+ <item>
+ <title>Calling tasksel like the installer, while still getting useful output</title>
+ <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</guid>
+ <pubDate>Wed, 16 Jun 2010 14:55:00 +0200</pubDate>
+ <description>
+<p>A few times I have had the need to simulate the way tasksel
+installs packages during the normal debian-installer run. Until now,
+I have ended up letting tasksel do the work, with the annoying problem
+of not getting any feedback at all when something fails (like a
+conffile question from dpkg or a download that fails), using code like
+this:
+
+<blockquote><pre>
+export DEBIAN_FRONTEND=noninteractive
+tasksel --new-install
+</pre></blockquote>
+
+This would invoke tasksel, let its automatic task selection pick the
+tasks to install, and continue to install the requested tasks without
+any output what so ever.
+
+Recently I revisited this problem while working on the automatic
+package upgrade testing, because tasksel would some times hang without
+any useful feedback, and I want to see what is going on when it
+happen. Then it occured to me, I can parse the output from tasksel
+when asked to run in test mode, and use that aptitude command line
+printed by tasksel then to simulate the tasksel run. I ended up using
+code like this:
+
+<blockquote><pre>
+export DEBIAN_FRONTEND=noninteractive
+cmd="$(in_target tasksel -t --new-install | sed 's/debconf-apt-progress -- //')"
+$cmd
+</pre></blockquote>
+
+<p>The content of $cmd is typically something like "<tt>aptitude -q
+--without-recommends -o APT::Install-Recommends=no -y install
+~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
+~pimportant</tt>", which will install the gnome desktop task, the
+laptop task and all packages with priority standard , required and
+important, just like tasksel would have done it during
+installation.</p>
+
+<p>A better approach is probably to extend tasksel to be able to
+install packages without using debconf-apt-progress, for use cases
+like this.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</title>
+ <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</guid>
+ <pubDate>Thu, 24 Jun 2010 00:35:00 +0200</pubDate>
+ <description>
+<p>A while back, I
+<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">complained
+about the fact</a> that it is not possible with the provided schemas
+for storing DNS and DHCP information in LDAP to combine the two sets
+of information into one LDAP object representing a computer.</p>
+
+<p>In the mean time, I discovered that a simple fix would be to make
+the dhcpHost object class auxiliary, to allow it to be combined with
+the dNSDomain object class, and thus forming one object for one
+computer when storing both DHCP and DNS information in LDAP.</p>
+
+<p>If I understand this correctly, it is not safe to do this change
+without also changing the assigned number for the object class, and I
+do not know enough about LDAP schema design to do that properly for
+Debian Edu.</p>
+
+<p>Anyway, for future reference, this is how I believe we could change
+the
+<a href="http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00">DHCP
+schema</a> to solve at least part of the problem with the LDAP schemas
+available today from IETF.</p>
+
+<pre>
+--- dhcp.schema (revision 65192)
++++ dhcp.schema (working copy)
+@@ -376,7 +376,7 @@
+ objectclass ( 2.16.840.1.113719.1.203.6.6
+ NAME 'dhcpHost'
+ DESC 'This represents information about a particular client'
+- SUP top
++ SUP top AUXILIARY
+ MUST cn
+ MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+</pre>
+
+<p>I very much welcome clues on how to do this properly for Debian
+Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
+package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+</description>
+ </item>
+
+ <item>
+ <title>LUMA, a very nice LDAP GUI</title>
+ <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</guid>
+ <pubDate>Mon, 28 Jun 2010 00:30:00 +0200</pubDate>
+ <description>
+<p>The last few days I have been looking into the status of the LDAP
+directory in Debian Edu, and in the process I started to miss a GUI
+tool to browse the LDAP tree. The only one I was able to find in
+Debian/Squeeze and Lenny is
+<a href="http://luma.sourceforge.net/">LUMA</a>, which has proved to
+be a great tool to get a overview of the current LDAP directory
+populated by default in Skolelinux. Thanks to it, I have been able to
+find empty and obsolete subtrees, misplaced objects and duplicate
+objects. It will be installed by default in Debian/Squeeze. If you
+are working with LDAP, give it a go. :)</p>
+
+<p>I did notice one problem with it I have not had time to report to
+the BTS yet. There is no .desktop file in the package, so the tool do
+not show up in the Gnome and KDE menus, but only deep down in in the
+Debian submenu in KDE. I hope that can be fixed before Squeeze is
+released.</p>
+
+<p>I have not yet been able to get it to modify the tree yet. I would
+like to move objects and remove subtrees directly in the GUI, but have
+not found a way to do that with LUMA yet. So in the mean time, I use
+<a href="http://www.lichteblau.com/ldapvi/">ldapvi</a> for that.</p>
+
+<p>If you have tips on other GUI tools for LDAP that might be useful
+in Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
+
+<p>Update 2010-06-29: Ross Reedstrom tipped us about the
+<a href="http://packages.qa.debian.org/g/gq.html">gq</a> package as a
+useful GUI alternative. It seem like a good tool, but is unmaintained
+in Debian and got a RC bug keeping it out of Squeeze. Unless that
+changes, it will not be an option for Debian Edu based on Squeeze.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Caching password, user and group on a roaming Debian laptop</title>
+ <link>http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</guid>
+ <pubDate>Thu, 1 Jul 2010 11:40:00 +0200</pubDate>
+ <description>
+<p>For a laptop, centralized user directories and password checking is
+a bit troubling. Laptops are typically used also when not connected
+to the network, and it is vital for a user to be able to log in or
+unlock the screen saver also when a central server is unavailable.
+This is possible by caching passwords and directory information (user
+and group attributes) locally, and the packages to do so are available
+in Debian. Here follow two recipes to set this up in Debian/Squeeze.
+It is also possible to set up in Debian/Lenny, but require more manual
+setup there because pam-auth-update is missing in Lenny.</p>
+
+<h2>LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir</h2>
+
+This is the traditional method with a twist. The password caching is
+provided by libpam-ccreds (version 10-4 or later is needed on
+Squeeze), and the directory caching is done by nscd. The directory
+lookup and password checking is done using LDAP. If one want to use
+Kerberos for password checking the libpam-ldapd package can be
+replaced with libpam-krb5 or libpam-heimdal. If one is happy having a
+local home directory with the path listed in LDAP, one can use the
+pam_mkhomedir module from pam-modules to make this happen instead of
+using libpam-mklocaluser. A setup for pam-auth-update to enable
+pam_mkhomedir will have to be written until a fix for
+<a href="http://bugs.debian.org/568577">bug #568577</a> is in the
+archive. Because I believe it is a bad idea to have local home
+directories using misleading paths like /site/server/partition/, I
+prefer to create a local user with the home directory in /home/. This
+is done using the libpam-mklocaluser package.</p>
+
+<p>These packages need to be installed and configured</p>
+
+<blockquote><pre>
+libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
+</pre></blockquote>
+
+<p>The ldapd packages will ask for LDAP connection information, and
+one have to fill in the values that fits ones own site. Make sure the
+PAM part uses encrypted connections, to make sure the password is not
+sent in clear text to the LDAP server. I've been unable to get TLS
+certificate checking for a self signed certificate working, which make
+LDAP authentication unsafe for Debian Edu (nslcd is not checking if it
+is talking to the correct LDAP server), and very much welcome feedback
+on how to get this working.</p>
+
+<p>Because nscd do not have a default configuration fit for offline
+caching until <a href="http://bugs.debian.org/485282">bug #485282</a>
+is fixed, this configuration should be used instead of the one
+currently in /etc/nscd.conf. The changes are in the fields
+reload-count and positive-time-to-live, and is based on the
+instructions I found in the
+<a href="http://www.flyn.org/laptopldap/">LDAP for Mobile Laptops</a>
+instructions by Flyn Computing.</p>
+
+<blockquote><pre>
+ debug-level 0
+ reload-count unlimited
+ paranoia no
+
+ enable-cache passwd yes
+ positive-time-to-live passwd 2592000
+ negative-time-to-live passwd 20
+ suggested-size passwd 211
+ check-files passwd yes
+ persistent passwd yes
+ shared passwd yes
+ max-db-size passwd 33554432
+ auto-propagate passwd yes
+
+ enable-cache group yes
+ positive-time-to-live group 2592000
+ negative-time-to-live group 20
+ suggested-size group 211
+ check-files group yes
+ persistent group yes
+ shared group yes
+ max-db-size group 33554432
+ auto-propagate group yes
+
+ enable-cache hosts no
+ positive-time-to-live hosts 2592000
+ negative-time-to-live hosts 20
+ suggested-size hosts 211
+ check-files hosts yes
+ persistent hosts yes
+ shared hosts yes
+ max-db-size hosts 33554432
+
+ enable-cache services yes
+ positive-time-to-live services 2592000
+ negative-time-to-live services 20
+ suggested-size services 211
+ check-files services yes
+ persistent services yes
+ shared services yes
+ max-db-size services 33554432
+</pre></blockquote>
+
+<p>While we wait for a mechanism to update /etc/nsswitch.conf
+automatically like the one provided in
+<a href="http://bugs.debian.org/496915">bug #496915</a>, the file
+content need to be manually replaced to ensure LDAP is used as the
+directory service on the machine. /etc/nsswitch.conf should normally
+look like this:</p>
+
+<blockquote><pre>
+passwd: files ldap
+group: files ldap
+shadow: files ldap
+hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
+networks: files
+protocols: files
+services: files
+ethers: files
+rpc: files
+netgroup: files ldap
+</pre></blockquote>
+
+<p>The important parts are that ldap is listed last for passwd, group,
+shadow and netgroup.</p>
+
+<p>With these changes in place, any user in LDAP will be able to log
+in locally on the machine using for example kdm, get a local home
+directory created and have the password as well as user and group
+attributes cached.
+
+<h2>LDAP/Kerberos + nss-updatedb + libpam-ccreds +
+ libpam-mklocaluser/pam_mkhomedir</h2>
+
+<p>Because nscd have had its share of problems, and seem to have
+problems doing proper caching, I've seen suggestions and recipes to
+use nss-updatedb to copy parts of the LDAP database locally when the
+LDAP database is available. I have not tested such setup, because I
+discovered sssd.</p>
+
+<h2>LDAP/Kerberos + sssd + libpam-mklocaluser</h2>
+
+<p>A more flexible and robust setup than the nscd combination
+mentioned earlier that has shown up recently, is the
+<a href="https://fedorahosted.org/sssd/">sssd</a> package from Redhat.
+It is part of the <a href="http://www.freeipa.org/">FreeIPA</A> project
+to provide a Active Directory like directory service for Linux
+machines. The sssd system combines the caching of passwords and user
+information into one package, and remove the need for nscd and
+libpam-ccreds. It support LDAP and Kerberos, but not NIS. Version
+1.2 do not support netgroups, but it is said that it will support this
+in version 1.5 expected to show up later in 2010. Because the
+<a href="http://packages.qa.debian.org/s/sssd.html">sssd package</a>
+was missing in Debian, I ended up co-maintaining it with Werner, and
+version 1.2 is now in testing.
+
+<p>These packages need to be installed and configured to get the
+roaming setup I want</p>
+
+<blockquote><pre>
+libpam-sss libnss-sss libpam-mklocaluser
+</pre></blockquote>
+
+The complete setup of sssd is done by editing/creating
+<tt>/etc/sssd/sssd.conf</tt>.
+
+<blockquote><pre>
+[sssd]
+config_file_version = 2
+reconnection_retries = 3
+sbus_timeout = 30
+services = nss, pam
+domains = INTERN
+
+[nss]
+filter_groups = root
+filter_users = root
+reconnection_retries = 3
+
+[pam]
+reconnection_retries = 3
+
+[domain/INTERN]
+enumerate = false
+cache_credentials = true
+
+id_provider = ldap
+auth_provider = ldap
+chpass_provider = ldap
+
+ldap_uri = ldap://ldap
+ldap_search_base = dc=skole,dc=skolelinux,dc=no
+ldap_tls_reqcert = never
+ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
+</pre></blockquote>
+
+<p>I got the same problem here with certificate checking. Had to set
+"ldap_tls_reqcert = never" to get it working.</p>
+
+<p>With the libnss-sss package in testing at the moment, the
+nsswitch.conf file is update automatically, so there is no need to
+modify it manually.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+</description>
+ </item>
+
+ <item>
+ <title>jXplorer, a very nice LDAP GUI</title>
+ <link>http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</guid>
+ <pubDate>Fri, 9 Jul 2010 12:55:00 +0200</pubDate>
+ <description>
+<p>Since
+<a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">my
+last post</a> about available LDAP tools in Debian, I was told about a
+LDAP GUI that is even better than luma. The java application
+<a href="http://jxplorer.org/">jXplorer</a> is claimed to be capable of
+moving LDAP objects and subtrees using drag-and-drop, and can
+authenticate using Kerberos. I have only tested the Kerberos
+authentication, but do not have a LDAP setup allowing me to rewrite
+LDAP with my test user yet. It is
+<a href="http://packages.qa.debian.org/j/jxplorer.html">available in
+Debian</a> testing and unstable at the moment. The only problem I
+have with it is how it handle errors. If something go wrong, its
+non-intuitive behaviour require me to go through some query work list
+and remove the failing query. Nothing big, but very annoying.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Idea for storing LTSP configuration in LDAP</title>
+ <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</guid>
+ <pubDate>Sun, 11 Jul 2010 22:00:00 +0200</pubDate>
+ <description>
+<p>Vagrant mentioned on IRC today that ltsp_config now support
+sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
+clients, and that this can be used to fetch configuration from LDAP if
+Debian Edu choose to store configuration there.</p>
+
+<p>Armed with this information, I got inspired and wrote a test module
+to get configuration from LDAP. The idea is to look up the MAC
+address of the client in LDAP, and look for attributes on the form
+ltspconfigsetting=value, and use this to export SETTING=value to the
+LTSP clients.</p>
+
+<p>The goal is to be able to store the LTSP configuration attributes
+in a "computer" LDAP object used by both DNS and DHCP, and thus
+allowing us to store all information about a computer in one place.</p>
+
+<p>This is a untested draft implementation, and I welcome feedback on
+this approach. A real LDAP schema for the ltspClientAux objectclass
+need to be written. Comments, suggestions, etc?</p>
+
+<blockquote><pre>
+# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
+#
+# Fetch LTSP client settings from LDAP based on MAC address
+#
+# Uses ethernet address as stored in the dhcpHost objectclass using
+# the dhcpHWAddress attribute or ethernet address stored in the
+# ieee802Device objectclass with the macAddress attribute.
