<link>http://people.skolelinux.org/pere/blog/</link>
+ <item>
+ <title>Public Trusted Timestamping services for everyone</title>
+ <link>http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</guid>
+ <pubDate>Tue, 25 Mar 2014 12:50:00 +0100</pubDate>
+ <description><p>Did you ever need to store logs or other files in a way that would
+allow it to be used as evidence in court, and needed a way to
+demonstrate without reasonable doubt that the file had not been
+changed since it was created? Or, did you ever need to document that
+a given document was received at some point in time, like some
+archived document or the answer to an exam, and not changed after it
+was received? The problem in these settings is to remove the need to
+trust yourself and your computers, while still being able to prove
+that a file is the same as it was at some given time in the past.</p>
+
+<p>A solution to these problems is to have a trusted third party
+"stamp" the document and verify that at some given time the document
+looked a given way. Such
+<a href="https://en.wikipedia.org/wiki/Notarius">notarius</a> service
+have been around for thousands of years, and its digital equivalent is
+called a
+<a href="http://en.wikipedia.org/wiki/Trusted_timestamping">trusted
+timestamping service</a>. <a href="http://www.ietf.org/">The Internet
+Engineering Task Force</a> standardised how such service could work a
+few years ago as <a href="http://tools.ietf.org/html/rfc3161">RFC
+3161</a>. The mechanism is simple. Create a hash of the file in
+question, send it to a trusted third party which add a time stamp to
+the hash and sign the result with its private key, and send back the
+signed hash + timestamp. Both email, FTP and HTTP can be used to
+request such signature, depending on what is provided by the service
+used. Anyone with the document and the signature can then verify that
+the document matches the signature by creating their own hash and
+checking the signature using the trusted third party public key.
+There are several commercial services around providing such
+timestamping. A quick search for
+"<a href="https://duckduckgo.com/?q=rfc+3161+service">rfc 3161
+service</a>" pointed me to at least
+<a href="https://www.digistamp.com/technical/how-a-digital-time-stamp-works/">DigiStamp</a>,
+<a href="http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx">Quo
+Vadis</a>,
+<a href="https://www.globalsign.com/timestamp-service/">Global Sign</a>
+and <a href="http://www.globaltrustfinder.com/TSADefault.aspx">Global
+Trust Finder</a>. The system work as long as the private key of the
+trusted third party is not compromised.</p>
+
+<p>But as far as I can tell, there are very few public trusted
+timestamp services available for everyone. I've been looking for one
+for a while now. But yesterday I found one over at
+<a href="https://www.pki.dfn.de/zeitstempeldienst/">Deutches
+Forschungsnetz</a> mentioned in
+<a href="http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/">a
+blog by David Müller</a>. I then found
+<a href="http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html">a
+good recipe on how to use the service</a> over at the University of
+Greifswald.</p>
+
+<p><a href="http://www.openssl.org/">The OpenSSL library</a> contain
+both server and tools to use and set up your own signing service. See
+the ts(1SSL), tsget(1SSL) manual pages for more details. The
+following shell script demonstrate how to extract a signed timestamp
+for any file on the disk in a Debian environment:</p>
+
+<p><blockquote><pre>
+#!/bin/sh
+set -e
+url="http://zeitstempel.dfn.de"
+caurl="https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt"
+reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
+resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
+cafile=chain.txt
+if [ ! -f $cafile ] ; then
+ wget -O $cafile "$caurl"
+fi
+openssl ts -query -data "$1" -cert | tee "$reqfile" \
+ | /usr/lib/ssl/misc/tsget -h "$url" -o "$resfile"
+openssl ts -reply -in "$resfile" -text 1>&2
+openssl ts -verify -data "$1" -in "$resfile" -CAfile "$cafile" 1>&2
+base64 < "$resfile"
+rm "$reqfile" "$resfile"
+</pre></blockquote></p>
+
+<p>The argument to the script is the file to timestamp, and the output
+is a base64 encoded version of the signature to STDOUT and details
+about the signature to STDERR. Note that due to
+<a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553">a bug
+in the tsget script</a>, you might need to modify the included script
+and remove the last line. Or just write your own HTTP uploader using
+curl. :) Now you too can prove and verify that files have not been
+changed.</p>
+
+<p>But the Internet need more public trusted timestamp services.
