Generated.

[homepage.git] / blog / index.html

diff --git a/blog/index.html b/blog/index.html
index 6eea85c558c18a833ae4225cbec3556c430d01e9..96c2134fd90d339b3c8818e4ad645b221255c318 100644 (file)
--- a/blog/index.html
+++ b/blog/index.html
@@ -19,6 +19,570 @@
 
 
     
 
 
     

+    <div class="entry">
+      <div class="title"><a href="http://people.skolelinux.org/pere/blog/Aktivitetsb_nd_som_beskytter_privatsf_ren.html">Aktivitetsbånd som beskytter privatsfæren</a></div>
+      <div class="date"> 3rd November 2016</div>
+      <div class="body"><p>Jeg ble så imponert over
+<a href="https://www.nrk.no/norge/forbrukerradet-mener-aktivitetsarmband-strider-mot-norsk-lov-1.13209079">dagens
+gladnyhet på NRK</a>, om at Forbrukerrådet klager inn vilkårene for
+bruk av aktivitetsbånd fra Fitbit, Garmin, Jawbone og Mio til
+Datatilsynet og forbrukerombudet, at jeg sendte følgende brev til
+forbrukerrådet for å uttrykke min støtte:
+
+<blockquote>
+
+<p>Jeg ble veldig glad over å lese at Forbrukerrådet
+<a href="http://www.forbrukerradet.no/siste-nytt/klager-inn-aktivitetsarmband-for-brudd-pa-norsk-lov/">klager
+inn flere aktivitetsbånd til Datatilsynet for dårlige vilkår</a>.  Jeg
+har ønsket meg et aktivitetsbånd som kan måle puls, bevegelse og
+gjerne også andre helserelaterte indikatorer en stund nå.  De eneste
+jeg har funnet i salg gjør, som dere også har oppdaget, graverende
+inngrep i privatsfæren og sender informasjonen ut av huset til folk og
+organisasjoner jeg ikke ønsker å dele aktivitets- og helseinformasjon
+med.  Jeg ønsker et alternativ som _ikke_ sender informasjon til
+skyen, men derimot bruker
+<a href="http://people.skolelinux.org/pere/blog/Fri_og__pen_standard__slik_Digistan_ser_det.html">en
+fritt og åpent standardisert</a> protokoll (eller i det minste en
+dokumentert protokoll uten patent- og opphavsrettslige
+bruksbegrensinger) til å kommunisere med datautstyr jeg kontrollerer.
+Er jo ikke interessert i å betale noen for å tilrøve seg
+personopplysninger fra meg.  Desverre har jeg ikke funnet noe
+alternativ så langt.</p>
+
+<p>Det holder ikke å endre på bruksvilkårene for enhetene, slik
+Datatilsynet ofte legger opp til i sin behandling, når de gjør slik
+f.eks. Fitbit (den jeg har sett mest på).  Fitbit krypterer
+informasjonen på enheten og sender den kryptert til leverandøren.  Det
+gjør det i praksis umulig både å sjekke hva slags informasjon som
+sendes over, og umulig å ta imot informasjonen selv i stedet for
+Fitbit.  Uansett hva slags historie som forteller i bruksvilkårene er
+en jo både prisgitt leverandørens godvilje og at de ikke tvinges av
+sitt lands myndigheter til å lyve til sine kunder om hvorvidt
+personopplysninger spres ut over det bruksvilkårene sier.  Det er
+veldokumentert hvordan f.eks. USA tvinger selskaper vha. såkalte
+National security letters til å utlevere personopplysninger samtidig
+som de ikke får lov til å fortelle dette til kundene sine.</p>
+
+<p>Stå på, jeg er veldig glade for at dere har sett på saken.  Vet
+dere om aktivitetsbånd i salg i dag som ikke tvinger en til å utlevere
+aktivitets- og helseopplysninger med leverandøren?</p>
+
+</blockquote>
+
+<p>Jeg håper en konkurrent som respekterer kundenes privatliv klarer å
+nå opp i markedet, slik at det finnes et reelt alternativ for oss som
+har full tillit til at skyleverandører vil prioritere egen inntjening
+og myndighetspålegg langt over kundenes rett til privatliv.  Jeg har
+ingen tiltro til at Datatilsynet vil kreve noe mer enn at vilkårene
+endres slik at de forklarer eksplisitt i hvor stor grad bruk av
+produktene utraderer privatsfæren til kundene.  Det vil nok gjøre de
+innklagede armbåndene "lovlige", men fortsatt tvinge kundene til å
+dele sine personopplysninger med leverandøren.</p>
+</div>
+      <div class="tags">
+        
+        
+        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>. 
+        
+        
+      </div>
+    </div>
+    <div class="padding"></div>
+    
+    <div class="entry">
+      <div class="title"><a href="http://people.skolelinux.org/pere/blog/Experience_and_updated_recipe_for_using_the_Signal_app_without_a_mobile_phone.html">Experience and updated recipe for using the Signal app without a mobile phone</a></div>
+      <div class="date">10th October 2016</div>
+      <div class="body"><p>In July
+<a href="http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html">I
+wrote how to get the Signal Chrome/Chromium app working</a> without
+the ability to receive SMS messages (aka without a cell phone).  It is
+time to share some experiences and provide an updated setup.</p>
+
+<p>The Signal app have worked fine for several months now, and I use
+it regularly to chat with my loved ones.  I had a major snag at the
+end of my summer vacation, when the the app completely forgot my
+setup, identity and keys.  The reason behind this major mess was
+running out of disk space.  To avoid that ever happening again I have
+started storing everything in <tt>userdata/</tt> in git, to be able to
+roll back to an earlier version if the files are wiped by mistake.  I
+had to use it once after introducing the git backup.  When rolling
+back to an earlier version, one need to use the 'reset session' option
+in Signal to get going, and notify the people you talk with about the
+problem.  I assume there is some sequence number tracking in the
+protocol to detect rollback attacks.  The git repository is rather big
+(674 MiB so far), but I have not tried to figure out if some of the
+content can be added to a .gitignore file due to lack of spare
+time.</p>
+
+<p>I've also hit the 90 days timeout blocking, and noticed that this
+make it impossible to send messages using Signal.  I could still
+receive them, but had to patch the code with a new timestamp to send.
+I believe the timeout is added by the developers to force people to
+upgrade to the latest version of the app, even when there is no
+protocol changes, to reduce the version skew among the user base and
+thus try to keep the number of support requests down.</p>
+
+<p>Since my original recipe, the Signal source code changed slightly,
+making the old patch fail to apply cleanly.  Below is an updated
+patch, including the shell wrapper I use to start Signal.  The
+original version required a new user to locate the JavaScript console
+and call a function from there.  I got help from a friend with more
+JavaScript knowledge than me to modify the code to provide a GUI
+button instead.  This mean that to get started you just need to run
+the wrapper and click the 'Register without mobile phone' to get going
+now.  I've also modified the timeout code to always set it to 90 days
+in the future, to avoid having to patch the code regularly.</p>
+
+<p>So, the updated recipe for Debian Jessie:</p>
+
+<ol>
+
+<li>First, install required packages to get the source code and the
+browser you need.  Signal only work with Chrome/Chromium, as far as I
+know, so you need to install it.
+
+<pre>
+apt install git tor chromium
+git clone https://github.com/WhisperSystems/Signal-Desktop.git
+</pre></li>
+
+<li>Modify the source code using command listed in the the patch
+block below.</li>
+
+<li>Start Signal using the run-signal-app wrapper (for example using
