<h3>Entries from October 2016.</h3>
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Experience_and_updated_recipe_for_using_the_Signal_app_without_a_mobile_phone.html">Experience and updated recipe for using the Signal app without a mobile phone</a>
+ </div>
+ <div class="date">
+ 10th October 2016
+ </div>
+ <div class="body">
+ <p>In July
+<a href="http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html">I
+wrote how to get the Signal Chrome/Chromium app working</a> without
+the ability to receive SMS messages (aka without a cell phone). It is
+time to share some experiences and provide an updated setup.</p>
+
+<p>The Signal app have worked fine for several months now, and I use
+it regularly to chat with my loved ones. I had a major snag at the
+end of my summer vacation, when the the app completely forgot my
+setup, identity and keys. The reason behind this major mess was
+running out of disk space. To avoid that ever happening again I have
+started storing everything in <tt>userdata/</tt> in git, to be able to
+roll back to an earlier version if the files are wiped by mistake. I
+had to use it once after introducing the git backup. When rolling
+back to an earlier version, one need to use the 'reset session' option
+in Signal to get going, and notify the people you talk with about the
+problem. I assume there is some sequence number tracking in the
+protocol to detect rollback attacks. The git repository is rather big
+(674 MiB so far), but I have not tried to figure out if some of the
+content can be added to a .gitignore file due to lack of spare
+time.</p>
+
+<p>I've also hit the 90 days timeout blocking, and noticed that this
+make it impossible to send messages using Signal. I could still
+receive them, but had to patch the code with a new timestamp to send.
+I believe the timeout is added by the developers to force people to
+upgrade to the latest version of the app, even when there is no
+protocol changes, to reduce the version skew among the user base and
+thus try to keep the number of support requests down.</p>
+
+<p>Since my original recipe, the Signal source code changed slightly,
+making the old patch fail to apply cleanly. Below is an updated
+patch, including the shell wrapper I use to start Signal. The
+original version required a new user to locate the JavaScript console
+and call a function from there. I got help from a friend with more
+JavaScript knowledge than me to modify the code to provide a GUI
+button instead. This mean that to get started you just need to run
+the wrapper and click the 'Register without mobile phone' to get going
+now. I've also modified the timeout code to always set it to 90 days
+in the future, to avoid having to patch the code regularly.</p>
+
+<p>So, the updated recipe for Debian Jessie:</p>
+
+<ol>
+
+<li>First, install required packages to get the source code and the
+browser you need. Signal only work with Chrome/Chromium, as far as I
+know, so you need to install it.
+
+<pre>
+apt install git tor chromium
+git clone https://github.com/WhisperSystems/Signal-Desktop.git
+</pre></li>
+
+<li>Modify the source code using command listed in the the patch
+block below.</li>
+
+<li>Start Signal using the run-signal-app wrapper (for example using
+<tt>`pwd`/run-signal-app</tt>).
+
+<li>Click on the 'Register without mobile phone', will in a phone
+number you can receive calls to the next minute, receive the
+verification code and enter it into the form field and press
+'Register'. Note, the phone number you use will be user Signal
+username, ie the way others can find you on Signal.</li>
+
+<li>You can now use Signal to contact others. Note, new contacts do
+not show up in the contact list until you restart Signal, and there is
+no way to assign names to Contacts. There is also no way to create or
+update chat groups. I suspect this is because the web app do not have
+a associated contact database.</li>
+
+</ol>
+
+<p>I am still a bit uneasy about using Signal, because of the way its
+main author moxie0 reject federation and accept dependencies to major
+corporations like Google (part of the code is fetched from Google) and
+Amazon (the central coordination point is owned by Amazon). See for
+example
+<a href="https://github.com/LibreSignal/LibreSignal/issues/37">the
+LibreSignal issue tracker</a> for a thread documenting the authors
+view on these issues. But the network effect is strong in this case,
+and several of the people I want to communicate with already use
+Signal. Perhaps we can all move to <a href="https://ring.cx/">Ring</a>
+once it <a href="https://bugs.debian.org/830265">work on my
+laptop</a>? It already work on Windows and Android, and is included
+in <a href="https://tracker.debian.org/pkg/ring">Debian</a> and
+<a href="https://launchpad.net/ubuntu/+source/ring">Ubuntu</a>, but not
+working on Debian Stable.</p>
+
+<p>Anyway, this is the patch I apply to the Signal code to get it
+working. It switch to the production servers, disable to timeout,
+make registration easier and add the shell wrapper:</p>
+
+<pre>
+cd Signal-Desktop; cat <<EOF | patch -p1
+diff --git a/js/background.js b/js/background.js
+index 24b4c1d..579345f 100644
+--- a/js/background.js
++++ b/js/background.js
+@@ -33,9 +33,9 @@
+ });
+ });
+
+- var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
++ var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org';
+ var SERVER_PORTS = [80, 4433, 8443];
+- var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
++ var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com';
+ var messageReceiver;
+ window.getSocketStatus = function() {
+ if (messageReceiver) {
+diff --git a/js/expire.js b/js/expire.js
+index 639aeae..beb91c3 100644
+--- a/js/expire.js
++++ b/js/expire.js
+@@ -1,6 +1,6 @@
+ ;(function() {
+ 'use strict';
+- var BUILD_EXPIRATION = 0;
++ var BUILD_EXPIRATION = Date.now() + (90 * 24 * 60 * 60 * 1000);
+
+ window.extension = window.extension || {};
+
+diff --git a/js/views/install_view.js b/js/views/install_view.js
