Generated.

[homepage.git] / blog / index.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
 <head>
  <title>Petter Reinholdtsen</title>
  <link rel="stylesheet" type="text/css" media="screen" href="style.css">
  <link rel="alternate" title="RSS Feed" href="index.rss" type="application/rss+xml">

 </head>
 <body>

 <div class="title">
  <h1>
       <a href="">Petter Reinholdtsen</a>
      
  </h1>
  
 </div>


 
 <div class="entry">
  <div class="title"><a href="Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html">Thoughts on roaming laptop setup for Debian Edu</a></div>
  <div class="date">2010-04-28 20:40</div>
  <div class="body">
<p>For some years now, I have wondered how we should handle laptops in
Debian Edu.  The Debian Edu infrastructure is mostly designed to
handle stationary computers, and less suited for computers that come
and go.</p>

<p>Now I finally believe I have an sensible idea on how to adjust
Debian Edu for laptops, by introducing a new profile for them, for
example called Roaming Workstations.  Here are my thought on this.
The setup would consist of the following:</p>

<ul>

 <li>During installation, the user name of the owner / primary user of
   the laptop is requested and a local home directory is set up for
   the user, with uid and gid information fetched from the LDAP
   server.  This allow the user to work also when offline.  The
   central home directory can be available in a subdirectory on
   request, for example mounted via CIFS.  It could be mounted
   automatically when a user log in while on the Debian Edu network,
   and unmounted when the machine is taken away (network down,
   hibernate, etc), it can be set up to do automatic mounting on
   request (using autofs), or perhaps some GUI button on the desktop
   can be used to access it when needed.  Perhaps it is enough to use
   the fish protocol in KDE?</li>

 <li>Password checking is set up to use LDAP or Kerberos
   authentication when the machine is on the Debian Edu network, and
   to cache the password for offline checking when the machine unable
   to reach the LDAP or Kerberos server.  This can be done using
   <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
   or the Fedora developed
   <a href="https://fedoraproject.org/wiki/Features/SSSD">System
   Security Services Daemon</a> packages.</li>

 <li>File synchronisation with the central home directory is set up
   using a shared directory in both the local and the central home
   directory, using unison.</li>

 <li>Printing should be set up to print to all printers broadcasting
   their existence on the local network, and should then work out of
   the box with CUPS.  For sites needing accurate printer quotas, some
   system with Kerberos authentication or printing via ssh could be
   implemented.</li>

 <li>For users that should have local root access to their laptop,
   sudo should be used to allow this to the local user.</li>

 <li>It would be nice if user and group information from LDAP is
   cached on the client, but given that there are entries for the
   local user and primary group in /etc/, it should not be needed.</li>

</ul>

<p>I believe all the pieces to implement this are in Debian/testing at
the moment.  If we work quickly, we should be able to get this ready
in time for the Squeeze release to freeze.  Some of the pieces need
tweaking, like libpam-ccreds should get support for pam-auth-update
(<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
perhaps debian-edu-config) should get some integration code to stop
its daemon when the LDAP server is unavailable to avoid long timeouts
when disconnected from the net.  If we get Kerberos enabled, we need
to make sure we avoid long timeouts there too.</p>

<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>
</div>
  <div class="tags">
   

   
   Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>. 
  
  </div>
 </div>
 <div class="padding"></div>
 
 <div class="entry">
  <div class="title"><a href="Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html">Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"</a></div>
  <div class="date">2010-04-19 17:10</div>
  <div class="body">
<p>The last few weeks i have had the pleasure of reading a
thought-provoking collection of essays by Cory Doctorow, on topics
touching copyright, virtual worlds, the future of man when the
conscience mind can be duplicated into a computer and many more. The
book titled "Content: Selected Essays on Technology, Creativity,
Copyright, and the Future of the Future" is available with few
restrictions on the web, for example from
<a href="http://craphound.com/content/">his own site</a>. I read the
epub-version from
<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
strongly recommend this book.</p>
</div>
  <div class="tags">
   

   
   Tags: <a href="tags/english">english</a>, <a href="tags/fildeling">fildeling</a>, <a href="tags/nuug">nuug</a>, <a href="tags/opphavsrett">opphavsrett</a>, <a href="tags/personvern">personvern</a>, <a href="tags/sikkerhet">sikkerhet</a>, <a href="tags/web">web</a>. 
  
