<channel>
<title>Petter Reinholdtsen</title>
<description></description>
- <link></link>
- <atom:link href="index.rss" rel="self" type="application/rss+xml" />
+ <link>http://people.skolelinux.org/pere/blog/</link>
+ <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
<item>
- <title>Vitenskapens dogmer...</title>
- <link>Vitenskapens_dogmer___.html</link>
- <guid isPermaLink="true">Vitenskapens_dogmer___.html</guid>
- <pubDate>Fri, 27 Mar 2009 11:30:00 +0100</pubDate>
+ <title>Pieces of the roaming laptop puzzle in Debian</title>
+ <link>http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html</guid>
+ <pubDate>Wed, 19 May 2010 19:00:00 +0200</pubDate>
<description>
-<p>Handspåleggere og andre tilhengere av ikke-etterprøvbar medisin,
-samt de som mener at verden ikke utviklet seg i henhold til
-evolusjonsteorien, hevder ofte at vitenskapen er dogmatisk og at
-vitenskapsfolk velger å ignorere alt vitenskapsfolk ikke kan
-forklare. Intet kunne være lenger fra sannheten. En interessant
-observasjon dog, er hvilke "dogmer" som ligger til grunn for
-vitenskapen. Her er et forsøk på å nevne noen av de grunnleggende
-antagelsene som legges til grunn.</p>
-
-<p>Først og fremst ligger det til grunn en tro om at verden,
-verdensrommet og universet har de samme egenskapene overalt. Dvs. at
-en ikke tror at virkeligheten oppfører seg forskjellig f.eks. på
-jorden og i verdensrommet. Dette er ingen selvfølgelig antagelse, da
-f.eks. de gamle grekerne antok at virkeligheten var forskjellig på
-jorden og i himmelen. Antagelsen om at virkeligheten oppfører seg
-etter de samme "reglene" overalt skjøt først fart etter
-middelalderen.</p>
-
-<p>Når en så har begynt å tro at virkeligheten oppfører seg likt
-overalt, så kan en begynne å tro at det er mulig å observere
-virkeligheten, og ut fra observasjoner kunne finne en forklaring, et
-sett med "regler", som kan brukes til å forutse hva som kommer til å
-skje i fremtiden basert på observasjoner gjort i fortiden. Eksempler
-på dette er at en kan beregne hvor lang tid en sten som er sluppet
-ned fra et hus vil bruke før den treffer bakken (og ikke tror at den
-i noen tilfeller vil fly oppover i stedet for nedover). En kan altså
-lage en mental modell over sammenhenger i virkeligheten, og bruke
-denne modellen til å, enten ved hjelp av logiske argumentasjonsrekker
-eller matematiske beregninger, forklare hva som kommer til å skje.
-Hvis modellen viser seg å fungere bra for observasjoner i dag, så
-kan en på tilsvarende vis beregne eller logisk sette sammen hva som
-har foregått i fortiden som ledet frem til det vi kan observere i
-dag.</p>
-
-<p>Sist, men ikke minst, så tror vitenskapsfolk på at det er mulig
-å observere virkeligheten, og å tro på disse observasjonene
-(innenfor rimelig feilmargin som følger av måten observasjonen er
-gjort på). En tror altså ikke på at noen bakenfor virkeligheten
-forsøker å lure oss til å observere noe som ikke eksisterer. Det
-er naturligvis umulig (eller kanskje til nød svært vanskelig) å
-motbevise at vi lever i Matrix-aktige omgivelser, der vi observerer
-noe som eksisterer kun som en simulering i datamaskiner. Det at noe
-er umulig å motbevise gjør dog ikke at det blir spesielt interessant
-å ta utgangspunkt i. Det er antagelig ikke grenser for hvor mange
-måter det er mulig å tenke seg at vi blir lurt til å oppleve en
-virkelighet som "egentlig" ikke eksisterer, men i og med at den
-eksisterer for oss, så er det i hovedsak et filosofisk spørsmål om
-hva det betyr å eksistere. Det er ikke spesielt relevant for
-vitenskapen, som altså tar utgangspunkt i at den virkeligheten vi
-observerer eksisterer, virker likt overalt, og kan forstås med logikk
-og matematikk.</p>
-
-<p>Det kan virke som om de som hevder at vitenskapen er ute av stand
-til å ta inn over seg Snåsamannens evner, homeopatiske
-forklaringsmodeller og en skapende gud, ikke tror på det samme som
-vitenskapsfolk. De kan ikke tro at den virkeligheten vi observerer
-eksisterer, virker likt overalt, og kan forstås med logikk og
-matematikk. Mitt problem med å tro på på det samme, er at hvis
-disse forutsetningene ikke ligger til grunn, så er det ingen grenser
-for hva en kan komme opp med av ideer til hvordan virkeligheten
-fungerer. Både Harry Potters magi, kreasjonistenes allmektige
-skaper, det flygende spagettimonsteret, Snåsamannens helbredelser,
-Haitis voodo, samenes ganding og middelalderens hekserier blir like
-gyldige. Jeg tror ikke noen av disse er spesielt sannsynlige, og
-velger derfor å ta utgangspunkt i vitenskapens rammer for hvordan
-virkeligheten skal forstås. For å sitere en reklamekampanje fra
-England: Vitenskap sender deg til månen. Religion sender deg inn i
-skyskrapere. Takke meg til en tur til månen.</p>
+<p>Today, the last piece of the puzzle for roaming laptops in Debian
+Edu finally entered the Debian archive. Today, the new
+<a href="http://packages.qa.debian.org/libp/libpam-mklocaluser.html">libpam-mklocaluser</a>
+package was accepted. Two days ago, two other pieces was accepted
+into unstable. The
+<a href="http://packages.qa.debian.org/p/pam-python.html">pam-python</a>
+package needed by libpam-mklocaluser, and the
+<a href="http://packages.qa.debian.org/s/sssd.html">sssd</a> package
