- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/syslog_trusted_timestamp___chain_of_trusted_timestamps_for_your_syslog.html">syslog-trusted-timestamp - chain of trusted timestamps for your syslog</a></div>
- <div class="date"> 2nd April 2016</div>
- <div class="body"><p>Two years ago, I had
-<a href="http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html">a
-look at trusted timestamping options available</a>, and among
-other things noted a still open
-<a href="https://bugs.debian.org/742553">bug in the tsget script</a>
-included in openssl that made it harder than necessary to use openssl
-as a trusted timestamping client. A few days ago I was told
-<a href="https:/www.difi.no/">the Norwegian government office DIFI</a> is
-close to releasing their own trusted timestamp service, and in the
-process I was happy to learn about a replacement for the tsget script
-using only curl:</p>
-
-<p><pre>
-openssl ts -query -data "/etc/shells" -cert -sha256 -no_nonce \
- | curl -s -H "Content-Type: application/timestamp-query" \
- --data-binary "@-" http://zeitstempel.dfn.de > etc-shells.tsr
-openssl ts -reply -text -in etc-shells.tsr
-</pre></p>
-
-<p>This produces a binary timestamp file (etc-shells.tsr) which can be
-used to verify that the content of the file /etc/shell with the
-calculated sha256 hash existed at the point in time when the request
-was made. The last command extract the content of the etc-shells.tsr
-in human readable form. The idea behind such timestamp is to be able
-to prove using cryptography that the content of a file have not
-changed since the file was stamped.</p>
-
-<p>To verify that the file on disk match the public key signature in
-the timestamp file, run the following commands. It make sure you have
-the required certificate for the trusted timestamp service available
-and use it to compare the file content with the timestamp. In
-production, one should of course use a better method to verify the
-service certificate.</p>
-
-<p><pre>
-wget -O ca-cert.txt https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
-openssl ts -verify -data /etc/shells -in etc-shells.tsr -CAfile ca-cert.txt -text
-</pre></p>
-
-<p>Wikipedia have a lot more information about
-<a href="https://en.wikipedia.org/wiki/Trusted_timestamping">trusted
-Timestamping</a> and
-<a href="https://en.wikipedia.org/wiki/Linked_timestamping">linked
-timestamping</a>, and there are several trusted timestamping services
-around, both as commercial services and as free and public services.
-Among the latter is
-<a href="https://www.pki.dfn.de/zeitstempeldienst/">the
-zeitstempel.dfn.de service</a> mentioned above and
-<a href="https://freetsa.org/">freetsa.org service</a> linked to from the
-wikipedia web site. I believe the DIFI service should show up on
-https://tsa.difi.no, but it is not available to the public at the
-moment. I hope this will change when it is into production. The
-<a href="https://tools.ietf.org/html/rfc3161">RFC 3161</a> trusted
-timestamping protocol standard is even implemented in LibreOffice,
-Microsoft Office and Adobe Acrobat, making it possible to verify when
-a document was created.</p>
-
-<p>I would find it useful to be able to use such trusted timestamp
-service to make it possible to verify that my stored syslog files have
-not been tampered with. This is not a new idea. I found one example
-implemented on the Endian network appliances where
-<a href="http://help.endian.com/entries/21518508-Enabling-Timestamping-on-log-files-">the
-configuration of such feature was described in 2012</a>.</p>
-
-<p>But I could not find any free implementation of such feature when I
-searched, so I decided to try to
-<a href="https://github.com/petterreinholdtsen/syslog-trusted-timestamp">build
-a prototype named syslog-trusted-timestamp</a>. My idea is to
-generate a timestamp of the old log files after they are rotated, and
-store the timestamp in the new log file just after rotation. This
-will form a chain that would make it possible to see if any old log
-files are tampered with. But syslog is bad at handling kilobytes of
-binary data, so I decided to base64 encode the timestamp and add an ID
-and line sequence numbers to the base64 data to make it possible to
-reassemble the timestamp file again. To use it, simply run it like
-this:
-
-<p><pre>
-syslog-trusted-timestamp /path/to/list-of-log-files
-</pre></p>
-
-<p>This will send a timestamp from one or more timestamp services (not
-yet decided nor implemented) for each listed file to the syslog using