+#
+# This module is written to be schema agnostic, and only depend on the
+# existence of attribute names.
+#
+# The LTSP configuration variables are saved directly using a
+# ltspConfig prefix and uppercasing the rest of the attribute name.
+# To set the SERVER variable, set the ltspConfigServer attribute.
+#
+# Some LDAP schema should be created with all the relevant
+# configuration settings. Something like this should work:
+#
+# objectclass ( 1.1.2.2 NAME 'ltspClientAux'
+# SUP top
+# AUXILIARY
+# MAY ( ltspConfigServer $ ltsConfigSound $ ... )
+
+LDAPSERVER=$(debian-edu-ldapserver)
+if [ "$LDAPSERVER" ] ; then
+ LDAPBASE=$(debian-edu-ldapserver -b)
+ for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk '{print $5}'|sort -u) ; do
+ filter="(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))"
+ ldapsearch -h "$LDAPSERVER" -b "$LDAPBASE" -v -x "$filter" | \
+ grep '^ltspConfig' | while read attr value ; do
+ # Remove prefix and convert to upper case
+ attr=$(echo $attr | sed 's/^ltspConfig//i' | tr a-z A-Z)
+ # bass value on to clients
+ eval "$attr=$value; export $attr"
+ done
+ done
+fi
+</pre></blockquote>
+
+<p>I'm not sure this shell construction will work, because I suspect
+the while block might end up in a subshell causing the variables set
+there to not show up in ltsp-config, but if that is the case I am sure
+the code can be restructured to make sure the variables are passed on.
+I expect that can be solved with some testing. :)</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+<p>Update 2010-07-17: I am aware of another effort to store LTSP
+configuration in LDAP that was created around year 2000 by
+<a href="http://www.pcxperience.com/thinclient/documentation/ldap.html">PC
+Xperience, Inc., 2000</a>. I found its
+<a href="http://people.redhat.com/alikins/ltsp/ldap/">files</a> on a
+personal home page over at redhat.com.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Combining PowerDNS and ISC DHCP LDAP objects</title>
+ <link>http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html</guid>
+ <pubDate>Wed, 14 Jul 2010 23:45:00 +0200</pubDate>
+ <description>
+<p>For a while now, I have wanted to find a way to change the DNS and
+DHCP services in Debian Edu to use the same LDAP objects for a given
+computer, to avoid the possibility of having a inconsistent state for
+a computer in LDAP (as in DHCP but no DNS entry or the other way
+around) and make it easier to add computers to LDAP.</p>
+
+<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
+information finally found a solution that seem to work.</p>
+
+<p>The old setup required three LDAP objects for a given computer.
+One forward DNS entry, one reverse DNS entry and one DHCP entry. If
+we switch powerdns to use its strict LDAP method (ldap-method=strict
+in pdns-debian-edu.conf), the forward and reverse DNS entries are
+merged into one while making it impossible to transfer the reverse map
+to a slave DNS server.</p>
+
+<p>If we also replace the object class used to get the DNS related
+attributes to one allowing these attributes to be combined with the
+dhcphost object class, we can merge the DNS and DHCP entries into one.
+I've written such object class in the dnsdomainaux.schema file (need
+proper OIDs, but that is a minor issue), and tested the setup. It
+seem to work.</p>
+
+<p>With this test setup in place, we can get away with one LDAP object
+for both DNS and DHCP, and even the LTSP configuration I suggested in
+an earlier email. The combined LDAP object will look something like
+this:</p>
+
+<blockquote><pre>
+ dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+ cn: hostname
+ objectClass: dhcphost
+ objectclass: domainrelatedobject
+ objectclass: dnsdomainaux
+ associateddomain: hostname.intern
+ arecord: 10.11.12.13
+ dhcphwaddress: ethernet 00:00:00:00:00:00
+ dhcpstatements: fixed-address hostname
+ ldapconfigsound: Y
+</pre></blockquote>
+
+<p>The DNS server uses the associateddomain and arecord entries, while
+the DHCP server uses the dhcphwaddress and dhcpstatements entries
+before asking DNS to resolve the fixed-adddress. LTSP will use
+dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
+
+<p>I am not yet sure if I can get the DHCP server to look for its
+dhcphost in a different location, to allow us to put the objects
+outside the "DHCP Config" subtree, but hope to figure out a way to do
+that. If I can't figure out a way to do that, we can still get rid of
+the hosts subtree and move all its content into the DHCP Config tree
+(which probably should be renamed to be more related to the new
+content. I suspect cn=dnsdhcp,ou=services or something like that
+might be a good place to put it.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+</description>
+ </item>
+
+ <item>
+ <title>What are they searching for - PowerDNS and ISC DHCP in LDAP</title>
+ <link>http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html</guid>
+ <pubDate>Sat, 17 Jul 2010 21:00:00 +0200</pubDate>
+ <description>
+<p>This is a
+<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">followup</a>
+on my
+<a href="http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html">previous
+work</a> on
+<a href="http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html">merging
+all</a> the computer related LDAP objects in Debian Edu.</p>
+
+<p>As a step to try to see if it possible to merge the DNS and DHCP
+LDAP objects, I have had a look at how the packages pdns-backend-ldap
+and dhcp3-server-ldap in Debian use the LDAP server. The two
+implementations are quite different in how they use LDAP.</p>
+
+To get this information, I started slapd with debugging enabled and
+dumped the debug output to a file to get the LDAP searches performed
+on a Debian Edu main-server. Here is a summary.
+
+<p><strong>powerdns</strong></p>
+
+<a href="http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend">Clues
+on how to</a> set up PowerDNS to use a LDAP backend is available on
+the web.
+
+<p>PowerDNS have two modes of operation using LDAP as its backend.
+One "strict" mode where the forward and reverse DNS lookups are done
+using the same LDAP objects, and a "tree" mode where the forward and
+reverse entries are in two different subtrees in LDAP with a structure
+based on the DNS names, as in tjener.intern and
+2.2.0.10.in-addr.arpa.</p>
+
+<p>In tree mode, the server is set up to use a LDAP subtree as its
+base, and uses a "base" scoped search for the DNS name by adding
+"dc=tjener,dc=intern," to the base with a filter for
+"(associateddomain=tjener.intern)" for the forward entry and
+"dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa," with a filter for
+"(associateddomain=2.2.0.10.in-addr.arpa)" for the reverse entry. For
+forward entries, it is looking for attributes named dnsttl, arecord,
+nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord,
+txtrecord, rprecord, afsdbrecord, keyrecord, aaaarecord, locrecord,
+srvrecord, naptrrecord, kxrecord, certrecord, dsrecord, sshfprecord,
+ipseckeyrecord, rrsigrecord, nsecrecord, dnskeyrecord, dhcidrecord,
+spfrecord and modifytimestamp. For reverse entries it is looking for
+the attributes dnsttl, arecord, nsrecord, cnamerecord, soarecord,
+ptrrecord, hinforecord, mxrecord, txtrecord, rprecord, aaaarecord,
+locrecord, srvrecord, naptrrecord and modifytimestamp. The equivalent
+ldapsearch commands could look like this:</p>
+
+<blockquote><pre>
+ldapsearch -h ldap \
+ -b dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no \
+ -s base -x '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
+ cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
+ rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
+ nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
+ rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
+
+ldapsearch -h ldap \
+ -b dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no \
+ -s base -x '(associateddomain=2.2.0.10.in-addr.arpa)'
+ dnsttl, arecord, nsrecord, cnamerecord soarecord ptrrecord \
+ hinforecord mxrecord txtrecord rprecord aaaarecord locrecord \
+ srvrecord naptrrecord modifytimestamp
+</pre></blockquote>
+
+<p>In Debian Edu/Lenny, the PowerDNS tree mode is used with
+ou=hosts,dc=skole,dc=skolelinux,dc=no as the base, and these are two
+example LDAP objects used there. In addition to these objects, the
+parent objects all th way up to ou=hosts,dc=skole,dc=skolelinux,dc=no
+also exist.</p>
+
+<blockquote><pre>
+dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
+objectclass: top
+objectclass: dnsdomain
+objectclass: domainrelatedobject
+dc: tjener
+arecord: 10.0.2.2
+associateddomain: tjener.intern
+
+dn: dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
+objectclass: top
+objectclass: dnsdomain2
+objectclass: domainrelatedobject
+dc: 2
+ptrrecord: tjener.intern
+associateddomain: 2.2.0.10.in-addr.arpa
+</pre></blockquote>
+
+<p>In strict mode, the server behaves differently. When looking for
+forward DNS entries, it is doing a "subtree" scoped search with the
+same base as in the tree mode for a object with filter
+"(associateddomain=tjener.intern)" and requests the attributes dnsttl,
+arecord, nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord,
+mxrecord, txtrecord, rprecord, aaaarecord, locrecord, srvrecord,
+naptrrecord and modifytimestamp. For reverse entires it also do a
+subtree scoped search but this time the filter is "(arecord=10.0.2.2)"
+and the requested attributes are associateddomain, dnsttl and
+modifytimestamp. In short, in strict mode the objects with ptrrecord
+go away, and the arecord attribute in the forward object is used
+instead.</p>
+
+<p>The forward and reverse searches can be simulated using ldapsearch
+like this:</p>
+
+<blockquote><pre>
+ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
+ '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
+ cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
+ rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
+ nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
+ rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
+
+ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
+ '(arecord=10.0.2.2)' associateddomain dnsttl modifytimestamp
+</pre></blockquote>
+
+<p>In addition to the forward and reverse searches , there is also a
+search for SOA records, which behave similar to the forward and
+reverse lookups.</p>
+
+<p>A thing to note with the PowerDNS behaviour is that it do not
+specify any objectclass names, and instead look for the attributes it
+need to generate a DNS reply. This make it able to work with any
+objectclass that provide the needed attributes.</p>
+
+<p>The attributes are normally provided in the cosine (RFC 1274) and
+dnsdomain2 schemas. The latter is used for reverse entries like
+ptrrecord and recent DNS additions like aaaarecord and srvrecord.</p>
+
+<p>In Debian Edu, we have created DNS objects using the object classes
+dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
+attributes) and domainrelatedobject (for associatedDomain). The use
+of structural object classes make it impossible to combine these
+classes with the object classes used by DHCP.</p>
+
+<p>There are other schemas that could be used too, for example the
+dnszone structural object class used by Gosa and bind-sdb for the DNS
+attributes combined with the domainrelatedobject object class, but in
+this case some unused attributes would have to be included as well
+(zonename and relativedomainname).</p>
+
+<p>My proposal for Debian Edu would be to switch PowerDNS to strict
+mode and not use any of the existing objectclasses (dnsdomain,
+dnsdomain2 and dnszone) when one want to combine the DNS information
+with DHCP information, and instead create a auxiliary object class
+defined something like this (using the attributes defined for
+dnsdomain and dnsdomain2 or dnszone):</p>
+
+<blockquote><pre>
+objectclass ( some-oid NAME 'dnsDomainAux'
+ SUP top
+ AUXILIARY
+ MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
+ DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
+ TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
+ NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
+ A6Record $ DNAMERecord
+ ))
+</pre></blockquote>
+
+<p>This will allow any object to become a DNS entry when combined with
+the domainrelatedobject object class, and allow any entity to include
+all the attributes PowerDNS wants. I've sent an email to the PowerDNS
+developers asking for their view on this schema and if they are
+interested in providing such schema with PowerDNS, and I hope my
+message will be accepted into their mailing list soon.</p>
+
+<p><strong>ISC dhcp</strong></p>
+
+<p>The DHCP server searches for specific objectclass and requests all
+the object attributes, and then uses the attributes it want. This
+make it harder to figure out exactly what attributes are used, but
+thanks to the working example in Debian Edu I can at least get an idea
+what is needed without having to read the source code.</p>
+
+<p>In the DHCP server configuration, the LDAP base to use and the
+search filter to use to locate the correct dhcpServer entity is
+stored. These are the relevant entries from
+/etc/dhcp3/dhcpd.conf:</p>
+
+<blockquote><pre>
+ldap-base-dn "dc=skole,dc=skolelinux,dc=no";
+ldap-dhcp-server-cn "dhcp";
+</pre></blockquote>
+
+<p>The DHCP server uses this information to nest all the DHCP
+configuration it need. The cn "dhcp" is located using the given LDAP
+base and the filter "(&(objectClass=dhcpServer)(cn=dhcp))". The
+search result is this entry:</p>
+
+<blockquote><pre>
+dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
+cn: dhcp
+objectClass: top
+objectClass: dhcpServer
+dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+</pre></blockquote>
+
+<p>The content of the dhcpServiceDN attribute is next used to locate the
+subtree with DHCP configuration. The DHCP configuration subtree base
+is located using a base scope search with base "cn=DHCP
+Config,dc=skole,dc=skolelinux,dc=no" and filter
+"(&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))".
+The search result is this entry:</p>
+
+<blockquote><pre>
+dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+cn: DHCP Config
+objectClass: top
+objectClass: dhcpService
+objectClass: dhcpOptions
+dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
+dhcpStatements: ddns-update-style none
+dhcpStatements: authoritative
+dhcpOption: smtp-server code 69 = array of ip-address
+dhcpOption: www-server code 72 = array of ip-address
+dhcpOption: wpad-url code 252 = text
+</pre></blockquote>
+
+<p>Next, the entire subtree is processed, one level at the time. When
+all the DHCP configuration is loaded, it is ready to receive requests.
