</description>
</item>
+ <item>
+ <title>Debian Edu - some ideas for the future versions</title>
+ <link>http://people.skolelinux.org/pere/blog/Debian_Edu___some_ideas_for_the_future_versions.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu___some_ideas_for_the_future_versions.html</guid>
+ <pubDate>Mon, 11 Jun 2012 14:30:00 +0200</pubDate>
+ <description><p>During my work on Debian Edu based on Squeeze, I came across some
+issues that should be addressed in the Wheezy release. I finally
+found time to wrap up my notes and provide quick summary of what I
+found, with a bit explanation.</p>
+
+<p><ul>
+
+<li>We need to rewrite our package installation framework, as tasksel
+changed from using tasksel tasks to using meta packages (aka packages
+with dependencies like our education-* packages), and our installation
+system depend on tasksel tasks in
+/usr/share/tasksel/debian-edu-tasks.desc for package
+installation.</li>
+
+<li>Enable Kerberos login for more services. Now with the Kerberos
+foundation in place, we should use it to get single sign on with more
+services, and avoiding unneeded password / login questions. We should
+at least try to enable it for these services:
+<ul>
+
+ <li>CUPS for admins to add/configure printers and users when using
+ quotas.</li>
+ <li>Nagios for admins checking the system status.</li>
+ <li>GOsa for admins updating LDAP and users changing their passwords.</li>
+ <li>LDAP for admins updating LDAP.</li>
+ <li>Squid for users when exam mode / filtering is active.</li>
+ <li>ssh for admins and users to save a password prompt.</li>
+
+</ul></li>
+
+<li>When we move GOsa to use Kerberos instead of LDAP bind to
+authenticate users, we should try to block or at least limit access to
+use LDAP bind for authentication, to ensure Kerberos is used when it
+is intended, and nothing fall back to using the less safe LDAP bind</li>
+
+<li>Merge debian-edu-config and debian-edu-install. The split made
+sense when d-e-install did a lot more, but these days it is just an
+inconvenience when we update the debconf preseeding values.</li>
+
+<li>Fix partman-auto to allow us to abort the installation before
+touching the disk if the disk is too small. This is
+<a href="http://bugs.debian.org/653305">BTS report #653305</a> and the
+d-i developers are fine with the patch and someone just need to apply
+it and upload.</li>
+
+<li>Adjust to new LTSP framework (boot time config instead of install
+time config). LTSP changed its design, and our hooks to install
+packages and update the configuration is most likely not going to work
+in Wheezy.
+
+<li>Consider switching to NBD instead of NFS for LTSP root, to allow
+the Kernel to cache files in its normal file cache, possibly speeding
+up KDE login on slow networks.</li>
+
+<li>Make it possible to create expired user passwords that need to
+change on first login. This is useful when handing out password on
+paper, to make sure only the user know the password. This require
+fixes to the PAM handling of kdm and gdm.</li>
+
+<li>Make GUI for adding new machines automatically from sitesummary.
+The current command line script is not very friendly to people most
+familiar with GUIs. This should probably be integrated into GOsa to
+have it available where the admin will be looking for it..</li>
+
+<li>We should find way for Nagios to check that the DHCP service
+actually is working (as in handling out IP addresses). None of the
+Nagios checks I have found so far have been working for me.</li>
+
+<li>We should switch from libpam-nss-ldapd to sssd for all profiles
+using LDAP, and not only on for roaming workstations, to have less
+packages to configure and consistent setup across all profiles.</li>
+
+<li>We should configure Kerberos to update LDAP and Samba password
+when changing password using the Kerberos protocol. The hook was
+requested in <a href="http://bugs.debian.org/588968">BTS report
+#588968</a> and is now available in Wheezy. We might need to write a
+MIT Kerberos plugin in C to get this.</li>
+
+<li>We should clean up the set of applications installed by default.
+<ul>
+
+<li>reduce the number of chemistry visualisers</li>
+<li>consider dropping xpaint</li>
+<li>and probably more?</li>
+</ul></li>
+
+<li>Some hardware need external firmware to work properly. This is
+mostly the case for WiFi network cards, but there are some other
+examples too. For popular laptops to work out of the box, such
+firmware need to be installed from non-free, and we should provide
+some GUI to do this. Ubuntu already have this implemented, and we
+could consider using their packages. At the moment we have some
+command line script to do this (one for the running system, another
+for the LTSP chroot).</li>
+
+
+<li>In Squeeze, we provide KDE, Gnome and LXDE as desktop options. We
+should extend the list to Xfce and Sugar, and preferably find a way to
+install several and allow the admin or the user to select which one to
+use.</li>
+
+<li>The golearn tool from the goplay package make it easy to check out
+interesting educational packages. We should work on the package
+tagging in Debian to ensure it represent all the useful educational
+packages, and extend the tool to allow it to use packagekit to install
+new applications with a simple mouse click.</li>
+
+<li>The Squeeze version got half a exam solution already in place,
+with the introduction of iptable based network blocking, but for it to
+be a complete exam solution the Squid proxy need to enable
+filtering/blocking as well when the exam mode is enabled. We should
+implement a way to easily enable this for the schools that want it,
+instead of the "it is documented" method of today.</li>
+
+<li>A feature used in several schools is the ability for a teacher to
+"take over" the desktop of individual or all computers in the room.
+There are at least three implementations,
+<a href="italc.sourceforge.net/">italc</a>,
+<a href="http://www.itais.net/help/en/">controlaula</a> og
+<a href="http://www.epoptes.org/">epoptes</a> and we should pick one of
+them and make it trivial to set it up in a school. The challenges is
+how to distribute crypto keys and how to group computers in one room
+and how to set up which machine/user can control the machines in a
+given room.</li>
+
+<li>Tablets and surf boards are getting more and more popular, and we
+should look into providing a good solution for integrating these into
+the Debian Edu network. Not quite sure how. Perhaps we should
+provide a installation profile with better touch screen support for
+them, or add some sync services to allow them to exchange
+configuration and data with the central server. This should be
+investigated.</li>
+
+</ul></p>
+
+<p>I guess we will discover more as we continue to work on the Wheezy
+version.</p>
+</description>
+ </item>
+
</channel>
</rss>
projects / homepage.git / blobdiff