+ <div class="entry">
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Aktivitetsb_nd_som_beskytter_privatsf_ren.html">Aktivitetsbånd som beskytter privatsfæren</a></div>
+ <div class="date"> 3rd November 2016</div>
+ <div class="body"><p>Jeg ble så imponert over
+<a href="https://www.nrk.no/norge/forbrukerradet-mener-aktivitetsarmband-strider-mot-norsk-lov-1.13209079">dagens
+gladnyhet på NRK</a>, om at Forbrukerrådet klager inn vilkårene for
+bruk av aktivitetsbånd fra Fitbit, Garmin, Jawbone og Mio til
+Datatilsynet og forbrukerombudet, at jeg sendte følgende brev til
+forbrukerrådet for å uttrykke min støtte:
+
+<blockquote>
+
+<p>Jeg ble veldig glad over å lese at Forbrukerrådet
+<a href="http://www.forbrukerradet.no/siste-nytt/klager-inn-aktivitetsarmband-for-brudd-pa-norsk-lov/">klager
+inn flere aktivitetsbånd til Datatilsynet for dårlige vilkår</a>. Jeg
+har ønsket meg et aktivitetsbånd som kan måle puls, bevegelse og
+gjerne også andre helserelaterte indikatorer en stund nå. De eneste
+jeg har funnet i salg gjør, som dere også har oppdaget, graverende
+inngrep i privatsfæren og sender informasjonen ut av huset til folk og
+organisasjoner jeg ikke ønsker å dele aktivitets- og helseinformasjon
+med. Jeg ønsker et alternativ som _ikke_ sender informasjon til
+skyen, men derimot bruker
+<a href="http://people.skolelinux.org/pere/blog/Fri_og__pen_standard__slik_Digistan_ser_det.html">en
+fritt og åpent standardisert</a> protokoll (eller i det minste en
+dokumentert protokoll uten patent- og opphavsrettslige
+bruksbegrensinger) til å kommunisere med datautstyr jeg kontrollerer.
+Er jo ikke interessert i å betale noen for å tilrøve seg
+personopplysninger fra meg. Desverre har jeg ikke funnet noe
+alternativ så langt.</p>
+
+<p>Det holder ikke å endre på bruksvilkårene for enhetene, slik
+Datatilsynet ofte legger opp til i sin behandling, når de gjør slik
+f.eks. Fitbit (den jeg har sett mest på). Fitbit krypterer
+informasjonen på enheten og sender den kryptert til leverandøren. Det
+gjør det i praksis umulig både å sjekke hva slags informasjon som
+sendes over, og umulig å ta imot informasjonen selv i stedet for
+Fitbit. Uansett hva slags historie som forteller i bruksvilkårene er
+en jo både prisgitt leverandørens godvilje og at de ikke tvinges av
+sitt lands myndigheter til å lyve til sine kunder om hvorvidt
+personopplysninger spres ut over det bruksvilkårene sier. Det er
+veldokumentert hvordan f.eks. USA tvinger selskaper vha. såkalte
+National security letters til å utlevere personopplysninger samtidig
+som de ikke får lov til å fortelle dette til kundene sine.</p>
+
+<p>Stå på, jeg er veldig glade for at dere har sett på saken. Vet
+dere om aktivitetsbånd i salg i dag som ikke tvinger en til å utlevere
+aktivitets- og helseopplysninger med leverandøren?</p>
+
+</blockquote>
+
+<p>Jeg håper en konkurrent som respekterer kundenes privatliv klarer å
+nå opp i markedet, slik at det finnes et reelt alternativ for oss som
+har full tillit til at skyleverandører vil prioritere egen inntjening
+og myndighetspålegg langt over kundenes rett til privatliv. Jeg har
+ingen tiltro til at Datatilsynet vil kreve noe mer enn at vilkårene
+endres slik at de forklarer eksplisitt i hvor stor grad bruk av
+produktene utraderer privatsfæren til kundene. Det vil nok gjøre de
+innklagede armbåndene "lovlige", men fortsatt tvinge kundene til å
+dele sine personopplysninger med leverandøren.</p>
+</div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Experience_and_updated_recipe_for_using_the_Signal_app_without_a_mobile_phone.html">Experience and updated recipe for using the Signal app without a mobile phone</a></div>
+ <div class="date">10th October 2016</div>
+ <div class="body"><p>In July
+<a href="http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html">I
+wrote how to get the Signal Chrome/Chromium app working</a> without
+the ability to receive SMS messages (aka without a cell phone). It is
+time to share some experiences and provide an updated setup.</p>
+
+<p>The Signal app have worked fine for several months now, and I use
+it regularly to chat with my loved ones. I had a major snag at the
+end of my summer vacation, when the the app completely forgot my
+setup, identity and keys. The reason behind this major mess was
+running out of disk space. To avoid that ever happening again I have
+started storing everything in <tt>userdata/</tt> in git, to be able to
+roll back to an earlier version if the files are wiped by mistake. I
+had to use it once after introducing the git backup. When rolling
+back to an earlier version, one need to use the 'reset session' option
+in Signal to get going, and notify the people you talk with about the
+problem. I assume there is some sequence number tracking in the
+protocol to detect rollback attacks. The git repository is rather big
+(674 MiB so far), but I have not tried to figure out if some of the
+content can be added to a .gitignore file due to lack of spare
+time.</p>
+
+<p>I've also hit the 90 days timeout blocking, and noticed that this
+make it impossible to send messages using Signal. I could still
+receive them, but had to patch the code with a new timestamp to send.