+The subtree in Debian Edu contain objects with object classes
+top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
+top/dhcpSubnet, top/dhcpGroup and top/dhcpHost. These provide options
+and information about netmasks, dynamic range etc. Leaving out the
+details here because it is not relevant for the focus of my
+investigation, which is to see if it is possible to merge dns and dhcp
+related computer objects.</p>
+
+<p>When a DHCP request come in, LDAP is searched for the MAC address
+of the client (00:00:00:00:00:00 in this example), using a subtree
+scoped search with "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" as
+the base and "(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
+00:00:00:00:00:00))" as the filter. This is what a host object look
+like:</p>
+
+<blockquote><pre>
+dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
+cn: hostname
+objectClass: top
+objectClass: dhcpHost
+dhcpHWAddress: ethernet 00:00:00:00:00:00
+dhcpStatements: fixed-address hostname
+</pre></blockquote>
+
+<p>There is less flexiblity in the way LDAP searches are done here.
+The object classes need to have fixed names, and the configuration
+need to be stored in a fairly specific LDAP structure. On the
+positive side, the invidiual dhcpHost entires can be anywhere without
+the DN pointed to by the dhcpServer entries. The latter should make
+it possible to group all host entries in a subtree next to the
+configuration entries, and this subtree can also be shared with the
+DNS server if the schema proposed above is combined with the dhcpHost
+structural object class.
+
+<p><strong>Conclusion</strong></p>
+
+<p>The PowerDNS implementation seem to be very flexible when it come
+to which LDAP schemas to use. While its "tree" mode is rigid when it
+come to the the LDAP structure, the "strict" mode is very flexible,
+allowing DNS objects to be stored anywhere under the base cn specified
+in the configuration.</p>
+
+<p>The DHCP implementation on the other hand is very inflexible, both
+regarding which LDAP schemas to use and which LDAP structure to use.
+I guess one could implement ones own schema, as long as the
+objectclasses and attributes have the names used, but this do not
+really help when the DHCP subtree need to have a fairly fixed
+structure.</p>
+
+<p>Based on the observed behaviour, I suspect a LDAP structure like
+this might work for Debian Edu:</p>
+
+<blockquote><pre>
+ou=services
+ cn=machine-info (dhcpService) - dhcpServiceDN points here
+ cn=dhcp (dhcpServer)
+ cn=dhcp-internal (dhcpSharedNetwork/dhcpOptions)
+ cn=10.0.2.0 (dhcpSubnet)
+ cn=group1 (dhcpGroup/dhcpOptions)
+ cn=dhcp-thinclients (dhcpSharedNetwork/dhcpOptions)
+ cn=192.168.0.0 (dhcpSubnet)
+ cn=group1 (dhcpGroup/dhcpOptions)
+ ou=machines - PowerDNS base points here
+ cn=hostname (dhcpHost/domainrelatedobject/dnsDomainAux)
+</pre></blockquote>
+
+<P>This is not tested yet. If the DHCP server require the dhcpHost
+entries to be in the dhcpGroup subtrees, the entries can be stored
+there instead of a common machines subtree, and the PowerDNS base
+would have to be moved one level up to the machine-info subtree.</p>
+
+<p>The combined object under the machines subtree would look something
+like this:</p>
+
+<blockquote><pre>
+dn: dc=hostname,ou=machines,cn=machine-info,dc=skole,dc=skolelinux,dc=no
+dc: hostname
+objectClass: top
+objectClass: dhcpHost
+objectclass: domainrelatedobject
+objectclass: dnsDomainAux
+associateddomain: hostname.intern
+arecord: 10.11.12.13
+dhcpHWAddress: ethernet 00:00:00:00:00:00
+dhcpStatements: fixed-address hostname.intern
+</pre></blockquote>
+
+</p>One could even add the LTSP configuration associated with a given
+machine, as long as the required attributes are available in a
+auxiliary object class.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Digitale restriksjonsmekanismer fikk meg til å slutte å kjøpe musikk</title>
+ <link>http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html</guid>
+ <pubDate>Thu, 22 Jul 2010 23:50:00 +0200</pubDate>
+ <description>
+<p>For mange år siden slutte jeg å kjøpe musikk-CDer. Årsaken var at
+musikkbransjen var godt i gang med å selge platene sine med DRM som
+gjorde at jeg ikke fikk spilt av musikken jeg kjøpte på utstyret jeg
+hadde tilgjengelig, dvs. min datamaskin. Det var umulig å se på en
+plate om den var ødelagt eller ikke, og jeg hadde jo allerede en
+anseelig samling med plater, så jeg bestemme meg for å slutte å gi
+penger til en bransje som åpenbart ikke respekterte meg.</p>
+
+<p>Jeg har mange titalls dager med musikk på CD i dag. Det meste er
+lagt i et stort arkiv som kan spilles av fra husets datamaskiner (har
+ikke rukket rippe alt). Jeg ser dermed ikke behovet for å skaffe mer
+musikk. De fleste av mine favoritter er i hus, og jeg er dermed godt
+fornøyd.</p>
+
+<p>Hvis musikkbransjen ønsker mine penger, så må de demonstrere at de
+setter pris på meg som kunde, og ikke skremme meg bort med DRM og
+antydninger om at kundene er kriminelle.</p>
+
+<p>Filmbransjen er like ille, men mens musikk gjerne varer lenge, er
+filmer mer ferskvare. Har dermed ikke helt sluttet å kjøpe filmer, men
+holder meg til DVD-filmer som kan spilles av på mine Linuxbokser.
+Kommer neppe til å ta i bruk Blueray, og ei heller de nye DRM-greiene
+«Ultraviolet» som be annonsert her om dagen.</p>
+</description>
+ </item>
+
+ <item>
+ <title>One step closer to single signon in Debian Edu</title>
+ <link>http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html</guid>
+ <pubDate>Sun, 25 Jul 2010 10:00:00 +0200</pubDate>
+ <description>
+<p>The last few months me and the other Debian Edu developers have
+been working hard to get the Debian/Squeeze based version of Debian
+Edu/Skolelinux into shape. This future version will use Kerberos for
+authentication, and services are slowly migrated to single signon,
+getting rid of password questions one at the time.</p>
+
+<p>It will also feature a roaming workstation profile with local home
+directory, for laptops that are only some times on the Skolelinux
+network, and for this profile a shortcut is created in Gnome and KDE
+to gain access to the users home directory on the file server. This
+shortcut uses SMB at the moment, and yesterday I had time to test if
+SMB mounting had started working in KDE after we added the cifs-utils
+package. I was pleasantly surprised how well it worked.</p>
+
+<p>Thanks to the recent changes to our samba configuration to get it
+to use Kerberos for authentication, there were no question about user
+password when mounting the SMB volume. A simple click on the shortcut
+in the KDE menu, and a window with the home directory popped
+up. :)</p>
+
+<p>One step closer to a single signon solution out of the box in
+Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now
+also Samba. Next step is Cups and hopefully also NFS.</p>
+
+<p>We had planned a alpha0 release of Debian Edu for today, but thanks
+to the autobuilder administrators for some architectures being slow to
+sign packages, we are still missing the fixed LTSP package we need for
+the release. It was uploaded three days ago with urgency=high, and if
+it had entered testing yesterday we would have been able to test it in
+time for a alpha0 release today. As the binaries for ia64 and powerpc
+still not uploaded to the Debian archive, we need to delay the alpha
+release another day.</p>
+
+<p>If you want to help out with implementing Kerberos for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+</description>
+ </item>
+
+ <item>
+ <title>First Debian Edu test release (alpha0) based on Squeeze is released</title>
+ <link>http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html</guid>
+ <pubDate>Tue, 27 Jul 2010 17:45:00 +0200</pubDate>
+ <description>
+<p>I just posted this announcement culminating several months of work
+with the next Debian Edu release. Not nearly done, but one major step
+completed.</p>
+
+<blockquote>
+<p>This is the first test release based on Squeeze. The focus of this
+release is to test the user application selection. To have a look,
+install the standalone profile and let the developers know if the set
+of installed packages i.e. applications should be modified. If some
+user application is missing, or if there are some applications that no
+longer make sense to be included in Debian Edu, please let us know.
+Also, if a useful application is missing the translation for your
+language of choice, please let us know too.</p>
+
+<p>In addition, feedback and help to polish the desktop (menus,
+artwork, starters, etc.) is appreciated. We would like to ship a nice
+and handy KDE4 desktop targeted for schools out of the box.</p>
+
+<p>The other profiles should be installable, but there is a lot more
+work left to be done before they are ready, so do not expect to
+much.</p>
+
+<p>Changes compared to the lenny based version</p>
+
+<ul>
+<li>Everything from Debian Squeeze
+<ul>
+ <li>Desktop environment KDE 4.4 => the new KDE desktop in
+ combination with some new artwork
+ <li>Web browser Iceweasel 3.5
+ <li>OpenOffice.org 3.2
+ <li>Educational toolbox GCompris 9.3
+ <li>Music creator Rosegarden 10.04.2
+ <li>Image editor Gimp 2.6.10
+ <li>Virtual universe Celestia 1.6.0
+ <li>Virtual stargazer Stellarium 0.10.4
+ <li>3D modeler Blender 2.49.2 (new application)
+ <li>Video editor Kdenlive 0.7.7 (new application)
+</ul></li>
+<li>Now using Kerberos for password checking (migration not finished).
+ Enabled for:
+<ul>
+ <li>PAM
+ <li>LDAP
+ <li>IMAP
+ <li>SMTP (sender verification)
+</ul>
+</li>
+<li>New experimental roaming workstation profile for laptops.</li>
+<li>Show welcome page to users when they first log in. The URL is
+ fetched from LDAP.</li>
+<li>New LXDE desktop option, in addition to KDE (default) and Gnome.</li>
+<li>General cleanup (not finished)</li>
+</ul>
+<p>The following features are not working as they should</p>
+
+<ul>
+<li>No web based administration tool for creating users and groups. The
+ scripts ldap-createuser-krb and ldap-add-user-to-group can be used
+ for testing.</li>
+<li>DVD installs are missing debian-installer images for the PXE boot,
+ and do not set up the PXE menu on eth0 because of this. LTSP
+ clients should still boot from eth1 on thin client servers.</li>
+<li>The restructured KDE menu is not implemented.</li>
+<li>The LDAP server setup need to be reviewed for security.</li>
+<li>The LDAP directory structure need to be reworked.</li>
+<li>Different sets of packages are installed when using the DVD and the
+ netinst CD. More packages are installed using the netinst CD.</li>
+<li>The jackd package fail to install. This is believed to be caused by
+ some ongoing transition, and hopefully should be solved soon. The
+ jackd1 package can be installed manually for those that need it.</li>
+<li>Some packages lack translations. See
+ http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status,
+ and help out with translations.</li>
+</ul>
+
+<p>To download this multiarch netinstall release you can use</p>
+
+<ul>
+<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
+<li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
+<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</li>
+</ul>
+<p>To download this multiarch dvd release you can use</p>
+
+<ul>
+<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
+<li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
+<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</li>
+</ul>
+
+<p>There is no source DVD available yet. It will be prepared when we
+get closer to the final release.</p>
+
+<p>The MD5SUM of these images are</p>
+
+<ul>
+<li>3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-6.0.0+edua0-CD.iso</li>
+<li>22f2cbfce281d1c6e478be452638675d debian-edu-6.0.0+edua0-DVD.iso</li>
+</ul>
+
+<p>The SHA1SUM of these images are</p>
+<ul>
+<li>c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-6.0.0+edua0-CD.iso</li>
+<li>2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-6.0.0+edua0-DVD.iso</li>
+</ul>
+<p>How to report bugs:
+http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla</p>
+
+<p>Please direct replies to debian-edu@lists.debian.org</p>
+</blockquote>
+</description>
+ </item>
+
+ <item>
+ <title>Circular package dependencies harms apt recovery</title>
+ <link>http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html</guid>
+ <pubDate>Tue, 27 Jul 2010 23:50:00 +0200</pubDate>
+ <description>
+<p>I discovered this while doing
+<a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">automated
+testing of upgrades from Debian Lenny to Squeeze</a>. A few packages
+in Debian still got circular dependencies, and it is often claimed
+that apt and aptitude should be able to handle this just fine, but
+some times these dependency loops causes apt to fail.</p>
+
+<p>An example is from todays
+<a href="http://people.skolelinux.org/~pere/debian-upgrade-testing//test-20100727-lenny-squeeze-kde-aptitude.txt">upgrade
+of KDE using aptitude</a>. In it, a bug in kdebase-workspace-data
+causes perl-modules to fail to upgrade. The cause is simple. If a
+package fail to unpack, then only part of packages with the circular
+dependency might end up being unpacked when unpacking aborts, and the
+ones already unpacked will fail to configure in the recovery phase
+because its dependencies are unavailable.</p>
+
+<p>In this log, the problem manifest itself with this error:</p>
+
+<blockquote><pre>
+dpkg: dependency problems prevent configuration of perl-modules:
+ perl-modules depends on perl (>= 5.10.1-1); however:
+ Version of perl on system is 5.10.0-19lenny2.