+passed NEW on Monday. In addition, the
+<a href="http://packages.qa.debian.org/libp/libpam-ccreds.html">libpam-ccreds</a>
+package we need is in experimental (version 10-4) since Saturday, and
+hopefully will be moved to unstable soon.</p>
+
+<p>This collection of packages allow for two different setups for
+roaming laptops. The traditional setup would be using libpam-ccreds,
+nscd and libpam-mklocaluser with LDAP or Kerberos authentication,
+which should work out of the box if the configuration changes proposed
+for nscd in <a href="http://bugs.debian.org/485282">BTS report
+#485282</a> is implemented. The alternative setup is to use sssd with
+libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take
+care of the caching of passwords and group information.</p>
+
+<p>I have so far been unable to get sssd to work with the LDAP server
+at the University, but suspect the issue is some SSL/GnuTLS related
+problem with the server certificate. I plan to update the Debian
+package to version 1.2, which is scheduled for next week, and hope to
+find time to make sure the next release will include both the
+Debian/Ubuntu specific patches. Upstream is friendly and responsive,
+and I am sure we will find a good solution.</p>
+
+<p>The idea is to set up the roaming laptops to authenticate using
+LDAP or Kerberos and create a local user with home directory in /home/
+when a usre in LDAP logs in via KDM or GDM for the first time, and
+cache the password for offline checking, as well as caching group
+memberhips and other relevant LDAP information. The
+libpam-mklocaluser package was created to make sure the local home
+directory is in /home/, instead of /site/server/directory/ which would
+be the home directory if pam_mkhomedir was used. To avoid confusion
+with support requests and configuration, we do not want local laptops
+to have users in a path that is used for the same users home directory
+on the home directory servers.</p>
+
+<p>One annoying problem with gdm is that it do not show the PAM
+message passed to the user from libpam-mklocaluser when the local user
+is created. Instead gdm simply reject the login with some generic
+message. The message is shown in kdm, ssh and login, so I guess it is
+a bug in gdm. Have not investigated if there is some other message
+type that can be used instead to get gdm to also show the message.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
<item>
- <title>Første reprap-integreringsforsøk - Z-aksen beveger seg</title>
- <link>F__rste_reprap_integreringsfors__k___Z_aksen_beveger_seg.html</link>
- <guid isPermaLink="true">F__rste_reprap_integreringsfors__k___Z_aksen_beveger_seg.html</guid>
- <pubDate>Thu, 19 Mar 2009 22:15:00 +0100</pubDate>
+ <title>Parallellized boot is now the default in Debian/unstable</title>
+ <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html</guid>
+ <pubDate>Fri, 14 May 2010 22:40:00 +0200</pubDate>
<description>
-<p>I går tok jeg mot til meg, og løste problemet med
-z-aksen ved å borre i delen som manglet feste mot tannjulet som
-skal drive z-aksereimen. Dermed var det klart for å montere
-z-akse-akslingen på motoren og komme et steg videre med
-reprap-monteringen. Prøvekjørte den i dag med
-testprogrammet til stepmotoren, og kunne glad konstatere at det hele
-fungerte. I hvert fall når stepmotoren ikke forsøkte
-å snurre for raskt rundt. Ved høy hastighet roterte
-ikke akslingen i det hele tatt. Motoren ble bare stående
-å vibrere. Usikker på hvorfor, men antar motoren ikke
-har nok kraft til å få hele akslingen til å
-rotere så raskt. Denne øvelsen avslørte dog et
-annet problem med monteringen så langt. Under testingen
-begynte skruer og muttere å ry ned fra ulike deler av
-reprap-konstruksjonen. Jeg har ikke skrudd alt hard nok sammen til
-å tåle slike vibrasjoner. Tror en 5-6 skruver og/eller
-muttere løsnet. Brukte ganske lang tid på å
-finne ut hvor det manglet deler og skru ting sammen igjen. Antar alt
-må strammes skikkelig til før første
-utskrift.</p>
-
-<p>Neste steg er å få laget z-aksebåndet. Der trenger jeg
-egnet lim og en konstruksjon for å klemme bandet sammen under
-limingen, som
-<a href="http://reprap.org/bin/view/Main/AssemblingDarwinMachinery#Z_belt">beskrevet
-på reprap-wikien</a>. Er blitt tipset om svart superlim som er
-elastisk også etter at det tørket, og dro ned til Small Size
-Hobbyland på Lilletorget som skulle ha slikt, men da jeg var innom
-fikk jeg høre at de ikke lenger hadde slikt lim. Må finne ut
-hvor i Oslo jeg kan skaffe slikt. Kanskje Panduro har? Vet ikke hva
-limet egentlig heter, så det er vanskelig å søke på nett.</p>
+<p>Since this evening, parallel booting is the default in
+Debian/unstable for machines using dependency based boot sequencing.
+Apparently the testing of concurrent booting has been wider than
+expected, if I am to believe the
+<a href="http://lists.debian.org/debian-devel/2010/05/msg00122.html">input
+on debian-devel@</a>, and I concluded a few days ago to move forward
+with the feature this weekend, to give us some time to detect any
+remaining problems before Squeeze is frozen. If serious problems are
+detected, it is simple to change the default back to sequential boot.
