X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/01ea9c2b1c58e178e5d8c41cc1e4436ddd723902..b0e0987d30dc410df79d1033c314e2dbbf4fb26f:/blog/index.html?ds=inline diff --git a/blog/index.html b/blog/index.html index 4638eb25ac..863f4aeab5 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,118 +20,40 @@
-
A program should be able to open its own files on Linux
-
5th June 2016
-

Many years ago, when koffice was fresh and with few users, I -decided to test its presentation tool when making the slides for a -talk I was giving for NUUG on Japhar, a free Java virtual machine. I -wrote the first draft of the slides, saved the result and went to bed -the day before I would give the talk. The next day I took a plane to -the location where the meeting should take place, and on the plane I -started up koffice again to polish the talk a bit, only to discover -that kpresenter refused to load its own data file. I cursed a bit and -started making the slides again from memory, to have something to -present when I arrived. I tested that the saved files could be -loaded, and the day seemed to be rescued. I continued to polish the -slides until I suddenly discovered that the saved file could no longer -be loaded into kpresenter. In the end I had to rewrite the slides -three times, condensing the content until the talk became shorter and -shorter. After the talk I was able to pinpoint the problem – -kpresenter wrote inline images in a way itself could not understand. -Eventually that bug was fixed and kpresenter ended up being a great -program to make slides. The point I'm trying to make is that we -expect a program to be able to load its own data files, and it is -embarrassing to its developers if it can't.

- -

Did you ever experience a program failing to load its own data -files from the desktop file browser? It is not a uncommon problem. A -while back I discovered that the screencast recorder -gtk-recordmydesktop would save an Ogg Theora video file the KDE file -browser would refuse to open. No video player claimed to understand -such file. I tracked down the cause being file --mime-type -returning the application/ogg mime type, which no video player I had -installed listed as a MIME type they would understand. I asked for -file to change its -behavour and use the MIME type video/ogg instead. I also asked -several video players to add video/ogg to their desktop files, to give -the file browser an idea what to do about Ogg Theora files. After a -while, the desktop file browsers in Debian started to handle the -output from gtk-recordmydesktop properly.

- -

But history repeats itself. A few days ago I tested the music -system Rosegarden again, and I discovered that the KDE and xfce file -browsers did not know what to do with the Rosegarden project files -(*.rg). I've reported the -rosegarden problem to BTS and a fix is commited to git and will be -included in the next upload. To increase the chance of me remembering -how to fix the problem next time some program fail to load its files -from the file browser, here are some notes on how to fix it.

- -

The file browsers in Debian in general operates on MIME types. -There are two sources for the MIME type of a given file. The output from -file --mime-type mentioned above, and the content of the -shared MIME type registry (under /usr/share/mime/). The file mime -type is mapped to programs supporting the mime type, and this -information is collected from -the -desktop files available in /usr/share/applications/. If there is -one desktop file claiming support for the MIME type of the file, it is -activated when asking to open a given file. If there are more, one -can normally select which one to use by right-clicking on the file and -selecting the wanted one using 'Open with' or similar. In general -this work well. But it depend on each program picking a good mime -type (preferably -a -MIME type registered with IANA), file and/or the shared mime -registry recognizing the file and the desktop file to list the MIME -type in its list of supported MIME types.

- -

The /usr/share/mime/packages/rosegarden.xml entry for -the -Shared MIME database look like this:

- -

-<?xml version="1.0" encoding="UTF-8"?>
-<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
-  <mime-type type="audio/x-rosegarden">
-    <sub-class-of type="application/x-gzip"/>
-    <comment>Rosegarden project file</comment>
-    <glob pattern="*.rg"/>
-  </mime-type>
-</mime-info>
-

- -

This states that audio/x-rosegarden is a kind of application/x-gzip -(it is a gzipped XML file). Note, it is much better to use an -official MIME type registered with IANA than it is to make up ones own -unofficial ones like the x-rosegarden type used by rosegarden.

- -

The desktop file of the rosegarden program failed to list -audio/x-rosegarden in its list of supported MIME types, causing the -file browsers to have no idea what to do with *.rg files:

- -

-% grep Mime /usr/share/applications/rosegarden.desktop
-MimeType=audio/x-rosegarden-composition;audio/x-rosegarden-device;audio/x-rosegarden-project;audio/x-rosegarden-template;audio/midi;
-X-KDE-NativeMimeType=audio/x-rosegarden-composition
-%
-

- -

The fix was to add "audio/x-rosegarden;" at the end of the -MimeType= line.

- -

If you run into a file which fail to open the correct program when -selected from the file browser, please check out the output from -file --mime-type for the file, ensure the file ending and -MIME type is registered somewhere under /usr/share/mime/ and check -that some desktop file under /usr/share/applications/ is claiming -support for this MIME type. If not, please report a bug to have it -fixed. :)

+
How does it feel to be wiretapped, when you should be doing the wiretapping...
+
8th March 2017
+

So the new president in the United States of America claim to be +surprised to discover that he was wiretapped during the election +before he was elected president. He even claim this must be illegal. +Well, doh, if it is one thing the confirmations from Snowden +documented, it is that the entire population in USA is wiretapped, one +way or another. Of course the president candidates were wiretapped, +alongside the senators, judges and the rest of the people in USA.

