Generated.

[homepage.git] / blog / index.rss

<?xml version="1.0" encoding="utf-8"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/' xmlns:atom="http://www.w3.org/2005/Atom">
        <channel>
                <title>Petter Reinholdtsen</title>
                <description></description>
                <link>http://people.skolelinux.org/pere/blog/</link>
                <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>
                <title>jXplorer, a very nice LDAP GUI</title>
                <link>http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</guid>
                <pubDate>Fri, 9 Jul 2010 12:55:00 +0200</pubDate>
                <description>
&lt;p&gt;Since
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html&quot;&gt;my
last post&lt;/a&gt; about available LDAP tools in Debian, I was told about a
LDAP GUI that is even better than luma.  The java application
&lt;a href=&quot;http://jxplorer.org/&quot;&gt;jXplorer&lt;/a&gt; is claimed to be capable of
moving LDAP objects and subtrees using drag-and-drop, and can
authenticate using Kerberos.  I have only tested the Kerberos
authentication, but do not have a LDAP setup allowing me to rewrite
LDAP with my test user yet.  It is
&lt;a href=&quot;http://packages.qa.debian.org/j/jxplorer.html&quot;&gt;available in
Debian&lt;/a&gt; testing and unstable at the moment.  The only problem I
have with it is how it handle errors.  If something go wrong, its
non-intuitive behaviour require me to go through some query work list
and remove the failing query.  Nothing big, but very annoying.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>MS Word krøller det til for politiet?</title>
                <link>http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</guid>
                <pubDate>Thu, 8 Jul 2010 14:00:00 +0200</pubDate>
                <description>
&lt;p&gt;De siste dagene har Aftenposten
&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/article3718597.ece&quot;&gt;fortalt&lt;/a&gt;
&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/article3724249.ece&quot;&gt;hvordan&lt;/a&gt;
politet har brukt skriveverktøy som ikke håndterer arabisk tekst og
tekst som skal skrives fra høyre mot venstre når de har laget
løpeseddel for å be om informasjon fra publikum.  Resultatet har vært
en uleselig arabisk-bit på løpeseddelen.  Feilen har oppstått når
teksten har blitt &quot;kopiert inn i programvare som ikke har støtte for
språk som skrives fra høyre mot venstre&quot;, og jeg er ganske sikker på
at det er snakk om Microsoft Office i dette tilfellet.  Er det slik at
MS Office i norsk språkdrakt ikke har støtte for tekst som skal
skrives fra høyre mot venstre?  Jeg tror alle utgaver av
OpenOffice.org har slik støtte, og det er jo ikke veldig vanskelig å
la slik støtte finnes i alle utgaver av et program hvis støtten først
er utviklet.  Aftenpostens melding får meg til å undre om problemet
ville vært unngått hvis politiet brukte OpenOffice.org i stedet for MS
Office.&lt;/p&gt;

&lt;p&gt;Mon tro om det er flere eksempler på at MS Office har ødelagt for
offentlig myndighet?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Lenny-&gt;Squeeze upgrades, apt vs aptitude with the Gnome desktop</title>
                <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</guid>
                <pubDate>Sat, 3 Jul 2010 23:55:00 +0200</pubDate>
                <description>
&lt;p&gt;Here is a short update on my &lt;a
href=&quot;http://people.skolelinux.org/~pere/debian-upgrade-testing/&quot;&gt;my
Debian Lenny-&gt;Squeeze upgrade testing&lt;/a&gt;.  Here is a summary of the
difference for Gnome when it is upgraded by apt-get and aptitude.  I&#39;m
not reporting the status for KDE, because the upgrade crashes when
aptitude try because of missing conflicts
(&lt;a href=&quot;http://bugs.debian.org/584861&quot;&gt;#584861&lt;/a&gt; and
&lt;a href=&quot;http://bugs.debian.org/585716&quot;&gt;#585716&lt;/a&gt;).&lt;/p&gt;

