Petter Reinholdtsen

Fransk idiotlovforslag hinker gjennom parlamentet

Fri, 10 Apr 2009 00:10:00 +0200

Dagbladet -melder at det franske idiotforslaget om Ã¥ kutte Internet-forbindelsen -til alle som blir anklaget for Ã¥ ha brutt opphavsretten 3 ganger -ble nedstemt i dag med 21 mot 15 stemmer. Vinklingen i Dagbladet er -litt merkelig nÃ¥r en vet at det samme forslaget ble vedtatt i -parlamentets andre kammer med 12 mot 4 stemmer, etter at det -overraskende -ble foreslÃ¥tt Ã¥ ta saken opp til votering 22:45 sist torsdag, -etter sigende i strid med vanlige rutiner i det franske parlamentet.

- -

Det hele blir ennÃ¥ mer komisk nÃ¥r et vet at -presidentens -parti er blitt anklaget for Ã¥ ha brutt opphavsretten. Mon tro om -partet skal miste internet-forbindelsen hvis de fÃ¥r 2 anklager til -rettet mot seg.

I found the notes from Rob Weir on +how +to crush dissent matching my own thoughts on the matter quite +well. Highly recommended for those wondering which road our society +should go down. In my view we have been heading the wrong way for a +long time.

Recording video from cron using VLC

Sun, 5 Apr 2009 10:00:00 +0200

One think I have wanted to figure out for a along time is how to -run vlc from cron to do recording of video streams on the net. The -task is trivial with mplayer, but I do not really trust the security -of mplayer (it crashes too often on strange input), and thus prefer -vlc. I finally found a way to do it today. I spent an hour or so -searching the web for recipes and reading the documentation. The -hardest part was to get rid of the GUI window, but after finding the -dummy interface, the command line finally presented itself:

- -

URL=http://www.ping.uio.no/video/rms-oslo_2009.ogg
-SAVEFILE=rms.ogg
-DISPLAY= vlc -q $URL \
-  --sout="#duplicate{dst=std{access=file,url='$SAVEFILE'},dst=nodisplay}" \
-  --intf=dummy

- -

The command stream the URL and store it in the SAVEFILE by -duplicating the output stream to "nodisplay" and the file, using the -dummy interface. The dummy interface and the nodisplay output make -sure no X interface is needed.

- -

The cron job then need to start this job with the appropriate URL -and file name to save, sleep for the duration wanted, and then kill -the vlc process with SIGTERM. Here is a complete script -vlc-record to use from at or cron:

- -

#!/bin/sh
-set -e
-URL="$1"
-SAVEFILE="$2"
-DURATION="$3"
-DISPLAY= vlc -q "$URL" \
-  --sout="#duplicate{dst=std{access=file,url='$SAVEFILE'},dst=nodisplay}" \
-  --intf=dummy < /dev/null > /dev/null 2>&1 &
-pid=$!
-sleep $DURATION
-kill $pid
-wait $pid

As reported earlier, the last few days I have looked at how Debian +Edu clients are configured, and tried to get rid of all hardcoded +configuration settings on the clients. I believe the work to be +mostly done, and the clients seem to work just fine with dynamically +generated configuration.

+ +

What is the point, you might ask? The point is to allow a Debian +Edu desktop to integrate into an existing network infrastructure +without any manual configuration.

+ +

This is what happens when installing a Debian Edu client here at +the University of Oslo using PXE. With the PXE installation, I am +asked for language (Norwegian BokmÃ¥l), locality (Norway) and keyboard +layout (no-latin1), Debian Edu profile (Roaming Workstation), if I +accept to reformat the hard drive (yes), if I want to submit info to +popcon.debian.org (no) and root password (secret). After answering +these questions, the installer goes ahead and does its thing, and +after around 50 minutes it is done. I press enter to finish the +installation, and the machine reboots into KDE. When the machine is +ready and kdm asks for login information, I enter my university +username and password, am told by kdm that a local home directory has +been created and that I must log in again, and finally log in with the +same username and password to the KDE 4.4 desktop. At no point during +this process did it ask for university specific settings, and all the +required configuration was dynamically detected using information +fetched via DHCP and DNS. The roaming workstation is now ready for +use.

+ +

How was this done, you might wonder? First of all, here is the +list of things that need to be configured on the client to get it +working properly out of the box:

+ +

IP address/netmask and DNS server.
Web proxy URL.
LDAP server for NSS directory information (user, group, etc).
Kerberos server for PAM password checking.
SMB mount point to access the network home directory. (*)
Central syslog server to send syslog messages to. (*)
Sitesummary collector URL to submit info to central server. (*)

+ +

(Hm, did I forget anything? Let me knew if I did.)

+ +

The points marked (*) are not required to be able to use the +machine, but needed to provide central storage and allowing system +administrators to track their machines. Since yesterday, everything +but the sitesummary collector URL is dynamically discovered at boot +and installation time in the svn version of Debian Edu.

+ +

The IP and DNS setup is fetched during boot using DHCP as usual. +When a DHCP update arrives, the proxy setup is updated by looking for +http://wpat/wpad.dat and using the content of this WPAD file to +configure the http and ftp proxy in /etc/environment and +/etc/apt/apt.conf. I decided to update the proxy setup using a DHCP +hook to ensure that the client stops using the Debian Edu proxy when +it is moved outside the Debian Edu network, and instead uses any local +proxy present on the new network when it moves around.

+ +

The DNS names of the LDAP, Kerberos and syslog server and related +configuration are generated using DNS information at boot. First the +installer looks for a host named ldap in the current DNS domain. If +not found, it looks for _ldap._tcp SRV records in DNS instead. If an +LDAP server is found, its root DSE entry is requested and the +attributes namingContexts and defaultNamingContext are used to +determine which LDAP base to use for NSS. If there are several +namingContexts attibutes and the defaultNamingContext is present, that +LDAP subtree is used as the base. If defaultNamingContext is missing, +the subtrees listed as namingContexts are searched in sequence for any +object with class posixAccount or posixGroup, and the first one with +such an object is used as the LDAP base. For Kerberos, a similar +search is done by first looking for a host named kerberos, and then +for the _kerberos._tcp SRV record. I've been unable to find a way to +look up the Kerberos realm, so for this the upper case string of the +current DNS domain is used.

