<link>http://people.skolelinux.org/pere/blog/</link>
<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
+ <item>
+ <title>ReactOS Windows clone - nice free software</title>
+ <link>http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html</guid>
+ <pubDate>Tue, 1 Apr 2014 12:10:00 +0200</pubDate>
+ <description><p>Microsoft have announced that Windows XP reaches its end of life
+2014-04-08, in 7 days. But there are heaps of machines still running
+Windows XP, and depending on Windows XP to run their applications, and
+upgrading will be expensive, both when it comes to money and when it
+comes to the amount of effort needed to migrate from Windows XP to a
+new operating system. Some obvious options (buy new a Windows
+machine, buy a MacOSX machine, install Linux on the existing machine)
+are already well known and covered elsewhere. Most of them involve
+leaving the user applications installed on Windows XP behind and
+trying out replacements or updated versions. In this blog post I want
+to mention one strange bird that allow people to keep the hardware and
+the existing Windows XP applications and run them on a free software
+operating system that is Windows XP compatible.</p>
+
+<p><a href="http://www.reactos.org/">ReactOS</a> is a free software
+operating system (GNU GPL licensed) working on providing a operating
+system that is binary compatible with Windows, able to run windows
+programs directly and to use Windows drivers for hardware directly.
+The project goal is for Windows user to keep their existing machines,
+drivers and software, and gain the advantages from user a operating
+system without usage limitations caused by non-free licensing. It is
+a Windows clone running directly on the hardware, so quite different
+from the approach taken by <a href="http://www.winehq.org/">the Wine
+project</a>, which make it possible to run Windows binaries on
+Linux.</p>
+
+<p>The ReactOS project share code with the Wine project, so most
+shared libraries available on Windows are already implemented already.
+There is also a software manager like the one we are used to on Linux,
+allowing the user to install free software applications with a simple
+click directly from the Internet. Check out the
+<a href="http://www.reactos.org/screenshots">screen shots on the
+project web site</a> for an idea what it look like (it looks just like
+Windows before metro).</p>
+
+<p>I do not use ReactOS myself, preferring Linux and Unix like
+operating systems. I've tested it, and it work fine in a virt-manager
+virtual machine. The browser, minesweeper, notepad etc is working
+fine as far as I can tell. Unfortunately, my main test application
+is the software included on a CD with the Lego Mindstorms NXT, which
+seem to install just fine from CD but fail to leave any binaries on
+the disk after the installation. So no luck with that test software.
+No idea why, but hope someone else figure out and fix the problem.
+I've tried the ReactOS Live ISO on a physical machine, and it seemed
+to work just fine. If you like Windows and want to keep running your
+old Windows binaries, check it out by
+<a href="http://www.reactos.org/download">downloading</a> the
+installation CD, the live CD or the preinstalled virtual machine
+image.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Debian Edu interview: Roger Marsal</title>
+ <link>http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html</guid>
+ <pubDate>Sun, 30 Mar 2014 11:40:00 +0200</pubDate>
+ <description><p><a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a>
+keep gaining new users. Some weeks ago, a person showed up on IRC,
+<a href="irc://irc.debian.org/#debian-edu">#debian-edu</a>, with a
+wish to contribute, and I managed to get a interview with this great
+contributor Roger Marsal to learn more about his background.</p>
+
+<p><strong>Who are you, and how do you spend your days?</strong></p>
+
+<p>My name is Roger Marsal, I'm 27 years old (1986 generation) and I
+live in Barcelona, Spain. I've got a strong business background and I