+<tt>`pwd`/run-signal-app</tt>).
+
+<li>Click on the 'Register without mobile phone', will in a phone
+number you can receive calls to the next minute, receive the
+verification code and enter it into the form field and press
+'Register'.  Note, the phone number you use will be user Signal
+username, ie the way others can find you on Signal.</li>
+
+<li>You can now use Signal to contact others.  Note, new contacts do
+not show up in the contact list until you restart Signal, and there is
+no way to assign names to Contacts.  There is also no way to create or
+update chat groups.  I suspect this is because the web app do not have
+a associated contact database.</li>
+
+</ol>
+
+<p>I am still a bit uneasy about using Signal, because of the way its
+main author moxie0 reject federation and accept dependencies to major
+corporations like Google (part of the code is fetched from Google) and
+Amazon (the central coordination point is owned by Amazon).  See for
+example
+<a href="https://github.com/LibreSignal/LibreSignal/issues/37">the
+LibreSignal issue tracker</a> for a thread documenting the authors
+view on these issues.  But the network effect is strong in this case,
+and several of the people I want to communicate with already use
+Signal.  Perhaps we can all move to <a href="https://ring.cx/">Ring</a>
+once it <a href="https://bugs.debian.org/830265">work on my
+laptop</a>?  It already work on Windows and Android, and is included
+in <a href="https://tracker.debian.org/pkg/ring">Debian</a> and
+<a href="https://launchpad.net/ubuntu/+source/ring">Ubuntu</a>, but not
+working on Debian Stable.</p>
+
+<p>Anyway, this is the patch I apply to the Signal code to get it
+working.  It switch to the production servers, disable to timeout,
+make registration easier and add the shell wrapper:</p>
+
+<pre>
+cd Signal-Desktop; cat &lt;&lt;EOF | patch -p1
+diff --git a/js/background.js b/js/background.js
+index 24b4c1d..579345f 100644
+--- a/js/background.js
++++ b/js/background.js
+@@ -33,9 +33,9 @@
+         });
+     });
+ 
+-    var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
++    var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org';
+     var SERVER_PORTS = [80, 4433, 8443];
+-    var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
++    var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com';
+     var messageReceiver;
+     window.getSocketStatus = function() {
+         if (messageReceiver) {
+diff --git a/js/expire.js b/js/expire.js
+index 639aeae..beb91c3 100644
+--- a/js/expire.js
++++ b/js/expire.js
+@@ -1,6 +1,6 @@
+ ;(function() {
+     'use strict';
+-    var BUILD_EXPIRATION = 0;
++    var BUILD_EXPIRATION = Date.now() + (90 * 24 * 60 * 60 * 1000);
+ 
+     window.extension = window.extension || {};
+ 
+diff --git a/js/views/install_view.js b/js/views/install_view.js
+index 7816f4f..1d6233b 100644
+--- a/js/views/install_view.js
++++ b/js/views/install_view.js
+@@ -38,7 +38,8 @@
+             return {
+                 'click .step1': this.selectStep.bind(this, 1),
+                 'click .step2': this.selectStep.bind(this, 2),
+-                'click .step3': this.selectStep.bind(this, 3)
++                'click .step3': this.selectStep.bind(this, 3),
++                'click .callreg': function() { extension.install('standalone') },
+             };
+         },
+         clearQR: function() {
+diff --git a/options.html b/options.html
+index dc0f28e..8d709f6 100644
+--- a/options.html
++++ b/options.html
+@@ -14,7 +14,10 @@
+         &lt;div class='nav'>
+           &lt;h1>{{ installWelcome }}&lt;/h1>
+           &lt;p>{{ installTagline }}&lt;/p>
+-          &lt;div> &lt;a class='button step2'>{{ installGetStartedButton }}&lt;/a> &lt;/div>
++          &lt;div> &lt;a class='button step2'>{{ installGetStartedButton }}&lt;/a>
++          &lt;br> &lt;a class="button callreg">Register without mobile phone&lt;/a>
++
++        &lt;/div>
+           &lt;span class='dot step1 selected'>&lt;/span>
+           &lt;span class='dot step2'>&lt;/span>
+           &lt;span class='dot step3'>&lt;/span>
+--- /dev/null   2016-10-07 09:55:13.730181472 +0200
++++ b/run-signal-app   2016-10-10 08:54:09.434172391 +0200
+@@ -0,0 +1,12 @@
++#!/bin/sh
++set -e
++cd $(dirname $0)
++mkdir -p userdata
++userdata="`pwd`/userdata"
++if [ -d "$userdata" ] && [ ! -d "$userdata/.git" ] ; then
++    (cd $userdata && git init)
++fi
++(cd $userdata && git add . && git commit -m "Current status." || true)
++exec chromium \
++  --proxy-server="socks://localhost:9050" \
++  --user-data-dir=$userdata --load-and-launch-app=`pwd`
+EOF
+chmod a+rx run-signal-app
+</pre>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+</div>
+      <div class="tags">
+        
+        
+        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>. 
+        
+        
+      </div>
+    </div>
+    <div class="padding"></div>
+    
+    <div class="entry">
+      <div class="title"><a href="http://people.skolelinux.org/pere/blog/NRKs_kildevern_n_r_NRK_epost_deles_med_utenlands_etterretning_.html">NRKs kildevern når NRK-epost deles med utenlands etterretning?</a></div>
+      <div class="date"> 8th October 2016</div>
+      <div class="body"><p>NRK
+<a href="https://nrkbeta.no/2016/09/02/securing-whistleblowers/">lanserte
+for noen uker siden</a> en ny
+<a href="https://www.nrk.no/varsle/">varslerportal som bruker
+SecureDrop til å ta imot tips</a> der det er vesentlig at ingen
+utenforstående får vite at NRK er tipset.  Det er et langt steg
+fremover for NRK, og når en leser bloggposten om hva de har tenkt på
+og hvordan løsningen er satt opp virker det som om de har gjort en
+grundig jobb der.  Men det er ganske mye ekstra jobb å motta tips via
+SecureDrop, så varslersiden skriver "Nyhetstips som ikke krever denne
+typen ekstra vern vil vi gjerne ha på nrk.no/03030", og 03030-siden
+foreslår i tillegg til et webskjema å bruke epost, SMS, telefon,
+personlig oppmøte og brevpost.  Denne artikkelen handler disse andre
+metodene.</p>
+
+<p>Når en sender epost til en @nrk.no-adresse så vil eposten sendes ut
+av landet til datamaskiner kontrollert av Microsoft.  En kan sjekke
+dette selv ved å slå opp epostleveringsadresse (MX) i DNS.  For NRK er
+dette i dag "nrk-no.mail.protection.outlook.com".  NRK har som en ser
+valgt å sette bort epostmottaket sitt til de som står bak outlook.com,
+dvs. Microsoft.  En kan sjekke hvor nettverkstrafikken tar veien
+gjennom Internett til epostmottaket vha. programmet
+<tt>traceroute</tt>, og finne ut hvem som eier en Internett-adresse
+vha. whois-systemet.  Når en gjør dette for epost-trafikk til @nrk.no
+ser en at trafikken fra Norge mot nrk-no.mail.protection.outlook.com
+går via Sverige mot enten Irland eller Tyskland (det varierer fra gang
+til gang og kan endre seg over tid).</p>
+
+<p>Vi vet fra
+<a href="https://no.wikipedia.org/wiki/FRA-loven">introduksjonen av
+FRA-loven</a> at IP-trafikk som passerer grensen til Sverige avlyttes
+av Försvarets radioanstalt (FRA).  Vi vet videre takket være
+Snowden-bekreftelsene at trafikk som passerer grensen til
+Storbritannia avlyttes av Government Communications Headquarters
+(GCHQ).  I tillegg er er det nettopp lansert et forslag i Norge om at