+I believe the timeout is added by the developers to force people to
+upgrade to the latest version of the app, even when there is no
+protocol changes, to reduce the version skew among the user base and
+thus try to keep the number of support requests down.</p>
+
+<p>Since my original recipe, the Signal source code changed slightly,
+making the old patch fail to apply cleanly. Below is an updated
+patch, including the shell wrapper I use to start Signal. The
+original version required a new user to locate the JavaScript console
+and call a function from there. I got help from a friend with more
+JavaScript knowledge than me to modify the code to provide a GUI
+button instead. This mean that to get started you just need to run
+the wrapper and click the 'Register without mobile phone' to get going
+now. I've also modified the timeout code to always set it to 90 days
+in the future, to avoid having to patch the code regularly.</p>
+
+<p>So, the updated recipe for Debian Jessie:</p>
+
+<ol>
+
+<li>First, install required packages to get the source code and the
+browser you need. Signal only work with Chrome/Chromium, as far as I
+know, so you need to install it.
+
+<pre>
+apt install git tor chromium
+git clone https://github.com/WhisperSystems/Signal-Desktop.git
+</pre></li>
+
+<li>Modify the source code using command listed in the the patch
+block below.</li>
+
+<li>Start Signal using the run-signal-app wrapper (for example using
+<tt>`pwd`/run-signal-app</tt>).
+
+<li>Click on the 'Register without mobile phone', will in a phone
+number you can receive calls to the next minute, receive the
+verification code and enter it into the form field and press
+'Register'. Note, the phone number you use will be user Signal
+username, ie the way others can find you on Signal.</li>
+
+<li>You can now use Signal to contact others. Note, new contacts do
+not show up in the contact list until you restart Signal, and there is
+no way to assign names to Contacts. There is also no way to create or
+update chat groups. I suspect this is because the web app do not have
+a associated contact database.</li>
+
+</ol>
+
+<p>I am still a bit uneasy about using Signal, because of the way its
+main author moxie0 reject federation and accept dependencies to major
+corporations like Google (part of the code is fetched from Google) and
+Amazon (the central coordination point is owned by Amazon). See for
+example
+<a href="https://github.com/LibreSignal/LibreSignal/issues/37">the
+LibreSignal issue tracker</a> for a thread documenting the authors
+view on these issues. But the network effect is strong in this case,
+and several of the people I want to communicate with already use
+Signal. Perhaps we can all move to <a href="https://ring.cx/">Ring</a>
+once it <a href="https://bugs.debian.org/830265">work on my
+laptop</a>? It already work on Windows and Android, and is included
+in <a href="https://tracker.debian.org/pkg/ring">Debian</a> and
+<a href="https://launchpad.net/ubuntu/+source/ring">Ubuntu</a>, but not
+working on Debian Stable.</p>
+
+<p>Anyway, this is the patch I apply to the Signal code to get it
+working. It switch to the production servers, disable to timeout,
+make registration easier and add the shell wrapper:</p>
+
+<pre>
+cd Signal-Desktop; cat <<EOF | patch -p1
+diff --git a/js/background.js b/js/background.js
+index 24b4c1d..579345f 100644
+--- a/js/background.js
++++ b/js/background.js
+@@ -33,9 +33,9 @@
+ });
+ });
+
+- var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
++ var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org';
+ var SERVER_PORTS = [80, 4433, 8443];
+- var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
++ var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com';
+ var messageReceiver;
+ window.getSocketStatus = function() {
+ if (messageReceiver) {
+diff --git a/js/expire.js b/js/expire.js
+index 639aeae..beb91c3 100644
+--- a/js/expire.js
++++ b/js/expire.js
+@@ -1,6 +1,6 @@
+ ;(function() {
+ 'use strict';
+- var BUILD_EXPIRATION = 0;
++ var BUILD_EXPIRATION = Date.now() + (90 * 24 * 60 * 60 * 1000);
+
+ window.extension = window.extension || {};
+
+diff --git a/js/views/install_view.js b/js/views/install_view.js
+index 7816f4f..1d6233b 100644
+--- a/js/views/install_view.js
++++ b/js/views/install_view.js
+@@ -38,7 +38,8 @@
+ return {
+ 'click .step1': this.selectStep.bind(this, 1),
+ 'click .step2': this.selectStep.bind(this, 2),
+- 'click .step3': this.selectStep.bind(this, 3)
++ 'click .step3': this.selectStep.bind(this, 3),
++ 'click .callreg': function() { extension.install('standalone') },
+ };