+work as a patrimony manager and as a real estate agent. Additionally,
+I've co-founded a British based tech company that is nowadays on the
+last development phase of a new social networking concept.</p>
+
+<p>I'm a Linux enthusiast that started its journey with Ubuntu four years
+ago and have recently switched to Debian seeking rock solid stability
+and as a necessary step to gain expertise.</p>
+
+<p>In a nutshell, I spend my days working and learning as much as I
+can to face both my job, entrepreneur project and feed my Linux
+hunger.</p>
+
+<p><strong>How did you get in contact with the Skolelinux / Debian Edu
+project?</strong></p>
+
+<p>I discovered the <a href="http://www.ltsp.org/">LTSP</a> advantages
+with "Ubuntu 12.04 alternate install" and after a year of use I
+started looking for an alternative. Even though I highly value and
+respect the Ubuntu project, I thought it was necessary for me to
+change to a more robust and stable alternative. As far as I was using
+Debian on my personal laptop I thought it would be fine to install
+Debian and configure an LTSP server myself. Surprised, I discovered
+that the Debian project also supported a kind of Edubuntu equivalent,
+and after having some pain I obtained a Debian Edu network up and
+running. I just loved it.</p>
+
+<p><strong>What do you see as the advantages of Skolelinux / Debian
+Edu?</strong></p>
+
+<p>I found a main advantage in that, once you know "the tips and
+tricks", a new installation just works out of the box. It's the most
+complete alternative I've found to create an LTSP network. All the
+other distributions seems to be made of plastic, Debian Edu seems to
+be made of steel.</p>
+
+<p><strong>What do you see as the disadvantages of Skolelinux / Debian
+Edu?</strong></p>
+
+<p>I found two main disadvantages.</p>
+
+<p>I'm not an expert but I've got notions and I had to spent a considerable
+amount of time trying to bring up a standard network topology. I'm quite
+stubborn and I just worked until I did but I'm sure many people with few
+resources (not big schools, but academies for example) would have switched
+or dropped.</p>
+
+<p>It's amazing how such a complex system like Debian Edu has achieved
+this out-of-the-box state. Even though tweaking without breaking gets
+more difficult, as more factors have to be considered. This can
+discourage many people too.</p>
+
+<p><strong>Which free software do you use daily?</strong></p>
+
+<p>I use Debian, Firefox, Okular, Inkscape, LibreOffice and
+Virtualbox.</p>
+
+
+<p><strong>Which strategy do you believe is the right one to use to
+get schools to use free software?</strong></p>
+
+<p>I don't think there is a need for a particular strategy. The free
+attribute in both "freedom" and "no price" meanings is what will
+really bring free software to schools. In my experience I can think of
+the <a href="http://www.r-project.org/">"R" statistical language</a>; a
+few years a ago was an extremely nerd tool for university people.
+Today it's being increasingly used to teach statistics at many
+different level of studies. I believe free and open software will
+increasingly gain popularity, but I'm sure schools will be one of the
+first scenarios where this will happen.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Dokumentaren om Datalagringsdirektivet sendes endelig på NRK</title>
+ <link>http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html</guid>
+ <pubDate>Wed, 26 Mar 2014 09:50:00 +0100</pubDate>
+ <description><p><a href="http://www.nuug.no/">Foreningen NUUG</a> melder i natt at
+NRK nå har bestemt seg for
+<a href="http://www.nuug.no/news/NRK_viser_filmen_om_Datalagringsdirektivet_f_rste_gang_2014_03_31.shtml">når
+den norske dokumentarfilmen om datalagringsdirektivet skal
+sendes</a> (se <a href="http://www.imdb.com/title/tt2832844/">IMDB</a>
+for detaljer om filmen) . Første visning blir på NRK2 mandag
+2014-03-31 kl. 19:50, og deretter visninger onsdag 2014-04-02
+kl. 12:30, fredag 2014-04-04 kl. 19:40 og søndag 2014-04-06 kl. 15:10.
