+ <div class="entry">
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_now_with_ZFS_on_Linux_included.html">Debian now with ZFS on Linux included</a></div>
+ <div class="date">12th May 2016</div>
+ <div class="body"><p>Today, after many years of hard work from many people,
+<a href="http://zfsonlinux.org/">ZFS for Linux</a> finally entered
+Debian. The package status can be seen on
+<a href="https://tracker.debian.org/pkg/zfs-linux">the package tracker
+for zfs-linux</a>. and
+<a href="https://qa.debian.org/developer.php?login=pkg-zfsonlinux-devel@lists.alioth.debian.org">the
+team status page</a>. If you want to help out, please join us.
+<a href="http://anonscm.debian.org/gitweb/?p=pkg-zfsonlinux/zfs.git">The
+source code</a> is available via git on Alioth. It would also be
+great if you could help out with
+<a href="https://tracker.debian.org/pkg/dkms">the dkms package</a>, as
+it is an important piece of the puzzle to get ZFS working.</p>
+</div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
<div class="entry">
<div class="title"><a href="http://people.skolelinux.org/pere/blog/What_is_the_best_multimedia_player_in_Debian_.html">What is the best multimedia player in Debian?</a></div>
<div class="date"> 8th May 2016</div>
</div>
<div class="padding"></div>
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/syslog_trusted_timestamp___chain_of_trusted_timestamps_for_your_syslog.html">syslog-trusted-timestamp - chain of trusted timestamps for your syslog</a></div>
- <div class="date"> 2nd April 2016</div>
- <div class="body"><p>Two years ago, I had
-<a href="http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html">a
-look at trusted timestamping options available</a>, and among
-other things noted a still open
-<a href="https://bugs.debian.org/742553">bug in the tsget script</a>
-included in openssl that made it harder than necessary to use openssl
-as a trusted timestamping client. A few days ago I was told
-<a href="https:/www.difi.no/">the Norwegian government office DIFI</a> is
-close to releasing their own trusted timestamp service, and in the
-process I was happy to learn about a replacement for the tsget script
-using only curl:</p>
-
-<p><pre>
-openssl ts -query -data "/etc/shells" -cert -sha256 -no_nonce \
- | curl -s -H "Content-Type: application/timestamp-query" \
- --data-binary "@-" http://zeitstempel.dfn.de > etc-shells.tsr
-openssl ts -reply -text -in etc-shells.tsr
-</pre></p>
-
-<p>This produces a binary timestamp file (etc-shells.tsr) which can be
-used to verify that the content of the file /etc/shell with the
-calculated sha256 hash existed at the point in time when the request
-was made. The last command extract the content of the etc-shells.tsr
-in human readable form. The idea behind such timestamp is to be able
-to prove using cryptography that the content of a file have not
-changed since the file was stamped.</p>
-
-<p>To verify that the file on disk match the public key signature in
-the timestamp file, run the following commands. It make sure you have
-the required certificate for the trusted timestamp service available
-and use it to compare the file content with the timestamp. In
-production, one should of course use a better method to verify the
-service certificate.</p>
-
-<p><pre>
-wget -O ca-cert.txt https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
-openssl ts -verify -data /etc/shells -in etc-shells.tsr -CAfile ca-cert.txt -text
-</pre></p>
-
-<p>Wikipedia have a lot more information about
-<a href="https://en.wikipedia.org/wiki/Trusted_timestamping">trusted
-Timestamping</a> and
-<a href="https://en.wikipedia.org/wiki/Linked_timestamping">linked
-timestamping</a>, and there are several trusted timestamping services
-around, both as commercial services and as free and public services.
-Among the latter is
-<a href="https://www.pki.dfn.de/zeitstempeldienst/">the
-zeitstempel.dfn.de service</a> mentioned above and
-<a href="https://freetsa.org/">freetsa.org service</a> linked to from the
-wikipedia web site. I believe the DIFI service should show up on
-https://tsa.difi.no, but it is not available to the public at the
-moment. I hope this will change when it is into production. The
-<a href="https://tools.ietf.org/html/rfc3161">RFC 3161</a> trusted
-timestamping protocol standard is even implemented in LibreOffice,
-Microsoft Office and Adobe Acrobat, making it possible to verify when
-a document was created.</p>
-
-<p>I would find it useful to be able to use such trusted timestamp
-service to make it possible to verify that my stored syslog files have
-not been tampered with. This is not a new idea. I found one example
-implemented on the Endian network appliances where
-<a href="http://help.endian.com/entries/21518508-Enabling-Timestamping-on-log-files-">the
-configuration of such feature was described in 2012</a>.</p>
-
-<p>But I could not find any free implementation of such feature when I
-searched, so I decided to try to
-<a href="https://github.com/petterreinholdtsen/syslog-trusted-timestamp">build
-a prototype named syslog-trusted-timestamp</a>. My idea is to
-generate a timestamp of the old log files after they are rotated, and
-store the timestamp in the new log file just after rotation. This
-will form a chain that would make it possible to see if any old log
-files are tampered with. But syslog is bad at handling kilobytes of
-binary data, so I decided to base64 encode the timestamp and add an ID
-and line sequence numbers to the base64 data to make it possible to
-reassemble the timestamp file again. To use it, simply run it like
-this:
-
-<p><pre>
-syslog-trusted-timestamp /path/to/list-of-log-files
-</pre></p>
-
-<p>This will send a timestamp from one or more timestamp services (not
-yet decided nor implemented) for each listed file to the syslog using
-logger(1). To verify the timestamp, the same program is used with the
---verify option:</p>
-
-<p><pre>
-syslog-trusted-timestamp --verify /path/to/log-file /path/to/log-with-timestamp
-</pre></p>
-
-<p>The verification step is not yet well designed. The current
-implementation depend on the file path being unique and unchanging,
-and this is not a solid assumption. It also uses process number as
-timestamp ID, and this is bound to create ID collisions. I hope to
-have time to come up with a better way to handle timestamp IDs and
-verification later.</p>
-
-<p>Please check out
-<a href="https://github.com/petterreinholdtsen/syslog-trusted-timestamp">the
-prototype for syslog-trusted-timestamp on github</a> and send
-suggestions and improvement, or let me know if there already exist a
-similar system for timestamping logs already to allow me to join
-forces with others with the same interest.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
<p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14" /></a></p>
<div id="sidebar">
<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/04/">April (8)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/05/">May (2)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/05/">May (3)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (126)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (127)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (156)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (313)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (314)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
projects / homepage.git / blobdiff