X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/14c30fcadbf6b05cee38bda48e476b5393e1e2cf..2d047348b0dfe1d3bab7955e9bf9b52223e84373:/blog/index.rss diff --git a/blog/index.rss b/blog/index.rss index dbbe2415df..3b4e21fa9b 100644 --- a/blog/index.rss +++ b/blog/index.rss @@ -7,875 +7,640 @@ - Hvordan bør RFC 822-formattert epost lagres i en NOARK5-database? - http://people.skolelinux.org/pere/blog/Hvordan_b_r_RFC_822_formattert_epost_lagres_i_en_NOARK5_database_.html - http://people.skolelinux.org/pere/blog/Hvordan_b_r_RFC_822_formattert_epost_lagres_i_en_NOARK5_database_.html - Fri, 7 Mar 2014 15:20:00 +0100 - <p>For noen uker siden ble NXCs fri programvarelisenserte -NOARK5-løsning -<a href="http://www.nuug.no/aktiviteter/20140211-noark/">presentert hos -NUUG</a> (video -<a href="https://www.youtube.com/watch?v=JCb_dNS3MHQ">på youtube -foreløbig</a>), og det fikk meg til å titte litt mer på NOARK5, -standarden for arkivhåndtering i det offentlige Norge. Jeg lurer på -om denne kjernen kan være nyttig i et par av mine prosjekter, og for ett -av dem er det mest aktuelt å lagre epost. Jeg klarte ikke finne noen -anbefaling om hvordan RFC 822-formattert epost (aka Internett-epost) -burde lagres i NOARK5, selv om jeg vet at noen arkiver tar -PDF-utskrift av eposten med sitt epostprogram og så arkiverer PDF-en -(eller enda værre, tar papirutskrift og lagrer bildet av eposten som -PDF i arkivet).</p> - -<p>Det er ikke så mange formater som er akseptert av riksarkivet til -langtidsoppbevaring av offentlige arkiver, og PDF og XML er de mest -aktuelle i så måte. Det slo meg at det måtte da finnes en eller annen -egnet XML-representasjon og at det kanskje var enighet om hvilken som -burde brukes, så jeg tok mot til meg og spurte -<a href="http://samdok.com/">SAMDOK</a>, en gruppe tilknyttet -arkivverket som ser ut til å jobbe med NOARK-samhandling, om de hadde -noen anbefalinger: - -<p><blockquote> -<p>Hei.</p> - -<p>Usikker på om dette er riktig forum å ta opp mitt spørsmål, men jeg -lurer på om det er definert en anbefaling om hvordan RFC -822-formatterte epost (aka vanlig Internet-epost) bør lages håndteres -i NOARK5, slik at en bevarer all informasjon i eposten -(f.eks. Received-linjer). Finnes det en anbefalt XML-mapping ala den -som beskrives på -&lt;URL: <a href="https://www.informit.com/articles/article.aspx?p=32074">https://www.informit.com/articles/article.aspx?p=32074</a> &gt;? Mitt -mål er at det skal være mulig å lagre eposten i en NOARK5-kjerne og -kunne få ut en identisk formattert kopi av opprinnelig epost ved -behov.</p> -</blockquote></p> - -<p>Postmottaker hos SAMDOK mente spørsmålet heller burde stilles -direkte til riksarkivet, og jeg fikk i dag svar derfra formulert av -seniorrådgiver Geir Ivar Tungesvik:</p> + Simpler recipe on how to make a simple $7 IMSI Catcher using Debian + http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html + http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html + Wed, 9 Aug 2017 23:59:00 +0200 + <p>On friday, I came across an interesting article in the Norwegian +web based ICT news magazine digi.no on +<a href="https://www.digi.no/artikler/sikkerhetsforsker-lagde-enkel-imsi-catcher-for-60-kroner-na-kan-mobiler-kartlegges-av-alle/398588">how +to collect the IMSI numbers of nearby cell phones</a> using the cheap +DVB-T software defined radios. The article refered to instructions +and <a href="https://www.youtube.com/watch?v=UjwgNd_as30">a recipe by +Keld Norman on Youtube on how to make a simple $7 IMSI Catcher</a>, and I decided to test them out.