<link>http://people.skolelinux.org/pere/blog/</link>
<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Retten til kontant betaling er en rettighet som må brukes for å beholdes</title>
+ <link>http://people.skolelinux.org/pere/blog/Retten_til_kontant_betaling_er_en_rettighet_som_m__brukes_for___beholdes.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Retten_til_kontant_betaling_er_en_rettighet_som_m__brukes_for___beholdes.html</guid>
+ <pubDate>Tue, 11 Dec 2018 10:00:00 +0100</pubDate>
+ <description><p><a href="https://www.fn.no/Om-FN/Avtaler/Menneskerettigheter/FNs-verdenserklaering-om-menneskerettigheter">FNs
+menneskerettighetserklæring</a> artikkel 13 første punkt lyder som
+følger:</p>
+
+<p><blockquote>
+Enhver har rett til å bevege seg fritt og til fritt å velge
+oppholdssted innenfor en stats grenser.
+</blockquote></p>
+
+<p>Det er altså en menneskerett å kunne bevege seg fritt i landet.
+For å bevege seg fritt i landet, så må en kunne bevege seg uten å bli
+sporet. Det vil i dagens samfunn innebære å bevege seg uten å legge
+igjen digitale spor og uten å være radiomerket. Hvis en vet at ens
+bevegelser, hvor en befinner seg når, og hvem som befinner seg i
+nærheten, blir samlet inn og gjort tilgjengelig for fremmede, det være
+seg myndighetene eller private organisasjoner, så kan en ikke lenger
+bevege seg fritt. Dette gjør at det er en forutsetning for å ha glede
+av retten til å bevege seg fritt i landet at en motstår fristelsen til
+å legge igjen digitale spor når en betaler for seg. Rettigheter som
+ikke blir brukt, blit fjernet. Den eneste måten i dag å unngå å legge
+igjen digitale spor når en betaler for seg, er å betale med kontanter,
+samt takke nei til å legge igjen navn og adresse (slik f.eks. Elkjøp
+ber om &mdash; jeg sier de kan legge inn 'anonym anonym' når
+datasystemet deres trenger et navn). Personlig anbefaler jeg å
+konsekvent bruke kontant betaling når man beveger seg rundt, for å
+bidra til forsvaret av menneskerettighetene i Norge. Kanskje noe også
+for deg? Merk at det ikke er tilstrekkelig for å unngå sporing å
+betale med kontanter, men det er et lite steg i riktig retning.</p>
+
+<p>Det er flere andre argumenter i tillegg til
+menneskerettighetsargumentet for å bruke kontanter. I går hadde
+Dagbladet en utmerket kommentar av sin journalist John Olav Egeland om
+hvilket
+<a href="https://www.dagbladet.no/kultur/kontantlost-diktatur/70543434">kontantløst
+diktatur</a> som venter oss hvis mange nok slutter å insistere på å
+betale med kontanter. Jeg anbefaler deg å lese den.</p>
+
+<p>Som vanlig, hvis du bruker Bitcoin og ønsker å vise din støtte til
+det jeg driver med, setter jeg pris på om du sender Bitcoin-donasjoner
+til min adresse
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.
+Merk, betaling med bitcoin er ikke anonymt. :)</p>
+</description>
+ </item>
+
+ <item>
+ <title>Why is your site not using Content Security Policy / CSP?</title>
+ <link>http://people.skolelinux.org/pere/blog/Why_is_your_site_not_using_Content_Security_Policy___CSP_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Why_is_your_site_not_using_Content_Security_Policy___CSP_.html</guid>
+ <pubDate>Sun, 9 Dec 2018 15:00:00 +0100</pubDate>
+ <description><p>Yesterday, I had the pleasure of watching on Frikanalen the OWASP
+talk by Scott Helme titled
+"<a href="https://frikanalen.no/video/626080/">What We’ve Learned From
+Billions of Security Reports</a>". I had not heard of the
+<a href="https://en.wikipedia.org/wiki/Content_Security_Policy">Content
+Security Policy standard</a> nor its ability to "call home" when a
+browser detect a policy breach (I do not follow web page design
+development much these days), and found the talk very illuminating.</p>
+
+<p>The mechanism allow a web site owner to use HTTP headers to tell
+visitors web browser which sources (internal and external) are allowed to
+be used on the web site. Thus it become possible to enforce a "only
+local content" policy despite web designers urge to fetch programs
+from random sites on the Internet, like the one
+<a href="https://securityaffairs.co/wordpress/68966/hacking/browsealoud-plugin-hack.html">enabling
+the attack</a> reported by Scott Helme earlier this year.</p>
+
+<p>Using CSP seem like an obvious thing for a site admin to implement
+to take some control over the information leak that occur when
+external sources are used to render web pages, it is a mystery more
+sites are not using CSP? It is being
+<a href="https://www.w3.org/TR/CSP/">standardized under W3C</a> these
