<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
<item>
- <title>How to use the Signal app if you only have a land line (ie no mobile phone)</title>
- <link>http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html</guid>
- <pubDate>Sun, 3 Jul 2016 14:20:00 +0200</pubDate>
- <description><p>For a while now, I have wanted to test
-<a href="https://whispersystems.org/">the Signal app</a>, as it is
-said to provide end to end encrypted communication and several of my
-friends and family are already using it. As I by choice do not own a
-mobile phone, this proved to be harder than expected. And I wanted to
-have the source of the client and know that it was the code used on my
-machine. But yesterday I managed to get it working. I used the
-Github source, compared it to the source in
-<a href="https://chrome.google.com/webstore/detail/signal-private-messenger/bikioccmkafdpakkkcpdbppfkghcmihk?hl=en-US">the
-Signal Chrome app</a> available from the Chrome web store, applied
-patches to use the production Signal servers, started the app and
-asked for the hidden "register without a smart phone" form. Here is
-the recipe how I did it.</p>
-
-<p>First, I fetched the Signal desktop source from Github, using
-
-<pre>
-git clone https://github.com/WhisperSystems/Signal-Desktop.git
-</pre>
-
-<p>Next, I patched the source to use be able to talk to other Signal
-users using</p>
-
-<pre>
-cat &lt;&lt;EOF | patch -p0
-diff -ur ./js/background.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js
---- ./js/background.js 2016-06-29 13:43:15.630344628 +0200
-+++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js 2016-06-29 14:06:29.530300934 +0200
-@@ -47,8 +47,8 @@
- });
- });
-
-- var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
-- var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
-+ var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org:4433';
-+ var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com';
- var messageReceiver;
- window.getSocketStatus = function() {
- if (messageReceiver) {
-diff -ur ./js/expire.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js
---- ./js/expire.js 2016-06-29 13:43:15.630344628 +0200
-+++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js2016-06-29 14:06:29.530300934 +0200
-@@ -1,6 +1,6 @@
- ;(function() {
- 'use strict';
-- var BUILD_EXPIRATION = 0;
-+ var BUILD_EXPIRATION = 1474492690000;
-
- window.extension = window.extension || {};
-
-EOF
-</pre>
-
-<p>The first part is changing the servers, and the second is updating
-an expiration timestamp. This timestamp need to be updated regularly.
-It is set 90 days in the future by the build process (Gruntfile.js).
-The value is seconds since 1970 times 1000, as far as I can tell.</p>
-
-<p>Based on a tip and good help from the #nuug IRC channel, I wrote a
-script to launch Signal in Chromium.</p>
-
-<pre>
-#!/bin/sh
-cd $(dirname $0)
-mkdir -p userdata
-exec chromium \
- --proxy-server="socks://localhost:9050" \
- --user-data-dir=`pwd`/userdata --load-and-launch-app=`pwd`
-</pre>
-
-<p> The script set start the app and configure Chromium to use the Tor
-SOCKS5 proxy to make sure those controlling the Signal servers (today
-Amazon and Whisper Systems) as well as those listening on the lines
-will have a harder time location my laptop based on the Signal
-connections if they use source IP address.</p>
-
-<p>When the script starts, one need to follow the instructions under
-"Standalone Registration" in the CONTRIBUTING.md file in the git
-repository. I right clicked on the Signal window to get up the
-Chromium debugging tool, visited the 'Console' tab and wrote
-'extension.install("standalone")' on the console prompt to get the
-registration form. Then I entered by land line phone number and
-pressed 'Call'. 5 seconds later the phone rang and a robot voice
-repeated the verification code three times. After entering the number
-into the verification code field in the form, I could start using
-Signal from my laptop.
-
-<p>As far as I can tell, The Signal app will leak who is talking to
-whom and thus who know who to those controlling the central server,
-but such leakage is hard to avoid with a centrally controlled server
-setup. It is something to keep in mind when using Signal - the
-content of your chats are harder to intercept, but the meta data
-exposing your contact network is available to people you do not know.
-So better than many options, but not great. And sadly the usage is
-connected to my land line, thus allowing those controlling the server
-to associate it to my home and person. I would prefer it if only
-those I knew could tell who I was on Signal. There are options
-avoiding such information leakage, but most of my friends are not
-using them, so I am stuck with Signal for now.</p>
+ <title>How does it feel to be wiretapped, when you should be doing the wiretapping...</title>
+ <link>http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html</guid>
+ <pubDate>Wed, 8 Mar 2017 11:50:00 +0100</pubDate>
+ <description><p>So the new president in the United States of America claim to be
+surprised to discover that he was wiretapped during the election
+before he was elected president. He even claim this must be illegal.
+Well, doh, if it is one thing the confirmations from Snowden
+documented, it is that the entire population in USA is wiretapped, one
+way or another. Of course the president candidates were wiretapped,
+alongside the senators, judges and the rest of the people in USA.</p>
+
+<p>Next, the Federal Bureau of Investigation ask the Department of
+Justice to go public rejecting the claims that Donald Trump was
+wiretapped illegally. I fail to see the relevance, given that I am
+sure the surveillance industry in USA believe they have all the legal
+backing they need to conduct mass surveillance on the entire
+world.</p>
+
+<p>There is even the director of the FBI stating that he never saw an
+order requesting wiretapping of Donald Trump. That is not very
+surprising, given how the FISA court work, with all its activity being
+secret. Perhaps he only heard about it?</p>
+
+<p>What I find most sad in this story is how Norwegian journalists
+present it. In a news reports the other day in the radio from the
+Norwegian National broadcasting Company (NRK), I heard the journalist
+claim that 'the FBI denies any wiretapping', while the reality is that
+'the FBI denies any illegal wiretapping'. There is a fundamental and
+important difference, and it make me sad that the journalists are
+unable to grasp it.</p>
</description>
</item>
<item>
- <title>The new "best" multimedia player in Debian?</title>
- <link>http://people.skolelinux.org/pere/blog/The_new__best__multimedia_player_in_Debian_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/The_new__best__multimedia_player_in_Debian_.html</guid>
- <pubDate>Mon, 6 Jun 2016 12:50:00 +0200</pubDate>
- <description><p>When I set out a few weeks ago to figure out
-<a href="http://people.skolelinux.org/pere/blog/What_is_the_best_multimedia_player_in_Debian_.html">which
-multimedia player in Debian claimed to support most file formats /
-MIME types</a>, I was a bit surprised how varied the sets of MIME types
-the various players claimed support for. The range was from 55 to 130
-MIME types. I suspect most media formats are supported by all
-players, but this is not really reflected in the MimeTypes values in
-their desktop files. There are probably also some bogus MIME types
-listed, but it is hard to identify which one this is.</p>
-
-<p>Anyway, in the mean time I got in touch with upstream for some of
-the players suggesting to add more MIME types to their desktop files,
-and decided to spend some time myself improving the situation for my
-favorite media player VLC. The fixes for VLC entered Debian unstable
-yesterday. The complete list of MIME types can be seen on the
-<a href="https://wiki.debian.org/DebianMultimedia/PlayerSupport">Multimedia
-player MIME type support status</a> Debian wiki page.</p>
-
-<p>The new "best" multimedia player in Debian? It is VLC, followed by
-totem, parole, kplayer, gnome-mpv, mpv, smplayer, mplayer-gui and
-kmplayer. I am sure some of the other players desktop files support
-several of the formats currently listed as working only with vlc,
-toten and parole.</p>
-
-<p>A sad observation is that only 14 MIME types are listed as
-supported by all the tested multimedia players in Debian in their