+The upload of the new sysvinit package also activate a new upstream
+version.</p>
+
+More information about
+<a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
+based boot sequencing</a> is available from the Debian wiki. It is
+currently possible to disable parallel booting when one run into
+problems caused by it, by adding this line to /etc/default/rcS:</p>
+
+<blockquote><pre>
+CONCURRENCY=none
+</pre></blockquote>
+
+<p>If you report any problems with dependencies in init.d scripts to
+the BTS, please usertag the report to get it to show up at
+<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
+list of usertagged bugs related to this</a>.</p>
</description>
</item>
<item>
- <title>Avisene i endring</title>
- <link>Avisene_i_endring.html</link>
- <guid isPermaLink="true">Avisene_i_endring.html</guid>
- <pubDate>Sun, 15 Mar 2009 22:15:00 +0100</pubDate>
+ <title>Sitesummary tip: Listing MAC address of all clients</title>
+ <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html</guid>
+ <pubDate>Fri, 14 May 2010 21:10:00 +0200</pubDate>
<description>
-<p>Jeg kom over bloggposten
-"<a href="http://www.shirky.com/weblog/2009/03/newspapers-and-thinking-the-unthinkable/">Newspapers
-and Thinking the Unthinkable</a>" som jeg synes forklarer godt hva som
-skjer med aviser, og fikk meg til å tenke litt rundt andre utdøende
-forretningsmodeller basert på å løse problemer som ikke lenger
-eksisterer. Det blir spennende å se hva vi ender opp med.</p>
+<p>In the recent Debian Edu versions, the
+<a href="http://wiki.debian.org/DebianEdu/HowTo/SiteSummary">sitesummary
+system</a> is used to keep track of the machines in the school
+network. Each machine will automatically report its status to the
+central server after boot and once per night. The network setup is
+also reported, and using this information it is possible to get the
+MAC address of all network interfaces in the machines. This is useful
+to update the DHCP configuration.</p>
+
+<p>To give some idea how to use sitesummary, here is a one-liner to
+ist all MAC addresses of all machines reporting to sitesummary. Run
+this on the collector host:</p>
+
+<blockquote><pre>
+perl -MSiteSummary -e 'for_all_hosts(sub { print join(" ", get_macaddresses(shift)), "\n"; });'
+</pre></blockquote>
+
+<p>This will list all MAC addresses assosiated with all machine, one
+line per machine and with space between the MAC addresses.</p>
+
+<p>To allow system administrators easier job at adding static DHCP
+addresses for hosts, it would be possible to extend this to fetch
+machine information from sitesummary and update the DHCP and DNS
+tables in LDAP using this information. Such tool is unfortunately not
+written yet.</p>
</description>
</item>
<item>
- <title>En skam at det ikke finnes ordrett referat fra norske domstoler</title>
- <link>En_skam_at_det_ikke_finnes_ordrett_referat_fra_norske_domstoler.html</link>
- <guid isPermaLink="true">En_skam_at_det_ikke_finnes_ordrett_referat_fra_norske_domstoler.html</guid>
- <pubDate>Fri, 13 Mar 2009 18:00:00 +0100</pubDate>
+ <title>systemd, an interesting alternative to upstart</title>
+ <link>http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html</guid>
+ <pubDate>Thu, 13 May 2010 22:20:00 +0200</pubDate>
<description>
-<p>Advokatene jobber i disse dager hardt for å bli kvitt juryordningen
-fra norske domstoler. Det har de forsåvidt jobbet med i mange år.
-Personlig tror jeg det er å starte i feil ende, og en dårlig ide.</p>
-
-<p>Visst du at det ikke lages ordrett referat fra norske domstoler?
-Det er ingen som skriver ned alt som sies i en norsk rettsal slik en
-ser i TV-serier fra USA. Det som publiseres er dommerens
-oppsummering, og alt som ikke blir med i den oppsummeringen er det
-vanskelig å få dokumentert i ettertid. Konsekvensen er at en kan
-lyve så mye en vil fra vitneboksen uten å bli tatt for det i
-ettertid, hvis dommeren ikke syntes det som ble sagt var så
-interessant at det ble med i dokumentet som dokumenterer
-domsavsigelsen. Mens alt som sies fra Stortingets talerstol er
-tilgjengelig på web etter kort tid for kontroll og kritikk, er det
-ingen tilsvarende mulighet for det som sies fra vitneboksen i en norsk
-domstol. Kan dette føre til at en sak varer lengre enn nødvendig i
-rettssystemet? Jeg tror det, og synes det er en skam at det ikke
-publiseres ordrette referater fra norske rettsaler.</p>
-
-<p>En relatert observasjon er at det i utvalgte deler av landet
-eksperimenteres med lydopptak fra rettsalen, men disse opptakene er
-kun tilgjengelig for dommeren til hjelp når oppsummeringen skrives.
-Jeg synes som et minimum at disse lydopptakene som en regel burde vært
-publisert offentlig på web.</p>
+<p>The last few days a new boot system called
+<a href="http://www.freedesktop.org/wiki/Software/systemd">systemd</a>
+has been
+<a href="http://0pointer.de/blog/projects/systemd.html">introduced</a>
+
+to the free software world. I have not yet had time to play around
+with it, but it seem to be a very interesting alternative to
+<a href="http://upstart.ubuntu.com/">upstart</a>, and might prove to be
+a good alternative for Debian when we are able to switch to an event
+based boot system. Tollef is
+<a href="http://bugs.debian.org/580814">in the process</a> of getting
+systemd into Debian, and I look forward to seeing how well it work. I
+like the fact that systemd handles init.d scripts with dependency
+information natively, allowing them to run in parallel where upstart
+at the moment do not.</p>
+
+<p>Unfortunately do systemd have the same problem as upstart regarding
+platform support. It only work on recent Linux kernels, and also need
+some new kernel features enabled to function properly. This means
+kFreeBSD and Hurd ports of Debian will need a port or a different boot
+system. Not sure how that will be handled if systemd proves to be the
+way forward.</p>
+
+<p>In the mean time, based on the
+<a href="http://lists.debian.org/debian-devel/2010/05/msg00122.html">input
+on debian-devel@</a> regarding parallel booting in Debian, I have
+decided to enable full parallel booting as the default in Debian as
+soon as possible (probably this weekend or early next week), to see if
+there are any remaining serious bugs in the init.d dependencies. A
+new version of the sysvinit package implementing this change is
+already in experimental. If all go well, Squeeze will be released
+with parallel booting enabled by default.</p>
</description>
</item>
<item>
- <title>Testing av reprap-elektronikken igang</title>
- <link>Testing_av_reprap_elektronikken_igang.html</link>
- <guid isPermaLink="true">Testing_av_reprap_elektronikken_igang.html</guid>
- <pubDate>Thu, 12 Mar 2009 16:00:00 +0100</pubDate>
+ <title>Parallellizing the boot in Debian Squeeze - ready for wider testing</title>
+ <link>http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html</guid>
+ <pubDate>Thu, 6 May 2010 23:25:00 +0200</pubDate>
<description>
-<p>Lenge siden det var en oppdatering av status for min 3D-skriver og
-i mellomtiden har det skjedd en god del. Reprap-en er nesten ferdig
-montert, og elektronikken er også nesten ferdig loddet. Det ser ut
-til at bits-from-bytes sitt byggesett versjon 2.01 hadde noen småfeil,
-der en del manglet og en annen hadde suboptimalt design. Jeg løser
-antagelig det ene problemet med å borre noen ekstra hull til skruver i
-en plastdelen som trenger å festes. Det andre problemet håper jeg å
-få hjelp fra Audun Vaaler ved Høgskolen i Østfold til å løse.