  </div>
 </div>
 <div class="padding"></div>
 
 <div class="entry">
  <div class="title"><a href="Kerberos_for_Debian_Edu_Squeeze_.html">Kerberos for Debian Edu/Squeeze?</a></div>
  <div class="date">2010-04-14 17:20</div>
  <div class="body">
<p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
NUUG presentation</a> about Kerberos was inspiring, and reminded me
about the need to start using Kerberos in Skolelinux.  Setting up a
Kerberos server seem to be straight forward, and if we get this in
place a long time before the Squeeze version of Debian freezes, we
have a chance to migrate Skolelinux away from NFSv3 for the home
directories, and over to an architecture where the infrastructure do
not have to trust IP addresses and machines, and instead can trust
users and cryptographic keys instead.</p>

<p>A challenge will be integration and administration.  Is there a
Kerberos implementation for Debian where one can control the
administration access in Kerberos using LDAP groups?  With it, the
school administration will have to maintain access control using flat
files on the main server, which give a huge potential for errors.</p>

<p>A related question I would like to know is how well Kerberos and
pam-ccreds (offline password check) work together.  Anyone know?</p>

<p>Next step will be to use Kerberos for access control in Lwat and
Nagios.  I have no idea how much work that will be to implement.  We
would also need to document how to integrate with Windows AD, as such
shared network will require two Kerberos realms that need to cooperate
to work properly.</p>

<p>I believe a good start would be to start using Kerberos on the
skolelinux.no machines, and this way get ourselves experience with
configuration and integration.  A natural starting point would be
setting up ldap.skolelinux.no as the Kerberos server, and migrate the
rest of the machines from PAM via LDAP to PAM via Kerberos one at the
time.</p>

<p>If you would like to contribute to get this working in Skolelinux,
I recommend you to see the video recording from yesterdays NUUG
presentation, and start using Kerberos at home.  The video show show
up in a few days.</p>
</div>
  <div class="tags">
   

   
   Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>. 
  
  </div>
 </div>
 <div class="padding"></div>
 
 <div class="entry">
  <div class="title"><a href="P___vegne_av_vanvitting_mange__Aftenposten_.html">På vegne av vanvitting mange, Aftenposten!</a></div>
  <div class="date">2010-03-06 21:15</div>
  <div class="body">
<p><a href="http://fotball.aftenposten.no/incoming/article163000.ece">Aftenposten
melder</a> på forsiden av webavisen sin at de tror Erling Fossen
provoserer nordlendinger med sine uttalelser på
fotballtinget.  Jeg er utflyttet nordlending, og må innrømme at jeg
ikke kjennet så mye som et snev av provokasjon fra denne litt morsomme
uttalelsen til Hr. Fossen.  Lurer på om Aftenposten har noen kilder
utenom redaksjonen for sin påstand om at nordledinger er provosert av
Hr. Fossen.  Må innrømme at jeg tviler på det.</p>

<p>Det hele bringer tankene tilbake til Sture Hansen i Hallo i Uken.</p>
</div>
  <div class="tags">
   

   
   Tags: <a href="tags/norsk">norsk</a>. 
  
  </div>
 </div>
 <div class="padding"></div>
 
 <div class="entry">
  <div class="title"><a href="After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html">After 6 years of waiting, the Xreset.d feature is implemented</a></div>
  <div class="date">2010-03-06 18:15</div>
  <div class="body">
<p>6 years ago, as part of the Debian Edu development I am involved
in, I asked for a hook in the kdm and gdm setup to run scripts as root
when the user log out.  A bug was submitted against the xfree86-common
package in 2004 (<a href="http://bugs.debian.org/230422">#230422</a>),
and revisited every time Debian Edu was working on a new release.
Today, this finally paid off.</p>

<p>The framework for this feature was today commited to the git
repositry for the xorg package, and the git repository for xdm has
been updated to use this framework.  Next on my agenda is to make sure
kdm and gdm also add code to use this framework.</p>

<p>In Debian Edu, we want to ability to run commands as root when the
user log out, to get rid of runaway processes and do general cleanup
after a user.  With this framework in place, we finally can do that in
a generic way that work with all display managers using this
framework.  My goal is to get all display managers in Debian use it,
similar to how they use the Xsession.d framework today.<p>
</div>
  <div class="tags">
   

   
   Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>. 
  