-desktop files: audio/mpeg, audio/vnd.rn-realaudio, audio/x-mpegurl,
-audio/x-ms-wma, audio/x-scpls, audio/x-wav, video/mp4, video/mpeg,
-video/quicktime, video/vnd.rn-realvideo, video/x-matroska,
-video/x-ms-asf, video/x-ms-wmv and video/x-msvideo. Personally I find
-it sad that video/ogg and video/webm is not supported by all the media
-players in Debian. As far as I can tell, all of them can handle both
-formats.</p>
+ <title>Norwegian Bokmål translation of The Debian Administrator's Handbook complete, proofreading in progress</title>
+ <link>http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html</guid>
+ <pubDate>Fri, 3 Mar 2017 14:50:00 +0100</pubDate>
+ <description><p>For almost a year now, we have been working on making a Norwegian
+Bokmål edition of <a href="https://debian-handbook.info/">The Debian
+Administrator's Handbook</a>. Now, thanks to the tireless effort of
+Ole-Erik, Ingrid and Andreas, the initial translation is complete, and
+we are working on the proof reading to ensure consistent language and
+use of correct computer science terms. The plan is to make the book
+available on paper, as well as in electronic form. For that to
+happen, the proof reading must be completed and all the figures need
+to be translated. If you want to help out, get in touch.</p>
+
+<p><a href="http://people.skolelinux.org/pere/debian-handbook/debian-handbook-nb-NO.pdf">A
+
+fresh PDF edition</a> in A4 format (the final book will have smaller
+pages) of the book created every morning is available for
+proofreading. If you find any errors, please
+<a href="https://hosted.weblate.org/projects/debian-handbook/">visit
+Weblate and correct the error</a>. The
+<a href="http://l.github.io/debian-handbook/stat/nb-NO/index.html">state
+of the translation including figures</a> is a useful source for those
+provide Norwegian bokmål screen shots and figures.</p>
</description>
</item>
<item>
- <title>A program should be able to open its own files on Linux</title>
- <link>http://people.skolelinux.org/pere/blog/A_program_should_be_able_to_open_its_own_files_on_Linux.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_program_should_be_able_to_open_its_own_files_on_Linux.html</guid>
- <pubDate>Sun, 5 Jun 2016 08:30:00 +0200</pubDate>
- <description><p>Many years ago, when koffice was fresh and with few users, I
-decided to test its presentation tool when making the slides for a
-talk I was giving for NUUG on Japhar, a free Java virtual machine. I
-wrote the first draft of the slides, saved the result and went to bed
-the day before I would give the talk. The next day I took a plane to
-the location where the meeting should take place, and on the plane I
-started up koffice again to polish the talk a bit, only to discover
-that kpresenter refused to load its own data file. I cursed a bit and
-started making the slides again from memory, to have something to
-present when I arrived. I tested that the saved files could be
-loaded, and the day seemed to be rescued. I continued to polish the
-slides until I suddenly discovered that the saved file could no longer
-be loaded into kpresenter. In the end I had to rewrite the slides
-three times, condensing the content until the talk became shorter and
-shorter. After the talk I was able to pinpoint the problem &ndash;
-kpresenter wrote inline images in a way itself could not understand.
-Eventually that bug was fixed and kpresenter ended up being a great
-program to make slides. The point I'm trying to make is that we
-expect a program to be able to load its own data files, and it is
-embarrassing to its developers if it can't.</p>
-
-<p>Did you ever experience a program failing to load its own data
-files from the desktop file browser? It is not a uncommon problem. A
-while back I discovered that the screencast recorder
-gtk-recordmydesktop would save an Ogg Theora video file the KDE file
-browser would refuse to open. No video player claimed to understand
-such file. I tracked down the cause being <tt>file --mime-type</tt>
-returning the application/ogg MIME type, which no video player I had
-installed listed as a MIME type they would understand. I asked for
-<a href="http://bugs.gw.com/view.php?id=382">file to change its
-behavour</a> and use the MIME type video/ogg instead. I also asked
-several video players to add video/ogg to their desktop files, to give
-the file browser an idea what to do about Ogg Theora files. After a
-while, the desktop file browsers in Debian started to handle the
-output from gtk-recordmydesktop properly.</p>
-
-<p>But history repeats itself. A few days ago I tested the music
-system Rosegarden again, and I discovered that the KDE and xfce file
-browsers did not know what to do with the Rosegarden project files
-(*.rg). I've reported <a href="http://bugs.debian.org/825993">the
-rosegarden problem to BTS</a> and a fix is commited to git and will be
-included in the next upload. To increase the chance of me remembering
-how to fix the problem next time some program fail to load its files
-from the file browser, here are some notes on how to fix it.</p>
-
-<p>The file browsers in Debian in general operates on MIME types.
-There are two sources for the MIME type of a given file. The output from
-<tt>file --mime-type</tt> mentioned above, and the content of the
-shared MIME type registry (under /usr/share/mime/). The file MIME
-type is mapped to programs supporting the MIME type, and this
-information is collected from
-<a href="https://www.freedesktop.org/wiki/Specifications/desktop-entry-spec/">the
-desktop files</a> available in /usr/share/applications/. If there is
-one desktop file claiming support for the MIME type of the file, it is
-activated when asking to open a given file. If there are more, one
-can normally select which one to use by right-clicking on the file and
-selecting the wanted one using 'Open with' or similar. In general
-this work well. But it depend on each program picking a good MIME
-type (preferably
-<a href="http://www.iana.org/assignments/media-types/media-types.xhtml">a
-MIME type registered with IANA</a>), file and/or the shared MIME
-registry recognizing the file and the desktop file to list the MIME
-type in its list of supported MIME types.</p>
-
-<p>The <tt>/usr/share/mime/packages/rosegarden.xml</tt> entry for
-<a href="http://www.freedesktop.org/wiki/Specifications/shared-mime-info-spec">the
-Shared MIME database</a> look like this:</p>
-
-<p><blockquote><pre>
-&lt;?xml version="1.0" encoding="UTF-8"?&gt;
-&lt;mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info"&gt;
- &lt;mime-type type="audio/x-rosegarden"&gt;
- &lt;sub-class-of type="application/x-gzip"/&gt;
- &lt;comment&gt;Rosegarden project file&lt;/comment&gt;
- &lt;glob pattern="*.rg"/&gt;
- &lt;/mime-type&gt;
-&lt;/mime-info&gt;
-</pre></blockquote></p>
-
-<p>This states that audio/x-rosegarden is a kind of application/x-gzip
-(it is a gzipped XML file). Note, it is much better to use an
-official MIME type registered with IANA than it is to make up ones own
-unofficial ones like the x-rosegarden type used by rosegarden.</p>
-
-<p>The desktop file of the rosegarden program failed to list
-audio/x-rosegarden in its list of supported MIME types, causing the
-file browsers to have no idea what to do with *.rg files:</p>
-
-<p><blockquote><pre>
-% grep Mime /usr/share/applications/rosegarden.desktop
-MimeType=audio/x-rosegarden-composition;audio/x-rosegarden-device;audio/x-rosegarden-project;audio/x-rosegarden-template;audio/midi;
-X-KDE-NativeMimeType=audio/x-rosegarden-composition
+ <title>Unlimited randomness with the ChaosKey?</title>
+ <link>http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html</guid>
+ <pubDate>Wed, 1 Mar 2017 20:50:00 +0100</pubDate>
+ <description><p>A few days ago I ordered a small batch of
+<a href="http://altusmetrum.org/ChaosKey/">the ChaosKey</a>, a small
+USB dongle for generating entropy created by Bdale Garbee and Keith
+Packard. Yesterday it arrived, and I am very happy to report that it
+work great! According to its designers, to get it to work out of the
+box, you need the Linux kernel version 4.1 or later. I tested on a
+Debian Stretch machine (kernel version 4.9), and there it worked just
+fine, increasing the available entropy very quickly. I wrote a small
+test oneliner to test. It first print the current entropy level,
+drain /dev/random, and then print the entropy level for five seconds.