-Høgskolen er igang med å bygge en tilsvarende reprap i versjon 2.0, og
-er kommet litt lenger enn meg. De kan forhåpentligvis skrive ut den
-delen jeg mangler på denne.</p>
-
-<p>Når det gjelder elektronikken, så er mye allerede loddet sammen av
-min venn Anders Rosnes, som har mer peiling på elektronikk og lodding
-enn meg. Jeg fikk i dag testet
-<a href="http://reprap.org/bin/view/Main/Stepper_Motor_Driver_1_1">stepper
-motordriveren (v1.1)</a>, og det fungerte. Jeg møtte et lite problem
-med strømforsyningen, en standard ATX-strømforsyning som nektet å
-fungere før jeg hadde satt en ledning mellom GRD og PS_ON som
-beskrevet på
-<a href="http://dev.www.reprap.org/bin/view/Main/PCPowerSupply">reprap-sidene
-om PC-strømforsyninger</a>. Jeg møtte også et annet problem med
-Arduino-programvaren. Versjon 0013 fungerer visst ikke på
-Debian/Etch. Den kompilerte binæren ble på 0 bytes. En side jeg fant
-vha. et Google-søk
-<a href="http://www.arduino.cc/cgi-bin/yabb2/YaBB.pl?num=1234153046/5">tipset
-meg</A> om at en nedgradering
-til <a href="http://arduino.googlecode.com/files/arduino-0012-linux.tgz">versjon
-0012</a> kunne løse problemet, og endelig ser jeg motorakslingen
-snurre. Nå er det å koble sammen mekanikk og elektronikk for å se om
-reprap-en kvikner til.</p>
+<p>These days, the init.d script dependencies in Squeeze are quite
+complete, so complete that it is actually possible to run all the
+init.d scripts in parallell based on these dependencies. If you want
+to test your Squeeze system, make sure
+<a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
+based boot sequencing</a> is enabled, and add this line to
+/etc/default/rcS:</p>
+
+<blockquote><pre>
+CONCURRENCY=makefile
+</pre></blockquote>
+
+<p>That is it. It will cause sysv-rc to use the startpar tool to run
+scripts in parallel using the dependency information stored in
+/etc/init.d/.depend.boot, /etc/init.d/.depend.start and
+/etc/init.d/.depend.stop to order the scripts. Startpar is configured
+to try to start the kdm and gdm scripts as early as possible, and will
+start the facilities required by kdm or gdm as early as possible to
+make this happen.</p>
+
+<p>Give it a try, and see if you like the result. If some services
+fail to start properly, it is most likely because they have incomplete
+init.d script dependencies in their startup script (or some of their
+dependent scripts have incomplete dependencies). Report bugs and get
+the package maintainers to fix it. :)</p>
+
+<p>Running scripts in parallel could be the default in Debian when we
+manage to get the init.d script dependencies complete and correct. I
+expect we will get there in Squeeze+1, if we get manage to test and
+fix the remaining issues.</p>
+
+<p>If you report any problems with dependencies in init.d scripts to
+the BTS, please usertag the report to get it to show up at
+<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
+list of usertagged bugs related to this</a>.</p>
</description>
</item>
<item>
- <title>Frikanalen og jul i studentrådet</title>
- <link>Frikanalen_og_jul_i_studentr__det.html</link>
- <guid isPermaLink="true">Frikanalen_og_jul_i_studentr__det.html</guid>
- <pubDate>Wed, 11 Mar 2009 23:40:00 +0100</pubDate>
+ <title>Forcing new users to change their password on first login</title>
+ <link>http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html</guid>
+ <pubDate>Sun, 2 May 2010 13:47:00 +0200</pubDate>
<description>
-<p>I går
-<a href="http://lists.nuug.no/pipermail/interesserte/2009-March/000387.html">lanserte</a>
-NUUGs videogruppe
-<a href="http://www.frikanalen.no">Frikanalen</a> med
-<a href="http://www.nuug.no/pub/video/frikanalen/frontpage.cgi">åpne
-standarder</a>, og resultatet av noen intense uker med arbeide kunne
-endelig presenteres. Jeg har tro på åpen kanalkonseptet som
-Frikanalen er et eksempel på, der borgerne får anledning til å
-kringkaste sitt syn på en åpen og demokratisk måte. Jeg er veldig
-glad vi har fått gjort kanalen tilgjengelig i Ogg Theora, slik at alle
-kan få tilgang til opptakene på web, og slipper å måtte installere MS
-Silverlight for å spille av opptakene.</p>
-
-<p>Frikanalen har en brokete historie, og dagens inkarnasjon er ikke
-helt slik foreningen Åpen kanal planla det for mange år siden, noe som
-er bakgrunnen for at det fredag 13. mars 2009 kl 09:00 starter en
-rettsak i Oslo tingrett der Kringkasterforeningen (tidligere
-foreningen Åpen kanal) har saksøkt kulturdepartementet over
-konsesjonsvilkårene til Frikanalen. Jeg er spent på resultatet.</p>
-
-<p>I arbeidet med Frikanalen med åpne standarder, så har vi hatt glede
-av å se en rekke av innslagene som er tilgjengelig. Her er mye
-religiøst sludder, fra
-<a href="http://www.nuug.no/pub/video/frikanalen/fetchvideo.cgi?videoId=720">vandring
-i jerusalem</a> via
-<a href="http://www.nuug.no/pub/video/frikanalen/fetchvideo.cgi?videoId=779">religiøst
-vinklede nyheter</a> til
-<a
-href="http://www.nuug.no/pub/video/frikanalen/fetchvideo.cgi?videoId=2077">kreasjonisk
-retorikk</a>, men også fine
-<a href="http://www.nuug.no/pub/video/frikanalen/fetchvideo.cgi?videoId=407">dokumentarer
-om redningsselskapet</a> og
-<a href="http://www.nuug.no/pub/video/frikanalen/fetchvideo.cgi?videoId=2204">interessante
-tegneserieanmeldelser</a>. Det jeg derimot har hatt størst glede av,
