- <title>Always download Debian packages using Tor - the simple recipe</title>
- <link>http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</guid>
- <pubDate>Fri, 15 Jan 2016 00:30:00 +0100</pubDate>
- <description><p>During his DebConf15 keynote, Jacob Appelbaum
-<a href="https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/">observed
-that those listening on the Internet lines would have good reason to
-believe a computer have a given security hole</a> if it download a
-security fix from a Debian mirror. This is a good reason to always
-use encrypted connections to the Debian mirror, to make sure those
-listening do not know which IP address to attack. In August, Richard
-Hartmann observed that encryption was not enough, when it was possible
-to interfere download size to security patches or the fact that
-download took place shortly after a security fix was released, and
-<a href="http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/">proposed
-to always use Tor to download packages from the Debian mirror</a>. He
-was not the first to propose this, as the
-<tt><a href="https://tracker.debian.org/pkg/apt-transport-tor">apt-transport-tor</a></tt>
-package by Tim Retout already existed to make it easy to convince apt
-to use <a href="https://www.torproject.org/">Tor</a>, but I was not
-aware of that package when I read the blog post from Richard.</p>
-
-<p>Richard discussed the idea with Peter Palfrader, one of the Debian
-sysadmins, and he set up a Tor hidden service on one of the central
-Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
-it possible to download packages directly between two tor nodes,
-making sure the network traffic always were encrypted.</p>
-
-<p>Here is a short recipe for enabling this on your machine, by
-installing <tt>apt-transport-tor</tt> and replacing http and https
-urls with tor+http and tor+https, and using the hidden service instead
-of the official Debian mirror site. I recommend installing
-<tt>etckeeper</tt> before you start to have a history of the changes
-done in /etc/.</p>
-
-<blockquote><pre>
-apt install apt-transport-tor
-sed -i 's% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%' /etc/apt/sources.list
-sed -i 's% http% tor+http%' /etc/apt/sources.list
-</pre></blockquote>
-
-<p>If you have more sources listed in /etc/apt/sources.list.d/, run
-the sed commands for these too. The sed command is assuming your are
-using the ftp.debian.org Debian mirror. Adjust the command (or just
-edit the file manually) to match your mirror.</p>
-
-<p>This work in Debian Jessie and later. Note that tools like
-<tt>apt-file</tt> only recently started using the apt transport
-system, and do not work with these tor+http URLs. For
-<tt>apt-file</tt> you need the version currently in experimental,
-which need a recent apt version currently only in unstable. So if you
-need a working <tt>apt-file</tt>, this is not for you.</p>
-
-<p>Another advantage from this change is that your machine will start
-using Tor regularly and at fairly random intervals (every time you
-update the package lists or upgrade or install a new package), thus
-masking other Tor traffic done from the same machine. Using Tor will
-become normal for the machine in question.</p>
-
-<p>On <a href="https://wiki.debian.org/FreedomBox">Freedombox</a>, APT
-is set up by default to use <tt>apt-transport-tor</tt> when Tor is
-enabled. It would be great if it was the default on any Debian
-system.</p>
-</description>
- </item>
-
- <item>
- <title>Nedlasting fra NRK, som Matroska med undertekster</title>
- <link>http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html</guid>
- <pubDate>Sat, 2 Jan 2016 13:50:00 +0100</pubDate>
- <description><p>Det kommer stadig nye løsninger for å ta lagre unna innslag fra NRK
-for å se på det senere. For en stund tilbake kom jeg over et script
-nrkopptak laget av Ingvar Hagelund. Han fjernet riktignok sitt script
-etter forespørsel fra Erik Bolstad i NRK, men noen tok heldigvis og
-gjorde det <a href="https://github.com/liangqi/nrkopptak">tilgjengelig
-via github</a>.</p>
-
-<p>Scriptet kan lagre som MPEG4 eller Matroska, og bake inn
-undertekster i fila på et vis som blant annet VLC forstår. For å
-bruke scriptet, kopier ned git-arkivet og kjør</p>
-
-<p><pre>
-nrkopptak/bin/nrk-opptak k <ahref="https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-1/episode-1">https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-1/episode-1</a>
-</pre></p>
-
-<p>URL-eksemplet er dagens toppsak på tv.nrk.no. Argument 'k' ber
-scriptet laste ned og lagre som Matroska. Det finnes en rekke andre
-muligheter for valg av kvalitet og format.</p>
-
-<p>Jeg foretrekker dette scriptet fremfor youtube-dl, som
