- <item>
- <title>Why is your site not using Content Security Policy / CSP?</title>
- <link>http://people.skolelinux.org/pere/blog/Why_is_your_site_not_using_Content_Security_Policy___CSP_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Why_is_your_site_not_using_Content_Security_Policy___CSP_.html</guid>
- <pubDate>Sun, 9 Dec 2018 15:00:00 +0100</pubDate>
- <description><p>Yesterday, I had the pleasure of watching on Frikanalen the OWASP
-talk by Scott Helme titled
-"<a href="https://frikanalen.no/video/626080/">What We’ve Learned From
-Billions of Security Reports</a>". I had not heard of the
-<a href="https://en.wikipedia.org/wiki/Content_Security_Policy">Content
-Security Policy standard</a> nor its ability to "call home" when a
-browser detect a policy breach (I do not follow web page design
-development much these days), and found the talk very illuminating.</p>
-
-<p>The mechanism allow a web site owner to use HTTP headers to tell
-visitors web browser which sources (internal and external) are allowed to
-be used on the web site. Thus it become possible to enforce a "only
-local content" policy despite web designers urge to fetch programs
-from random sites on the Internet, like the one
-<a href="https://securityaffairs.co/wordpress/68966/hacking/browsealoud-plugin-hack.html">enabling
-the attack</a> reported by Scott Helme earlier this year.</p>
-
-<p>Using CSP seem like an obvious thing for a site admin to implement
-to take some control over the information leak that occur when
-external sources are used to render web pages, it is a mystery more
-sites are not using CSP? It is being
-<a href="https://www.w3.org/TR/CSP/">standardized under W3C</a> these
-days, and is supposed by most web browsers</p>
-
-<p>I managed to find <a href="https://github.com/mozilla/django-csp">a
-Django middleware for implementing CSP</a> and was happy to discover
-it was already in Debian. I plan to use it to add CSP support to the
-Frikanalen web site soon.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</description>
- </item>
-
- <item>
- <title>New and improved Frikanalen Kodi addon version 0.0.3</title>
- <link>http://people.skolelinux.org/pere/blog/New_and_improved_Frikanalen_Kodi_addon_version_0_0_3.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_and_improved_Frikanalen_Kodi_addon_version_0_0_3.html</guid>
- <pubDate>Thu, 8 Nov 2018 10:30:00 +0100</pubDate>
- <description><p>If you read my blog regularly, you probably know I am involved in
-running and developing the <a href="https://frikanalen.no/">Norwegian
-TV channel Frikanalen</a>. It is an open channel, allowing everyone
-in Norway to publish videos on a TV channel with national coverage.
-You can think of it as Youtube for national television.
-In addition to distribution on RiksTV and Uninett, Frikanalen is also
-available as a Kodi addon. The last few days I have updated the code
-to add more features. A
-<a href="https://kodi.tv/addon/plugins-video-add-ons/frikanalen-nett-tv">new
-and improved version 0.0.3 Frikanalen addon</a> was just made
-available via the Kodi repositories. This new version include a
-option to browse videos by category, as well as free text search
-in the video archive. It will now also show the video duration in the
-video lists, which were missing earlier. A new and experimental
-link to the HD video stream currently being worked on is provided, for
-those that want to see what the <a href="https://casparcg.com/">CasparCG</a>
-output look like. The alternative is the SD video stream, generated
-using MLT. CasparCG is controlled by our
-<a href="https://github.com/Frikanalen/mltplayout/">mltplayout
-server</a> which instead of talking to mlt is giving PLAY instructions
-to the CasparCG server when it is time to start a new program.</p>
-
-<p>By now, you are probably wondering what kind of content is being
-played on the channel. These days, it is filled with technical
-presentations like those from <a href="https://www.nuug.no/">NUUG</a>,
-<a href="https://www.debconf.org/">Debconf</a>, Makercon, and TED,
-but there are also some periods with
-<a href="https://www.empo.no/">EMPT TV</a> and
-<a href="https://www.p7.no/">P7</a>.