-er
-
-<a href="http://www.nuug.no/pub/video/frikanalen/fetchvideo.cgi?videoId=1556">jul
-i studentrådet</a>, der hver episode var en fest å se på. Jeg håper
-NUUG lykkes med å få ut sine opptak med like stor suksess.</p>
+<p>One interesting feature in Active Directory, is the ability to
+create a new user with an expired password, and thus force the user to
+change the password on the first login attempt.</p>
+
+<p>I'm not quite sure how to do that with the LDAP setup in Debian
+Edu, but did some initial testing with a local account. The account
+and password aging information is available in /etc/shadow, but
+unfortunately, it is not possible to specify an expiration time for
+passwords, only a maximum age for passwords.</p>
+
+<p>A freshly created account (using adduser test) will have these
+settings in /etc/shadow:</p>
+
+<blockquote><pre>
+root@tjener:~# chage -l test
+Last password change : May 02, 2010
+Password expires : never
+Password inactive : never
+Account expires : never
+Minimum number of days between password change : 0
+Maximum number of days between password change : 99999
+Number of days of warning before password expires : 7
+root@tjener:~#
+</pre></blockquote>
+
+<p>The only way I could come up with to create a user with an expired
+account, is to change the date of the last password change to the
+lowest value possible (January 1th 1970), and the maximum password age
+to the difference in days between that date and today. To make it
+simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
+avoid testing if 0 is a valid value).</p>
+
+<p>After using these commands to set it up, it seem to work as
+intended:</p>
+
+<blockquote><pre>
+root@tjener:~# chage -d 1 test; chage -M 10950 test
+root@tjener:~# chage -l test
+Last password change : Jan 02, 1970
+Password expires : never
+Password inactive : never
+Account expires : never
+Minimum number of days between password change : 0
+Maximum number of days between password change : 10950
+Number of days of warning before password expires : 7
+root@tjener:~#
+</pre></blockquote>
+
+<p>So far I have tested this with ssh and console, and kdm (in
+Squeeze) login, and all ask for a new password before login in the
+user (with ssh, I was thrown out and had to log in again).</p>
+
+<p>Perhaps we should set up something similar for Debian Edu, to make
+sure only the user itself have the account password?</p>
+
+<p>If you want to comment on or help out with implementing this for
+Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
+
+<p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
+shadow(8) page in Debian/testing now state that setting the date of
+last password change to zero (0) will force the password to be changed
+on the first login. This was not mentioned in the manual in Lenny, so
+I did not notice this in my initial testing. I have tested it on
+Squeeze, and '<tt>chage -d 0 username</tt>' do work there. I have not
+tested it on Lenny yet.</p>
+
+<p>Update 2010-05-02-19:05: Jim Paris tells me via email that an
+equivalent command to expire a password is '<tt>passwd -e
+username</tt>', which insert zero into the date of the last password
+change.</p>
</description>
</item>
<item>
- <title>Lisensvalg for NUUG-opptakene endelig på plass</title>
- <link>Lisensvalg_for_NUUG_opptakene_endelig_p___plass.html</link>
- <guid isPermaLink="true">Lisensvalg_for_NUUG_opptakene_endelig_p___plass.html</guid>
- <pubDate>Fri, 6 Mar 2009 21:20:00 +0100</pubDate>
+ <title>Thoughts on roaming laptop setup for Debian Edu</title>
+ <link>http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html</guid>
+ <pubDate>Wed, 28 Apr 2010 20:40:00 +0200</pubDate>
<description>
-<p>Etter mange års meditasjon over temaet, har NUUG endelig klart å
-bestemme seg for hvilken lisens vi skal bruke på videoopptakene som
-gjøres av NUUGs videogruppe. Ole Kristian har annonsert at lisensen
-blir <a href="http://creativecommons.org/licenses/by-sa/3.0/no/">Creative
-Commons Navngivelse-Del på samme vilkår 3.0 Norge</a>. Jeg er veldig
-glad for at denne saken endelig er landet. Lisensen for opptaket til
-Stallman-foredraget ble en annen pga. at lisensvalget ikke var avklart
-på forhånd og IFI og PING ønsket CC-BY-ND, og må ses på som et unntak
-i denne sammenhengen.</p>
-</description>
- </item>
-
- <item>
- <title>Teknisk program for Go Open 2009 er nesten ferdig</title>
- <link>Teknisk_program_for_Go_Open_2009_er_nesten_ferdig.html</link>
- <guid isPermaLink="true">Teknisk_program_for_Go_Open_2009_er_nesten_ferdig.html</guid>
- <pubDate>Thu, 5 Mar 2009 22:30:00 +0100</pubDate>
- <description>
-<p>Etter lang tids jobbing begynner endelig programmet til det
-tekniske sporet på konferansen <a href="http://www.goopen.no/">Go Open
-2009</a> å bli ferdig. Det blir 9 punkter på programmet, og etter alt
-å dømme blir det disse 9:</p>
+<p>For some years now, I have wondered how we should handle laptops in
+Debian Edu. The Debian Edu infrastructure is mostly designed to
+handle stationary computers, and less suited for computers that come
+and go.</p>
+
+<p>Now I finally believe I have an sensible idea on how to adjust
+Debian Edu for laptops, by introducing a new profile for them, for
+example called Roaming Workstations. Here are my thought on this.