+Here is the situation without the ChaosKey inserted:</p>
+
+<blockquote><pre>
+% cat /proc/sys/kernel/random/entropy_avail; \
+ dd bs=1M if=/dev/random of=/dev/null count=1; \
+ for n in $(seq 1 5); do \
+ cat /proc/sys/kernel/random/entropy_avail; \
+ sleep 1; \
+ done
+300
+0+1 oppføringer inn
+0+1 oppføringer ut
+28 byte kopiert, 0,000264565 s, 106 kB/s
+4
+8
+12
+17
+21
%
-</pre></blockquote></p>
-
-<p>The fix was to add "audio/x-rosegarden;" at the end of the
-MimeType= line.</p>
-
-<p>If you run into a file which fail to open the correct program when
-selected from the file browser, please check out the output from
-<tt>file --mime-type</tt> for the file, ensure the file ending and
-MIME type is registered somewhere under /usr/share/mime/ and check
-that some desktop file under /usr/share/applications/ is claiming
-support for this MIME type. If not, please report a bug to have it
-fixed. :)</p>
+</pre></blockquote>
+
+<p>The entropy level increases by 3-4 every second. In such case any
+application requiring random bits (like a HTTPS enabled web server)
+will halt and wait for more entrpy. And here is the situation with
+the ChaosKey inserted:</p>
+
+<blockquote><pre>
+% cat /proc/sys/kernel/random/entropy_avail; \
+ dd bs=1M if=/dev/random of=/dev/null count=1; \
+ for n in $(seq 1 5); do \
+ cat /proc/sys/kernel/random/entropy_avail; \
+ sleep 1; \
+ done
+1079
+0+1 oppføringer inn
+0+1 oppføringer ut
+104 byte kopiert, 0,000487647 s, 213 kB/s
+433
+1028
+1031
+1035
+1038
+%
+</pre></blockquote>
+
+<p>Quite the difference. :) I bought a few more than I need, in case
+someone want to buy one here in Norway. :)</p>
+
+<p>Update: The dongle was presented at Debconf last year. You might
+find <a href="https://debconf16.debconf.org/talks/94/">the talk
+recording illuminating</a>. It explains exactly what the source of
+randomness is, if you are unable to spot it from the schema drawing
+available from the ChaosKey web site linked at the start of this blog
+post.</p>
</description>
</item>
<item>
- <title>Tor - from its creators mouth 11 years ago</title>
- <link>http://people.skolelinux.org/pere/blog/Tor___from_its_creators_mouth_11_years_ago.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Tor___from_its_creators_mouth_11_years_ago.html</guid>
- <pubDate>Sat, 28 May 2016 14:20:00 +0200</pubDate>
- <description><p>A little more than 11 years ago, one of the creators of Tor, and
-the current President of <a href="https://www.torproject.org/">the Tor
-project</a>, Roger Dingledine, gave a talk for the members of the
-<a href="http://www.nuug.no/">Norwegian Unix User group</a> (NUUG). A
-video of the talk was recorded, and today, thanks to the great help
-from David Noble, I finally was able to publish the video of the talk
-on Frikanalen, the Norwegian open channel TV station where NUUG
-currently publishes its talks. You can
-<a href="http://frikanalen.no/se">watch the live stream using a web
-browser</a> with WebM support, or check out the recording on the video
-on demand page for the talk
-"<a href="http://beta.frikanalen.no/video/625599">Tor: Anonymous
-communication for the US Department of Defence...and you.</a>".</p>
-
-<p>Here is the video included for those of you using browsers with
-HTML video and Ogg Theora support:</p>
-
-<p><video width="70%" poster="http://simula.gunkies.org/media/625599/large_thumb/20050421-tor-frikanalen.jpg" controls>
- <source src="http://simula.gunkies.org/media/625599/theora/20050421-tor-frikanalen.ogv" type="video/ogg"/>
-</video></p>
-
-<p>I guess the gist of the talk can be summarised quite simply: If you
-want to help the military in USA (and everyone else), use Tor. :)</p>
+ <title>Detect OOXML files with undefined behaviour?</title>
+ <link>http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html</guid>
+ <pubDate>Tue, 21 Feb 2017 00:20:00 +0100</pubDate>
+ <description><p>I just noticed
+<a href="http://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing">the
+new Norwegian proposal for archiving rules in the goverment</a> list
+<a href="http://www.ecma-international.org/publications/standards/Ecma-376.htm">ECMA-376</a>
+/ ISO/IEC 29500 (aka OOXML) as valid formats to put in long term
+storage. Luckily such files will only be accepted based on
+pre-approval from the National Archive. Allowing OOXML files to be
+used for long term storage might seem like a good idea as long as we
+forget that there are plenty of ways for a "valid" OOXML document to
+have content with no defined interpretation in the standard, which
+lead to a question and an idea.</p>
+
+<p>Is there any tool to detect if a OOXML document depend on such
+undefined behaviour? It would be useful for the National Archive (and
+anyone else interested in verifying that a document is well defined)
+to have such tool available when considering to approve the use of
+OOXML. I'm aware of the
+<a href="https://github.com/arlm/officeotron/">officeotron OOXML
+validator</a>, but do not know how complete it is nor if it will
+report use of undefined behaviour. Are there other similar tools
+available? Please send me an email if you know of any such tool.</p>
</description>
</item>
<item>
- <title>Isenkram with PackageKit support - new version 0.23 available in Debian unstable</title>
- <link>http://people.skolelinux.org/pere/blog/Isenkram_with_PackageKit_support___new_version_0_23_available_in_Debian_unstable.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Isenkram_with_PackageKit_support___new_version_0_23_available_in_Debian_unstable.html</guid>
- <pubDate>Wed, 25 May 2016 10:20:00 +0200</pubDate>
- <description><p><a href="https://tracker.debian.org/pkg/isenkram">The isenkram
-system</a> is a user-focused solution in Debian for handling hardware
-related packages. The idea is to have a database of mappings between
-hardware and packages, and pop up a dialog suggesting for the user to
-install the packages to use a given hardware dongle. Some use cases
-are when you insert a Yubikey, it proposes to install the software
-needed to control it; when you insert a braille reader list it
-proposes to install the packages needed to send text to the reader;
-and when you insert a ColorHug screen calibrator it suggests to
-install the driver for it. The system work well, and even have a few
-command line tools to install firmware packages and packages for the
-hardware already in the machine (as opposed to hotpluggable hardware).</p>
-
-<p>The system was initially written using aptdaemon, because I found
-good documentation and example code on how to use it. But aptdaemon
-is going away and is generally being replaced by
-<a href="http://www.freedesktop.org/software/PackageKit/">PackageKit</a>,
-so Isenkram needed a rewrite. And today, thanks to the great patch
-from my college Sunil Mohan Adapa in the FreedomBox project, the
-rewrite finally took place. I've just uploaded a new version of
-Isenkram into Debian Unstable with the patch included, and the default
-for the background daemon is now to use PackageKit. To check it out,
-install the <tt>isenkram</tt> package and insert some hardware dongle
-and see if it is recognised.</p>
-
-<p>If you want to know what kind of packages isenkram would propose for
-the machine it is running on, you can check out the isenkram-lookup
-program. This is what it look like on a Thinkpad X230:</p>
-
-<p><blockquote><pre>
-% isenkram-lookup
-bluez
-cheese
-fprintd
-fprintd-demo
-gkrellm-thinkbat
-hdapsd
-libpam-fprintd
-pidgin-blinklight
-thinkfan
-tleds
-tp-smapi-dkms
-tp-smapi-source
-tpb
-%p
-</pre></blockquote></p>
-
-<p>The hardware mappings come from several places. The preferred way
-is for packages to announce their hardware support using
-<a href="https://www.freedesktop.org/software/appstream/docs/">the
-cross distribution appstream system</a>.
