<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
<item>
- <title>Unlimited randomness with the ChaosKey?</title>
- <link>http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html</guid>
- <pubDate>Wed, 1 Mar 2017 20:50:00 +0100</pubDate>
- <description><p>A few days ago I ordered a small batch of
-<a href="http://altusmetrum.org/ChaosKey/">the ChaosKey</a>, a small
-USB dongle for generating entropy created by Bdale Garbee and Keith
-Packard. Yesterday it arrived, and I am very happy to report that it
-work great! According to its designers, to get it to work out of the
-box, you need the Linux kernel version 4.1 or later. I tested on a
-Debian Stretch machine (kernel version 4.9), and there it worked just
-fine, increasing the available entropy very quickly. I wrote a small
-test oneliner to test. It first print the current entropy level,
-drain /dev/random, and then print the entropy level for five seconds.
-Here is the situation without the ChaosKey inserted:</p>
-
-<blockquote><pre>
-% cat /proc/sys/kernel/random/entropy_avail; \
- dd bs=1M if=/dev/random of=/dev/null count=1; \
- for n in $(seq 1 5); do \
- cat /proc/sys/kernel/random/entropy_avail; \
- sleep 1; \
- done
-300
-0+1 oppføringer inn
-0+1 oppføringer ut
-28 byte kopiert, 0,000264565 s, 106 kB/s
-4
-8
-12
-17
-21
-%
-</pre></blockquote>
-
-<p>The entropy level increases by 3-4 every second. In such case any
-application requiring random bits (like a HTTPS enabled web server)
-will halt and wait for more entrpy. And here is the situation with
-the ChaosKey inserted:</p>
-
-<blockquote><pre>
-% cat /proc/sys/kernel/random/entropy_avail; \
- dd bs=1M if=/dev/random of=/dev/null count=1; \
- for n in $(seq 1 5); do \
- cat /proc/sys/kernel/random/entropy_avail; \
- sleep 1; \
- done
-1079
-0+1 oppføringer inn
-0+1 oppføringer ut
-104 byte kopiert, 0,000487647 s, 213 kB/s
-433
-1028
-1031
-1035
-1038
-%
-</pre></blockquote>
-
-<p>Quite the difference. :) I bought a few more than I need, in case
-someone want to buy one here in Norway. :)</p>
-
-<p>Update: The dongle was presented at Debconf last year. You might
-find <a href="https://debconf16.debconf.org/talks/94/">the talk
-recording illuminating</a>. It explains exactly what the source of
-randomness is, if you are unable to spot it from the schema drawing
-available from the ChaosKey web site linked at the start of this blog
-post.</p>
+ <title>Mangler du en skrue, eller har du en skrue løs?</title>
+ <link>http://people.skolelinux.org/pere/blog/Mangler_du_en_skrue__eller_har_du_en_skrue_l_s_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Mangler_du_en_skrue__eller_har_du_en_skrue_l_s_.html</guid>
+ <pubDate>Wed, 4 Oct 2017 09:40:00 +0200</pubDate>
+ <description>Når jeg holder på med ulike prosjekter, så trenger jeg stadig ulike
+skruer. Det siste prosjektet jeg holder på med er å lage
+<a href="https://www.thingiverse.com/thing:676916">en boks til en
+HDMI-touch-skjerm</a> som skal brukes med Raspberry Pi. Boksen settes
+sammen med skruer og bolter, og jeg har vært i tvil om hvor jeg kan
+få tak i de riktige skruene. Clas Ohlson og Jernia i nærheten har
+sjelden hatt det jeg trenger. Men her om dagen fikk jeg et fantastisk
+tips for oss som bor i Oslo.
+<a href="http://www.zachskruer.no/">Zachariassen Jernvare AS</a> i
+<a href="http://www.openstreetmap.org/?mlat=59.93421&mlon=10.76795#map=19/59.93421/10.76795">Hegermannsgate
+23A på Torshov</a> har et fantastisk utvalg, og åpent mellom 09:00 og
+17:00. De selger skruer, muttere, bolter, skiver etc i løs vekt, og
+så langt har jeg fått alt jeg har lett etter. De har i tillegg det
+meste av annen jernvare, som verktøy, lamper, ledninger, etc. Jeg
+håper de har nok kunder til å holde det gående lenge, da dette er en
+butikk jeg kommer til å besøke ofte. Butikken er et funn å ha i
+nabolaget for oss som liker å bygge litt selv. :)</p>
</description>
</item>
<item>
- <title>Detect OOXML files with undefined behaviour?</title>
- <link>http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html</guid>
- <pubDate>Tue, 21 Feb 2017 00:20:00 +0100</pubDate>
- <description><p>I just noticed
-<a href="http://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing">the
-new Norwegian proposal for archiving rules in the goverment</a> list
-<a href="http://www.ecma-international.org/publications/standards/Ecma-376.htm">ECMA-376</a>
-/ ISO/IEC 29500 (aka OOXML) as valid formats to put in long term
-storage. Luckily such files will only be accepted based on
-pre-approval from the National Archive. Allowing OOXML files to be
-used for long term storage might seem like a good idea as long as we
-forget that there are plenty of ways for a "valid" OOXML document to
-have content with no defined interpretation in the standard, which
-lead to a question and an idea.</p>
-
-<p>Is there any tool to detect if a OOXML document depend on such
-undefined behaviour? It would be useful for the National Archive (and
-anyone else interested in verifying that a document is well defined)
-to have such tool available when considering to approve the use of
-OOXML. I'm aware of the
-<a href="https://github.com/arlm/officeotron/">officeotron OOXML
-validator</a>, but do not know how complete it is nor if it will
-report use of undefined behaviour. Are there other similar tools
-available? Please send me an email if you know of any such tool.</p>
+ <title>Visualizing GSM radio chatter using gr-gsm and Hopglass</title>
+ <link>http://people.skolelinux.org/pere/blog/Visualizing_GSM_radio_chatter_using_gr_gsm_and_Hopglass.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Visualizing_GSM_radio_chatter_using_gr_gsm_and_Hopglass.html</guid>
+ <pubDate>Fri, 29 Sep 2017 10:30:00 +0200</pubDate>
+ <description><p>Every mobile phone announce its existence over radio to the nearby
+mobile cell towers. And this radio chatter is available for anyone
+with a radio receiver capable of receiving them. Details about the
+mobile phones with very good accuracy is of course collected by the
+phone companies, but this is not the topic of this blog post. The
+mobile phone radio chatter make it possible to figure out when a cell
+phone is nearby, as it include the SIM card ID (IMSI). By paying
+attention over time, one can see when a phone arrive and when it leave
+an area. I believe it would be nice to make this information more
+available to the general public, to make more people aware of how
+their phones are announcing their whereabouts to anyone that care to
+listen.</p>
+
+<p>I am very happy to report that we managed to get something
+visualizing this information up and running for
+<a href="http://norwaymakers.org/osf17">Oslo Skaperfestival 2017</a>
+(Oslo Makers Festival) taking place today and tomorrow at Deichmanske
+library. The solution is based on the
+<a href="http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html">simple
+recipe for listening to GSM chatter</a> I posted a few days ago, and
+will show up at the stand of <a href="http://sonen.ifi.uio.no/">Åpen
+Sone from the Computer Science department of the University of
+Oslo</a>. The presentation will show the nearby mobile phones (aka
+IMSIs) as dots in a web browser graph, with lines to the dot
+representing mobile base station it is talking to. It was working in
+the lab yesterday, and was moved into place this morning.</p>
+
+<p>We set up a fairly powerful desktop machine using Debian
+Buster/Testing with several (five, I believe) RTL2838 DVB-T receivers
+connected and visualize the visible cell phone towers using an
+<a href="https://github.com/marlow925/hopglass">English version of
+Hopglass</a>. A fairly powerfull machine is needed as the
+grgsm_livemon_headless processes from
+<a href="https://tracker.debian.org/pkg/gr-gsm">gr-gsm</a> converting
+the radio signal to data packages is quite CPU intensive.</p>
+
+<p>The frequencies to listen to, are identified using a slightly
+patched scan-and-livemon (to set the --args values for each receiver),
+and the Hopglass data is generated using the
+<a href="https://github.com/petterreinholdtsen/IMSI-catcher/tree/meshviewer-output">patches
+in my meshviewer-output branch</a>. For some reason we could not get
+more than four SDRs working. There is also a geographical map trying
+to show the location of the base stations, but I believe their
+coordinates are hardcoded to some random location in Germany, I
+believe. The code should be replaced with code to look up location in
+a text file, a sqlite database or one of the online databases
+mentioned in
+<a href="https://github.com/Oros42/IMSI-catcher/issues/14">the github
+issue for the topic</a>.