+Jeg har sett dokumentaren, og jeg anbefaler enhver å se den selv. Som
+oppvarming mens vi venter anbefaler jeg Bjørn Stærks kronikk i
+Aftenposten fra i går,
+<a href="http://www.aftenposten.no/meninger/kronikker/Autoritar-gjokunge-7514915.html">Autoritær
+gjøkunge</a>, der han gir en grei skisse av hvor ille det står til med
+retten til privatliv og beskyttelsen av demokrati i Norge og resten
+verden, og helt riktig slår fast at det er vi i databransjen som
+sitter med nøkkelen til å gjøre noe med dette. Jeg har involvert meg
+i prosjektene <a href="http://www.dugnadsnett.no/">dugnadsnett.no</a>
+og <a href="https://wiki.debian.org/FreedomBox">FreedomBox</a> for å
+forsøke å gjøre litt selv for å bedre situasjonen, men det er mye
+hardt arbeid fra mange flere enn meg som gjenstår før vi kan sies å ha
+gjenopprettet balansen.</p>
+
+<p>Jeg regner med at nettutgaven dukker opp på
+<a href="http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet">NRKs
+side om filmen om datalagringsdirektivet</a> om fem dager. Hold et
+øye med siden, og tips venner og slekt om at de også bør se den.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Public Trusted Timestamping services for everyone</title>
+ <link>http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</guid>
+ <pubDate>Tue, 25 Mar 2014 12:50:00 +0100</pubDate>
+ <description><p>Did you ever need to store logs or other files in a way that would
+allow it to be used as evidence in court, and needed a way to
+demonstrate without reasonable doubt that the file had not been
+changed since it was created? Or, did you ever need to document that
+a given document was received at some point in time, like some
+archived document or the answer to an exam, and not changed after it
+was received? The problem in these settings is to remove the need to
+trust yourself and your computers, while still being able to prove
+that a file is the same as it was at some given time in the past.</p>
+
+<p>A solution to these problems is to have a trusted third party
+"stamp" the document and verify that at some given time the document
+looked a given way. Such
+<a href="https://en.wikipedia.org/wiki/Notarius">notarius</a> service
+have been around for thousands of years, and its digital equivalent is
+called a
+<a href="http://en.wikipedia.org/wiki/Trusted_timestamping">trusted
+timestamping service</a>. <a href="http://www.ietf.org/">The Internet
+Engineering Task Force</a> standardised how such service could work a
+few years ago as <a href="http://tools.ietf.org/html/rfc3161">RFC
+3161</a>. The mechanism is simple. Create a hash of the file in
+question, send it to a trusted third party which add a time stamp to
+the hash and sign the result with its private key, and send back the
+signed hash + timestamp. Both email, FTP and HTTP can be used to
+request such signature, depending on what is provided by the service
+used. Anyone with the document and the signature can then verify that
+the document matches the signature by creating their own hash and
+checking the signature using the trusted third party public key.
+There are several commercial services around providing such
+timestamping. A quick search for
+"<a href="https://duckduckgo.com/?q=rfc+3161+service">rfc 3161
+service</a>" pointed me to at least
+<a href="https://www.digistamp.com/technical/how-a-digital-time-stamp-works/">DigiStamp</a>,
+<a href="http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx">Quo
+Vadis</a>,
+<a href="https://www.globalsign.com/timestamp-service/">Global Sign</a>
+and <a href="http://www.globaltrustfinder.com/TSADefault.aspx">Global
+Trust Finder</a>. The system work as long as the private key of the
+trusted third party is not compromised.</p>
+
+<p>But as far as I can tell, there are very few public trusted
+timestamp services available for everyone. I've been looking for one
+for a while now. But yesterday I found one over at
+<a href="https://www.pki.dfn.de/zeitstempeldienst/">Deutches
+Forschungsnetz</a> mentioned in
+<a href="http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/">a
+blog by David Müller</a>. I then found
+<a href="http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html">a
+good recipe on how to use the service</a> over at the University of
+Greifswald.</p>
+
+<p><a href="http://www.openssl.org/">The OpenSSL library</a> contain
+both server and tools to use and set up your own signing service. See
+the ts(1SSL), tsget(1SSL) manual pages for more details. The
+following shell script demonstrate how to extract a signed timestamp
+for any file on the disk in a Debian environment:</p>
+
+<p><blockquote><pre>
+#!/bin/sh
+set -e
+url="http://zeitstempel.dfn.de"
+caurl="https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt"
+reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
+resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
+cafile=chain.txt
+if [ ! -f $cafile ] ; then
+ wget -O $cafile "$caurl"
+fi
+openssl ts -query -data "$1" -cert | tee "$reqfile" \
+ | /usr/lib/ssl/misc/tsget -h "$url" -o "$resfile"
+openssl ts -reply -in "$resfile" -text 1>&2
+openssl ts -verify -data "$1" -in "$resfile" -CAfile "$cafile" 1>&2
+base64 < "$resfile"
+rm "$reqfile" "$resfile"
+</pre></blockquote></p>
+
+<p>The argument to the script is the file to timestamp, and the output
+is a base64 encoded version of the signature to STDOUT and details
+about the signature to STDERR. Note that due to
+<a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553">a bug
+in the tsget script</a>, you might need to modify the included script
+and remove the last line. Or just write your own HTTP uploader using
+curl. :) Now you too can prove and verify that files have not been
+changed.</p>
+
+<p>But the Internet need more public trusted timestamp services.
