+<li>2014-02-28
+<a href="http://www.aftenposten.no/meninger/Heksejakt-pa-hasjbrukere-7486283.html">Heksejakt
+på hasjbrukere</a> - aftenposten.no</li>
+
+</ul>
+</description>
+ </item>
+
+ <item>
+ <title>New home and release 1.0 for netgroup and innetgr (aka ng-utils)</title>
+ <link>http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html</guid>
+ <pubDate>Sat, 22 Feb 2014 21:45:00 +0100</pubDate>
+ <description><p>Many years ago, I wrote a GPL licensed version of the netgroup and
+innetgr tools, because I needed them in
+<a href="http://www.skolelinux.org/">Skolelinux</a>. I called the project
+ng-utils, and it has served me well. I placed the project under the
+<a href="http://www.hungry.com/">Hungry Programmer</a> umbrella, and it was maintained in our CVS
+repository. But many years ago, the CVS repository was dropped (lost,
+not migrated to new hardware, not sure), and the project have lacked a
+proper home since then.</p>
+
+<p>Last summer, I had a look at the package and made a new release
+fixing a irritating crash bug, but was unable to store the changes in
+a proper source control system. I applied for a project on
+<a href="https://alioth.debian.org/">Alioth</a>, but did not have time
+to follow up on it. Until today. :)</p>
+
+<p>After many hours of cleaning and migration, the ng-utils project
+now have a new home, and a git repository with the highlight of the
+history of the project. I published all release tarballs and imported
+them into the git repository. As the project is really stable and not
+expected to gain new features any time soon, I decided to make a new
+release and call it 1.0. Visit the new project home on
+<a href="https://alioth.debian.org/projects/ng-utils/">https://alioth.debian.org/projects/ng-utils/</a>
+if you want to check it out. The new version is also uploaded into
+<a href="http://packages.qa.debian.org/n/ng-utils.html">Debian Unstable</a>.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Testing sysvinit from experimental in Debian Hurd</title>
+ <link>http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html</guid>
+ <pubDate>Mon, 3 Feb 2014 13:40:00 +0100</pubDate>
+ <description><p>A few days ago I decided to try to help the Hurd people to get
+their changes into sysvinit, to allow them to use the normal sysvinit
+boot system instead of their old one. This follow up on the
+<a href="https://teythoon.cryptobitch.de//categories/gsoc.html">great
+Google Summer of Code work</a> done last summer by Justus Winter to
+get Debian on Hurd working more like Debian on Linux. To get started,
+I downloaded a prebuilt hard disk image from
+<a href="http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz">http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz</a>,
+and started it using virt-manager.</p>
+
+<p>The first think I had to do after logging in (root without any
+password) was to get the network operational. I followed
+<a href="https://www.debian.org/ports/hurd/hurd-install">the
+instructions on the Debian GNU/Hurd ports page</a> and ran these
+commands as root to get the machine to accept a IP address from the
+kvm internal DHCP server:</p>
+
+<p><blockquote><pre>
+settrans -fgap /dev/netdde /hurd/netdde
+kill $(ps -ef|awk '/[p]finet/ { print $2}')
+kill $(ps -ef|awk '/[d]evnode/ { print $2}')
+dhclient /dev/eth0
+</pre></blockquote></p>
+
+<p>After this, the machine had internet connectivity, and I could
+upgrade it and install the sysvinit packages from experimental and
+enable it as the default boot system in Hurd.</p>
+
+<p>But before I did that, I set a password on the root user, as ssh is
+running on the machine it for ssh login to work a password need to be
+set. Also, note that a bug somewhere in openssh on Hurd block
+compression from working. Remember to turn that off on the client
+side.</p>
+
+<p>Run these commands as root to upgrade and test the new sysvinit
+stuff:</p>
+
+<p><blockquote><pre>
+cat > /etc/apt/sources.list.d/experimental.list &lt;&lt;EOF
+deb http://http.debian.net/debian/ experimental main
+EOF
+apt-get update
+apt-get dist-upgrade
+apt-get install -t experimental initscripts sysv-rc sysvinit \
+ sysvinit-core sysvinit-utils
+update-alternatives --config runsystem
+</pre></blockquote></p>
+
+<p>To reboot after switching boot system, you have to use
+<tt>reboot-hurd</tt> instead of just <tt>reboot</tt>, as there is not
+yet a sysvinit process able to receive the signals from the normal
+'reboot' command. After switching to sysvinit as the boot system,
+upgrading every package and rebooting, the network come up with DHCP
+after boot as it should, and the settrans/pkill hack mentioned at the
+start is no longer needed. But for some strange reason, there are no
+longer any login prompt in the virtual console, so I logged in using
+ssh instead.