+Perhaps something for <a href="http://www.uninett.no/">Uninett</a> or
+my work place the <a href="http://www.uio.no/">University of Oslo</a>
+to set up?</p>
+</description>
+ </item>
+
+ <item>
+ <title>Video DVD reader library / python-dvdvideo - nice free software</title>
+ <link>http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</guid>
+ <pubDate>Fri, 21 Mar 2014 15:25:00 +0100</pubDate>
+ <description><p>Keeping your DVD collection safe from scratches and curious
+children fingers while still having it available when you want to see a
+movie is not straight forward. My preferred method at the moment is
+to store a full copy of the ISO on a hard drive, and use VLC, Popcorn
+Hour or other useful players to view the resulting file. This way the
+subtitles and bonus material are still available and using the ISO is
+just like inserting the original DVD record in the DVD player.</p>
+
+<p>Earlier I used dd for taking security copies, but it do not handle
+DVDs giving read errors (which are quite a few of them). I've also
+tried using
+<a href="http://people.skolelinux.org/pere/blog/Ripping_problematic_DVDs_using_dvdbackup_and_genisoimage.html">dvdbackup
+and genisoimage</a>, but these days I use the marvellous python library
+and program
+<a href="http://bblank.thinkmo.de/blog/new-software-python-dvdvideo">python-dvdvideo</a>
+written by Bastian Blank. It is
+<a href="http://packages.qa.debian.org/p/python-dvdvideo.html">in Debian
+already</a> and the binary package name is python3-dvdvideo. Instead
+of trying to read every block from the DVD, it parses the file
+structure and figure out which block on the DVD is actually in used,
+and only read those blocks from the DVD. This work surprisingly well,
+and I have been able to almost backup my entire DVD collection using
+this method.</p> So far, python-dvdvideo have failed on between 10 and
+20 DVDs, which is a small fraction of my collection. The most common
+problem is
+<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720831">DVDs
+using UTF-16 instead of UTF-8 characters</a>, which according to
+Bastian is against the DVD specification (and seem to cause some
+players to fail too). A rarer problem is what seem to be inconsistent
+DVD structures, as the python library
+<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723079">claim
+there is a overlap between objects</a>. An equally rare problem claim
+<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741878">some
+value is out of range</a>. No idea what is going on there. I wish I
+knew enough about the DVD format to fix these, to ensure my movie
+collection will stay with me in the future.</p>
+
+<p>So, if you need to keep your DVDs safe, back them up using
+python-dvdvideo. :)</p>
+</description>
+ </item>
+
+ <item>
+ <title>Norsk utgave av Alaveteli / WhatDoTheyKnow på trappene</title>
+ <link>http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html</guid>
+ <pubDate>Sun, 16 Mar 2014 09:30:00 +0100</pubDate>
+ <description><p>Det offentlige Norge har mye kunnskap og informasjon. Men hvordan
+kan en få tilgang til den på en enkel måte? Takket være et lite
+knippe lover og tilhørende forskrifter, blant annet
+<a href="http://lovdata.no/dokument/NL/lov/2006-05-19-16">offentlighetsloven</a>,
+<a href="http://lovdata.no/dokument/NL/lov/2003-05-09-31">miljøinformasjonsloven</a>
+og
+<a href="http://lovdata.no/dokument/NL/lov/1967-02-10/">forvaltningsloven</a>
+har en rett til å spørre det offentlige og få svar. Men det finnes
+intet offentlig arkiv over hva andre har spurt om, og dermed risikerer en
+å måtte forstyrre myndighetene gang på gang for å få tak i samme
+informasjonen på nytt. <a href="http://www.mysociety.org/">Britiske
+mySociety</a> har laget tjenesten
+<a href="http://www.whatdotheyknow.com/">WhatDoTheyKnow</a> som gjør
+noe med dette. I Storbritannia blir WhatdoTheyKnow brukt i
+<a href="http://www.mysociety.org/2011/07/01/whatdotheyknows-share-of-central-government-foi-requests-q2-2011/">ca
+15% av alle innsynsforespørsler mot sentraladministrasjonen</a>.