+Perhaps something for <a href="http://www.uninett.no/">Uninett</a> or
+my work place the <a href="http://www.uio.no/">University of Oslo</a>
+to set up?</p>
+</description>
+ </item>
+
<item>
<title>Video DVD reader library / python-dvdvideo - nice free software</title>
<link>http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</link>
and program
<a href="http://bblank.thinkmo.de/blog/new-software-python-dvdvideo">python-dvdvideo</a>
written by Bastian Blank. It is
-<a href"http://packages.qa.debian.org/p/python-dvdvideo.html">in Debian
+<a href="http://packages.qa.debian.org/p/python-dvdvideo.html">in Debian
already</a> and the binary package name is python3-dvdvideo. Instead
of trying to read every block from the DVD, it parses the file
structure and figure out which block on the DVD is actually in used,
and only read those blocks from the DVD. This work surprisingly well,
and I have been able to almost backup my entire DVD collection using
-this method.</p> So far, python-dvdvideo have failed on between 10 and
+this method.</p>
+
+<p>So far, python-dvdvideo have failed on between 10 and
20 DVDs, which is a small fraction of my collection. The most common
problem is
<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720831">DVDs
installation will get the installation going. This affect all
installations in Jessie, and I expect it will be fixed soon.</p>
-Give it a go and let us know how it goes on the mailing list, and help
+<p>Give it a go and let us know how it goes on the mailing list, and help
us get the new release published. :) Please join us on
<a href="irc://irc.debian.org:6667/%23freedombox">IRC (#freedombox on
irc.debian.org)</a> and
</description>
</item>
- <item>
- <title>New home and release 1.0 for netgroup and innetgr (aka ng-utils)</title>
- <link>http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html</guid>
- <pubDate>Sat, 22 Feb 2014 21:45:00 +0100</pubDate>
- <description><p>Many years ago, I wrote a GPL licensed version of the netgroup and
-innetgr tools, because I needed them in
-<a href="http://www.skolelinux.org/">Skolelinux</a>. I called the project
-ng-utils, and it has served me well. I placed the project under the
-<a href="http://www.hungry.com/">Hungry Programmer</a> umbrella, and it was maintained in our CVS
-repository. But many years ago, the CVS repository was dropped (lost,
-not migrated to new hardware, not sure), and the project have lacked a
-proper home since then.</p>
-
-<p>Last summer, I had a look at the package and made a new release
-fixing a irritating crash bug, but was unable to store the changes in
-a proper source control system. I applied for a project on
-<a href="https://alioth.debian.org/">Alioth</a>, but did not have time
-to follow up on it. Until today. :)</p>
-
-<p>After many hours of cleaning and migration, the ng-utils project
-now have a new home, and a git repository with the highlight of the
-history of the project. I published all release tarballs and imported
-them into the git repository. As the project is really stable and not
-expected to gain new features any time soon, I decided to make a new
-release and call it 1.0. Visit the new project home on