  </div>
 </div>
 <div class="padding"></div>
 
 <div class="entry">
  <div class="title"><a href="Digitale_b__ker_uten_digitale_restriksjonsmekanismer__DRM__b__r_f___mva_fritak.html">Digitale bøker uten digitale restriksjonsmekanismer (DRM) bør få mva-fritak</a></div>
  <div class="date">2010-03-03 19:00</div>
  <div class="body">
<p>Den norske bokbransjen har
<a href="http://www.digi.no/823912/nei-til-moms-paa-e-boker">bedt om at
digitale bøker må få mva-fritak</a> slik papirbøker har det, og
<a href="http://www.digi.no/836875/moms-paa-alt-digitalt-innhold">finansdepartementet
har sagt nei</a>.  Det er et interessant spørsmål om digitale bøker
bør ha mva-fritak eller ikke, og svaret er ikke så enkelt som et ja
eller nei.
<a href="http://www.digi.no/836925/norske-e-boker-truet-av-moms">Enkelte
medlemmer</a> av bokbransjen truer med å droppe den planlagte
lanseringen av norske digitale bøker med digitale restriksjonsmekanismer
(DRM) som de har snakket om å gjennomføre nå i vår, og det må de
gjerne gjøre for min del.</p>

<p>Papirbøker har mva-fritak pga. at de fremmer kultur- og
kunnskapsspredning.  Digitale bøker uten digitale
restriksjonsmekanismer (DRM) fremmer kultur- og kunnskapsspredning,
mens digitale bøker med DRM hindrer kultur og kunnskapsspredning.
Digitale bøker uten DRM bør få mva-fritak da det er salg av bøker på
lik linje med salg av papirbøker, mens digitale bøker med DRM ikke bør
få det da det er utleie av bøker og ikke salg.</p>

<p>Jeg foretrekker å kjøpe bøker, og velger dermed å la være å bruke
DRM-belastede digitale bøker.  Vet ikke helt hva jeg ville være villig
til å betale for å leie en bok, men tror ikke det er mange kronene.
Heldigvis er det mye bøker tilgjengelig uten slike restriksjoner, og
de som vil ha tak i engelske bøker kan laste ned bøker som er
tilgjengelig uten bruksbegresninger fra <a href="http://www.archive.org/">The
Internet Archive</a>. Der er det pr. i dag 1 889 313 bøker
tilgjengelig. De er tilgjengelig i flere formater. Besøk
<a href="http://www.archive.org/details/texts">oversikten over tekster
der</a> for å se hva de har.
</div>
  <div class="tags">
   

   
   Tags: <a href="tags/norsk">norsk</a>, <a href="tags/nuug">nuug</a>, <a href="tags/opphavsrett">opphavsrett</a>. 
  
  </div>
 </div>
 <div class="padding"></div>
 
 <div class="entry">
  <div class="title"><a href="Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html">Debian Edu / Skolelinux based on Lenny released, work continues</a></div>
  <div class="date">2010-02-11 17:15</div>
  <div class="body">
<p>On Tuesday, the Debian/Lenny based version of
<a href="http://www.skolelinux.org/">Skolelinux</a> was finally
shipped.  This was a major leap forward for the project, and I am very
pleased that we finally got the release wrapped up.  Work on the first
point release starts imediately, as we plan to get that one out a
month after the major release, to include all fixes for bugs we found
and fixed too late in the release process to include last Tuesday.</p>

<p>Perhaps it even is time for some partying?</p>

<p>After this first point release, my plan is to focus again on the
next major release, based on Squeeze.  We will try to get as many of
the fixes we need into the official Debian packages before the freeze,
and have just a few weeks or months to make it happen.</p>
</div>
  <div class="tags">
   

   
   Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>. 
  