+ +

Next, the Federal Bureau of Investigation ask the Department of +Justice to go public rejecting the claims that Donald Trump was +wiretapped illegally. I fail to see the relevance, given that I am +sure the surveillance industry in USA according to themselves believe +they have all the legal backing they need to conduct mass surveillance +on the entire world.

+ +

There is even the director of the FBI stating that he never saw an +order requesting wiretapping of Donald Trump. That is not very +surprising, given how the FISA court work, with all its activity being +secret. Perhaps he only heard about it?

+ +

What I find most sad in this story is how Norwegian journalists +present it. In a news reports the other day in the radio from the +Norwegian National broadcasting Company (NRK), I heard the journalist +claim that 'the FBI denies any wiretapping', while the reality is that +'the FBI denies any illegal wiretapping'. There is a fundamental and +important difference, and it make me sad that the journalists are +unable to grasp it.

- Tags: debian, english. + Tags: english, surveillance.
@@ -139,36 +61,33 @@ fixed. :)

-
Tor - from its creators mouth 11 years ago
-
28th May 2016
-

A little more than 11 years ago, one of the creators of Tor, and -the current President of the Tor -project, Roger Dingledine, gave a talk for the members of the -Norwegian Unix User group (NUUG). A -video of the talk was recorded, and today, thanks to the great help -from David Noble, I finally was able to publish the video of the talk -on Frikanalen, the Norwegian open channel TV station where NUUG -currently publishes its talks. You can -watch the live stream using a web -browser with WebM support, or check out the recording on the video -on demand page for the talk -"Tor: Anonymous -communication for the US Department of Defence...and you.".

- -

Here is the video included for those of you using browsers with -HTML video and Ogg Theora support:

- -

- -

I guess the gist of the talk can be summarised quite simply: If you -want to help the military in USA (and everyone else), use Tor. :)

+
Norwegian Bokmål translation of The Debian Administrator's Handbook complete, proofreading in progress
+
3rd March 2017
+

For almost a year now, we have been working on making a Norwegian +Bokmål edition of The Debian +Administrator's Handbook. Now, thanks to the tireless effort of +Ole-Erik, Ingrid and Andreas, the initial translation is complete, and +we are working on the proof reading to ensure consistent language and +use of correct computer science terms. The plan is to make the book +available on paper, as well as in electronic form. For that to +happen, the proof reading must be completed and all the figures need +to be translated. If you want to help out, get in touch.

+ +

A + +fresh PDF edition in A4 format (the final book will have smaller +pages) of the book created every morning is available for +proofreading. If you find any errors, please +visit +Weblate and correct the error. The +state +of the translation including figures is a useful source for those +provide Norwegian bokmål screen shots and figures.

- Tags: english, frikanalen, nuug, video. + Tags: debian, debian-handbook, english.
@@ -176,67 +95,77 @@ want to help the military in USA (and everyone else), use Tor. :)

-
Isenkram with PackageKit support - new version 0.23 available in Debian unstable
-
25th May 2016
-

The isenkram -system is a user-focused solution in Debian for handling hardware -related packages. The idea is to have a database of mappings between -hardware and packages, and pop up a dialog suggesting for the user to -install the packages to use a given hardware dongle. Some use cases -are when you insert a Yubikey, it proposes to install the software -needed to control it; when you insert a braille reader list it -proposes to install the packages needed to send text to the reader; -and when you insert a ColorHug screen calibrator it suggests to -install the driver for it. The system work well, and even have a few -command line tools to install firmware packages and packages for the -hardware already in the machine (as opposed to hotpluggable hardware).

- -

The system was initially written using aptdaemon, because I found -good documentation and example code on how to use it. But aptdaemon -is going away and is generally being replaced by -PackageKit, -so Isenkram needed a rewrite. And today, thanks to the great patch -from my college Sunil Mohan Adapa in the FreedomBox project, the -rewrite finally took place. I've just uploaded a new version of -Isenkram into Debian Unstable with the patch included, and the default -for the background daemon is now to use PackageKit. To check it out, -install the isenkram package and insert some hardware dongle -and see if it is recognised.

- -

If you want to know what kind of packages isenkram would propose for -the machine it is running on, you can check out the isenkram-lookup -program. This is what it look like on a Thinkpad X230:

- -

-% isenkram-lookup 
-bluez
-cheese
-fprintd
-fprintd-demo
-gkrellm-thinkbat
-hdapsd
-libpam-fprintd
-pidgin-blinklight
-thinkfan
-tleds
-tp-smapi-dkms
-tp-smapi-source
-tpb
-%p
-

- -

The hardware mappings come from several places. The preferred way -is for packages to announce their hardware support using -the -cross distribution appstream system. -See -previous -blog posts about isenkram to learn how to do that.