+The setup would consist of the following:</p>
<ul>
-<li>"Open Telephony: A solution greater than the sum of its parts" med
- Jon "maddog" Hall</li>
-<li>OpenSolaris-relatert med Ian Murdock fra SUN</li>
-<li>"The inner workings of the OpenStreetmap project and the
- technology used" med Andy Allan </li>
-<li>Coreboot-relatert med Peter Stuge</li>
-<li>"Gratis værdata fra Meteorologisk institutt" med Trond Michelsen</li>
-<li>RRDtool/Nagios-relatert med Tobias Oetiker</li>
-<li>"Developers guide to server-side productivity and fun using open
- source platforms and frameworks" med en gjeng folk fra
- JavaBin-miljøet</li>
-<li>"G(et)it Nå!" med Marcus Ramberg</li>
-<li>Om kontrolltelling av valgresultater med fri programvare med Mitch
- Trachtenberg</li>
+ <li>During installation, the user name of the owner / primary user of
+ the laptop is requested and a local home directory is set up for
+ the user, with uid and gid information fetched from the LDAP
+ server. This allow the user to work also when offline. The
+ central home directory can be available in a subdirectory on
+ request, for example mounted via CIFS. It could be mounted
+ automatically when a user log in while on the Debian Edu network,
+ and unmounted when the machine is taken away (network down,
+ hibernate, etc), it can be set up to do automatic mounting on
+ request (using autofs), or perhaps some GUI button on the desktop
+ can be used to access it when needed. Perhaps it is enough to use
+ the fish protocol in KDE?</li>
+
+ <li>Password checking is set up to use LDAP or Kerberos
+ authentication when the machine is on the Debian Edu network, and
+ to cache the password for offline checking when the machine unable
+ to reach the LDAP or Kerberos server. This can be done using
+ <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
+ or the Fedora developed
+ <a href="https://fedoraproject.org/wiki/Features/SSSD">System
+ Security Services Daemon</a> packages.</li>
+
+ <li>File synchronisation with the central home directory is set up
+ using a shared directory in both the local and the central home
+ directory, using unison.</li>
+
+ <li>Printing should be set up to print to all printers broadcasting
+ their existence on the local network, and should then work out of
+ the box with CUPS. For sites needing accurate printer quotas, some
+ system with Kerberos authentication or printing via ssh could be
+ implemented.</li>
+
+ <li>For users that should have local root access to their laptop,
+ sudo should be used to allow this to the local user.</li>
+
+ <li>It would be nice if user and group information from LDAP is
+ cached on the client, but given that there are entries for the
+ local user and primary group in /etc/, it should not be needed.</li>
</ul>
-<p>De siste bekreftelsene og overskrifter mangler og kommer
-forhåpentlig på plass før mandag, men jeg håper dette blir et program
-flere enn meg vil sette pris på. Jeg gleder meg i hvert fall
-stort.</p>
+<p>I believe all the pieces to implement this are in Debian/testing at
+the moment. If we work quickly, we should be able to get this ready
+in time for the Squeeze release to freeze. Some of the pieces need
+tweaking, like libpam-ccreds should get support for pam-auth-update
+(<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
+perhaps debian-edu-config) should get some integration code to stop
+its daemon when the LDAP server is unavailable to avoid long timeouts
+when disconnected from the net. If we get Kerberos enabled, we need
+to make sure we avoid long timeouts there too.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"</title>
+ <link>http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html</guid>
+ <pubDate>Mon, 19 Apr 2010 17:10:00 +0200</pubDate>
+ <description>
+<p>The last few weeks i have had the pleasure of reading a
+thought-provoking collection of essays by Cory Doctorow, on topics
+touching copyright, virtual worlds, the future of man when the
+conscience mind can be duplicated into a computer and many more. The
+book titled "Content: Selected Essays on Technology, Creativity,
+Copyright, and the Future of the Future" is available with few
+restrictions on the web, for example from
+<a href="http://craphound.com/content/">his own site</a>. I read the
+epub-version from
+<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
+<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
+strongly recommend this book.</p>
</description>
</item>
<item>
- <title>Checking server hardware support status for Dell, HP and IBM servers</title>
- <link>Checking_server_hardware_support_status_for_Dell__HP_and_IBM_servers.html</link>
- <guid isPermaLink="true">Checking_server_hardware_support_status_for_Dell__HP_and_IBM_servers.html</guid>
- <pubDate>Sat, 28 Feb 2009 23:50:00 +0100</pubDate>
+ <title>Kerberos for Debian Edu/Squeeze?</title>
+ <link>http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html</guid>
+ <pubDate>Wed, 14 Apr 2010 17:20:00 +0200</pubDate>
<description>
-<p>At work, we have a few hundred Linux servers, and with that amount
-of hardware it is important to keep track of when the hardware support
-contract expire for each server. We have a machine (and service)
-register, which until recently did not contain much useful besides the
-machine room location and contact information for the system owner for
-each machine. To make it easier for us to track support contract
-status, I've recently spent time on extending the machine register to
-include information about when the support contract expire, and to tag
-machines with expired contracts to make it easy to get a list of such
-machines. I extended a perl script already being used to import
-information about machines into the register, to also do some screen
-scraping off the sites of Dell, HP and IBM (our majority of machines
-are from these vendors), and automatically check the support status
-for the relevant machines. This make the support status information
-easily available and I hope it will make it easier for the computer
-owner to know when to get new hardware or renew the support contract.
