X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/09e8200a5ac5c85ad5daf8934b110a634996ed0f..fe0fe16f8c3e50f6be016875c213887285ed4273:/blog/archive/2016/01/01.rss
diff --git a/blog/archive/2016/01/01.rss b/blog/archive/2016/01/01.rss
index 6a569354c0..fadbdc828d 100644
--- a/blog/archive/2016/01/01.rss
+++ b/blog/archive/2016/01/01.rss
@@ -6,6 +6,159 @@
http://people.skolelinux.org/pere/blog/
+
+ Creepy, visualise geotagged social media information - nice free software
+ http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html
+ http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html
+ Sun, 24 Jan 2016 10:50:00 +0100
+ <p>Most people seem not to realise that every time they walk around
+with the computerised radio beacon known as a mobile phone their
+position is tracked by the phone company and often stored for a long
+time (like every time a SMS is received or sent). And if their
+computerised radio beacon is capable of running programs (often called
+mobile apps) downloaded from the Internet, these programs are often
+also capable of tracking their location (if the app requested access
+during installation). And when these programs send out information to
+central collection points, the location is often included, unless
+extra care is taken to not send the location. The provided
+information is used by several entities, for good and bad (what is
+good and bad, depend on your point of view). What is certain, is that
+the private sphere and the right to free movement is challenged and
+perhaps even eradicated for those announcing their location this way,
+when they share their whereabouts with private and public
+entities.</p>
+
+<p align="center"><img width="70%" src="http://people.skolelinux.org/pere/blog/images/2016-01-24-nice-creepy-desktop-window.png"></p>
+
+<p>The phone company logs provide a register of locations to check out
+when one want to figure out what the tracked person was doing. It is
+unavailable for most of us, but provided to selected government
+officials, company staff, those illegally buying information from
+unfaithful servants and crackers stealing the information. But the
+public information can be collected and analysed, and a free software
+tool to do so is called
+<a href="http://www.geocreepy.com/">Creepy or Cree.py</a>. I
+discovered it when I read
+<a href="http://www.aftenposten.no/kultur/Slik-kan-du-bli-overvaket-pa-Twitter-og-Instagram-uten-a-ane-det-7787884.html">an
+article about Creepy</a> in the Norwegian newspaper Aftenposten i
+November 2014, and decided to check if it was available in Debian.
+The python program was in Debian, but
+<a href="https://tracker.debian.org/pkg/creepy">the version in
+Debian</a> was completely broken and practically unmaintained. I
+uploaded a new version which did not work quite right, but did not
+have time to fix it then. This Christmas I decided to finally try to
+get Creepy operational in Debian. Now a fixed version is available in
+Debian unstable and testing, and almost all Debian specific patches
+are now included
+<a href="https://github.com/jkakavas/creepy">upstream</a>.</p>
+
+<p>The Creepy program visualises geolocation information fetched from
+Twitter, Instagram, Flickr and Google+, and allow one to get a
+complete picture of every social media message posted recently in a
+given area, or track the movement of a given individual across all
+these services. Earlier it was possible to use the search API of at
+least some of these services without identifying oneself, but these
+days it is impossible. This mean that to use Creepy, you need to
+configure it to log in as yourself on these services, and provide
+information to them about your search interests. This should be taken
+into account when using Creepy, as it will also share information
+about yourself with the services.</p>
+
+<p>The picture above show the twitter messages sent from (or at least
+geotagged with a position from) the city centre of Oslo, the capital
+of Norway. One useful way to use Creepy is to first look at
+information tagged with an area of interest, and next look at all the
+information provided by one or more individuals who was in the area.
+I tested it by checking out which celebrity provide their location in
+twitter messages by checkout out who sent twitter messages near a
+Norwegian TV station, and next could track their position over time,
+making it possible to locate their home and work place, among other
+things. A similar technique have been
+<a href="http://www.buzzfeed.com/maxseddon/does-this-soldiers-instagram-account-prove-russia-is-covertl">used
+to locate Russian soldiers in Ukraine</a>, and it is both a powerful
+tool to discover lying governments, and a useful tool to help people
+understand the value of the private information they provide to the
+public.</p>
+
+<p>The package is not trivial to backport to Debian Stable/Jessie, as
+it depend on several python modules currently missing in Jessie (at
+least python-instagram, python-flickrapi and
+python-requests-toolbelt).</p>
+
+<p>(I have uploaded
+<a href="https://screenshots.debian.net/package/creepy">the image to
+screenshots.debian.net</a> and licensed it under the same terms as the
+Creepy program in Debian.)</p>
+
+
+
+
+ Always download Debian packages using Tor - the simple recipe
+ http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html
+ http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html
+ Fri, 15 Jan 2016 00:30:00 +0100
+ <p>During his DebConf15 keynote, Jacob Appelbaum
+<a href="https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/">observed
+that those listening on the Internet lines would have good reason to
+believe a computer have a given security hole</a> if it download a
+security fix from a Debian mirror. This is a good reason to always
+use encrypted connections to the Debian mirror, to make sure those
+listening do not know which IP address to attack. In August, Richard
+Hartmann observed that encryption was not enough, when it was possible
+to interfere download size to security patches or the fact that
+download took place shortly after a security fix was released, and
+<a href="http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/">proposed
+to always use Tor to download packages from the Debian mirror</a>. He
+was not the first to propose this, as the
+<tt><a href="https://tracker.debian.org/pkg/apt-transport-tor">apt-transport-tor</a></tt>
+package by Tim Retout already existed to make it easy to convince apt
+to use <a href="https://www.torproject.org/">Tor</a>, but I was not
+aware of that package when I read the blog post from Richard.</p>
+
+<p>Richard discussed the idea with Peter Palfrader, one of the Debian
+sysadmins, and he set up a Tor hidden service on one of the central
+Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
+it possible to download packages directly between two tor nodes,
+making sure the network traffic always were encrypted.</p>
+
+<p>Here is a short recipe for enabling this on your machine, by
+installing <tt>apt-transport-tor</tt> and replacing http and https
+urls with tor+http and tor+https, and using the hidden service instead
+of the official Debian mirror site. I recommend installing
+<tt>etckeeper</tt> before you start to have a history of the changes
+done in /etc/.</p>
+
+<blockquote><pre>
+apt install apt-transport-tor
+sed -i 's% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%' /etc/apt/sources.list
+sed -i 's% http% tor+http%' /etc/apt/sources.list
+</pre></blockquote>
+
+<p>If you have more sources listed in /etc/apt/sources.list.d/, run
+the sed commands for these too. The sed command is assuming your are
+using the ftp.debian.org Debian mirror. Adjust the command (or just
+edit the file manually) to match your mirror.</p>
+
+<p>This work in Debian Jessie and later. Note that tools like
+<tt>apt-file</tt> only recently started using the apt transport
+system, and do not work with these tor+http URLs. For
+<tt>apt-file</tt> you need the version currently in experimental,
+which need a recent apt version currently only in unstable. So if you
+need a working <tt>apt-file</tt>, this is not for you.</p>
+
+<p>Another advantage from this change is that your machine will start
+using Tor regularly and at fairly random intervals (every time you
+update the package lists or upgrade or install a new package), thus
+masking other Tor traffic done from the same machine. Using Tor will
+become normal for the machine in question.</p>
+
+<p>On <a href="https://wiki.debian.org/FreedomBox">Freedombox</a>, APT
+is set up by default to use <tt>apt-transport-tor</tt> when Tor is
+enabled. It would be great if it was the default on any Debian
+system.</p>
+
+
+
Nedlasting fra NRK, som Matroska med undertekster
http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html