</p> + +<p>The instructions said to use Ubuntu, install pip using apt (to +bypass apt), use pip to install pybombs (to bypass both apt and pip), +and the ask pybombs to fetch and build everything you need from +scratch. I wanted to see if I could do the same on the most recent +Debian packages, but this did not work because pybombs tried to build +stuff that no longer build with the most recent openssl library or +some other version skew problem. While trying to get this recipe +working, I learned that the apt->pip->pybombs route was a long detour, +and the only piece of software dependency missing in Debian was the +gr-gsm package. I also found out that the lead upstream developer of +gr-gsm (the name stand for GNU Radio GSM) project already had a set of +Debian packages provided in an Ubuntu PPA repository. All I needed to +do was to dget the Debian source package and built it.</p> + +<p>The IMSI collector is a python script listening for packages on the +loopback network device and printing to the terminal some specific GSM +packages with IMSI numbers in them. The code is fairly short and easy +to understand. The reason this work is because gr-gsm include a tool +to read GSM data from a software defined radio like a DVB-T USB stick +and other software defined radios, decode them and inject them into a +network device on your Linux machine (using the loopback device by +default). This proved to work just fine, and I've been testing the +collector for a few days now.</p> + +<p>The updated and simpler recipe is thus to</p> + +<ol> + +<li>start with a Debian machine running Stretch or newer,</li> + +<li>build and install the gr-gsm package available from +<a href="http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/">http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/</a>,</li> + +<li>clone the git repostory from <a href="https://github.com/Oros42/IMSI-catcher">https://github.com/Oros42/IMSI-catcher</a>,</li> + +<li>run grgsm_livemon and adjust the frequency until the terminal +where it was started is filled with a stream of text (meaning you +found a GSM station).</li> + +<li>go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.</li> + +</ol> + +<p>To make it even easier in the future to get this sniffer up and +running, I decided to package +<a href="https://github.com/ptrkrysik/gr-gsm/">the gr-gsm project</a> +for Debian (<a href="https://bugs.debian.org/871055">WNPP +#871055</a>), and the package was uploaded into the NEW queue today. +Luckily the gnuradio maintainer has promised to help me, as I do not +know much about gnuradio stuff yet.</p> + +<p>I doubt this "IMSI cacher" is anywhere near as powerfull as +commercial tools like +<a href="https://www.thespyphone.com/portable-imsi-imei-catcher/">The +Spy Phone Portable IMSI / IMEI Catcher</a> or the +<a href="https://en.wikipedia.org/wiki/Stingray_phone_tracker">Harris +Stingray</a>, but I hope the existance of cheap alternatives can make +more people realise how their whereabouts when carrying a cell phone +is easily tracked. Seeing the data flow on the screen, realizing that +I live close to a police station and knowing that the police is also +wearing cell phones, I wonder how hard it would be for criminals to +track the position of the police officers to discover when there are +police near by, or for foreign military forces to track the location +of the Norwegian military forces, or for anyone to track the location +of government officials...</p> + +<p>It is worth noting that the data reported by the IMSI-catcher +script mentioned above is only a fraction of the data broadcasted on +the GSM network. It will only collect one frequency at the time, +while a typical phone will be using several frequencies, and not all +phones will be using the frequencies tracked by the grgsm_livemod +program. Also, there is a lot of radio chatter being ignored by the +simple_IMSI-catcher script, which would be collected by extending the +parser code. I wonder if gr-gsm can be set up to listen to more than +one frequency?