+
Unlimited randomness with the ChaosKey?
+
1st March 2017
+

A few days ago I ordered a small batch of +the ChaosKey, a small +USB dongle for generating entropy created by Bdale Garbee and Keith +Packard. Yesterday it arrived, and I am very happy to report that it +work great! According to its designers, to get it to work out of the +box, you need the Linux kernel version 4.1 or later. I tested on a +Debian Stretch machine (kernel version 4.9), and there it worked just +fine, increasing the available entropy very quickly. I wrote a small +test oneliner to test. It first print the current entropy level, +drain /dev/random, and then print the entropy level for five seconds. +Here is the situation without the ChaosKey inserted:

+ +
+% cat /proc/sys/kernel/random/entropy_avail; \
+  dd bs=1M if=/dev/random of=/dev/null count=1; \
+  for n in $(seq 1 5); do \
+     cat /proc/sys/kernel/random/entropy_avail; \
+     sleep 1; \
+  done
+300
+0+1 oppføringer inn
+0+1 oppføringer ut
+28 byte kopiert, 0,000264565 s, 106 kB/s
+4
+8
+12
+17
+21
+%
+
+ +

The entropy level increases by 3-4 every second. In such case any +application requiring random bits (like a HTTPS enabled web server) +will halt and wait for more entrpy. And here is the situation with +the ChaosKey inserted:

+ +
+% cat /proc/sys/kernel/random/entropy_avail; \
+  dd bs=1M if=/dev/random of=/dev/null count=1; \
+  for n in $(seq 1 5); do \
+     cat /proc/sys/kernel/random/entropy_avail; \
+     sleep 1; \
+  done
+1079
+0+1 oppføringer inn
+0+1 oppføringer ut
+104 byte kopiert, 0,000487647 s, 213 kB/s
+433
+1028
+1031
+1035
+1038
+%
+
+ +

Quite the difference. :) I bought a few more than I need, in case +someone want to buy one here in Norway. :)

+ +

Update: The dongle was presented at Debconf last year. You might +find the talk +recording illuminating. It explains exactly what the source of +randomness is, if you are unable to spot it from the schema drawing +available from the ChaosKey web site linked at the start of this blog +post.

- Tags: debian, english, isenkram. + Tags: debian, english.
@@ -244,62 +173,34 @@ blog posts about isenkram to learn how to do that.

-
Discharge rate estimate in new battery statistics collector for Debian
-
23rd May 2016
-

Yesterday I updated the -battery-stats -package in Debian with a few patches sent to me by skilled and -enterprising users. There were some nice user and visible changes. -First of all, both desktop menu entries now work. A design flaw in -one of the script made the history graph fail to show up (its PNG was -dumped in ~/.xsession-errors) if no controlling TTY was available. -The script worked when called from the command line, but not when -called from the desktop menu. I changed this to look for a DISPLAY -variable or a TTY before deciding where to draw the graph, and now the -graph window pop up as expected.

- -

The next new feature is a discharge rate estimator in one of the -graphs (the one showing the last few hours). New is also the user of -colours showing charging in blue and discharge in red. The percentages -of this graph is relative to last full charge, not battery design -capacity.

- -

- -

The other graph show the entire history of the collected battery -statistics, comparing it to the design capacity of the battery to -visualise how the battery life time get shorter over time. The red -line in this graph is what the previous graph considers 100 percent: - -

- -

In this graph you can see that I only charge the battery to 80 -percent of last full capacity, and how the capacity of the battery is -shrinking. :(

- -

The last new feature is in the collector, which now will handle -more hardware models. On some hardware, Linux power supply -information is stored in /sys/class/power_supply/ACAD/, while the -collector previously only looked in /sys/class/power_supply/AC/. Now -both are checked to figure if there is power connected to the -machine.

- -

If you are interested in how your laptop battery is doing, please -check out the -battery-stats -in Debian unstable, or rebuild it on Jessie to get it working on -Debian stable. :) The upstream source is available from github. -Patches are very welcome.

- -

As usual, if you use Bitcoin and want to show your support of my -activities, please send Bitcoin donations to my address -15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+
Detect OOXML files with undefined behaviour?
+
21st February 2017
+

I just noticed +the +new Norwegian proposal for archiving rules in the goverment list +ECMA-376 +/ ISO/IEC 29500 (aka OOXML) as valid formats to put in long term +storage. Luckily such files will only be accepted based on +pre-approval from the National Archive. Allowing OOXML files to be +used for long term storage might seem like a good idea as long as we +forget that there are plenty of ways for a "valid" OOXML document to +have content with no defined interpretation in the standard, which +lead to a question and an idea.

+ +

Is there any tool to detect if a OOXML document depend on such +undefined behaviour? It would be useful for the National Archive (and +anyone else interested in verifying that a document is well defined) +to have such tool available when considering to approve the use of +OOXML. I'm aware of the +officeotron OOXML +validator, but do not know how complete it is nor if it will +report use of undefined behaviour. Are there other similar tools +available? Please send me an email if you know of any such tool.