+
+<p>If this sound interesting, visit the stand at the festival!</p>
</description>
</item>
<item>
- <title>Ruling ignored our objections to the seizure of popcorn-time.no (#domstolkontroll)</title>
- <link>http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html</guid>
- <pubDate>Mon, 13 Feb 2017 21:30:00 +0100</pubDate>
- <description><p>A few days ago, we received the ruling from
-<a href="http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html">my
-day in court</a>. The case in question is a challenge of the seizure
-of the DNS domain popcorn-time.no. The ruling simply did not mention
-most of our arguments, and seemed to take everything ØKOKRIM said at
-face value, ignoring our demonstration and explanations. But it is
-hard to tell for sure, as we still have not seen most of the documents
-in the case and thus were unprepared and unable to contradict several
-of the claims made in court by the opposition. We are considering an
-appeal, but it is partly a question of funding, as it is costing us
-quite a bit to pay for our lawyer. If you want to help, please
-<a href="http://www.nuug.no/dns-beslag-donasjon.shtml">donate to the
-NUUG defense fund</a>.</p>
-
-<p>The details of the case, as far as we know it, is available in
-Norwegian from
-<a href="https://www.nuug.no/news/tags/dns-domenebeslag/">the NUUG
-blog</a>. This also include
-<a href="https://www.nuug.no/news/Avslag_etter_rettslig_h_ring_om_DNS_beslaget___vurderer_veien_videre.shtml">the
-ruling itself</a>.</p>
+ <title>Easier recipe to observe the cell phones around you</title>
+ <link>http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html</guid>
+ <pubDate>Sun, 24 Sep 2017 08:30:00 +0200</pubDate>
+ <description><p>A little more than a month ago I wrote
+<a href="http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html">how
+to observe the SIM card ID (aka IMSI number) of mobile phones talking
+to nearby mobile phone base stations using Debian GNU/Linux and a
+cheap USB software defined radio</a>, and thus being able to pinpoint
+the location of people and equipment (like cars and trains) with an
+accuracy of a few kilometer. Since then we have worked to make the
+procedure even simpler, and it is now possible to do this without any
+manual frequency tuning and without building your own packages.</p>
+
+<p>The <a href="https://tracker.debian.org/pkg/gr-gsm">gr-gsm</a>
+package is now included in Debian testing and unstable, and the
+IMSI-catcher code no longer require root access to fetch and decode
+the GSM data collected using gr-gsm.</p>
+
+<p>Here is an updated recipe, using packages built by Debian and a git
+clone of two python scripts:</p>
+
+<ol>
+
+<li>Start with a Debian machine running the Buster version (aka
+ testing).</li>
+
+<li>Run '<tt>apt install gr-gsm python-numpy python-scipy
+ python-scapy</tt>' as root to install required packages.</li>
+
+<li>Fetch the code decoding GSM packages using '<tt>git clone
+ github.com/Oros42/IMSI-catcher.git</tt>'.</li>
+
+<li>Insert USB software defined radio supported by GNU Radio.</li>
+
+<li>Enter the IMSI-catcher directory and run '<tt>python
+ scan-and-livemon</tt>' to locate the frequency of nearby base
+ stations and start listening for GSM packages on one of them.</li>
+
+<li>Enter the IMSI-catcher directory and run '<tt>python
+ simple_IMSI-catcher.py</tt>' to display the collected information.</li>
+
+</ol>
+
+<p>Note, due to a bug somewhere the scan-and-livemon program (actually
+<a href="https://github.com/ptrkrysik/gr-gsm/issues/336">its underlying
+program grgsm_scanner</a>) do not work with the HackRF radio. It does
+work with RTL 8232 and other similar USB radio receivers you can get
+very cheaply
+(<a href="https://www.ebay.com/sch/items/?_nkw=rtl+2832">for example
+from ebay</a>), so for now the solution is to scan using the RTL radio
+and only use HackRF for fetching GSM data.</p>
+
+<p>As far as I can tell, a cell phone only show up on one of the
+frequencies at the time, so if you are going to track and count every
+cell phone around you, you need to listen to all the frequencies used.
+To listen to several frequencies, use the --numrecv argument to
+scan-and-livemon to use several receivers. Further, I am not sure if
+phones using 3G or 4G will show as talking GSM to base stations, so
+this approach might not see all phones around you. I typically see
+0-400 IMSI numbers an hour when looking around where I live.</p>
+
+<p>I've tried to run the scanner on a
+<a href="https://wiki.debian.org/RaspberryPi">Raspberry Pi 2 and 3
+running Debian Buster</a>, but the grgsm_livemon_headless process seem
+to be too CPU intensive to keep up. When GNU Radio print 'O' to
+stdout, I am told there it is caused by a buffer overflow between the
+radio and GNU Radio, caused by the program being unable to read the
+GSM data fast enough. If you see a stream of 'O's from the terminal
+where you started scan-and-livemon, you need a give the process more
+CPU power. Perhaps someone are able to optimize the code to a point
+where it become possible to set up RPi3 based GSM sniffers? I tried
+using Raspbian instead of Debian, but there seem to be something wrong
+with GNU Radio on raspbian, causing glibc to abort().</p>
</description>
</item>
<item>
- <title>A day in court challenging seizure of popcorn-time.no for #domstolkontroll</title>
- <link>http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html</guid>
- <pubDate>Fri, 3 Feb 2017 11:10:00 +0100</pubDate>
- <description><p align="center"><img width="70%" src="http://people.skolelinux.org/pere/blog/images/2017-02-01-popcorn-time-in-court.jpeg"></p>
-
-<p>On Wednesday, I spent the entire day in court in Follo Tingrett
-representing <a href="https://www.nuug.no/">the member association
-NUUG</a>, alongside <a href="https://www.efn.no/">the member
-association EFN</a> and <a href="http://www.imc.no">the DNS registrar
-IMC</a>, challenging the seizure of the DNS name popcorn-time.no. It
-was interesting to sit in a court of law for the first time in my
-life. Our team can be seen in the picture above: attorney Ola
-Tellesbø, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil
-Eriksen and NUUG board member Petter Reinholdtsen.</p>
-
-<p><a href="http://www.domstol.no/no/Enkelt-domstol/follo-tingrett/Nar-gar-rettssaken/Beramming/?cid=AAAA1701301512081262234UJFBVEZZZZZEJBAvtale">The
-case at hand</a> is that the Norwegian National Authority for
-Investigation and Prosecution of Economic and Environmental Crime (aka
-Økokrim) decided on their own, to seize a DNS domain early last
-year, without following
-<a href="https://www.norid.no/no/regelverk/navnepolitikk/#link12">the
-official policy of the Norwegian DNS authority</a> which require a
-court decision. The web site in question was a site covering Popcorn
-Time. And Popcorn Time is the name of a technology with both legal
-and illegal applications. Popcorn Time is a client combining
-searching a Bittorrent directory available on the Internet with
-downloading/distribute content via Bittorrent and playing the
-downloaded content on screen. It can be used illegally if it is used
-to distribute content against the will of the right holder, but it can
-also be used legally to play a lot of content, for example the
-millions of movies
-<a href="https://archive.org/details/movies">available from the
-Internet Archive</a> or the collection
-<a href="http://vodo.net/films/">available from Vodo</a>. We created
-<a href="magnet:?xt=urn:btih:86c1802af5a667ca56d3918aecb7d3c0f7173084&dn=PresentasjonFolloTingrett.mov&tr=udp%3A%2F%2Fpublic.popcorn-tracker.org%3A6969%2Fannounce">a
-video demonstrating legally use of Popcorn Time</a> and played it in
-Court. It can of course be downloaded using Bittorrent.</p>
-
-<p>I did not quite know what to expect from a day in court. The
-government held on to their version of the story and we held on to
-ours, and I hope the judge is able to make sense of it all. We will
-know in two weeks time. Unfortunately I do not have high hopes, as
-the Government have the upper hand here with more knowledge about the
-case, better training in handling criminal law and in general higher
-standing in the courts than fairly unknown DNS registrar and member
-associations. It is expensive to be right also in Norway. So far the
-case have cost more than NOK 70 000,-. To help fund the case, NUUG
-and EFN have asked for donations, and managed to collect around NOK 25
-000,- so far. Given the presentation from the Government, I expect
-the government to appeal if the case go our way. And if the case do
-not go our way, I hope we have enough funding to appeal.</p>
-
-<p>From the other side came two people from Økokrim. On the benches,
-appearing to be part of the group from the government were two people
-from the Simonsen Vogt Wiik lawyer office, and three others I am not
-quite sure who was. Økokrim had proposed to present two witnesses
-from The Motion Picture Association, but this was rejected because
-they did not speak Norwegian and it was a bit late to bring in a