+ +

For the syslog server, the hosts syslog and loghost are searched +for, and the _syslog._udp SRV record is consulted if no such host is +found. This algorithm works for both Debian Edu and the University of +Oslo. A similar strategy would work for locating the sitesummary +server, but have not been implemented yet. I decided to fetch and +save these settings during installation, to make sure moving to a +different network does not change the set of users being allowed to +log in nor the passwords required to log in. Usernames and passwords +will be cached by sssd when the user logs in on the Debian Edu +network, and will not change as the laptop move around. For a +non-roaming machine, there is no caching, but given that it is +supposed to stay in place it should not matter much. Perhaps we +should switch those to use sssd too?

+ +

The user's SMB mount point for the network home directory is +located when the user logs in for the first time. The LDAP server is +consulted to look for the user's LDAP object and the sambaHomePath +attribute is used if found. If it isn't found, the home directory +path fetched from NSS is used instead. Assuming the path is of the +form /site/server/directory/username, the second part is looked up in +DNS and used to generate a SMB URL of the form +smb://server.domain/username. This algorithm works for both Debian +edu and the University of Oslo. Perhaps there are better attributes +to use or a better algorithm that works for more sites, but this will +do for now. :)

+ +

This work should make it easier to integrate the Debian Edu clients +into any LDAP/Kerberos infrastructure, and make the current setup even +more flexible than before. I suspect it will also work for thin +client servers, allowing one to easily set up LTSP and hook it into a +existing network infrastructure, but I have not had time to test this +yet.

+ +

If you want to help out with implementing these things for Debian +Edu, please contact us on debian-edu@lists.debian.org.

+ +

Update 2010-08-09: Simon Farnsworth gave me a heads-up on how to +detect Kerberos realm from DNS, by looking for _kerberos TXT entries +before falling back to the upper case DNS domain name. Will have to +implement it for Debian Edu. :)

Standardize on protocols and formats, not vendors and applications

Mon, 30 Mar 2009 11:50:00 +0200

Where I work at the University of Oslo, one decision stand out as a -very good one to form a long lived computer infrastructure. It is the -simple one, lost by many in todays computer industry: Standardize on -open network protocols and open exchange/storage formats, not applications. -Applications come and go, while protocols and files tend to stay, and -thus one want to make it easy to change application and vendor, while -avoiding conversion costs and locking users to a specific platform or -application.

- -

This approach make it possible to replace the client applications -independently of the server applications. One can even allow users to -use several different applications as long as they handle the selected -protocol and format. In the normal case, only one client application -is recommended and users only get help if they choose to use this -application, but those that want to deviate from the easy path are not -blocked from doing so.

- -

It also allow us to replace the server side without forcing the -users to replace their applications, and thus allow us to select the -best server implementation at any moment, when scale and resouce -requirements change.

- -

I strongly recommend standardizing - on open network protocols and -open formats, but I would never recommend standardizing on a single -application that do not use open network protocol or open formats.

A few years ago, I was involved in a project planning to use +Windows file servers as home directory servers for Debian +Edu/Skolelinux machines. This was thought to be no problem, as the +access would be through the SMB network file system protocol, and we +knew other sites used SMB with unix and samba as the file server to +mount home directories without any problems. But, after months of +struggling, we had to conclude that our goal was impossible.

+ +

The reason is simply that while SMB can be used for home +directories when the file server is Samba running on Unix, this only +work because of Samba have some extensions and the fact that the +underlying file system is a unix file system. When using a Windows +file server, the underlying file system do not have POSIX semantics, +and several programs will fail if the users home directory where they +want to store their configuration lack POSIX semantics.

+ +

As part of this work, I wrote a small C program I want to share +with you all, to replicate a few of the problematic applications (like +OpenOffice.org and GCompris) and see if the file system was working as +it should. If you find yourself in spooky file system land, it might +help you find your way out again. This is the fs-test.c source:

+ +

+/*
+ * Some tests to check the file system sematics.  Used to verify that
+ * CIFS from a windows server do not work properly as a linux home
+ * directory.
+ * License: GPL v2 or later
+ * 
+ * needs libsqlite3-dev and build-essential installed
+ * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
+*/
+
+#define _FILE_OFFSET_BITS 64
+#define _LARGEFILE_SOURCE 1
+#define _LARGEFILE64_SOURCE 1
+
+#define _GNU_SOURCE /* for asprintf() */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#ifdef TEST_SQLITE
+/*
+ * Test sqlite open, as done by gcompris require the libsqlite3-dev
+ * package and linking with -lsqlite3.  A more low level test is
+ * below.
+ * See also <URL: http://www.sqlite.org./faq.html#q5 >.
+ */
+#include <sqlite3.h>
+#define CREATE_TABLE_USERS                                              \
+  "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
+int test_sqlite_open(void) {
+  char *zErrMsg;
+  char *name = "testsqlite.db";
+  sqlite3 *db=NULL;
+  unlink(name);
+  int rc = sqlite3_open(name, &db);
+  if( rc ){
+    printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
+    sqlite3_close(db);
+    return -1;
+  }
+
+  /* create tables */
+  rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL,  0, &zErrMsg);
+  if( rc != SQLITE_OK ){
+    printf("error: sqlite table create failed: %s\n", zErrMsg);
+    sqlite3_close(db);
+    return -1;
+  }
+  printf("info: sqlite worked\n");
+  sqlite3_close(db);
+  return 0;
+}
+#endif /* TEST_SQLITE */
+
+/*
+ * Demonstrate locking issue found in gcompris using sqlite3.  This
+ * work with ext3, but not with cifs server on Windows 2003.  This is
+ * done in the sqlite3 library.
+ * See also
+ * <URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
+ * POSIX specification
+ * <URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
+ */
+int test_gcompris_locking(void) {
+  struct flock fl;
+  char *name = "testsqlite.db";
+  unlink(name);
+  int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
+  printf("info: testing fcntl locking\n");
+
+  fl.l_whence = SEEK_SET;
+  fl.l_pid    = getpid();
+  printf("  Read-locking 1 byte from 1073741824");
+  fl.l_start  = 1073741824;
+  fl.l_len    = 1;
+  fl.l_type   = F_RDLCK;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  printf("  Read-locking 510 byte from 1073741826");
+  fl.l_start  = 1073741826;
+  fl.l_len    = 510;
+  fl.l_type   = F_RDLCK;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  printf("  Unlocking 1 byte from 1073741824");
+  fl.l_start  = 1073741824;
+  fl.l_len    = 1;
+  fl.l_type   = F_UNLCK;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  printf("  Write-locking 1 byte from 1073741824");
+  fl.l_start  = 1073741824;
+  fl.l_len    = 1;
+  fl.l_type   = F_WRLCK;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  printf("  Write-locking 510 byte from 1073741826");
+  fl.l_start  = 1073741826;
+  fl.l_len    = 510;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  printf("  Unlocking 2 byte from 1073741824");
+  fl.l_start  = 1073741824;
+  fl.l_len    = 2;
+  fl.l_type   = F_UNLCK;
+  if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+  close(fd);
+  return 0;
+}
+
+/*
+ * Test if permissions of freshly created directories allow entries
+ * below them.  This was a problem with OpenOffice.org and gcompris.
+ * Mounting with option 'sync' seem to solve this problem while
+ * slowing down file operations.
+ */
+int test_subdirectory_creation(void) {
+#define LEVELS 5
+  char *path = strdup("test");
+  char *dirs[LEVELS];
+  int level;
+  printf("info: testing subdirectory creation\n");
+  for (level = 0; level < LEVELS; level++) {
+    char *newpath = NULL;
+    if (-1 == mkdir(path, 0777)) {
+      printf("  error: Unable to create directory '%s': %s\n",
+	     path, strerror(errno));
+      break;
+    }
+    asprintf(&newpath, "%s/%s", path, "test");
+    free(path);
+    path = newpath;
+  }
+  return 0;
+}
+
+/*
+ * Test if symlinks can be created.  This was a problem detected with
+ * KDE.
+ */
+int test_symlinks(void) {
+  printf("info: testing symlink creation\n");
+  unlink("symlink");
+  if (-1 == symlink("file", "symlink"))
+    printf("  error: Unable to create symlink\n");
+  return 0;
+}
+
+int main(int argc, char **argv) {
+  printf("Testing POSIX/Unix sematics on file system\n");
+  test_symlinks();
+  test_subdirectory_creation();
+#ifdef TEST_SQLITE
+  test_sqlite_open();
+#endif /* TEST_SQLITE */
+  test_gcompris_locking();
+  return 0;
+}
+

+ +

When everything is working, it should print something like +this:

+ +

+Testing POSIX/Unix sematics on file system
+info: testing symlink creation
+info: testing subdirectory creation
+info: sqlite worked
+info: testing fcntl locking
+  Read-locking 1 byte from 1073741824
+  Read-locking 510 byte from 1073741826
+  Unlocking 1 byte from 1073741824
+  Write-locking 1 byte from 1073741824
+  Write-locking 510 byte from 1073741826
+  Unlocking 2 byte from 1073741824
+

+ +

I do not remember the exact details of the problems we saw, but one +of them was with locking, where if I remember correctly, POSIX allow a +read-only lock to be upgraded to a read-write lock without unlocking +the read-only lock (while Windows do not). Another was a bug in the +CIFS/SMB client implementation in the Linux kernel where directory +meta information would be wrong for a fraction of a second, making +OpenOffice.org fail to create its deep directory tree because it was +not allowed to create files in its freshly created directory.

+ +

Anyway, here is a nice tool for your tool box, might you never need +it. :)

Returning from Skolelinux developer gathering

Sun, 29 Mar 2009 21:00:00 +0200

I'm sitting on the train going home from this weekends Debian -Edu/Skolelinux development gathering. I got a bit done tuning the -desktop, and looked into the dynamic service location protocol -implementation avahi. It look like it could be useful for us. Almost -30 people participated, and I believe it was a great environment to -get to know the Skolelinux system. Walter Bender, involved in the -development of the Sugar educational platform, presented his stuff and -also helped me improve my OLPC installation. He also showed me that -his Turtle Art application can be used in standalone mode, and we -agreed that I would help getting it packaged for Debian. As a -standalone application it would be great for Debian Edu. We also -tried to get the video conferencing working with two OLPCs, but that -proved to be too hard for us. The application seem to need more work -before it is ready for me. I look forward to getting home and relax -now. :)

A few days ago, I +tried +to install a Roaming workation profile from Debian Edu/Squeeze +while on the university network here at the University of Oslo, and +noticed how much had to change to get it operational using the +university infrastructure. It was fairly easy, but it occured to me +that Debian Edu would improve a lot if I could get the client to +connect without any changes at all, and thus let the client configure +itself during installation and first boot to use the infrastructure +around it. Now I am a huge step further along that road.

+ +

With our current squeeze-test packages, I can select the roaming +workstation profile and get a working laptop connecting to the +university LDAP server for user and group and our active directory +servers for Kerberos authentication. All this without any +configuration at all during installation. My users home directory got +a bookmark in the KDE menu to mount it via SMB, with the correct URL. +In short, openldap and sssd is correctly configured. In addition to +this, the client look for http://wpad/wpad.dat to configure a web +proxy, and when it fail to find it no proxy settings are stored in +/etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is +configured to look for the same wpad configuration and also do not use +a proxy when at the university network. If the machine is moved to a +network with such wpad setup, it would automatically use it when DHCP +gave it a IP address.

+ +

The LDAP server is located using DNS, by first looking for the DNS +entry ldap.$domain. If this do not exist, it look for the +_ldap._tcp.$domain SRV records and use the first one as the LDAP +server. Next, it connects to the LDAP server and search all +namingContexts entries for posixAccount or posixGroup objects, and +pick the first one as the LDAP base. For Kerberos, a similar +algorithm is used to locate the LDAP server, and the realm is the +uppercase version of $domain.

+ +

So, what is not working, you might ask. SMB mounting my home +directory do not work. No idea why, but suspected the incorrect +Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be +the cause. These are not properly configured during installation, and +had to be hand-edited to get the correct Kerberos realm and server, +but SMB mounting still do not work. :(

+ +

With this automatic configuration in place, I expect a Debian Edu +roaming profile installation would be able to automatically detect and +connect to any site using LDAP and Kerberos for NSS directory and PAM +authentication. It should also work out of the box in a Active +Directory environment providing posixAccount and posixGroup objects +with UID and GID values.