-logger(1). To verify the timestamp, the same program is used with the
---verify option:</p>
-
-<p><pre>
-syslog-trusted-timestamp --verify /path/to/log-file /path/to/log-with-timestamp
-</pre></p>
-
-<p>The verification step is not yet well designed. The current
-implementation depend on the file path being unique and unchanging,
-and this is not a solid assumption. It also uses process number as
-timestamp ID, and this is bound to create ID collisions. I hope to
-have time to come up with a better way to handle timestamp IDs and
-verification later.</p>
-
-<p>Please check out
-<a href="https://github.com/petterreinholdtsen/syslog-trusted-timestamp">the
-prototype for syslog-trusted-timestamp on github</a> and send
-suggestions and improvement, or let me know if there already exist a
-similar system for timestamping logs already to allow me to join
-forces with others with the same interest.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Full_battery_stats_collector_is_now_available_in_Debian.html">Full battery stats collector is now available in Debian</a></div>
- <div class="date">23rd March 2016</div>
- <div class="body"><p>Since this morning, the battery-stats package in Debian include an
-extended collector that will collect the complete battery history for
-later processing and graphing. The original collector store the
-battery level as percentage of last full level, while the new
-collector also record battery vendor, model, serial number, design
-full level, last full level and current battery level. This make it
-possible to predict the lifetime of the battery as well as visualise
-the energy flow when the battery is charging or discharging.</p>
-
-<p>The new tools are available in <tt>/usr/share/battery-stats/</tt>
-in the version 0.5.1 package in unstable. Get the new battery level graph
-and lifetime prediction by running:
-
-<p><pre>
-/usr/share/battery-stats/battery-stats-graph /var/log/battery-stats.csv
-</pre></p>
-
-<p>Or select the 'Battery Level Graph' from your application menu.</p>
-
-<p>The flow in/out of the battery can be seen by running (no menu
-entry yet):</p>
-
-<p><pre>
-/usr/share/battery-stats/battery-stats-graph-flow
-</pre></p>
-
-<p>I'm not quite happy with the way the data is visualised, at least
-when there are few data points. The graphs look a bit better with a
-few years of data.</p>
-
-<p>A while back one important feature I use in the battery stats
-collector broke in Debian. The scripts in
-<tt>/usr/lib/pm-utils/power.d/</tt> were no longer executed. I
-suspect it happened when Jessie started using systemd, but I do not
-know. The issue is reported as
-<a href="https://bugs.debian.org/818649">bug #818649</a> against
-pm-utils. I managed to work around it by adding an udev rule to call
-the collector script every time the power connector is connected and
-disconnected. With this fix in place it was finally time to make a
-new release of the package, and get it into Debian.</p>
-
-<p>If you are interested in how your laptop battery is doing, please
-check out the
-<a href="https://tracker.debian.org/pkg/battery-stats">battery-stats</a>
-in Debian unstable, or rebuild it on Jessie to get it working on
-Debian stable. :) The upstream source is available from
-<a href="https://github.com/petterreinholdtsen/battery-stats">github</a>.
-As always, patches are very welcome.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/UsingQR____Electronic__paper_invoices_using_JSON_and_QR_codes.html">UsingQR - "Electronic" paper invoices using JSON and QR codes</a></div>
- <div class="date">19th March 2016</div>
- <div class="body"><p>Back in 2013 I proposed
-<a href="http://people.skolelinux.org/pere/blog/_Electronic__paper_invoices___using_vCard_in_a_QR_code.html">a
-way to make paper and PDF invoices easier to process electronically by
-adding a QR code with the key information about the invoice</a>. I
-suggested using vCard field definition, to get some standard format
-for name and address, but any format would work. I did not do
-anything about the proposal, but hoped someone one day would make
-something like it. It would make it possible to efficiently send
-machine readable invoices directly between seller and buyer.</p>
-
-<p>This was the background when I came across a proposal and
-specification from the web based accounting and invoicing supplier
-<a href="http://www.visma.com/">Visma</a> in Sweden called
-<a href="http://usingqr.com/">UsingQR</a>. Their PDF invoices contain
-a QR code with the key information of the invoice in JSON format.