-<a href="https://alioth.debian.org/projects/ng-utils/">https://alioth.debian.org/projects/ng-utils/</a>
-if you want to check it out. The new version is also uploaded into
-<a href="http://packages.qa.debian.org/n/ng-utils.html">Debian Unstable</a>.</p>
-</description>
- </item>
-
- <item>
- <title>Testing sysvinit from experimental in Debian Hurd</title>
- <link>http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html</guid>
- <pubDate>Mon, 3 Feb 2014 13:40:00 +0100</pubDate>
- <description><p>A few days ago I decided to try to help the Hurd people to get
-their changes into sysvinit, to allow them to use the normal sysvinit
-boot system instead of their old one. This follow up on the
-<a href="https://teythoon.cryptobitch.de//categories/gsoc.html">great
-Google Summer of Code work</a> done last summer by Justus Winter to
-get Debian on Hurd working more like Debian on Linux. To get started,
-I downloaded a prebuilt hard disk image from
-<a href="http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz">http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz</a>,
-and started it using virt-manager.</p>
-
-<p>The first think I had to do after logging in (root without any
-password) was to get the network operational. I followed
-<a href="https://www.debian.org/ports/hurd/hurd-install">the
-instructions on the Debian GNU/Hurd ports page</a> and ran these
-commands as root to get the machine to accept a IP address from the
-kvm internal DHCP server:</p>
-
-<p><blockquote><pre>
-settrans -fgap /dev/netdde /hurd/netdde
-kill $(ps -ef|awk '/[p]finet/ { print $2}')
-kill $(ps -ef|awk '/[d]evnode/ { print $2}')
-dhclient /dev/eth0
-</pre></blockquote></p>
-
-<p>After this, the machine had internet connectivity, and I could
-upgrade it and install the sysvinit packages from experimental and
-enable it as the default boot system in Hurd.</p>
-
-<p>But before I did that, I set a password on the root user, as ssh is
-running on the machine it for ssh login to work a password need to be
-set. Also, note that a bug somewhere in openssh on Hurd block
-compression from working. Remember to turn that off on the client
-side.</p>
-
-<p>Run these commands as root to upgrade and test the new sysvinit
-stuff:</p>
-
-<p><blockquote><pre>
-cat > /etc/apt/sources.list.d/experimental.list &lt;&lt;EOF
-deb http://http.debian.net/debian/ experimental main
-EOF
-apt-get update
-apt-get dist-upgrade
-apt-get install -t experimental initscripts sysv-rc sysvinit \
- sysvinit-core sysvinit-utils
-update-alternatives --config runsystem
-</pre></blockquote></p>
-
-<p>To reboot after switching boot system, you have to use
-<tt>reboot-hurd</tt> instead of just <tt>reboot</tt>, as there is not
-yet a sysvinit process able to receive the signals from the normal
-'reboot' command. After switching to sysvinit as the boot system,
-upgrading every package and rebooting, the network come up with DHCP
-after boot as it should, and the settrans/pkill hack mentioned at the
-start is no longer needed. But for some strange reason, there are no
-longer any login prompt in the virtual console, so I logged in using
-ssh instead.