&lt;p&gt;At the end of the upgrade test script, dpkg -l is executed to get a
complete list of the installed packages.  Based on this I see these
differences when I did a test run today.  As usual, I do not really
know what the correct set of packages would be, but thought it best to
publish the difference.&lt;/p&gt;

&lt;p&gt;Installed using apt-get, missing with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs
  libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common
  libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
  libgtksourceview-common libpt-1.10.10-plugins-alsa
  libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
  libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
  python-4suite-xml python-eggtrayicon python-gtkhtml2
  python-gtkmozembed svgalibg1 xserver-xephyr zip
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using apt-get, removed with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
  gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
  libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50
  libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3
  libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9
  libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3
  libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
  libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
  libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
  libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0
  libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50
  libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10
  libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
  libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5
  libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
  libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8
  libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1
  libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
  libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
  mysql-common swfdec-gnome totem-gstreamer wodim
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, missing with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  gnome gnome-desktop-environment hamster-applet python-gnomeapplet
  python-gnomekeyring python-wnck rhythmbox-plugins xorg
  xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-video-all
  xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
  xserver-xorg-video-chips xserver-xorg-video-cirrus
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nouveau xserver-xorg-video-nv
  xserver-xorg-video-r128 xserver-xorg-video-radeon
  xserver-xorg-video-radeonhd xserver-xorg-video-rendition
  xserver-xorg-video-s3 xserver-xorg-video-s3virge
  xserver-xorg-video-savage xserver-xorg-video-siliconmotion
  xserver-xorg-video-sis xserver-xorg-video-sisusb
  xserver-xorg-video-tdfx xserver-xorg-video-tga
  xserver-xorg-video-trident xserver-xorg-video-tseng
  xserver-xorg-video-vesa xserver-xorg-video-vmware
  xserver-xorg-video-voodoo
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, removed with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  deskbar-applet xserver-xorg xserver-xorg-core
  xserver-xorg-input-wacom xserver-xorg-video-intel
  xserver-xorg-video-openchrome
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;I was told on IRC that the xorg-xserver package was
&lt;a href=&quot;http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120&quot;&gt;changed
in git&lt;/a&gt; today to try to get apt-get to not remove xorg completely.
No idea when it hits Squeeze, but when it does I hope it will reduce
the difference somewhat.
</description>
        </item>
        
        <item>
                <title>Caching password, user and group on a roaming Debian laptop</title>
                <link>http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</guid>
                <pubDate>Thu, 1 Jul 2010 11:40:00 +0200</pubDate>
                <description>
&lt;p&gt;For a laptop, centralized user directories and password checking is
a bit troubling.  Laptops are typically used also when not connected
to the network, and it is vital for a user to be able to log in or
unlock the screen saver also when a central server is unavailable.
This is possible by caching passwords and directory information (user
and group attributes) locally, and the packages to do so are available
in Debian.  Here follow two recipes to set this up in Debian/Squeeze.
It is also possible to set up in Debian/Lenny, but require more manual
setup there because pam-auth-update is missing in Lenny.&lt;/p&gt;

&lt;h2&gt;LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir&lt;/h2&gt;

This is the traditional method with a twist.  The password caching is
provided by libpam-ccreds (version 10-4 or later is needed on
Squeeze), and the directory caching is done by nscd.  The directory
lookup and password checking is done using LDAP.  If one want to use
Kerberos for password checking the libpam-ldapd package can be
replaced with libpam-krb5 or libpam-heimdal.  If one is happy having a
local home directory with the path listed in LDAP, one can use the
pam_mkhomedir module from pam-modules to make this happen instead of
using libpam-mklocaluser.  A setup for pam-auth-update to enable
pam_mkhomedir will have to be written until a fix for
&lt;a href=&quot;http://bugs.debian.org/568577&quot;&gt;bug #568577&lt;/a&gt; is in the
archive.  Because I believe it is a bad idea to have local home
directories using misleading paths like /site/server/partition/, I
prefer to create a local user with the home directory in /home/.  This
is done using the libpam-mklocaluser package.&lt;/p&gt;