-translator, but perhaps the two from MPA were present anyway. All
-seven appeared to know each other. Good to see the case is take
-seriously.</p>
-
-<p>If you, like me, believe the courts should be involved before a DNS
-domain is hijacked by the government, or you believe the Popcorn Time
-technology have a lot of useful and legal applications, I suggest you
-too <a href="http://www.nuug.no/dns-beslag-donasjon.shtml">donate to
-the NUUG defense fund</a>. Both Bitcoin and bank transfer are
-available. If NUUG get more than we need for the legal action (very
-unlikely), the rest will be spend promoting free software, open
-standards and unix-like operating systems in Norway, so no matter what
-happens the money will be put to good use.</p>
-
-<p>If you want to lean more about the case, I recommend you check out
-<a href="https://www.nuug.no/news/tags/dns-domenebeslag/">the blog
-posts from NUUG covering the case</a>. They cover the legal arguments
-on both sides.</p>
+ <title>Datalagringsdirektivet kaster skygger over Høyre og Arbeiderpartiet</title>
+ <link>http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html</guid>
+ <pubDate>Thu, 7 Sep 2017 21:35:00 +0200</pubDate>
+ <description><p>For noen dager siden publiserte Jon Wessel-Aas en bloggpost om
+«<a href="http://www.uhuru.biz/?p=1821">Konklusjonen om datalagring som
+EU-kommisjonen ikke ville at vi skulle få se</a>». Det er en
+interessant gjennomgang av EU-domstolens syn på snurpenotovervåkning
+av befolkningen, som er klar på at det er i strid med
+EU-lovgivingen.</p>
+
+<p>Valgkampen går for fullt i Norge, og om noen få dager er siste
+frist for å avgi stemme. En ting er sikkert, Høyre og Arbeiderpartiet
+får ikke min stemme
+<a href="http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_gj_r_at_Oslo_H_yre_og_Arbeiderparti_ikke_f_r_min_stemme_i__r.html">denne
+gangen heller</a>. Jeg har ikke glemt at de tvang igjennom loven som
+skulle pålegge alle data- og teletjenesteleverandører å overvåke alle
+sine kunder. En lov som er vedtatt, og aldri opphevet igjen.</p>
+
+<p>Det er tydelig fra diskusjonen rundt grenseløs digital overvåkning
+(eller "Digital Grenseforsvar" som det kalles i Orvellisk nytale) at
+hverken Høyre og Arbeiderpartiet har noen prinsipielle sperrer mot å
+overvåke hele befolkningen, og diskusjonen så langt tyder på at flere
+av de andre partiene heller ikke har det. Mange av
+<a href="https://data.holderdeord.no/votes/1301946411e">de som stemte
+for Datalagringsdirektivet i Stortinget</a> (64 fra Arbeiderpartiet,
+25 fra Høyre) er fortsatt aktive og argumenterer fortsatt for å radere
+vekk mer av innbyggernes privatsfære.</p>
+
+<p>Når myndighetene demonstrerer sin mistillit til folket, tror jeg
+folket selv bør legge litt innsats i å verne sitt privatliv, ved å ta
+i bruk ende-til-ende-kryptert kommunikasjon med sine kjente og kjære,
+og begrense hvor mye privat informasjon som deles med uvedkommende.
+Det er jo ingenting som tyder på at myndighetene kommer til å være vår
+privatsfære.
+<a href="http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html">Det
+er mange muligheter</a>. Selv har jeg litt sans for
+<a href="https://ring.cx/">Ring</a>, som er basert på p2p-teknologi
+uten sentral kontroll, er fri programvare, og støtter meldinger, tale
+og video. Systemet er tilgjengelig ut av boksen fra
+<a href="https://tracker.debian.org/pkg/ring">Debian</a> og
+<a href="https://launchpad.net/ubuntu/+source/ring">Ubuntu</a>, og det
+finnes pakker for Android, MacOSX og Windows. Foreløpig er det få
+brukere med Ring, slik at jeg også bruker
+<a href="https://signal.org/">Signal</a> som nettleserutvidelse.</p>
</description>
</item>
<item>
- <title>Nasjonalbiblioteket avslutter sin ulovlige bruk av Google Skjemaer</title>
- <link>http://people.skolelinux.org/pere/blog/Nasjonalbiblioteket_avslutter_sin_ulovlige_bruk_av_Google_Skjemaer.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Nasjonalbiblioteket_avslutter_sin_ulovlige_bruk_av_Google_Skjemaer.html</guid>
- <pubDate>Thu, 12 Jan 2017 09:40:00 +0100</pubDate>
- <description><p>I dag fikk jeg en skikkelig gladmelding. Bakgrunnen er at før jul
-arrangerte Nasjonalbiblioteket
-<a href="http://www.nb.no/Bibliotekutvikling/Kunnskapsorganisering/Nasjonalt-verksregister/Seminar-om-verksregister">et
-seminar om sitt knakende gode tiltak «verksregister»</a>. Eneste
-måten å melde seg på dette seminaret var å sende personopplysninger
-til Google via Google Skjemaer. Dette syntes jeg var tvilsom praksis,
-da det bør være mulig å delta på seminarer arrangert av det offentlige
-uten å måtte dele sine interesser, posisjon og andre
-personopplysninger med Google. Jeg ba derfor om innsyn via
-<a href="https://www.mimesbronn.no/">Mimes brønn</a> i
-<a href="https://www.mimesbronn.no/request/personopplysninger_til_google_sk">avtaler
-og vurderinger Nasjonalbiblioteket hadde rundt dette</a>.
-Personopplysningsloven legger klare rammer for hva som må være på
-plass før en kan be tredjeparter, spesielt i utlandet, behandle
-personopplysninger på sine vegne, så det burde eksistere grundig
-dokumentasjon før noe slikt kan bli lovlig. To jurister hos
-Nasjonalbiblioteket mente først dette var helt i orden, og at Googles
-standardavtale kunne brukes som databehandlingsavtale. Det syntes jeg
-var merkelig, men har ikke hatt kapasitet til å følge opp saken før
-for to dager siden.</p>
-
-<p>Gladnyheten i dag, som kom etter at jeg tipset Nasjonalbiblioteket
-om at Datatilsynet underkjente Googles standardavtaler som
-databehandleravtaler i 2011, er at Nasjonalbiblioteket har bestemt seg
-for å avslutte bruken av Googles Skjemaer/Apps og gå i dialog med DIFI
-for å finne bedre måter å håndtere påmeldinger i tråd med
-personopplysningsloven. Det er fantastisk å se at av og til hjelper
-det å spørre hva i alle dager det offentlige holder på med.</p>
+ <title>Simpler recipe on how to make a simple $7 IMSI Catcher using Debian</title>
+ <link>http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html</guid>
+ <pubDate>Wed, 9 Aug 2017 23:59:00 +0200</pubDate>
+ <description><p>On friday, I came across an interesting article in the Norwegian
+web based ICT news magazine digi.no on
+<a href="https://www.digi.no/artikler/sikkerhetsforsker-lagde-enkel-imsi-catcher-for-60-kroner-na-kan-mobiler-kartlegges-av-alle/398588">how
+to collect the IMSI numbers of nearby cell phones</a> using the cheap
+DVB-T software defined radios. The article refered to instructions
+and <a href="https://www.youtube.com/watch?v=UjwgNd_as30">a recipe by
+Keld Norman on Youtube on how to make a simple $7 IMSI Catcher</a>, and I decided to test them out.</p>
+
+<p>The instructions said to use Ubuntu, install pip using apt (to
+bypass apt), use pip to install pybombs (to bypass both apt and pip),
+and the ask pybombs to fetch and build everything you need from
+scratch. I wanted to see if I could do the same on the most recent
+Debian packages, but this did not work because pybombs tried to build
+stuff that no longer build with the most recent openssl library or
+some other version skew problem. While trying to get this recipe
+working, I learned that the apt->pip->pybombs route was a long detour,
+and the only piece of software dependency missing in Debian was the
+gr-gsm package. I also found out that the lead upstream developer of
+gr-gsm (the name stand for GNU Radio GSM) project already had a set of
+Debian packages provided in an Ubuntu PPA repository. All I needed to
+do was to dget the Debian source package and built it.</p>
+
+<p>The IMSI collector is a python script listening for packages on the
+loopback network device and printing to the terminal some specific GSM
+packages with IMSI numbers in them. The code is fairly short and easy
+to understand. The reason this work is because gr-gsm include a tool
+to read GSM data from a software defined radio like a DVB-T USB stick
+and other software defined radios, decode them and inject them into a
+network device on your Linux machine (using the loopback device by
+default). This proved to work just fine, and I've been testing the
+collector for a few days now.</p>
+
+<p>The updated and simpler recipe is thus to</p>
+
+<ol>
+
+<li>start with a Debian machine running Stretch or newer,</li>
+
+<li>build and install the gr-gsm package available from
+<a href="http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/">http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/</a>,</li>
+
+<li>clone the git repostory from <a href="https://github.com/Oros42/IMSI-catcher">https://github.com/Oros42/IMSI-catcher</a>,</li>
+
+<li>run grgsm_livemon and adjust the frequency until the terminal
+where it was started is filled with a stream of text (meaning you
+found a GSM station).</li>
+
+<li>go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.</li>
+
+</ol>
+
+<p>To make it even easier in the future to get this sniffer up and
+running, I decided to package
+<a href="https://github.com/ptrkrysik/gr-gsm/">the gr-gsm project</a>
+for Debian (<a href="https://bugs.debian.org/871055">WNPP
+#871055</a>), and the package was uploaded into the NEW queue today.
