Generated.

[homepage.git] / blog / index.rss

<?xml version="1.0" encoding="utf-8"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/' xmlns:atom="http://www.w3.org/2005/Atom">
        <channel>
                <title>Petter Reinholdtsen</title>
                <description></description>
                <link>http://people.skolelinux.org/pere/blog/</link>
                <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>
                <title>Caching password, user and group on a roaming Debian laptop</title>
                <link>http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</guid>
                <pubDate>Thu, 1 Jul 2010 11:40:00 +0200</pubDate>
                <description>
&lt;p&gt;For a laptop, centralized user directories and password checking is
a bit troubling.  Laptops are typically used also when not connected
to the network, and it is vital for a user to be able to log in or
unlock the screen saver also when a central server is unavailable.
This is possible by caching passwords and directory information (user
and group attributes) locally, and the packages to do so are available
in Debian.  Here follow two recipes to set this up in Debian/Squeeze.
It is also possible to set up in Debian/Lenny, but require more manual
setup there because pam-auth-update is missing in Lenny.&lt;/p&gt;

&lt;h2&gt;LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir&lt;/h2&gt;

This is the traditional method with a twist.  The password caching is
provided by libpam-ccreds (version 10-4 or later is needed on
Squeeze), and the directory caching is done by nscd.  The directory
lookup and password checking is done using LDAP.  If one want to use
Kerberos for password checking the libpam-ldapd package can be
replaced with libpam-krb5 or libpam-heimdal.  If one is happy having a
local home directory with the path listed in LDAP, one can use the
pam_mkhomedir module from pam-modules to make this happen instead of
using libpam-mklocaluser.  A setup for pam-auth-update to enable
pam_mkhomedir will have to be written until a fix for
&lt;a href=&quot;http://bugs.debian.org/568577&quot;&gt;bug #568577&lt;/a&gt; is in the
archive.  Because I believe it is a bad idea to have local home
directories using misleading paths like /site/server/partition/, I
prefer to create a local user with the home directory in /home/.  This
is done using the libpam-mklocaluser package.&lt;/p&gt;

&lt;p&gt;These packages need to be installed and configured&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The ldapd packages will ask for LDAP connection information, and
one have to fill in the values that fits ones own site.  Make sure the
PAM part uses encrypted connections, to make sure the password is not
sent in clear text to the LDAP server.  I&#39;ve been unable to get TLS
certificate checking for a self signed certificate working, which make
LDAP authentication unsafe for Debian Edu (nslcd is not checking if it
is talking to the correct LDAP server), and very much welcome feedback
on how to get this working.&lt;/p&gt;

&lt;p&gt;Because nscd do not have a default configuration fit for offline
caching until &lt;a href=&quot;http://bugs.debian.org/485282&quot;&gt;bug #485282&lt;/a&gt;
is fixed, this configuration should be used instead of the one
currently in /etc/nscd.conf.  The changes are in the fields
reload-count and positive-time-to-live, and is based on the
instructions I found in the
&lt;a href=&quot;http://www.flyn.org/laptopldap/&quot;&gt;LDAP for Mobile Laptops&lt;/a&gt;
instructions by Flyn Computing.&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
        debug-level             0
        reload-count            unlimited
        paranoia                no

        enable-cache            passwd          yes
        positive-time-to-live   passwd          2592000
        negative-time-to-live   passwd          20
        suggested-size          passwd          211
        check-files             passwd          yes
        persistent              passwd          yes
        shared                  passwd          yes
        max-db-size             passwd          33554432
        auto-propagate          passwd          yes

        enable-cache            group           yes
        positive-time-to-live   group           2592000
        negative-time-to-live   group           20
        suggested-size          group           211
        check-files             group           yes
        persistent              group           yes
        shared                  group           yes
        max-db-size             group           33554432
        auto-propagate          group           yes

        enable-cache            hosts           no
        positive-time-to-live   hosts           2592000
        negative-time-to-live   hosts           20
        suggested-size          hosts           211
        check-files             hosts           yes
        persistent              hosts           yes
        shared                  hosts           yes
        max-db-size             hosts           33554432

        enable-cache            services        yes
        positive-time-to-live   services        2592000
        negative-time-to-live   services        20
        suggested-size          services        211
        check-files             services        yes
        persistent              services        yes
        shared                  services        yes
        max-db-size             services        33554432
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;While we wait for a mechanism to update /etc/nsswitch.conf
automatically like the one provided in
&lt;a href=&quot;http://bugs.debian.org/496915&quot;&gt;bug #496915&lt;/a&gt;, the file
content need to be manually replaced to ensure LDAP is used as the
directory service on the machine.  /etc/nsswitch.conf should normally
look like this:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
passwd:         files ldap
group:          files ldap
shadow:         files ldap
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files
protocols:      files
services:       files
ethers:         files
rpc:            files
netgroup:       files ldap
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The important parts are that ldap is listed last for passwd, group,
shadow and netgroup.&lt;/p&gt;

&lt;p&gt;With these changes in place, any user in LDAP will be able to log
in locally on the machine using for example kdm, get a local home
directory created and have the password as well as user and group
attributes cached.