</p> + + + + + Norwegian Bokmål edition of Debian Administrator's Handbook is now available + http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html + http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html + Tue, 25 Jul 2017 21:10:00 +0200 + <p align="center"><img align="center" src="http://people.skolelinux.org/pere/blog/images/2017-07-25-debian-handbook-nb-testprint.png"/></p> + +<p>I finally received a copy of the Norwegian Bokmål edition of +"<a href="https://debian-handbook.info/">The Debian Administrator's +Handbook</a>". This test copy arrived in the mail a few days ago, and +I am very happy to hold the result in my hand. We spent around one and a half year translating it. This paperbook edition +<a href="https://debian-handbook.info/get/#norwegian">is available +from lulu.com</a>. If you buy it quickly, you save 25% on the list +price. The book is also available for download in electronic form as +PDF, EPUB and Mobipocket, as can be +<a href="https://debian-handbook.info/browse/nb-NO/stable/">read online +as a web page</a>.</p> + +<p>This is the second book I publish (the first was the book +"<a href="http://free-culture.cc/">Free Culture</a>" by Lawrence Lessig +in +<a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">English</a>, +<a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">French</a> +and +<a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Norwegian +Bokmål</a>), and I am very excited to finally wrap up this +project. I hope +"<a href="http://www.lulu.com/shop/rapha%C3%ABl-hertzog-and-roland-mas/h%C3%A5ndbok-for-debian-administratoren/paperback/product-23262290.html">Håndbok +for Debian-administratoren</a>" will be well received.</p> + + + + + «Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet» + http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html + http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html + Tue, 27 Jun 2017 17:50:00 +0200 + <p>Jeg kom over teksten +«<a href="https://freedom-to-tinker.com/2017/06/21/killing-car-privacy-by-federal-mandate/">Killing +car privacy by federal mandate</a>» av Leonid Reyzin på Freedom to +Tinker i dag, og det gleder meg å se en god gjennomgang om hvorfor det +er et urimelig inngrep i privatsfæren å la alle biler kringkaste sin +posisjon og bevegelse via radio. Det omtalte forslaget basert på +Dedicated Short Range Communication (DSRC) kalles Basic Safety Message +(BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det +norske Vegvesenet er en av de som ser ut til å kunne tenke seg å +pålegge alle biler å fjerne nok en bit av innbyggernes privatsfære. +Anbefaler alle å lese det som står der. + +<p>Mens jeg tittet litt på DSRC på biler i Norge kom jeg over et sitat +jeg synes er illustrativt for hvordan det offentlige Norge håndterer +problemstillinger rundt innbyggernes privatsfære i SINTEF-rapporten +«<a href="https://www.sintef.no/publikasjoner/publikasjon/Download/?pubid=SINTEF+A23933">Informasjonssikkerhet +i AutoPASS-brikker</a>» av Trond Foss:</p> <p><blockquote> -<p>Riksarkivet har ingen anbefalinger når det gjelder konvertering fra -e-post til XML. Det står arkivskaper fritt å eventuelt definere/bruke -eget format. Inklusive da - som det spørres om - et format der det er -mulig å re-etablere e-post format ut fra XML-en. XML (e-post) -dokumenter må være referert i arkivstrukturen, og det må vedlegges et -gyldig XML skjema (.xsd) for XML-filene. Arkivskaper står altså fritt -til å gjøre hva de vil, bare det dokumenteres og det kan dannes et -utrekk ved avlevering til depot.</p> - -<p>De obligatoriske kravene i Noark 5 standarden må altså oppfylles - -etter dialog med Riksarkivet i forbindelse med godkjenning. For -offentlige arkiv er det særlig viktig med filene loependeJournal.xml -og offentligJournal.xml. Private arkiv som vil forholde seg til Noark -5 standarden er selvsagt frie til å bruke det som er relevant for dem -av obligatoriske krav.