+ +

If you want to help out with implementing these things for Debian +Edu, please contact us on debian-edu@lists.debian.org.

Time for new LDAP schemas replacing RFC 2307?

Sun, 29 Mar 2009 20:30:00 +0200

The state of standardized LDAP schemas on Linux is far from -optimal. There is RFC 2307 documenting one way to store NIS maps in -LDAP, and a modified version of this normally called RFC 2307bis, with -some modifications to be compatible with Active Directory. The RFC -specification handle the content of a lot of system databases, but do -not handle DNS zones and DHCP configuration.

- -

In Debian Edu/Skolelinux, -we would like to store information about users, SMB clients/hosts, -filegroups, netgroups (users and hosts), DHCP and DNS configuration, -and LTSP configuration in LDAP. These objects have a lot in common, -but with the current LDAP schemas it is not possible to have one -object per entity. For example, one need to have at least three LDAP -objects for a given computer, one with the SMB related stuff, one with -DNS information and another with DHCP information. The schemas -provided for DNS and DHCP are impossible to combine into one LDAP -object. In addition, it is impossible to implement quick queries for -netgroup membership, because of the way NIS triples are implemented. -It just do not scale. I believe it is time for a few RFC -specifications to cleam up this mess.

- -

I would like to have one LDAP object representing each computer in -the network, and this object can then keep the SMB (ie host key), DHCP -(mac address/name) and DNS (name/IP address) settings in one place. -It need to be efficently stored to make sure it scale well.

- -

I would also like to have a quick way to map from a user or -computer and to the net group this user or computer is a member.

- -

Active Directory have done a better job than unix heads like myself -in this regard, and the unix side need to catch up. Time to start a -new IETF work group?

The new roaming workstation profile in Debian Edu/Squeeze is fairly +similar to the laptop setup am I working on using Ubuntu for the +University of Oslo, and just for the heck of it, I tested today how +hard it would be to integrate that profile into the university +infrastructure. In this case, it is the university LDAP server, +Active Directory Kerberos server and SMB mounting from the Netapp file +servers.

+ +

I was pleasantly surprised that the only three files needed to be +changed (/etc/sssd/sssd.conf, /etc/ldap.conf and +/etc/mklocaluser.d/20-debian-edu-config) and one file had to be added +(/usr/share/perl5/Debian/Edu_Local.pm), to get the client working. +Most of the changes were to get the client to use the university LDAP +for NSS and Kerberos server for PAM, but one was to change a hard +coded DNS domain name in the mklocaluser hook from .intern to +.uio.no.

+ +

This testing was so encouraging, that I went ahead and adjusted the +Debian Edu scripts and setup in subversion to centralise the roaming +workstation setup a bit more and avoid the hardcoded DNS domain name, +so that when I test this tomorrow, I expect to get away with modifying +only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the +university servers.

+ +

My goal is to get the clients to have no hardcoded settings and +fetch all their initial setup during installation and first boot, to +allow them to be inserted also into environments where the default +setup in Debian Edu has been changed or as with the university, where +the environment is different but provides the protocols Debian Edu +uses.

Hva er egentlig en Ã¥pen standard?

Sat, 28 Mar 2009 10:50:00 +0100

Jeg mÃ¸ter alle slags interessante mennesker pÃ¥ min vei, og et mÃ¸te -jeg lÃ¦rte mye av var Ã¥ treffe pÃ¥ en svÃ¦rt kompetent IT-fyr som -benektet ting jeg anser som Ã¥penbart og selvfÃ¸lgelig nÃ¥r det gjelder -standarder. Det var interessant, da det fikk meg til Ã¥ tenke litt -nÃ¸yere pÃ¥ hvilke mekanismer som ligger til grunn for at noe oppfattes -som en standard. Det hele startet med arbeid rundt integrering av NSS -LDAP mot Active Directory, og problemer som oppstÃ¥r pga. at Active -Directory ikke fÃ¸lger LDAP-spesifikasjonen som dokumentert i RFCer fra -IETF (konkret, AD returnerer kun et subset av attributter hvis det er -mer enn 1500 atributter av en gitt type i et LDAP-objekt, og en mÃ¥ be -om resten i bolker av 1500). Jeg hevdet mÃ¥ten dette ble gjort pÃ¥ brÃ¸t -med LDAP-spesifikasjonen, og henviste til hvor i LDAP-spesifikasjonen -fra IETF det sto at oppfÃ¸rselen til AD ikke fulgte -LDAP-spesifikasjonen. AD-spesialisten overrasket meg da ved Ã¥ -fortelle at IETF var ikke de som definerte LDAP-spesifikasjonen, og at -Active Directory ikke brÃ¸t den virkelige LDAP-spesifikasjonen som han -mente lÃ¥ til grunn. Jeg ble spesielt overrasket over denne -tilnÃ¦rmingen til problemstillingen, da til og med Microsoft sÃ¥ vidt -jeg kan se anerkjenner IETF som organisasjonen som definerer -LDAP-spesifikasjonen. Jeg fikk aldri spurt hvem han mente sto bak den -egentlige LDAP-spesifikasjonen, da det var irrelevant for problemet vi -mÃ¥tte lÃ¸se (fÃ¥ Linux og AD til Ã¥ fungere sammen). Dette mÃ¸tet -fortalte meg uansett at det ikke er gitt at alle aktÃ¸rer er enige om -hva en standard er, og hva som er kilden til en gitt standard. Det er -vanskelig Ã¥ enes om felles standarder fÃ¸r en fÃ¸rst enes om hvem som -bestemmer hva en gitt standard innebÃ¦rer.