-
-<p>Note that there are some race conditions in Hurd making the boot
-fail some times. No idea what the cause is, but hope the Hurd porters
-figure it out. At least Justus said on IRC (#debian-hurd on
-irc.debian.org) that they are aware of the problem. A way to reduce
-the impact is to upgrade to the Hurd packages built by Justus by
-adding this repository to the machine:</p>
-
-<p><blockquote><pre>
-cat > /etc/apt/sources.list.d/hurd-ci.list &lt;&lt;EOF
-deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main
-EOF
-</pre></blockquote></p>
-
-<p>At the moment the prebuilt virtual machine get some packages from
-http://ftp.debian-ports.org/debian, because some of the packages in
-unstable do not yet include the required patches that are lingering in
-BTS. This is the completely list of "unofficial" packages installed:</p>
-
-<p><blockquote><pre>
-# aptitude search '?narrow(?version(CURRENT),?origin(Debian Ports))'
-i emacs - GNU Emacs editor (metapackage)
-i gdb - GNU Debugger
-i hurd-recommended - Miscellaneous translators
-i isc-dhcp-client - ISC DHCP client
-i isc-dhcp-common - common files used by all the isc-dhcp* packages
-i libc-bin - Embedded GNU C Library: Binaries
-i libc-dev-bin - Embedded GNU C Library: Development binaries
-i libc0.3 - Embedded GNU C Library: Shared libraries
-i A libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
-i libc0.3-dev - Embedded GNU C Library: Development Libraries and Hea
-i multiarch-support - Transitional package to ensure multiarch compatibilit
-i A x11-common - X Window System (X.Org) infrastructure
-i xorg - X.Org X Window System
-i A xserver-xorg - X.Org X server
-i A xserver-xorg-input-all - X.Org X server -- input driver metapackage
-#
-</pre></blockquote></p>
-
-<p>All in all, testing hurd has been an interesting experience. :)
-X.org did not work out of the box and I never took the time to follow
-the porters instructions to fix it. This time I was interested in the
-command line stuff.<p>
-</description>
- </item>
-
- <item>
- <title>A fist full of non-anonymous Bitcoins</title>
- <link>http://people.skolelinux.org/pere/blog/A_fist_full_of_non_anonymous_Bitcoins.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_fist_full_of_non_anonymous_Bitcoins.html</guid>
- <pubDate>Wed, 29 Jan 2014 14:10:00 +0100</pubDate>
- <description><p>Bitcoin is a incredible use of peer to peer communication and
-encryption, allowing direct and immediate money transfer without any
-central control. It is sometimes claimed to be ideal for illegal
-activity, which I believe is quite a long way from the truth. At least
-I would not conduct illegal money transfers using a system where the
-details of every transaction are kept forever. This point is
-investigated in
-<a href="https://www.usenix.org/publications/login">USENIX ;login:</a>
-from December 2013, in the article
-"<a href="https://www.usenix.org/system/files/login/articles/03_meiklejohn-online.pdf">A
-Fistful of Bitcoins - Characterizing Payments Among Men with No
-Names</a>" by Sarah Meiklejohn, Marjori Pomarole,Grant Jordan, Kirill
-Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. They
-analyse the transaction log in the Bitcoin system, using it to find
-addresses belong to individuals and organisations and follow the flow
-of money from both Bitcoin theft and trades on Silk Road to where the
-money end up. This is how they wrap up their article:</p>
-
-<p><blockquote>
-<p>"To demonstrate the usefulness of this type of analysis, we turned
-our attention to criminal activity. In the Bitcoin economy, criminal
-activity can appear in a number of forms, such as dealing drugs on
-Silk Road or simply stealing someone else’s bitcoins. We followed the
-flow of bitcoins out of Silk Road (in particular, from one notorious
-address) and from a number of highly publicized thefts to see whether
-we could track the bitcoins to known services. Although some of the
-thieves attempted to use sophisticated mixing techniques (or possibly
-mix services) to obscure the flow of bitcoins, for the most part
-tracking the bitcoins was quite straightforward, and we ultimately saw
-large quantities of bitcoins flow to a variety of exchanges directly
-from the point of theft (or the withdrawal from Silk Road).</p>
-
-<p>As acknowledged above, following stolen bitcoins to the point at
-which they are deposited into an exchange does not in itself identify
-the thief; however, it does enable further de-anonymization in the
-case in which certain agencies can determine (through, for example,
