+ <div class="entry">
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html">Always download Debian packages using Tor - the simple recipe</a></div>
+ <div class="date">15th January 2016</div>
+ <div class="body"><p>During his DebConf15 keynote, Jacob Applebaum
+<a href="https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/">observed
+that those listening on the Internet lines would have good reason to
+believe a computer have a given security hole</a> if it download a
+security fix from a Debian mirror. This is a good reason to always
+use encrypted connections to the Debian mirror, to make sure those
+listening do not know which IP address to attack. In August, Richard
+Hartmann observed that encryption was not enough, when it was possible
+to interfere download size to security patches or the fact that
+download took place shortly after a security fix was released, and
+<a href="http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/">proposed
+to always use Tor to download packages from the Debian mirror</a>. He
+was not the first to propose this, as the <tt>apt-transport-tor</tt>
+package by Tim Retout already existed to make it easy to convince apt
+to use <a href="https://www.torproject.org/">Tor</a>, but I was not
+aware of that package when I read the blog post from Richard.</p>
+
+<p>Richard discussed the idea with Peter Palfrader, one of the Debian
+sysadmins, and he set up a Tor hidden service on one of the central
+Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
+it possible to download packages directly between two tor nodes,
+making sure the network traffic always were encrypted.</p>
+
+<p>Here is a short recipe for enabling this on your machine, by
+installing <tt>apt-transport-tor</tt> and replacing http and https
+urls with tor+http and https, and using the hidden service instead of
+the official Debian mirror site. I recommend installing
+<tt>etckeeper</tt> before you start to have a history of the changes
+done in /etc/.</p>
+
+<blockquote><pre>
+apt install apt-transport-tor
+sed -i 's% http://ftp.debian.org/%tor+http://vwakviie2ienjx6t.onion/%' /etc/apt/sources.list
+sed -i 's% http% tor+http%' /etc/apt/sources.list
+</pre></blockquote>
+
+<p>If you have more sources listed in /etc/apt/sources.list.d/, run
+the sed commands for these too. The sed command is assuming your are
+using the ftp.debian.org Debian mirror. Adjust the command (or just
+edit the file manually) to match your mirror.</p>
+
+<p>This work in Debian Jessie and later. Note that tools like
+<tt>apt-file</tt> only recently started using the apt transport
+system, and do not work with these tor+http URLs. For
+<tt>apt-file</tt> you need the version currently in experimental,
+which need a recent apt version currently only in unstable. So if you
+need a working <tt>apt-file</tt>, this is not for you.</p>
+
+<p>Another advantage from this change is that your machine will start
+using Tor regularly and at fairly random intervals (every time you
+update the package lists or upgrade or install a new package), thus
+masking other Tor traffic done from the same machine. Using Tor will
+become normal for the machine in question.</p>
+
+<p>On <a href="https://wiki.debian.org/FreedomBox">Freedombox</a>, APT
+is set up by default to use <tt>apt-transport-tor</tt> when Tor is
+enabled. It would be great if it was the default on any Debian
+system.</p>
+</div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
<div class="entry">
<div class="title"><a href="http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html">Nedlasting fra NRK, som Matroska med undertekster</a></div>
<div class="date"> 2nd January 2016</div>
</div>
<div class="padding"></div>
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Is_Pentagon_deciding_the_Norwegian_negotiating_position_on_Internet_governance_.html">Is Pentagon deciding the Norwegian negotiating position on Internet governance?</a></div>
- <div class="date"> 3rd November 2015</div>
- <div class="body"><p>In Norway, all government offices are required by law to keep a
-list of every document or letter arriving and leaving their offices.
-Internal notes should also be documented. The document list (called a mail
-journal - "postjournal" in Norwegian) is public information and thanks
-to the Norwegian Freedom of Information Act (Offentleglova) the mail
-journal is available for everyone. Most offices even publish the mail
-journal on their web pages, as PDFs or tables in web pages. The state-level offices even have a shared web based search service (called
-<a href="https://www.oep.no/">Offentlig Elektronisk Postjournal -
-OEP</a>) to make it possible to search the entries in the list. Not
-all journal entries show up on OEP, and the search service is hard to
-use, but OEP does make it easier to find at least some interesting
-journal entries .</p>
-
-<p>In 2012 I came across a document in the mail journal for the
-Norwegian Ministry of Transport and Communications on OEP that
-piqued my interest. The title of the document was
-"<a href="https://www.oep.no/search/resultSingle.html?journalPostId=4192362">Internet
-Governance and how it affects national security</a>" (Norwegian:
-"Internet Governance og påvirkning på nasjonal sikkerhet"). The
-document date was 2012-05-22, and it was said to be sent from the
-"Permanent Mission of Norway to the United Nations". I asked for a
-copy, but my request was rejected with a reference to a legal clause said to authorize them to reject it
-(<a href="http://lovdata.no/lov/2006-05-19-16/§20">offentleglova § 20,
-letter c</a>) and an explanation that the document was exempt because
-of foreign policy interests as it contained information related to the
-Norwegian negotiating position, negotiating strategies or similar. I
-was told the information in the document related to the ongoing
-negotiation in the International Telecommunications Union (ITU). The
-explanation made sense to me in early January 2013, as a ITU
-conference in Dubay discussing Internet Governance
-(<a href="https://en.wikipedia.org/wiki/International_Telecommunication_Union#World_Conference_on_International_Telecommunications_2012_.28WCIT-12.29">World
-Conference on International Telecommunications - WCIT-12</a>) had just
-ended,
-<a href="http://www.digi.no/kommentarer/2012/12/18/tvil-om-usas-rolle-pa-teletoppmote">reportedly
-in chaos</a> when USA walked out of the negotiations and 25 countries
-including Norway refused to sign the new treaty. It seemed
-reasonable to believe talks were still going on a few weeks later.