-<a href="http://people.skolelinux.org/pere/blog/Hvordan_enkelt_laste_ned_filmer_fra_NRK_med_den__nye__l_sningen.html">
-nevnt i 2014 støtter NRK</a> og en rekke andre videokilder, på grunn
-av at nrkopptak samler undertekster og video i en enkelt fil, hvilket
-gjør håndtering enklere på disk.</p>
-</description>
- </item>
-
- <item>
- <title>OpenALPR, find car license plates in video streams - nice free software</title>
- <link>http://people.skolelinux.org/pere/blog/OpenALPR__find_car_license_plates_in_video_streams___nice_free_software.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/OpenALPR__find_car_license_plates_in_video_streams___nice_free_software.html</guid>
- <pubDate>Wed, 23 Dec 2015 01:00:00 +0100</pubDate>
- <description><p>When I was a kid, we used to collect "car numbers", as we used to
-call the car license plate numbers in those days. I would write the
-numbers down in my little book and compare notes with the other kids
-to see how many region codes we had seen and if we had seen some
-exotic or special region codes and numbers. It was a fun game to pass
-time, as we kids have plenty of it.</p>
-
-<p>A few days I came across
-<a href="https://github.com/openalpr/openalpr">the OpenALPR
-project</a>, a free software project to automatically discover and
-report license plates in images and video streams, and provide the
-"car numbers" in a machine readable format. I've been looking for
-such system for a while now, because I believe it is a bad idea that the
-<a href="https://en.wikipedia.org/wiki/Automatic_number_plate_recognition">automatic
-number plate recognition</a> tool only is available in the hands of
-the powerful, and want it to be available also for the powerless to
-even the score when it comes to surveillance and sousveillance. I
-discovered the developer
-<a href="https://bugs.debian.org/747509">wanted to get the tool into
-Debian</a>, and as I too wanted it to be in Debian, I volunteered to
-help him get it into shape to get the package uploaded into the Debian
-archive.</p>
-
-<p>Today we finally managed to get the package into shape and uploaded
-it into Debian, where it currently
-<a href="https://ftp-master.debian.org//new/openalpr_2.2.1-1.html">waits
-in the NEW queue</a> for review by the Debian ftpmasters.</p>
-
-<p>I guess you are wondering why on earth such tool would be useful
-for the common folks, ie those not running a large government
-surveillance system? Well, I plan to put it in a computer on my bike
-and in my car, tracking the cars nearby and allowing me to be notified
-when number plates on my watch list are discovered. Another use case
-was suggested by a friend of mine, who wanted to set it up at his home
-to open the car port automatically when it discovered the plate on his
-car. When I mentioned it perhaps was a bit foolhardy to allow anyone
-capable of placing his license plate number of a piece of cardboard to
-open his car port, men replied that it was always unlocked anyway. I
-guess for such use case it make sense. I am sure there are other use
-cases too, for those with imagination and a vision.</p>
-
-<p>If you want to build your own version of the Debian package, check
-out the upstream git source and symlink ./distros/debian to ./debian/
-before running "debuild" to build the source. Or wait a bit until the
-package show up in unstable.</p>
+ <title>A program should be able to open its own files on Linux</title>
+ <link>http://people.skolelinux.org/pere/blog/A_program_should_be_able_to_open_its_own_files_on_Linux.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_program_should_be_able_to_open_its_own_files_on_Linux.html</guid>
+ <pubDate>Sun, 5 Jun 2016 08:30:00 +0200</pubDate>
+ <description><p>Many years ago, when koffice was fresh and with few users, I
+decided to test its presentation tool when making the slides for a
+talk I was giving for NUUG on Japhar, a free Java virtual machine. I
+wrote the first draft of the slides, saved the result and went to bed
+the day before I would give the talk. The next day I took a plane to
+the location where the meeting should take place, and on the plane I
+started up koffice again to polish the talk a bit, only to discover
+that kpresenter refused to load its own data file. I cursed a bit and
+started making the slides again from memory, to have something to
+present when I arrived. I tested that the saved files could be
+loaded, and the day seemed to be rescued. I continued to polish the
+slides until I suddenly discovered that the saved file could no longer
+be loaded into kpresenter. In the end I had to rewrite the slides
+three times, condensing the content until the talk became shorter and
+shorter. After the talk I was able to pinpoint the problem &ndash;
+kpresenter wrote inline images in a way itself could not understand.