- Tags: debian, english. + Tags: english, nuug, standard.
@@ -307,34 +208,33 @@ activities, please send Bitcoin donations to my address
-
French edition of Lawrence Lessigs book Cultura Libre on Amazon and Barnes & Noble
-
21st May 2016
-

A few weeks ago the French paperback edition of Lawrence Lessigs -2004 book Cultura Libre was published. Today I noticed that the book -is now available from book stores. You can now buy it from -Amazon -($19.99), -Barnes -& Noble ($?) and as always from -Lulu.com -($19.99). The revenue is donated to the Creative Commons project. If -you buy from Lulu.com, they currently get $10.59, while if you buy -from one of the book stores most of the revenue go to the book store -and the Creative Commons project get much (not sure how much -less).

- -

I was a bit surprised to discover that there is a kindle edition -sold by Amazon Digital Services LLC on Amazon. Not quite sure how -that edition was created, but if you want to download a electronic -edition (PDF, EPUB, Mobi) generated from the same files used to create -the paperback edition, they are -available -from github.

+
Ruling ignored our objections to the seizure of popcorn-time.no (#domstolkontroll)
+
13th February 2017
+

A few days ago, we received the ruling from +my +day in court. The case in question is a challenge of the seizure +of the DNS domain popcorn-time.no. The ruling simply did not mention +most of our arguments, and seemed to take everything ØKOKRIM said at +face value, ignoring our demonstration and explanations. But it is +hard to tell for sure, as we still have not seen most of the documents +in the case and thus were unprepared and unable to contradict several +of the claims made in court by the opposition. We are considering an +appeal, but it is partly a question of funding, as it is costing us +quite a bit to pay for our lawyer. If you want to help, please +donate to the +NUUG defense fund.

+ +

The details of the case, as far as we know it, is available in +Norwegian from +the NUUG +blog. This also include +the +ruling itself.

- Tags: docbook, english, freeculture. + Tags: english, nuug, offentlig innsyn, opphavsrett.
@@ -342,62 +242,81 @@ from github.

-
I want the courts to be involved before the police can hijack a news site DNS domain (#domstolkontroll)
-
19th May 2016
-

I just donated to the -NUUG defence -"fond" to fund the effort in Norway to get the seizure of the news -site popcorn-time.no tested in court. I hope everyone that agree with -me will do the same.

- -

Would you be worried if you knew the police in your country could -hijack DNS domains of news sites covering free software system without -talking to a judge first? I am. What if the free software system -combined search engine lookups, bittorrent downloads and video playout -and was called Popcorn Time? Would that affect your view? It still -make me worried.

- -

In March 2016, the Norwegian police seized (as in forced NORID to -change the IP address pointed to by it to one controlled by the -police) the DNS domain popcorn-time.no, without any supervision from -the courts. I did not know about the web site back then, and assumed -the courts had been involved, and was very surprised when I discovered -that the police had hijacked the DNS domain without asking a judge for -permission first. I was even more surprised when I had a look at -the web -site content on the Internet Archive, and only found news coverage -about Popcorn Time, not any material published without the right -holders permissions.

- -

The seizure was widely covered in the Norwegian press (see for -example Hegnar Online and -ITavisen -and -NRK), -at first due to the press release sent out by Økokrim, but then based -on -protests -from the law professor Olav Torvund and -lawyer -Jon Wessel-Aas. It even got some -coverage -on TorrentFreak.

- -

I - -wrote about the case a month ago, when the -Norwegian Unix User Group (NUUG), -where I am an active member, decided to ask the courts to test this seizure. -The request was denied, but NUUG and its co-requestor EFN have not -given up, and now they are rallying for support to get the seizure -legally challenged. They accept both bank and Bitcoin transfer for -those that want to support the request.

- -

If you as me believe news sites about free software should not be -censored, even if the free software have both legal and illegal -applications, and that DNS hijacking should be tested by the courts, I -suggest you show -your support by donating to NUUG. +

A day in court challenging seizure of popcorn-time.no for #domstolkontroll
+
3rd February 2017
+

+ +

On Wednesday, I spent the entire day in court in Follo Tingrett +representing the member association +NUUG, alongside the member +association EFN and the DNS registrar +IMC, challenging the seizure of the DNS name popcorn-time.no. It +was interesting to sit in a court of law for the first time in my +life. Our team can be seen in the picture above: attorney Ola +Tellesbø, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil +Eriksen and NUUG board member Petter Reinholdtsen.

+ +

The +case at hand is that the Norwegian National Authority for +Investigation and Prosecution of Economic and Environmental Crime (aka +Økokrim) decided on their own, to seize a DNS domain early last +year, without following +the +official policy of the Norwegian DNS authority which require a +court decision. The web site in question was a site covering Popcorn +Time. And Popcorn Time is the name of a technology with both legal +and illegal applications. Popcorn Time is a client combining +searching a Bittorrent directory available on the Internet with +downloading/distribute content via Bittorrent and playing the +downloaded content on screen. It can be used illegally if it is used +to distribute content against the will of the right holder, but it can +also be used legally to play a lot of content, for example the +millions of movies +available from the +Internet Archive or the collection +available from Vodo. We created +a +video demonstrating legally use of Popcorn Time and played it in +Court. It can of course be downloaded using Bittorrent.