+dpkg: error processing perl-modules (--configure):
+ dependency problems - leaving unconfigured
+</pre></blockquote>
+
+<p>The perl/perl-modules circular dependency is already
+<a href="http://bugs.debian.org/527917">reported as a bug</a>, and will
+hopefully be solved as soon as possible, but it is not the only one,
+and each one of these loops in the dependency tree can cause similar
+failures. Of course, they only occur when there are bugs in other
+packages causing the unpacking to fail, but it is rather nasty when
+the failure of one package causes the problem to become worse because
+of dependency loops.</p>
+
+<p>Thanks to
+<a href="http://lists.debian.org/debian-devel/2010/06/msg00116.html">the
+tireless effort by Bill Allombert</a>, the number of circular
+dependencies
+<a href="http://debian.semistable.com/debgraph.out.html">left in Debian
+is dropping</a>, and perhaps it will reach zero one day. :)</p>
+
+<p>Todays testing also exposed a bug in
+<a href="http://bugs.debian.org/590605">update-notifier</a> and
+<a href="http://bugs.debian.org/590604">different behaviour</a> between
+apt-get and aptitude, the latter possibly caused by some circular
+dependency. Reported both to BTS to try to get someone to look at
+it.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Debian Edu roaming workstation - at the university of Oslo</title>
+ <link>http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html</guid>
+ <pubDate>Tue, 3 Aug 2010 23:30:00 +0200</pubDate>
+ <description>
+<p>The new roaming workstation profile in Debian Edu/Squeeze is fairly
+similar to the laptop setup am I working on using Ubuntu for the
+University of Oslo, and just for the heck of it, I tested today how
+hard it would be to integrate that profile into the university
+infrastructure. In this case, it is the university LDAP server,
+Active Directory Kerberos server and SMB mounting from the Netapp file
+servers.</p>
+
+<p>I was pleasantly surprised that the only three files needed to be
+changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
+/etc/mklocaluser.d/20-debian-edu-config) and one file had to be added
+(/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
+Most of the changes were to get the client to use the university LDAP
+for NSS and Kerberos server for PAM, but one was to change a hard
+coded DNS domain name in the mklocaluser hook from .intern to
+.uio.no.</p>
+
+<p>This testing was so encouraging, that I went ahead and adjusted the
+Debian Edu scripts and setup in subversion to centralise the roaming
+workstation setup a bit more and avoid the hardcoded DNS domain name,
+so that when I test this tomorrow, I expect to get away with modifying
+only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
+university servers.</p>
+
+<p>My goal is to get the clients to have no hardcoded settings and
+fetch all their initial setup during installation and first boot, to
+allow them to be inserted also into environments where the default
+setup in Debian Edu has been changed or as with the university, where
+the environment is different but provides the protocols Debian Edu
+uses.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Autodetecting Client setup for roaming workstations in Debian Edu</title>
+ <link>http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html</guid>
+ <pubDate>Sat, 7 Aug 2010 14:45:00 +0200</pubDate>
+ <description>
+<p>A few days ago, I
+<a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">tried
+to install</a> a Roaming workation profile from Debian Edu/Squeeze
+while on the university network here at the University of Oslo, and
+noticed how much had to change to get it operational using the
+university infrastructure. It was fairly easy, but it occured to me
+that Debian Edu would improve a lot if I could get the client to
+connect without any changes at all, and thus let the client configure
+itself during installation and first boot to use the infrastructure
+around it. Now I am a huge step further along that road.</p>
+
+<p>With our current squeeze-test packages, I can select the roaming
+workstation profile and get a working laptop connecting to the
+university LDAP server for user and group and our active directory
+servers for Kerberos authentication. All this without any
+configuration at all during installation. My users home directory got
+a bookmark in the KDE menu to mount it via SMB, with the correct URL.
+In short, openldap and sssd is correctly configured. In addition to
+this, the client look for http://wpad/wpad.dat to configure a web
+proxy, and when it fail to find it no proxy settings are stored in
+/etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
+configured to look for the same wpad configuration and also do not use
+a proxy when at the university network. If the machine is moved to a
+network with such wpad setup, it would automatically use it when DHCP
+gave it a IP address.</p>
+
+<p>The LDAP server is located using DNS, by first looking for the DNS
+entry ldap.$domain. If this do not exist, it look for the
+_ldap._tcp.$domain SRV records and use the first one as the LDAP
+server. Next, it connects to the LDAP server and search all
+namingContexts entries for posixAccount or posixGroup objects, and
+pick the first one as the LDAP base. For Kerberos, a similar
+algorithm is used to locate the LDAP server, and the realm is the
+uppercase version of $domain.</p>
+
+<p>So, what is not working, you might ask. SMB mounting my home
+directory do not work. No idea why, but suspected the incorrect
+Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
+the cause. These are not properly configured during installation, and
+had to be hand-edited to get the correct Kerberos realm and server,
+but SMB mounting still do not work. :(</p>
+
+<p>With this automatic configuration in place, I expect a Debian Edu
+roaming profile installation would be able to automatically detect and
+connect to any site using LDAP and Kerberos for NSS directory and PAM
+authentication. It should also work out of the box in a Active
+Directory environment providing posixAccount and posixGroup objects
+with UID and GID values.</p>
+
+<p>If you want to help out with implementing these things for Debian
+Edu, please contact us on debian-edu@lists.debian.org.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Testing if a file system can be used for home directories...</title>
+ <link>http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html</guid>
+ <pubDate>Sun, 8 Aug 2010 21:20:00 +0200</pubDate>
+ <description>
+<p>A few years ago, I was involved in a project planning to use
+Windows file servers as home directory servers for Debian
+Edu/Skolelinux machines. This was thought to be no problem, as the
+access would be through the SMB network file system protocol, and we
+knew other sites used SMB with unix and samba as the file server to
+mount home directories without any problems. But, after months of
+struggling, we had to conclude that our goal was impossible.</p>
+
+<p>The reason is simply that while SMB can be used for home
+directories when the file server is Samba running on Unix, this only
+work because of Samba have some extensions and the fact that the
+underlying file system is a unix file system. When using a Windows
+file server, the underlying file system do not have POSIX semantics,
+and several programs will fail if the users home directory where they
+want to store their configuration lack POSIX semantics.</p>
+
+<p>As part of this work, I wrote a small C program I want to share
+with you all, to replicate a few of the problematic applications (like
+OpenOffice.org and GCompris) and see if the file system was working as
+it should. If you find yourself in spooky file system land, it might
+help you find your way out again. This is the fs-test.c source:</p>
+
+<pre>
+/*
+ * Some tests to check the file system sematics. Used to verify that
+ * CIFS from a windows server do not work properly as a linux home
+ * directory.
+ * License: GPL v2 or later
+ *
+ * needs libsqlite3-dev and build-essential installed
+ * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
+*/
+
+#define _FILE_OFFSET_BITS 64
+#define _LARGEFILE_SOURCE 1
+#define _LARGEFILE64_SOURCE 1
+
+#define _GNU_SOURCE /* for asprintf() */
+
+#include &lt;errno.h>
+#include &lt;fcntl.h>
+#include &lt;stdio.h>
+#include &lt;string.h>
+#include &lt;stdlib.h>
+#include &lt;sys/file.h>
+#include &lt;sys/stat.h>
+#include &lt;sys/types.h>
+#include &lt;unistd.h>
+
+#ifdef TEST_SQLITE
+/*
+ * Test sqlite open, as done by gcompris require the libsqlite3-dev
+ * package and linking with -lsqlite3. A more low level test is
+ * below.
+ * See also &lt;URL: http://www.sqlite.org./faq.html#q5 >.
+ */
+#include &lt;sqlite3.h>
+#define CREATE_TABLE_USERS \
+ "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
+int test_sqlite_open(void) {
+ char *zErrMsg;
+ char *name = "testsqlite.db";
+ sqlite3 *db=NULL;
+ unlink(name);
+ int rc = sqlite3_open(name, &db);
+ if( rc ){
+ printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
+ sqlite3_close(db);
+ return -1;
+ }
+
+ /* create tables */
+ rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL, 0, &zErrMsg);
+ if( rc != SQLITE_OK ){
+ printf("error: sqlite table create failed: %s\n", zErrMsg);
+ sqlite3_close(db);
+ return -1;
+ }
+ printf("info: sqlite worked\n");
+ sqlite3_close(db);
+ return 0;
+}
+#endif /* TEST_SQLITE */
+
+/*
+ * Demonstrate locking issue found in gcompris using sqlite3. This
+ * work with ext3, but not with cifs server on Windows 2003. This is
+ * done in the sqlite3 library.
+ * See also
+ * &lt;URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
+ * POSIX specification
+ * &lt;URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
+ */
+int test_gcompris_locking(void) {
+ struct flock fl;
+ char *name = "testsqlite.db";
+ unlink(name);
+ int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
+ printf("info: testing fcntl locking\n");
+
+ fl.l_whence = SEEK_SET;
+ fl.l_pid = getpid();
+ printf(" Read-locking 1 byte from 1073741824");
+ fl.l_start = 1073741824;
+ fl.l_len = 1;
+ fl.l_type = F_RDLCK;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ printf(" Read-locking 510 byte from 1073741826");
+ fl.l_start = 1073741826;
+ fl.l_len = 510;
+ fl.l_type = F_RDLCK;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ printf(" Unlocking 1 byte from 1073741824");
+ fl.l_start = 1073741824;
+ fl.l_len = 1;
+ fl.l_type = F_UNLCK;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ printf(" Write-locking 1 byte from 1073741824");
+ fl.l_start = 1073741824;
+ fl.l_len = 1;
+ fl.l_type = F_WRLCK;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ printf(" Write-locking 510 byte from 1073741826");
+ fl.l_start = 1073741826;
+ fl.l_len = 510;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ printf(" Unlocking 2 byte from 1073741824");
+ fl.l_start = 1073741824;
+ fl.l_len = 2;
+ fl.l_type = F_UNLCK;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ close(fd);
+ return 0;
+}
+
+/*
+ * Test if permissions of freshly created directories allow entries
+ * below them. This was a problem with OpenOffice.org and gcompris.
+ * Mounting with option 'sync' seem to solve this problem while
+ * slowing down file operations.
+ */
+int test_subdirectory_creation(void) {
+#define LEVELS 5
+ char *path = strdup("test");
+ char *dirs[LEVELS];
+ int level;
+ printf("info: testing subdirectory creation\n");
+ for (level = 0; level &lt; LEVELS; level++) {
+ char *newpath = NULL;
+ if (-1 == mkdir(path, 0777)) {
+ printf(" error: Unable to create directory '%s': %s\n",
+ path, strerror(errno));
+ break;
+ }
+ asprintf(&newpath, "%s/%s", path, "test");
+ free(path);
+ path = newpath;
+ }
+ return 0;
+}
+
+/*
+ * Test if symlinks can be created. This was a problem detected with
+ * KDE.
+ */
+int test_symlinks(void) {
+ printf("info: testing symlink creation\n");
+ unlink("symlink");
+ if (-1 == symlink("file", "symlink"))
+ printf(" error: Unable to create symlink\n");
+ return 0;
+}
+
+int main(int argc, char **argv) {
+ printf("Testing POSIX/Unix sematics on file system\n");
+ test_symlinks();
+ test_subdirectory_creation();
+#ifdef TEST_SQLITE
+ test_sqlite_open();
+#endif /* TEST_SQLITE */
+ test_gcompris_locking();
+ return 0;
+}
+</pre>
+
+<p>When everything is working, it should print something like
+this:</p>
+
+<pre>
+Testing POSIX/Unix sematics on file system
+info: testing symlink creation
+info: testing subdirectory creation
+info: sqlite worked
+info: testing fcntl locking
+ Read-locking 1 byte from 1073741824
+ Read-locking 510 byte from 1073741826
+ Unlocking 1 byte from 1073741824
+ Write-locking 1 byte from 1073741824
+ Write-locking 510 byte from 1073741826
+ Unlocking 2 byte from 1073741824
+</pre>
+
+<p>I do not remember the exact details of the problems we saw, but one
+of them was with locking, where if I remember correctly, POSIX allow a
+read-only lock to be upgraded to a read-write lock without unlocking
+the read-only lock (while Windows do not). Another was a bug in the
+CIFS/SMB client implementation in the Linux kernel where directory
+meta information would be wrong for a fraction of a second, making
+OpenOffice.org fail to create its deep directory tree because it was
+not allowed to create files in its freshly created directory.</p>
+
+<p>Anyway, here is a nice tool for your tool box, might you never need
+it. :)</p>
+
+<p>Update 2010-08-27: Michael Gebetsroither report that he found the
+script so useful that he created a GIT repository and stored it in
+<a href="http://github.com/gebi/fs-test">http://github.com/gebi/fs-test</a>.</p>
+</description>
+ </item>
+
+ <item>
+ <title>No hardcoded config on Debian Edu clients</title>
+ <link>http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html</guid>
+ <pubDate>Mon, 9 Aug 2010 20:15:00 +0200</pubDate>
+ <description>
+<p>As reported earlier, the last few days I have looked at how Debian
+Edu clients are configured, and tried to get rid of all hardcoded
+configuration settings on the clients. I believe the work to be
+mostly done, and the clients seem to work just fine with dynamically
+generated configuration.</p>
+
+<p>What is the point, you might ask? The point is to allow a Debian
+Edu desktop to integrate into an existing network infrastructure
+without any manual configuration.</p>
+
+<p>This is what happens when installing a Debian Edu client here at
+the University of Oslo using PXE. With the PXE installation, I am
+asked for language (Norwegian Bokmål), locality (Norway) and keyboard
+layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
+accept to reformat the hard drive (yes), if I want to submit info to
+popcon.debian.org (no) and root password (secret). After answering
+these questions, the installer goes ahead and does its thing, and
+after around 50 minutes it is done. I press enter to finish the
+installation, and the machine reboots into KDE. When the machine is
+ready and kdm asks for login information, I enter my university
+username and password, am told by kdm that a local home directory has
+been created and that I must log in again, and finally log in with the
+same username and password to the KDE 4.4 desktop. At no point during
+this process did it ask for university specific settings, and all the
+required configuration was dynamically detected using information
+fetched via DHCP and DNS. The roaming workstation is now ready for
+use.</p>
+
+<p>How was this done, you might wonder? First of all, here is the
+list of things that need to be configured on the client to get it
+working properly out of the box:</p>
+
+<ul>
+<li>IP address/netmask and DNS server.</li>
+<li>Web proxy URL.</li>
+<li>LDAP server for NSS directory information (user, group, etc).</li>
+<li>Kerberos server for PAM password checking.</li>
+<li>SMB mount point to access the network home directory. (*)</li>
+<li>Central syslog server to send syslog messages to. (*)</li>
+<li>Sitesummary collector URL to submit info to central server. (*)</li>
+</ul>
+
+<p>(Hm, did I forget anything? Let me knew if I did.)</p>
+
+<p>The points marked (*) are not required to be able to use the
+machine, but needed to provide central storage and allowing system
+administrators to track their machines. Since yesterday, everything
+but the sitesummary collector URL is dynamically discovered at boot
+and installation time in the svn version of Debian Edu.</p>
+
+<p>The IP and DNS setup is fetched during boot using DHCP as usual.