&lt;h2&gt;LDAP/Kerberos + nss-updatedb + libpam-ccreds +
  libpam-mklocaluser/pam_mkhomedir&lt;/h2&gt;

&lt;p&gt;Because nscd have had its share of problems, and seem to have
problems doing proper caching, I&#39;ve seen suggestions and recipes to
use nss-updatedb to copy parts of the LDAP database locally when the
LDAP database is available.  I have not tested such setup, because I
discovered sssd.&lt;/p&gt;

&lt;h2&gt;LDAP/Kerberos + sssd + libpam-mklocaluser&lt;/h2&gt;

&lt;p&gt;A more flexible and robust setup than the nscd combination
mentioned earlier that has shown up recently, is the
&lt;a href=&quot;https://fedorahosted.org/sssd/&quot;&gt;sssd&lt;/a&gt; package from Redhat.
It is part of the &lt;a href=&quot;http://www.freeipa.org/&quot;&gt;FreeIPA&lt;/A&gt; project
to provide a Active Directory like directory service for Linux
machines.  The sssd system combines the caching of passwords and user
information into one package, and remove the need for nscd and
libpam-ccreds.  It support LDAP and Kerberos, but not NIS.  Version
1.2 do not support netgroups, but it is said that it will support this
in version 1.5 expected to show up later in 2010.  Because the
&lt;a href=&quot;http://packages.qa.debian.org/s/sssd.html&quot;&gt;sssd package&lt;/a&gt;
was missing in Debian, I ended up co-maintaining it with Werner, and
version 1.2 is now in testing.

&lt;p&gt;These packages need to be installed and configured to get the
roaming setup I want&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
libpam-sss libnss-sss libpam-mklocaluser
&lt;/pre&gt;&lt;/blockquote&gt;

The complete setup of sssd is done by editing/creating
&lt;tt&gt;/etc/sssd/sssd.conf&lt;/tt&gt;.

&lt;blockquote&gt;&lt;pre&gt;
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = INTERN

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[domain/INTERN]
enumerate = false
cache_credentials = true

id_provider = ldap
auth_provider = ldap
chpass_provider = ldap

ldap_uri = ldap://ldap
ldap_search_base = dc=skole,dc=skolelinux,dc=no
ldap_tls_reqcert = never
ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;I got the same problem here with certificate checking.  Had to set
&quot;ldap_tls_reqcert = never&quot; to get it working.&lt;/p&gt;

&lt;p&gt;With the libnss-sss package in testing at the moment, the
nsswitch.conf file is update automatically, so there is no need to
modify it manually.&lt;/p&gt;

&lt;p&gt;If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>LUMA, a very nice LDAP GUI</title>
                <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</guid>
                <pubDate>Mon, 28 Jun 2010 00:30:00 +0200</pubDate>
                <description>
&lt;p&gt;The last few days I have been looking into the status of the LDAP
directory in Debian Edu, and in the process I started to miss a GUI
tool to browse the LDAP tree.  The only one I was able to find in
Debian/Squeeze and Lenny is
&lt;a href=&quot;http://luma.sourceforge.net/&quot;&gt;LUMA&lt;/a&gt;, which has proved to
be a great tool to get a overview of the current LDAP directory
populated by default in Skolelinux.  Thanks to it, I have been able to
find empty and obsolete subtrees, misplaced objects and duplicate
objects.  It will be installed by default in Debian/Squeeze.  If you
are working with LDAP, give it a go. :)&lt;/p&gt;

&lt;p&gt;I did notice one problem with it I have not had time to report to
the BTS yet.  There is no .desktop file in the package, so the tool do
not show up in the Gnome and KDE menus, but only deep down in in the
Debian submenu in KDE.  I hope that can be fixed before Squeeze is
released.&lt;/p&gt;

&lt;p&gt;I have not yet been able to get it to modify the tree yet.  I would
like to move objects and remove subtrees directly in the GUI, but have
not found a way to do that with LUMA yet.  So in the mean time, I use
&lt;a href=&quot;http://www.lichteblau.com/ldapvi/&quot;&gt;ldapvi&lt;/a&gt; for that.&lt;/p&gt;

&lt;p&gt;If you have tips on other GUI tools for LDAP that might be useful
in Debian Edu, please contact us on debian-edu@lists.debian.org.&lt;/p&gt;