  </div>
 </div>
 <div class="padding"></div>
 
 <div class="entry">
  <div class="title"><a href="Danmark_g__r_for_ODF_.html">Danmark går for ODF?</a></div>
  <div class="date">2010-01-29 12:00</div>
  <div class="body">
<p>Ble nettopp gjort oppmerksom på en
<a href="http://www.version2.dk/artikel/13690-breaking-odf-vinder-dokumentformat-krigen ">nyhet fra Version2</a>
fra Danmark, der det hevdes at Folketinget har vedtatt at ODF skal
brukes som dokumentutvekslingsformat i Staten.</p>

<p>Hyggelig lesning, spesielt hvis det viser seg at de av vedtatt
kravlisten for hva som skal aksepteres som referert i kommentarfeltet
til artikkelen og
<a href="http://www.version2.dk/artikel/13693-er-ooxml-doemt-ude-her-er-kravene-til-en-offentlig-dokumentstandard">en
annen artikkel</a> i samme nett-avis.  Liker spesielt godt denne:</p>

<p><blockquote> Det skal demonstreres, at standarden i sin helhed kan
implementeres af alle direkte i sin helhed på flere
platforme.</blockquote></p>

<p>Noe slikt burde være et krav også i Norge.</p>
</div>
  <div class="tags">
   

   
   Tags: <a href="tags/norsk">norsk</a>, <a href="tags/nuug">nuug</a>, <a href="tags/standard">standard</a>. 
  
  </div>
 </div>
 <div class="padding"></div>
 
 <div class="entry">
  <div class="title"><a href="Automatic_Munin_and_Nagios_configuration.html">Automatic Munin and Nagios configuration</a></div>
  <div class="date">2010-01-27 15:15</div>
  <div class="body">
<p>One of the new features in the next Debian/Lenny based release of
Debian Edu/Skolelinux, which is scheduled for release in the next few
days, is automatic configuration of the service monitoring system
Nagios.  The previous release had automatic configuration of trend
analysis using Munin, and this Lenny based release take that a step
further.</p>

<p>When installing a Debian Edu Main-server, it is automatically
configured as a Munin and Nagios server.  In addition, it is
configured to be a server for the
<a href="http://wiki.debian.org/DebianEdu/HowTo/SiteSummary">SiteSummary
system</a> I have written for use in Debian Edu.  The SiteSummary
system is inspired by a system used by the University of Oslo where I
work.  In short, the system provide a centralised collector of
information about the computers on the network, and a client on each
computer submitting information to this collector.  This allow for
automatic information on which packages are installed on each machine,
which kernel the machines are using, what kind of configuration the
packages got etc.  This also allow us to automatically generate Munin
and Nagios configuration.</p>

<p>All computers reporting to the sitesummary collector with the
munin-node package installed is automatically enabled as a Munin
client and graphs from the statistics collected from that machine show
up automatically on http://www/munin/ on the Main-server.</p>

<p>All non-laptop computers reporting to the sitesummary collector are
automatically monitored for network presence (ping and any network
services detected).  In addition, all computers (also laptops) with
the nagios-nrpe-server package installed and configured the way
sitesummary would configure it, are monitored for full disks, software
raid status, swap free and other checks that need to run locally on
the machine.</p>

<p>The result is that the administrator on a school using Debian Edu
based on Lenny will be able to check the health of his installation
with one look at the Nagios settings, without having to spend any time
keeping the Nagios configuration up-to-date.</p>

<p>The only configuration one need to do to get Nagios up and running
is to set the password used to get access via HTTP.  The system
administrator need to run "<tt>htpasswd /etc/nagios3/htpasswd.users
nagiosadmin</tt>" to create a nagiosadmin user and set a password for
it to be able to log into the Nagios web pages.  After that,
everything is taken care of.</p>
</div>
  <div class="tags">
   

   
   Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>. 
  
