1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
7 <atom:link href=
"index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>Thoughts on roaming laptop setup for Debian Edu
</title>
11 <link>Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html
</link>
12 <guid isPermaLink=
"true">Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html
</guid>
13 <pubDate>Wed,
28 Apr
2010 20:
40:
00 +
0200</pubDate>
15 <p
>For some years now, I have wondered how we should handle laptops in
16 Debian Edu. The Debian Edu infrastructure is mostly designed to
17 handle stationary computers, and less suited for computers that come
20 <p
>Now I finally believe I have an sensible idea on how to adjust
21 Debian Edu for laptops, by introducing a new profile for them, for
22 example called Roaming Workstations. Here are my thought on this.
23 The setup would consist of the following:
</p
>
27 <li
>During installation, the user name of the owner / primary user of
28 the laptop is requested and a local home directory is set up for
29 the user, with uid and gid information fetched from the LDAP
30 server. This allow the user to work also when offline. The
31 central home directory can be available in a subdirectory on
32 request, for example mounted via CIFS. It could be mounted
33 automatically when a user log in while on the Debian Edu network,
34 and unmounted when the machine is taken away (network down,
35 hibernate, etc), it can be set up to do automatic mounting on
36 request (using autofs), or perhaps some GUI button on the desktop
37 can be used to access it when needed. Perhaps it is enough to use
38 the fish protocol in KDE?
</li
>
40 <li
>Password checking is set up to use LDAP or Kerberos
41 authentication when the machine is on the Debian Edu network, and
42 to cache the password for offline checking when the machine unable
43 to reach the LDAP or Kerberos server. This can be done using
44 <a href=
"http://www.padl.com/OSS/pam_ccreds.html
">libpam-ccreds
</a
>
45 or the Fedora developed
46 <a href=
"https://fedoraproject.org/wiki/Features/SSSD
">System
47 Security Services Daemon
</a
> packages.
</li
>
49 <li
>File synchronisation with the central home directory is set up
50 using a shared directory in both the local and the central home
51 directory, using unison.
</li
>
53 <li
>Printing should be set up to print to all printers broadcasting
54 their existence on the local network, and should then work out of
55 the box with CUPS. For sites needing accurate printer quotas, some
56 system with Kerberos authentication or printing via ssh could be
57 implemented.
</li
>
59 <li
>For users that should have local root access to their laptop,
60 sudo should be used to allow this to the local user.
</li
>
62 <li
>It would be nice if user and group information from LDAP is
63 cached on the client, but given that there are entries for the
64 local user and primary group in /etc/, it should not be needed.
</li
>
68 <p
>I believe all the pieces to implement this are in Debian/testing at
69 the moment. If we work quickly, we should be able to get this ready
70 in time for the Squeeze release to freeze. Some of the pieces need
71 tweaking, like libpam-ccreds should get support for pam-auth-update
72 (
<a href=
"http://bugs.debian.org/
566718">#
566718</a
>) and nslcd (or
73 perhaps debian-edu-config) should get some integration code to stop
74 its daemon when the LDAP server is unavailable to avoid long timeouts
75 when disconnected from the net. If we get Kerberos enabled, we need
76 to make sure we avoid long timeouts there too.
</p
>
78 <p
>If you want to help out with implementing this for Debian Edu,
79 please contact us on debian-edu@lists.debian.org.
</p
>
84 <title>Great book:
"Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future
"</title>
85 <link>Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html
</link>
86 <guid isPermaLink=
"true">Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html
</guid>
87 <pubDate>Mon,
19 Apr
2010 17:
10:
00 +
0200</pubDate>
89 <p
>The last few weeks i have had the pleasure of reading a
90 thought-provoking collection of essays by Cory Doctorow, on topics
91 touching copyright, virtual worlds, the future of man when the
92 conscience mind can be duplicated into a computer and many more. The
93 book titled
"Content: Selected Essays on Technology, Creativity,
94 Copyright, and the Future of the Future
" is available with few
95 restrictions on the web, for example from
96 <a href=
"http://craphound.com/content/
">his own site
</a
>. I read the
98 <a href=
"http://www.feedbooks.com/book/
2883">feedbooks
</a
> using
99 <a href=
"http://www.fbreader.org/
">fbreader
</a
> and my N810. I
100 strongly recommend this book.
</p
>
105 <title>Kerberos for Debian Edu/Squeeze?