+forsvarets E-tjeneste skal få avlytte trafikk som krysser grensen til
+Norge. Jeg er ikke kjent med dokumentasjon på at Irland og Tyskland
+gjør det samme.  Poenget er uansett at utenlandsk etterretning har
+mulighet til å snappe opp trafikken når en sender epost til @nrk.no.
+I tillegg er det selvsagt tilgjengelig for Microsoft som er underlagt USAs
+jurisdiksjon og
+<a href="https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data">samarbeider
+med USAs etterretning på flere områder</a>.  De som tipser NRK om
+nyheter via epost kan dermed gå ut fra at det blir kjent for mange
+andre enn NRK at det er gjort.</p>
+
+<p>Bruk av SMS og telefon registreres av blant annet telefonselskapene
+og er tilgjengelig i følge lov og forskrift for blant annet Politi,
+NAV og Finanstilsynet, i tillegg til IT-folkene hos telefonselskapene
+og deres overordnede.  Hvis innringer eller mottaker bruker
+smarttelefon vil slik kontakt også gjøres tilgjengelig for ulike
+app-leverandører og de som lytter på trafikken mellom telefon og
+app-leverandør, alt etter hva som er installert på telefonene som
+brukes.</p>
+
+<p>Brevpost kan virke trygt, og jeg vet ikke hvor mye som registreres
+og lagres av postens datastyrte postsorteringssentraler.  Det vil ikke
+overraske meg om det lagres hvor i landet hver konvolutt kommer fra og
+hvor den er adressert, i hvert fall for en kortere periode.  Jeg vet
+heller ikke hvem slik informasjon gjøres tilgjengelig for.  Det kan
+være nok til å ringe inn potensielle kilder når det krysses med hvem
+som kjente til aktuell informasjon og hvor de befant seg (tilgjengelig
+f.eks.  hvis de bærer mobiltelefon eller bor i nærheten).</p>
+
+<p>Personlig oppmøte hos en NRK-journalist er antagelig det tryggeste,
+men en bør passe seg for å bruke NRK-kantina.  Der bryter de nemlig
+<a href="http://www.lovdata.no/all/hl-19850524-028.html#14">Sentralbanklovens
+paragraf 14</a> og nekter folk å betale med kontanter.  I stedet
+krever de at en varsle sin bankkortutsteder om hvor en befinner seg
+ved å bruke bankkort.  Banktransaksjoner er tilgjengelig for
+bankkortutsteder (det være seg VISA, Mastercard, Nets og/eller en
+bank) i tillegg til politiet og i hvert fall tidligere med Se & Hør
+(via utro tjenere, slik det ble avslørt etter utgivelsen av boken
+«Livet, det forbannede» av Ken B. Rasmussen).  Men hvor mange kjenner
+en NRK-journalist personlig?  Besøk på NRK på Marienlyst krever at en
+registrerer sin ankost elektronisk i besøkssystemet.  Jeg vet ikke hva
+som skjer med det datasettet, men har grunn til å tro at det sendes ut
+SMS til den en skal besøke med navnet som er oppgitt.  Kanskje greit å
+oppgi falskt navn.</p>
+
+<p>Når så tipset er kommet frem til NRK skal det behandles
+redaksjonelt i NRK.  Der vet jeg via ulike kilder at de fleste
+journalistene bruker lokalt installert programvare, men noen bruker
+Google Docs og andre skytjenester i strid med interne retningslinjer
+når de skriver.  Hvordan vet en hvem det gjelder?  Ikke vet jeg, men
+det kan være greit å spørre for å sjekke at journalisten har tenkt på
+problemstillingen, før en gir et tips.  Og hvis tipset omtales internt
+på epost, er det jo grunn til å tro at også intern eposten vil deles
+med Microsoft og utenlands etterretning, slik tidligere nevnt, men det
+kan hende at det holdes internt i NRKs interne MS Exchange-løsning.
+Men Microsoft ønsker å få alle Exchange-kunder over "i skyen" (eller
+andre folks datamaskiner, som det jo innebærer), så jeg vet ikke hvor
+lenge det i så fall vil vare.</p>
+
+<p>I tillegg vet en jo at
+<a href="https://www.nrk.no/ytring/elektronisk-kildevern-i-nrk-1.11941196">NRK
+har valgt å gi nasjonal sikkerhetsmyndighet (NSM) tilgang til å se på
+intern og ekstern Internett-trafikk</a> hos NRK ved oppsett av såkalte
+VDI-noder, på tross av
+<a href="https://www.nrk.no/ytring/bekymring-for-nrks-kildevern-1.11941584">protester
+fra NRKs journalistlag</a>.  Jeg vet ikke om den vil kunne snappe opp
+dokumenter som lagres på interne filtjenere eller dokumenter som lages
+i de interne webbaserte publiseringssystemene, men vet at hva noden
+ser etter på nettet kontrolleres av NSM og oppdateres automatisk, slik
+at det ikke gir så mye mening å sjekke hva noden ser etter i dag når
+det kan endres automatisk i morgen.</p>
+
+<p>Personlig vet jeg ikke om jeg hadde turt tipse NRK hvis jeg satt på
+noe som kunne være en trussel mot den bestående makten i Norge eller
+verden.  Til det virker det å være for mange åpninger for
+utenforstående med andre prioriteter enn NRKs journalistiske fokus.
+Og den største truslen for en varsler er jo om metainformasjon kommer
+på avveie, dvs. informasjon om at en har vært i kontakt med en
+journalist.  Det kan være nok til at en kommer i myndighetenes
+søkelys, og de færreste har nok operasjonell sikkerhet til at vil tåle
+slik flombelysning på sitt privatliv.</p>
+</div>
+      <div class="tags">
+        
+        
+        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/dld">dld</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>. 
+        
+        
+      </div>
+    </div>
+    <div class="padding"></div>
+    
+    <div class="entry">
+      <div class="title"><a href="http://people.skolelinux.org/pere/blog/Isenkram__Appstream_and_udev_make_life_as_a_LEGO_builder_easier.html">Isenkram, Appstream and udev make life as a LEGO builder easier</a></div>
+      <div class="date"> 7th October 2016</div>
+      <div class="body"><p><a href="http://packages.qa.debian.org/isenkram">The Isenkram
+system</a> provide a practical and easy way to figure out which
+packages support the hardware in a given machine.  The command line
+tool <tt>isenkram-lookup</tt> and the tasksel options provide a
+convenient way to list and install packages relevant for the current
+hardware during system installation, both user space packages and
+firmware packages. The GUI background daemon on the other hand provide
+a pop-up proposing to install packages when a new dongle is inserted
+while using the computer.  For example, if you plug in a smart card
+reader, the system will ask if you want to install <tt>pcscd</tt> if
+that package isn't already installed, and if you plug in a USB video
+camera the system will ask if you want to install <tt>cheese</tt> if
+cheese is currently missing.  This already work just fine.</p>
+
+<p>But Isenkram depend on a database mapping from hardware IDs to
+package names.  When I started no such database existed in Debian, so
+I made my own data set and included it with the isenkram package and
+made isenkram fetch the latest version of this database from git using
+http.  This way the isenkram users would get updated package proposals
+as soon as I learned more about hardware related packages.</p>
+
+<p>The hardware is identified using modalias strings.  The modalias
+design is from the Linux kernel where most hardware descriptors are
+made available as a strings that can be matched using filename style
+globbing.  It handle USB, PCI, DMI and a lot of other hardware related
+identifiers.</p>
+
+<p>The downside to the Isenkram specific database is that there is no
+information about relevant distribution / Debian version, making