+Prosjektet heter <a href="http://www.alaveteli.org/">Alaveteli</A>, og
+er takk i bruk en rekke steder etter at løsningen ble generalisert og
+gjort mulig å oversette. Den hjelper borgerne med å be om innsyn,
+rådgir ved purringer og klager og lar alle se hvilke henvendelser som
+er sendt til det offentlige og hvilke svar som er kommet inn, i et
+søkpart arkiv. Her i Norge holder vi i foreningen NUUG på å få opp en
+norsk utgave av Alaveteli, og her trenger vi din hjelp med
+oversettelsen.</p>
+
+<p>Så langt er 76 % av Alaveteli oversatt til norsk bokmål, men vi
+skulle gjerne vært oppe i 100 % før lansering. Oversettelsen gjøres
+på <a href="https://www.transifex.com/projects/p/alaveteli/">Transifex,
+der enhver som registrerer seg</a> og ber om tilgang til
+bokmålsoversettelsen får bidra. Vi har satt opp en test av tjenesten
+(som ikke sender epost til det offentlige, kun til oss som holder på å
+sette opp tjenesten) på maskinen
+<a href="http://alaveteli-dev.nuug.no/">alaveteli-dev.nuug.no</a>, der
+en kan se hvordan de oversatte meldingen blir seende ut på nettsiden.
+Når tjenesten lanseres vil den hete
+<a href="https://www.mimesbrønn.no/">Mimes brønn</a>, etter
+visdomskilden som Odin måtte gi øyet sitt for å få drikke i. Den
+nettsiden er er ennå ikke klar til bruk.</p>
+
+<p>Hvis noen vil oversette til nynorsk også, så skal vi finne ut
+hvordan vi lager en flerspråklig tjeneste. Men i første omgang er
+fokus på bokmålsoversettelsen, der vi selv har nok peiling til å ha
+fått oversatt 76%, men trenger hjelp for å komme helt i mål. :)</p>
+</description>
+ </item>
+
<item>
<title>Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine</title>
<link>http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html</link>
<guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html</guid>
<pubDate>Fri, 14 Mar 2014 11:00:00 +0100</pubDate>
<description><p>The <a href="https://wiki.debian.org/FreedomBox">Freedombox
-project</a> is working on to providing the software and hardware for
+project</a> is working on providing the software and hardware for
making it easy for non-technical people to host their data and
communication at home, and being able to communicate with their
friends and family encrypted and away from prying eyes. It has been
going on for a while, and is slowly progressing towards a new test
-release (0.2). And what day could be better than the Pi day to
-announce that the new version will provide "hard drive"/SD card/USB
-stick images for Dreamplug, Raspberry Pi and VirtualBox (or any other
-virtualization system), and can also be installed using a Debian
-installer preseed file. The Debian based Freedombox is now based on
-Debian Jessie, where most of the needed packages used are already
-present. Only one, the freedombox-setup package, is missing. To try
-to build your own boot image to test the current status, fetch the
-freedom-maker scripts and build using
+release (0.2).</p>
+
+<p>And what day could be better than the Pi day to announce that the
+new version will provide "hard drive" / SD card / USB stick images for
+Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization
+system), and can also be installed using a Debian installer preseed
+file. The Debian based Freedombox is now based on Debian Jessie,
+where most of the needed packages used are already present. Only one,
+the freedombox-setup package, is missing. To try to build your own
+boot image to test the current status, fetch the freedom-maker scripts
+and build using
<a href="http://packages.qa.debian.org/vmdebootstrap">vmdebootstrap</a>
with a user with sudo access to become root:
projects / homepage.git / blobdiff