Wednesday, January 30, 2008

Time for a laser printer?

I'm thinking about buying a laser printer as a complement to my ink printer. The reason is that laser printers costs less per printed page. I'm only interested in a black and white printer and will still use my ink printer for color prints.

I have invested some time to look around among the cheapest printers for a around €100. All manufactures ships their printers with a toner filled to something between 25% and 50% of what a new toner includes. An a new toner costs close to the same as a the printer. The smallest difference between a new toner and the printer was about €10. That is ridiculous. So far I have found one manufacture that ships a full toner cassette with new printers ant that is Canon.

Unfortunately Canon is not the best supplier to support Linux and Ubuntu with printer drivers. Linux printing database list the Canon LBP 2900 as not supported. But in mater of fact Canon say they support Linux to this printer. So who is telling the truth? After some googling I have found that yes the printer works with Linux but not too well. A special daemon need to be installed and it requires restart once in a while. It is not an out of the box working printer, there is a long installation instruction on the Ubuntu wiki.

Canon, why can't you deliver a proper driver that can be included with CUPS? If you had done that, my choice have been obvious.

Normally I am quite happy buying HP printers. For some reason their new bottom line laser printers does not support Linux officially. HP have for some years been the manufacture to support Linux best, why stop now? And why do HP only ships a toner cassette with 50% of toner compared to a replacement cassette.

Monday, January 28, 2008

Nokia acquires Trolltech

As all of you may already be aware of, Nokia want to acquire Trolltech. The Norwegian company Trolltech are behind Qt-toolkit, which is used for KDE, and the mobile platform Qtopia.

My big question is what this will mean for Linux on mobile phones? Will Nokia start shipping Linux-phones? Is this a response to Googles Android-platform?

Nokias Internet-tablets N770, N800, and N810 uses Gtk/Gnome as their toolkit. Will Nokia continue to be involved in Gnome? What will this mean for the Maemo community, which is the platform for the tablets?

A lot of questions, and only time can tell the answers.

Tuesday, January 22, 2008

Three PostgreSQL books

I have for a long time been in the MySQL camp when it is about Open Source databases. It may depend on several different reasons, such as I am a Swede, it filled my needs etc. Of course, I have been using PostgreSQL at different occasions but not much.

This fall we started a project at work were we use GIS-data (geographic-data). MySQL only support a flat surface and can only do geometric queries using boxes, not arbitrary surfaces. That was not good enough for us. We took a look at PostgreSQL and its addition PostGIS. This was exactly what we needed.

Today I stumbled up on a three volume(1, 2, 3) reference guide of Postgres which is a nice complement to Postgres already terrific documentation. Best of all, take a look at the bottom of the pages with the Postgres books and you will find an online version of them.

Thursday, January 17, 2008

Securing passwords

I have now walked throw all sites where I had the same password and changed them to individual passwords. Yes I know I had been a bad boy using the same password on several places. At the same time I changed password for some systems where the password was pretty old.

To remember my passwords I use Revelation and the complementary Revelation Gnome Taskbar app to make it easy to get a password when I need it. What I miss with Revelation is a Java application for my mobile phone which I can sync my passwords to from my Ubuntu laptop.

Friday, January 11, 2008

Kerberos and LDAP over the web

I have for several years had a kerberos/ldap Single-Sign-On (SSO) solution active on my home computer network. One part that had not been integrated is my Apache httpd web-server. I started to take a look on activate this at Christmas. It was easy to get Kerberos working for the webserver on my Ubuntu server.

This assumes you have ssl working on your web-server for the area you want to password protect.

Install the libapache2-mod-auth-kerb from Universe.
Activate the module with the command:
sudo a2enmod auth_kerb

Add the following to the directory configuration in apache you want to protect using kerberos.

AuthName "Realm"
AuthType Kerberos
KrbAuthRealms MYREALM
Krb5Keytab /etc/apache2/http.keytab
Require principal@MYREALM
KrbServiceName HTTP/www.MYDOMAIN.org
Require valid-user

Change MYREALM and MYDOMAIN to values that fits you.

Connect to the kerberos admin server and create a new principal and a keytab including this principal. If you use MIT Kerberos, do like this. Start kadmin and then:
ank -randkey HTTP/www.MYDOMAIN.org
xst -k /etc/apache2/http.keytab
q

Verify that only www-data has read-access to the keytab-file /etc/apache2/http.keytab.

Restart Apache and you are up and running.

The problem now is that you may want to restrict that only people in certain groups have access to certain pages or directories. What we want here is to use the groups in LDAP. I have unfortunately not entered finish there yet. So my interim solution, that I did today, is to use apache own group-files.

Ad the following to lines after the other Apache config lines above:

AuthGroupFile /etc/webgroup
Require group private

Restart Apache again.

Add in /etc/webgroup one line for each group you want to create. Start with group name colon (:) space separated principals for the users that are members of your group. For instance:
private: bob@MYREALM ed@MYREALM

Thats it! So whats then the problem with LDAP instead of Apaches group files? I must in some way rewrite the realm to the users used in LDAP within either Apache config or within LDAP. I do not know how to do that at the moment in a good way. That's another nice problem to solve another day.