+index 7816f4f..1d6233b 100644
+--- a/js/views/install_view.js
++++ b/js/views/install_view.js
+@@ -38,7 +38,8 @@
+ return {
+ 'click .step1': this.selectStep.bind(this, 1),
+ 'click .step2': this.selectStep.bind(this, 2),
+- 'click .step3': this.selectStep.bind(this, 3)
++ 'click .step3': this.selectStep.bind(this, 3),
++ 'click .callreg': function() { extension.install('standalone') },
+ };
+ },
+ clearQR: function() {
+diff --git a/options.html b/options.html
+index dc0f28e..8d709f6 100644
+--- a/options.html
++++ b/options.html
+@@ -14,7 +14,10 @@
+ <div class='nav'>
+ <h1>{{ installWelcome }}</h1>
+ <p>{{ installTagline }}</p>
+- <div> <a class='button step2'>{{ installGetStartedButton }}</a> </div>
++ <div> <a class='button step2'>{{ installGetStartedButton }}</a>
++ <br> <a class="button callreg">Register without mobile phone</a>
++
++ </div>
+ <span class='dot step1 selected'></span>
+ <span class='dot step2'></span>
+ <span class='dot step3'></span>
+--- /dev/null 2016-10-07 09:55:13.730181472 +0200
++++ b/run-signal-app 2016-10-10 08:54:09.434172391 +0200
+@@ -0,0 +1,12 @@
++#!/bin/sh
++set -e
++cd $(dirname $0)
++mkdir -p userdata
++userdata="`pwd`/userdata"
++if [ -d "$userdata" ] && [ ! -d "$userdata/.git" ] ; then
++ (cd $userdata && git init)
++fi
++(cd $userdata && git add . && git commit -m "Current status." || true)
++exec chromium \
++ --proxy-server="socks://localhost:9050" \
++ --user-data-dir=$userdata --load-and-launch-app=`pwd`
+EOF
+chmod a+rx run-signal-app
+</pre>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
<div class="entry">
<div class="title">
<a href="http://people.skolelinux.org/pere/blog/NRKs_kildevern_n_r_NRK_epost_deles_med_utenlands_etterretning_.html">NRKs kildevern når NRK-epost deles med utenlands etterretning?</a>
SecureDrop til å ta imot tips</a> der det er vesentlig at ingen
utenforstående får vite at NRK er tipset. Det er et langt steg
fremover for NRK, og når en leser bloggposten om hva de har tenkt på
-og hvordan lysningen er satt opp virker det som om de har gjort en
+og hvordan løsningen er satt opp virker det som om de har gjort en
grundig jobb der. Men det er ganske mye ekstra jobb å motta tips via
SecureDrop, så varslersiden skriver "Nyhetstips som ikke krever denne
typen ekstra vern vil vi gjerne ha på nrk.no/03030", og 03030-siden
oppgi falskt navn.</p>
<p>Når så tipset er kommet frem til NRK skal det behandles
-redaksjonelt i NRK. Der vet jeg via personlige bekjentskaper at de
-fleste journalistene bruker lokalt installert programvare, men noen
-bruker Google Docs og andre skytjenester i strid med interne
-retningslinjer når de skriver. Hvordan vet en hvem det gjelder? Ikke
-vet jeg, men det kan være greit å spørre for å sjekke at journalisten
-har tenkt på problemstillingen, før en gir et tips. Og hvis tipset
-omtales internt på epost, er det jo grunn til å tro at også intern
-eposten vil deles med Microsoft og utenlands etterretning, slik
-tidligere nevnt, men det kan hende at det holdes internt i NRKs
-interne MS Exchange-løsning. Men Microsoft ønsker å få alle
-Exchange-kunder over "i skyen" (eller andre folks datamaskiner, som
-det jo innebærer), så jeg vet ikke hvor lenge det i så fall vil
-vare.</p>
+redaksjonelt i NRK. Der vet jeg via ulike kilder at de fleste
+journalistene bruker lokalt installert programvare, men noen bruker
+Google Docs og andre skytjenester i strid med interne retningslinjer
+når de skriver. Hvordan vet en hvem det gjelder? Ikke vet jeg, men
+det kan være greit å spørre for å sjekke at journalisten har tenkt på
+problemstillingen, før en gir et tips. Og hvis tipset omtales internt
+på epost, er det jo grunn til å tro at også intern eposten vil deles
+med Microsoft og utenlands etterretning, slik tidligere nevnt, men det
+kan hende at det holdes internt i NRKs interne MS Exchange-løsning.
+Men Microsoft ønsker å få alle Exchange-kunder over "i skyen" (eller
+andre folks datamaskiner, som det jo innebærer), så jeg vet ikke hvor
+lenge det i så fall vil vare.</p>
<p>I tillegg vet en jo at
<a href="https://www.nrk.no/ytring/elektronisk-kildevern-i-nrk-1.11941196">NRK
<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/09/">September (2)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/10/">October (2)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/10/">October (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/11/">November (8)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (136)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (141)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (157)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (158)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (328)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (333)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (28)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (29)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (9)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (279)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (283)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (182)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (61)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (62)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (93)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (95)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (3)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (9)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (10)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (5)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (49)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (52)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (49)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (4)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (5)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (10)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (43)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (2)</a></li>
projects / homepage.git / blobdiff