+
+<p>Note that there are some race conditions in Hurd making the boot
+fail some times. No idea what the cause is, but hope the Hurd porters
+figure it out. At least Justus said on IRC (#debian-hurd on
+irc.debian.org) that they are aware of the problem. A way to reduce
+the impact is to upgrade to the Hurd packages built by Justus by
+adding this repository to the machine:</p>
+
+<p><blockquote><pre>
+cat > /etc/apt/sources.list.d/hurd-ci.list &lt;&lt;EOF
+deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main
+EOF
+</pre></blockquote></p>
+
+<p>At the moment the prebuilt virtual machine get some packages from
+http://ftp.debian-ports.org/debian, because some of the packages in
+unstable do not yet include the required patches that are lingering in
+BTS. This is the completely list of "unofficial" packages installed:</p>
+
+<p><blockquote><pre>
+# aptitude search '?narrow(?version(CURRENT),?origin(Debian Ports))'
+i emacs - GNU Emacs editor (metapackage)
+i gdb - GNU Debugger
+i hurd-recommended - Miscellaneous translators
+i isc-dhcp-client - ISC DHCP client
+i isc-dhcp-common - common files used by all the isc-dhcp* packages
+i libc-bin - Embedded GNU C Library: Binaries
+i libc-dev-bin - Embedded GNU C Library: Development binaries
+i libc0.3 - Embedded GNU C Library: Shared libraries
+i A libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
+i libc0.3-dev - Embedded GNU C Library: Development Libraries and Hea
+i multiarch-support - Transitional package to ensure multiarch compatibilit
+i A x11-common - X Window System (X.Org) infrastructure
+i xorg - X.Org X Window System
+i A xserver-xorg - X.Org X server
+i A xserver-xorg-input-all - X.Org X server -- input driver metapackage
+#
+</pre></blockquote></p>
+
+<p>All in all, testing hurd has been an interesting experience. :)
+X.org did not work out of the box and I never took the time to follow
+the porters instructions to fix it. This time I was interested in the
+command line stuff.<p>
+</description>
+ </item>
+
+ <item>
+ <title>A fist full of non-anonymous Bitcoins</title>
+ <link>http://people.skolelinux.org/pere/blog/A_fist_full_of_non_anonymous_Bitcoins.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_fist_full_of_non_anonymous_Bitcoins.html</guid>
+ <pubDate>Wed, 29 Jan 2014 14:10:00 +0100</pubDate>
+ <description><p>Bitcoin is a incredible use of peer to peer communication and
+encryption, allowing direct and immediate money transfer without any
+central control. It is sometimes claimed to be ideal for illegal
+activity, which I believe is quite a long way from the truth. At least
+I would not conduct illegal money transfers using a system where the
+details of every transaction are kept forever. This point is
+investigated in
+<a href="https://www.usenix.org/publications/login">USENIX ;login:</a>
+from December 2013, in the article
+"<a href="https://www.usenix.org/system/files/login/articles/03_meiklejohn-online.pdf">A
+Fistful of Bitcoins - Characterizing Payments Among Men with No
+Names</a>" by Sarah Meiklejohn, Marjori Pomarole,Grant Jordan, Kirill
+Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. They
+analyse the transaction log in the Bitcoin system, using it to find
+addresses belong to individuals and organisations and follow the flow
+of money from both Bitcoin theft and trades on Silk Road to where the
+money end up. This is how they wrap up their article:</p>
+
+<p><blockquote>
+<p>"To demonstrate the usefulness of this type of analysis, we turned
+our attention to criminal activity. In the Bitcoin economy, criminal
+activity can appear in a number of forms, such as dealing drugs on
+Silk Road or simply stealing someone else’s bitcoins. We followed the
+flow of bitcoins out of Silk Road (in particular, from one notorious
+address) and from a number of highly publicized thefts to see whether
+we could track the bitcoins to known services. Although some of the
+thieves attempted to use sophisticated mixing techniques (or possibly
+mix services) to obscure the flow of bitcoins, for the most part
+tracking the bitcoins was quite straightforward, and we ultimately saw
+large quantities of bitcoins flow to a variety of exchanges directly
+from the point of theft (or the withdrawal from Silk Road).</p>