</p> +«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig + integritet.» </blockquote></p> -<p>Det ser dermed ut for meg som om det er et lite behov for å -standardisere XML-lagring av RFC-822-formatterte meldinger. Noen som -vet om god spesifikasjon i så måte? I tillegg til den omtalt over, -har jeg kommet over flere aktuelle beskrivelser (søk på "rfc 822 -xml", så finner du aktuelle alternativer).</p> - -<ul> - -<li><a href="http://www.openhealth.org/xmtp/">XML MIME Transformation -protocol (XMTP)</a> fra OpenHealth, sist oppdatert 2001.</li> - -<li><a href="https://tools.ietf.org/html/draft-klyne-message-rfc822-xml-03">An -XML format for mail and other messages</a> utkast fra IETF datert -2001.</li> - -<li><a href="http://www.informit.com/articles/article.aspx?p=32074">xMail: -E-mail as XML</a> en artikkel fra 2003 som beskriver python-modulen -rfc822 som gir ut XML-representasjon av en RFC 822-formattert epost.</li> - -</ul> - -<p>Finnes det andre og bedre spesifikasjoner for slik lagring? Send -meg en epost hvis du har innspill.</p> +<p>Så enkelt kan det tydeligvis gjøres når en vurderer +informasjonssikkerheten. Det holder vel at folkene på toppen kan si +at «Personvernet er ivaretatt», som jo er den populære intetsigende +frasen som gjør at mange tror enkeltindividers integritet tas vare på. +Sitatet fikk meg til å undres på hvor ofte samme tilnærming, å bare se +bort fra behovet for personlig itegritet, blir valgt når en velger å +legge til rette for nok et inngrep i privatsfæren til personer i +Norge. Det er jo sjelden det får reaksjoner. Historien om +reaksjonene på Helse Sør-Østs tjenesteutsetting er jo sørgelig nok et +unntak og toppen av isfjellet, desverre. Tror jeg fortsatt takker nei +til både AutoPASS og holder meg så langt unna det norske helsevesenet +som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter +individets privatsfære og personlige integritet høyere enn kortsiktig +gevist og samfunnsnytte.</p> - Lenker for 2014-02-28 - http://people.skolelinux.org/pere/blog/Lenker_for_2014_02_28.html - http://people.skolelinux.org/pere/blog/Lenker_for_2014_02_28.html - Fri, 28 Feb 2014 13:30:00 +0100 - <p>Her er noen lenker til tekster jeg har satt pris på å lese de siste -månedene. Det er mye om varsleren Edward Snowden, som burde få all -hjelp, støtte og beskyttelse Norge kan stille opp med for å ha satt -totalitær overvåkning på sakskartet, men også endel annet -tankevekkende og interessant.</p> - -<ul> - -<li>2013-12-21 -<a href="http://www.dagbladet.no/2013/12/21/nyheter/thomas_drake/nsa/overvakning/snowden/30925886/">- -NSA tenker som Stasi</a> - Dagbladet.no</li> - -<li>2013-12-19 <a href="http://www.dagensit.no/article2732734.ece">- -Staten har ikke rett til å vite alt om deg</a> - DN.no</li> - -<li>2013-12-21 -<a href="http://www.dagbladet.no/2013/12/21/nyheter/krig_og_konflikter/politikk/utenriks/30961126/">Nye -mål for NSAs spionasje avslørt</a> - Dagbladet.no</li> - -<li>2013-12-19 -<a href="http://www.dagbladet.no/2013/12/19/nyheter/nsa/usa/politikk/barack_obama/30918684/">«NSA -bør fjernes fra sin makt til å samle inn metadata fra amerikanske -telefonsamtaler»</a> - Dagbladet.no</li> - -<li>2013-12-18 -<a href="http://www.dagbladet.no/2013/12/18/kultur/meninger/hovedkronikk/debatt/snowden/30901089/">Etterretning, -overvåking, frihet og sikkerhet</a> - Dagbladet.no</li> - -<li>2013-12-17 -<a href="http://www.nrk.no/verden/snowden-vil-ha-asyl-i-brasil-1.11423444">Snowden -angriper USA i åpent brev</a> - nrk.no</li> - -<li>2013-12-17 -<a href="http://www.digi.no/925820/rettslig-nederlag-for-etterretning">Rettslig -nederlag for etterretning</a> - digi.no</li> - -<li>2013-12-21 -<a href="http://www.dagbladet.no/2013/12/21/kultur/meninger/hovedkommentar/kommentar/etterretning/30963284/">Truende -nedkjøling</a> - dagbladet.no</li> - -<li>2013-12-20 -<a href="http://www.aftenposten.no/viten/Matematikk-og-forstaelse-7411849.html">Matematikk -og