+ +

I did not quite know what to expect from a day in court. The +government held on to their version of the story and we held on to +ours, and I hope the judge is able to make sense of it all. We will +know in two weeks time. Unfortunately I do not have high hopes, as +the Government have the upper hand here with more knowledge about the +case, better training in handling criminal law and in general higher +standing in the courts than fairly unknown DNS registrar and member +associations. It is expensive to be right also in Norway. So far the +case have cost more than NOK 70 000,-. To help fund the case, NUUG +and EFN have asked for donations, and managed to collect around NOK 25 +000,- so far. Given the presentation from the Government, I expect +the government to appeal if the case go our way. And if the case do +not go our way, I hope we have enough funding to appeal.

+ +

From the other side came two people from Økokrim. On the benches, +appearing to be part of the group from the government were two people +from the Simonsen Vogt Wiik lawyer office, and three others I am not +quite sure who was. Økokrim had proposed to present two witnesses +from The Motion Picture Association, but this was rejected because +they did not speak Norwegian and it was a bit late to bring in a +translator, but perhaps the two from MPA were present anyway. All +seven appeared to know each other. Good to see the case is take +seriously.

+ +

If you, like me, believe the courts should be involved before a DNS +domain is hijacked by the government, or you believe the Popcorn Time +technology have a lot of useful and legal applications, I suggest you +too donate to +the NUUG defense fund. Both Bitcoin and bank transfer are +available. If NUUG get more than we need for the legal action (very +unlikely), the rest will be spend promoting free software, open +standards and unix-like operating systems in Norway, so no matter what +happens the money will be put to good use.

+ +

If you want to lean more about the case, I recommend you check out +the blog +posts from NUUG covering the case. They cover the legal arguments +on both sides.

@@ -410,25 +329,41 @@ your support by donating to NUUG.
-
Debian now with ZFS on Linux included
-
12th May 2016
-

Today, after many years of hard work from many people, -ZFS for Linux finally entered -Debian. The package status can be seen on -the package tracker -for zfs-linux. and -the -team status page. If you want to help out, please join us. -The -source code is available via git on Alioth. It would also be -great if you could help out with -the dkms package, as -it is an important piece of the puzzle to get ZFS working.

+
Nasjonalbiblioteket avslutter sin ulovlige bruk av Google Skjemaer
+
12th January 2017
+

I dag fikk jeg en skikkelig gladmelding. Bakgrunnen er at før jul +arrangerte Nasjonalbiblioteket +et +seminar om sitt knakende gode tiltak «verksregister». Eneste +måten å melde seg på dette seminaret var å sende personopplysninger +til Google via Google Skjemaer. Dette syntes jeg var tvilsom praksis, +da det bør være mulig å delta på seminarer arrangert av det offentlige +uten å måtte dele sine interesser, posisjon og andre +personopplysninger med Google. Jeg ba derfor om innsyn via +Mimes brønn i +avtaler +og vurderinger Nasjonalbiblioteket hadde rundt dette. +Personopplysningsloven legger klare rammer for hva som må være på +plass før en kan be tredjeparter, spesielt i utlandet, behandle +personopplysninger på sine vegne, så det burde eksistere grundig +dokumentasjon før noe slikt kan bli lovlig. To jurister hos +Nasjonalbiblioteket mente først dette var helt i orden, og at Googles +standardavtale kunne brukes som databehandlingsavtale. Det syntes jeg +var merkelig, men har ikke hatt kapasitet til å følge opp saken før +for to dager siden.

+ +

Gladnyheten i dag, som kom etter at jeg tipset Nasjonalbiblioteket +om at Datatilsynet underkjente Googles standardavtaler som +databehandleravtaler i 2011, er at Nasjonalbiblioteket har bestemt seg +for å avslutte bruken av Googles Skjemaer/Apps og gå i dialog med DIFI +for å finne bedre måter å håndtere påmeldinger i tråd med +personopplysningsloven. Det er fantastisk å se at av og til hjelper +det å spørre hva i alle dager det offentlige holder på med.

- Tags: debian, english. + Tags: norsk, personvern, surveillance, web.
@@ -436,49 +371,86 @@ it is an important piece of the puzzle to get ZFS working.

-
What is the best multimedia player in Debian?
-
8th May 2016
-

Where I set out to figure out which multimedia player in -Debian claim support for most file formats.

- -

A few years ago, I had a look at the media support for Browser -plugins in Debian, to get an idea which plugins to include in Debian -Edu. I created a script to extract the set of supported MIME types -for each plugin, and used this to find out which multimedia browser -plugin supported most file formats / media types. -The -result can still be seen on the Debian wiki, even though it have -not been updated for a while. But browser plugins are less relevant -these days, so I thought it was time to look at standalone -players.

- -

A few days ago I was tired of VLC not being listed as a viable -player when I wanted to play videos from the Norwegian National -Broadcasting Company, and decided to investigate why. The cause is a -missing MIME type in the VLC -desktop file. In the process I wrote a script to compare the set -of MIME types announced in the desktop file and the browser plugin, -only to discover that there is quite a large difference between the -two for VLC. This discovery made me dig up the script I used to -compare browser plugins, and adjust it to compare desktop files -instead, to try to figure out which multimedia player in Debian -support most file formats.