+
+<p>As acknowledged above, following stolen bitcoins to the point at
+which they are deposited into an exchange does not in itself identify
+the thief; however, it does enable further de-anonymization in the
+case in which certain agencies can determine (through, for example,
+subpoena power) the real-world owner of the account into which the
+stolen bitcoins were deposited. Because such exchanges seem to serve
+as chokepoints into and out of the Bitcoin economy (i.e., there are
+few alternative ways to cash out), we conclude that using Bitcoin for
+money laundering or other illicit purposes does not (at least at
+present) seem to be particularly attractive."</p>
+</blockquote><p>
+
+<p>These researches are not the first to analyse the Bitcoin
+transaction log. The 2011 paper
+"<a href="http://arxiv.org/abs/1107.4524">An Analysis of Anonymity in
+the Bitcoin System</A>" by Fergal Reid and Martin Harrigan is
+summarized like this:</p>
+
+<p><blockquote>
+"Anonymity in Bitcoin, a peer-to-peer electronic currency system, is a
+complicated issue. Within the system, users are identified by
+public-keys only. An attacker wishing to de-anonymize its users will
+attempt to construct the one-to-many mapping between users and
+public-keys and associate information external to the system with the
+users. Bitcoin tries to prevent this attack by storing the mapping of
+a user to his or her public-keys on that user's node only and by
+allowing each user to generate as many public-keys as required. In
+this chapter we consider the topological structure of two networks
+derived from Bitcoin's public transaction history. We show that the
+two networks have a non-trivial topological structure, provide
+complementary views of the Bitcoin system and have implications for
+anonymity. We combine these structures with external information and
+techniques such as context discovery and flow analysis to investigate
+an alleged theft of Bitcoins, which, at the time of the theft, had a
+market value of approximately half a million U.S. dollars."
+</blockquote></p>
+
+<p>I hope these references can help kill the urban myth that Bitcoin
+is anonymous. It isn't really a good fit for illegal activites. Use
+cash if you need to stay anonymous, at least until regular DNA
+sampling of notes and coins become the norm. :)</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+</description>
+ </item>
+
+ <item>
+ <title>New chrpath release 0.16</title>
+ <link>http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html</guid>
+ <pubDate>Tue, 14 Jan 2014 11:00:00 +0100</pubDate>
+ <description><p><a href="http://www.coverity.com/">Coverity</a> is a nice tool to
+find problems in C, C++ and Java code using static source code
+analysis. It can detect a lot of different problems, and is very
+useful to find memory and locking bugs in the error handling part of
+the source. The company behind it provide
+<a href="https://scan.coverity.com/">check of free software projects as
+a community service</a>, and many hundred free software projects are
+already checked. A few days ago I decided to have a closer look at
+the Coverity system, and discovered that the
+<a href="http://www.gnu.org/software/gnash/">gnash</a> and
+<a href="http://sourceforge.net/projects/ipmitool/">ipmitool</a>
+projects I am involved with was already registered. But these are
+fairly big, and I would also like to have a small and easy project to
+check, and decided to <a href="http://scan.coverity.com/projects/1179">request
+checking of the chrpath project</a>. It was
+added to the checker and discovered seven potential defects. Six of
+these were real, mostly resource "leak" when the program detected an
+error. Nothing serious, as the resources would be released a fraction
+of a second later when the program exited because of the error, but it
+is nice to do it right in case the source of the program some time in
+the future end up in a library. Having fixed all defects and added
+<a href="https://lists.alioth.debian.org/mailman/listinfo/chrpath-devel">a
+mailing list for the chrpath developers</a>, I decided it was time to
+publish a new release. These are the release notes:</p>
+
+<p>New in 0.16 released 2014-01-14:</p>
projects / homepage.git / blobdiff