-See
-<a href="http://people.skolelinux.org/pere/blog/tags/isenkram/">previous
-blog posts about isenkram</a> to learn how to do that.</p>
+ <title>Ruling ignored our objections to the seizure of popcorn-time.no (#domstolkontroll)</title>
+ <link>http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html</guid>
+ <pubDate>Mon, 13 Feb 2017 21:30:00 +0100</pubDate>
+ <description><p>A few days ago, we received the ruling from
+<a href="http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html">my
+day in court</a>. The case in question is a challenge of the seizure
+of the DNS domain popcorn-time.no. The ruling simply did not mention
+most of our arguments, and seemed to take everything ØKOKRIM said at
+face value, ignoring our demonstration and explanations. But it is
+hard to tell for sure, as we still have not seen most of the documents
+in the case and thus were unprepared and unable to contradict several
+of the claims made in court by the opposition. We are considering an
+appeal, but it is partly a question of funding, as it is costing us
+quite a bit to pay for our lawyer. If you want to help, please
+<a href="http://www.nuug.no/dns-beslag-donasjon.shtml">donate to the
+NUUG defense fund</a>.</p>
+
+<p>The details of the case, as far as we know it, is available in
+Norwegian from
+<a href="https://www.nuug.no/news/tags/dns-domenebeslag/">the NUUG
+blog</a>. This also include
+<a href="https://www.nuug.no/news/Avslag_etter_rettslig_h_ring_om_DNS_beslaget___vurderer_veien_videre.shtml">the
+ruling itself</a>.</p>
</description>
</item>
<item>
- <title>Discharge rate estimate in new battery statistics collector for Debian</title>
- <link>http://people.skolelinux.org/pere/blog/Discharge_rate_estimate_in_new_battery_statistics_collector_for_Debian.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Discharge_rate_estimate_in_new_battery_statistics_collector_for_Debian.html</guid>
- <pubDate>Mon, 23 May 2016 09:35:00 +0200</pubDate>
- <description><p>Yesterday I updated the
-<a href="https://tracker.debian.org/pkg/battery-stats">battery-stats
-package in Debian</a> with a few patches sent to me by skilled and
-enterprising users. There were some nice user and visible changes.
-First of all, both desktop menu entries now work. A design flaw in
-one of the script made the history graph fail to show up (its PNG was
-dumped in ~/.xsession-errors) if no controlling TTY was available.
-The script worked when called from the command line, but not when
-called from the desktop menu. I changed this to look for a DISPLAY
-variable or a TTY before deciding where to draw the graph, and now the
-graph window pop up as expected.</p>
-
-<p>The next new feature is a discharge rate estimator in one of the
-graphs (the one showing the last few hours). New is also the user of
-colours showing charging in blue and discharge in red. The percentages
-of this graph is relative to last full charge, not battery design
-capacity.</p>
-
-<p align="center"><img src="http://people.skolelinux.org/pere/blog/images/2016-05-23-battery-stats-rate.png"/></p>
-
-<p>The other graph show the entire history of the collected battery
-statistics, comparing it to the design capacity of the battery to
-visualise how the battery life time get shorter over time. The red
-line in this graph is what the previous graph considers 100 percent:
-
-<p align="center"><img src="http://people.skolelinux.org/pere/blog/images/2016-05-23-battery-stats-history.png"/></p>
-
-<p>In this graph you can see that I only charge the battery to 80
-percent of last full capacity, and how the capacity of the battery is
-shrinking. :(</p>
-
-<p>The last new feature is in the collector, which now will handle
-more hardware models. On some hardware, Linux power supply
-information is stored in /sys/class/power_supply/ACAD/, while the
-collector previously only looked in /sys/class/power_supply/AC/. Now
-both are checked to figure if there is power connected to the
-machine.</p>
-
-<p>If you are interested in how your laptop battery is doing, please
-check out the
-<a href="https://tracker.debian.org/pkg/battery-stats">battery-stats</a>
-in Debian unstable, or rebuild it on Jessie to get it working on
-Debian stable. :) The upstream source is available from <a
-href="https://github.com/petterreinholdtsen/battery-stats">github</a>.
-Patches are very welcome.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+ <title>A day in court challenging seizure of popcorn-time.no for #domstolkontroll</title>
+ <link>http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html</guid>
+ <pubDate>Fri, 3 Feb 2017 11:10:00 +0100</pubDate>
+ <description><p align="center"><img width="70%" src="http://people.skolelinux.org/pere/blog/images/2017-02-01-popcorn-time-in-court.jpeg"></p>
+
+<p>On Wednesday, I spent the entire day in court in Follo Tingrett
+representing <a href="https://www.nuug.no/">the member association
+NUUG</a>, alongside <a href="https://www.efn.no/">the member
+association EFN</a> and <a href="http://www.imc.no">the DNS registrar
+IMC</a>, challenging the seizure of the DNS name popcorn-time.no. It
+was interesting to sit in a court of law for the first time in my
+life. Our team can be seen in the picture above: attorney Ola
+Tellesbø, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil
+Eriksen and NUUG board member Petter Reinholdtsen.</p>
+
+<p><a href="http://www.domstol.no/no/Enkelt-domstol/follo-tingrett/Nar-gar-rettssaken/Beramming/?cid=AAAA1701301512081262234UJFBVEZZZZZEJBAvtale">The
+case at hand</a> is that the Norwegian National Authority for
+Investigation and Prosecution of Economic and Environmental Crime (aka
+Økokrim) decided on their own, to seize a DNS domain early last
+year, without following
+<a href="https://www.norid.no/no/regelverk/navnepolitikk/#link12">the
+official policy of the Norwegian DNS authority</a> which require a
+court decision. The web site in question was a site covering Popcorn
+Time. And Popcorn Time is the name of a technology with both legal
+and illegal applications. Popcorn Time is a client combining
+searching a Bittorrent directory available on the Internet with
+downloading/distribute content via Bittorrent and playing the
+downloaded content on screen. It can be used illegally if it is used
+to distribute content against the will of the right holder, but it can
+also be used legally to play a lot of content, for example the
+millions of movies
+<a href="https://archive.org/details/movies">available from the
+Internet Archive</a> or the collection
+<a href="http://vodo.net/films/">available from Vodo</a>. We created
+<a href="magnet:?xt=urn:btih:86c1802af5a667ca56d3918aecb7d3c0f7173084&dn=PresentasjonFolloTingrett.mov&tr=udp%3A%2F%2Fpublic.popcorn-tracker.org%3A6969%2Fannounce">a
+video demonstrating legally use of Popcorn Time</a> and played it in
+Court. It can of course be downloaded using Bittorrent.</p>
+
+<p>I did not quite know what to expect from a day in court. The
+government held on to their version of the story and we held on to
+ours, and I hope the judge is able to make sense of it all. We will
+know in two weeks time. Unfortunately I do not have high hopes, as
+the Government have the upper hand here with more knowledge about the
+case, better training in handling criminal law and in general higher
+standing in the courts than fairly unknown DNS registrar and member
+associations. It is expensive to be right also in Norway. So far the
+case have cost more than NOK 70 000,-. To help fund the case, NUUG
+and EFN have asked for donations, and managed to collect around NOK 25
+000,- so far. Given the presentation from the Government, I expect
+the government to appeal if the case go our way. And if the case do
+not go our way, I hope we have enough funding to appeal.</p>
+
+<p>From the other side came two people from Økokrim. On the benches,
+appearing to be part of the group from the government were two people
+from the Simonsen Vogt Wiik lawyer office, and three others I am not
+quite sure who was. Økokrim had proposed to present two witnesses