&lt;p&gt;Update 2010-06-29: Ross Reedstrom tipped us about the
&lt;a href=&quot;http://packages.qa.debian.org/g/gq.html&quot;&gt;gq&lt;/a&gt; package as a
useful GUI alternative.  It seem like a good tool, but is unmaintained
in Debian and got a RC bug keeping it out of Squeeze.  Unless that
changes, it will not be an option for Debian Edu based on Squeeze.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</title>
                <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</guid>
                <pubDate>Thu, 24 Jun 2010 00:35:00 +0200</pubDate>
                <description>
&lt;p&gt;A while back, I
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html&quot;&gt;complained
about the fact&lt;/a&gt; that it is not possible with the provided schemas
for storing DNS and DHCP information in LDAP to combine the two sets
of information into one LDAP object representing a computer.&lt;/p&gt;

&lt;p&gt;In the mean time, I discovered that a simple fix would be to make
the dhcpHost object class auxiliary, to allow it to be combined with
the dNSDomain object class, and thus forming one object for one
computer when storing both DHCP and DNS information in LDAP.&lt;/p&gt;

&lt;p&gt;If I understand this correctly, it is not safe to do this change
without also changing the assigned number for the object class, and I
do not know enough about LDAP schema design to do that properly for
Debian Edu.&lt;/p&gt;

&lt;p&gt;Anyway, for future reference, this is how I believe we could change
the
&lt;a href=&quot;http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00&quot;&gt;DHCP
schema&lt;/a&gt; to solve at least part of the problem with the LDAP schemas
available today from IETF.&lt;/p&gt;

&lt;pre&gt;
--- dhcp.schema    (revision 65192)
+++ dhcp.schema    (working copy)
@@ -376,7 +376,7 @@
 objectclass ( 2.16.840.1.113719.1.203.6.6
        NAME &#39;dhcpHost&#39;
        DESC &#39;This represents information about a particular client&#39;
-       SUP top
+       SUP top AUXILIARY
        MUST cn
        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
        X-NDS_CONTAINMENT (&#39;dhcpService&#39; &#39;dhcpSubnet&#39; &#39;dhcpGroup&#39;) )
&lt;/pre&gt;

&lt;p&gt;I very much welcome clues on how to do this properly for Debian
Edu/Squeeze.  We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.&lt;/p&gt;

&lt;p&gt;If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Calling tasksel like the installer, while still getting useful output</title>
                <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</guid>
                <pubDate>Wed, 16 Jun 2010 14:55:00 +0200</pubDate>
                <description>
&lt;p&gt;A few times I have had the need to simulate the way tasksel
installs packages during the normal debian-installer run.  Until now,
I have ended up letting tasksel do the work, with the annoying problem
of not getting any feedback at all when something fails (like a
conffile question from dpkg or a download that fails), using code like
this:

&lt;blockquote&gt;&lt;pre&gt;
export DEBIAN_FRONTEND=noninteractive
tasksel --new-install
&lt;/pre&gt;&lt;/blockquote&gt;

This would invoke tasksel, let its automatic task selection pick the
tasks to install, and continue to install the requested tasks without
any output what so ever.

Recently I revisited this problem while working on the automatic
package upgrade testing, because tasksel would some times hang without
any useful feedback, and I want to see what is going on when it
happen.  Then it occured to me, I can parse the output from tasksel
when asked to run in test mode, and use that aptitude command line
printed by tasksel then to simulate the tasksel run.  I ended up using
code like this:

&lt;blockquote&gt;&lt;pre&gt;
export DEBIAN_FRONTEND=noninteractive
cmd=&quot;$(in_target tasksel -t --new-install | sed &#39;s/debconf-apt-progress -- //&#39;)&quot;
$cmd
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The content of $cmd is typically something like &quot;&lt;tt&gt;aptitude -q
--without-recommends -o APT::Install-Recommends=no -y install
~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
~pimportant&lt;/tt&gt;&quot;, which will install the gnome desktop task, the
laptop task and all packages with priority standard , required and
important, just like tasksel would have done it during
installation.&lt;/p&gt;

&lt;p&gt;A better approach is probably to extend tasksel to be able to
install packages without using debconf-apt-progress, for use cases
like this.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Vinmonopolet bryter loven åpenlyst - og flere planlegger å gjøre det samme</title>
                <link>http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</guid>
                <pubDate>Wed, 16 Jun 2010 11:00:00 +0200</pubDate>
                <description>
&lt;p&gt;&lt;a href=&quot;http://www.dagbladet.no/2010/06/16/nyheter/innenriks/streik/arbeidsliv/12157858/&quot;&gt;Dagbladet
melder&lt;/a&gt; at Vinmonopolet med bakgrunn i vekterstreiken som pågår i
Norge for tiden, har bestemt seg for med vitende og vilje å bryte
sentralbanklovens paragraf 14 ved å nekte folk å betale med
kontanter, og at flere butikker planlegger å følge deres eksempel.
Jeg synes det er hårreisende hvis de slipper unna med et slikt
soleklart lovbrudd, og lurer på hva slags muligheter jeg vil ha hvis
jeg blir nektet å handle med kontanter.  Jeg handler i hovedsak med
kontanter selv, da jeg anser det som en borgerrett å kunne handle
anonymt uten at det blir registrert.  For meg er det et angrep på mitt
personvern å nekte å ta imot kontant betaling.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://www.lovdata.no/all/tl-19850524-028-003.html#14&quot;&gt;Paragrafen
i sentralbankloven&lt;/a&gt; lyder:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;§ 14. Tvungent betalingsmiddel&lt;/p&gt;