- -

Hva er sÃ¥ en standard? I sin abstrakte form er det noe Ã¥ samles -om. PÃ¥ engelsk er en av betydningene fane brukt i krig, du vet, den -type fane en samlet seg rundt pÃ¥ kamplassen i riddertiden. En -standard definerer altsÃ¥ et felleskap, noen som har noe felles. Det -er naturligvis mange mÃ¥ter Ã¥ utgjÃ¸re et felleskap pÃ¥. En kan -f.eks. enes om Ã¥ gjÃ¸re alt slik som Ole gjÃ¸r det, og dermed si at Oles -oppfÃ¸rsel er standard. Hver gang Ole endrer oppfÃ¸rsel endrer ogsÃ¥ -standarden seg uten noe mer organisering og prosedyre. En variant av -dette er Ã¥ gjÃ¸re slik som Ole har gjort det i stedet for slik Ole til -enhver til gjÃ¸r noe. Dette er ofte litt enklere Ã¥ forholde seg til, -da en slipper Ã¥ sjekke med Ole hver gang for Ã¥ vite hvordan ting skal -gjÃ¸res nÃ¥, men hvis det Ole gjorde noe dumt den gang en bestemte seg -for Ã¥ fÃ¸lge Ole, sÃ¥ er det vanskeligere Ã¥ fÃ¥ endret oppfÃ¸rsel for Ã¥ -unngÃ¥ dette dumme.

- -

En kan ogsÃ¥ ta det et skritt videre, og istedet for Ã¥ basere seg pÃ¥ -enkeltpersoners oppfÃ¸rsel sette seg ned og bli enige om hvordan en -skal gjÃ¸re ting, dvs. lage et felleskap basert pÃ¥ konsensus. Dette -tar naturligvis litt mer tid (en mÃ¥ diskutere ting i forkant fÃ¸r en -kan sette igang), men det kan bidra til at den oppfÃ¸rselen en -planlegger Ã¥ benytte seg av er mer gjennomtenkt. Det ender ogsÃ¥ -typisk opp med en beskrivelse av Ã¸nsket oppfÃ¸rsel som flere kan forstÃ¥ -- da flere har vÃ¦rt involvert i Ã¥ utarbeide beskrivelsen.

- -

Dette er dessverre ikke alt som trengs for Ã¥ forstÃ¥ hva en Ã¥pen -standard er for noe. Der alle kan se pÃ¥ hvordan folk oppfÃ¸rer seg, og -dermed har valget om de vil oppfÃ¸re seg likt eller ikke, sÃ¥ er det -endel juridiske faktorer som gjÃ¸r det hele mer komplisert - -opphavsretten og patentlovgivningen for Ã¥ vÃ¦re helt konkret. For Ã¥ gi -et eksempel. Hvis noen blir enige om Ã¥ alltid plystre en bestemt -melodi nÃ¥r de mÃ¸tes, for Ã¥ identifisere hverandre, sÃ¥ kan -opphavsretten brukes til Ã¥ styre hvem som fÃ¥r lov til Ã¥ gjÃ¸re dette. -De har standardisert hvordan de kjenner igjen alle som fÃ¸lger denne -standarden, men ikke alle har nÃ¸dvendigvis lov til Ã¥ fÃ¸lge den. -Musikk er opphavsrettsbeskyttet, og fremfÃ¸ring av musikk i -offentligheten er opphavsmannens enerett (dvs. et monopol). Det vil i -sin ytterste konsekvens si at alle som skal plystre en -opphavsrettsbeskyttet melodi i det offentlige rom mÃ¥ ha godkjenning -fra opphavsmannen. Har en ikke dette, sÃ¥ bryter en loven og kan -straffes. Det er dermed mulig for opphavsmannen Ã¥ kontrollere hvem -som fÃ¥r lov til Ã¥ benytte seg av denne standarden. En annen variant -er hvis en standard er dokumentert, sÃ¥ er dokumentet som definerer -standarden (spesifikasjonen) beskyttet av opphavsretten, og det er -dermed mulig for rettighetsinnehaver Ã¥ begrense tilgang til -spesifikasjonen, og slik styre hvem som kan ta i bruk standarden pÃ¥ -den mÃ¥ten.

- -

Der opphavsretten innvilger et monopol pÃ¥ kunstneriske uttrykk med -verkshÃ¸yde, innvilger patentlovgivningen monopol pÃ¥ ideer. Hvis en -slik patentert idÃ© (fortrinnsvis uttrykt i en teknisk innretning, men -det er kompliserende faktorer som gjÃ¸r at det ikke er et krav) trengs -for Ã¥ ta i bruk en standard, sÃ¥ vil den som innehar patent kunne styre -hvem som fÃ¥r ta i bruk standarden. Det er dermed ikke gitt at alle -kan delta i et standard-felleskap, og hvis de kan delta, sÃ¥ er det -ikke sikkert at det er pÃ¥ like vilkÃ¥r. F.eks. kan rettighetsinnehaver -sette vilkÃ¥r som gjÃ¸r at noen faller utenfor, det vÃ¦re seg av -finansielle, avtalemessige eller prinsipielle Ã¥rsaker. Vanlige slike -vilkÃ¥r er "mÃ¥ betale litt for hver kunde/bruker" som utelukker de som -gir bort en lÃ¸sning gratis og "mÃ¥ gi fra seg retten til Ã¥ hÃ¥ndheve -sine egne patentrettigheter ovenfor rettighetshaver" som utelukker -alle som Ã¸nsker Ã¥ beholde den muligheten.

- -

En Ã¥pen standard innebÃ¦rer for meg at alle kan fÃ¥ innsikt i en -komplett beskrivelse av oppfÃ¸rsel som standarden skal dekke, og at -ingen kan nektes Ã¥ benytte seg av standarden. Noen mener at det -holder at alle med tilstrekkelig finansiering kan fÃ¥ tilgang til -spesifikasjonen og at en kun har finansielle krav til bruk. -Pga. denne konflikten har et nytt begrep spredt seg de siste Ã¥rene, -nemlig fri og Ã¥pen standard, der en har gjort det klart at alle mÃ¥ ha -komplett og lik tilgang til spesifikasjoner og retten til Ã¥ gjÃ¸re bruk -av en standard for at en standard skal kunne kalles fri og Ã¥pen.

I discovered this while doing +automated +testing of upgrades from Debian Lenny to Squeeze. A few packages +in Debian still got circular dependencies, and it is often claimed +that apt and aptitude should be able to handle this just fine, but +some times these dependency loops causes apt to fail.

+ +

An example is from todays +upgrade +of KDE using aptitude. In it, a bug in kdebase-workspace-data +causes perl-modules to fail to upgrade. The cause is simple. If a +package fail to unpack, then only part of packages with the circular +dependency might end up being unpacked when unpacking aborts, and the +ones already unpacked will fail to configure in the recovery phase +because its dependencies are unavailable.