+from The Motion Picture Association, but this was rejected because
+they did not speak Norwegian and it was a bit late to bring in a
+translator, but perhaps the two from MPA were present anyway. All
+seven appeared to know each other. Good to see the case is take
+seriously.</p>
+
+<p>If you, like me, believe the courts should be involved before a DNS
+domain is hijacked by the government, or you believe the Popcorn Time
+technology have a lot of useful and legal applications, I suggest you
+too <a href="http://www.nuug.no/dns-beslag-donasjon.shtml">donate to
+the NUUG defense fund</a>. Both Bitcoin and bank transfer are
+available. If NUUG get more than we need for the legal action (very
+unlikely), the rest will be spend promoting free software, open
+standards and unix-like operating systems in Norway, so no matter what
+happens the money will be put to good use.</p>
+
+<p>If you want to lean more about the case, I recommend you check out
+<a href="https://www.nuug.no/news/tags/dns-domenebeslag/">the blog
+posts from NUUG covering the case</a>. They cover the legal arguments
+on both sides.</p>
</description>
</item>
<item>
- <title>French edition of Lawrence Lessigs book Cultura Libre on Amazon and Barnes & Noble</title>
- <link>http://people.skolelinux.org/pere/blog/French_edition_of_Lawrence_Lessigs_book_Cultura_Libre_on_Amazon_and_Barnes___Noble.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/French_edition_of_Lawrence_Lessigs_book_Cultura_Libre_on_Amazon_and_Barnes___Noble.html</guid>
- <pubDate>Sat, 21 May 2016 10:50:00 +0200</pubDate>
- <description><p>A few weeks ago the French paperback edition of Lawrence Lessigs
-2004 book Cultura Libre was published. Today I noticed that the book
-is now available from book stores. You can now buy it from
-<a href="http://www.amazon.com/Culture-Libre-French-Lawrence-Lessig/dp/8269018260">Amazon</a>
-($19.99),
-<a href="http://www.barnesandnoble.com/w/culture-libre-lawrence-lessig/1123776705">Barnes
-& Noble</a> ($?) and as always from
-<a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">Lulu.com</a>
-($19.99). The revenue is donated to the Creative Commons project. If
-you buy from Lulu.com, they currently get $10.59, while if you buy
-from one of the book stores most of the revenue go to the book store
-and the Creative Commons project get much (not sure how much
-less).</p>
-
-<p>I was a bit surprised to discover that there is a kindle edition
-sold by Amazon Digital Services LLC on Amazon. Not quite sure how
-that edition was created, but if you want to download a electronic
-edition (PDF, EPUB, Mobi) generated from the same files used to create
-the paperback edition, they are
-<a href="https://github.com/petterreinholdtsen/free-culture-lessig">available
-from github</a>.</p>
+ <title>Nasjonalbiblioteket avslutter sin ulovlige bruk av Google Skjemaer</title>
+ <link>http://people.skolelinux.org/pere/blog/Nasjonalbiblioteket_avslutter_sin_ulovlige_bruk_av_Google_Skjemaer.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Nasjonalbiblioteket_avslutter_sin_ulovlige_bruk_av_Google_Skjemaer.html</guid>
+ <pubDate>Thu, 12 Jan 2017 09:40:00 +0100</pubDate>
+ <description><p>I dag fikk jeg en skikkelig gladmelding. Bakgrunnen er at før jul
+arrangerte Nasjonalbiblioteket
+<a href="http://www.nb.no/Bibliotekutvikling/Kunnskapsorganisering/Nasjonalt-verksregister/Seminar-om-verksregister">et
+seminar om sitt knakende gode tiltak «verksregister»</a>. Eneste
+måten å melde seg på dette seminaret var å sende personopplysninger
+til Google via Google Skjemaer. Dette syntes jeg var tvilsom praksis,
+da det bør være mulig å delta på seminarer arrangert av det offentlige
+uten å måtte dele sine interesser, posisjon og andre
+personopplysninger med Google. Jeg ba derfor om innsyn via
+<a href="https://www.mimesbronn.no/">Mimes brønn</a> i
+<a href="https://www.mimesbronn.no/request/personopplysninger_til_google_sk">avtaler
+og vurderinger Nasjonalbiblioteket hadde rundt dette</a>.
+Personopplysningsloven legger klare rammer for hva som må være på
+plass før en kan be tredjeparter, spesielt i utlandet, behandle
+personopplysninger på sine vegne, så det burde eksistere grundig
+dokumentasjon før noe slikt kan bli lovlig. To jurister hos
+Nasjonalbiblioteket mente først dette var helt i orden, og at Googles
+standardavtale kunne brukes som databehandlingsavtale. Det syntes jeg
+var merkelig, men har ikke hatt kapasitet til å følge opp saken før
+for to dager siden.</p>
+
+<p>Gladnyheten i dag, som kom etter at jeg tipset Nasjonalbiblioteket
+om at Datatilsynet underkjente Googles standardavtaler som
+databehandleravtaler i 2011, er at Nasjonalbiblioteket har bestemt seg
+for å avslutte bruken av Googles Skjemaer/Apps og gå i dialog med DIFI
+for å finne bedre måter å håndtere påmeldinger i tråd med
+personopplysningsloven. Det er fantastisk å se at av og til hjelper
+det å spørre hva i alle dager det offentlige holder på med.</p>
</description>
</item>
<item>
- <title>I want the courts to be involved before the police can hijack a news site DNS domain (#domstolkontroll)</title>
- <link>http://people.skolelinux.org/pere/blog/I_want_the_courts_to_be_involved_before_the_police_can_hijack_a_news_site_DNS_domain___domstolkontroll_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/I_want_the_courts_to_be_involved_before_the_police_can_hijack_a_news_site_DNS_domain___domstolkontroll_.html</guid>
- <pubDate>Thu, 19 May 2016 14:00:00 +0200</pubDate>
- <description><p>I just donated to the
-<a href="http://www.nuug.no/dns-beslag-donasjon.shtml">NUUG defence
-"fond"</a> to fund the effort in Norway to get the seizure of the news
-site popcorn-time.no tested in court. I hope everyone that agree with
-me will do the same.</p>
-
-<p>Would you be worried if you knew the police in your country could
-hijack DNS domains of news sites covering free software system without
-talking to a judge first? I am. What if the free software system
-combined search engine lookups, bittorrent downloads and video playout
-and was called Popcorn Time? Would that affect your view? It still
-make me worried.</p>
-
-<p>In March 2016, the Norwegian police seized (as in forced NORID to
-change the IP address pointed to by it to one controlled by the
-police) the DNS domain popcorn-time.no, without any supervision from
-the courts. I did not know about the web site back then, and assumed
-the courts had been involved, and was very surprised when I discovered
-that the police had hijacked the DNS domain without asking a judge for
-permission first. I was even more surprised when I had a look at
-<a href="https://web.archive.org/web/*/http://popcorn-time.no">the web
-site content on the Internet Archive</A>, and only found news coverage
-about Popcorn Time, not any material published without the right
-holders permissions.</p>
-
-<p>The seizure was widely covered in the Norwegian press (see for
-example <a href="http://www.hegnar.no/Nyheter/Naeringsliv/2016/03/Popcorn-time.no-beslaglagt-av-OEkokrim">Hegnar Online</a> and
-<a href="http://itavisen.no/2016/03/08/okokrim-har-beslaglagt-popcorn-time-no/">ITavisen<a/>
-and
-<a href="http://www.nrk.no/kultur/okokrim-gar-til-aksjon-mot-popcorn-time-1.12842452">NRK</a>),
-at first due to the press release sent out by Økokrim, but then based
-on
-<a href="http://blogg.torvund.net/2016/03/09/okokrims-beslag-i-domenet-popcorn-time-no/">protests
-from the law professor Olav Torvund</a> and
-<a href="http://www.klassekampen.no/article/20160311/ARTICLE/160319995">lawyer
-Jon Wessel-Aas</a>. It even got some
-<a href="https://torrentfreak.com/norwegian-authorities-sued-over-popcorn-time-domain-seizure-160418/">coverage
-on TorrentFreak</a>.</p>
-
-<p>I
-<a href="http://people.skolelinux.org/pere/blog/NUUG_contests_Norwegian_police_DNS_seizure_of_popcorn_time_no.html">
-wrote about the case a month ago</a>, when the
-<a href="http://www.nuug.no/">Norwegian Unix User Group</a> (NUUG),
-where I am an active member, decided to ask the courts to test this seizure.