&lt;p&gt;These packages need to be installed and configured&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The ldapd packages will ask for LDAP connection information, and
one have to fill in the values that fits ones own site.  Make sure the
PAM part uses encrypted connections, to make sure the password is not
sent in clear text to the LDAP server.  I&#39;ve been unable to get TLS
certificate checking for a self signed certificate working, which make
LDAP authentication unsafe for Debian Edu (nslcd is not checking if it
is talking to the correct LDAP server), and very much welcome feedback
on how to get this working.&lt;/p&gt;

&lt;p&gt;Because nscd do not have a default configuration fit for offline
caching until &lt;a href=&quot;http://bugs.debian.org/485282&quot;&gt;bug #485282&lt;/a&gt;
is fixed, this configuration should be used instead of the one
currently in /etc/nscd.conf.  The changes are in the fields
reload-count and positive-time-to-live, and is based on the
instructions I found in the
&lt;a href=&quot;http://www.flyn.org/laptopldap/&quot;&gt;LDAP for Mobile Laptops&lt;/a&gt;
instructions by Flyn Computing.&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
        debug-level             0
        reload-count            unlimited
        paranoia                no

        enable-cache            passwd          yes
        positive-time-to-live   passwd          2592000
        negative-time-to-live   passwd          20
        suggested-size          passwd          211
        check-files             passwd          yes
        persistent              passwd          yes
        shared                  passwd          yes
        max-db-size             passwd          33554432
        auto-propagate          passwd          yes

        enable-cache            group           yes
        positive-time-to-live   group           2592000
        negative-time-to-live   group           20
        suggested-size          group           211
        check-files             group           yes
        persistent              group           yes
        shared                  group           yes
        max-db-size             group           33554432
        auto-propagate          group           yes

        enable-cache            hosts           no
        positive-time-to-live   hosts           2592000
        negative-time-to-live   hosts           20
        suggested-size          hosts           211
        check-files             hosts           yes
        persistent              hosts           yes
        shared                  hosts           yes
        max-db-size             hosts           33554432

        enable-cache            services        yes
        positive-time-to-live   services        2592000
        negative-time-to-live   services        20
        suggested-size          services        211
        check-files             services        yes
        persistent              services        yes
        shared                  services        yes
        max-db-size             services        33554432
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;While we wait for a mechanism to update /etc/nsswitch.conf
automatically like the one provided in
&lt;a href=&quot;http://bugs.debian.org/496915&quot;&gt;bug #496915&lt;/a&gt;, the file
content need to be manually replaced to ensure LDAP is used as the
directory service on the machine.  /etc/nsswitch.conf should normally
look like this:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
passwd:         files ldap
group:          files ldap
shadow:         files ldap
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files
protocols:      files
services:       files
ethers:         files
rpc:            files
netgroup:       files ldap
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The important parts are that ldap is listed last for passwd, group,
shadow and netgroup.&lt;/p&gt;

&lt;p&gt;With these changes in place, any user in LDAP will be able to log
in locally on the machine using for example kdm, get a local home
directory created and have the password as well as user and group
attributes cached.

&lt;h2&gt;LDAP/Kerberos + nss-updatedb + libpam-ccreds +
  libpam-mklocaluser/pam_mkhomedir&lt;/h2&gt;

&lt;p&gt;Because nscd have had its share of problems, and seem to have
problems doing proper caching, I&#39;ve seen suggestions and recipes to
use nss-updatedb to copy parts of the LDAP database locally when the
LDAP database is available.  I have not tested such setup, because I
discovered sssd.&lt;/p&gt;

&lt;h2&gt;LDAP/Kerberos + sssd + libpam-mklocaluser&lt;/h2&gt;