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</description>
- </item>
-
- <item>
- <title>Time for an official MIME type for patches?</title>
- <link>http://people.skolelinux.org/pere/blog/Time_for_an_official_MIME_type_for_patches_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Time_for_an_official_MIME_type_for_patches_.html</guid>
- <pubDate>Thu, 1 Nov 2018 08:15:00 +0100</pubDate>
- <description><p>As part of my involvement in
-<a href="https://gitlab.com/OsloMet-ABI/nikita-noark5-core">the Nikita
-archive API project</a>, I've been importing a fairly large lump of
-emails into a test instance of the archive to see how well this would
-go. I picked a subset of <a href="https://notmuchmail.org/">my
-notmuch email database</a>, all public emails sent to me via
-@lists.debian.org, giving me a set of around 216 000 emails to import.
-In the process, I had a look at the various attachments included in
-these emails, to figure out what to do with attachments, and noticed
-that one of the most common attachment formats do not have
-<a href="https://www.iana.org/assignments/media-types/media-types.xhtml">an
-official MIME type</a> registered with IANA/IETF. The output from
-diff, ie the input for patch, is on the top 10 list of formats
-included in these emails. At the moment people seem to use either
-text/x-patch or text/x-diff, but neither is officially registered. It
-would be better if one official MIME type were registered and used
-everywhere.</p>
-
-<p>To try to get one official MIME type for these files, I've brought
-up the topic on
-<a href="https://www.ietf.org/mailman/listinfo/media-types">the
-media-types mailing list</a>. If you are interested in discussion
-which MIME type to use as the official for patch files, or involved in
-making software using a MIME type for patches, perhaps you would like
-to join the discussion?</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</description>
- </item>
-
- <item>
- <title>Measuring the speaker frequency response using the AUDMES free software GUI - nice free software</title>
- <link>http://people.skolelinux.org/pere/blog/Measuring_the_speaker_frequency_response_using_the_AUDMES_free_software_GUI___nice_free_software.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Measuring_the_speaker_frequency_response_using_the_AUDMES_free_software_GUI___nice_free_software.html</guid>
- <pubDate>Mon, 22 Oct 2018 08:40:00 +0200</pubDate>
- <description><p><img src="http://people.skolelinux.org/pere/blog/images/2018-10-22-audmes-measure-speakers.png" align="right" width="40%"/></p>
-
-<p>My current home stereo is a patchwork of various pieces I got on
-flee markeds over the years. It is amazing what kind of equipment
-show up there. I've been wondering for a while if it was possible to
-measure how well this equipment is working together, and decided to
-see how far I could get using free software. After trawling the web I
-came across an article from DIY Audio and Video on
-<a href="https://www.diyaudioandvideo.com/Tutorial/SpeakerResponseTesting/">Speaker
-Testing and Analysis</a> describing how to test speakers, and it listing
-several software options, among them
-<a href="https://sourceforge.net/projects/audmes/">AUDio MEasurement
-System (AUDMES)</a>. It is the only free software system I could find
-focusing on measuring speakers and audio frequency response. In the
-process I also found an interesting article from NOVO on
-<a href="http://novo.press/understanding-speaker-specifications-and-frequency-response/">Understanding
-Speaker Specifications and Frequency Response</a> and an article from
-ecoustics on
-<a href="https://www.ecoustics.com/articles/understanding-speaker-frequency-response/">Understanding
-Speaker Frequency Response</a>, with a lot of information on what to
-look for and how to interpret the graphs. Armed with this knowledge,
-I set out to measure the state of my speakers.</p>
-
-<p>The first hurdle was that AUDMES hadn't seen a commit for 10 years
-and did not build with current compilers and libraries. I got in
-touch with its author, who no longer was spending time on the program
-but gave me write access to the subversion repository on Sourceforge.