&lt;p&gt;Bankens sedler og mynter er tvungent betalingsmiddel i Norge. Ingen
er pliktig til i én betaling å ta imot mer enn femogtyve mynter av
hver enhet.&lt;/p&gt;

&lt;p&gt;Sterkt skadde sedler og mynter er ikke tvungent
betalingsmiddel. Banken gir nærmere forskrifter om erstatning for
bortkomne, brente eller skadde sedler og mynter.&lt;/p&gt;

&lt;p&gt;Selv om en avtale inneholder klausul om betaling av en
pengeforpliktelse i gullverdi, kan skyldneren frigjøre seg med tvungne
betalingsmidler uten hensyn til denne klausul.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Det er med bakgrunn i denne lovet ikke tillatt å nekte å ta imot
kontakt betaling.  Det er en lov jeg har sans for, og som jeg mener må
håndheves strengt.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Officeshots taking shape</title>
                <link>http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</guid>
                <pubDate>Sun, 13 Jun 2010 11:40:00 +0200</pubDate>
                <description>
&lt;p&gt;For those of us caring about document exchange and
interoperability, &lt;a href=&quot;http://www.officeshots.org/&quot;&gt;OfficeShots&lt;/a&gt;
is a great service.  It is to ODF documents what
&lt;a href=&quot;http://browsershots.org/&quot;&gt;BrowserShots&lt;/a&gt; is for web
pages.&lt;/p&gt;

&lt;p&gt;A while back, I was contacted by Knut Yrvin at the part of Nokia
that used to be Trolltech, who wanted to help the OfficeShots project
and wondered if the University of Oslo where I work would be
interested in supporting the project.  I helped him to navigate his
request to the right people at work, and his request was answered with
a spot in the machine room with power and network connected, and Knut
arranged funding for a machine to fill the spot.  The machine is
administrated by the OfficeShots people, so I do not have daily
contact with its progress, and thus from time to time check back to
see how the project is doing.&lt;/p&gt;

&lt;p&gt;Today I had a look, and was happy to see that the Dell box in our
machine room now is the host for several virtual machines running as
OfficeShots factories, and the project is able to render ODF documents
in 17 different document processing implementation on Linux and
Windows.  This is great.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Lenny-&gt;Squeeze upgrades, removals by apt and aptitude</title>
                <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html</guid>
                <pubDate>Sun, 13 Jun 2010 09:05:00 +0200</pubDate>
                <description>
&lt;p&gt;My
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html&quot;&gt;testing
of Debian upgrades&lt;/a&gt; from Lenny to Squeeze continues, and I&#39;ve
finally made the upgrade logs available from
&lt;a href=&quot;http://people.skolelinux.org/pere/debian-upgrade-testing/&quot;&gt;http://people.skolelinux.org/pere/debian-upgrade-testing/&lt;/a&gt;.
I am now testing dist-upgrade of Gnome and KDE in a chroot using both
apt and aptitude, and found their differences interesting.  This time
I will only focus on their removal plans.&lt;/p&gt;

&lt;p&gt;After installing a Gnome desktop and the laptop task, apt-get wants
to remove 72 packages when dist-upgrading from Lenny to Squeeze.  The
surprising part is that it want to remove xorg and all
xserver-xorg-video* drivers.  Clearly not a good choice, but I am not
sure why.  When asking aptitude to do the same, it want to remove 129
packages, but most of them are library packages I suspect are no
longer needed.  Both of them want to remove bluetooth packages, which
I do not know.  Perhaps these bluetooth packages are obsolete?&lt;/p&gt;

&lt;p&gt;For KDE, apt-get want to remove 82 packages, among them kdebase
which seem like a bad idea and xorg the same way as with Gnome. Asking
aptitude for the same, it wants to remove 192 packages, none which are
too surprising.&lt;/p&gt;