+When a DHCP update arrives, the proxy setup is updated by looking for
+http://wpat/wpad.dat and using the content of this WPAD file to
+configure the http and ftp proxy in /etc/environment and
+/etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
+hook to ensure that the client stops using the Debian Edu proxy when
+it is moved outside the Debian Edu network, and instead uses any local
+proxy present on the new network when it moves around.</p>
+
+<p>The DNS names of the LDAP, Kerberos and syslog server and related
+configuration are generated using DNS information at boot. First the
+installer looks for a host named ldap in the current DNS domain. If
+not found, it looks for _ldap._tcp SRV records in DNS instead. If an
+LDAP server is found, its root DSE entry is requested and the
+attributes namingContexts and defaultNamingContext are used to
+determine which LDAP base to use for NSS. If there are several
+namingContexts attibutes and the defaultNamingContext is present, that
+LDAP subtree is used as the base. If defaultNamingContext is missing,
+the subtrees listed as namingContexts are searched in sequence for any
+object with class posixAccount or posixGroup, and the first one with
+such an object is used as the LDAP base. For Kerberos, a similar
+search is done by first looking for a host named kerberos, and then
+for the _kerberos._tcp SRV record. I've been unable to find a way to
+look up the Kerberos realm, so for this the upper case string of the
+current DNS domain is used.</p>
+
+<p>For the syslog server, the hosts syslog and loghost are searched
+for, and the _syslog._udp SRV record is consulted if no such host is
+found. This algorithm works for both Debian Edu and the University of
+Oslo. A similar strategy would work for locating the sitesummary
+server, but have not been implemented yet. I decided to fetch and
+save these settings during installation, to make sure moving to a
+different network does not change the set of users being allowed to
+log in nor the passwords required to log in. Usernames and passwords
+will be cached by sssd when the user logs in on the Debian Edu
+network, and will not change as the laptop move around. For a
+non-roaming machine, there is no caching, but given that it is
+supposed to stay in place it should not matter much. Perhaps we
+should switch those to use sssd too?</p>
+
+<p>The user's SMB mount point for the network home directory is
+located when the user logs in for the first time. The LDAP server is
+consulted to look for the user's LDAP object and the sambaHomePath
+attribute is used if found. If it isn't found, the home directory
+path fetched from NSS is used instead. Assuming the path is of the
+form /site/server/directory/username, the second part is looked up in
+DNS and used to generate a SMB URL of the form
+smb://server.domain/username. This algorithm works for both Debian
+edu and the University of Oslo. Perhaps there are better attributes
+to use or a better algorithm that works for more sites, but this will
+do for now. :)</p>
+
+<p>This work should make it easier to integrate the Debian Edu clients
+into any LDAP/Kerberos infrastructure, and make the current setup even
+more flexible than before. I suspect it will also work for thin
+client servers, allowing one to easily set up LTSP and hook it into a
+existing network infrastructure, but I have not had time to test this
+yet.</p>
+
+<p>If you want to help out with implementing these things for Debian
+Edu, please contact us on debian-edu@lists.debian.org.</p>
+
+<p>Update 2010-08-09: Simon Farnsworth gave me a heads-up on how to
+detect Kerberos realm from DNS, by looking for _kerberos TXT entries
+before falling back to the upper case DNS domain name. Will have to
+implement it for Debian Edu. :)</p>
+</description>
+ </item>
+
+ <item>
+ <title>Rob Weir: How to Crush Dissent</title>
+ <link>http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html</guid>
+ <pubDate>Sun, 15 Aug 2010 22:20:00 +0200</pubDate>
+ <description>
+<p>I found the notes from Rob Weir on
+<a href="http://feedproxy.google.com/~r/robweir/antic-atom/~3/VGb23-kta8c/how-to-crush-dissent.html">how
+to crush dissent</a> matching my own thoughts on the matter quite
+well. Highly recommended for those wondering which road our society
+should go down. In my view we have been heading the wrong way for a
+long time.</p>
+</description>
+ </item>
+
+ <item>
+ <title>2 Spykee-roboter i hus, nå skal det lekes</title>
+ <link>http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html</guid>
+ <pubDate>Wed, 18 Aug 2010 13:30:00 +0200</pubDate>
+ <description>
+<p>Jeg kjøpte nettopp to
+<a href="http://www.spykee-robot.com/">Spykee</a>-roboter, for test og
+leking. Kjøpte to da det var så billige, og gir meg mulighet til å
+eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
+ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde
+en liten stabel på lager som de ikke hadde klart å selge ut etter
+fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
+vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
+det blir morsomt å se hva vi får ut av dette.</p>
+
+<p>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
+og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som
+jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i
+mai. Eneste utfordringen er at kontroller-programvaren kun finnes til
+Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
+firmwaren. :)</p>
+
+<ul>
+<li><a href="http://en.wikipedia.org/wiki/Spykee">Wikipedia-oppføring</a></li>
+<li><a href="http://www.spykeeworld.com/spykee/US/freeSoftware.html">Nedlasting av firmware-kilden</a></li>
+<li><a href="http://wiki.nuug.no/grupper/robot">prosjektwiki hos NUUG</a></li>
+</ul>
+</description>
+ </item>
+
+ <item>
+ <title>Robot, reis deg...</title>
+ <link>http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html</guid>
+ <pubDate>Sat, 21 Aug 2010 22:10:00 +0200</pubDate>
+ <description>
+<p>I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og
+har brukt noen timer til å google etter interessante referanser og
+aktuell kildekode for bruk på Linux. Det mest lovende så langt er
+<a href="http://ispykee.toyz.org/">ispykee</a>, som har en
+BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på
+lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for
+å fjernstyre roboten. Linux-daemonen implementerer deler av
+protokollen som roboten forstår. Etter å ha knotet litt med å oppnå
+kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg
+måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at
+den lytter på IP-port 9000 og 9001, gikk jeg i gang med å finne ut
+hvordan jeg kunne snakke med roboten vha. disse portene. Robotbiten
+av protokollen er publisert av produsenten med GPL-lisens, slik at det
+er mulig å se hvordan protokollen fungerer. Det finnes en java-klient
+for Android som så ganske snasen ut, men fant ingen kildekode for
+denne. Derimot hadde iphone-løsningen kildekode, så jeg tok
+utgangspunkt i den.</p>
+
+<p>Daemonen ville i utgangspunktet forsøke å kontakte den sentrale
+tjenesten som iphone-programmet kobler seg til. Jeg skrev dette om
+til i stedet å sette opp en nettverkstjeneste på min lokale maskin,
+som jeg kan koble meg opp til med telnet og gi kommandoer til roboten
+(act, forward, right, left, etc). Det involverte i praksis å bytte ut
+socket()/connect() med socket()/bind()/listen()/accept() for å gjøre
+klienten om til en tjener.</p>
+
+<p>Mens jeg har forsøkt å få roboten til å bevege seg har min samboer
+skrudd sammen resten av roboten for å få montert kamera og plastpynten
+(armer, plastfiber for lys). Nå er det hele montert, og roboten er
+klar til bruk. Må få flyttet den over til mitt vanlige trådløsnett
+før det blir praktisk, men de bitene av protokollen er ikke
+implementert i ispykee-daemonen, så der må jeg enten få tak i en mac
+eller en windows-maskin, eller implementere det selv.</p>
+
+<p>Vi var tre som kjøpte slike roboter, og vi har blitt enige om å
+samle notater og referanser på <a
+href="http://wiki.nuug.no/grupper/robot/">NUUGs wiki</a>. Ta en titt
+der hvis du er nysgjerrig.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Elektronisk stemmegiving er ikke til å stole på - heller ikke i Norge</title>
+ <link>http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html</guid>
+ <pubDate>Mon, 23 Aug 2010 19:30:00 +0200</pubDate>
+ <description>
+<p>I Norge pågår en prosess for å
+<a href="http://www.e-valg.dep.no/">innføre elektronisk
+stemmegiving</a> ved kommune- og stortingsvalg. Dette skal
+introduseres i 2011. Det er all grunn til å tro at valg i Norge ikke
+vil være til å stole på hvis dette blir gjennomført. Da det hele var
+oppe til høring i 2006 forfattet jeg
+<a href="http://www.nuug.no/dokumenter/valg-horing-2006-09.pdf">en
+høringsuttalelse fra NUUG</a> (og EFN som hengte seg på) som skisserte
+hvilke punkter som må oppfylles for at en skal kunne stole på et valg,
+og elektronisk stemmegiving mangler flere av disse. Elektronisk
+stemmegiving er for alle praktiske formål å putte ens stemme i en sort
+boks under andres kontroll, og satse på at de som har kontroll med
+boksen er til å stole på - uten at en har mulighet til å verifisere
+dette selv. Det er ikke slik en gjennomfører demokratiske valg.</p>
+
+<p>Da problemet er fundamentalt med hvordan elektronisk stemmegiving
+må fungere for at også ikke-krypografer skal kunne delta, har det vært
+mange rapporter om hvordan elektronisk stemmegiving har sviktet i land
+etter land. En
+<a href="http://wiki.nuug.no/uttalelser/2006-elektronisk-stemmegiving">liten
+samling referanser</a> finnes på NUUGs wiki. Den siste er fra India,
+der valgkomisjonen har valgt
+<a href="http://www.freedom-to-tinker.com/blog/jhalderm/electronic-voting-researcher-arrested-over-anonymous-source">å
+pusse politiet på en forsker</a> som har dokumentert svakheter i
+valgsystemet.</p>
+
+<p>Her i Norge har en valgt en annen tilnærming, der en forsøker seg
+med teknobabbel for å få befolkningen til å tro at dette skal bli
+sikkert. Husk, elektronisk stemmegiving underminerer de demokratiske
+valgene i Norge, og bør ikke innføres.</p>
+
+<p>Den offentlige diskusjonen blir litt vanskelig av at media har
+valgt å kalle dette "evalg", som kan sies å både gjelde elektronisk
+opptelling av valget som Norge har gjort siden 60-tallet og som er en
+svært god ide, og elektronisk opptelling som er en svært dårlig ide.
+Diskusjonen gir ikke mening hvis en skal diskutere om en er for eller
+mot "evalg", og jeg forsøker derfor å være klar på at jeg snakker om
+elektronisk stemmegiving og unngå begrepet "evalg".</p>
+</description>
+ </item>
+
+ <item>
+ <title>Broken umask handling with sshfs</title>
+ <link>http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html</guid>
+ <pubDate>Thu, 26 Aug 2010 13:30:00 +0200</pubDate>
+ <description>
+<p>My file system sematics program
+<a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">presented
+a few days ago</a> is very useful to verify that a file system can
+work as a unix home directory,and today I had to extend it a bit. I'm
+looking into alternatives for home directory access here at the
+University of Oslo, and one of the options is sshfs. My friend
+Finn-Arne mentioned a while back that they had used sshfs with Debian
+Edu, but stopped because of problems. I asked today what the problems
+where, and he mentioned that sshfs failed to handle umask properly.
+Trying to detect the problem I wrote this addition to my fs testing
+script:</p>
+
+<pre>
+mode_t touch_get_mode(const char *name, mode_t mode) {
+ mode_t retval = 0;
+ int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, mode);
+ if (-1 != fd) {
+ unlink(name);
+ struct stat statbuf;
+ if (-1 != fstat(fd, &statbuf)) {
+ retval = statbuf.st_mode & 0x1ff;
+ }
+ close(fd);
+ }
+ return retval;
+}
+
+/* Try to detect problem discovered using sshfs */
+int test_umask(void) {
+ printf("info: testing umask effect on file creation\n");
+
+ mode_t orig_umask = umask(000);
+ mode_t newmode;
+ if (0666 != (newmode = touch_get_mode("foobar", 0666))) {
+ printf(" error: Wrong file mode %o when creating using mode 666 and umask 000\n",
+ newmode);
+ }
+ umask(007);
+ if (0660 != (newmode = touch_get_mode("foobar", 0666))) {
+ printf(" error: Wrong file mode %o when creating using mode 666 and umask 007\n",
+ newmode);
+ }
+
+ umask (orig_umask);
+ return 0;
+}
+
+int main(int argc, char **argv) {
+ [...]