-The request was denied, but NUUG and its co-requestor EFN have not
-given up, and now they are rallying for support to get the seizure
-legally challenged. They accept both bank and Bitcoin transfer for
-those that want to support the request.</p>
-
-<p>If you as me believe news sites about free software should not be
-censored, even if the free software have both legal and illegal
-applications, and that DNS hijacking should be tested by the courts, I
-suggest you <a href="http://www.nuug.no/dns-beslag-donasjon.shtml">show
-your support by donating to NUUG</a>.</a>
+ <title>Bryter NAV sin egen personvernerklæring?</title>
+ <link>http://people.skolelinux.org/pere/blog/Bryter_NAV_sin_egen_personvernerkl_ring_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Bryter_NAV_sin_egen_personvernerkl_ring_.html</guid>
+ <pubDate>Wed, 11 Jan 2017 06:50:00 +0100</pubDate>
+ <description><p>Jeg leste med interesse en nyhetssak hos
+<a href="http://www.digi.no/artikler/nav-avslorer-trygdemisbruk-ved-a-spore-ip-adresser/367394">digi.no</a>
+og
+<a href="https://www.nrk.no/buskerud/trygdesvindlere-avslores-av-utenlandske-ip-adresser-1.13313461">NRK</a>
+om at det ikke bare er meg, men at også NAV bedriver geolokalisering
+av IP-adresser, og at det gjøres analyse av IP-adressene til de som
+sendes inn meldekort for å se om meldekortet sendes inn fra
+utenlandske IP-adresser. Politiadvokat i Drammen, Hans Lyder Haare,
+er sitert i NRK på at «De to er jo blant annet avslørt av
+IP-adresser. At man ser at meldekortet kommer fra utlandet.»</p>
+
+<p>Jeg synes det er fint at det blir bedre kjent at IP-adresser
+knyttes til enkeltpersoner og at innsamlet informasjon brukes til å
+stedsbestemme personer også av aktører her i Norge. Jeg ser det som
+nok et argument for å bruke
+<a href="https://www.torproject.org/">Tor</a> så mye som mulig for å
+gjøre gjøre IP-lokalisering vanskeligere, slik at en kan beskytte sin
+privatsfære og unngå å dele sin fysiske plassering med
+uvedkommede.</p>
+
+<P>Men det er en ting som bekymrer meg rundt denne nyheten. Jeg ble
+tipset (takk #nuug) om
+<a href="https://www.nav.no/no/NAV+og+samfunn/Kontakt+NAV/Teknisk+brukerstotte/Snarveier/personvernerkl%C3%A6ring-for-arbeids-og-velferdsetaten">NAVs
+personvernerklæring</a>, som under punktet «Personvern og statistikk»
+lyder:</p>
+
+<p><blockquote>
+
+<p>«Når du besøker nav.no, etterlater du deg elektroniske spor. Sporene
+dannes fordi din nettleser automatisk sender en rekke opplysninger til
+NAVs tjener (server-maskin) hver gang du ber om å få vist en side. Det
+er eksempelvis opplysninger om hvilken nettleser og -versjon du
+bruker, og din internettadresse (ip-adresse). For hver side som vises,
+lagres følgende opplysninger:</p>
+
+<ul>
+<li>hvilken side du ser på</li>
+<li>dato og tid</li>
+<li>hvilken nettleser du bruker</li>
+<li>din ip-adresse</li>
+</ul>
+
+<p>Ingen av opplysningene vil bli brukt til å identifisere
+enkeltpersoner. NAV bruker disse opplysningene til å generere en
+samlet statistikk som blant annet viser hvilke sider som er mest
+populære. Statistikken er et redskap til å forbedre våre
+tjenester.»</p>
+
+</blockquote></p>
+
+<p>Jeg klarer ikke helt å se hvordan analyse av de besøkendes
+IP-adresser for å se hvem som sender inn meldekort via web fra en
+IP-adresse i utlandet kan gjøres uten å komme i strid med påstanden om
+at «ingen av opplysningene vil bli brukt til å identifisere
+enkeltpersoner». Det virker dermed for meg som at NAV bryter sine
+egen personvernerklæring, hvilket
+<a href="http://people.skolelinux.org/pere/blog/Er_lover_brutt_n_r_personvernpolicy_ikke_stemmer_med_praksis_.html">Datatilsynet
+fortalte meg i starten av desember antagelig er brudd på
+personopplysningsloven</a>.
+
+<p>I tillegg er personvernerklæringen ganske misvisende i og med at
+NAVs nettsider ikke bare forsyner NAV med personopplysninger, men i
+tillegg ber brukernes nettleser kontakte fem andre nettjenere
+(script.hotjar.com, static.hotjar.com, vars.hotjar.com,
+www.google-analytics.com og www.googletagmanager.com), slik at
+personopplysninger blir gjort tilgjengelig for selskapene Hotjar og
+Google , og alle som kan lytte på trafikken på veien (som FRA, GCHQ og
+NSA). Jeg klarer heller ikke se hvordan slikt spredning av
+personopplysninger kan være i tråd med kravene i
+personopplysningloven, eller i tråd med NAVs personvernerklæring.</p>
+
+<p>Kanskje NAV bør ta en nøye titt på sin personvernerklæring? Eller
+kanskje Datatilsynet bør gjøre det?</p>
</description>
</item>
<item>
- <title>Debian now with ZFS on Linux included</title>
- <link>http://people.skolelinux.org/pere/blog/Debian_now_with_ZFS_on_Linux_included.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_now_with_ZFS_on_Linux_included.html</guid>
- <pubDate>Thu, 12 May 2016 07:30:00 +0200</pubDate>
- <description><p>Today, after many years of hard work from many people,
-<a href="http://zfsonlinux.org/">ZFS for Linux</a> finally entered
-Debian. The package status can be seen on
-<a href="https://tracker.debian.org/pkg/zfs-linux">the package tracker
-for zfs-linux</a>. and
-<a href="https://qa.debian.org/developer.php?login=pkg-zfsonlinux-devel@lists.alioth.debian.org">the
-team status page</a>. If you want to help out, please join us.