-This is the typical content of a QR code following the UsingQR
-specification (based on a real world example, some numbers replaced to
-get a more bogus entry). I've reformatted the JSON to make it easier
-to read. Normally this is all on one long line:</p>
-
-<p><img src="http://people.skolelinux.org/pere/blog/images/2016-03-19-qr-invoice.png" align="right"><pre>
-{
- "vh":500.00,
- "vm":0,
- "vl":0,
- "uqr":1,
- "tp":1,
- "nme":"Din Leverandør",
- "cc":"NO",
- "cid":"997912345 MVA",
- "iref":"12300001",
- "idt":"20151022",
- "ddt":"20151105",
- "due":2500.0000,
- "cur":"NOK",
- "pt":"BBAN",
- "acc":"17202612345",
- "bc":"BIENNOK1",
- "adr":"0313 OSLO"
-}
-</pre></p>
-
-</p>The interpretation of the fields can be found in the
-<a href="http://usingqr.com/wp-content/uploads/2014/06/UsingQR_specification1.pdf">format
-specification</a> (revision 2 from june 2014). The format seem to
-have most of the information needed to handle accounting and payment
-of invoices, at least the fields I have needed so far here in
-Norway.</p>
-
-<p>Unfortunately, the site and document do not mention anything about
-the patent, trademark and copyright status of the format and the
-specification. Because of this, I asked the people behind it back in
-November to clarify. Ann-Christine Savlid (ann-christine.savlid (at)
-visma.com) replied that Visma had not applied for patent or trademark
-protection for this format, and that there were no copyright based
-usage limitations for the format. I urged her to make sure this was
-explicitly written on the web pages and in the specification, but
-unfortunately this has not happened yet. So I guess if there is
-submarine patents, hidden trademarks or a will to sue for copyright
-infringements, those starting to use the UsingQR format might be at
-risk, but if this happen there is some legal defense in the fact that
-the people behind the format claimed it was safe to do so. At least
-with patents, there is always
-<a href="http://www.paperspecs.com/paper-news/beware-the-qr-code-patent-trap/">a
-chance of getting sued...</a></p>
-
-<p>I also asked if they planned to maintain the format in an
-independent standard organization to give others more confidence that
-they would participate in the standardization process on equal terms
-with Visma, but they had no immediate plans for this. Their plan was
-to work with banks to try to get more users of the format, and
-evaluate the way forward if the format proved to be popular. I hope
-they conclude that using an open standard organisation like
-<a href="http://www.ietf.org/">IETF</a> is the correct place to
-maintain such specification.</p>
-
-<p><strong>Update 2016-03-20</strong>: Via Twitter I became aware of
-<a href="https://news.ycombinator.com/item?id=11319492">some comments
-about this blog post</a> that had several useful links and references to
-similar systems. In the Czech republic, the Czech Banking Association
-standard #26, with short name SPAYD, uses QR codes with payment
-information. More information is available from the Wikipedia page on
-<a href="https://en.wikipedia.org/wiki/Short_Payment_Descriptor">Short
-Payment Descriptor</a>. And in Germany, there is a system named
-<a href="http://www.bezahlcode.de/">BezahlCode</a>,
-(<a href="http://www.bezahlcode.de/wp-content/uploads/BezahlCode_TechDok.pdf">specification
-v1.8 2013-12-05 available as PDF</a>), which uses QR codes with
-URL-like formatting using "bank:" as the URI schema/protocol to
-provide the payment information. There is also the
-<a href="http://www.ferd-net.de/front_content.php?idcat=231">ZUGFeRD</a>
-file format that perhaps could be transfered using QR codes, but I am
-not sure if it is done already. Last, in Bolivia there are reports
-that tax information since november 2014 need to be printed in QR
-format on invoices. I have not been able to track down a
-specification for this format, because of my limited language skill
-sets.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/standard">standard</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Making_battery_measurements_a_little_easier_in_Debian.html">Making battery measurements a little easier in Debian</a></div>
- <div class="date">15th March 2016</div>
- <div class="body"><p>Back in September, I blogged about
-<a href="http://people.skolelinux.org/pere/blog/The_life_and_death_of_a_laptop_battery.html">the