+ test_umask();
+ return 0;
+}
+</pre>
+
+<p>Sure enough. On NFS to a netapp, I get this result:</p>
+
+<pre>
+Testing POSIX/Unix sematics on file system
+info: testing symlink creation
+info: testing subdirectory creation
+info: testing fcntl locking
+ Read-locking 1 byte from 1073741824
+ Read-locking 510 byte from 1073741826
+ Unlocking 1 byte from 1073741824
+ Write-locking 1 byte from 1073741824
+ Write-locking 510 byte from 1073741826
+ Unlocking 2 byte from 1073741824
+info: testing umask effect on file creation
+</pre>
+
+<p>When mounting the same directory using sshfs, I get this
+result:</p>
+
+<pre>
+Testing POSIX/Unix sematics on file system
+info: testing symlink creation
+info: testing subdirectory creation
+info: testing fcntl locking
+ Read-locking 1 byte from 1073741824
+ Read-locking 510 byte from 1073741826
+ Unlocking 1 byte from 1073741824
+ Write-locking 1 byte from 1073741824
+ Write-locking 510 byte from 1073741826
+ Unlocking 2 byte from 1073741824
+info: testing umask effect on file creation
+ error: Wrong file mode 644 when creating using mode 666 and umask 000
+ error: Wrong file mode 640 when creating using mode 666 and umask 007
+</pre>
+
+<p>So, I can conclude that sshfs is better than smb to a Netapp or a
+Windows server, but not good enough to be used as a home
+directory.</p>
+
+<p>Update 2010-08-26: Reported the issue in
+<a href="http://bugs.debian.org/594498">BTS report #594498</a></p>
+
+<p>Update 2010-08-27: Michael Gebetsroither report that he found the
+script so useful that he created a GIT repository and stored it in
+<a href="http://github.com/gebi/fs-test">http://github.com/gebi/fs-test</a>.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Sikkerhetsteateret på flyplassene fortsetter</title>
+ <link>http://people.skolelinux.org/pere/blog/Sikkerhetsteateret_p___flyplassene_fortsetter.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Sikkerhetsteateret_p___flyplassene_fortsetter.html</guid>
+ <pubDate>Sat, 28 Aug 2010 10:40:00 +0200</pubDate>
+ <description>
+<p>Jeg skrev for et halvt år siden hvordan
+<a href="http://people.skolelinux.org/pere/blog/Sikkerhet__teater__og_hvordan_gj__re_verden_sikrere.html">samfunnet
+kaster bort ressurser på sikkerhetstiltak som ikke fungerer</a>. Kom
+nettopp over en
+<a href="http://www.askthepilot.com/essays-and-stories/terrorism-tweezers-and-terminal-madness-an-essay-on-security/">historie
+fra en pilot fra USA</a> som kommenterer det samme. Jeg mistenker det
+kun er uvitenhet og autoritetstro som gjør at så få protesterer. Har
+veldig sans for piloten omtalt i <a
+href="http://www.aftenposten.no/nyheter/iriks/article2057501.ece">Aftenposten</a> 2007-10-23,
+og skulle ønske flere rettet oppmerksomhet mot problemet. Det gir
+ikke meg trygghetsfølelse på flyplassene når jeg ser at
+flyplassadministrasjonen kaster bort folk, penger og tid på tull i
+stedet for ting som bidrar til reell økning av sikkerheten. Det
+forteller meg jo at vurderingsevnen til de som burde bidra til økt
+sikkerhet er svært sviktende, noe som ikke taler godt for de andre
+tiltakene.</p>
+
+<p>Mon tro hva som skjer hvis det fantes en enkel brosjyre å skrive ut
+fra Internet som forklarte hva som er galt med sikkerhetsopplegget på
+flyplassene, og folk skrev ut og la en bunke på flyplassene når de
+passerte. Kanskje det ville fått flere til å få øynene opp for
+problemet.</p>
+
+<p>Personlig synes jeg flyopplevelsen er blitt så avskyelig at jeg
+forsøker å klare meg med tog, bil og båt for å slippe ubehaget. Det
+er dog noe vanskelig i det langstrakte Norge og for å kunne besøke de
+delene av verden jeg ønsker å nå. Mistenker at flere har det slik, og
+at dette går ut over inntjeningen til flyselskapene. Det er antagelig
+en god ting sett fra et miljøperspektiv, men det er en annen sak.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Broken hard link handling with sshfs</title>
+ <link>http://people.skolelinux.org/pere/blog/Broken_hard_link_handling_with_sshfs.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Broken_hard_link_handling_with_sshfs.html</guid>
+ <pubDate>Mon, 30 Aug 2010 19:30:00 +0200</pubDate>
+ <description>
+<p>Just got an email from Tobias Gruetzmacher as a followup on my
+<a href="http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html">previous
+post about sshfs</a>. He reported another problem with sshfs. It
+fail to handle hard links properly. A simple way to spot this is to
+look at the . and .. entries in the directory tree. These should have
+a link count >1, but on sshfs the count is 1. I just tested to see
+what happen when trying to hardlink, and this fail as well:</p>
+
+<pre>
+% ln foo bar
+ln: creating hard link `bar' => `foo': Function not implemented
+%
+</pre>
+
+<p>I have not yet found time to implement a test for this in my file
+system test code, but believe having working hard links is useful to
+avoid surprised unix programs. Not as useful as working file locking
+and symlinks, which are required to get a working desktop, but useful
+nevertheless. :)</p>
+
+<p>The latest version of the file system test code is available via
+git from
+<a href="http://github.com/gebi/fs-test">http://github.com/gebi/fs-test</a></p>
+</description>
+ </item>
+
+ <item>
+ <title>Forslag i stortinget om å stoppe elektronisk stemmegiving i Norge</title>
+ <link>http://people.skolelinux.org/pere/blog/Forslag_i_stortinget_om____stoppe_elektronisk_stemmegiving_i_Norge.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Forslag_i_stortinget_om____stoppe_elektronisk_stemmegiving_i_Norge.html</guid>
+ <pubDate>Tue, 31 Aug 2010 21:00:00 +0200</pubDate>
+ <description>
+<p>Ble tipset i dag om at et forslag om å stoppe forsøkene med
+elektronisk stemmegiving utenfor valglokaler er
+<a href="http://www.stortinget.no/no/Saker-og-publikasjoner/Saker/Sak/?p=46616">til
+behandling</a> i Stortinget.
+<a href="http://www.stortinget.no/Global/pdf/Representantforslag/2009-2010/dok8-200910-128.pdf">Forslaget</a>
+er fremmet av Erna Solberg, Michael Tetzschner og Trond Helleland.</p>
+
+<p>Håper det får flertall.</p>
+</description>
+ </item>
+
+ <item>
+ <title>My first perl GUI application - controlling a Spykee robot</title>
+ <link>http://people.skolelinux.org/pere/blog/My_first_perl_GUI_application___controlling_a_Spykee_robot.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/My_first_perl_GUI_application___controlling_a_Spykee_robot.html</guid>
+ <pubDate>Wed, 1 Sep 2010 21:00:00 +0200</pubDate>
+ <description>
+<p>This evening I made my first Perl GUI application. The last few
+days I have worked on a Perl module for controlling my recently
+aquired Spykee robots, and the module is now getting complete enought
+that it is possible to use it to control the robot driving at least.
+It was now time to figure out how to use it to create some GUI to
+allow me to drive the robot around. I picked PerlQt as I have had
+positive experiences with the Qt API before, and spent a few minutes
+browsing the web for examples. Using Qt Designer seemed like a short
+cut, so I ended up writing the perl GUI using Qt Designer and
+compiling it into a perl program using the puic program from
+libqt-perl. Nothing fancy yet, but it got buttons to connect and
+drive around.</p>
+
+<p>The perl module I have written provide a object oriented API for
+controlling the robot. Here is an small example on how to use it:</p>
+
+<p><pre>
+use Spykee;
+Spykee::discover(sub {$robot{$_[0]} = $_[1]});
+my $host = (keys %robot)[0];
+my $spykee = Spykee->new();
+$spykee->contact($host, "admin", "admin");
+$spykee->left();
+sleep 2;
+$spykee->right();
+sleep 2;
+$spykee->forward();
+sleep 2;
+$spykee->back();
+sleep 2;
+$spykee->stop();
+</pre></p>
+
+<p>Thanks to the release of the source of the robot firmware, I could
+peek into the implementation at the other end to figure out how to
+implement the protocol used by the robot. I've implemented several of
+the commands the robot understand, but is still missing the camera
+support to make it possible to control the robot from remote. First I
+want to implement support for uploading new firmware and configuring
+the wireless network, to make it possible to bootstrap a Spykee robot
+without the producers Windows and MacOSX software (I only have Linux,
+so I had to ask a friend to come over to get the robot testing
+going. :).</p>
+
+<p>Will release the source to the public soon, but need to figure out
+where to make it available first. I will add a link to
+<a href="http://wiki.nuug.no/grupper/robot/">the NUUG wiki</a> for
+those that want to check back later to find it.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Navteq bruker 3-12 måneder, OpenStreetmap.org trenger noen dager</title>
+ <link>http://people.skolelinux.org/pere/blog/Navteq_bruker_3_12_m__neder__OpenStreetmap_org_trenger_noen_dager.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Navteq_bruker_3_12_m__neder__OpenStreetmap_org_trenger_noen_dager.html</guid>
+ <pubDate>Tue, 7 Sep 2010 21:40:00 +0200</pubDate>
+ <description>
+<p>Jeg ble riktig fascinert av
+<a href="http://www.aftenposten.no/nyheter/iriks/article3800967.ece">en
+artikkel i Aftenposten</a> om hvor hardt Navteq jobber for å oppdatere
+kartene som brukes i navigasjons-GPSer, der det blant annet heter at
+"på grunn av teknikken tar det alt fra tre til tolv måneder før
+kartene er oppdatert". Når en kjenner hva slags oppdateringshastighet
+som er tilgjengelig på
+<a href="http://www.openstreetmap.org/">OpenStreetmap</a> som
+oppdateres på dugnad, blir det litt trist å se hva noe av det beste en
+kan kjøpe for penger får til.</p>
+
+<p>Fra en endrer kartdataene i databasen til OpenStreetmap tar det
+ca. 15 minutter før endringen er synlig på kartet som alle kan se på
+web. Dernest overføres det daglig til en kartdump som lastes ned av
+personen som lager Garmin-kart for Norge ca. en gang i uken. Med
+OpenStreetmap.org og <a href="http://www.frikart.no/">Frikart.no</a>
+kan en altså ha korreksjonene på plass i sin Garmin-GPS i løpet av en
+uke. Det er også av tekniske årsaker at det tar så langt tid.
+Jobbene som tegner kartene, henter ut kartdumpene og konverterer til
+Garmin-format tar minutter og timer å gjennomføre, slik at de ikke
+gjøres kontinuerlig men kun regelmessing.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Terms of use for video produced by a Canon IXUS 130 digital camera</title>
+ <link>http://people.skolelinux.org/pere/blog/Terms_of_use_for_video_produced_by_a_Canon_IXUS_130_digital_camera.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Terms_of_use_for_video_produced_by_a_Canon_IXUS_130_digital_camera.html</guid>
+ <pubDate>Thu, 9 Sep 2010 23:55:00 +0200</pubDate>
+ <description>
+<p>A few days ago I had the mixed pleasure of bying a new digital
+camera, a Canon IXUS 130. It was instructive and very disturbing to
+be able to verify that also this camera producer have the nerve to
+specify how I can or can not use the videos produced with the camera.
+Even thought I was aware of the issue, the options with new cameras
+are limited and I ended up bying the camera anyway. What is the
+problem, you might ask? It is software patents, MPEG-4, H.264 and the
+MPEG-LA that is the problem, and our right to record our experiences
+without asking for permissions that is at risk.
+
+<p>On page 27 of the Danish instruction manual, this section is
+written:</p>
+
+<blockquote>
+<p>This product is licensed under AT&T patents for the MPEG-4 standard
+and may be used for encoding MPEG-4 compliant video and/or decoding
+MPEG-4 compliant video that was encoded only (1) for a personal and
+non-commercial purpose or (2) by a video provider licensed under the
+AT&T patents to provide MPEG-4 compliant video.</p>
+
+<p>No license is granted or implied for any other use for MPEG-4
+standard.</p>
+</blockquote>
+
+<p>In short, the camera producer have chosen to use technology
+(MPEG-4/H.264) that is only provided if I used it for personal and
+non-commercial purposes, or ask for permission from the organisations
+holding the knowledge monopoly (patent) for technology used.</p>
+
+<p>This issue has been brewing for a while, and I recommend you to
+read
+"<a href="http://www.osnews.com/story/23236/Why_Our_Civilization_s_Video_Art_and_Culture_is_Threatened_by_the_MPEG-LA">Why
+Our Civilization's Video Art and Culture is Threatened by the
+MPEG-LA</a>" by Eugenia Loli-Queru and
+"<a href="http://webmink.com/2010/09/03/h-264-and-foss/">H.264 Is Not
+The Sort Of Free That Matters</a>" by Simon Phipps to learn more about
+the issue. The solution is to support the
+<a href="http://www.digistan.org/open-standard:definition">free and
+open standards</a> for video, like <a href="http://www.theora.org/">Ogg
+Theora</a>, and avoid MPEG-4 and H.264 if you can.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Anonym ferdsel er en menneskerett</title>
+ <link>http://people.skolelinux.org/pere/blog/Anonym_ferdsel_er_en_menneskerett.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Anonym_ferdsel_er_en_menneskerett.html</guid>
+ <pubDate>Wed, 15 Sep 2010 12:15:00 +0200</pubDate>
+ <description>
+<p>Debatten rundt sporveiselskapet i Oslos (Ruter AS) ønske om
+<a href="http://www.aftenposten.no/nyheter/iriks/article3808135.ece">å
+radiomerke med RFID</a> alle sine kunder og
+<a href="http://www.aftenposten.no/nyheter/article3809746.ece">registerere
+hvor hver og en av oss beveger oss</a> pågår, og en ting som har
+kommet lite frem i debatten er at det faktisk er en menneskerett å
+kunne ferdes anonymt internt i ens eget land.</p>
+
+<p>Fant en grei kilde for dette i et
+<a href="http://www.datatilsynet.no/upload/Microsoft%20Word%20-%2009-01399-2%20H+%C2%A9ringsnotat%20-%20Samferdselsdepartementet%20-%20Utkas%C3%94%C3%87%C2%AA.pdf">skriv
+fra Datatilsynet</a> til Samferdselsdepartementet om tema:</p>
+
+<blockquote><p>Retten til å ferdes anonymt kan utledes av
+menneskerettskonvensjonen artikkel 8 og av EUs personverndirektiv.