+Luckily the gnuradio maintainer has promised to help me, as I do not
+know much about gnuradio stuff yet.</p>
+
+<p>I doubt this "IMSI cacher" is anywhere near as powerfull as
+commercial tools like
+<a href="https://www.thespyphone.com/portable-imsi-imei-catcher/">The
+Spy Phone Portable IMSI / IMEI Catcher</a> or the
+<a href="https://en.wikipedia.org/wiki/Stingray_phone_tracker">Harris
+Stingray</a>, but I hope the existance of cheap alternatives can make
+more people realise how their whereabouts when carrying a cell phone
+is easily tracked. Seeing the data flow on the screen, realizing that
+I live close to a police station and knowing that the police is also
+wearing cell phones, I wonder how hard it would be for criminals to
+track the position of the police officers to discover when there are
+police near by, or for foreign military forces to track the location
+of the Norwegian military forces, or for anyone to track the location
+of government officials...</p>
+
+<p>It is worth noting that the data reported by the IMSI-catcher
+script mentioned above is only a fraction of the data broadcasted on
+the GSM network. It will only collect one frequency at the time,
+while a typical phone will be using several frequencies, and not all
+phones will be using the frequencies tracked by the grgsm_livemod
+program. Also, there is a lot of radio chatter being ignored by the
+simple_IMSI-catcher script, which would be collected by extending the
+parser code. I wonder if gr-gsm can be set up to listen to more than
+one frequency?</p>
</description>
</item>
<item>
- <title>Bryter NAV sin egen personvernerklæring?</title>
- <link>http://people.skolelinux.org/pere/blog/Bryter_NAV_sin_egen_personvernerkl_ring_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Bryter_NAV_sin_egen_personvernerkl_ring_.html</guid>
- <pubDate>Wed, 11 Jan 2017 06:50:00 +0100</pubDate>
- <description><p>Jeg leste med interesse en nyhetssak hos
-<a href="http://www.digi.no/artikler/nav-avslorer-trygdemisbruk-ved-a-spore-ip-adresser/367394">digi.no</a>
-og
-<a href="https://www.nrk.no/buskerud/trygdesvindlere-avslores-av-utenlandske-ip-adresser-1.13313461">NRK</a>
-om at det ikke bare er meg, men at også NAV bedriver geolokalisering
-av IP-adresser, og at det gjøres analyse av IP-adressene til de som
-sendes inn meldekort for å se om meldekortet sendes inn fra
-utenlandske IP-adresser. Politiadvokat i Drammen, Hans Lyder Haare,
-er sitert i NRK på at «De to er jo blant annet avslørt av
-IP-adresser. At man ser at meldekortet kommer fra utlandet.»</p>
-
-<p>Jeg synes det er fint at det blir bedre kjent at IP-adresser
-knyttes til enkeltpersoner og at innsamlet informasjon brukes til å
-stedsbestemme personer også av aktører her i Norge. Jeg ser det som
-nok et argument for å bruke
-<a href="https://www.torproject.org/">Tor</a> så mye som mulig for å
-gjøre gjøre IP-lokalisering vanskeligere, slik at en kan beskytte sin
-privatsfære og unngå å dele sin fysiske plassering med
-uvedkommede.</p>
-
-<P>Men det er en ting som bekymrer meg rundt denne nyheten. Jeg ble
-tipset (takk #nuug) om
-<a href="https://www.nav.no/no/NAV+og+samfunn/Kontakt+NAV/Teknisk+brukerstotte/Snarveier/personvernerkl%C3%A6ring-for-arbeids-og-velferdsetaten">NAVs
-personvernerklæring</a>, som under punktet «Personvern og statistikk»
-lyder:</p>
-
-<p><blockquote>
-
-<p>«Når du besøker nav.no, etterlater du deg elektroniske spor. Sporene
-dannes fordi din nettleser automatisk sender en rekke opplysninger til
-NAVs tjener (server-maskin) hver gang du ber om å få vist en side. Det
-er eksempelvis opplysninger om hvilken nettleser og -versjon du
-bruker, og din internettadresse (ip-adresse). For hver side som vises,
-lagres følgende opplysninger:</p>
-
-<ul>
-<li>hvilken side du ser på</li>
-<li>dato og tid</li>
-<li>hvilken nettleser du bruker</li>
-<li>din ip-adresse</li>
-</ul>
-
-<p>Ingen av opplysningene vil bli brukt til å identifisere
-enkeltpersoner. NAV bruker disse opplysningene til å generere en
-samlet statistikk som blant annet viser hvilke sider som er mest
-populære. Statistikken er et redskap til å forbedre våre
-tjenester.»</p>
-
-</blockquote></p>
-
-<p>Jeg klarer ikke helt å se hvordan analyse av de besøkendes
-IP-adresser for å se hvem som sender inn meldekort via web fra en
-IP-adresse i utlandet kan gjøres uten å komme i strid med påstanden om
-at «ingen av opplysningene vil bli brukt til å identifisere
-enkeltpersoner». Det virker dermed for meg som at NAV bryter sine
-egen personvernerklæring, hvilket
-<a href="http://people.skolelinux.org/pere/blog/Er_lover_brutt_n_r_personvernpolicy_ikke_stemmer_med_praksis_.html">Datatilsynet
-fortalte meg i starten av desember antagelig er brudd på
-personopplysningsloven</a>.