+Eventually that bug was fixed and kpresenter ended up being a great
+program to make slides. The point I'm trying to make is that we
+expect a program to be able to load its own data files, and it is
+embarrassing to its developers if it can't.</p>
+
+<p>Did you ever experience a program failing to load its own data
+files from the desktop file browser? It is not a uncommon problem. A
+while back I discovered that the screencast recorder
+gtk-recordmydesktop would save an Ogg Theora video file the KDE file
+browser would refuse to open. No video player claimed to understand
+such file. I tracked down the cause being <tt>file --mime-type</tt>
+returning the application/ogg MIME type, which no video player I had
+installed listed as a MIME type they would understand. I asked for
+<a href="http://bugs.gw.com/view.php?id=382">file to change its
+behavour</a> and use the MIME type video/ogg instead. I also asked
+several video players to add video/ogg to their desktop files, to give
+the file browser an idea what to do about Ogg Theora files. After a
+while, the desktop file browsers in Debian started to handle the
+output from gtk-recordmydesktop properly.</p>
+
+<p>But history repeats itself. A few days ago I tested the music
+system Rosegarden again, and I discovered that the KDE and xfce file
+browsers did not know what to do with the Rosegarden project files
+(*.rg). I've reported <a href="http://bugs.debian.org/825993">the
+rosegarden problem to BTS</a> and a fix is commited to git and will be
+included in the next upload. To increase the chance of me remembering
+how to fix the problem next time some program fail to load its files
+from the file browser, here are some notes on how to fix it.</p>
+
+<p>The file browsers in Debian in general operates on MIME types.
+There are two sources for the MIME type of a given file. The output from
+<tt>file --mime-type</tt> mentioned above, and the content of the
+shared MIME type registry (under /usr/share/mime/). The file MIME
+type is mapped to programs supporting the MIME type, and this
+information is collected from
+<a href="https://www.freedesktop.org/wiki/Specifications/desktop-entry-spec/">the
+desktop files</a> available in /usr/share/applications/. If there is
+one desktop file claiming support for the MIME type of the file, it is
+activated when asking to open a given file. If there are more, one
+can normally select which one to use by right-clicking on the file and
+selecting the wanted one using 'Open with' or similar. In general
+this work well. But it depend on each program picking a good MIME
+type (preferably
+<a href="http://www.iana.org/assignments/media-types/media-types.xhtml">a
+MIME type registered with IANA</a>), file and/or the shared MIME
+registry recognizing the file and the desktop file to list the MIME
+type in its list of supported MIME types.</p>
+
+<p>The <tt>/usr/share/mime/packages/rosegarden.xml</tt> entry for
+<a href="http://www.freedesktop.org/wiki/Specifications/shared-mime-info-spec">the
+Shared MIME database</a> look like this:</p>
+
+<p><blockquote><pre>
+&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info"&gt;
+ &lt;mime-type type="audio/x-rosegarden"&gt;
+ &lt;sub-class-of type="application/x-gzip"/&gt;
+ &lt;comment&gt;Rosegarden project file&lt;/comment&gt;
+ &lt;glob pattern="*.rg"/&gt;
+ &lt;/mime-type&gt;
+&lt;/mime-info&gt;
+</pre></blockquote></p>
+
+<p>This states that audio/x-rosegarden is a kind of application/x-gzip
+(it is a gzipped XML file). Note, it is much better to use an
+official MIME type registered with IANA than it is to make up ones own
+unofficial ones like the x-rosegarden type used by rosegarden.</p>
+
+<p>The desktop file of the rosegarden program failed to list
+audio/x-rosegarden in its list of supported MIME types, causing the
+file browsers to have no idea what to do with *.rg files:</p>
+
+<p><blockquote><pre>
+% grep Mime /usr/share/applications/rosegarden.desktop
+MimeType=audio/x-rosegarden-composition;audio/x-rosegarden-device;audio/x-rosegarden-project;audio/x-rosegarden-template;audio/midi;
+X-KDE-NativeMimeType=audio/x-rosegarden-composition
+%
+</pre></blockquote></p>
+
+<p>The fix was to add "audio/x-rosegarden;" at the end of the
+MimeType= line.</p>
+
+<p>If you run into a file which fail to open the correct program when
+selected from the file browser, please check out the output from
+<tt>file --mime-type</tt> for the file, ensure the file ending and
+MIME type is registered somewhere under /usr/share/mime/ and check
+that some desktop file under /usr/share/applications/ is claiming
+support for this MIME type. If not, please report a bug to have it
+fixed. :)</p>
projects / homepage.git / blobdiff