+ +

In this log, the problem manifest itself with this error:

+ +

+dpkg: dependency problems prevent configuration of perl-modules:
+ perl-modules depends on perl (>= 5.10.1-1); however:
+  Version of perl on system is 5.10.0-19lenny2.
+dpkg: error processing perl-modules (--configure):
+ dependency problems - leaving unconfigured
+

+ +

The perl/perl-modules circular dependency is already +reported as a bug, and will +hopefully be solved as soon as possible, but it is not the only one, +and each one of these loops in the dependency tree can cause similar +failures. Of course, they only occur when there are bugs in other +packages causing the unpacking to fail, but it is rather nasty when +the failure of one package causes the problem to become worse because +of dependency loops.

+ +

Thanks to +the +tireless effort by Bill Allombert, the number of circular +dependencies +left in Debian +is dropping, and perhaps it will reach zero one day. :)

+ +

Todays testing also exposed a bug in +update-notifier and +different behaviour between +apt-get and aptitude, the latter possibly caused by some circular +dependency. Reported both to BTS to try to get someone to look at +it.

Vitenskapens dogmer...

Fri, 27 Mar 2009 11:30:00 +0100

HandspÃ¥leggere og andre tilhengere av ikke-etterprÃ¸vbar medisin, -samt de som mener at verden ikke utviklet seg i henhold til -evolusjonsteorien, hevder ofte at vitenskapen er dogmatisk og at -vitenskapsfolk velger Ã¥ ignorere alt vitenskapsfolk ikke kan -forklare. Intet kunne vÃ¦re lenger fra sannheten. En interessant -observasjon dog, er hvilke "dogmer" som ligger til grunn for -vitenskapen. Her er et forsÃ¸k pÃ¥ Ã¥ nevne noen av de grunnleggende -antagelsene som legges til grunn.

- -

FÃ¸rst og fremst ligger det til grunn en tro om at verden, -verdensrommet og universet har de samme egenskapene overalt. Dvs. at -en ikke tror at virkeligheten oppfÃ¸rer seg forskjellig f.eks. pÃ¥ -jorden og i verdensrommet. Dette er ingen selvfÃ¸lgelig antagelse, da -f.eks. de gamle grekerne antok at virkeligheten var forskjellig pÃ¥ -jorden og i himmelen. Antagelsen om at virkeligheten oppfÃ¸rer seg -etter de samme "reglene" overalt skjÃ¸t fÃ¸rst fart etter -middelalderen.

- -

NÃ¥r en sÃ¥ har begynt Ã¥ tro at virkeligheten oppfÃ¸rer seg likt -overalt, sÃ¥ kan en begynne Ã¥ tro at det er mulig Ã¥ observere -virkeligheten, og ut fra observasjoner kunne finne en forklaring, et -sett med "regler", som kan brukes til Ã¥ forutse hva som kommer til Ã¥ -skje i fremtiden basert pÃ¥ observasjoner gjort i fortiden. Eksempler -pÃ¥ dette er at en kan beregne hvor lang tid en sten som er sluppet -ned fra et hus vil bruke fÃ¸r den treffer bakken (og ikke tror at den -i noen tilfeller vil fly oppover i stedet for nedover). En kan altsÃ¥ -lage en mental modell over sammenhenger i virkeligheten, og bruke -denne modellen til Ã¥, enten ved hjelp av logiske argumentasjonsrekker -eller matematiske beregninger, forklare hva som kommer til Ã¥ skje. -Hvis modellen viser seg Ã¥ fungere bra for observasjoner i dag, sÃ¥ -kan en pÃ¥ tilsvarende vis beregne eller logisk sette sammen hva som -har foregÃ¥tt i fortiden som ledet frem til det vi kan observere i -dag.

- -

Sist, men ikke minst, sÃ¥ tror vitenskapsfolk pÃ¥ at det er mulig -Ã¥ observere virkeligheten, og Ã¥ tro pÃ¥ disse observasjonene -(innenfor rimelig feilmargin som fÃ¸lger av mÃ¥ten observasjonen er -gjort pÃ¥). En tror altsÃ¥ ikke pÃ¥ at noen bakenfor virkeligheten -forsÃ¸ker Ã¥ lure oss til Ã¥ observere noe som ikke eksisterer. Det -er naturligvis umulig (eller kanskje til nÃ¸d svÃ¦rt vanskelig) Ã¥ -motbevise at vi lever i Matrix-aktige omgivelser, der vi observerer -noe som eksisterer kun som en simulering i datamaskiner. Det at noe -er umulig Ã¥ motbevise gjÃ¸r dog ikke at det blir spesielt interessant -Ã¥ ta utgangspunkt i. Det er antagelig ikke grenser for hvor mange -mÃ¥ter det er mulig Ã¥ tenke seg at vi blir lurt til Ã¥ oppleve en -virkelighet som "egentlig" ikke eksisterer, men i og med at den -eksisterer for oss, sÃ¥ er det i hovedsak et filosofisk spÃ¸rsmÃ¥l om -hva det betyr Ã¥ eksistere. Det er ikke spesielt relevant for -vitenskapen, som altsÃ¥ tar utgangspunkt i at den virkeligheten vi -observerer eksisterer, virker likt overalt, og kan forstÃ¥s med logikk -og matematikk.

- -

Det kan virke som om de som hevder at vitenskapen er ute av stand -til Ã¥ ta inn over seg SnÃ¥samannens evner, homeopatiske -forklaringsmodeller og en skapende gud, ikke tror pÃ¥ det samme som -vitenskapsfolk. De kan ikke tro at den virkeligheten vi observerer -eksisterer, virker likt overalt, og kan forstÃ¥s med logikk og -matematikk. Mitt problem med Ã¥ tro pÃ¥ pÃ¥ det samme, er at hvis -disse forutsetningene ikke ligger til grunn, sÃ¥ er det ingen grenser -for hva en kan komme opp med av ideer til hvordan virkeligheten -fungerer. BÃ¥de Harry Potters magi, kreasjonistenes allmektige -skaper, det flygende spagettimonsteret, SnÃ¥samannens helbredelser, -Haitis voodo, samenes ganding og middelalderens hekserier blir like -gyldige. Jeg tror ikke noen av disse er spesielt sannsynlige, og -velger derfor Ã¥ ta utgangspunkt i vitenskapens rammer for hvordan -virkeligheten skal forstÃ¥s. For Ã¥ sitere en reklamekampanje fra -England: Vitenskap sender deg til mÃ¥nen. Religion sender deg inn i -skyskrapere. Takke meg til en tur til mÃ¥nen.