-
-<p>I tillegg er personvernerklæringen ganske misvisende i og med at
-NAVs nettsider ikke bare forsyner NAV med personopplysninger, men i
-tillegg ber brukernes nettleser kontakte fem andre nettjenere
-(script.hotjar.com, static.hotjar.com, vars.hotjar.com,
-www.google-analytics.com og www.googletagmanager.com), slik at
-personopplysninger blir gjort tilgjengelig for selskapene Hotjar og
-Google , og alle som kan lytte på trafikken på veien (som FRA, GCHQ og
-NSA). Jeg klarer heller ikke se hvordan slikt spredning av
-personopplysninger kan være i tråd med kravene i
-personopplysningloven, eller i tråd med NAVs personvernerklæring.</p>
-
-<p>Kanskje NAV bør ta en nøye titt på sin personvernerklæring? Eller
-kanskje Datatilsynet bør gjøre det?</p>
+ <title>Norwegian Bokmål edition of Debian Administrator's Handbook is now available</title>
+ <link>http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html</guid>
+ <pubDate>Tue, 25 Jul 2017 21:10:00 +0200</pubDate>
+ <description><p align="center"><img align="center" src="http://people.skolelinux.org/pere/blog/images/2017-07-25-debian-handbook-nb-testprint.png"/></p>
+
+<p>I finally received a copy of the Norwegian Bokmål edition of
+"<a href="https://debian-handbook.info/">The Debian Administrator's
+Handbook</a>". This test copy arrived in the mail a few days ago, and
+I am very happy to hold the result in my hand. We spent around one and a half year translating it. This paperbook edition
+<a href="https://debian-handbook.info/get/#norwegian">is available
+from lulu.com</a>. If you buy it quickly, you save 25% on the list
+price. The book is also available for download in electronic form as
+PDF, EPUB and Mobipocket, as can be
+<a href="https://debian-handbook.info/browse/nb-NO/stable/">read online
+as a web page</a>.</p>
+
+<p>This is the second book I publish (the first was the book
+"<a href="http://free-culture.cc/">Free Culture</a>" by Lawrence Lessig
+in
+<a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">English</a>,
+<a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">French</a>
+and
+<a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Norwegian
+Bokmål</a>), and I am very excited to finally wrap up this
+project. I hope
+"<a href="http://www.lulu.com/shop/rapha%C3%ABl-hertzog-and-roland-mas/h%C3%A5ndbok-for-debian-administratoren/paperback/product-23262290.html">Håndbok
+for Debian-administratoren</a>" will be well received.</p>
</description>
</item>
<item>
- <title>Where did that package go? &mdash; geolocated IP traceroute</title>
- <link>http://people.skolelinux.org/pere/blog/Where_did_that_package_go___mdash__geolocated_IP_traceroute.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Where_did_that_package_go___mdash__geolocated_IP_traceroute.html</guid>
- <pubDate>Mon, 9 Jan 2017 12:20:00 +0100</pubDate>
- <description><p>Did you ever wonder where the web trafic really flow to reach the
-web servers, and who own the network equipment it is flowing through?
-It is possible to get a glimpse of this from using traceroute, but it
-is hard to find all the details. Many years ago, I wrote a system to
-map the Norwegian Internet (trying to figure out if our plans for a
-network game service would get low enough latency, and who we needed
-to talk to about setting up game servers close to the users. Back
-then I used traceroute output from many locations (I asked my friends
-to run a script and send me their traceroute output) to create the
-graph and the map. The output from traceroute typically look like
-this:
-
-<p><pre>
-traceroute to www.stortinget.no (85.88.67.10), 30 hops max, 60 byte packets
- 1 uio-gw10.uio.no (129.240.202.1) 0.447 ms 0.486 ms 0.621 ms
- 2 uio-gw8.uio.no (129.240.24.229) 0.467 ms 0.578 ms 0.675 ms
- 3 oslo-gw1.uninett.no (128.39.65.17) 0.385 ms 0.373 ms 0.358 ms
- 4 te3-1-2.br1.fn3.as2116.net (193.156.90.3) 1.174 ms 1.172 ms 1.153 ms
- 5 he16-1-1.cr1.san110.as2116.net (195.0.244.234) 2.627 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48) 3.172 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234) 2.857 ms
- 6 ae1.ar8.oslosda310.as2116.net (195.0.242.39) 0.662 ms 0.637 ms ae0.ar8.oslosda310.as2116.net (195.0.242.23) 0.622 ms
- 7 89.191.10.146 (89.191.10.146) 0.931 ms 0.917 ms 0.955 ms
- 8 * * *
- 9 * * *
-[...]
-</pre></p>
-
-<p>This show the DNS names and IP addresses of (at least some of the)
-network equipment involved in getting the data traffic from me to the
-www.stortinget.no server, and how long it took in milliseconds for a
-package to reach the equipment and return to me. Three packages are
-sent, and some times the packages do not follow the same path. This
-is shown for hop 5, where three different IP addresses replied to the
-traceroute request.</p>
-
-<p>There are many ways to measure trace routes. Other good traceroute
-implementations I use are traceroute (using ICMP packages) mtr (can do
-both ICMP, UDP and TCP) and scapy (python library with ICMP, UDP, TCP
-traceroute and a lot of other capabilities). All of them are easily
-available in <a href="https://www.debian.org/">Debian</a>.</p>
-
-<p>This time around, I wanted to know the geographic location of
-different route points, to visualize how visiting a web page spread
-information about the visit to a lot of servers around the globe. The
-background is that a web site today often will ask the browser to get
-from many servers the parts (for example HTML, JSON, fonts,
-JavaScript, CSS, video) required to display the content. This will
-leak information about the visit to those controlling these servers
-and anyone able to peek at the data traffic passing by (like your ISP,
-the ISPs backbone provider, FRA, GCHQ, NSA and others).</p>
-
-<p>Lets pick an example, the Norwegian parliament web site
-www.stortinget.no. It is read daily by all members of parliament and
-their staff, as well as political journalists, activits and many other
-citizens of Norway. A visit to the www.stortinget.no web site will
-ask your browser to contact 8 other servers: ajax.googleapis.com,
-insights.hotjar.com, script.hotjar.com, static.hotjar.com,
-stats.g.doubleclick.net, www.google-analytics.com,
-www.googletagmanager.com and www.netigate.se. I extracted this by
-asking <a href="http://phantomjs.org/">PhantomJS</a> to visit the
-Stortinget web page and tell me all the URLs PhantomJS downloaded to
-render the page (in HAR format using
-<a href="https://github.com/ariya/phantomjs/blob/master/examples/netsniff.js">their
-netsniff example</a>. I am very grateful to Gorm for showing me how
-to do this). My goal is to visualize network traces to all IP
-addresses behind these DNS names, do show where visitors personal
-information is spread when visiting the page.</p>
-
-<p align="center"><a href="www.stortinget.no-geoip.kml"><img
-src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geoip-small.png" alt="map of combined traces for URLs used by www.stortinget.no using GeoIP"/></a></p>
-
-<p>When I had a look around for options, I could not find any good
-free software tools to do this, and decided I needed my own traceroute
-wrapper outputting KML based on locations looked up using GeoIP. KML
-is easy to work with and easy to generate, and understood by several
-of the GIS tools I have available. I got good help from by NUUG
-colleague Anders Einar with this, and the result can be seen in
-<a href="https://github.com/petterreinholdtsen/kmltraceroute">my
-kmltraceroute git repository</a>. Unfortunately, the quality of the
-free GeoIP databases I could find (and the for-pay databases my
-friends had access to) is not up to the task. The IP addresses of
-central Internet infrastructure would typically be placed near the
-controlling companies main office, and not where the router is really
-located, as you can see from <a href="www.stortinget.no-geoip.kml">the
-KML file I created</a> using the GeoLite City dataset from MaxMind.
-
-<p align="center"><a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy.svg"><img
-src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy-small.png" alt="scapy traceroute graph for URLs used by www.stortinget.no"/></a></p>
-
-<p>I also had a look at the visual traceroute graph created by
-<a href="http://www.secdev.org/projects/scapy/">the scrapy project</a>,
-showing IP network ownership (aka AS owner) for the IP address in
-question.
-<a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy.svg">The
-graph display a lot of useful information about the traceroute in SVG
-format</a>, and give a good indication on who control the network
-equipment involved, but it do not include geolocation. This graph
-make it possible to see the information is made available at least for
-UNINETT, Catchcom, Stortinget, Nordunet, Google, Amazon, Telia, Level
-3 Communications and NetDNA.</p>
-
-<p align="center"><a href="https://geotraceroute.com/index.php?node=4&host=www.stortinget.no"><img
-src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-small.png" alt="example geotraceroute view for www.stortinget.no"/></a></p>
-
-<p>In the process, I came across the
-<a href="https://geotraceroute.com/">web service GeoTraceroute</a> by
-Salim Gasmi. Its methology of combining guesses based on DNS names,
-various location databases and finally use latecy times to rule out
-candidate locations seemed to do a very good job of guessing correct
-geolocation. But it could only do one trace at the time, did not have
-a sensor in Norway and did not make the geolocations easily available
-for postprocessing. So I contacted the developer and asked if he
-would be willing to share the code (he refused until he had time to
-clean it up), but he was interested in providing the geolocations in a
-machine readable format, and willing to set up a sensor in Norway. So
-since yesterday, it is possible to run traces from Norway in this
-service thanks to a sensor node set up by
-<a href="https://www.nuug.no/">the NUUG assosiation</a>, and get the
-trace in KML format for further processing.</p>
-
-<p align="center"><a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-kml-join.kml"><img
-src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-kml-join.png" alt="map of combined traces for URLs used by www.stortinget.no using geotraceroute"/></a></p>
-
-<p>Here we can see a lot of trafic passes Sweden on its way to
-Denmark, Germany, Holland and Ireland. Plenty of places where the
-Snowden confirmations verified the traffic is read by various actors
-without your best interest as their top priority.</p>
-
-<p>Combining KML files is trivial using a text editor, so I could loop
-over all the hosts behind the urls imported by www.stortinget.no and
-ask for the KML file from GeoTraceroute, and create a combined KML
-file with all the traces (unfortunately only one of the IP addresses
-behind the DNS name is traced this time. To get them all, one would
-have to request traces using IP number instead of DNS names from
-GeoTraceroute). That might be the next step in this project.</p>
-
-<p>Armed with these tools, I find it a lot easier to figure out where
-the IP traffic moves and who control the boxes involved in moving it.