-system I wrote to collect statistics about my laptop battery</a>, and
-how it showed the decay and death of this battery (now replaced). I
-created a simple deb package to handle the collection and graphing,
-but did not want to upload it to Debian as there were already
-<a href="https://tracker.debian.org/pkg/battery-stats">a battery-stats
-package in Debian</a> that should do the same thing, and I did not see
-a point of uploading a competing package when battery-stats could be
-fixed instead. I reported a few bugs about its non-function, and
-hoped someone would step in and fix it. But no-one did.</p>
-
-<p>I got tired of waiting a few days ago, and took matters in my own
-hands. The end result is that I am now the new upstream developer of
-battery stats (<a href="https://github.com/petterreinholdtsen/battery-stats">available from github</a>) and part of the team maintaining
-battery-stats in Debian, and the package in Debian unstable is finally
-able to collect battery status using the <tt>/sys/class/power_supply/</tt>
-information provided by the Linux kernel. If you install the
-battery-stats package from unstable now, you will be able to get a
-graph of the current battery fill level, to get some idea about the
-status of the battery. The source package build and work just fine in
-Debian testing and stable (and probably oldstable too, but I have not
-tested). The default graph you get for that system look like this:</p>
-
-<p align="center"><img src="http://people.skolelinux.org/pere/blog/images/2016-03-15-battery-stats-graph-example.png" width="70%" align="center"></p>
-
-<p>My plans for the future is to merge my old scripts into the
-battery-stats package, as my old scripts collected a lot more details
-about the battery. The scripts are merged into the upstream
-battery-stats git repository already, but I am not convinced they work
-yet, as I changed a lot of paths along the way. Will have to test a
-bit more before I make a new release.</p>
-
-<p>I will also consider changing the file format slightly, as I
-suspect the way I combine several values into one field might make it
-impossible to know the type of the value when using it for processing
-and graphing.</p>
-
-<p>If you would like I would like to keep an close eye on your laptop
-battery, check out the battery-stats package in
-<a href="https://tracker.debian.org/pkg/battery-stats">Debian</a> and
-on
-<a href="https://github.com/petterreinholdtsen/battery-stats">github</a>.
-I would love some help to improve the system further.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Creating__updating_and_checking_debian_copyright_semi_automatically.html">Creating, updating and checking debian/copyright semi-automatically</a></div>
- <div class="date">19th February 2016</div>
- <div class="body"><p>Making packages for Debian requires quite a lot of attention to
-details. And one of the details is the content of the
-debian/copyright file, which should list all relevant licenses used by
-the code in the package in question, preferably in
-<a href="https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/">machine
-readable DEP5 format</a>.</p>
-
-<p>For large packages with lots of contributors it is hard to write
-and update this file manually, and if you get some detail wrong, the
-package is normally rejected by the ftpmasters. So getting it right
-the first time around get the package into Debian faster, and save
-both you and the ftpmasters some work.. Today, while trying to figure
-out what was wrong with
-<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686447">the
-zfsonlinux copyright file</a>, I decided to spend some time on
-figuring out the options for doing this job automatically, or at least
-semi-automatically.</p>
-
-<p>Lucikly, there are at least two tools available for generating the
-file based on the code in the source package,
-<tt><a href="https://tracker.debian.org/pkg/debmake">debmake</a></tt>
-and <tt><a href="https://tracker.debian.org/pkg/cme">cme</a></tt>. I'm
-not sure which one of them came first, but both seem to be able to
-create a sensible draft file. As far as I can tell, none of them can
-be trusted to get the result just right, so the content need to be
-polished a bit before the file is OK to upload. I found the debmake
-option in
-<a href="http://goofying-with-debian.blogspot.com/2014/07/debmake-checking-source-against-dep-5.html">a
-blog posts from 2014</a>.