+isenkram propose obsolete packages too.  But along came AppStream, a
+cross distribution mechanism to store and collect metadata about
+software packages.  When I heard about the proposal, I contacted the
+people involved and suggested to add a hardware matching rule using
+modalias strings in the specification, to be able to use AppStream for
+mapping hardware to packages.  This idea was accepted and AppStream is
+now a great way for a package to announce the hardware it support in a
+distribution neutral way.  I wrote
+<a href="http://people.skolelinux.org/pere/blog/Using_appstream_with_isenkram_to_install_hardware_related_packages_in_Debian.html">a
+recipe on how to add such meta-information</a> in a blog post last
+December.  If you have a hardware related package in Debian, please
+announce the relevant hardware IDs using AppStream.</p>
+
+<p>In Debian, almost all packages that can talk to a LEGO Mindestorms
+RCX or NXT unit, announce this support using AppStream.  The effect is
+that when you insert such LEGO robot controller into your Debian
+machine, Isenkram will propose to install the packages needed to get
+it working.  The intention is that this should allow the local user to
+start programming his robot controller right away without having to
+guess what packages to use or which permissions to fix.</p>
+
+<p>But when I sat down with my son the other day to program our NXT
+unit using his Debian Stretch computer, I discovered something
+annoying.  The local console user (ie my son) did not get access to
+the USB device for programming the unit.  This used to work, but no
+longer in Jessie and Stretch.  After some investigation and asking
+around on #debian-devel, I discovered that this was because udev had
+changed the mechanism used to grant access to local devices.  The
+ConsoleKit mechanism from <tt>/lib/udev/rules.d/70-udev-acl.rules</tt>
+no longer applied, because LDAP users no longer was added to the
+plugdev group during login.  Michael Biebl told me that this method
+was obsolete and the new method used ACLs instead.  This was good
+news, as the plugdev mechanism is a mess when using a remote user
+directory like LDAP.  Using ACLs would make sure a user lost device
+access when she logged out, even if the user left behind a background
+process which would retain the plugdev membership with the ConsoleKit
+setup.  Armed with this knowledge I moved on to fix the access problem
+for the LEGO Mindstorms related packages.</p>
+
+<p>The new system uses a udev tag, 'uaccess'.  It can either be
+applied directly for a device, or is applied in
+/lib/udev/rules.d/70-uaccess.rules for classes of devices.  As the
+LEGO Mindstorms udev rules did not have a class, I decided to add the
+tag directly in the udev rules files included in the packages.  Here
+is one example.  For the nqc C compiler for the RCX, the
+<tt>/lib/udev/rules.d/60-nqc.rules</tt> file now look like this:
+
+<p><pre>
+SUBSYSTEM=="usb", ACTION=="add", ATTR{idVendor}=="0694", ATTR{idProduct}=="0001", \
+    SYMLINK+="rcx-%k", TAG+="uaccess"
+</pre></p>
+
+<p>The key part is the 'TAG+="uaccess"' at the end.  I suspect all
+packages using plugdev in their /lib/udev/rules.d/ files should be
+changed to use this tag (either directly or indirectly via
+<tt>70-uaccess.rules</tt>).  Perhaps a lintian check should be created
+to detect this?</p>
+
+<p>I've been unable to find good documentation on the uaccess feature.
+It is unclear to me if the uaccess tag is an internal implementation
+detail like the udev-acl tag used by
+<tt>/lib/udev/rules.d/70-udev-acl.rules</tt>.  If it is, I guess the
+indirect method is the preferred way.  Michael
+<a href="https://github.com/systemd/systemd/issues/4288">asked for more
+documentation from the systemd project</a> and I hope it will make
+this clearer.  For now I use the generic classes when they exist and
+is already handled by <tt>70-uaccess.rules</tt>, and add the tag
+directly if no such class exist.</p>
+
+<p>To learn more about the isenkram system, please check out
+<a href="http://people.skolelinux.org/pere/blog/tags/isenkram/">my
+blog posts tagged isenkram</a>.</p>
+
+<p>To help out making life for LEGO constructors in Debian easier,
+please join us on our IRC channel
+<a href="irc://irc.debian.org/%23debian-lego">#debian-lego</a> and join
+the <a href="https://alioth.debian.org/projects/debian-lego/">Debian
+LEGO team</a> in the Alioth project we created yesterday.  A mailing
+list is not yet created, but we are working on it. :)</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+</div>
+      <div class="tags">
+        
+        
+        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram</a>. 
+        
+        
+      </div>
+    </div>
+    <div class="padding"></div>
+    
+    <div class="entry">
+      <div class="title"><a href="http://people.skolelinux.org/pere/blog/Aftenposten_redakt_ren_med_lua_i_h_nda.html">Aftenposten-redaktøren med lua i hånda</a></div>
+      <div class="date"> 9th September 2016</div>
+      <div class="body"><p>En av dagens nyheter er at Aftenpostens redaktør Espen Egil Hansen
+bruker
+<a href="https://www.nrk.no/kultur/aftenposten-brukar-heile-forsida-pa-facebook-kritikk-1.13126918">forsiden
+av papiravisen på et åpent brev til Facebooks sjef Mark Zuckerberg om
+Facebooks fjerning av bilder, tekster og sider de ikke liker</a>.  Det
+må være uvant for redaktøren i avisen Aftenposten å stå med lua i
+handa og håpe på å bli hørt.  Spesielt siden Aftenposten har vært med
+på å gi Facebook makten de nå demonstrerer at de har.  Ved å melde seg
+inn i Facebook-samfunnet har de sagt ja til bruksvilkårene og inngått
+en antagelig bindende avtale.  Kanskje de skulle lest og vurdert
+vilkårene litt nærmere før de sa ja, i stedet for å klage over at
+reglende de har valgt å akseptere blir fulgt?  Personlig synes jeg
+vilkårene er uakseptable og det ville ikke falle meg inn å gå inn på
+en avtale med slike vilkår.  I tillegg til uakseptable vilkår er det
+mange andre grunner til å unngå Facebook.  Du kan finne en solid
+gjennomgang av flere slike argumenter hos
+<a href="https://stallman.org/facebook.html">Richard Stallmans side om
+Facebook</a>.
+
+<p>Jeg håper flere norske redaktører på samme vis må stå med lua i
+hånden inntil de forstår at de selv er med på å føre samfunnet på
+ville veier ved å omfavne Facebook slik de gjør når de omtaler og
+løfter frem saker fra Facebook, og tar i bruk Facebook som
+distribusjonskanal for sine nyheter.  De bidrar til
+overvåkningssamfunnet og raderer ut lesernes privatsfære når de lenker
+til Facebook på sine sider, og låser seg selv inne i en omgivelse der
+det er Facebook, og ikke redaktøren, som sitter med makta.</p>
+
+<p>Men det vil nok ta tid, i et Norge der de fleste nettredaktører
+<a href="http://people.skolelinux.org/pere/blog/Snurpenot_overv_kning_av_sensitiv_personinformasjon.html">deler
+sine leseres personopplysinger med utenlands etterretning</a>.</p>
+
+<p>For øvrig burde varsleren Edward Snowden få politisk asyl i
+Norge.</p>
+</div>
+      <div class="tags">
+        
+        
+        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>. 
+        
+        
+      </div>
+    </div>
+    <div class="padding"></div>
+    