&lt;p&gt;A more flexible and robust setup than the nscd combination
mentioned earlier that has shown up recently, is the
&lt;a href=&quot;https://fedorahosted.org/sssd/&quot;&gt;sssd&lt;/a&gt; package from Redhat.
It is part of the &lt;a href=&quot;http://www.freeipa.org/&quot;&gt;FreeIPA&lt;/A&gt; project
to provide a Active Directory like directory service for Linux
machines.  The sssd system combines the caching of passwords and user
information into one package, and remove the need for nscd and
libpam-ccreds.  It support LDAP and Kerberos, but not NIS.  Version
1.2 do not support netgroups, but it is said that it will support this
in version 1.5 expected to show up later in 2010.  Because the
&lt;a href=&quot;http://packages.qa.debian.org/s/sssd.html&quot;&gt;sssd package&lt;/a&gt;
was missing in Debian, I ended up co-maintaining it with Werner, and
version 1.2 is now in testing.

&lt;p&gt;These packages need to be installed and configured to get the
roaming setup I want&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
libpam-sss libnss-sss libpam-mklocaluser
&lt;/pre&gt;&lt;/blockquote&gt;

The complete setup of sssd is done by editing/creating
&lt;tt&gt;/etc/sssd/sssd.conf&lt;/tt&gt;.

&lt;blockquote&gt;&lt;pre&gt;
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = INTERN

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[domain/INTERN]
enumerate = false
cache_credentials = true

id_provider = ldap
auth_provider = ldap
chpass_provider = ldap

ldap_uri = ldap://ldap
ldap_search_base = dc=skole,dc=skolelinux,dc=no
ldap_tls_reqcert = never
ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;I got the same problem here with certificate checking.  Had to set
&quot;ldap_tls_reqcert = never&quot; to get it working.&lt;/p&gt;

&lt;p&gt;With the libnss-sss package in testing at the moment, the
nsswitch.conf file is update automatically, so there is no need to
modify it manually.&lt;/p&gt;

&lt;p&gt;If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>LUMA, a very nice LDAP GUI</title>
                <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</guid>
                <pubDate>Mon, 28 Jun 2010 00:30:00 +0200</pubDate>
                <description>
&lt;p&gt;The last few days I have been looking into the status of the LDAP
directory in Debian Edu, and in the process I started to miss a GUI
tool to browse the LDAP tree.  The only one I was able to find in
Debian/Squeeze and Lenny is
&lt;a href=&quot;http://luma.sourceforge.net/&quot;&gt;LUMA&lt;/a&gt;, which has proved to
be a great tool to get a overview of the current LDAP directory
populated by default in Skolelinux.  Thanks to it, I have been able to
find empty and obsolete subtrees, misplaced objects and duplicate
objects.  It will be installed by default in Debian/Squeeze.  If you
are working with LDAP, give it a go. :)&lt;/p&gt;

&lt;p&gt;I did notice one problem with it I have not had time to report to
the BTS yet.  There is no .desktop file in the package, so the tool do
not show up in the Gnome and KDE menus, but only deep down in in the
Debian submenu in KDE.  I hope that can be fixed before Squeeze is
released.&lt;/p&gt;

&lt;p&gt;I have not yet been able to get it to modify the tree yet.  I would
like to move objects and remove subtrees directly in the GUI, but have
not found a way to do that with LUMA yet.  So in the mean time, I use
&lt;a href=&quot;http://www.lichteblau.com/ldapvi/&quot;&gt;ldapvi&lt;/a&gt; for that.&lt;/p&gt;

&lt;p&gt;If you have tips on other GUI tools for LDAP that might be useful
in Debian Edu, please contact us on debian-edu@lists.debian.org.&lt;/p&gt;