+Her heter det at enkeltpersoners grunnleggende rettigheter og frihet
+må respekteres, særlig retten til privatlivets fred. I både
+personverndirektivet og i den norske personopplysningsloven er
+selvråderetten til hver enkelt et av grunnprinsippene, hovedsaklig
+uttrykt ved at en må gi et frivillig, informert og uttrykkelig
+samtykke til behandling av personopplysninger.</p></blockquote>
+
+<p>For meg er det viktig at jeg kan ferdes anonymt, og det er litt av
+bakgrunnen til at jeg handler med kontanter, ikke har mobiltelefon og
+forventer å kunne reise med bil og kollektivtrafikk uten at det blir
+registrert hvor jeg har vært. Ruter angriper min rett til å ferdes
+uten radiopeiler med sin innføring av RFID-kort, og dokumenterer sitt
+ønske om å registrere hvor kundene befant seg ved å ønske å gebyrlegge
+oss som ikke registrerer oss hver gang vi beveger oss med
+kollektivtrafikken i Oslo. Jeg synes det er hårreisende.</p>
+</description>
+ </item>
+
+ <item>
+ <title>TED talks på norsk og NUUG-foredrag - frivillige trengs til teksting</title>
+ <link>http://people.skolelinux.org/pere/blog/TED_talks_p___norsk_og_NUUG_foredrag___frivillige_trengs_til_teksting.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/TED_talks_p___norsk_og_NUUG_foredrag___frivillige_trengs_til_teksting.html</guid>
+ <pubDate>Fri, 1 Oct 2010 11:00:00 +0200</pubDate>
+ <description>
+<p>Frikanalen og NUUG jobber for å få <a href="http://www.ted.com">TED
+talks</a> kringkastet på
+<a href="http://www.frikanalen.no/">Frikanalen</a>, for å gi et mer
+variert innhold på kanalen som i dag sendes på RiksTV, Lyse og
+Uninett. Før innslagene kan sendes må det lages norske undertekster,
+og dette her trengs det frivillige. Det er hundrevis av innslag, men
+mine favoritter er
+<a href="http://www.ted.com/talks/james_randi.html">James Randi</a> og
+<a href="http://www.ted.com/talks/lang/eng/michael_specter_the_danger_of_science_denial.html">Michael
+Specter</a>. Hvis du har litt tid til overs, bli med på å oversette
+TED-foredragene til norsk og få på plass undertekster. TED har
+allerede opplegg på plass for å håndtere oversettelser og
+undertekster. Registrer deg på
+<a href="http://www.ted.com/translate/forted">sidene til TED</a> i
+dag!</p>
+
+<p>NUUG holder også på å få alle opptakene fra NUUG-presentasjonene
+<a href="http://www.nuug.no/pub/video/frikanalen/frontpage.cgi?organization=NUUG">publisert
+på Frikanalen</a>. Foredrag på engelsk må også her tekstes og
+oversettes. Ta kontakt med video@nuug.no hvis du vil bidra med
+teksting og oversetting. Arbeidet koordineres på epostlisten og på
+IRC (#nuug-video på irc.oftc.org), og <a
+href="http://wiki.nuug.no/grupper/video/frikanalen">en wikiside</a>
+brukes som notatblokk for arbeidet. Mest lovende verktøy for dette
+ser i dag ut til å være
+<a href="http://universalsubtitles.org/">Universal Subtitles</a>, som
+lar en bidra med teksting via en nettleser.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Links for 2010-10-03</title>
+ <link>http://people.skolelinux.org/pere/blog/Links_for_2010_10_03.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Links_for_2010_10_03.html</guid>
+ <pubDate>Sun, 3 Oct 2010 22:30:00 +0200</pubDate>
+ <description>
+<p><ul>
+
+<li><a href="http://arstechnica.com/business/news/2010/09/there-is-no-plan-b-why-the-ipv4-to-ipv6-transition-will-be-ugly.ars">There
+is no Plan B: why the IPv4-to-IPv6 transition will be ugly</a></li>
+
+<li>Scanner looking under clothes
+<a href="http://www.dagbladet.no/2010/10/03/nyheter/utenriks/reise/overvakingskamera/flyplasser/13667192/">has
+already been misused at Heathrow</a>.</li>
+
+<li><a href="http://wiki.softwarelivre.org/Landell">Landell
+Webcasting</a> - interesting alternative for
+<ahref="http://dvswitch.alioth.debian.org/wiki/">DVSwitch</a> with
+simple setup.
+
+</ul></p>
+</description>
+ </item>
+
+ <item>
+ <title>First version of a Perl library to control the Spykee robot</title>
+ <link>http://people.skolelinux.org/pere/blog/First_version_of_a_Perl_library_to_control_the_Spykee_robot.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/First_version_of_a_Perl_library_to_control_the_Spykee_robot.html</guid>
+ <pubDate>Sat, 9 Oct 2010 14:00:00 +0200</pubDate>
+ <description>
+<p>This summer I got the chance to buy cheap Spykee robots, and since
+then I have worked on getting Linux software in place to control them.
+The firmware for the robot is available from the producer, and using
+that source it was trivial to figure out the protocol specification.
+I've started on a perl library to control it, and made some demo
+programs using this perl library to allow one to control the
+robots.</p>
+
+<p>The library is quite functional already, and capable of controlling
+the driving, fetching video, uploading MP3s and play them. There are
+a few less important features too.</p>
+
+<p>Since a few weeks ago, I ran out of time to spend on this project,
+but I never got around to releasing the current source. I decided
+today that it was time to do something about it, and uploaded the
+source to my Debian package store at people.skolelinux.org.</p>
+
+<p>Because it was simpler for me, I made a Debian package and
+published the source and deb. If you got a spykee robot, grab the
+source or binary package:</p>
+
+<p><ul>
+<li><a href="http://people.skolelinux.org/~pere/debian/packages/lenny/libspykee-perl_0.0.20101009-1.tar.gz">libspykee-perl_0.0.20101009-1.tar.gz</a></li>
+<li><a href="http://people.skolelinux.org/~pere/debian/packages/lenny/libspykee-perl_0.0.20101009-1.dsc">libspykee-perl_0.0.20101009-1.dsc</a></li>
+<li><a href="http://people.skolelinux.org/~pere/debian/packages/lenny/libspykee-perl_0.0.20101009-1_all.deb">libspykee-perl_0.0.20101009-1_all.deb</a></li>
+</ul></p>
+
+<p>If you are interested in helping out with developing this library,
+please let me know.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Links for 2010-10-14</title>
+ <link>http://people.skolelinux.org/pere/blog/Links_for_2010_10_14.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Links_for_2010_10_14.html</guid>
+ <pubDate>Thu, 14 Oct 2010 14:45:00 +0200</pubDate>
+ <description>
+<p>Personvernet et under kontinuerlig og kraftig angrep. Her er noen
+stemmer i debatten.</p>
+
+<p><ul>
+
+<li><a href="http://efn.no/hemmelig-retthaversk.txt">Hemmelig
+ "Retthaversk" notat vil amputere person- og rettsvernet</a> -
+ pressemelding fra EFN etter at de ble kjent med hårreisende
+ lovforslag fra "Dele, ikke stjele"-kampanjen.
+
+<li><a href="http://borud2.borud.no/2010/10/verdidebatt.html">Verdidebatt</a>
+ av Bjørn Borud. Klargjørende omramming av debatten med bakgrunn i
+ oppdagelsen fra EFN.</li>
+
+<li><a href="http://www.dagbladet.no/2010/10/14/kultur/data_og_teknologi/tekno/personvern/opphavsrett/13804298/">Må
+ personvernet vike for opphavsretten?</a> av Jan Omdahl i
+ Dagbladet</li>
+
+<li><a href="http://www.archive.org/details/CopyingIsNotTheft">Copying
+ Is Not Theft</a> - fin jingle om opphavsrett vs. eiendom</li>
+
+<li><a href="http://cleanternet.org/">Cleanternet</a> - satire om
+forslag for et rent og sikkert Internet.</li>
+
+<li><a href="http://www.dubistterrorist.de/en/">You are a
+ terrorist!</a> - innspill om den massive overvåkningen som er
+ gjennomført i Tysland og resten av den vestlige verden de siste
+ årene.</li>
+
+<li><a href="http://www.dagbladet.no/2010/10/12/kultur/debatt/debattinnlegg/13787554/">Farlig
+ hemmelighold</a> - debattinnlegg i Dagbladet fra Thomas Gramstad og
+ Bjørn Remseth i EFN</li>
+
+</ul></p>
+</description>
+ </item>
+
+ <item>
+ <title>Standardkrav inn i anbudstekster?</title>
+ <link>http://people.skolelinux.org/pere/blog/Standardkrav_inn_i_anbudstekster_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Standardkrav_inn_i_anbudstekster_.html</guid>
+ <pubDate>Sun, 17 Oct 2010 19:30:00 +0200</pubDate>
+ <description>
+<p>Hvis det å følge standarder skal ha noen effekt overfor
+leverandører, så må slike krav og ønsker komme inn i anbudstekster når
+systemer kjøpes inn. Har ikke sett noen slike formuleringer i anbud
+så langt, men har tenkt litt på hva som bør inn. Her er noen ideer og
+forslag. Min drøm er at en kan sette krav til slik støtte i
+anbudstekster, men så langt er det nok mer sannsynlig at en må nøye
+seg med å skrive at det er en fordel om slik støtte er tilstede i
+leveranser.</p>
+
+<p>Som systemadministrator på Universitetet er det typisk to områder
+som er problematiske for meg. Det ene er admin-grensesnittene på
+tjenermaskiner, som vi ønsker å bruke via ssh. Det andre er nettsider
+som vi ønsker å bruke via en nettleser. For begge deler er det viktig
+at protokollene og formatene som brukes følger standarder våre verktøy
+støtter.</p>
+
+<p>De fleste har nå støtte for SSH som overføringsprotkoll for
+admin-grensesnittet, men det er ikke tilstrekkelig for å kunne stille
+inn f.eks BIOS og RAID-kontroller via ssh-forbindelsen. Det er flere
+aktuelle protokoller for fremvisning av BIOS-oppsett og
+oppstartmeldinger, og min anbefaling ville være å kreve
+VT100-kompatibel protokoll, for å sikre at flest mulig
+terminalemulatorer kan forstå hva som kommer fra admin-grensesnittet
+via ssh. Andre aktuelle alternativer er ANSI-terminalemulering og
+VT220. Kanskje en formulering ala dette i anbudsutlysninger vil
+fungere:</p>
+
+<p><blockquote>
+BIOS og oppstartmeldinger i administrasjonsgrensesnittet til maskinen
+bør/skal være tilgjengelig via SSH-protokollen som definert av IETF
+(RFC 4251 mfl.) og følge terminalfremvisningprotokollen VT100 (ref?)
+når en kobler seg til oppstart via ssh.
+</blockquote></p>
+
+<p>Har ikke lykkes med å finne en god referanse for
+VT100-spesifikasjonen.</p>
+
+<p>Når det gjelder nettsider, så er det det HTML, CSS og
+JavaScript-spesifikasjonen til W3C som gjelder.</p>
+
+<p><blockquote>
+Alle systemets nettider bør/skal være i henhold til statens
+standardkatalogs krav om nettsider og følge HTML-standarden som
+definert av W3C, og validere uten feil hos W3Cs HTML-validator
+(http://validator.w3.org). Hvis det brukes CSS så bør/skal denne
+validere uten feil hos W3Cs CSS-validator
+(http://jigsaw.w3.org/css-validator/). Eventuelle JavaScript skal
+være i henhold til EcmaScript-standarden. I tillegg til å følge de
+overnevnte standardene skal websidene fungere i nettleserne (fyll inn
+relevant liste for organisasjonen) Firefox 3.5, Internet Explorer 8,
+Opera 9, etc.
+</blockquote></p>
+
+<p>Vil et slikt avsnitt være konkret nok til å få leverandørene til å
+lage nettsider som følger standardene og fungerer i flere
+nettlesere?</p>
+
+<p>Tar svært gjerne imot innspill på dette temaet til aktive (at)
+nuug.no, og er spesielt interessert i hva andre skriver i sine anbud
+for å oppmuntre leverandører til å følge standardene. Kanskje NUUG
+burde lage et dokument med forslag til standardformuleringer å ta med
+i anbudsutlysninger?</p>
+
+<p>Oppdatering 2010-12-03: I følge Wikipedias oppføring om
+<a href="http://en.wikipedia.org/wiki/ANSI_escape_code">ANSI escape
+code</a>, så bruker VT100-terminaler ECMA-48-spesifikasjonen som
+basis for sin oppførsel. Det kan dermed være et alternativ når en
+skal spesifisere hvordan seriell-konsoll skal fungere.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Pledge for funding to the Gnash project to get AVM2 support</title>
+ <link>http://people.skolelinux.org/pere/blog/Pledge_for_funding_to_the_Gnash_project_to_get_AVM2_support.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Pledge_for_funding_to_the_Gnash_project_to_get_AVM2_support.html</guid>
+ <pubDate>Tue, 19 Oct 2010 14:45:00 +0200</pubDate>
+ <description>
+<p><a href="http://www.getgnash.org/">The Gnash project</a> is the
+most promising solution for a Free Software Flash implementation. It
+has done great so far, but there is still far to go, and recently its
+funding has dried up. I believe AVM2 support in Gnash is vital to the
+continued progress of the project, as more and more sites show up with
+AVM2 flash files.</p>
+
+<p>To try to get funding for developing such support, I have started
+<a href="http://www.pledgebank.com/gnash-avm2">a pledge</a> with the
+following text:</P>
+
+<p><blockquote>
+
+ <p>"I will pay 100$ to the Gnash project to develop AVM2 support but
+ only if 10 other people will do the same."</p>
+
+ <p>- Petter Reinholdtsen, free software developer</p>
+
+ <p>Deadline to sign up by: 24th December 2010</p>
+
+ <p>The Gnash project need to get support for the new Flash file
+ format AVM2 to work with a lot of sites using Flash on the
+ web. Gnash already work with a lot of Flash sites using the old AVM1
+ format, but more and more sites are using the AVM2 format these
+ days. The project web page is available from
+ http://www.getgnash.org/ . Gnash is a free software implementation
+ of Adobe Flash, allowing those of us that do not accept the terms of
+ the Adobe Flash license to get access to Flash sites.</p>
+
+ <p>The project need funding to get developers to put aside enough
+ time to develop the AVM2 support, and this pledge is my way to try
+ to get this to happen.</p>
+
+ <p>The project accept donations via the OpenMediaNow foundation,
+ <a href="http://www.openmedianow.org/?q=node/32">http://www.openmedianow.org/?q=node/32</a> .</p>
+
+</blockquote></p>
+
+<p>I hope you will support this effort too. I hope more than 10
+people will participate to make this happen. The more money the
+project gets, the more features it can develop using these funds.
+:)</p>
+</description>
+ </item>
+
+ <item>
+ <title>Making room on the Debian Edu/Sqeeze DVD</title>
+ <link>http://people.skolelinux.org/pere/blog/Making_room_on_the_Debian_Edu_Sqeeze_DVD.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Making_room_on_the_Debian_Edu_Sqeeze_DVD.html</guid>
+ <pubDate>Sun, 7 Nov 2010 11:45:00 +0100</pubDate>
+ <description>
+<p>Prioritising packages for the Debian Edu /
+<a href="http://www.skolelinux.org/">Skolelinux</a> DVD, which is
+supposed provide a school with all the services and user applications
+needed on the pupils computer network has always been hard. Even
+schools without Internet connections should be able to get Debian Edu
+working using this DVD.</p>
+
+<p>The job became a lot harder when apt and aptitude started
+installing recommended packages by default. We want the same set of
+packages to be installed when using the DVD and the netinst CD, and
+that means all recommended packages need to be on the DVD. I created
+a patch for debian-cd in <a href="http://bugs.debian.org/601203">BTS
+report #601203</a> to do this, and since this change was applied to
+the Debian Edu DVD build, we have been seriously short on space.</p>
+
+<p>A few days ago we decided to drop blender, wxmaxima and kicad from
+the default installation to save space on the DVD, believing that
+those needing these applications are few and can get them from the
+Debian archive.</p>
+
+<p>Yesterday, I had a look what source packages to see which packages
+were using most space. A few large packages are well know;
+openoffice.org, openclipart and fluid-soundfont. But I also
+discovered that lilypond used 106 MiB and fglrx-driver used 53 MiB.