     <div class="entry">
       <div class="title"><a href="http://people.skolelinux.org/pere/blog/E_tjenesten_ber_om_innsyn_i_eposten_til_partiene_p__Stortinget.html">E-tjenesten ber om innsyn i eposten til partiene på Stortinget</a></div>
       <div class="date"> 6th September 2016</div>
     <div class="entry">
       <div class="title"><a href="http://people.skolelinux.org/pere/blog/E_tjenesten_ber_om_innsyn_i_eposten_til_partiene_p__Stortinget.html">E-tjenesten ber om innsyn i eposten til partiene på Stortinget</a></div>
       <div class="date"> 6th September 2016</div>


@@ -35,7 +599,7 @@ støttepartiene Venstre (@venstre.no) og Kristelig Folkeparti (@krf.no)
 samt Sosialistisk Ventreparti (@sv.no) og Miljøpartiet de grønne
 (@mdg.no) har nemlig alle valgt å ta imot eposten sin via utenlandske
 tjenester.  Det betyr at hvis noen sender epost til noen med en slik
 samt Sosialistisk Ventreparti (@sv.no) og Miljøpartiet de grønne
 (@mdg.no) har nemlig alle valgt å ta imot eposten sin via utenlandske
 tjenester.  Det betyr at hvis noen sender epost til noen med en slik