-Norway was represented at the ITU meeting by two authorities, the
-<a href="http://www.nkom.no/">Norwegian Communications Authority</a>
-and the <a href="https://www.regjeringen.no/no/dep/sd/">Ministry of
-Transport and Communications</a>. This might be the reason the letter
-was sent to the ministry. As I was unable to find the document in the
-mail journal of any Norwegian UN mission, I asked the ministry who had
-sent the document to the ministry, and was told that it was the Deputy
-Permanent Representative with the Permanent Mission of Norway in
-Geneva.</p>
-
-<p>Three years later, I was still curious about the content of that
-document, and again asked for a copy, believing the negotiation was
-over now. This time
-<a href="https://mimesbronn.no/request/kopi_av_dokumenter_i_sak_2012914">I
-asked both the Ministry of Transport and Communications as the
-receiver</a> and
-<a href="https://mimesbronn.no/request/brev_om_internet_governance_og_p">asked
-the Permanent Mission of Norway in Geneva as the sender</a> for a
-copy, to see if they both agreed that it should be withheld from the
-public. The ministry upheld its rejection quoting the same law
-reference as before, while the permanent mission rejected it quoting a
-different clause
-(<a href="http://lovdata.no/lov/2006-05-19-16/§20">offentleglova § 20
-letter b</a>), claiming that they were required to keep the
-content of the document from the public because it contained
-information given to Norway with the expressed or implied expectation
-that the information should not be made public. I asked the permanent
-mission for an explanation, and was told that the document contained
-an account from a meeting held in the Pentagon for a limited group of NATO
-nations where the organiser of the meeting did not intend the content
-of the meeting to be publicly known. They explained that giving me a
-copy might cause Norway to not get access to similar information in
-the future and thus hurt the future foreign interests of Norway. They
-also explained that the Permanent Mission of Norway in Geneva was not
-the author of the document, they only got a copy of it, and because of
-this had not listed it in their mail journal.</p>
-
-<p>Armed with this
-knowledge I asked the Ministry to reconsider and asked who was the
-author of the document, now realising that it was not same as the
-"sender" according to Ministry of Transport and Communications. The
-ministry upheld its rejection but told me the name of the author of
-the document. According to
-<a href="https://www.regjeringen.no/no/aktuelt/unga69_rapport1/id2001204/">a
-government report</a> the author was with the Permanent Mission of
-Norway in New York a bit more than a year later (2014-09-22), so I
-guessed that might be the office responsible for writing and sending
-the report initially and
-<a href="https://www.mimesbronn.no/request/mote_2012_i_pentagon_om_itu">asked
-them for a copy</a> but I was obviously wrong as I was told that the
-document was unknown to them and that the author did not work there
-when the document was written. Next, I asked the Permanent Mission of
-Norway in Geneva and the Foreign Ministry to reconsider and at least
-tell me who sent the document to Deputy Permanent Representative with
-the Permanent Mission of Norway in Geneva. The Foreign Ministry also
-upheld its rejection, but told me that the person sending the document
-to Permanent Mission of Norway in Geneva was the defence attaché with
-the Norwegian Embassy in Washington. I do not know if this is the
-same person as the author of the document.</p>
-
-<p>If I understand the situation correctly, someone capable of
-inviting selected NATO nations to a meeting in Pentagon organised a
-meeting where someone representing the Norwegian defence attaché in
-Washington attended, and the account from this meeting is interpreted
-by the Ministry of Transport and Communications to expose Norways
-negotiating position, negotiating strategies and similar regarding the
-ITU negotiations on Internet Governance. It is truly amazing what can
-be derived from mere meta-data.</p>
-
-<p>I wonder which NATO countries besides Norway attended this meeting?
-And what exactly was said and done at the meeting? Anyone know?</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
<p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14" /></a></p>
<div id="sidebar">
<li>2016
<ul>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/01/">January (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/01/">January (2)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (116)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (117)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (154)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (298)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (299)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (44)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (45)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
projects / homepage.git / blobdiff