&lt;p&gt;Update 2010-06-29: Ross Reedstrom tipped us about the
&lt;a href=&quot;http://packages.qa.debian.org/g/gq.html&quot;&gt;gq&lt;/a&gt; package as a
useful GUI alternative.  It seem like a good tool, but is unmaintained
in Debian and got a RC bug keeping it out of Squeeze.  Unless that
changes, it will not be an option for Debian Edu based on Squeeze.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</title>
                <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</guid>
                <pubDate>Thu, 24 Jun 2010 00:35:00 +0200</pubDate>
                <description>
&lt;p&gt;A while back, I
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html&quot;&gt;complained
about the fact&lt;/a&gt; that it is not possible with the provided schemas
for storing DNS and DHCP information in LDAP to combine the two sets
of information into one LDAP object representing a computer.&lt;/p&gt;

&lt;p&gt;In the mean time, I discovered that a simple fix would be to make
the dhcpHost object class auxiliary, to allow it to be combined with
the dNSDomain object class, and thus forming one object for one
computer when storing both DHCP and DNS information in LDAP.&lt;/p&gt;

&lt;p&gt;If I understand this correctly, it is not safe to do this change
without also changing the assigned number for the object class, and I
do not know enough about LDAP schema design to do that properly for
Debian Edu.&lt;/p&gt;

&lt;p&gt;Anyway, for future reference, this is how I believe we could change
the
&lt;a href=&quot;http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00&quot;&gt;DHCP
schema&lt;/a&gt; to solve at least part of the problem with the LDAP schemas
available today from IETF.&lt;/p&gt;

&lt;pre&gt;
--- dhcp.schema    (revision 65192)
+++ dhcp.schema    (working copy)
@@ -376,7 +376,7 @@
 objectclass ( 2.16.840.1.113719.1.203.6.6
        NAME &#39;dhcpHost&#39;
        DESC &#39;This represents information about a particular client&#39;
-       SUP top
+       SUP top AUXILIARY
        MUST cn
        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
        X-NDS_CONTAINMENT (&#39;dhcpService&#39; &#39;dhcpSubnet&#39; &#39;dhcpGroup&#39;) )
&lt;/pre&gt;

&lt;p&gt;I very much welcome clues on how to do this properly for Debian
Edu/Squeeze.  We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.&lt;/p&gt;

&lt;p&gt;If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Calling tasksel like the installer, while still getting useful output</title>
                <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</guid>
                <pubDate>Wed, 16 Jun 2010 14:55:00 +0200</pubDate>
                <description>
&lt;p&gt;A few times I have had the need to simulate the way tasksel
installs packages during the normal debian-installer run.  Until now,
I have ended up letting tasksel do the work, with the annoying problem
of not getting any feedback at all when something fails (like a
conffile question from dpkg or a download that fails), using code like
this:

&lt;blockquote&gt;&lt;pre&gt;
export DEBIAN_FRONTEND=noninteractive
tasksel --new-install
&lt;/pre&gt;&lt;/blockquote&gt;

This would invoke tasksel, let its automatic task selection pick the
tasks to install, and continue to install the requested tasks without
any output what so ever.

Recently I revisited this problem while working on the automatic
package upgrade testing, because tasksel would some times hang without
any useful feedback, and I want to see what is going on when it
happen.  Then it occured to me, I can parse the output from tasksel
when asked to run in test mode, and use that aptitude command line
printed by tasksel then to simulate the tasksel run.  I ended up using
code like this:

&lt;blockquote&gt;&lt;pre&gt;
export DEBIAN_FRONTEND=noninteractive
cmd=&quot;$(in_target tasksel -t --new-install | sed &#39;s/debconf-apt-progress -- //&#39;)&quot;
$cmd
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The content of $cmd is typically something like &quot;&lt;tt&gt;aptitude -q
--without-recommends -o APT::Install-Recommends=no -y install
~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
~pimportant&lt;/tt&gt;&quot;, which will install the gnome desktop task, the
laptop task and all packages with priority standard , required and
important, just like tasksel would have done it during
installation.&lt;/p&gt;