&lt;p&gt;I guess the removal of xorg during upgrades should be investigated
and avoided, and perhaps others as well.  Here are the complete list
of planned removals.  The complete logs is available from the URL
above.  Note if you want to repeat these tests, that the upgrade test
for kde+apt-get hung in the tasksel setup because of dpkg asking
conffile questions.  No idea why.  I worked around it by using
&#39;&lt;tt&gt;echo &gt;&gt; /proc/&lt;em&gt;pidofdpkg&lt;/em&gt;/fd/0&lt;/tt&gt;&#39; to tell dpkg to
continue.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;apt-get gnome 72&lt;/b&gt;
&lt;br&gt;bluez-gnome cupsddk-drivers deskbar-applet gnome
  gnome-desktop-environment gnome-network-admin gtkhtml3.14
  iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-1-0
  libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0
  nautilus-cd-burner python-gnome2-desktop python-gnome2-extras
  serpentine swfdec-mozilla update-manager xorg xserver-xorg
  xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-input-wacom
  xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
  xserver-xorg-video-ati xserver-xorg-video-chips
  xserver-xorg-video-cirrus xserver-xorg-video-cyrix
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-imstt
  xserver-xorg-video-intel xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nsc xserver-xorg-video-nv
  xserver-xorg-video-openchrome xserver-xorg-video-r128
  xserver-xorg-video-radeon xserver-xorg-video-radeonhd
  xserver-xorg-video-rendition xserver-xorg-video-s3
  xserver-xorg-video-s3virge xserver-xorg-video-savage
  xserver-xorg-video-siliconmotion xserver-xorg-video-sis
  xserver-xorg-video-sisusb xserver-xorg-video-tdfx
  xserver-xorg-video-tga xserver-xorg-video-trident
  xserver-xorg-video-tseng xserver-xorg-video-v4l
  xserver-xorg-video-vesa xserver-xorg-video-vga
  xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9
  xulrunner-1.9-gnome-support&lt;/p&gt;

&lt;p&gt;&lt;b&gt;aptitude gnome 129&lt;/b&gt;

&lt;br&gt;bluez-gnome bluez-utils cpp-4.3 cupsddk-drivers dhcdbd
  djvulibre-desktop finger gnome-app-install gnome-mount
  gnome-network-admin gnome-spell gnome-vfs-obexftp
  gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2
  libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2
  libcamel1.2-11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0
  libdirectfb-1.0-0 libdvdread3 libedataserver1.2-9 libeel2-2.20
  libeel2-data libepc-1.0-1 libepc-ui-1.0-1 libfaad0 libgail-common
  libgd2-noxpm libgda3-3 libgda3-common libgdl-1-0 libgdl-1-common
  libggz2 libggzcore9 libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0
  libgnomecups1.0-1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-0
  libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common
  libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-0
  libgtksourceview-common libgtksourceview1.0-0 libgucharmap6
  libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++10
  libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off
  libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-2.2
  libosp5 libparted1.8-10 libpoppler-glib3 libpoppler3 libpt-1.10.10
  libpt-1.10.10-plugins-alsa libpt-1.10.10-plugins-v4l libraw1394-8
  libsensors3 libslab0 libsmbios2 libsoup2.2-8 libssh2-1
  libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1 libtotem-plparser10
  libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0
  libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6
  libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner
  openoffice.org-writer2latex openssl-blacklist p7zip
  python-4suite-xml python-eggtrayicon python-gnome2-desktop
  python-gnome2-extras python-gtkhtml2 python-gtkmozembed
  python-numeric python-sexy serpentine svgalibg1 swfdec-gnome
  swfdec-mozilla totem-gstreamer update-manager wodim
  xserver-xorg-video-cyrix xserver-xorg-video-imstt
  xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
  zip&lt;/p&gt;

&lt;p&gt;&lt;b&gt;apt-get kde 82&lt;/b&gt;

&lt;br&gt;cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core
  kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3
  kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker
  kicker-applets knewsticker kolourpaint konq-plugins konqueror korn
  kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1
  libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg
  xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-input-wacom
  xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
  xserver-xorg-video-ati xserver-xorg-video-chips
  xserver-xorg-video-cirrus xserver-xorg-video-cyrix
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-imstt
  xserver-xorg-video-intel xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nsc xserver-xorg-video-nv
  xserver-xorg-video-openchrome xserver-xorg-video-r128
  xserver-xorg-video-radeon xserver-xorg-video-radeonhd
  xserver-xorg-video-rendition xserver-xorg-video-s3
  xserver-xorg-video-s3virge xserver-xorg-video-savage
  xserver-xorg-video-siliconmotion xserver-xorg-video-sis
  xserver-xorg-video-sisusb xserver-xorg-video-tdfx
  xserver-xorg-video-tga xserver-xorg-video-trident
  xserver-xorg-video-tseng xserver-xorg-video-v4l
  xserver-xorg-video-vesa xserver-xorg-video-vga
  xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9&lt;/p&gt;