-The end result is that now the code build on Linux and is capable of
-saving and loading the collected frequency response data in CSV
-format. The application is quite nice and flexible, and I was able to
-select the input and output audio interfaces independently. This made
-it possible to use a USB mixer as the input source, while sending
-output via my laptop headphone connection. I lacked the hardware and
-cabling to figure out a different way to get independent cabling to
-speakers and microphone.</p>
-
-<p>Using this setup I could see how a large range of high frequencies
-apparently were not making it out of my speakers. The picture show
-the frequency response measurement of one of the speakers. Note the
-frequency lines seem to be slightly misaligned, compared to the CSV
-output from the program. I can not hear several of these are high
-frequencies, according to measurement from
-<a href="http://freehearingtestsoftware.com">Free Hearing Test
-Software</a>, an freeware system to measure your hearing (still
-looking for a free software alternative), so I do not know if they are
-coming out out the speakers. I thus do not quite know how to figure
-out if the missing frequencies is a problem with the microphone, the
-amplifier or the speakers, but I managed to rule out the audio card in my
-PC by measuring my Bose noise canceling headset using its own
-microphone. This setup was able to see the high frequency tones, so
-the problem with my stereo had to be in the amplifier or speakers.</p>
-
-<p>Anyway, to try to role out one factor I ended up picking up a new
-set of speakers at a flee marked, and these work a lot better than the
-old speakers, so I guess the microphone and amplifier is OK. If you
-need to measure your own speakers, check out AUDMES. If more people
-get involved, perhaps the project could become good enough to
-<a href="https://bugs.debian.org/910876">include in Debian</a>? And if
-you know of some other free software to measure speakers and amplifier
-performance, please let me know. I am aware of the freeware option
-<a href="https://www.roomeqwizard.com/">REW</a>, but I want something
-that can be developed also when the vendor looses interest.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</description>
- </item>
-
- <item>
- <title>Web browser integration of VLC with Bittorrent support</title>
- <link>http://people.skolelinux.org/pere/blog/Web_browser_integration_of_VLC_with_Bittorrent_support.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Web_browser_integration_of_VLC_with_Bittorrent_support.html</guid>
- <pubDate>Sun, 21 Oct 2018 09:50:00 +0200</pubDate>
- <description><p>Bittorrent is as far as I know, currently the most efficient way to
-distribute content on the Internet. It is used all by all sorts of
-content providers, from national TV stations like
-<a href="https://www.nrk.no/">NRK</a>, Linux distributors like
-<a href="https://www.debian.org/">Debian</a> and
-<a href="https://www.ubuntu.com/">Ubuntu</a>, and of course the
-<a href="https://archive.org/">Internet archive</A>.
-
-<p>Almost a month ago
-<a href="https://tracker.debian.org/pkg/vlc-plugin-bittorrent">a new
-package adding Bittorrent support to VLC</a> became available in
-Debian testing and unstable. To test it, simply install it like
-this:</p>
-
-<p><pre>
-apt install vlc-plugin-bittorrent
-</pre></p>
-
-<p>Since the plugin was made available for the first time in Debian,
-several improvements have been made to it. In version 2.2-4, now
-available in both testing and unstable, a desktop file is provided to
-teach browsers to start VLC when the user click on torrent files or
-magnet links. The last part is thanks to me finally understanding
-what the strange x-scheme-handler style MIME types in desktop files
-are used for. By adding x-scheme-handler/magnet to the MimeType entry
-in the desktop file, at least the browsers Firefox and Chromium will
-suggest to start VLC when selecting a magnet URI on a web page. The
-end result is that now, with the plugin installed in Buster and Sid,
-one can visit any
-<a href="https://archive.org/details/CopyingIsNotTheft1080p">Internet
-Archive page with movies</a> using a web browser and click on the
-torrent link to start streaming the movie.</p>
-
-<p>Note, there is still some misfeatures in the plugin. One is the
-fact that it will hang and
-<a href="https://github.com/johang/vlc-bittorrent/issues/13">block VLC
-from exiting until the torrent streaming starts</a>. Another is the
-fact that it
-<a href="https://github.com/johang/vlc-bittorrent/issues/9">will pick
-and play a random file in a multi file torrent</a>. This is not
-always the video file you want. Combined with the first it can be a
-bit hard to get the video streaming going. But when it work, it seem
-to do a good job.</p>
-
-<p>For the Debian packaging, I would love to find a good way to test
-if the plugin work with VLC using autopkgtest. I tried, but do not
-know enough of the inner workings of VLC to get it working. For now
-the autopkgtest script is only checking if the .so file was
-successfully loaded by VLC. If you have any suggestions, please
-submit a patch to the Debian bug tracking system.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</description>
- </item>
-
projects / homepage.git / blobdiff