  </div>
 </div>
 <div class="padding"></div>
 
 <div class="entry">
  <div class="title"><a href="Sikkerhet__teater__og_hvordan_gj__re_verden_sikrere.html">Sikkerhet, teater, og hvordan gjøre verden sikrere</a></div>
  <div class="date">2009-12-30 16:35</div>
  <div class="body">
<p>Via Slashdot fant jeg en
<a href="http://www.cnn.com/2009/OPINION/12/29/schneier.air.travel.security.theater/index.html">nydelig
kommentar fra Bruce Schneier</a> som ble publisert hos CNN i går.  Den
forklarer forbilledlig hvorfor sikkerhetsteater og innføring av
totalitære politistatmetoder ikke er løsningen for å gjøre verden
sikrere.  Anbefales på det varmeste.</p>

<p>Oppdatering: Kom over
<a href="http://gizmodo.com/5435675/president-obama-its-time-to-fire-the-tsa">nok
en kommentar</a> om den manglende effekten av dagens sikkerhetsteater
på flyplassene.</p>
</div>
  <div class="tags">
   

   
   Tags: <a href="tags/norsk">norsk</a>, <a href="tags/nuug">nuug</a>, <a href="tags/personvern">personvern</a>, <a href="tags/sikkerhet">sikkerhet</a>. 
  
  </div>
 </div>
 <div class="padding"></div>
 
 <p style="text-align: right;"><a href="index.rss"><img src="xml.gif" alt="RSS feed" width="36" height="14"></a></p>

<div id="sidebar">





<h2>Archive</h2>
<ul>

<li>2010
<ul>

<li><a href="archive/2010/01/">January (2)</a></li>

<li><a href="archive/2010/02/">February (1)</a></li>

<li><a href="archive/2010/03/">March (3)</a></li>

<li><a href="archive/2010/04/">April (3)</a></li>

</ul></li>

<li>2009
<ul>

<li><a href="archive/2009/01/">January (8)</a></li>

<li><a href="archive/2009/02/">February (8)</a></li>

<li><a href="archive/2009/03/">March (12)</a></li>

<li><a href="archive/2009/04/">April (10)</a></li>

<li><a href="archive/2009/05/">May (9)</a></li>

<li><a href="archive/2009/06/">June (3)</a></li>

<li><a href="archive/2009/07/">July (4)</a></li>

<li><a href="archive/2009/08/">August (3)</a></li>

<li><a href="archive/2009/09/">September (1)</a></li>

<li><a href="archive/2009/10/">October (2)</a></li>

<li><a href="archive/2009/11/">November (3)</a></li>

<li><a href="archive/2009/12/">December (3)</a></li>

</ul></li>

<li>2008
<ul>

<li><a href="archive/2008/11/">November (5)</a></li>

<li><a href="archive/2008/12/">December (7)</a></li>

</ul></li>

</ul>



<h2>Tags</h2>
<ul>

 <li><a href="tags/3d-printer">3d-printer (11)</a></li>

 <li><a href="tags/amiga">amiga (1)</a></li>

 <li><a href="tags/aros">aros (1)</a></li>

 <li><a href="tags/debian">debian (14)</a></li>

 <li><a href="tags/debian edu">debian edu (14)</a></li>

 <li><a href="tags/english">english (23)</a></li>

 <li><a href="tags/fiksgatami">fiksgatami (1)</a></li>

 <li><a href="tags/fildeling">fildeling (6)</a></li>

 <li><a href="tags/kart">kart (2)</a></li>

 <li><a href="tags/lenker">lenker (1)</a></li>

 <li><a href="tags/ltsp">ltsp (1)</a></li>

 <li><a href="tags/multimedia">multimedia (5)</a></li>

 <li><a href="tags/norsk">norsk (64)</a></li>

 <li><a href="tags/nuug">nuug (70)</a></li>

 <li><a href="tags/opphavsrett">opphavsrett (12)</a></li>

 <li><a href="tags/personvern">personvern (11)</a></li>

 <li><a href="tags/reprap">reprap (10)</a></li>

 <li><a href="tags/rss">rss (1)</a></li>

 <li><a href="tags/sikkerhet">sikkerhet (6)</a></li>

 <li><a href="tags/standard">standard (11)</a></li>

 <li><a href="tags/stavekontroll">stavekontroll (1)</a></li>

 <li><a href="tags/video">video (10)</a></li>

 <li><a href="tags/vitenskap">vitenskap (1)</a></li>

 <li><a href="tags/web">web (6)</a></li>

</ul>

</div>

<p style="text-align: right">
Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v3.7</a>
</p>
</body>
</html>