-subpoena power) the real-world owner of the account into which the
-stolen bitcoins were deposited. Because such exchanges seem to serve
-as chokepoints into and out of the Bitcoin economy (i.e., there are
-few alternative ways to cash out), we conclude that using Bitcoin for
-money laundering or other illicit purposes does not (at least at
-present) seem to be particularly attractive."</p>
-</blockquote><p>
-
-<p>These researches are not the first to analyse the Bitcoin
-transaction log. The 2011 paper
-"<a href="http://arxiv.org/abs/1107.4524">An Analysis of Anonymity in
-the Bitcoin System</A>" by Fergal Reid and Martin Harrigan is
-summarized like this:</p>
-
-<p><blockquote>
-"Anonymity in Bitcoin, a peer-to-peer electronic currency system, is a
-complicated issue. Within the system, users are identified by
-public-keys only. An attacker wishing to de-anonymize its users will
-attempt to construct the one-to-many mapping between users and
-public-keys and associate information external to the system with the
-users. Bitcoin tries to prevent this attack by storing the mapping of
-a user to his or her public-keys on that user's node only and by
-allowing each user to generate as many public-keys as required. In
-this chapter we consider the topological structure of two networks
-derived from Bitcoin's public transaction history. We show that the
-two networks have a non-trivial topological structure, provide
-complementary views of the Bitcoin system and have implications for
-anonymity. We combine these structures with external information and
-techniques such as context discovery and flow analysis to investigate
-an alleged theft of Bitcoins, which, at the time of the theft, had a
-market value of approximately half a million U.S. dollars."
-</blockquote></p>
-
-<p>I hope these references can help kill the urban myth that Bitcoin
-is anonymous. It isn't really a good fit for illegal activites. Use
-cash if you need to stay anonymous, at least until regular DNA
-sampling of notes and coins become the norm. :)</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</description>
- </item>
-
- <item>
- <title>New chrpath release 0.16</title>
- <link>http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html</guid>
- <pubDate>Tue, 14 Jan 2014 11:00:00 +0100</pubDate>
- <description><p><a href="http://www.coverity.com/">Coverity</a> is a nice tool to
-find problems in C, C++ and Java code using static source code
-analysis. It can detect a lot of different problems, and is very
-useful to find memory and locking bugs in the error handling part of
-the source. The company behind it provide
-<a href="https://scan.coverity.com/">check of free software projects as
-a community service</a>, and many hundred free software projects are
-already checked. A few days ago I decided to have a closer look at
-the Coverity system, and discovered that the
-<a href="http://www.gnu.org/software/gnash/">gnash</a> and
-<a href="http://sourceforge.net/projects/ipmitool/">ipmitool</a>
-projects I am involved with was already registered. But these are
-fairly big, and I would also like to have a small and easy project to
-check, and decided to <a href="http://scan.coverity.com/projects/1179">request
-checking of the chrpath project</a>. It was
-added to the checker and discovered seven potential defects. Six of
-these were real, mostly resource "leak" when the program detected an
-error. Nothing serious, as the resources would be released a fraction
-of a second later when the program exited because of the error, but it
-is nice to do it right in case the source of the program some time in
-the future end up in a library. Having fixed all defects and added
-<a href="https://lists.alioth.debian.org/mailman/listinfo/chrpath-devel">a
-mailing list for the chrpath developers</a>, I decided it was time to
-publish a new release. These are the release notes:</p>
-
-<p>New in 0.16 released 2014-01-14:</p>
-
-<ul>
-
- <li>Fixed all minor bugs discovered by Coverity.</li>
- <li>Updated config.sub and config.guess from the GNU project.</li>
- <li>Mention new project mailing list in the documentation.</li>
-
-</ul>
-
-<p>You can
-<a href="https://alioth.debian.org/frs/?group_id=31052">download the
-new version 0.16 from alioth</a>. Please let us know via the Alioth
-project if something is wrong with the new release. The test suite
-did not discover any old errors, so if you find a new one, please also
-include a test suite check.</p>
-</description>
- </item>
-
</channel>
</rss>
projects / homepage.git / blobdiff