&lt;p&gt;A better approach is probably to extend tasksel to be able to
install packages without using debconf-apt-progress, for use cases
like this.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Vinmonopolet bryter loven åpenlyst - og flere planlegger å gjøre det samme</title>
                <link>http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</guid>
                <pubDate>Wed, 16 Jun 2010 11:00:00 +0200</pubDate>
                <description>
&lt;p&gt;&lt;a href=&quot;http://www.dagbladet.no/2010/06/16/nyheter/innenriks/streik/arbeidsliv/12157858/&quot;&gt;Dagbladet
melder&lt;/a&gt; at Vinmonopolet med bakgrunn i vekterstreiken som pågår i
Norge for tiden, har bestemt seg for med vitende og vilje å bryte
sentralbanklovens paragraf 14 ved å nekte folk å betale med
kontanter, og at flere butikker planlegger å følge deres eksempel.
Jeg synes det er hårreisende hvis de slipper unna med et slikt
soleklart lovbrudd, og lurer på hva slags muligheter jeg vil ha hvis
jeg blir nektet å handle med kontanter.  Jeg handler i hovedsak med
kontanter selv, da jeg anser det som en borgerrett å kunne handle
anonymt uten at det blir registrert.  For meg er det et angrep på mitt
personvern å nekte å ta imot kontant betaling.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://www.lovdata.no/all/tl-19850524-028-003.html#14&quot;&gt;Paragrafen
i sentralbankloven&lt;/a&gt; lyder:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;§ 14. Tvungent betalingsmiddel&lt;/p&gt;

&lt;p&gt;Bankens sedler og mynter er tvungent betalingsmiddel i Norge. Ingen
er pliktig til i én betaling å ta imot mer enn femogtyve mynter av
hver enhet.&lt;/p&gt;

&lt;p&gt;Sterkt skadde sedler og mynter er ikke tvungent
betalingsmiddel. Banken gir nærmere forskrifter om erstatning for
bortkomne, brente eller skadde sedler og mynter.&lt;/p&gt;

&lt;p&gt;Selv om en avtale inneholder klausul om betaling av en
pengeforpliktelse i gullverdi, kan skyldneren frigjøre seg med tvungne
betalingsmidler uten hensyn til denne klausul.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Det er med bakgrunn i denne lovet ikke tillatt å nekte å ta imot
kontakt betaling.  Det er en lov jeg har sans for, og som jeg mener må
håndheves strengt.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Officeshots taking shape</title>
                <link>http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</guid>
                <pubDate>Sun, 13 Jun 2010 11:40:00 +0200</pubDate>
                <description>
&lt;p&gt;For those of us caring about document exchange and
interoperability, &lt;a href=&quot;http://www.officeshots.org/&quot;&gt;OfficeShots&lt;/a&gt;
is a great service.  It is to ODF documents what
&lt;a href=&quot;http://browsershots.org/&quot;&gt;BrowserShots&lt;/a&gt; is for web
pages.&lt;/p&gt;

&lt;p&gt;A while back, I was contacted by Knut Yrvin at the part of Nokia
that used to be Trolltech, who wanted to help the OfficeShots project
and wondered if the University of Oslo where I work would be
interested in supporting the project.  I helped him to navigate his
request to the right people at work, and his request was answered with
a spot in the machine room with power and network connected, and Knut
arranged funding for a machine to fill the spot.  The machine is
administrated by the OfficeShots people, so I do not have daily
contact with its progress, and thus from time to time check back to
see how the project is doing.&lt;/p&gt;