&lt;p&gt;&lt;b&gt;aptitude kde 192&lt;/b&gt;
&lt;br&gt;bluez-utils cpp-4.3 cupsddk-drivers cvs dcoprss dhcdbd
  djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext
  ghostscript-x imlib-base imlib11 indi kandy karm kasteroids
  kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat
  kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
  kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data
  kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data
  kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
  kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh
  kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs
  kghostview khelpcenter khexedit kiconedit kitchensync klatin
  klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint
  kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler
  krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver
  ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos
  kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock
  kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile
  libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
  libavahi-core5 libavc1394-0 libavcodec51 libbluetooth2
  libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0 libdatrie0
  libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
  libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0
  libicu38 libiec61883-0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1
  libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2
  libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
  libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a
  libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9
  libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-8 libsmbios2
  libssh2-1 libsuitesparse-3.1.0 libtalloc1 libtiff-tools
  libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java
  libxerces2-java-gcj libxtrap6 mpeglib networkstatus
  openoffice.org-writer2latex pmount poster psutils quanta quanta-data
  superkaramba svgalibg1 tex-common texlive-base texlive-base-bin
  texlive-common texlive-doc-base texlive-fonts-recommended
  xserver-xorg-video-cyrix xserver-xorg-video-imstt
  xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
  xulrunner-1.9&lt;/p&gt;

</description>
        </item>
        
        <item>
                <title>Åpne trådløsnett er et samfunnsgode</title>
                <link>http://people.skolelinux.org/pere/blog/__pne_tr__dl__snett_er_et_samfunnsgode.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/__pne_tr__dl__snett_er_et_samfunnsgode.html</guid>
                <pubDate>Sat, 12 Jun 2010 12:45:00 +0200</pubDate>
                <description>
&lt;p&gt;Veldig glad for å oppdage via
&lt;a href=&quot;http://yro.slashdot.org/story/10/06/11/1841256/Finland-To-Legalize-Use-of-Unsecured-Wi-Fi&quot;&gt;Slashdot&lt;/a&gt;
at folk i Finland har forstått at åpne trådløsnett er et samfunnsgode.
Jeg ser på åpne trådløsnett som et fellesgode på linje med retten til
ferdsel i utmark og retten til å bevege seg i strandsonen.  Jeg har
glede av åpne trådløsnett når jeg finner dem, og deler gladelig nett
med andre så lenge de ikke forstyrrer min bruk av eget nett.
Nettkapasiteten er sjelden en begrensning ved normal browsing og enkel
SSH-innlogging (som er min vanligste nettbruk), og nett kan brukes til
så mye positivt og nyttig (som nyhetslesing, sjekke været, kontakte
slekt og venner, holde seg oppdatert om politiske saker, kontakte
organisasjoner og politikere, etc), at det for meg er helt urimelig å
blokkere dette for alle som ikke gjør en flue fortred.  De som mener
at potensialet for misbruk er grunn nok til å hindre all den positive
og lovlydige bruken av et åpent trådløsnett har jeg dermed ingen
forståelse for.  En kan ikke eksistensen av forbrytere styre hvordan
samfunnet skal organiseres.  Da får en et kontrollsamfunn de færreste
ønsker å leve i, og det at vi har et samfunn i Norge der tilliten til
hverandre er høy gjør at samfunnet fungerer ganske godt.  Det bør vi
anstrenge oss for å beholde.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Automatic upgrade testing from Lenny to Squeeze</title>
                <link>http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html</guid>
                <pubDate>Fri, 11 Jun 2010 22:50:00 +0200</pubDate>
                <description>
&lt;p&gt;The last few days I have done some upgrade testing in Debian, to
see if the upgrade from Lenny to Squeeze will go smoothly.  A few bugs
have been discovered and reported in the process
(&lt;a href=&quot;http://bugs.debian.org/585410&quot;&gt;#585410&lt;/a&gt; in nagios3-cgi,
&lt;a href=&quot;http://bugs.debian.org/584879&quot;&gt;#584879&lt;/a&gt; already fixed in
enscript and &lt;a href=&quot;http://bugs.debian.org/584861&quot;&gt;#584861&lt;/a&gt; in
kdebase-workspace-data), and to get a more regular testing going on, I
am working on a script to automate the test.&lt;/p&gt;

&lt;p&gt;The idea is to create a Lenny chroot and use tasksel to install a
Gnome or KDE desktop installation inside the chroot before upgrading
it.  To ensure no services are started in the chroot, a policy-rc.d
script is inserted.  To make sure tasksel believe it is to install a
desktop on a laptop, the tasksel tests are replaced in the chroot
(only acceptable because this is a throw-away chroot).&lt;/p&gt;