I just posted this announcement culminating several months of work +with the next Debian Edu release. Not nearly done, but one major step +completed.

+ +

+
This is the first test release based on Squeeze. The focus of this +release is to test the user application selection. To have a look, +install the standalone profile and let the developers know if the set +of installed packages i.e. applications should be modified. If some +user application is missing, or if there are some applications that no +longer make sense to be included in Debian Edu, please let us know. +Also, if a useful application is missing the translation for your +language of choice, please let us know too.
+ +
In addition, feedback and help to polish the desktop (menus, +artwork, starters, etc.) is appreciated. We would like to ship a nice +and handy KDE4 desktop targeted for schools out of the box.
+ +
The other profiles should be installable, but there is a lot more +work left to be done before they are ready, so do not expect to +much.
+ +
Changes compared to the lenny based version
+ +
+
Everything from Debian Squeeze +
+
Desktop environment KDE 4.4 => the new KDE desktop in + combination with some new artwork +
Web browser Iceweasel 3.5 +
OpenOffice.org 3.2 +
Educational toolbox GCompris 9.3 +
Music creator Rosegarden 10.04.2 +
Image editor Gimp 2.6.10 +
Virtual universe Celestia 1.6.0 +
Virtual stargazer Stellarium 0.10.4 +
3D modeler Blender 2.49.2 (new application) +
Video editor Kdenlive 0.7.7 (new application) +
+
Now using Kerberos for password checking (migration not finished). + Enabled for: +
+
PAM +
LDAP +
IMAP +
SMTP (sender verification) +
+
+
New experimental roaming workstation profile for laptops.
+
Show welcome page to users when they first log in. The URL is + fetched from LDAP.
+
New LXDE desktop option, in addition to KDE (default) and Gnome.
+
General cleanup (not finished)
+
+
The following features are not working as they should
+ +
+
No web based administration tool for creating users and groups. The + scripts ldap-createuser-krb and ldap-add-user-to-group can be used + for testing.
+
DVD installs are missing debian-installer images for the PXE boot, + and do not set up the PXE menu on eth0 because of this. LTSP + clients should still boot from eth1 on thin client servers.
+
The restructured KDE menu is not implemented.
+
The LDAP server setup need to be reviewed for security.
+
The LDAP directory structure need to be reworked.
+
Different sets of packages are installed when using the DVD and the + netinst CD. More packages are installed using the netinst CD.
+
The jackd package fail to install. This is believed to be caused by + some ongoing transition, and hopefully should be solved soon. The + jackd1 package can be installed manually for those that need it.
+
Some packages lack translations. See + http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status, + and help out with translations.
+
+ +
To download this multiarch netinstall release you can use
+ +
+
ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso
+
http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso
+
rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso
+
+
To download this multiarch dvd release you can use
+ +
+
ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso
+
http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso
+
rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso
+
+ +
There is no source DVD available yet. It will be prepared when we +get closer to the final release.
+ +
The MD5SUM of these images are
+ +
+
3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-6.0.0+edua0-CD.iso
+
22f2cbfce281d1c6e478be452638675d debian-edu-6.0.0+edua0-DVD.iso
+
+ +
The SHA1SUM of these images are
+
+
c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-6.0.0+edua0-CD.iso
+
2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-6.0.0+edua0-DVD.iso
+
+
How to report bugs: +http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla
+ +
Please direct replies to debian-edu@lists.debian.org
+

FÃ¸rste reprap-integreringsforsÃ¸k - Z-aksen beveger seg

Thu, 19 Mar 2009 22:15:00 +0100

I gÃ¥r tok jeg mot til meg, og lÃ¸ste problemet med -z-aksen ved Ã¥ borre i delen som manglet feste mot tannjulet som -skal drive z-aksereimen. Dermed var det klart for Ã¥ montere -z-akse-akslingen pÃ¥ motoren og komme et steg videre med -reprap-monteringen. PrÃ¸vekjÃ¸rte den i dag med -testprogrammet til stepmotoren, og kunne glad konstatere at det hele -fungerte. I hvert fall nÃ¥r stepmotoren ikke forsÃ¸kte -Ã¥ snurre for raskt rundt. Ved hÃ¸y hastighet roterte -ikke akslingen i det hele tatt. Motoren ble bare stÃ¥ende -Ã¥ vibrere. Usikker pÃ¥ hvorfor, men antar motoren ikke -har nok kraft til Ã¥ fÃ¥ hele akslingen til Ã¥ -rotere sÃ¥ raskt. Denne Ã¸velsen avslÃ¸rte dog et -annet problem med monteringen sÃ¥ langt. Under testingen -begynte skruer og muttere Ã¥ ry ned fra ulike deler av -reprap-konstruksjonen. Jeg har ikke skrudd alt hard nok sammen til -Ã¥ tÃ¥le slike vibrasjoner. Tror en 5-6 skruver og/eller -muttere lÃ¸snet. Brukte ganske lang tid pÃ¥ Ã¥ -finne ut hvor det manglet deler og skru ting sammen igjen. Antar alt -mÃ¥ strammes skikkelig til fÃ¸r fÃ¸rste -utskrift.

- -

Neste steg er Ã¥ fÃ¥ laget z-aksebÃ¥ndet. Der trenger jeg -egnet lim og en konstruksjon for Ã¥ klemme bandet sammen under -limingen, som -beskrevet -pÃ¥ reprap-wikien. Er blitt tipset om svart superlim som er -elastisk ogsÃ¥ etter at det tÃ¸rket, og dro ned til Small Size -Hobbyland pÃ¥ Lilletorget som skulle ha slikt, men da jeg var innom -fikk jeg hÃ¸re at de ikke lenger hadde slikt lim. MÃ¥ finne ut -hvor i Oslo jeg kan skaffe slikt. Kanskje Panduro har? Vet ikke hva -limet egentlig heter, sÃ¥ det er vanskelig Ã¥ sÃ¸ke pÃ¥ nett.