</title>
106 <link>Kerberos_for_Debian_Edu_Squeeze_.html
</link>
107 <guid isPermaLink=
"true">Kerberos_for_Debian_Edu_Squeeze_.html
</guid>
108 <pubDate>Wed,
14 Apr
2010 17:
20:
00 +
0200</pubDate>
110 <p
><a href=
"http://www.nuug.no/aktiviteter/
20100413-kerberos/
">Yesterdays
111 NUUG presentation
</a
> about Kerberos was inspiring, and reminded me
112 about the need to start using Kerberos in Skolelinux. Setting up a
113 Kerberos server seem to be straight forward, and if we get this in
114 place a long time before the Squeeze version of Debian freezes, we
115 have a chance to migrate Skolelinux away from NFSv3 for the home
116 directories, and over to an architecture where the infrastructure do
117 not have to trust IP addresses and machines, and instead can trust
118 users and cryptographic keys instead.
</p
>
120 <p
>A challenge will be integration and administration. Is there a
121 Kerberos implementation for Debian where one can control the
122 administration access in Kerberos using LDAP groups? With it, the
123 school administration will have to maintain access control using flat
124 files on the main server, which give a huge potential for errors.
</p
>
126 <p
>A related question I would like to know is how well Kerberos and
127 pam-ccreds (offline password check) work together. Anyone know?
</p
>
129 <p
>Next step will be to use Kerberos for access control in Lwat and
130 Nagios. I have no idea how much work that will be to implement. We
131 would also need to document how to integrate with Windows AD, as such
132 shared network will require two Kerberos realms that need to cooperate
133 to work properly.
</p
>
135 <p
>I believe a good start would be to start using Kerberos on the
136 skolelinux.no machines, and this way get ourselves experience with
137 configuration and integration. A natural starting point would be
138 setting up ldap.skolelinux.no as the Kerberos server, and migrate the
139 rest of the machines from PAM via LDAP to PAM via Kerberos one at the
142 <p
>If you would like to contribute to get this working in Skolelinux,
143 I recommend you to see the video recording from yesterdays NUUG
144 presentation, and start using Kerberos at home. The video show show
145 up in a few days.
</p
>
150 <title>På vegne av vanvitting mange, Aftenposten!
</title>
151 <link>P___vegne_av_vanvitting_mange__Aftenposten_.html
</link>
152 <guid isPermaLink=
"true">P___vegne_av_vanvitting_mange__Aftenposten_.html
</guid>
153 <pubDate>Sat,
6 Mar
2010 21:
15:
00 +
0100</pubDate>
155 <p
><a href=
"http://fotball.aftenposten.no/incoming/article163000.ece
">Aftenposten
156 melder
</a
> på forsiden av webavisen sin at de tror Erling Fossen
157 provoserer nordlendinger med sine uttalelser på
158 fotballtinget. Jeg er utflyttet nordlending, og må innrømme at jeg
159 ikke kjennet så mye som et snev av provokasjon fra denne litt morsomme
160 uttalelsen til Hr. Fossen. Lurer på om Aftenposten har noen kilder
161 utenom redaksjonen for sin påstand om at nordledinger er provosert av
162 Hr. Fossen. Må innrømme at jeg tviler på det.
</p
>
164 <p
>Det hele bringer tankene tilbake til Sture Hansen i Hallo i Uken.
</p
>
169 <title>After
6 years of waiting, the Xreset.d feature is implemented
</title>
170 <link>After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html
</link>
171 <guid isPermaLink=
"true">After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html
</guid>
172 <pubDate>Sat,
6 Mar
2010 18:
15:
00 +
0100</pubDate>
174 <p
>6 years ago, as part of the Debian Edu development I am involved
175 in, I asked for a hook in the kdm and gdm setup to run scripts as root
176 when the user log out. A bug was submitted against the xfree86-common
177 package in
2004 (
<a href=
"http://bugs.debian.org/
230422">#
230422</a
>),
178 and revisited every time Debian Edu was working on a new release.
179 Today, this finally paid off.
</p
>
181 <p
>The framework for this feature was today commited to the git
182 repositry for the xorg package, and the git repository for xdm has
183 been updated to use this framework. Next on my agenda is to make sure
184 kdm and gdm also add code to use this framework.
</p
>
186 <p
>In Debian Edu, we want to ability to run commands as root when the
187 user log out, to get rid of runaway processes and do general cleanup
188 after a user. With this framework in place, we finally can do that in
189 a generic way that work with all display managers using this
190 framework. My goal is to get all display managers in Debian use it,
191 similar to how they use the Xsession.d framework today.