&lt;p&gt;A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade
currently always fail because udev refuses to upgrade with the kernel
in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade
is created.  The bug report
&lt;a href=&quot;http://bugs.debian.org/566000&quot;&gt;#566000&lt;/a&gt; make me suspect
this problem do not trigger in a chroot, but I touch the file anyway
to make sure the upgrade go well.  Testing on virtual and real
hardware have failed me because of udev so far, and creating this file
do the trick in such settings anyway.  This is a
&lt;a href=&quot;http://www.linuxquestions.org/questions/debian-26/failed-dist-upgrade-due-to-udev-config_sysfs_deprecated-nonsense-804130/&quot;&gt;known
issue&lt;/a&gt; and the current udev behaviour is intended by the udev
maintainer because he lack the resources to rewrite udev to keep
working with old kernels or something like that.  I really wish the
udev upstream would keep udev backwards compatible, to avoid such
upgrade problem, but given that they fail to do so, I guess
documenting the way out of this mess is the best option we got for
Debian Squeeze.&lt;/p&gt;

&lt;p&gt;Anyway, back to the task at hand, testing upgrades.  This test
script, which I call &lt;tt&gt;upgrade-test&lt;/tt&gt; for now, is doing the
trick:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
set -ex

if [ &quot;$1&quot; ] ; then
    desktop=$1
else
    desktop=gnome
fi

from=lenny
to=squeeze

exec &amp;lt; /dev/null
unset LANG
mirror=http://ftp.skolelinux.org/debian
tmpdir=chroot-$from-upgrade-$to-$desktop
fuser -mv .
debootstrap $from $tmpdir $mirror
chroot $tmpdir aptitude update
cat &gt; $tmpdir/usr/sbin/policy-rc.d &amp;lt;&amp;lt;EOF
#!/bin/sh
exit 101
EOF
chmod a+rx $tmpdir/usr/sbin/policy-rc.d
exit_cleanup() {
    umount $tmpdir/proc
}
mount -t proc proc $tmpdir/proc
# Make sure proc is unmounted also on failure
trap exit_cleanup EXIT INT

chroot $tmpdir aptitude -y install debconf-utils

# Make sure tasksel autoselection trigger.  It need the test scripts
# to return the correct answers.
echo tasksel tasksel/desktop multiselect $desktop | \
    chroot $tmpdir debconf-set-selections

# Include the desktop and laptop task
for test in desktop laptop ; do
    echo &gt; $tmpdir/usr/lib/tasksel/tests/$test &amp;lt;&amp;lt;EOF
#!/bin/sh
exit 2
EOF
    chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
done

DEBIAN_FRONTEND=noninteractive
DEBIAN_PRIORITY=critical
export DEBIAN_FRONTEND DEBIAN_PRIORITY
chroot $tmpdir tasksel --new-install

echo deb $mirror $to main &gt; $tmpdir/etc/apt/sources.list
chroot $tmpdir aptitude update
touch $tmpdir/etc/udev/kernel-upgrade
chroot $tmpdir aptitude -y dist-upgrade
fuser -mv
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;I suspect it would be useful to test upgrades with both apt-get and
with aptitude, but I have not had time to look at how they behave
differently so far.  I hope to get a cron job running to do the test
regularly and post the result on the web.  The Gnome upgrade currently
work, while the KDE upgrade fail because of the bug in
kdebase-workspace-data&lt;/p&gt;

&lt;p&gt;I am not quite sure what kind of extract from the huge upgrade logs
(KDE 167 KiB, Gnome 516 KiB) it make sense to include in this blog
post, so I will refrain from trying.  I can report that for Gnome,
aptitude report 760 packages upgraded, 448 newly installed, 129 to
remove and 1 not upgraded and 1024MB need to be downloaded while for
KDE the same numbers are 702 packages upgraded, 507 newly installed,
193 to remove and 0 not upgraded and 1117MB need to be downloaded&lt;/p&gt;