+days, and is supposed by most web browsers</p>
+
+<p>I managed to find <a href="https://github.com/mozilla/django-csp">a
+Django middleware for implementing CSP</a> and was happy to discover
+it was already in Debian. I plan to use it to add CSP support to the
+Frikanalen web site soon.</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+</description>
+ </item>
+
<item>
<title>New and improved Frikanalen Kodi addon version 0.0.3</title>
<link>http://people.skolelinux.org/pere/blog/New_and_improved_Frikanalen_Kodi_addon_version_0_0_3.html</link>
to the CasparCG server when it is time to start a new program.</p>
<p>By now, you are probably wondering what kind of content is being
-played on the video. These days, it is filled with technical
+played on the channel. These days, it is filled with technical
presentations like those from <a href="https://www.nuug.no/">NUUG</a>,
<a href="https://www.debconf.org/">Debconf</a>, Makercon, and TED,
but there are also some periods with
implemented a trading API. It might be the topic of a future blog
post.</p>
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</description>
- </item>
-
- <item>
- <title>VLC in Debian now can do bittorrent streaming</title>
- <link>http://people.skolelinux.org/pere/blog/VLC_in_Debian_now_can_do_bittorrent_streaming.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/VLC_in_Debian_now_can_do_bittorrent_streaming.html</guid>
- <pubDate>Mon, 24 Sep 2018 21:20:00 +0200</pubDate>
- <description><p>Back in February, I got curious to see
-<a href="http://people.skolelinux.org/pere/blog/Using_VLC_to_stream_bittorrent_sources.html">if
-VLC now supported Bittorrent streaming</a>. It did not, despite the
-fact that the idea and code to handle such streaming had been floating
-around for years. I did however find
-<a href="https://github.com/johang/vlc-bittorrent">a standalone plugin
-for VLC</a> to do it, and half a year later I decided to wrap up the
-plugin and get it into Debian. I uploaded it to NEW a few days ago,
-and am very happy to report that it
-<a href="https://tracker.debian.org/pkg/vlc-plugin-bittorrent">entered
-Debian</a> a few hours ago, and should be available in Debian/Unstable
-tomorrow, and Debian/Testing in a few days.</p>
-
-<p>With the vlc-plugin-bittorrent package installed you should be able
-to stream videos using a simple call to</p>
-
-<p><blockquote><pre>
-vlc https://archive.org/download/TheGoat/TheGoat_archive.torrent
-</pre></blockquote></p>
-
-</p>It can handle magnet links too. Now if only native vlc had
-bittorrent support. Then a lot more would be helping each other to
-share public domain and creative commons movies. The plugin need some
-stability work with seeking and picking the right file in a torrent
-with many files, but is already usable. Please note that the plugin
-is not removing downloaded files when vlc is stopped, so it can fill
-up your disk if you are not careful. Have fun. :)</p>
-
-<p>I would love to get help maintaining this package. Get in touch if
-you are interested.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</description>
- </item>
-
- <item>
- <title>Using the Kodi API to play Youtube videos</title>
- <link>http://people.skolelinux.org/pere/blog/Using_the_Kodi_API_to_play_Youtube_videos.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Using_the_Kodi_API_to_play_Youtube_videos.html</guid>
- <pubDate>Sun, 2 Sep 2018 23:40:00 +0200</pubDate>
- <description><p>I continue to explore my Kodi installation, and today I wanted to
-tell it to play a youtube URL I received in a chat, without having to
-insert search terms using the on-screen keyboard. After searching the
-web for API access to the Youtube plugin and testing a bit, I managed
-to find a recipe that worked. If you got a kodi instance with its API
-available from http://kodihost/jsonrpc, you can try the following to
-have check out a nice cover band.</p>
-
-<p><blockquote><pre>curl --silent --header 'Content-Type: application/json' \
- --data-binary '{ "id": 1, "jsonrpc": "2.0", "method": "Player.Open",
- "params": {"item": { "file":
- "plugin://plugin.video.youtube/play/?video_id=LuRGVM9O0qg" } } }' \
- http://projector.local/jsonrpc</pre></blockquote></p>
-
-<p>I've extended kodi-stream program to take a video source as its
-first argument. It can now handle direct video links, youtube links
-and 'desktop' to stream my desktop to Kodi. It is almost like a
-Chromecast. :)</p>
-
<p>As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
projects / homepage.git / blobdiff