<p
>
196 <title>Digitale bøker uten digitale restriksjonsmekanismer (DRM) bør få mva-fritak
</title>
197 <link>Digitale_b__ker_uten_digitale_restriksjonsmekanismer__DRM__b__r_f___mva_fritak.html
</link>
198 <guid isPermaLink=
"true">Digitale_b__ker_uten_digitale_restriksjonsmekanismer__DRM__b__r_f___mva_fritak.html
</guid>
199 <pubDate>Wed,
3 Mar
2010 19:
00:
00 +
0100</pubDate>
201 <p
>Den norske bokbransjen har
202 <a href=
"http://www.digi.no/
823912/nei-til-moms-paa-e-boker
">bedt om at
203 digitale bøker må få mva-fritak
</a
> slik papirbøker har det, og
204 <a href=
"http://www.digi.no/
836875/moms-paa-alt-digitalt-innhold
">finansdepartementet
205 har sagt nei
</a
>. Det er et interessant spørsmål om digitale bøker
206 bør ha mva-fritak eller ikke, og svaret er ikke så enkelt som et ja
208 <a href=
"http://www.digi.no/
836925/norske-e-boker-truet-av-moms
">Enkelte
209 medlemmer
</a
> av bokbransjen truer med å droppe den planlagte
210 lanseringen av norske digitale bøker med digitale restriksjonsmekanismer
211 (DRM) som de har snakket om å gjennomføre nå i vår, og det må de
212 gjerne gjøre for min del.
</p
>
214 <p
>Papirbøker har mva-fritak pga. at de fremmer kultur- og
215 kunnskapsspredning. Digitale bøker uten digitale
216 restriksjonsmekanismer (DRM) fremmer kultur- og kunnskapsspredning,
217 mens digitale bøker med DRM hindrer kultur og kunnskapsspredning.
218 Digitale bøker uten DRM bør få mva-fritak da det er salg av bøker på
219 lik linje med salg av papirbøker, mens digitale bøker med DRM ikke bør
220 få det da det er utleie av bøker og ikke salg.
</p
>
222 <p
>Jeg foretrekker å kjøpe bøker, og velger dermed å la være å bruke
223 DRM-belastede digitale bøker. Vet ikke helt hva jeg ville være villig
224 til å betale for å leie en bok, men tror ikke det er mange kronene.
225 Heldigvis er det mye bøker tilgjengelig uten slike restriksjoner, og
226 de som vil ha tak i engelske bøker kan laste ned bøker som er
227 tilgjengelig uten bruksbegresninger fra
<a href=
"http://www.archive.org/
">The
228 Internet Archive
</a
>. Der er det pr. i dag
1 889 313 bøker
229 tilgjengelig. De er tilgjengelig i flere formater. Besøk
230 <a href=
"http://www.archive.org/details/texts
">oversikten over tekster
231 der
</a
> for å se hva de har.
236 <title>Debian Edu / Skolelinux based on Lenny released, work continues
</title>
237 <link>Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html
</link>
238 <guid isPermaLink=
"true">Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html
</guid>
239 <pubDate>Thu,
11 Feb
2010 17:
15:
00 +
0100</pubDate>
241 <p
>On Tuesday, the Debian/Lenny based version of
242 <a href=
"http://www.skolelinux.org/
">Skolelinux
</a
> was finally
243 shipped. This was a major leap forward for the project, and I am very
244 pleased that we finally got the release wrapped up. Work on the first
245 point release starts imediately, as we plan to get that one out a
246 month after the major release, to include all fixes for bugs we found
247 and fixed too late in the release process to include last Tuesday.
</p
>
249 <p
>Perhaps it even is time for some partying?
</p
>
251 <p
>After this first point release, my plan is to focus again on the
252 next major release, based on Squeeze. We will try to get as many of
253 the fixes we need into the official Debian packages before the freeze,
254 and have just a few weeks or months to make it happen.
</p
>
259 <title>Danmark går for ODF?
</title>
260 <link>Danmark_g__r_for_ODF_.html
</link>
261 <guid isPermaLink=
"true">Danmark_g__r_for_ODF_.html
</guid>
262 <pubDate>Fri,
29 Jan
2010 12:
00:
00 +
0100</pubDate>
264 <p
>Ble nettopp gjort oppmerksom på en
265 <a href=
"http://www.version2.dk/artikel/
13690-breaking-odf-vinder-dokumentformat-krigen
">nyhet fra Version2
</a
>
266 fra Danmark, der det hevdes at Folketinget har vedtatt at ODF skal
267 brukes som dokumentutvekslingsformat i Staten.