-The result of this work documented that 27% of the machines in the
-registry is without a support contract, and made it very easy to find
-them. 27% might seem like a lot, but I see it more as the case of us
-using machines a bit longer than the 3 years a normal support contract
-last, to have test machines and a platform for less important
-services. After all, the machines without a contract are working fine
-at the moment and the lack of contract is only a problem if any of
-them break down. When that happen, we can either fix it using spare
-parts from other machines or move the service to another old
-machine.</p>
-
-<p>I believe the code for screen scraping the Dell site was originally
-written by Trond Hasle Amundsen, and later adjusted by me and Morten
-Werner Forsbring. The HP scraping was written by me after reading a
-nice article in ;login: about how to use WWW::Mechanize, and the IBM
-scraping was written by me based on the Dell code. I know the HTML
-parsing could be done using nice libraries, but did not want to
-introduce more dependencies. This is the current incarnation:</p>
-
-<pre>
-use LWP::Simple;
-use POSIX;
-use WWW::Mechanize;
-use Date::Parse;
-[...]
-sub get_support_info {
- my ($machine, $model, $serial, $productnumber) = @_;
- my $str;
-
- if ( $model =~ m/^Dell / ) {
- # fetch website from Dell support
- my $url = "http://support.euro.dell.com/support/topics/topic.aspx/emea/shared/support/my_systems_info/no/details?c=no&amp;cs=nodhs1&amp;l=no&amp;s=dhs&amp;ServiceTag=$serial";
- my $webpage = get($url);
- return undef unless ($webpage);
-
- my $daysleft = -1;
- my @lines = split(/\n/, $webpage);
- foreach my $line (@lines) {
- next unless ($line =~ m/Beskrivelse/);
- $line =~ s/&lt;[^>]+?>/;/gm;
- $line =~ s/^.+?;(Beskrivelse;)/$1/;
-
- my @f = split(/\;/, $line);
- @f = @f[13 .. $#f];
- my $lastend = "";
- while ($f[3] eq "DELL") {
- my ($type, $startstr, $endstr, $days) = @f[0, 5, 7, 10];
-
- my $start = POSIX::strftime("%Y-%m-%d",
- localtime(str2time($startstr)));
- my $end = POSIX::strftime("%Y-%m-%d",
- localtime(str2time($endstr)));
- $str .= "$type $start -> $end ";
- @f = @f[14 .. $#f];
- $lastend = $end if ($end gt $lastend);
- }
- my $today = POSIX::strftime("%Y-%m-%d", localtime(time));
- tag_machine_unsupported($machine)
- if ($lastend lt $today);
- }
- } elsif ( $model =~ m/^HP / ) {
- my $mech = WWW::Mechanize->new();
- my $url =
- 'http://www1.itrc.hp.com/service/ewarranty/warrantyInput.do';
- $mech->get($url);
- my $fields = {
- 'BODServiceID' => 'NA',
- 'RegisteredPurchaseDate' => '',
- 'country' => 'NO',
- 'productNumber' => $productnumber,
- 'serialNumber1' => $serial,
- };
- $mech->submit_form( form_number => 2,
- fields => $fields );
- # Next step is screen scraping
- my $content = $mech->content();
-
- $content =~ s/&lt;[^>]+?>/;/gm;
- $content =~ s/\s+/ /gm;
- $content =~ s/;\s*;/;;/gm;
- $content =~ s/;[\s;]+/;/gm;
-
- my $today = POSIX::strftime("%Y-%m-%d", localtime(time));
-
- while ($content =~ m/;Warranty Type;/) {
- my ($type, $status, $startstr, $stopstr) = $content =~
- m/;Warranty Type;([^;]+);.+?;Status;(\w+);Start Date;([^;]+);End Date;([^;]+);/;
- $content =~ s/^.+?;Warranty Type;//;
- my $start = POSIX::strftime("%Y-%m-%d",
- localtime(str2time($startstr)));
- my $end = POSIX::strftime("%Y-%m-%d",
- localtime(str2time($stopstr)));
-
- $str .= "$type ($status) $start -> $end ";
-
- tag_machine_unsupported($machine)
- if ($end lt $today);
- }
- } elsif ( $model =~ m/^IBM / ) {
- # This code ignore extended support contracts.