-<a href="http://anonscm.debian.org/gitweb/?p=pkg-zfsonlinux/zfs.git">The
-source code</a> is available via git on Alioth. It would also be
-great if you could help out with
-<a href="https://tracker.debian.org/pkg/dkms">the dkms package</a>, as
-it is an important piece of the puzzle to get ZFS working.</p>
+ <title>Where did that package go? &mdash; geolocated IP traceroute</title>
+ <link>http://people.skolelinux.org/pere/blog/Where_did_that_package_go___mdash__geolocated_IP_traceroute.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Where_did_that_package_go___mdash__geolocated_IP_traceroute.html</guid>
+ <pubDate>Mon, 9 Jan 2017 12:20:00 +0100</pubDate>
+ <description><p>Did you ever wonder where the web trafic really flow to reach the
+web servers, and who own the network equipment it is flowing through?
+It is possible to get a glimpse of this from using traceroute, but it
+is hard to find all the details. Many years ago, I wrote a system to
+map the Norwegian Internet (trying to figure out if our plans for a
+network game service would get low enough latency, and who we needed
+to talk to about setting up game servers close to the users. Back
+then I used traceroute output from many locations (I asked my friends
+to run a script and send me their traceroute output) to create the
+graph and the map. The output from traceroute typically look like
+this:
+
+<p><pre>
+traceroute to www.stortinget.no (85.88.67.10), 30 hops max, 60 byte packets
+ 1 uio-gw10.uio.no (129.240.202.1) 0.447 ms 0.486 ms 0.621 ms
+ 2 uio-gw8.uio.no (129.240.24.229) 0.467 ms 0.578 ms 0.675 ms
+ 3 oslo-gw1.uninett.no (128.39.65.17) 0.385 ms 0.373 ms 0.358 ms
+ 4 te3-1-2.br1.fn3.as2116.net (193.156.90.3) 1.174 ms 1.172 ms 1.153 ms
+ 5 he16-1-1.cr1.san110.as2116.net (195.0.244.234) 2.627 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48) 3.172 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234) 2.857 ms
+ 6 ae1.ar8.oslosda310.as2116.net (195.0.242.39) 0.662 ms 0.637 ms ae0.ar8.oslosda310.as2116.net (195.0.242.23) 0.622 ms
+ 7 89.191.10.146 (89.191.10.146) 0.931 ms 0.917 ms 0.955 ms
+ 8 * * *
+ 9 * * *
+[...]
+</pre></p>
+
+<p>This show the DNS names and IP addresses of (at least some of the)
+network equipment involved in getting the data traffic from me to the
+www.stortinget.no server, and how long it took in milliseconds for a
+package to reach the equipment and return to me. Three packages are
+sent, and some times the packages do not follow the same path. This
+is shown for hop 5, where three different IP addresses replied to the
+traceroute request.</p>
+
+<p>There are many ways to measure trace routes. Other good traceroute
+implementations I use are traceroute (using ICMP packages) mtr (can do
+both ICMP, UDP and TCP) and scapy (python library with ICMP, UDP, TCP
+traceroute and a lot of other capabilities). All of them are easily
+available in <a href="https://www.debian.org/">Debian</a>.</p>
+
+<p>This time around, I wanted to know the geographic location of
+different route points, to visualize how visiting a web page spread
+information about the visit to a lot of servers around the globe. The
+background is that a web site today often will ask the browser to get
+from many servers the parts (for example HTML, JSON, fonts,
+JavaScript, CSS, video) required to display the content. This will
+leak information about the visit to those controlling these servers
+and anyone able to peek at the data traffic passing by (like your ISP,
+the ISPs backbone provider, FRA, GCHQ, NSA and others).</p>
+
+<p>Lets pick an example, the Norwegian parliament web site
+www.stortinget.no. It is read daily by all members of parliament and
+their staff, as well as political journalists, activits and many other
+citizens of Norway. A visit to the www.stortinget.no web site will
+ask your browser to contact 8 other servers: ajax.googleapis.com,
+insights.hotjar.com, script.hotjar.com, static.hotjar.com,
+stats.g.doubleclick.net, www.google-analytics.com,
+www.googletagmanager.com and www.netigate.se. I extracted this by
+asking <a href="http://phantomjs.org/">PhantomJS</a> to visit the
+Stortinget web page and tell me all the URLs PhantomJS downloaded to
+render the page (in HAR format using
+<a href="https://github.com/ariya/phantomjs/blob/master/examples/netsniff.js">their
+netsniff example</a>. I am very grateful to Gorm for showing me how
+to do this). My goal is to visualize network traces to all IP
+addresses behind these DNS names, do show where visitors personal
+information is spread when visiting the page.</p>
+
+<p align="center"><a href="www.stortinget.no-geoip.kml"><img
+src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geoip-small.png" alt="map of combined traces for URLs used by www.stortinget.no using GeoIP"/></a></p>
+
+<p>When I had a look around for options, I could not find any good
+free software tools to do this, and decided I needed my own traceroute
+wrapper outputting KML based on locations looked up using GeoIP. KML
+is easy to work with and easy to generate, and understood by several
+of the GIS tools I have available. I got good help from by NUUG
+colleague Anders Einar with this, and the result can be seen in
+<a href="https://github.com/petterreinholdtsen/kmltraceroute">my
+kmltraceroute git repository</a>. Unfortunately, the quality of the
+free GeoIP databases I could find (and the for-pay databases my
+friends had access to) is not up to the task. The IP addresses of
+central Internet infrastructure would typically be placed near the
+controlling companies main office, and not where the router is really
+located, as you can see from <a href="www.stortinget.no-geoip.kml">the
+KML file I created</a> using the GeoLite City dataset from MaxMind.
+
+<p align="center"><a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy.svg"><img
+src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy-small.png" alt="scapy traceroute graph for URLs used by www.stortinget.no"/></a></p>
+
+<p>I also had a look at the visual traceroute graph created by
+<a href="http://www.secdev.org/projects/scapy/">the scrapy project</a>,
+showing IP network ownership (aka AS owner) for the IP address in
+question.