+The lilypond package is pulled in as a dependency for rosegarden, and
+when looking a bit closer I discovered that 99 MiB of the 106 MiB were
+the documentation package, which is recommended by the binary package.
+I decided to drop this documentation package from our DVD, as most of
+our users will use the GUI front-ends and do not need the lilypond
+documentation. Similarly, I dropped the non-free fglrx-driver package
+which might be installed by d-i when its hardware is detected, as the
+free X driver should work.</p>
+
+<p>With this change, we finally got space for the LXDE and Gnome
+desktop packages as well as the language specific packages making the
+DVD more useful again.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Gjendikte sangen "Copying Is Not Theft" på Norsk?</title>
+ <link>http://people.skolelinux.org/pere/blog/Gjendikte_sangen__Copying_Is_Not_Theft__p___Norsk_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Gjendikte_sangen__Copying_Is_Not_Theft__p___Norsk_.html</guid>
+ <pubDate>Wed, 10 Nov 2010 14:40:00 +0100</pubDate>
+ <description>
+<p>En genial liten sang om kopiering og tyveri er
+<a href="http://www.archive.org/details/CopyingIsNotTheft">Copying Is
+Not Theft</a> av Nina Paley. Den vil jeg at
+<a href="http://www.nuug.no/">NUUG</a> skal sende på
+<a href="http://www.frikanalen.no/">Frikanalen</a>, men først må vi
+fikse norske undertekster eller dubbing. Og i og med at det er en
+sang, tror jeg den kanskje bør gjendiktes.
+
+Selve teksten finner en på bloggen til
+<a href="http://blog.ninapaley.com/2009/12/15/minute-meme-1-copying-is-not-theft/">tekstforfatteren</a> og den ser slik ut:
+
+<p><blockquote>
+<p>Copying is not theft.
+<br>Stealing a thing leaves one less left
+<br>Copying it makes one thing more;
+<br>that's what copying's for.</p>
+
+<p>Copying is not theft.
+<br>If I copy yours you have it too
+<br>One for me and one for you
+<br>That's what copies can do</p>
+
+<p>If I steal your bicycle
+<br>you have to take the bus,
+<br>but if I just copy it
+<br>there's one for each of us!</p>
+
+<p>Making more of a thing,
+<br>that is what we call "copying"
+<br>Sharing ideas with everyone
+<br>That's why copying
+<br>is
+<br>FUN!</p>
+</blockquote></p>
+
+<p>Her er et naivt forsøk på oversettelse, uten noe forsøk på
+gjendiktning eller få det til å flyte sammen med melodien.</p>
+
+<p><blockquote>
+<p>Kopiering er ikke tyveri.
+<br>Stjeler du en ting er det en mindre igjen
+<br>Kopier den og det er ting til.
+<br>det er derfor vi har kopiering.</p>
+
+<p>Kopiering er ikke tyveri.
+<br>Hvis jeg kopierer din så har du den fortsatt
+<br>En for meg og en for deg.
+<br>Det er det kopier gir oss</p>
+
+<p>Hvis jeg stjeler sykkelen din
+<br>så må du ta bussen,
+<br>men hvis jeg bare kopierer den,
+<br>så får vi hver vår!</p>
+
+<p>Lage mer av en ting,
+<br>det er det vi kaller "kopiering".
+<br>Deler ideer med enhver
+<br>Det er derfor kopiering
+<br>er
+<br>MORSOMT!</p>
+</blockquote></p>
+
+<p>Hvis du har forslag til bedre oversettelse eller lyst til å bidra
+til å få denne sangen over i norsk språkdrakt, ta kontakt med video
+(at) nuug.no.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Gnash buildbot slave and Debian kfreebsd</title>
+ <link>http://people.skolelinux.org/pere/blog/Gnash_buildbot_slave_and_Debian_kfreebsd.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Gnash_buildbot_slave_and_Debian_kfreebsd.html</guid>
+ <pubDate>Sat, 20 Nov 2010 07:20:00 +0100</pubDate>
+ <description>
+<p>Answering
+<a href="http://www.listware.net/201011/gnash-dev/67431-gnash-dev-buildbot-looking-for-slaves.html">the
+call from the Gnash project</a> for
+<a href="http://www.gnashdev.org:8010">buildbot</a> slaves to test the
+current source, I have set up a virtual KVM machine on the Debian
+Edu/Skolelinux virtualization host to test the git source on
+Debian/Squeeze. I hope this can help the developers in getting new
+releases out more often.</p>
+
+<p>As the developers want less main-stream build platforms tested to,
+I have considered setting up a <a
+href="http://www.debian.org/ports/kfreebsd-gnu/">Debian/kfreebsd</a>
+machine as well. I have also considered using the kfreebsd
+architecture in Debian as a file server in NUUG to get access to the 5
+TB zfs volume we currently use to store DV video. Because of this, I
+finally got around to do a test installation of Debian/Squeeze with
+kfreebsd. Installation went fairly smooth, thought I noticed some
+visual glitches in the cdebconf dialogs (black cursor left on the
+screen at random locations). Have not gotten very far with the
+testing. Noticed cfdisk did not work, but fdisk did so it was not a
+fatal problem. Have to spend some more time on it to see if it is
+useful as a file server for NUUG. Will try to find time to set up a
+gnash buildbot slave on the Debian Edu/Skolelinux this weekend.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Debian Edu development gathering and General Assembly for FRiSK</title>
+ <link>http://people.skolelinux.org/pere/blog/Debian_Edu_development_gathering_and_General_Assembly_for_FRiSK.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_development_gathering_and_General_Assembly_for_FRiSK.html</guid>
+ <pubDate>Mon, 29 Nov 2010 18:40:00 +0100</pubDate>
+ <description>
+<p>On friday, the first Debian Edu / Skolelinux
+<a href="http://www.friprogramvareiskolen.no/Gathering/2010-12-03-05-Oslo">development
+gathering</a> in a long time take place here in Oslo, Norway. I
+really look forward to seeing all the good people working on the
+Squeeze release. The gathering is open for everyone interested in
+learning more about Debian Edu / Skolelinux.</p>
+
+<p>On Saturday, the Norwegian member organization taking care of
+organizing these development gatherings, Fri Programvare i Skolen,
+will hold its
+<a href="http://friprogramvareiskolen.no/Genfors/2010">General Assembly
+for 2010</a>. Membership is open for all, and currently there are 388
+people registered as members. Last year 32 members cast their vote in
+the memberdb based election system. I hope more people find time to
+vote this year.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Hva har mine representanter stemt i Storinget?</title>
+ <link>http://people.skolelinux.org/pere/blog/Hva_har_mine_representanter_stemt_i_Storinget_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Hva_har_mine_representanter_stemt_i_Storinget_.html</guid>
+ <pubDate>Tue, 11 Jan 2011 14:25:00 +0100</pubDate>
+ <description>
+<p>I England har <a href="http://www.mysociety.org/">MySociety</a>
+laget en genial tjeneste for å holde øye med parlamentet. Tjenesten
+<a href="http://www.theyworkforyou.com/">They Work For You</a> lar
+borgerne få direkte og sanntidsoppdatert innsyn i sine representanters
+gjøren og laden i parlamentet. En kan kan få kopi av det en gitt
+representant har sagt på talerstolen, og få vite hva hver enkelt
+representant har stemt i hver enkelt sak som er tatt opp. Jeg skulle
+gjerne hatt en slik tjeneste for Stortinget i Norge.</p>
+
+<p>Endel <a href="http://www.nsd.uib.no/polsys/storting/">statistikk
+over representantenes stemmegivning</a> er tilgjengelig fra Norsk
+sammfunnsvitenskaplig datatjeneste, men ingenting av dette er
+detaljert nok til at en han holde hver enkelt stortingsrepresentant
+ansvarlig.</p>
+
+<p>For å få en idé om det finnes en datakilde fra Stortinget som kan
+brukes til å få oversikt over hvordan hver enkelt representant har
+stemt, sendte jeg et spørsmål til Stortinget:</p>
+
+<p><blockquote><pre>
+Fra: Petter Reinholdtsen
+Sendt: 11. januar 2011 10:42
+Til: info (at) stortinget.no
+Emne: Hvem stemte hva i de ulike sakene?
+
+Hei. Er det informasjon tilgjengelig på web om hvilke
+stortingsrepresentanter som stemte hva i sakene som er til votering i
+Stortinget?
+
+Vennlig hilsen,
+--
+Petter Reinholdtsen
+</pre></blockquote></p>
+
+<p>Svaret kom noen timer senere:</p>
+
+<p><blockquote><pre>
+From: Postmottak Informasjonshjornet
+To: Petter Reinholdtsen
+Subject: RE: Hvem stemte hva i de ulike sakene?
+Date: Tue, 11 Jan 2011 12:46:25 +0000
+
+Hei.
+Takk for henvendelsen.
+
+Sommeren 2010 fikk vi nytt voteringsanlegg i stortingssalen som
+muliggjør publisering av voteringsresultat på nett. dette er et
+pågående prosjekt 1. halvår 2011. Kan ikke si nøyaktig når det er i
+funksjon.
+<a href="http://www.stortinget.no/no/Stortinget-og-demokratiet/Historikk/Nytt-konferanseanlegg-i-stortingssalen/">http://www.stortinget.no/no/Stortinget-og-demokratiet/Historikk/Nytt-konferanseanlegg-i-stortingssalen/</a>
+
+Foreløpig må du finne voteringsresultatet i referatet etter at saken
+har vært behandlet i Stortinget.
+
+Ønsker du å vite hvem som stemte hva i en bestemt sak,(og hvem som
+ikke var til stede), kan du kontakte oss og vi kan sende deg en
+utskrift.
+
+Med vennlig hilsen
+Elin B. Relander Tømte
+Stortingets Informasjonsseksjon
+tlf 23313596
+
+www.stortinget.no
+www.tinget.no
+</pre></blockquote></p>
+
+<p>Det ser dermed ut at det i fjor ble mulig å hente ut informasjonen
+fra Stortinget, men at Stortinget ikke legger denne informasjonen ut
+på web ennå. En liten brikke er dermed på plass, men mye
+gjenstår. Kanskje jeg får tid til å se på en norsk utgave etter
+at vi i NUUG har fått operativ en norsk utgave av
+<a href="http://www.fixmystreet.com/">FixMyStreet</a>.</p>
+</description>
+ </item>
+
+ <item>
+ <title>The video format most supported in web browsers?</title>
+ <link>http://people.skolelinux.org/pere/blog/The_video_format_most_supported_in_web_browsers_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/The_video_format_most_supported_in_web_browsers_.html</guid>
+ <pubDate>Sun, 16 Jan 2011 00:20:00 +0100</pubDate>
+ <description>
+<p>The video format struggle on the web continues, and the three
+contenders seem to be Ogg Theora, H.264 and WebM. Most video sites
+seem to use H.264, while others use Ogg Theora. Interestingly enough,
+the comments I see give me the feeling that a lot of people believe
+H.264 is the most supported video format in browsers, but according to
+the Wikipedia article on
+<a href="http://en.wikipedia.org/wiki/HTML5_video">HTML5 video</a>,
+this is not true. Check out the nice table of supprted formats in
+different browsers there. The format supported by most browsers is
+Ogg Theora, supported by released versions of Mozilla Firefox, Google
+Chrome, Chromium, Opera, Konqueror, Epiphany, Origyn Web Browser and
+BOLT browser, while not supported by Internet Explorer nor Safari.
+The runner up is WebM supported by released versions of Google Chrome
+Chromium Opera and Origyn Web Browser, and test versions of Mozilla
+Firefox. H.264 is supported by released versions of Safari, Origyn
+Web Browser and BOLT browser, and the test version of Internet
+Explorer. Those wanting Ogg Theora support in Internet Explorer and
+Safari can install plugins to get it.</p>
+
+<p>To me, the simple conclusion from this is that to reach most users
+without any extra software installed, one uses Ogg Theora with the
+HTML5 video tag. Of course to reach all those without a browser
+handling HTML5, one need fallback mechanisms. In
+<a href="http://www.nuug.no/">NUUG</a>, we provide first fallback to a
+plugin capable of playing MPEG1 video, and those without such support
+we have a second fallback to the Cortado java applet playing Ogg
+Theora. This seem to work quite well, as can be seen in an <a
+href="http://www.nuug.no/aktiviteter/20110111-semantic-web/">example
+from last week</a>.</p>
+
+<p>The reason Ogg Theora is the most supported format, and H.264 is
+the least supported is simple. Implementing and using H.264
+require royalty payment to MPEG-LA, and the terms of use from MPEG-LA
+are incompatible with free software licensing. If you believed H.264
+was without royalties and license terms, check out
+"<a href="http://webmink.com/essays/h-264/">H.264 – Not The Kind Of
+Free That Matters</a>" by Simon Phipps.</p>
+
+<p>A incomplete list of sites providing video in Ogg Theora is
+available from
+<a href="http://wiki.xiph.org/index.php/List_of_Theora_videos">the
+Xiph.org wiki</a>, if you want to have a look. I'm not aware of a
+similar list for WebM nor H.264.</p>
+
+<p>Update 2011-01-16 09:40: A question from Tollef on IRC made me
+realise that I failed to make it clear enough this text is about the
+&lt;video&gt; tag support in browsers and not the video support
+provided by external plugins like the Flash plugins.</p>
+</description>
+ </item>
+
projects / homepage.git / blobdiff