-
-<p>To generate using debmake, use the -cc option:
-
-<p><pre>
-debmake -cc > debian/copyright
-</pre></p>
-
-<p>Note there are some problems with python and non-ASCII names, so
-this might not be the best option.</p>
-
-<p>The cme option is based on a config parsing library, and I found
-this approach in
-<a href="https://ddumont.wordpress.com/2015/04/05/improving-creation-of-debian-copyright-file/">a
-blog post from 2015</a>. To generate using cme, use the 'update
-dpkg-copyright' option:
-
-<p><pre>
-cme update dpkg-copyright
-</pre></p>
-
-<p>This will create or update debian/copyright. The cme tool seem to
-handle UTF-8 names better than debmake.</p>
-
-<p>When the copyright file is created, I would also like some help to
-check if the file is correct. For this I found two good options,
-<tt>debmake -k</tt> and <tt>license-reconcile</tt>. The former seem
-to focus on license types and file matching, and is able to detect
-ineffective blocks in the copyright file. The latter reports missing
-copyright holders and years, but was confused by inconsistent license
-names (like CDDL vs. CDDL-1.0). I suspect it is good to use both and
-fix all issues reported by them before uploading. But I do not know
-if the tools and the ftpmasters agree on what is important to fix in a
-copyright file, so the package might still be rejected.</p>
-
-<p>The devscripts tool <tt>licensecheck</tt> deserve mentioning. It
-will read through the source and try to find all copyright statements.
-It is not comparing the result to the content of debian/copyright, but
-can be useful when verifying the content of the copyright file.</p>
-
-<p>Are you aware of better tools in Debian to create and update
-debian/copyright file. Please let me know, or blog about it on
-planet.debian.org.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-
-<p><strong>Update 2016-02-20</strong>: I got a tip from Mike Gabriel
-on how to use licensecheck and cdbs to create a draft copyright file
-
-<p><pre>
-licensecheck --copyright -r `find * -type f` | \
- /usr/lib/cdbs/licensecheck2dep5 > debian/copyright.auto
-</pre></p>
-
-<p>He mentioned that he normally check the generated file into the
-version control system to make it easier to discover license and
-copyright changes in the upstream source. I will try to do the same
-with my packages in the future.</p>
-
-<p><strong>Update 2016-02-21</strong>: The cme author recommended
-against using -quiet for new users, so I removed it from the proposed
-command line.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Using_appstream_in_Debian_to_locate_packages_with_firmware_and_mime_type_support.html">Using appstream in Debian to locate packages with firmware and mime type support</a></div>
- <div class="date"> 4th February 2016</div>
- <div class="body"><p>The <a href="https://wiki.debian.org/DEP-11">appstream system</a>
-is taking shape in Debian, and one provided feature is a very
-convenient way to tell you which package to install to make a given
-firmware file available when the kernel is looking for it. This can
-be done using apt-file too, but that is for someone else to blog
-about. :)</p>
-
-<p>Here is a small recipe to find the package with a given firmware
-file, in this example I am looking for ctfw-3.2.3.0.bin, randomly
-picked from the set of firmware announced using appstream in Debian
-unstable. In general you would be looking for the firmware requested
-by the kernel during kernel module loading. To find the package
-providing the example file, do like this:</p>
-
-<blockquote><pre>
-% apt install appstream
-[...]
-% apt update
-[...]
-% appstreamcli what-provides firmware:runtime ctfw-3.2.3.0.bin | \
- awk '/Package:/ {print $2}'
-firmware-qlogic
-%
-</pre></blockquote>
-
-<p>See <a href="https://wiki.debian.org/AppStream/Guidelines">the
-appstream wiki</a> page to learn how to embed the package metadata in
-a way appstream can use.</p>
-
-<p>This same approach can be used to find any package supporting a
-given MIME type. This is very useful when you get a file you do not
-know how to handle. First find the mime type using <tt>file
---mime-type</tt>, and next look up the package providing support for
-it. Lets say you got an SVG file. Its MIME type is image/svg+xml,
-and you can find all packages handling this type like this:</p>
-
-<blockquote><pre>
-% apt install appstream
-[...]
-% apt update
-[...]