-adresse vil innholdet i eposten om dette forslaget blir vedtatt gjøres
+adresse vil innholdet i eposten, om dette forslaget blir vedtatt, gjøres

 tilgjengelig for e-tjenesten.  Venstre, Sosialistisk Ventreparti og
 Miljøpartiet De Grønne har valgt å motta sin epost hos Google,
 Kristelig Folkeparti har valgt å motta sin epost hos Microsoft, og
 tilgjengelig for e-tjenesten.  Venstre, Sosialistisk Ventreparti og
 Miljøpartiet De Grønne har valgt å motta sin epost hos Google,
 Kristelig Folkeparti har valgt å motta sin epost hos Microsoft, og


@@ -389,428 +953,6 @@ administratoren der, så hadde jeg brukt weblate i stedet.</p>
     </div>
     <div class="padding"></div>
     
     </div>
     <div class="padding"></div>
     

-    <div class="entry">
-      <div class="title"><a href="http://people.skolelinux.org/pere/blog/Techno_TV_broadcasting_live_across_Norway_and_the_Internet___debconf16___nuug__on__frikanalen.html">Techno TV broadcasting live across Norway and the Internet (#debconf16, #nuug) on @frikanalen</a></div>
-      <div class="date"> 1st August 2016</div>
-      <div class="body"><p>Did you know there is a TV channel broadcasting talks from DebConf
-16 across an entire country?  Or that there is a TV channel
-broadcasting talks by or about
-<a href="http://beta.frikanalen.no/video/625529/">Linus Torvalds</a>,
-<a href="http://beta.frikanalen.no/video/625599/">Tor</a>,
-<a href="http://beta.frikanalen.no/video/624019/">OpenID</A>,
-<a href="http://beta.frikanalen.no/video/625624/">Common Lisp</a>,
-<a href="http://beta.frikanalen.no/video/625446/">Civic Tech</a>,
-<a href="http://beta.frikanalen.no/video/625090/">EFF founder John Barlow</a>,
-<a href="http://beta.frikanalen.no/video/625432/">how to make 3D
-printer electronics</a> and many more fascinating topics?  It works
-using only free software (all of it
-<a href="http://github.com/Frikanalen">available from Github</a>), and
-is administrated using a web browser and a web API.</p>
-
-<p>The TV channel is the Norwegian open channel
-<a href="http://www.frikanalen.no/">Frikanalen</a>, and I am involved
-via <a href="https://www.nuug.no/">the NUUG member association</a> in
-running and developing the software for the channel.  The channel is
-organised as a member organisation where its members can upload and
-broadcast what they want (think of it as Youtube for national
-broadcasting television).  Individuals can broadcast too.  The time
-slots are handled on a first come, first serve basis.  Because the
-channel have almost no viewers and very few active members, we can
-experiment with TV technology without too much flack when we make
-mistakes.  And thanks to the few active members, most of the slots on
-the schedule are free.  I see this as an opportunity to spread
-knowledge about technology and free software, and have a script I run
-regularly to fill up all the open slots the next few days with
-technology related video.  The end result is a channel I like to
-describe as Techno TV - filled with interesting talks and
-presentations.</p>
-
-<p>It is available on channel 50 on the Norwegian national digital TV
-network (RiksTV).  It is also available as a multicast stream on
-Uninett.  And finally, it is available as
-<a href="http://beta.frikanalen.no/">a WebM unicast stream</a> from
-Frikanalen and NUUG.  Check it out. :)</p>
-</div>
-      <div class="tags">
-        
-        
-        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>. 
-        
-        
-      </div>
-    </div>
-    <div class="padding"></div>
-    
-    <div class="entry">
-      <div class="title"><a href="http://people.skolelinux.org/pere/blog/Unlocking_HTC_Desire_HD_on_Linux_using_unruu_and_fastboot.html">Unlocking HTC Desire HD on Linux using unruu and fastboot</a></div>
-      <div class="date"> 7th July 2016</div>
-      <div class="body"><p>Yesterday, I tried to unlock a HTC Desire HD phone, and it proved
-to be a slight challenge.  Here is the recipe if I ever need to do it
-again.  It all started by me wanting to try the recipe to set up
-<a href="https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy">an
-hardened Android installation</a> from the Tor project blog on a
-device I had access to.  It is a old mobile phone with a broken
-microphone The initial idea had been to just
-<a href="http://wiki.cyanogenmod.org/w/Install_CM_for_ace">install
-CyanogenMod on it</a>, but did not quite find time to start on it
-until a few days ago.</p>
-
-<p>The unlock process is supposed to be simple: (1) Boot into the boot
-loader (press volume down and power at the same time), (2) select
-'fastboot' before (3) connecting the device via USB to a Linux
-machine, (4) request the device identifier token by running 'fastboot
-oem get_identifier_token', (5) request the device unlocking key using
-the <a href="http://www.htcdev.com/bootloader/">HTC developer web
-site</a> and unlock the phone using the key file emailed to you.</p>
-
-<p>Unfortunately, this only work fi you have hboot version 2.00.0029
-or newer, and the device I was working on had 2.00.0027.  This
-apparently can be easily fixed by downloading a Windows program and
-running it on your Windows machine, if you accept the terms Microsoft
-require you to accept to use Windows - which I do not.  So I had to
-come up with a different approach.  I got a lot of help from AndyCap
-on #nuug, and would not have been able to get this working without
-him.</p>
-
-<p>First I needed to extract the hboot firmware from
-<a href="http://www.htcdev.com/ruu/PD9810000_Ace_Sense30_S_hboot_2.00.0029.exe">the
-windows binary for HTC Desire HD</a> downloaded as 'the RUU' from HTC.
-For this there is is <a href="https://github.com/kmdm/unruu/">a github
-project named unruu</a> using libunshield.  The unshield tool did not
-recognise the file format, but unruu worked and extracted rom.zip,
-containing the new hboot firmware and a text file describing which
-devices it would work for.</p>
-
-<p>Next, I needed to get the new firmware into the device.  For this I
-followed some instructions
-<a href="http://www.htc1guru.com/2013/09/new-ruu-zips-posted/">available
-from HTC1Guru.com</a>, and ran these commands as root on a Linux
-machine with Debian testing:</p>
-
-<p><pre>
-adb reboot-bootloader
-fastboot oem rebootRUU
-fastboot flash zip rom.zip
-fastboot flash zip rom.zip
-fastboot reboot
-</pre></p>
-
-<p>The flash command apparently need to be done twice to take effect,
-as the first is just preparations and the second one do the flashing.
-The adb command is just to get to the boot loader menu, so turning the
-device on while holding volume down and the power button should work
-too.</p>
-
-<p>With the new hboot version in place I could start following the
-instructions on the HTC developer web site.  I got the device token
-like this:</p>
-
-<p><pre>
-fastboot oem get_identifier_token 2>&1 | sed 's/(bootloader) //'
-</pre>
-
-<p>And once I got the unlock code via email, I could use it like
-this:</p>
-
-<p><pre>
-fastboot flash unlocktoken Unlock_code.bin
-</pre></p>
-
-<p>And with that final step in place, the phone was unlocked and I
-could start stuffing the software of my own choosing into the device.
-So far I only inserted a replacement recovery image to wipe the phone
-before I start.  We will see what happen next.  Perhaps I should
-install <a href="https://www.debian.org/">Debian</a> on it. :)</p>
-</div>
-      <div class="tags">
-        
-        
-        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>. 
-        
-        
-      </div>
-    </div>
-    <div class="padding"></div>
-    
-    <div class="entry">
-      <div class="title"><a href="http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html">How to use the Signal app if you only have a land line (ie no mobile phone)</a></div>
-      <div class="date"> 3rd July 2016</div>
-      <div class="body"><p>For a while now, I have wanted to test
-<a href="https://whispersystems.org/">the Signal app</a>, as it is
-said to provide end to end encrypted communication and several of my
-friends and family are already using it.  As I by choice do not own a
-mobile phone, this proved to be harder than expected.  And I wanted to
-have the source of the client and know that it was the code used on my
-machine.  But yesterday I managed to get it working.  I used the
-Github source, compared it to the source in
-<a href="https://chrome.google.com/webstore/detail/signal-private-messenger/bikioccmkafdpakkkcpdbppfkghcmihk?hl=en-US">the
-Signal Chrome app</a> available from the Chrome web store, applied
-patches to use the production Signal servers, started the app and
-asked for the hidden "register without a smart phone" form.  Here is
-the recipe how I did it.</p>
-
-<p>First, I fetched the Signal desktop source from Github, using
-
-<pre>
-git clone https://github.com/WhisperSystems/Signal-Desktop.git
-</pre>
-
-<p>Next, I patched the source to use the production servers, to be
-able to talk to other Signal users:</p>
-
-<pre>
-cat &lt;&lt;EOF | patch -p0
-diff -ur ./js/background.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js
---- ./js/background.js  2016-06-29 13:43:15.630344628 +0200
-+++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js    2016-06-29 14:06:29.530300934 +0200
-@@ -47,8 +47,8 @@
-         });
-     });
- 
--    var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
--    var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
-+    var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org:4433';
-+    var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com';
-     var messageReceiver;
-     window.getSocketStatus = function() {
-         if (messageReceiver) {
-diff -ur ./js/expire.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js
---- ./js/expire.js      2016-06-29 13:43:15.630344628 +0200
-+++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js2016-06-29 14:06:29.530300934 +0200
-@@ -1,6 +1,6 @@
- ;(function() {
-     'use strict';
--    var BUILD_EXPIRATION = 0;
-+    var BUILD_EXPIRATION = 1474492690000;
- 
-     window.extension = window.extension || {};
- 
-EOF
-</pre>
-
-<p>The first part is changing the servers, and the second is updating
-an expiration timestamp.  This timestamp need to be updated regularly.
-It is set 90 days in the future by the build process (Gruntfile.js).
-The value is seconds since 1970 times 1000, as far as I can tell.</p>
-
-<p>Based on a tip and good help from the #nuug IRC channel, I wrote a
-script to launch Signal in Chromium.</p>
-
-<pre>
-#!/bin/sh
-cd $(dirname $0)
-mkdir -p userdata
-exec chromium \
-  --proxy-server="socks://localhost:9050" \
-  --user-data-dir=`pwd`/userdata --load-and-launch-app=`pwd`
-</pre>
-
