+ <div class="entry">
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Automatic_proxy_configuration_with_Debian_Edu___Skolelinux.html">Automatic proxy configuration with Debian Edu / Skolelinux</a></div>
+ <div class="date">13th February 2012</div>
+ <div class="body"><p>New in the Squeeze version of
+<a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a> is the
+ability for clients to automatically configure their proxy settings
+based on their environment. We want all systems on the client to use
+the WPAD based proxy definition fetched from <tt>http://wpad/wpad.dat</tt>, to
+allow sites to control the proxy setting from a central place and make
+sure clients do not have hard coded proxy settings. The schools can
+change the global proxy setting by editing
+<tt>tjener:/etc/debian-edu/www/wpad.dat</tt> and the change propagate
+to all Debian Edu clients in the network.</p>
+
+<p>The problem is that some systems do not understand the WPAD system.
+In other words, how do one get from a WPAD file like this (this is a
+simple one, they can run arbitrary code):</p>
+
+<blockquote><pre>
+function FindProxyForURL(url, host)
+{
+ if (!isResolvable(host) ||
+ isPlainHostName(host) ||
+ dnsDomainIs(host, ".intern"))
+ return "DIRECT";
+ else
+ return "PROXY webcache:3128; DIRECT";
+}
+</pre></blockquote>
+
+<p>to a proxy setting in the process environment looking like this:</p>
+
+<blockquote><pre>
+http_proxy=http://webcache:3128/
+ftp_proxy=http://webcache:3128/
+</pre></blockquote>
+
+<p>To do this conversion I developed a perl script that will execute
+the javascript fragment in the WPAD file and return the proxy that
+would be used for
+<tt><a href="http://www.debian.org/">http://www.debian.org/</a></tt>,
+and insert this extracted proxy URL in <tt>/etc/environment</tt> and
+<tt>/etc/apt/apt.conf</tt>. The perl script wpad-extract work just
+fine in Squeeze, but in Wheezy the library it need to run the
+javascript code is <a href="http://bugs.debian.org/631045">no longer
+able to build</a> because the C library it depended on is now a C++
+library. I hope someone find a solution to that problem before Wheezy
+is frozen. An alternative would be for us to rewrite wpad-extract to
+use some other javascript library currently working in Wheezy, but no
+known alternative is known at the moment.</p>
+
+<p>This automatic proxy system allow the roaming workstation (aka
+laptop) setup in Debian Edu/Squeeze to use the proxy when the laptop
+is connected to the backbone network in a Debian Edu setup, and to
+automatically use any proxy present and announced using the WPAD
+feature when it is connected to other networks. And if no proxy is
+announced, direct connections will be used instead.</p>
+
+<p>Silently using a proxy announced on the network might be a privacy
+or security problem. But those controlling DHCP and DNS on a network
+could just as easily set up a transparent proxy, and force all HTTP
+and FTP connections to use a proxy anyway, so I consider that
+distinction to be academic. If you are afraid of using the wrong
+proxy, you should avoid connecting to the network in question in the
+first place. In Debian Edu, the proxy setup is updated using dhcp and
+ifupdown hooks, to make sure the configuration is updated every time
+the network setup changes.</p>
+
+The WPAD system is documented in a
+<a href="http://tools.ietf.org/html/draft-ietf-wrec-wpad-01">IETF
+draft</a> and a
+<a href="http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol">Wikipedia
+page</a> for those that want to learn more.
+</div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
<div class="entry">
<div class="title"><a href="http://people.skolelinux.org/pere/blog/Skolelinux_intervju__Axel_Bojer.html">Skolelinux-intervju: Axel Bojer</a></div>
<div class="date"> 7th February 2012</div>
</div>
<div class="padding"></div>
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Fixing_an_hanging_debian_installer_for_Debian_Edu.html">Fixing an hanging debian installer for Debian Edu</a></div>
- <div class="date"> 3rd January 2012</div>
- <div class="body"><p>During christmas, I have been working getting the next version of
-<a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a> ready
-for release. The initial problem I looked at was particularly
-interesting.</p>
-
-<P>The installer would hang at the end when it was doing it
-post-installation configuration, and whatevery I did to try to find
-the cause and fix it always worked while I tested it, but never when I
-integrated it into the installer and ran the installation from
-scratch. I would try to restart processes, close file descriptors,
-remove or create files, and the installer would always unblock and
-wrap up its tasks.</p>
-
-<p>Eventually the cause was found. The kernel was simply running out
-of entropy, causing the Kerberos setup to hang waiting for more.
-Pressing keys was adding entropy to the kernel, and thus all my tries
-to fix the problem worked not because what I was typing to fix it, but
-because I was typing.</P>
-
-<p>The fix I implemented was to add a background process looking at
-the level of entropy in the kernel (by checking
-/proc/sys/kernel/random/entropy_avail), and if it was too small, the
-installer will flush the kernel file buffers and do 'find /' to
-generate some disk IO. Disk IO generate entropy in the kernel, and is
-one of the few things that can be initated from within the system to
-generate entropy.</p>
-
-<p>The fix is in
-<a href="http://wiki.debian.org/DebianEdu/Documentation/Squeeze/Installation">beta1
-of the Debian Edu/Squeeze</a> version, and we
-<a href="http://wiki.debian.org/DebianEdu">welcome more testers and
-developers</a>. We plan to release beta2 this weekend.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
<p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14" /></a></p>
<div id="sidebar">
<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/01/">January (7)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (4)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (54)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (74)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (75)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (7)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (105)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (106)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (13)</a></li>
projects / homepage.git / blobdiff