-% appstreamcli what-provides mimetype image/svg+xml | \
- awk '/Package:/ {print $2}'
-bkchem
-phototonic
-inkscape
-shutter
-tetzle
-geeqie
-xia
-pinta
-gthumb
-karbon
-comix
-mirage
-viewnior
-postr
-ristretto
-kolourpaint4
-eog
-eom
-gimagereader
-midori
-%
-</pre></blockquote>
-
-<p>I believe the MIME types are fetched from the desktop file for
-packages providing appstream metadata.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html">Creepy, visualise geotagged social media information - nice free software</a></div>
- <div class="date">24th January 2016</div>
- <div class="body"><p>Most people seem not to realise that every time they walk around
-with the computerised radio beacon known as a mobile phone their
-position is tracked by the phone company and often stored for a long
-time (like every time a SMS is received or sent). And if their
-computerised radio beacon is capable of running programs (often called
-mobile apps) downloaded from the Internet, these programs are often
-also capable of tracking their location (if the app requested access
-during installation). And when these programs send out information to
-central collection points, the location is often included, unless
-extra care is taken to not send the location. The provided
-information is used by several entities, for good and bad (what is
-good and bad, depend on your point of view). What is certain, is that
-the private sphere and the right to free movement is challenged and
-perhaps even eradicated for those announcing their location this way,
-when they share their whereabouts with private and public
-entities.</p>
-
-<p align="center"><img width="70%" src="http://people.skolelinux.org/pere/blog/images/2016-01-24-nice-creepy-desktop-window.png"></p>
-
-<p>The phone company logs provide a register of locations to check out
-when one want to figure out what the tracked person was doing. It is
-unavailable for most of us, but provided to selected government
-officials, company staff, those illegally buying information from
-unfaithful servants and crackers stealing the information. But the
-public information can be collected and analysed, and a free software
-tool to do so is called
-<a href="http://www.geocreepy.com/">Creepy or Cree.py</a>. I
-discovered it when I read
-<a href="http://www.aftenposten.no/kultur/Slik-kan-du-bli-overvaket-pa-Twitter-og-Instagram-uten-a-ane-det-7787884.html">an
-article about Creepy</a> in the Norwegian newspaper Aftenposten i
-November 2014, and decided to check if it was available in Debian.
-The python program was in Debian, but
-<a href="https://tracker.debian.org/pkg/creepy">the version in
-Debian</a> was completely broken and practically unmaintained. I
-uploaded a new version which did not work quite right, but did not
-have time to fix it then. This Christmas I decided to finally try to
-get Creepy operational in Debian. Now a fixed version is available in
-Debian unstable and testing, and almost all Debian specific patches
-are now included
-<a href="https://github.com/jkakavas/creepy">upstream</a>.</p>
-
-<p>The Creepy program visualises geolocation information fetched from
-Twitter, Instagram, Flickr and Google+, and allow one to get a
-complete picture of every social media message posted recently in a
-given area, or track the movement of a given individual across all
-these services. Earlier it was possible to use the search API of at
-least some of these services without identifying oneself, but these
-days it is impossible. This mean that to use Creepy, you need to
-configure it to log in as yourself on these services, and provide
-information to them about your search interests. This should be taken
-into account when using Creepy, as it will also share information
-about yourself with the services.</p>
-
-<p>The picture above show the twitter messages sent from (or at least
-geotagged with a position from) the city centre of Oslo, the capital
-of Norway. One useful way to use Creepy is to first look at
-information tagged with an area of interest, and next look at all the
-information provided by one or more individuals who was in the area.
-I tested it by checking out which celebrity provide their location in
-twitter messages by checkout out who sent twitter messages near a
-Norwegian TV station, and next could track their position over time,
-making it possible to locate their home and work place, among other
-things. A similar technique have been
-<a href="http://www.buzzfeed.com/maxseddon/does-this-soldiers-instagram-account-prove-russia-is-covertl">used
-to locate Russian soldiers in Ukraine</a>, and it is both a powerful
-tool to discover lying governments, and a useful tool to help people
-understand the value of the private information they provide to the
-public.</p>
-
-<p>The package is not trivial to backport to Debian Stable/Jessie, as
-it depend on several python modules currently missing in Jessie (at
-least python-instagram, python-flickrapi and
-python-requests-toolbelt).</p>
-
-<p>(I have uploaded
-<a href="https://screenshots.debian.net/package/creepy">the image to
-screenshots.debian.net</a> and licensed it under the same terms as the
-Creepy program in Debian.)</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
projects / homepage.git / blobdiff