-<p> The script start the app and configure Chromium to use the Tor
-SOCKS5 proxy to make sure those controlling the Signal servers (today
-Amazon and Whisper Systems) as well as those listening on the lines
-will have a harder time location my laptop based on the Signal
-connections if they use source IP address.</p>
-
-<p>When the script starts, one need to follow the instructions under
-"Standalone Registration" in the CONTRIBUTING.md file in the git
-repository.  I right clicked on the Signal window to get up the
-Chromium debugging tool, visited the 'Console' tab and wrote
-'extension.install("standalone")' on the console prompt to get the
-registration form.  Then I entered by land line phone number and
-pressed 'Call'.  5 seconds later the phone rang and a robot voice
-repeated the verification code three times.  After entering the number
-into the verification code field in the form, I could start using
-Signal from my laptop.
-
-<p>As far as I can tell, The Signal app will leak who is talking to
-whom and thus who know who to those controlling the central server,
-but such leakage is hard to avoid with a centrally controlled server
-setup.  It is something to keep in mind when using Signal - the
-content of your chats are harder to intercept, but the meta data
-exposing your contact network is available to people you do not know.
-So better than many options, but not great.  And sadly the usage is
-connected to my land line, thus allowing those controlling the server
-to associate it to my home and person.  I would prefer it if only
-those I knew could tell who I was on Signal.  There are options
-avoiding such information leakage, but most of my friends are not
-using them, so I am stuck with Signal for now.</p>
-</div>
-      <div class="tags">
-        
-        
-        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>. 
-        
-        
-      </div>
-    </div>
-    <div class="padding"></div>
-    
-    <div class="entry">
-      <div class="title"><a href="http://people.skolelinux.org/pere/blog/The_new__best__multimedia_player_in_Debian_.html">The new "best" multimedia player in Debian?</a></div>
-      <div class="date"> 6th June 2016</div>
-      <div class="body"><p>When I set out a few weeks ago to figure out
-<a href="http://people.skolelinux.org/pere/blog/What_is_the_best_multimedia_player_in_Debian_.html">which
-multimedia player in Debian claimed to support most file formats /
-MIME types</a>, I was a bit surprised how varied the sets of MIME types
-the various players claimed support for.  The range was from 55 to 130
-MIME types.  I suspect most media formats are supported by all
-players, but this is not really reflected in the MimeTypes values in
-their desktop files.  There are probably also some bogus MIME types
-listed, but it is hard to identify which one this is.</p>
-
-<p>Anyway, in the mean time I got in touch with upstream for some of
-the players suggesting to add more MIME types to their desktop files,
-and decided to spend some time myself improving the situation for my
-favorite media player VLC.  The fixes for VLC entered Debian unstable
-yesterday. The complete list of MIME types can be seen on the
-<a href="https://wiki.debian.org/DebianMultimedia/PlayerSupport">Multimedia
-player MIME type support status</a> Debian wiki page.</p>
-
-<p>The new "best" multimedia player in Debian?  It is VLC, followed by
-totem, parole, kplayer, gnome-mpv, mpv, smplayer, mplayer-gui and
-kmplayer.  I am sure some of the other players desktop files support
-several of the formats currently listed as working only with vlc,
-toten and parole.</p>
-
-<p>A sad observation is that only 14 MIME types are listed as
-supported by all the tested multimedia players in Debian in their
-desktop files: audio/mpeg, audio/vnd.rn-realaudio, audio/x-mpegurl,
-audio/x-ms-wma, audio/x-scpls, audio/x-wav, video/mp4, video/mpeg,
-video/quicktime, video/vnd.rn-realvideo, video/x-matroska,
-video/x-ms-asf, video/x-ms-wmv and video/x-msvideo.  Personally I find
-it sad that video/ogg and video/webm is not supported by all the media
-players in Debian.  As far as I can tell, all of them can handle both
-formats.</p>
-</div>
-      <div class="tags">
-        
-        
-        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>. 
-        
-        
-      </div>
-    </div>
-    <div class="padding"></div>
-    
-    <div class="entry">
-      <div class="title"><a href="http://people.skolelinux.org/pere/blog/A_program_should_be_able_to_open_its_own_files_on_Linux.html">A program should be able to open its own files on Linux</a></div>
-      <div class="date"> 5th June 2016</div>
-      <div class="body"><p>Many years ago, when koffice was fresh and with few users, I
-decided to test its presentation tool when making the slides for a
-talk I was giving for NUUG on Japhar, a free Java virtual machine.  I
-wrote the first draft of the slides, saved the result and went to bed
-the day before I would give the talk.  The next day I took a plane to
-the location where the meeting should take place, and on the plane I
-started up koffice again to polish the talk a bit, only to discover
-that kpresenter refused to load its own data file.  I cursed a bit and
-started making the slides again from memory, to have something to
-present when I arrived.  I tested that the saved files could be
-loaded, and the day seemed to be rescued.  I continued to polish the
-slides until I suddenly discovered that the saved file could no longer
-be loaded into kpresenter.  In the end I had to rewrite the slides
-three times, condensing the content until the talk became shorter and
-shorter.  After the talk I was able to pinpoint the problem &ndash;
-kpresenter wrote inline images in a way itself could not understand.
-Eventually that bug was fixed and kpresenter ended up being a great
-program to make slides.  The point I'm trying to make is that we
-expect a program to be able to load its own data files, and it is
-embarrassing to its developers if it can't.</p>
-
-<p>Did you ever experience a program failing to load its own data
-files from the desktop file browser?  It is not a uncommon problem.  A
-while back I discovered that the screencast recorder
-gtk-recordmydesktop would save an Ogg Theora video file the KDE file
-browser would refuse to open.  No video player claimed to understand
-such file.  I tracked down the cause being <tt>file --mime-type</tt>
-returning the application/ogg MIME type, which no video player I had
-installed listed as a MIME type they would understand.  I asked for
-<a href="http://bugs.gw.com/view.php?id=382">file to change its
-behavour</a> and use the MIME type video/ogg instead.  I also asked
-several video players to add video/ogg to their desktop files, to give
-the file browser an idea what to do about Ogg Theora files.  After a
-while, the desktop file browsers in Debian started to handle the
-output from gtk-recordmydesktop properly.</p>
-
-<p>But history repeats itself.  A few days ago I tested the music
-system Rosegarden again, and I discovered that the KDE and xfce file
-browsers did not know what to do with the Rosegarden project files
-(*.rg).  I've reported <a href="http://bugs.debian.org/825993">the
-rosegarden problem to BTS</a> and a fix is commited to git and will be
-included in the next upload.  To increase the chance of me remembering
-how to fix the problem next time some program fail to load its files
-from the file browser, here are some notes on how to fix it.</p>
-
-<p>The file browsers in Debian in general operates on MIME types.
-There are two sources for the MIME type of a given file.  The output from
-<tt>file --mime-type</tt> mentioned above, and the content of the
-shared MIME type registry (under /usr/share/mime/).  The file MIME
-type is mapped to programs supporting the MIME type, and this
-information is collected from
-<a href="https://www.freedesktop.org/wiki/Specifications/desktop-entry-spec/">the
-desktop files</a> available in /usr/share/applications/.  If there is
-one desktop file claiming support for the MIME type of the file, it is
-activated when asking to open a given file.  If there are more, one
-can normally select which one to use by right-clicking on the file and
-selecting the wanted one using 'Open with' or similar.  In general
-this work well.  But it depend on each program picking a good MIME
-type (preferably
-<a href="http://www.iana.org/assignments/media-types/media-types.xhtml">a
-MIME type registered with IANA</a>), file and/or the shared MIME
-registry recognizing the file and the desktop file to list the MIME
-type in its list of supported MIME types.</p>
-
-<p>The <tt>/usr/share/mime/packages/rosegarden.xml</tt> entry for
-<a href="http://www.freedesktop.org/wiki/Specifications/shared-mime-info-spec">the
-Shared MIME database</a> look like this:</p>
-
-<p><blockquote><pre>
-&lt;?xml version="1.0" encoding="UTF-8"?&gt;
-&lt;mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info"&gt;
-  &lt;mime-type type="audio/x-rosegarden"&gt;
-    &lt;sub-class-of type="application/x-gzip"/&gt;
-    &lt;comment&gt;Rosegarden project file&lt;/comment&gt;
-    &lt;glob pattern="*.rg"/&gt;
-  &lt;/mime-type&gt;
-&lt;/mime-info&gt;
-</pre></blockquote></p>
-
-<p>This states that audio/x-rosegarden is a kind of application/x-gzip
-(it is a gzipped XML file).  Note, it is much better to use an
-official MIME type registered with IANA than it is to make up ones own
-unofficial ones like the x-rosegarden type used by rosegarden.</p>
-
-<p>The desktop file of the rosegarden program failed to list
-audio/x-rosegarden in its list of supported MIME types, causing the
-file browsers to have no idea what to do with *.rg files:</p>
-
-<p><blockquote><pre>
-% grep Mime /usr/share/applications/rosegarden.desktop
-MimeType=audio/x-rosegarden-composition;audio/x-rosegarden-device;audio/x-rosegarden-project;audio/x-rosegarden-template;audio/midi;
-X-KDE-NativeMimeType=audio/x-rosegarden-composition
-%
-</pre></blockquote></p>
-
-<p>The fix was to add "audio/x-rosegarden;" at the end of the
-MimeType= line.</p>
-
-<p>If you run into a file which fail to open the correct program when
-selected from the file browser, please check out the output from
-<tt>file --mime-type</tt> for the file, ensure the file ending and
-MIME type is registered somewhere under /usr/share/mime/ and check
-that some desktop file under /usr/share/applications/ is claiming
-support for this MIME type.  If not, please report a bug to have it
-fixed. :)</p>
-</div>
-      <div class="tags">
-        
-        
-        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>. 
-        
-        
-      </div>
-    </div>
-    <div class="padding"></div>
-    

