to have the Debian Edu installer
3646 automatically detect and configure a multiseat setup when it find one
3647 of these cards.
</p
>
3652 <title>The sorry state of multimedia browser plugins in Debian
</title>
3653 <link>http://people.skolelinux.org/pere/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html
</link>
3654 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html
</guid>
3655 <pubDate>Tue,
25 Nov
2008 00:
10:
00 +
0100</pubDate>
3656 <description><p
>Recently I have spent some time evaluating the multimedia browser
3657 plugins available in Debian Lenny, to see which one we should use by
3658 default in Debian Edu. We need an embedded video playing plugin with
3659 control buttons to pause or stop the video, and capable of streaming
3660 all the multimedia content available on the web. The test results and
3661 notes are available on
3662 <a href=
"http://wiki.debian.org/DebianEdu/BrowserMultimedia
">the
3663 Debian wiki
</a
>. I was surprised how few of the plugins are able to
3664 fill this need. My personal video player favorite, VLC, has a really
3665 bad plugin which fail on a lot of the test pages. A lot of the MIME
3666 types I would expect to work with any free software player (like
3667 video/ogg), just do not work. And simple formats like the
3668 audio/x-mplegurl format (m3u playlists), just isn
't supported by the
3669 totem and vlc plugins. I hope the situation will improve soon. No
3670 wonder sites use the proprietary Adobe flash to play video.
</p
>
3672 <p
>For Lenny, we seem to end up with the mplayer plugin. It seem to
3673 be the only one fitting our needs. :/
</p
>
projects / homepage.git / blob