-And every time the link crosses for example the Swedish border, we can
-be sure Swedish Signal Intelligence (FRA) is listening, as GCHQ do in
-Britain and NSA in USA and cables around the globe. (Hm, what should
-we tell them? :) Keep that in mind if you ever send anything
-unencrypted over the Internet.</p>
-
-<p>PS: KML files are drawn using
-<a href="http://ivanrublev.me/kml/">the KML viewer from Ivan
-Rublev<a/>, as it was less cluttered than the local Linux application
-Marble. There are heaps of other options too.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+ <title>«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet»</title>
+ <link>http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html</guid>
+ <pubDate>Tue, 27 Jun 2017 17:50:00 +0200</pubDate>
+ <description><p>Jeg kom over teksten
+«<a href="https://freedom-to-tinker.com/2017/06/21/killing-car-privacy-by-federal-mandate/">Killing
+car privacy by federal mandate</a>» av Leonid Reyzin på Freedom to
+Tinker i dag, og det gleder meg å se en god gjennomgang om hvorfor det
+er et urimelig inngrep i privatsfæren å la alle biler kringkaste sin
+posisjon og bevegelse via radio. Det omtalte forslaget basert på
+Dedicated Short Range Communication (DSRC) kalles Basic Safety Message
+(BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det
+norske Vegvesenet er en av de som ser ut til å kunne tenke seg å
+pålegge alle biler å fjerne nok en bit av innbyggernes privatsfære.
+Anbefaler alle å lese det som står der.
+
+<p>Mens jeg tittet litt på DSRC på biler i Norge kom jeg over et sitat
+jeg synes er illustrativt for hvordan det offentlige Norge håndterer
+problemstillinger rundt innbyggernes privatsfære i SINTEF-rapporten
+«<a href="https://www.sintef.no/publikasjoner/publikasjon/Download/?pubid=SINTEF+A23933">Informasjonssikkerhet
+i AutoPASS-brikker</a>» av Trond Foss:</p>
+
+<p><blockquote>
+«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig
+ integritet.»
+</blockquote></p>
+
+<p>Så enkelt kan det tydeligvis gjøres når en vurderer
+informasjonssikkerheten. Det holder vel at folkene på toppen kan si
+at «Personvernet er ivaretatt», som jo er den populære intetsigende
+frasen som gjør at mange tror enkeltindividers integritet tas vare på.
+Sitatet fikk meg til å undres på hvor ofte samme tilnærming, å bare se
+bort fra behovet for personlig itegritet, blir valgt når en velger å
+legge til rette for nok et inngrep i privatsfæren til personer i
+Norge. Det er jo sjelden det får reaksjoner. Historien om
+reaksjonene på Helse Sør-Østs tjenesteutsetting er jo sørgelig nok et
+unntak og toppen av isfjellet, desverre. Tror jeg fortsatt takker nei
+til både AutoPASS og holder meg så langt unna det norske helsevesenet
+som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter
+individets privatsfære og personlige integritet høyere enn kortsiktig
+gevist og samfunnsnytte.</p>
</description>
</item>
<item>
- <title>Introducing ical-archiver to split out old iCalendar entries</title>
- <link>http://people.skolelinux.org/pere/blog/Introducing_ical_archiver_to_split_out_old_iCalendar_entries.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Introducing_ical_archiver_to_split_out_old_iCalendar_entries.html</guid>
- <pubDate>Wed, 4 Jan 2017 12:20:00 +0100</pubDate>
- <description><p>Do you have a large <a href="https://icalendar.org/">iCalendar</a>
-file with lots of old entries, and would like to archive them to save
-space and resources? At least those of us using KOrganizer know that
-turning on and off an event set become slower and slower the more
-entries are in the set. While working on migrating our calendars to a
-<a href="http://radicale.org/">Radicale CalDAV server</a> on our
-<a href="https://freedomboxfoundation.org/">Freedombox server</a/>, my
-loved one wondered if I could find a way to split up the calendar file
-she had in KOrganizer, and I set out to write a tool. I spent a few
-days writing and polishing the system, and it is now ready for general
-consumption. The
-<a href="https://github.com/petterreinholdtsen/ical-archiver">code for
-ical-archiver</a> is publicly available from a git repository on
-github. The system is written in Python and depend on
-<a href="http://eventable.github.io/vobject/">the vobject Python
-module</a>.</p>
-
-<p>To use it, locate the iCalendar file you want to operate on and
-give it as an argument to the ical-archiver script. This will
-generate a set of new files, one file per component type per year for
-all components expiring more than two years in the past. The vevent,
-vtodo and vjournal entries are handled by the script. The remaining
-entries are stored in a 'remaining' file.</p>
-
-<p>This is what a test run can look like:
-
-<p><pre>
-% ical-archiver t/2004-2016.ics
-Found 3612 vevents
-Found 6 vtodos
-Found 2 vjournals
-Writing t/2004-2016.ics-subset-vevent-2004.ics
-Writing t/2004-2016.ics-subset-vevent-2005.ics
-Writing t/2004-2016.ics-subset-vevent-2006.ics
-Writing t/2004-2016.ics-subset-vevent-2007.ics
-Writing t/2004-2016.ics-subset-vevent-2008.ics
-Writing t/2004-2016.ics-subset-vevent-2009.ics
-Writing t/2004-2016.ics-subset-vevent-2010.ics
-Writing t/2004-2016.ics-subset-vevent-2011.ics
-Writing t/2004-2016.ics-subset-vevent-2012.ics
-Writing t/2004-2016.ics-subset-vevent-2013.ics
-Writing t/2004-2016.ics-subset-vevent-2014.ics
-Writing t/2004-2016.ics-subset-vjournal-2007.ics
-Writing t/2004-2016.ics-subset-vjournal-2011.ics
-Writing t/2004-2016.ics-subset-vtodo-2012.ics
-Writing t/2004-2016.ics-remaining.ics
-%
-</pre></p>
-
-<p>As you can see, the original file is untouched and new files are
-written with names derived from the original file. If you are happy
-with their content, the *-remaining.ics file can replace the original
-the the others can be archived or imported as historical calendar
-collections.</p>
-
-<p>The script should probably be improved a bit. The error handling
-when discovering broken entries is not good, and I am not sure yet if
-it make sense to split different entry types into separate files or
-not. The program is thus likely to change. If you find it
-interesting, please get in touch. :)</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+ <title>Updated sales number for my Free Culture paper editions</title>
+ <link>http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html</guid>
+ <pubDate>Mon, 12 Jun 2017 11:40:00 +0200</pubDate>
+ <description><p>It is pleasing to see that the work we put down in publishing new
+editions of the classic <a href="http://www.free-culture.cc/">Free
+Culture book</a> by the founder of the Creative Commons movement,
+Lawrence Lessig, is still being appreciated. I had a look at the
+latest sales numbers for the paper edition today. Not too impressive,
+but happy to see some buyers still exist. All the revenue from the
+books is sent to the <a href="https://creativecommons.org/">Creative
+Commons Corporation</a>, and they receive the largest cut if you buy
+directly from Lulu. Most books are sold via Amazon, with Ingram
+second and only a small fraction directly from Lulu. The ebook
+edition is available for free from
+<a href="https://github.com/petterreinholdtsen/free-culture-lessig">Github</a>.</p>
+
+<table border="0">
+<tr><th rowspan="2" valign="bottom">Title / language</th><th colspan="3">Quantity</th></tr>
+<tr><th>2016 jan-jun</th><th>2016 jul-dec</th><th>2017 jan-may</th></tr>
+
+<tr>
+ <td><a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">Culture Libre / French</a></td>
+ <td align="right">3</td>
+ <td align="right">6</td>
+ <td align="right">15</td>
+</tr>
+
+<tr>
+ <td><a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Fri kultur / Norwegian</a></td>