</p
>
269 <p
>Hyggelig lesning, spesielt hvis det viser seg at de av vedtatt
270 kravlisten for hva som skal aksepteres som referert i kommentarfeltet
272 <a href=
"http://www.version2.dk/artikel/
13693-er-ooxml-doemt-ude-her-er-kravene-til-en-offentlig-dokumentstandard
">en
273 annen artikkel
</a
> i samme nett-avis. Liker spesielt godt denne:
</p
>
275 <p
><blockquote
> Det skal demonstreres, at standarden i sin helhed kan
276 implementeres af alle direkte i sin helhed på flere
277 platforme.
</blockquote
></p
>
279 <p
>Noe slikt burde være et krav også i Norge.
</p
>
284 <title>Automatic Munin and Nagios configuration
</title>
285 <link>Automatic_Munin_and_Nagios_configuration.html
</link>
286 <guid isPermaLink=
"true">Automatic_Munin_and_Nagios_configuration.html
</guid>
287 <pubDate>Wed,
27 Jan
2010 15:
15:
00 +
0100</pubDate>
289 <p
>One of the new features in the next Debian/Lenny based release of
290 Debian Edu/Skolelinux, which is scheduled for release in the next few
291 days, is automatic configuration of the service monitoring system
292 Nagios. The previous release had automatic configuration of trend
293 analysis using Munin, and this Lenny based release take that a step
296 <p
>When installing a Debian Edu Main-server, it is automatically
297 configured as a Munin and Nagios server. In addition, it is
298 configured to be a server for the
299 <a href=
"http://wiki.debian.org/DebianEdu/HowTo/SiteSummary
">SiteSummary
300 system
</a
> I have written for use in Debian Edu. The SiteSummary
301 system is inspired by a system used by the University of Oslo where I
302 work. In short, the system provide a centralised collector of
303 information about the computers on the network, and a client on each
304 computer submitting information to this collector. This allow for
305 automatic information on which packages are installed on each machine,
306 which kernel the machines are using, what kind of configuration the
307 packages got etc. This also allow us to automatically generate Munin
308 and Nagios configuration.
</p
>
310 <p
>All computers reporting to the sitesummary collector with the
311 munin-node package installed is automatically enabled as a Munin
312 client and graphs from the statistics collected from that machine show
313 up automatically on http://www/munin/ on the Main-server.
</p
>
315 <p
>All non-laptop computers reporting to the sitesummary collector are
316 automatically monitored for network presence (ping and any network
317 services detected). In addition, all computers (also laptops) with
318 the nagios-nrpe-server package installed and configured the way
319 sitesummary would configure it, are monitored for full disks, software
320 raid status, swap free and other checks that need to run locally on
321 the machine.
</p
>
323 <p
>The result is that the administrator on a school using Debian Edu
324 based on Lenny will be able to check the health of his installation
325 with one look at the Nagios settings, without having to spend any time
326 keeping the Nagios configuration up-to-date.
</p
>
328 <p
>The only configuration one need to do to get Nagios up and running
329 is to set the password used to get access via HTTP. The system
330 administrator need to run
"<tt
>htpasswd /etc/nagios3/htpasswd.users
331 nagiosadmin
</tt
>" to create a nagiosadmin user and set a password for
332 it to be able to log into the Nagios web pages. After that,
333 everything is taken care of.
</p
>
338 <title>Sikkerhet, teater, og hvordan gjøre verden sikrere
</title>
339 <link>Sikkerhet__teater__og_hvordan_gj__re_verden_sikrere.html
</link>
340 <guid isPermaLink=
"true">Sikkerhet__teater__og_hvordan_gj__re_verden_sikrere.html
</guid>
341 <pubDate>Wed,
30 Dec
2009 16:
35:
00 +
0100</pubDate>
343 <p
>Via Slashdot fant jeg en
344 <a href=
"http://www.cnn.com/
2009/OPINION/
12/
29/schneier.air.travel.security.theater/index.html
">nydelig
345 kommentar fra Bruce Schneier
</a
> som ble publisert hos CNN i går. Den
346 forklarer forbilledlig hvorfor sikkerhetsteater og innføring av
347 totalitære politistatmetoder ikke er løsningen for å gjøre verden
348 sikrere. Anbefales på det varmeste.
</p
>
350 <p
>Oppdatering: Kom over
351 <a href=
"http://gizmodo.com/
5435675/president-obama-its-time-to-fire-the-tsa
">nok
352 en kommentar
</a
> om den manglende effekten av dagens sikkerhetsteater
353 på flyplassene.
</p
>
projects / homepage.git / blob