- -

The result can be seen on the Debian Wiki, as -a -table listing all MIME types supported by one of the packages included -in the table, with the package supporting most MIME types being -listed first in the table.

- -

The best multimedia player in Debian? It is totem, followed by -parole, kplayer, mpv, vlc, smplayer mplayer-gui gnome-mpv and -kmplayer. Time for the other players to update their announced MIME -support?

+
Bryter NAV sin egen personvernerklæring?
+
11th January 2017
+

Jeg leste med interesse en nyhetssak hos +digi.no +og +NRK +om at det ikke bare er meg, men at også NAV bedriver geolokalisering +av IP-adresser, og at det gjøres analyse av IP-adressene til de som +sendes inn meldekort for å se om meldekortet sendes inn fra +utenlandske IP-adresser. Politiadvokat i Drammen, Hans Lyder Haare, +er sitert i NRK på at «De to er jo blant annet avslørt av +IP-adresser. At man ser at meldekortet kommer fra utlandet.»

+ +

Jeg synes det er fint at det blir bedre kjent at IP-adresser +knyttes til enkeltpersoner og at innsamlet informasjon brukes til å +stedsbestemme personer også av aktører her i Norge. Jeg ser det som +nok et argument for å bruke +Tor så mye som mulig for å +gjøre gjøre IP-lokalisering vanskeligere, slik at en kan beskytte sin +privatsfære og unngå å dele sin fysiske plassering med +uvedkommede.

+ +

Men det er en ting som bekymrer meg rundt denne nyheten. Jeg ble +tipset (takk #nuug) om +NAVs +personvernerklæring, som under punktet «Personvern og statistikk» +lyder:

+ +

+ +

«Når du besøker nav.no, etterlater du deg elektroniske spor. Sporene +dannes fordi din nettleser automatisk sender en rekke opplysninger til +NAVs tjener (server-maskin) hver gang du ber om å få vist en side. Det +er eksempelvis opplysninger om hvilken nettleser og -versjon du +bruker, og din internettadresse (ip-adresse). For hver side som vises, +lagres følgende opplysninger:

+ +
    +
  • hvilken side du ser pÃ¥
    • +
  • dato og tid
    • +
  • hvilken nettleser du bruker
    • +
  • din ip-adresse
    • +
+ +

Ingen av opplysningene vil bli brukt til å identifisere +enkeltpersoner. NAV bruker disse opplysningene til å generere en +samlet statistikk som blant annet viser hvilke sider som er mest +populære. Statistikken er et redskap til å forbedre våre +tjenester.»

+ +

+ +

Jeg klarer ikke helt å se hvordan analyse av de besøkendes +IP-adresser for å se hvem som sender inn meldekort via web fra en +IP-adresse i utlandet kan gjøres uten å komme i strid med påstanden om +at «ingen av opplysningene vil bli brukt til å identifisere +enkeltpersoner». Det virker dermed for meg som at NAV bryter sine +egen personvernerklæring, hvilket +Datatilsynet +fortalte meg i starten av desember antagelig er brudd på +personopplysningsloven. + +

I tillegg er personvernerklæringen ganske misvisende i og med at +NAVs nettsider ikke bare forsyner NAV med personopplysninger, men i +tillegg ber brukernes nettleser kontakte fem andre nettjenere +(script.hotjar.com, static.hotjar.com, vars.hotjar.com, +www.google-analytics.com og www.googletagmanager.com), slik at +personopplysninger blir gjort tilgjengelig for selskapene Hotjar og +Google , og alle som kan lytte på trafikken på veien (som FRA, GCHQ og +NSA). Jeg klarer heller ikke se hvordan slikt spredning av +personopplysninger kan være i tråd med kravene i +personopplysningloven, eller i tråd med NAVs personvernerklæring.

+ +

Kanskje NAV bør ta en nøye titt på sin personvernerklæring? Eller +kanskje Datatilsynet bør gjøre det?

- Tags: debian, debian edu, english, multimedia, video. + Tags: norsk, nuug, personvern, surveillance.
@@ -486,29 +458,164 @@ support?

-
The Pyra - handheld computer with Debian preinstalled
-
4th May 2016
-
A friend of mine made me aware of -The Pyra, a -handheld computer which will be delivered with Debian preinstalled. I -would love to get one of those for my birthday. :)

- -

The machine is a complete ARM-based PC with micro HDMI, SATA, USB -plugs and many others connectors, and include a full keyboard and a 5" -LCD touch screen. The 6000mAh battery is claimed to provide a whole -day of battery life time, but I have not seen any independent tests -confirming this. The vendor is still collecting preorders, and the -last I heard last night was that 22 more orders were needed before -production started.

- -

As far as I know, this is the first handheld preinstalled with -Debian. Please let me know if you know of any others. Is it the -first computer being sold with Debian preinstalled?