+ },
+ clearQR: function() {
+diff --git a/options.html b/options.html
+index dc0f28e..8d709f6 100644
+--- a/options.html
++++ b/options.html
+@@ -14,7 +14,10 @@
+ <div class='nav'>
+ <h1>{{ installWelcome }}</h1>
+ <p>{{ installTagline }}</p>
+- <div> <a class='button step2'>{{ installGetStartedButton }}</a> </div>
++ <div> <a class='button step2'>{{ installGetStartedButton }}</a>
++ <br> <a class="button callreg">Register without mobile phone</a>
++
++ </div>
+ <span class='dot step1 selected'></span>
+ <span class='dot step2'></span>
+ <span class='dot step3'></span>
+--- /dev/null 2016-10-07 09:55:13.730181472 +0200
++++ b/run-signal-app 2016-10-10 08:54:09.434172391 +0200
+@@ -0,0 +1,12 @@
++#!/bin/sh
++set -e
++cd $(dirname $0)
++mkdir -p userdata
++userdata="`pwd`/userdata"
++if [ -d "$userdata" ] && [ ! -d "$userdata/.git" ] ; then
++ (cd $userdata && git init)
++fi
++(cd $userdata && git add . && git commit -m "Current status." || true)
++exec chromium \
++ --proxy-server="socks://localhost:9050" \
++ --user-data-dir=$userdata --load-and-launch-app=`pwd`
+EOF
+chmod a+rx run-signal-app
+</pre>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+</div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
<div class="entry">
<div class="title"><a href="http://people.skolelinux.org/pere/blog/NRKs_kildevern_n_r_NRK_epost_deles_med_utenlands_etterretning_.html">NRKs kildevern når NRK-epost deles med utenlands etterretning?</a></div>
<div class="date"> 8th October 2016</div>
</div>
<div class="padding"></div>
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Techno_TV_broadcasting_live_across_Norway_and_the_Internet___debconf16___nuug__on__frikanalen.html">Techno TV broadcasting live across Norway and the Internet (#debconf16, #nuug) on @frikanalen</a></div>
- <div class="date"> 1st August 2016</div>
- <div class="body"><p>Did you know there is a TV channel broadcasting talks from DebConf
-16 across an entire country? Or that there is a TV channel
-broadcasting talks by or about
-<a href="http://beta.frikanalen.no/video/625529/">Linus Torvalds</a>,
-<a href="http://beta.frikanalen.no/video/625599/">Tor</a>,
-<a href="http://beta.frikanalen.no/video/624019/">OpenID</A>,
-<a href="http://beta.frikanalen.no/video/625624/">Common Lisp</a>,
-<a href="http://beta.frikanalen.no/video/625446/">Civic Tech</a>,
-<a href="http://beta.frikanalen.no/video/625090/">EFF founder John Barlow</a>,
-<a href="http://beta.frikanalen.no/video/625432/">how to make 3D
-printer electronics</a> and many more fascinating topics? It works
-using only free software (all of it
-<a href="http://github.com/Frikanalen">available from Github</a>), and
-is administrated using a web browser and a web API.</p>
-
-<p>The TV channel is the Norwegian open channel
-<a href="http://www.frikanalen.no/">Frikanalen</a>, and I am involved
-via <a href="https://www.nuug.no/">the NUUG member association</a> in
-running and developing the software for the channel. The channel is
-organised as a member organisation where its members can upload and
-broadcast what they want (think of it as Youtube for national
-broadcasting television). Individuals can broadcast too. The time
-slots are handled on a first come, first serve basis. Because the
-channel have almost no viewers and very few active members, we can
-experiment with TV technology without too much flack when we make
-mistakes. And thanks to the few active members, most of the slots on
-the schedule are free. I see this as an opportunity to spread
-knowledge about technology and free software, and have a script I run
-regularly to fill up all the open slots the next few days with
-technology related video. The end result is a channel I like to
-describe as Techno TV - filled with interesting talks and
-presentations.</p>
-
-<p>It is available on channel 50 on the Norwegian national digital TV
-network (RiksTV). It is also available as a multicast stream on
-Uninett. And finally, it is available as
-<a href="http://beta.frikanalen.no/">a WebM unicast stream</a> from
-Frikanalen and NUUG. Check it out. :)</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Unlocking_HTC_Desire_HD_on_Linux_using_unruu_and_fastboot.html">Unlocking HTC Desire HD on Linux using unruu and fastboot</a></div>
- <div class="date"> 7th July 2016</div>
- <div class="body"><p>Yesterday, I tried to unlock a HTC Desire HD phone, and it proved
-to be a slight challenge. Here is the recipe if I ever need to do it
-again. It all started by me wanting to try the recipe to set up
-<a href="https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy">an