&lt;p&gt;I am very happy to notice that the Gnome desktop + laptop upgrade
is able to migrate to dependency based boot sequencing and parallel
booting without a hitch.  Was unsure if there were still bugs with
packages failing to clean up their obsolete init.d script during
upgrades, and no such problem seem to affect the Gnome desktop+laptop
packages.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Skolelinux er laget for sentraldrifting, naturligvis</title>
                <link>http://people.skolelinux.org/pere/blog/Skolelinux_er_laget_for_sentraldrifting__naturligvis.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Skolelinux_er_laget_for_sentraldrifting__naturligvis.html</guid>
                <pubDate>Wed, 9 Jun 2010 12:30:00 +0200</pubDate>
                <description>
&lt;p&gt;Det er merkelig hvordan myter om Skolelinux overlever.  En slik
myte er at Skolelinux ikke kan sentraldriftes og ha sentralt plasserte
tjenermaskiner.  I siste Computerworld Norge er
&lt;a href=&quot;http://www.idg.no/computerworld/article169432.ece&quot;&gt;IT-sjef
Viggo Billdal i Steinkjer intervjuet&lt;/a&gt;, og forteller uten
blygsel:&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;Vi hadde Skolelinux, men det har vi sluttet med. Vi testet
om det lønte seg med Microsoft eller en åpen plattform. Vi fant ut at
Microsoft egentlig var totalt sett bedre egnet. Det var store
driftskostnader med Skolelinux, blant annet på grunn av
desentraliserte servere. Det var komplisert, så vi gikk vekk fra det
og bruker nå bare Windows.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;En &lt;a
href=&quot;https://init.linpro.no/pipermail/skolelinux.no/bruker/2010-June/009101.html&quot;&gt;rask
sjekk&lt;/a&gt; mot den norske brukerlista i Skolelinuxprosjektet forteller
at Steinkjers forsøk foregikk fram til 2004/2005, og at Røysing skole
i Steinkjer skal ha vært svært fornøyd med Skolelinux men at kommunen
overkjørte skolen og krevde at de gikk over til Windows.  Et søk på
nettet sendte meg til
&lt;a href=&quot;http://www.dn.no/multimedia/archive/00090/Dagens_it_nr__18_90826a.pdf&quot;&gt;Dagens
IT nr. 18 2005&lt;/a&gt; hvor en kan lese på side 18:&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;Inge Tømmerås ved Røysing skole i Steinkjer kjører ennå
Microsoft, men forteller at kompetanseutfordringen med Skolelinux ikke
var så stor.  ­ Jeg syntes Skolelinux var utrolig lett å drifte uten
forkunnskaper. Men man må jo selvsagt ha tilgang på ekstern kompetanse
til installasjoner og maskinvarefeil, sier Tømmerås.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Som systemarkitekten bak Skolelinux, kan jeg bare riste på hodet
over påstanden om at Skolelinux krever desentraliserte tjenere.
Skolelinux-arkitekturen er laget for sentralisert drift og plassering
av tjenerne lokalt eller sentralt alt etter behov og nettkapasitet.
Den er modellert på nettverks- og tjenerløsningen som brukes på
Universitetet i Tromsø og Oslo, der jeg jobber med utvikling av
driftstjenester.  Dette er det heldigvis noen som har fått med seg, og
jeg er glad for å kunne sitere fra en kommentar på den overnevnte
artikkelen.  Min venn og gamle kollega Sturle Sunde forteller der:

&lt;blockquote&gt;
&lt;p&gt;I Flora kommune køyrer vi Skulelinux på skular med alt frå 15 til
meir enn 500 elevar. Dei store skulane har eigen tenar, for det er
mest praktisk. Eg, som er driftsansvarleg for heile nettet, ser
sjeldan dei tenarane fysisk, men at dei står der gjer skulane mindre
avhengige av eksterne linjer som er trege eller dyre. Dei minste
skulane har ikkje eigen tenar. Å bruke sentral tenar er heller ikkje
noko problem. Småskulane klarar seg fint med 1 mbit-linje til ein
sentral tenar eller tenaren på ein større skule.&lt;/p&gt;

&lt;p&gt;Det beste med Skulelinux er halvtjukke klientar. Dei treng ikkje
harddisk og brukar minimalt med ressursar på tenaren fordi dei køyrer
programma lokalt. Eit klasserom med 30 sju-åtte år gamle maskiner har
mykje meir CPU og RAM totalt enn nokon moderne tenar til under
millionen. Det trengst to kommandoar på den sentrale tenaren for å
oppdatere alle klientane, både tynne og halvtjukke. Vi har ingen
problem med diskar som ryk heller, som var eit problem før fordi
elevane sat og sparka i maskinene. Og dei krev lite bandbreidde i
nettet, so det er fullt mogleg å køyre slike på småskular med trege
linjer mot tenaren på ein større skule.&lt;/p&gt;

&lt;p&gt;Flora kommune har nesten 800 Linux-maskiner i sitt skulenett, og
ein person som tek seg av drift av heile nettet, inkludert tenarar,
klientar, operativsystem, programvare, heimekontorløysing og
administrasjon av brukarar.&lt;/p&gt;

&lt;p&gt;No skal det seiast at vi ikkje køyrer rein Skulelinux ut av
boksen. Vi har gjort ein del tilpassingar mot noko Novell-greier som
var der frå før, og som har komplisert installasjonen vår. Etter at
oppsettet var gjort har løysinga vore stabil og kravd minimalt med
arbeid.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Jeg vet at Narvik, Harstad og Oslo er kommuner der Skolelinux
sentraldriftes med sentrale tjenere.  Det forteller meg at Steinkjers
IT-sjef neppe bør skylde på Skolelinux-løsningen for sine 5 år gamle
minner.&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>