+
Where did that package go? — geolocated IP traceroute
+
9th January 2017
+

Did you ever wonder where the web trafic really flow to reach the +web servers, and who own the network equipment it is flowing through? +It is possible to get a glimpse of this from using traceroute, but it +is hard to find all the details. Many years ago, I wrote a system to +map the Norwegian Internet (trying to figure out if our plans for a +network game service would get low enough latency, and who we needed +to talk to about setting up game servers close to the users. Back +then I used traceroute output from many locations (I asked my friends +to run a script and send me their traceroute output) to create the +graph and the map. The output from traceroute typically look like +this: + +

+traceroute to www.stortinget.no (85.88.67.10), 30 hops max, 60 byte packets
+ 1  uio-gw10.uio.no (129.240.202.1)  0.447 ms  0.486 ms  0.621 ms
+ 2  uio-gw8.uio.no (129.240.24.229)  0.467 ms  0.578 ms  0.675 ms
+ 3  oslo-gw1.uninett.no (128.39.65.17)  0.385 ms  0.373 ms  0.358 ms
+ 4  te3-1-2.br1.fn3.as2116.net (193.156.90.3)  1.174 ms  1.172 ms  1.153 ms
+ 5  he16-1-1.cr1.san110.as2116.net (195.0.244.234)  2.627 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48)  3.172 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234)  2.857 ms
+ 6  ae1.ar8.oslosda310.as2116.net (195.0.242.39)  0.662 ms  0.637 ms ae0.ar8.oslosda310.as2116.net (195.0.242.23)  0.622 ms
+ 7  89.191.10.146 (89.191.10.146)  0.931 ms  0.917 ms  0.955 ms
+ 8  * * *
+ 9  * * *
+[...]
+

+ +

This show the DNS names and IP addresses of (at least some of the) +network equipment involved in getting the data traffic from me to the +www.stortinget.no server, and how long it took in milliseconds for a +package to reach the equipment and return to me. Three packages are +sent, and some times the packages do not follow the same path. This +is shown for hop 5, where three different IP addresses replied to the +traceroute request.

+ +

There are many ways to measure trace routes. Other good traceroute +implementations I use are traceroute (using ICMP packages) mtr (can do +both ICMP, UDP and TCP) and scapy (python library with ICMP, UDP, TCP +traceroute and a lot of other capabilities). All of them are easily +available in Debian.

+ +

This time around, I wanted to know the geographic location of +different route points, to visualize how visiting a web page spread +information about the visit to a lot of servers around the globe. The +background is that a web site today often will ask the browser to get +from many servers the parts (for example HTML, JSON, fonts, +JavaScript, CSS, video) required to display the content. This will +leak information about the visit to those controlling these servers +and anyone able to peek at the data traffic passing by (like your ISP, +the ISPs backbone provider, FRA, GCHQ, NSA and others).

+ +

Lets pick an example, the Norwegian parliament web site +www.stortinget.no. It is read daily by all members of parliament and +their staff, as well as political journalists, activits and many other +citizens of Norway. A visit to the www.stortinget.no web site will +ask your browser to contact 8 other servers: ajax.googleapis.com, +insights.hotjar.com, script.hotjar.com, static.hotjar.com, +stats.g.doubleclick.net, www.google-analytics.com, +www.googletagmanager.com and www.netigate.se. I extracted this by +asking PhantomJS to visit the +Stortinget web page and tell me all the URLs PhantomJS downloaded to +render the page (in HAR format using +their +netsniff example. I am very grateful to Gorm for showing me how +to do this). My goal is to visualize network traces to all IP +addresses behind these DNS names, do show where visitors personal +information is spread when visiting the page.

+ +

map of combined traces for URLs used by www.stortinget.no using GeoIP

+ +

When I had a look around for options, I could not find any good +free software tools to do this, and decided I needed my own traceroute +wrapper outputting KML based on locations looked up using GeoIP. KML +is easy to work with and easy to generate, and understood by several +of the GIS tools I have available. I got good help from by NUUG +colleague Anders Einar with this, and the result can be seen in +my +kmltraceroute git repository. Unfortunately, the quality of the +free GeoIP databases I could find (and the for-pay databases my +friends had access to) is not up to the task. The IP addresses of +central Internet infrastructure would typically be placed near the +controlling companies main office, and not where the router is really +located, as you can see from the +KML file I created using the GeoLite City dataset from MaxMind. + +

scapy traceroute graph for URLs used by www.stortinget.no

+ +

I also had a look at the visual traceroute graph created by +the scrapy project, +showing IP network ownership (aka AS owner) for the IP address in +question. +The +graph display a lot of useful information about the traceroute in SVG +format, and give a good indication on who control the network +equipment involved, but it do not include geolocation. This graph +make it possible to see the information is made available at least for +UNINETT, Catchcom, Stortinget, Nordunet, Google, Amazon, Telia, Level +3 Communications and NetDNA.

+ +

example geotraceroute view for www.stortinget.no

+ +

In the process, I came across the +web service GeoTraceroute by +Salim Gasmi. Its methology of combining guesses based on DNS names, +various location databases and finally use latecy times to rule out +candidate locations seemed to do a very good job of guessing correct +geolocation. But it could only do one trace at the time, did not have +a sensor in Norway and did not make the geolocations easily available +for postprocessing. So I contacted the developer and asked if he +would be willing to share the code (he refused until he had time to +clean it up), but he was interested in providing the geolocations in a +machine readable format, and willing to set up a sensor in Norway. So +since yesterday, it is possible to run traces from Norway in this +service thanks to a sensor node set up by +the NUUG assosiation, and get the +trace in KML format for further processing.