-hardened Android installation</a> from the Tor project blog on a
-device I had access to. It is a old mobile phone with a broken
-microphone The initial idea had been to just
-<a href="http://wiki.cyanogenmod.org/w/Install_CM_for_ace">install
-CyanogenMod on it</a>, but did not quite find time to start on it
-until a few days ago.</p>
-
-<p>The unlock process is supposed to be simple: (1) Boot into the boot
-loader (press volume down and power at the same time), (2) select
-'fastboot' before (3) connecting the device via USB to a Linux
-machine, (4) request the device identifier token by running 'fastboot
-oem get_identifier_token', (5) request the device unlocking key using
-the <a href="http://www.htcdev.com/bootloader/">HTC developer web
-site</a> and unlock the phone using the key file emailed to you.</p>
-
-<p>Unfortunately, this only work fi you have hboot version 2.00.0029
-or newer, and the device I was working on had 2.00.0027. This
-apparently can be easily fixed by downloading a Windows program and
-running it on your Windows machine, if you accept the terms Microsoft
-require you to accept to use Windows - which I do not. So I had to
-come up with a different approach. I got a lot of help from AndyCap
-on #nuug, and would not have been able to get this working without
-him.</p>
-
-<p>First I needed to extract the hboot firmware from
-<a href="http://www.htcdev.com/ruu/PD9810000_Ace_Sense30_S_hboot_2.00.0029.exe">the
-windows binary for HTC Desire HD</a> downloaded as 'the RUU' from HTC.
-For this there is is <a href="https://github.com/kmdm/unruu/">a github
-project named unruu</a> using libunshield. The unshield tool did not
-recognise the file format, but unruu worked and extracted rom.zip,
-containing the new hboot firmware and a text file describing which
-devices it would work for.</p>
-
-<p>Next, I needed to get the new firmware into the device. For this I
-followed some instructions
-<a href="http://www.htc1guru.com/2013/09/new-ruu-zips-posted/">available
-from HTC1Guru.com</a>, and ran these commands as root on a Linux
-machine with Debian testing:</p>
-
-<p><pre>
-adb reboot-bootloader
-fastboot oem rebootRUU
-fastboot flash zip rom.zip
-fastboot flash zip rom.zip
-fastboot reboot
-</pre></p>
-
-<p>The flash command apparently need to be done twice to take effect,
-as the first is just preparations and the second one do the flashing.
-The adb command is just to get to the boot loader menu, so turning the
-device on while holding volume down and the power button should work
-too.</p>
-
-<p>With the new hboot version in place I could start following the
-instructions on the HTC developer web site. I got the device token
-like this:</p>
-
-<p><pre>
-fastboot oem get_identifier_token 2>&1 | sed 's/(bootloader) //'
-</pre>
-
-<p>And once I got the unlock code via email, I could use it like
-this:</p>
-
-<p><pre>
-fastboot flash unlocktoken Unlock_code.bin
-</pre></p>
-
-<p>And with that final step in place, the phone was unlocked and I
-could start stuffing the software of my own choosing into the device.
-So far I only inserted a replacement recovery image to wipe the phone
-before I start. We will see what happen next. Perhaps I should
-install <a href="https://www.debian.org/">Debian</a> on it. :)</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
<p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14" /></a></p>
<div id="sidebar">
<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/09/">September (2)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/10/">October (2)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/10/">October (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/11/">November (1)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (136)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (137)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (157)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (328)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (329)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (279)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (280)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (182)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (61)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (93)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (94)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (49)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (51)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (10)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (42)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (2)</a></li>