+ <td align="right">7</td>
+ <td align="right">1</td>
+ <td align="right">0</td>
+</tr>
+
+<tr>
+ <td><a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">Free Culture / English</a></td>
+ <td align="right">14</td>
+ <td align="right">27</td>
+ <td align="right">16</td>
+</tr>
+
+<tr>
+ <td>Total</td>
+ <td align="right">24</td>
+ <td align="right">34</td>
+ <td align="right">31</td>
+</tr>
+
+</table>
+
+<p>A bit sad to see the low sales number on the Norwegian edition, and
+a bit surprising the English edition still selling so well.</p>
+
+<p>If you would like to translate and publish the book in your native
+language, I would be happy to help make it happen. Please get in
+touch.</p>
</description>
</item>
<item>
- <title>Appstream just learned how to map hardware to packages too!</title>
- <link>http://people.skolelinux.org/pere/blog/Appstream_just_learned_how_to_map_hardware_to_packages_too_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Appstream_just_learned_how_to_map_hardware_to_packages_too_.html</guid>
- <pubDate>Fri, 23 Dec 2016 10:30:00 +0100</pubDate>
- <description><p>I received a very nice Christmas present today. As my regular
-readers probably know, I have been working on the
-<a href="http://packages.qa.debian.org/isenkram">the Isenkram
-system</a> for many years. The goal of the Isenkram system is to make
-it easier for users to figure out what to install to get a given piece
-of hardware to work in Debian, and a key part of this system is a way
-to map hardware to packages. Isenkram have its own mapping database,
-and also uses data provided by each package using the AppStream
-metadata format. And today,
-<a href="https://tracker.debian.org/pkg/appstream">AppStream</a> in
-Debian learned to look up hardware the same way Isenkram is doing it,
-ie using fnmatch():</p>
-
-<p><pre>
-% appstreamcli what-provides modalias \
- usb:v1130p0202d0100dc00dsc00dp00ic03isc00ip00in00
-Identifier: pymissile [generic]
-Name: pymissile
-Summary: Control original Striker USB Missile Launcher
-Package: pymissile
-% appstreamcli what-provides modalias usb:v0694p0002d0000
-Identifier: libnxt [generic]
-Name: libnxt
-Summary: utility library for talking to the LEGO Mindstorms NXT brick
-Package: libnxt
----
-Identifier: t2n [generic]
-Name: t2n
-Summary: Simple command-line tool for Lego NXT
-Package: t2n
----
-Identifier: python-nxt [generic]
-Name: python-nxt
-Summary: Python driver/interface/wrapper for the Lego Mindstorms NXT robot
-Package: python-nxt
----
-Identifier: nbc [generic]
-Name: nbc
-Summary: C compiler for LEGO Mindstorms NXT bricks
-Package: nbc
-%
-</pre></p>
-
-<p>A similar query can be done using the combined AppStream and
-Isenkram databases using the isenkram-lookup tool:</p>
-
-<p><pre>
-% isenkram-lookup usb:v1130p0202d0100dc00dsc00dp00ic03isc00ip00in00
-pymissile
-% isenkram-lookup usb:v0694p0002d0000
-libnxt
-nbc
-python-nxt
-t2n
-%
-</pre></p>
-
-<p>You can find modalias values relevant for your machine using
-<tt>cat $(find /sys/devices/ -name modalias)</tt>.
-
-<p>If you want to make this system a success and help Debian users
-make the most of the hardware they have, please
-help<a href="https://wiki.debian.org/AppStream/Guidelines">add
-AppStream metadata for your package following the guidelines</a>
-documented in the wiki. So far only 11 packages provide such
-information, among the several hundred hardware specific packages in
-Debian. The Isenkram database on the other hand contain 101 packages,
-mostly related to USB dongles. Most of the packages with hardware
-mapping in AppStream are LEGO Mindstorms related, because I have, as
-part of my involvement in
-<a href="https://wiki.debian.org/LegoDesigners">the Debian LEGO
-team</a> given priority to making sure LEGO users get proposed the
-complete set of packages in Debian for that particular hardware. The
-team also got a nice Christmas present today. The
-<a href="https://tracker.debian.org/pkg/nxt-firmware">nxt-firmware
-package</a> made it into Debian. With this package in place, it is
-now possible to use the LEGO Mindstorms NXT unit with only free
-software, as the nxt-firmware package contain the source and firmware
-binaries for the NXT brick.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+ <title>Release 0.1.1 of free software archive system Nikita announced</title>
+ <link>http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html</guid>
+ <pubDate>Sat, 10 Jun 2017 00:40:00 +0200</pubDate>
+ <description><p>I am very happy to report that the
+<a href="https://github.com/hiOA-ABI/nikita-noark5-core">Nikita Noark 5
+core project</a> tagged its second release today. The free software
+solution is an implementation of the Norwegian archive standard Noark
+5 used by government offices in Norway. These were the changes in
+version 0.1.1 since version 0.1.0 (from NEWS.md):
+
+<ul>
+
+ <li>Continued work on the angularjs GUI, including document upload.</li>
+ <li>Implemented correspondencepartPerson, correspondencepartUnit and
+ correspondencepartInternal</li>
+ <li>Applied for coverity coverage and started submitting code on
+ regualr basis.</li>
+ <li>Started fixing bugs reported by coverity</li>
+ <li>Corrected and completed HATEOAS links to make sure entire API is
+ available via URLs in _links.</li>
+ <li>Corrected all relation URLs to use trailing slash.</li>
+ <li>Add initial support for storing data in ElasticSearch.</li>
+ <li>Now able to receive and store uploaded files in the archive.</li>
+ <li>Changed JSON output for object lists to have relations in _links.</li>
+ <li>Improve JSON output for empty object lists.</li>
+ <li>Now uses correct MIME type application/vnd.noark5-v4+json.</li>
+ <li>Added support for docker container images.</li>
+ <li>Added simple API browser implemented in JavaScript/Angular.</li>
+ <li>Started on archive client implemented in JavaScript/Angular.</li>
+ <li>Started on prototype to show the public mail journal.</li>
+ <li>Improved performance by disabling Sprint FileWatcher.</li>
+ <li>Added support for 'arkivskaper', 'saksmappe' and 'journalpost'.</li>
+ <li>Added support for some metadata codelists.</li>
+ <li>Added support for Cross-origin resource sharing (CORS).</li>
+ <li>Changed login method from Basic Auth to JSON Web Token (RFC 7519)
+ style.</li>
+ <li>Added support for GET-ing ny-* URLs.</li>
+ <li>Added support for modifying entities using PUT and eTag.</li>
+ <li>Added support for returning XML output on request.</li>
+ <li>Removed support for English field and class names, limiting ourself
+ to the official names.</li>
+ <li>...</li>
+
+</ul>
+
+<p>If this sound interesting to you, please contact us on IRC (#nikita
+on irc.freenode.net) or email
+(<a href="https://lists.nuug.no/mailman/listinfo/nikita-noark">nikita-noark
+mailing list).</p>
</description>
</item>
<item>
- <title>Isenkram updated with a lot more hardware-package mappings</title>
- <link>http://people.skolelinux.org/pere/blog/Isenkram_updated_with_a_lot_more_hardware_package_mappings.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Isenkram_updated_with_a_lot_more_hardware_package_mappings.html</guid>
- <pubDate>Tue, 20 Dec 2016 11:55:00 +0100</pubDate>
- <description><p><a href="http://packages.qa.debian.org/isenkram">The Isenkram
-system</a> I wrote two years ago to make it easier in Debian to find
-and install packages to get your hardware dongles to work, is still
-going strong. It is a system to look up the hardware present on or
-connected to the current system, and map the hardware to Debian
-packages. It can either be done using the tools in isenkram-cli or
-using the user space daemon in the isenkram package. The latter will