+ +

map of combined traces for URLs used by www.stortinget.no using geotraceroute

+ +

Here we can see a lot of trafic passes Sweden on its way to +Denmark, Germany, Holland and Ireland. Plenty of places where the +Snowden confirmations verified the traffic is read by various actors +without your best interest as their top priority.

+ +

Combining KML files is trivial using a text editor, so I could loop +over all the hosts behind the urls imported by www.stortinget.no and +ask for the KML file from GeoTraceroute, and create a combined KML +file with all the traces (unfortunately only one of the IP addresses +behind the DNS name is traced this time. To get them all, one would +have to request traces using IP number instead of DNS names from +GeoTraceroute). That might be the next step in this project.

+ +

Armed with these tools, I find it a lot easier to figure out where +the IP traffic moves and who control the boxes involved in moving it. +And every time the link crosses for example the Swedish border, we can +be sure Swedish Signal Intelligence (FRA) is listening, as GCHQ do in +Britain and NSA in USA and cables around the globe. (Hm, what should +we tell them? :) Keep that in mind if you ever send anything +unencrypted over the Internet.

+ +

PS: KML files are drawn using +the KML viewer from Ivan +Rublev, as it was less cluttered than the local Linux application +Marble. There are heaps of other options too.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english. + Tags: debian, english, kart, nuug, personvern, stortinget, surveillance, web.
@@ -516,28 +623,77 @@ first computer being sold with Debian preinstalled?

-
NUUG contests Norwegian police DNS seizure of popcorn-time.no
-
18th April 2016
-

It is days like today I am really happy to be a member of -the Norwegian Unix User group, a -member association for those of us believing in free software, open -standards and unix-like operating systems. NUUG announced today it -will -try -to bring the seizure of the DNS domain popcorn-time.no as -unlawful, to stand up for the principle that writing about a -controversial topic is not infringing copyrights, and censuring web -pages by hijacking DNS domain should be decided by the courts, not the -police. The DNS domain was seized by the Norwegian National Authority -for Investigation and Prosecution of Economic and Environmental Crime -a month ago. I hope this bring more paying members to NUUG to give -the association the financial muscle needed to bring this case as far -as it must go to stop this kind of DNS hijacking.

+
Introducing ical-archiver to split out old iCalendar entries
+
4th January 2017
+

Do you have a large iCalendar +file with lots of old entries, and would like to archive them to save +space and resources? At least those of us using KOrganizer know that +turning on and off an event set become slower and slower the more +entries are in the set. While working on migrating our calendars to a +Radicale CalDAV server on our +Freedombox server, my +loved one wondered if I could find a way to split up the calendar file +she had in KOrganizer, and I set out to write a tool. I spent a few +days writing and polishing the system, and it is now ready for general +consumption. The +code for +ical-archiver is publicly available from a git repository on +github. The system is written in Python and depend on +the vobject Python +module.

+ +

To use it, locate the iCalendar file you want to operate on and +give it as an argument to the ical-archiver script. This will +generate a set of new files, one file per component type per year for +all components expiring more than two years in the past. The vevent, +vtodo and vjournal entries are handled by the script. The remaining +entries are stored in a 'remaining' file.

+ +

This is what a test run can look like: + +

+% ical-archiver t/2004-2016.ics 
+Found 3612 vevents
+Found 6 vtodos
+Found 2 vjournals
+Writing t/2004-2016.ics-subset-vevent-2004.ics
+Writing t/2004-2016.ics-subset-vevent-2005.ics
+Writing t/2004-2016.ics-subset-vevent-2006.ics
+Writing t/2004-2016.ics-subset-vevent-2007.ics
+Writing t/2004-2016.ics-subset-vevent-2008.ics
+Writing t/2004-2016.ics-subset-vevent-2009.ics
+Writing t/2004-2016.ics-subset-vevent-2010.ics
+Writing t/2004-2016.ics-subset-vevent-2011.ics
+Writing t/2004-2016.ics-subset-vevent-2012.ics
+Writing t/2004-2016.ics-subset-vevent-2013.ics
+Writing t/2004-2016.ics-subset-vevent-2014.ics
+Writing t/2004-2016.ics-subset-vjournal-2007.ics
+Writing t/2004-2016.ics-subset-vjournal-2011.ics
+Writing t/2004-2016.ics-subset-vtodo-2012.ics
+Writing t/2004-2016.ics-remaining.ics
+%
+

+ +

As you can see, the original file is untouched and new files are +written with names derived from the original file. If you are happy +with their content, the *-remaining.ics file can replace the original +the the others can be archived or imported as historical calendar +collections.

+ +

The script should probably be improved a bit. The error handling +when discovering broken entries is not good, and I am not sure yet if +it make sense to split different entry types into separate files or +not. The program is thus likely to change. If you find it +interesting, please get in touch. :)

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: english, nuug, offentlig innsyn, opphavsrett. + Tags: english, standard.
@@ -552,6 +708,17 @@ as it must go to stop this kind of DNS hijacking.

Archive