+<a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy.svg">The
+graph display a lot of useful information about the traceroute in SVG
+format</a>, and give a good indication on who control the network
+equipment involved, but it do not include geolocation. This graph
+make it possible to see the information is made available at least for
+UNINETT, Catchcom, Stortinget, Nordunet, Google, Amazon, Telia, Level
+3 Communications and NetDNA.</p>
+
+<p align="center"><a href="https://geotraceroute.com/index.php?node=4&host=www.stortinget.no"><img
+src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-small.png" alt="example geotraceroute view for www.stortinget.no"/></a></p>
+
+<p>In the process, I came across the
+<a href="https://geotraceroute.com/">web service GeoTraceroute</a> by
+Salim Gasmi. Its methology of combining guesses based on DNS names,
+various location databases and finally use latecy times to rule out
+candidate locations seemed to do a very good job of guessing correct
+geolocation. But it could only do one trace at the time, did not have
+a sensor in Norway and did not make the geolocations easily available
+for postprocessing. So I contacted the developer and asked if he
+would be willing to share the code (he refused until he had time to
+clean it up), but he was interested in providing the geolocations in a
+machine readable format, and willing to set up a sensor in Norway. So
+since yesterday, it is possible to run traces from Norway in this
+service thanks to a sensor node set up by
+<a href="https://www.nuug.no/">the NUUG assosiation</a>, and get the
+trace in KML format for further processing.</p>
+
+<p align="center"><a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-kml-join.kml"><img
+src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-kml-join.png" alt="map of combined traces for URLs used by www.stortinget.no using geotraceroute"/></a></p>
+
+<p>Here we can see a lot of trafic passes Sweden on its way to
+Denmark, Germany, Holland and Ireland. Plenty of places where the
+Snowden confirmations verified the traffic is read by various actors
+without your best interest as their top priority.</p>
+
+<p>Combining KML files is trivial using a text editor, so I could loop
+over all the hosts behind the urls imported by www.stortinget.no and
+ask for the KML file from GeoTraceroute, and create a combined KML
+file with all the traces (unfortunately only one of the IP addresses
+behind the DNS name is traced this time. To get them all, one would
+have to request traces using IP number instead of DNS names from
+GeoTraceroute). That might be the next step in this project.</p>
+
+<p>Armed with these tools, I find it a lot easier to figure out where
+the IP traffic moves and who control the boxes involved in moving it.
+And every time the link crosses for example the Swedish border, we can
+be sure Swedish Signal Intelligence (FRA) is listening, as GCHQ do in
+Britain and NSA in USA and cables around the globe. (Hm, what should
+we tell them? :) Keep that in mind if you ever send anything
+unencrypted over the Internet.</p>
+
+<p>PS: KML files are drawn using
+<a href="http://ivanrublev.me/kml/">the KML viewer from Ivan
+Rublev<a/>, as it was less cluttered than the local Linux application
+Marble. There are heaps of other options too.</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
</description>
</item>
<item>
- <title>What is the best multimedia player in Debian?</title>
- <link>http://people.skolelinux.org/pere/blog/What_is_the_best_multimedia_player_in_Debian_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/What_is_the_best_multimedia_player_in_Debian_.html</guid>
- <pubDate>Sun, 8 May 2016 09:40:00 +0200</pubDate>
- <description><p><strong>Where I set out to figure out which multimedia player in
-Debian claim support for most file formats.</strong></p>
-
-<p>A few years ago, I had a look at the media support for Browser
-plugins in Debian, to get an idea which plugins to include in Debian
-Edu. I created a script to extract the set of supported MIME types
-for each plugin, and used this to find out which multimedia browser
-plugin supported most file formats / media types.
-<a href="https://wiki.debian.org/DebianEdu/BrowserMultimedia">The
-result</a> can still be seen on the Debian wiki, even though it have
-not been updated for a while. But browser plugins are less relevant
-these days, so I thought it was time to look at standalone
-players.</p>
-
-<p>A few days ago I was tired of VLC not being listed as a viable
-player when I wanted to play videos from the Norwegian National
-Broadcasting Company, and decided to investigate why. The cause is a
-<a href="https://bugs.debian.org/822245">missing MIME type in the VLC
-desktop file</a>. In the process I wrote a script to compare the set
-of MIME types announced in the desktop file and the browser plugin,
-only to discover that there is quite a large difference between the
-two for VLC. This discovery made me dig up the script I used to
-compare browser plugins, and adjust it to compare desktop files
-instead, to try to figure out which multimedia player in Debian
-support most file formats.</p>
-
-<p>The result can be seen on the Debian Wiki, as
-<a href="https://wiki.debian.org/DebianMultimedia/PlayerSupport">a
-table listing all MIME types supported by one of the packages included
-in the table</a>, with the package supporting most MIME types being
-listed first in the table.</p>
-
-</p>The best multimedia player in Debian? It is totem, followed by
-parole, kplayer, mpv, vlc, smplayer mplayer-gui gnome-mpv and
-kmplayer. Time for the other players to update their announced MIME
-support?</p>
+ <title>Introducing ical-archiver to split out old iCalendar entries</title>
+ <link>http://people.skolelinux.org/pere/blog/Introducing_ical_archiver_to_split_out_old_iCalendar_entries.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Introducing_ical_archiver_to_split_out_old_iCalendar_entries.html</guid>
+ <pubDate>Wed, 4 Jan 2017 12:20:00 +0100</pubDate>
+ <description><p>Do you have a large <a href="https://icalendar.org/">iCalendar</a>
+file with lots of old entries, and would like to archive them to save
+space and resources? At least those of us using KOrganizer know that
+turning on and off an event set become slower and slower the more
+entries are in the set. While working on migrating our calendars to a
+<a href="http://radicale.org/">Radicale CalDAV server</a> on our
+<a href="https://freedomboxfoundation.org/">Freedombox server</a/>, my
+loved one wondered if I could find a way to split up the calendar file
+she had in KOrganizer, and I set out to write a tool. I spent a few
+days writing and polishing the system, and it is now ready for general
+consumption. The
+<a href="https://github.com/petterreinholdtsen/ical-archiver">code for
+ical-archiver</a> is publicly available from a git repository on
+github. The system is written in Python and depend on
+<a href="http://eventable.github.io/vobject/">the vobject Python
+module</a>.</p>
+
+<p>To use it, locate the iCalendar file you want to operate on and
+give it as an argument to the ical-archiver script. This will
+generate a set of new files, one file per component type per year for
+all components expiring more than two years in the past. The vevent,
+vtodo and vjournal entries are handled by the script. The remaining
+entries are stored in a 'remaining' file.</p>
+
+<p>This is what a test run can look like:
+
+<p><pre>
+% ical-archiver t/2004-2016.ics
+Found 3612 vevents
+Found 6 vtodos
+Found 2 vjournals
+Writing t/2004-2016.ics-subset-vevent-2004.ics
+Writing t/2004-2016.ics-subset-vevent-2005.ics
+Writing t/2004-2016.ics-subset-vevent-2006.ics
+Writing t/2004-2016.ics-subset-vevent-2007.ics
+Writing t/2004-2016.ics-subset-vevent-2008.ics
+Writing t/2004-2016.ics-subset-vevent-2009.ics
+Writing t/2004-2016.ics-subset-vevent-2010.ics
+Writing t/2004-2016.ics-subset-vevent-2011.ics
+Writing t/2004-2016.ics-subset-vevent-2012.ics
+Writing t/2004-2016.ics-subset-vevent-2013.ics
+Writing t/2004-2016.ics-subset-vevent-2014.ics
+Writing t/2004-2016.ics-subset-vjournal-2007.ics
+Writing t/2004-2016.ics-subset-vjournal-2011.ics
+Writing t/2004-2016.ics-subset-vtodo-2012.ics
+Writing t/2004-2016.ics-remaining.ics
+%
+</pre></p>
+
+<p>As you can see, the original file is untouched and new files are
+written with names derived from the original file. If you are happy
+with their content, the *-remaining.ics file can replace the original
+the the others can be archived or imported as historical calendar
+collections.</p>
+
+<p>The script should probably be improved a bit. The error handling
+when discovering broken entries is not good, and I am not sure yet if
+it make sense to split different entry types into separate files or
+not. The program is thus likely to change. If you find it
+interesting, please get in touch. :)</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
</description>
</item>
projects / homepage.git / blobdiff