&lt;p&gt;Today I had a look, and was happy to see that the Dell box in our
machine room now is the host for several virtual machines running as
OfficeShots factories, and the project is able to render ODF documents
in 17 different document processing implementation on Linux and
Windows.  This is great.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Lenny-&gt;Squeeze upgrades, removals by apt and aptitude</title>
                <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html</guid>
                <pubDate>Sun, 13 Jun 2010 09:05:00 +0200</pubDate>
                <description>
&lt;p&gt;My
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html&quot;&gt;testing
of Debian upgrades&lt;/a&gt; from Lenny to Squeeze continues, and I&#39;ve
finally made the upgrade logs available from
&lt;a href=&quot;http://people.skolelinux.org/pere/debian-upgrade-testing/&quot;&gt;http://people.skolelinux.org/pere/debian-upgrade-testing/&lt;/a&gt;.
I am now testing dist-upgrade of Gnome and KDE in a chroot using both
apt and aptitude, and found their differences interesting.  This time
I will only focus on their removal plans.&lt;/p&gt;

&lt;p&gt;After installing a Gnome desktop and the laptop task, apt-get wants
to remove 72 packages when dist-upgrading from Lenny to Squeeze.  The
surprising part is that it want to remove xorg and all
xserver-xorg-video* drivers.  Clearly not a good choice, but I am not
sure why.  When asking aptitude to do the same, it want to remove 129
packages, but most of them are library packages I suspect are no
longer needed.  Both of them want to remove bluetooth packages, which
I do not know.  Perhaps these bluetooth packages are obsolete?&lt;/p&gt;

&lt;p&gt;For KDE, apt-get want to remove 82 packages, among them kdebase
which seem like a bad idea and xorg the same way as with Gnome. Asking
aptitude for the same, it wants to remove 192 packages, none which are
too surprising.&lt;/p&gt;

&lt;p&gt;I guess the removal of xorg during upgrades should be investigated
and avoided, and perhaps others as well.  Here are the complete list
of planned removals.  The complete logs is available from the URL
above.  Note if you want to repeat these tests, that the upgrade test
for kde+apt-get hung in the tasksel setup because of dpkg asking
conffile questions.  No idea why.  I worked around it by using
&#39;&lt;tt&gt;echo &gt;&gt; /proc/&lt;em&gt;pidofdpkg&lt;/em&gt;/fd/0&lt;/tt&gt;&#39; to tell dpkg to
continue.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;apt-get gnome 72&lt;/b&gt;
&lt;br&gt;bluez-gnome cupsddk-drivers deskbar-applet gnome
  gnome-desktop-environment gnome-network-admin gtkhtml3.14
  iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-1-0
  libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0
  nautilus-cd-burner python-gnome2-desktop python-gnome2-extras
  serpentine swfdec-mozilla update-manager xorg xserver-xorg
  xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-input-wacom
  xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
  xserver-xorg-video-ati xserver-xorg-video-chips
  xserver-xorg-video-cirrus xserver-xorg-video-cyrix
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-imstt
  xserver-xorg-video-intel xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nsc xserver-xorg-video-nv
  xserver-xorg-video-openchrome xserver-xorg-video-r128
  xserver-xorg-video-radeon xserver-xorg-video-radeonhd
  xserver-xorg-video-rendition xserver-xorg-video-s3
  xserver-xorg-video-s3virge xserver-xorg-video-savage
  xserver-xorg-video-siliconmotion xserver-xorg-video-sis
  xserver-xorg-video-sisusb xserver-xorg-video-tdfx
  xserver-xorg-video-tga xserver-xorg-video-trident
  xserver-xorg-video-tseng xserver-xorg-video-v4l
  xserver-xorg-video-vesa xserver-xorg-video-vga
  xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9
  xulrunner-1.9-gnome-support&lt;/p&gt;

&lt;p&gt;&lt;b&gt;aptitude gnome 129&lt;/b&gt;