     <p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14" /></a></p>
     <div id="sidebar">
       
     <p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14" /></a></p>
     <div id="sidebar">
       


@@ -838,7 +980,11 @@ fixed. :)</p>
 
 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/08/">August (5)</a></li>
 
 
 <li><a href="http://people.skolelinux.org/pere/blog/archive/2016/08/">August (5)</a></li>
 

-<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/09/">September (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/09/">September (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/10/">October (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/11/">November (1)</a></li>

 
 </ul></li>
 
 
 </ul></li>
 


@@ -1077,19 +1223,19 @@ fixed. :)</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
 

- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (135)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (137)</a></li>

 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (157)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (157)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>
 

- <li><a href="http://people.skolelinux.org/pere/blog/tags/dld">dld (15)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/dld">dld (16)</a></li>

 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (23)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (23)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
 

- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (327)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (329)</a></li>

 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
 


@@ -1105,7 +1251,7 @@ fixed. :)</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (42)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (42)</a></li>
 

- <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (12)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (13)</a></li>

 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (19)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (19)</a></li>
 


@@ -1123,7 +1269,7 @@ fixed. :)</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software (8)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software (8)</a></li>
 

- <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (277)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (280)</a></li>

 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (182)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (182)</a></li>
 


@@ -1133,7 +1279,7 @@ fixed. :)</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (61)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (61)</a></li>
 

- <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (92)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (94)</a></li>

 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
 


@@ -1151,7 +1297,7 @@ fixed. :)</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
 

- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (48)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (51)</a></li>

 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
 


@@ -1163,7 +1309,7 @@ fixed. :)</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (10)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (10)</a></li>
 

- <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (38)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (42)</a></li>

 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (2)</a></li>
 
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (2)</a></li>