- my ($producttype) = $model =~ m/.*-\[(.{4}).+\]-/;
- if ($producttype &amp;&amp; $serial) {
- my $content =
- get("http://www-947.ibm.com/systems/support/supportsite.wss/warranty?action=warranty&amp;brandind=5000008&amp;Submit=Submit&amp;type=$producttype&amp;serial=$serial");
- if ($content) {
- $content =~ s/&lt;[^>]+?>/;/gm;
- $content =~ s/\s+/ /gm;
- $content =~ s/;\s*;/;;/gm;
- $content =~ s/;[\s;]+/;/gm;
-
- $content =~ s/^.+?;Warranty status;//;
- my ($status, $end) = $content =~ m/;Warranty status;([^;]+)\s*;Expiration date;(\S+) ;/;
-
- $str .= "($status) -> $end ";
-
- my $today = POSIX::strftime("%Y-%m-%d", localtime(time));
- tag_machine_unsupported($machine)
- if ($end lt $today);
- }
- }
- }
- return $str;
-}
-</pre>
-
-<p>Here are some examples on how to use the function, using fake
-serial numbers. The information passed in as arguments are fetched
-from dmidecode.</p>
-
-<pre>
-print get_support_info("hp.host", "HP ProLiant BL460c G1", "1234567890"
- "447707-B21");
-print get_support_info("dell.host", "Dell Inc. PowerEdge 2950", "1234567");
-print get_support_info("ibm.host", "IBM eserver xSeries 345 -[867061X]-",
- "1234567");
-</pre>
-
-<p>I would recommend this approach for tracking support contracts for
-everyone with more than a few computers to administer. :)</p>
-
-<p>Update 2009-03-06: The IBM page do not include extended support
-contracts, so it is useless in that case. The original Dell code do
-not handle extended support contracts either, but has been updated to
-do so.</p>
+<p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
+NUUG presentation</a> about Kerberos was inspiring, and reminded me
+about the need to start using Kerberos in Skolelinux. Setting up a
+Kerberos server seem to be straight forward, and if we get this in
+place a long time before the Squeeze version of Debian freezes, we
+have a chance to migrate Skolelinux away from NFSv3 for the home
+directories, and over to an architecture where the infrastructure do
+not have to trust IP addresses and machines, and instead can trust
+users and cryptographic keys instead.</p>
+
+<p>A challenge will be integration and administration. Is there a
+Kerberos implementation for Debian where one can control the
+administration access in Kerberos using LDAP groups? With it, the
+school administration will have to maintain access control using flat
+files on the main server, which give a huge potential for errors.</p>
+
+<p>A related question I would like to know is how well Kerberos and
+pam-ccreds (offline password check) work together. Anyone know?</p>
+
+<p>Next step will be to use Kerberos for access control in Lwat and
+Nagios. I have no idea how much work that will be to implement. We
+would also need to document how to integrate with Windows AD, as such
+shared network will require two Kerberos realms that need to cooperate
+to work properly.</p>
+
+<p>I believe a good start would be to start using Kerberos on the
+skolelinux.no machines, and this way get ourselves experience with
+configuration and integration. A natural starting point would be
+setting up ldap.skolelinux.no as the Kerberos server, and migrate the
+rest of the machines from PAM via LDAP to PAM via Kerberos one at the
+time.</p>
+
+<p>If you would like to contribute to get this working in Skolelinux,
+I recommend you to see the video recording from yesterdays NUUG
+presentation, and start using Kerberos at home. The video show show
+up in a few days.</p>
</description>
</item>
<item>
- <title>Using bar codes at a computing center</title>
- <link>Using_bar_codes_at_a_computing_center.html</link>
- <guid isPermaLink="true">Using_bar_codes_at_a_computing_center.html</guid>
- <pubDate>Fri, 20 Feb 2009 08:50:00 +0100</pubDate>
+ <title>På vegne av vanvitting mange, Aftenposten!</title>
+ <link>http://people.skolelinux.org/pere/blog/P___vegne_av_vanvitting_mange__Aftenposten_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/P___vegne_av_vanvitting_mange__Aftenposten_.html</guid>
+ <pubDate>Sat, 6 Mar 2010 21:15:00 +0100</pubDate>
<description>
-<p>At work with the University of Oslo, we have several hundred computers
-in our computing center. This give us a challenge in tracking the
-location and cabling of the computers, when they are added, moved and
-removed. Some times the location register is not updated when a
-computer is inserted or moved and we then have to search the room for
-the "missing" computer.</p>
-
-<p>In the last issue of Linux Journal, I came across a project
-<a href="http://www.libdmtx.org/">libdmtx</a> to write and read bar
-code blocks as defined in the
-<a href="http://en.wikipedia.org/wiki/Data_Matrix">The Data Matrix
-Standard</a>. This is bar codes that can be read with a normal
-digital camera, for example that on a cell phone, and several such bar
-codes can be read by libdmtx from one picture. The bar code standard
-allow up to 2 KiB to be written in the tag. There is another project
-with <a href="http://www.terryburton.co.uk/barcodewriter/">a bar code
-writer written in postscript</a> capable of creating such bar codes,
-but this was the first time I found a tool to read these bar
-codes.</p>
-
-<p>It occurred to me that this could be used to tag and track the
-machines in our computing center. If both racks and computers are
-tagged this way, we can use a picture of the rack and all its
-computers to detect the rack location of any computer in that rack.
-If we do this regularly for the entire room, we will find all
-locations, and can detect movements and removals.</p>
-
-<p>I decided to test if this would work in practice, and picked a
-random rack and tagged all the machines with their names. Next, I
-took pictures with my digital camera, and gave the dmtxread program
-these JPEG pictures to see how many tags it could read. This worked
-fairly well. If the pictures was well focused and not taken from the
-side, all tags in the image could be read. Because of limited space
-between the racks, I was unable to get a good picture of the entire
-rack, but could without problem read all tags from a picture covering
-about half the rack. I had to limit the search time used by dmtxread
-to 60000 ms to make sure it terminated in a reasonable time frame.</p>
-
-<p>My conclusion is that this could work, and we should probably look
-at adjusting our computer tagging procedures to use bar codes for
-easier automatic tracking of computers.</p>
+<p><a href="http://fotball.aftenposten.no/incoming/article163000.ece">Aftenposten
+melder</a> på forsiden av webavisen sin at de tror Erling Fossen
+provoserer nordlendinger med sine uttalelser på
+fotballtinget. Jeg er utflyttet nordlending, og må innrømme at jeg
+ikke kjennet så mye som et snev av provokasjon fra denne litt morsomme
+uttalelsen til Hr. Fossen. Lurer på om Aftenposten har noen kilder
+utenom redaksjonen for sin påstand om at nordledinger er provosert av
+Hr. Fossen. Må innrømme at jeg tviler på det.</p>
+
+<p>Det hele bringer tankene tilbake til Sture Hansen i Hallo i Uken.</p>
</description>
</item>
projects / homepage.git / blobdiff