The last few months me and the other Debian Edu developers have +been working hard to get the Debian/Squeeze based version of Debian +Edu/Skolelinux into shape. This future version will use Kerberos for +authentication, and services are slowly migrated to single signon, +getting rid of password questions one at the time.

+ +

It will also feature a roaming workstation profile with local home +directory, for laptops that are only some times on the Skolelinux +network, and for this profile a shortcut is created in Gnome and KDE +to gain access to the users home directory on the file server. This +shortcut uses SMB at the moment, and yesterday I had time to test if +SMB mounting had started working in KDE after we added the cifs-utils +package. I was pleasantly surprised how well it worked.

+ +

Thanks to the recent changes to our samba configuration to get it +to use Kerberos for authentication, there were no question about user +password when mounting the SMB volume. A simple click on the shortcut +in the KDE menu, and a window with the home directory popped +up. :)

+ +

One step closer to a single signon solution out of the box in +Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now +also Samba. Next step is Cups and hopefully also NFS.

+ +

We had planned a alpha0 release of Debian Edu for today, but thanks +to the autobuilder administrators for some architectures being slow to +sign packages, we are still missing the fixed LTSP package we need for +the release. It was uploaded three days ago with urgency=high, and if +it had entered testing yesterday we would have been able to test it in +time for a alpha0 release today. As the binaries for ia64 and powerpc +still not uploaded to the Debian archive, we need to delay the alpha +release another day.

+ +

If you want to help out with implementing Kerberos for Debian Edu, +please contact us on debian-edu@lists.debian.org.

Avisene i endring

Sun, 15 Mar 2009 22:15:00 +0100

Jeg kom over bloggposten -"Newspapers -and Thinking the Unthinkable" som jeg synes forklarer godt hva som -skjer med aviser, og fikk meg til Ã¥ tenke litt rundt andre utdÃ¸ende -forretningsmodeller basert pÃ¥ Ã¥ lÃ¸se problemer som ikke lenger -eksisterer. Det blir spennende Ã¥ se hva vi ender opp med.

For mange Ã¥r siden slutte jeg Ã¥ kjÃ¸pe musikk-CDer. Ãrsaken var at +musikkbransjen var godt i gang med Ã¥ selge platene sine med DRM som +gjorde at jeg ikke fikk spilt av musikken jeg kjÃ¸pte pÃ¥ utstyret jeg +hadde tilgjengelig, dvs. min datamaskin. Det var umulig Ã¥ se pÃ¥ en +plate om den var Ã¸delagt eller ikke, og jeg hadde jo allerede en +anseelig samling med plater, sÃ¥ jeg bestemme meg for Ã¥ slutte Ã¥ gi +penger til en bransje som Ã¥penbart ikke respekterte meg.

+ +

Jeg har mange titalls dager med musikk pÃ¥ CD i dag. Det meste er +lagt i et stort arkiv som kan spilles av fra husets datamaskiner (har +ikke rukket rippe alt). Jeg ser dermed ikke behovet for Ã¥ skaffe mer +musikk. De fleste av mine favoritter er i hus, og jeg er dermed godt +fornÃ¸yd.

+ +

Hvis musikkbransjen Ã¸nsker mine penger, sÃ¥ mÃ¥ de demonstrere at de +setter pris pÃ¥ meg som kunde, og ikke skremme meg bort med DRM og +antydninger om at kundene er kriminelle.

+ +

Filmbransjen er like ille, men mens musikk gjerne varer lenge, er +filmer mer ferskvare. Har dermed ikke helt sluttet Ã¥ kjÃ¸pe filmer, men +holder meg til DVD-filmer som kan spilles av pÃ¥ mine Linuxbokser. +Kommer neppe til Ã¥ ta i bruk Blueray, og ei heller de nye DRM-greiene +Â«UltravioletÂ» som be annonsert her om dagen.

En skam at det ikke finnes ordrett referat fra norske domstoler

Fri, 13 Mar 2009 18:00:00 +0100

Advokatene jobber i disse dager hardt for Ã¥ bli kvitt juryordningen -fra norske domstoler. Det har de forsÃ¥vidt jobbet med i mange Ã¥r. -Personlig tror jeg det er Ã¥ starte i feil ende, og en dÃ¥rlig ide.

- -

Visst du at det ikke lages ordrett referat fra norske domstoler? -Det er ingen som skriver ned alt som sies i en norsk rettsal slik en -ser i TV-serier fra USA. Det som publiseres er dommerens -oppsummering, og alt som ikke blir med i den oppsummeringen er det -vanskelig Ã¥ fÃ¥ dokumentert i ettertid. Konsekvensen er at en kan -lyve sÃ¥ mye en vil fra vitneboksen uten Ã¥ bli tatt for det i -ettertid, hvis dommeren ikke syntes det som ble sagt var sÃ¥ -interessant at det ble med i dokumentet som dokumenterer -domsavsigelsen. Mens alt som sies fra Stortingets talerstol er -tilgjengelig pÃ¥ web etter kort tid for kontroll og kritikk, er det -ingen tilsvarende mulighet for det som sies fra vitneboksen i en norsk -domstol. Kan dette fÃ¸re til at en sak varer lengre enn nÃ¸dvendig i -rettssystemet? Jeg tror det, og synes det er en skam at det ikke -publiseres ordrette referater fra norske rettsaler.

- -

En relatert observasjon er at det i utvalgte deler av landet -eksperimenteres med lydopptak fra rettsalen, men disse opptakene er -kun tilgjengelig for dommeren til hjelp nÃ¥r oppsummeringen skrives. -Jeg synes som et minimum at disse lydopptakene som en regel burde vÃ¦rt -publisert offentlig pÃ¥ web.

Thanks to +todays +opengeodata blog entry, I just discovered that the +OpenStreetmap.org site have gotten +support +for calculating routes. The support is still experimental and +only available from the development server, until more experience is +gathered on the user interface and any scalability issues.

+ +

Earlier, the routing I knew about using the OpenStreetmap.org data +was provided by Cloudmade, +but having it on the main page is required to make everyone aware of +the issue. I've had people reject Openstreetmap.org as a viable +alternative for them because the front page lacked routing support, +and I hope their needs will be catered for when routing show up on the +www.openstreetmap.org front page.