-notify you, when inserting new hardware, about what packages to
-install to get the dongle working. It will even provide a button to
-click on to ask packagekit to install the packages.</p>
-
-<p>Here is an command line example from my Thinkpad laptop:</p>
-
-<p><pre>
-% isenkram-lookup
-bluez
-cheese
-ethtool
-fprintd
-fprintd-demo
-gkrellm-thinkbat
-hdapsd
-libpam-fprintd
-pidgin-blinklight
-thinkfan
-tlp
-tp-smapi-dkms
-tp-smapi-source
-tpb
-%
-</pre></p>
-
-<p>It can also list the firware package providing firmware requested
-by the load kernel modules, which in my case is an empty list because
-I have all the firmware my machine need:
-
-<p><pre>
-% /usr/sbin/isenkram-autoinstall-firmware -l
-info: did not find any firmware files requested by loaded kernel modules. exiting
-%
-</pre></p>
-
-<p>The last few days I had a look at several of the around 250
-packages in Debian with udev rules. These seem like good candidates
-to install when a given hardware dongle is inserted, and I found
-several that should be proposed by isenkram. I have not had time to
-check all of them, but am happy to report that now there are 97
-packages packages mapped to hardware by Isenkram. 11 of these
-packages provide hardware mapping using AppStream, while the rest are
-listed in the modaliases file provided in isenkram.</p>
-
-<p>These are the packages with hardware mappings at the moment. The
-<strong>marked packages</strong> are also announcing their hardware
-support using AppStream, for everyone to use:</p>
-
-<p>air-quality-sensor, alsa-firmware-loaders, argyll,
-<strong>array-info</strong>, avarice, avrdude, b43-fwcutter,
-bit-babbler, bluez, bluez-firmware, <strong>brltty</strong>,
-<strong>broadcom-sta-dkms</strong>, calibre, cgminer, cheese, colord,
-<strong>colorhug-client</strong>, dahdi-firmware-nonfree, dahdi-linux,
-dfu-util, dolphin-emu, ekeyd, ethtool, firmware-ipw2x00, fprintd,
-fprintd-demo, <strong>galileo</strong>, gkrellm-thinkbat, gphoto2,
-gpsbabel, gpsbabel-gui, gpsman, gpstrans, gqrx-sdr, gr-fcdproplus,
-gr-osmosdr, gtkpod, hackrf, hdapsd, hdmi2usb-udev, hpijs-ppds, hplip,
-ipw3945-source, ipw3945d, kde-config-tablet, kinect-audio-setup,
-<strong>libnxt</strong>, libpam-fprintd, <strong>lomoco</strong>,
-madwimax, minidisc-utils, mkgmap, msi-keyboard, mtkbabel,
-<strong>nbc</strong>, <strong>nqc</strong>, nut-hal-drivers, ola,
-open-vm-toolbox, open-vm-tools, openambit, pcgminer, pcmciautils,
-pcscd, pidgin-blinklight, printer-driver-splix,
-<strong>pymissile</strong>, python-nxt, qlandkartegt,
-qlandkartegt-garmin, rosegarden, rt2x00-source, sispmctl,
-soapysdr-module-hackrf, solaar, squeak-plugins-scratch, sunxi-tools,
-<strong>t2n</strong>, thinkfan, thinkfinger-tools, tlp, tp-smapi-dkms,
-tp-smapi-source, tpb, tucnak, uhd-host, usbmuxd, viking,
-virtualbox-ose-guest-x11, w1retap, xawtv, xserver-xorg-input-vmmouse,
-xserver-xorg-input-wacom, xserver-xorg-video-qxl,
-xserver-xorg-video-vmware, yubikey-personalization and
-zd1211-firmware</p>
-
-<p>If you know of other packages, please let me know with a wishlist
-bug report against the isenkram-cli package, and ask the package
-maintainer to
-<a href="https://wiki.debian.org/AppStream/Guidelines">add AppStream
-metadata according to the guidelines</a> to provide the information
-for everyone. In time, I hope to get rid of the isenkram specific
-hardware mapping and depend exclusively on AppStream.</p>
-
-<p>Note, the AppStream metadata for broadcom-sta-dkms is matching too
-much hardware, and suggest that the package with with any ethernet
-card. See <a href="http://bugs.debian.org/838735">bug #838735</a> for
-the details. I hope the maintainer find time to address it soon. In
-the mean time I provide an override in isenkram.</p>
+ <title>Idea for storing trusted timestamps in a Noark 5 archive</title>
+ <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html</guid>
+ <pubDate>Wed, 7 Jun 2017 21:40:00 +0200</pubDate>
+ <description><p><em>This is a copy of
+<a href="https://lists.nuug.no/pipermail/nikita-noark/2017-June/000297.html">an
+email I posted to the nikita-noark mailing list</a>. Please follow up
+there if you would like to discuss this topic. The background is that
+we are making a free software archive system based on the Norwegian
+<a href="https://www.arkivverket.no/forvaltning-og-utvikling/regelverk-og-standarder/noark-standarden">Noark
+5 standard</a> for government archives.</em></p>
+
+<p>I've been wondering a bit lately how trusted timestamps could be
+stored in Noark 5.
+<a href="https://en.wikipedia.org/wiki/Trusted_timestamping">Trusted
+timestamps</a> can be used to verify that some information
+(document/file/checksum/metadata) have not been changed since a
+specific time in the past. This is useful to verify the integrity of
+the documents in the archive.</p>
+
+<p>Then it occured to me, perhaps the trusted timestamps could be
+stored as dokument variants (ie dokumentobjekt referered to from
+dokumentbeskrivelse) with the filename set to the hash it is
+stamping?</p>
+
+<p>Given a "dokumentbeskrivelse" with an associated "dokumentobjekt",
+a new dokumentobjekt is associated with "dokumentbeskrivelse" with the
+same attributes as the stamped dokumentobjekt except these
+attributes:</p>
+
+<ul>
+
+<li>format -> "RFC3161"
+<li>mimeType -> "application/timestamp-reply"
+<li>formatDetaljer -> "&lt;source URL for timestamp service&gt;"
+<li>filenavn -> "&lt;sjekksum&gt;.tsr"
+
+</ul>
+
+<p>This assume a service following
+<a href="https://tools.ietf.org/html/rfc3161">IETF RFC 3161</a> is
+used, which specifiy the given MIME type for replies and the .tsr file
+ending for the content of such trusted timestamp. As far as I can
+tell from the Noark 5 specifications, it is OK to have several
+variants/renderings of a dokument attached to a given
+dokumentbeskrivelse objekt. It might be stretching it a bit to make
+some of these variants represent crypto-signatures useful for
+verifying the document integrity instead of representing the dokument
+itself.</p>
+
+<p>Using the source of the service in formatDetaljer allow several
+timestamping services to be used. This is useful to spread the risk
+of key compromise over several organisations. It would only be a
+problem to trust the timestamps if all of the organisations are
+compromised.</p>
+
+<p>The following oneliner on Linux can be used to generate the tsr
+file. $input is the path to the file to checksum, and $sha256 is the
+SHA-256 checksum of the file (ie the "<sjekksum>.tsr" value mentioned
+above).</p>
+
+<p><blockquote><pre>
+openssl ts -query -data "$inputfile" -cert -sha256 -no_nonce \
+ | curl -s -H "Content-Type: application/timestamp-query" \
+ --data-binary "@-" http://zeitstempel.dfn.de > $sha256.tsr
+</pre></blockquote></p>
+
+<p>To verify the timestamp, you first need to download the public key
+of the trusted timestamp service, for example using this command:</p>
+
+<p><blockquote><pre>
+wget -O ca-cert.txt \
+ https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
+</pre></blockquote></p>
+
+<p>Note, the public key should be stored alongside the timestamps in
+the archive to make sure it is also available 100 years from now. It
+is probably a good idea to standardise how and were to store such
+public keys, to make it easier to find for those trying to verify
+documents 100 or 1000 years from now. :)</p>
+
+<p>The verification itself is a simple openssl command:</p>
+
+<p><blockquote><pre>
+openssl ts -verify -data $inputfile -in $sha256.tsr \
+ -CAfile ca-cert.txt -text
+</pre></blockquote></p>
+
+<p>Is there any reason this approach would not work? Is it somehow against
+the Noark 5 specification?</p>
</description>
</item>
projects / homepage.git / blobdiff