&lt;br&gt;bluez-gnome bluez-utils cpp-4.3 cupsddk-drivers dhcdbd
  djvulibre-desktop finger gnome-app-install gnome-mount
  gnome-network-admin gnome-spell gnome-vfs-obexftp
  gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2
  libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2
  libcamel1.2-11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0
  libdirectfb-1.0-0 libdvdread3 libedataserver1.2-9 libeel2-2.20
  libeel2-data libepc-1.0-1 libepc-ui-1.0-1 libfaad0 libgail-common
  libgd2-noxpm libgda3-3 libgda3-common libgdl-1-0 libgdl-1-common
  libggz2 libggzcore9 libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0
  libgnomecups1.0-1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-0
  libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common
  libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-0
  libgtksourceview-common libgtksourceview1.0-0 libgucharmap6
  libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++10
  libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off
  libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-2.2
  libosp5 libparted1.8-10 libpoppler-glib3 libpoppler3 libpt-1.10.10
  libpt-1.10.10-plugins-alsa libpt-1.10.10-plugins-v4l libraw1394-8
  libsensors3 libslab0 libsmbios2 libsoup2.2-8 libssh2-1
  libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1 libtotem-plparser10
  libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0
  libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6
  libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner
  openoffice.org-writer2latex openssl-blacklist p7zip
  python-4suite-xml python-eggtrayicon python-gnome2-desktop
  python-gnome2-extras python-gtkhtml2 python-gtkmozembed
  python-numeric python-sexy serpentine svgalibg1 swfdec-gnome
  swfdec-mozilla totem-gstreamer update-manager wodim
  xserver-xorg-video-cyrix xserver-xorg-video-imstt
  xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
  zip&lt;/p&gt;

&lt;p&gt;&lt;b&gt;apt-get kde 82&lt;/b&gt;

&lt;br&gt;cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core
  kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3
  kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker
  kicker-applets knewsticker kolourpaint konq-plugins konqueror korn
  kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1
  libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg
  xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-input-wacom
  xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
  xserver-xorg-video-ati xserver-xorg-video-chips
  xserver-xorg-video-cirrus xserver-xorg-video-cyrix
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-imstt
  xserver-xorg-video-intel xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nsc xserver-xorg-video-nv
  xserver-xorg-video-openchrome xserver-xorg-video-r128
  xserver-xorg-video-radeon xserver-xorg-video-radeonhd
  xserver-xorg-video-rendition xserver-xorg-video-s3
  xserver-xorg-video-s3virge xserver-xorg-video-savage
  xserver-xorg-video-siliconmotion xserver-xorg-video-sis
  xserver-xorg-video-sisusb xserver-xorg-video-tdfx
  xserver-xorg-video-tga xserver-xorg-video-trident
  xserver-xorg-video-tseng xserver-xorg-video-v4l
  xserver-xorg-video-vesa xserver-xorg-video-vga
  xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9&lt;/p&gt;

&lt;p&gt;&lt;b&gt;aptitude kde 192&lt;/b&gt;
&lt;br&gt;bluez-utils cpp-4.3 cupsddk-drivers cvs dcoprss dhcdbd
  djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext
  ghostscript-x imlib-base imlib11 indi kandy karm kasteroids
  kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat
  kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
  kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data
  kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data
  kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
  kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh
  kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs
  kghostview khelpcenter khexedit kiconedit kitchensync klatin
  klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint
  kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler
  krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver
  ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos
  kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock
  kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile
  libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
  libavahi-core5 libavc1394-0 libavcodec51 libbluetooth2
  libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0 libdatrie0
  libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
  libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0
  libicu38 libiec61883-0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1
  libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2
  libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
  libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a
  libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9
  libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-8 libsmbios2
  libssh2-1 libsuitesparse-3.1.0 libtalloc1 libtiff-tools
  libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java
  libxerces2-java-gcj libxtrap6 mpeglib networkstatus
  openoffice.org-writer2latex pmount poster psutils quanta quanta-data
  superkaramba svgalibg1 tex-common texlive-base texlive-base-bin
  texlive-common texlive-doc-base texlive-fonts-recommended
  xserver-xorg-video-cyrix xserver-xorg-video-imstt
  xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
  xulrunner-1.9&lt;/p&gt;

</description>
        </item>
        
        </channel>
</rss>