forståelse</a> - aftenposten.no</li> - -<li>2013-10-20 -<a href="http://www.nrk.no/viten/ny-studie_sovn-reinser-hjernen-var-1.11306106">Vi -søv for å reinse hjernen vår, ifølgje ny studie</a> - nrk.no</li> - -<li>2013-12-11 -<a href="http://www.nrk.no/buskerud/julebaksten-i-vasken-1.11410033">Rotterace -i kloakken</a> - nrk.no</li> - -<li>2013-12-30 -<a href="http://www.aftenposten.no/viten/Apne-brev-og-frie-tanker-7413734.html">Åpne -brev og frie tanker</a> - aftenposten.no</li> - -<li>2014-01-12 -<a href="http://www.aftenposten.no/viten/Stopp-kunnskapsapartheidet-7428229.html">Stopp dagens kunnskapsapartheid!</a> - aftenposten.no</li> - -<li>2014-01-09 -<a href="http://www.aftenposten.no/nyheter/uriks/EU-rapport-Britisk-og-amerikansk-overvaking-ser-ut-til-a-vare-ulovlig-7428933.html">EU-rapport: -Britisk og amerikansk overvåking ser ut til å være ulovlig</a> - -aftenposten.no</li> - -<li>2013-10-23 Professor Jan Arild Audestad -<a href="http://www.digi.no/924008/advarer-mot-konspirasjonsteori">Advarer -mot konspirasjonsteori</a> i digi.no og sier han ikke tror NSA kan -avlytte mobiltelefoner, mens han noen måneder senere forteller:</li> - -<li>2014-01-09 -<a href="http://www.aftenposten.no/nyheter/iriks/--Vi-ble-presset-til-a-svekke-mobilsikkerheten-pa-80-tallet-7410467.html">- -Vi ble presset til å svekke mobilsikkerheten på 80-tallet</a> - -aftenposten.no</li> - -<li>2014-02-12 -<a href="http://tv.nrk.no/program/koid20005814/et-moete-med-edward-snowden">Et -møte med Edward Snowden</a> - intervju sendt av nrk, tilgjengelig til -2015-01-31</li> - -<li>2014-02-17 -<a href="http://politiken.dk/debat/profiler/jessteinpedersen/ECE2210356/litteraturredaktoeren-helle-thornings-tavshed-om-snowden-er-en-skandale/">Litteraturredaktøren: -Helle Thornings tavshed om Snowden er en skandale</a> - -politiken.dk</li> - -<li>2014-02-21 -<a href="http://www.aftenposten.no/meninger/kronikker/Bra-a-ha-en-Storebror-7476734.html">Bra å ha en «Storebror»</a> - aftenposten.no</li> - -<li>2014-02-28 -<a href="http://johnchristianelden.blogg.no/1393536806_narkotikasiktet_stort.html">"Narkotikasiktet -Stortingsmann" - Spillet bak kulissene</a> - John Christian Eldens -blogg</li> - -<li>2014-02-28 -<a href="http://www.aftenposten.no/meninger/Heksejakt-pa-hasjbrukere-7486283.html">Heksejakt -på hasjbrukere</a> - aftenposten.no</li> - -</ul> + Updated sales number for my Free Culture paper editions + http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html + http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html + Mon, 12 Jun 2017 11:40:00 +0200 + <p>It is pleasing to see that the work we put down in publishing new +editions of the classic <a href="http://www.free-culture.cc/">Free +Culture book</a> by the founder of the Creative Commons movement, +Lawrence Lessig, is still being appreciated. I had a look at the +latest sales numbers for the paper edition today. Not too impressive, +but happy to see some buyers still exist. All the revenue from the +books is sent to the <a href="https://creativecommons.org/">Creative +Commons Corporation</a>, and they receive the largest cut if you buy +directly from Lulu. Most books are sold via Amazon, with Ingram +second and only a small fraction directly from Lulu. The ebook +edition is available for free from +<a href="https://github.com/petterreinholdtsen/free-culture-lessig">Github</a>.</p> + +<table border="0"> +<tr><th rowspan="2" valign="bottom">Title / language</th><th colspan="3">Quantity</th></tr> +<tr><th>2016 jan-jun</th><th>2016 jul-dec</th><th>2017 jan-may</th></tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">Culture Libre / French</a></td> + <td align="right">3</td> + <td align="right">6</td> + <td align="right">15</td> +</tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Fri kultur / Norwegian</a></td> + <td align="right">7</td> + <td align="right">1</td> + <td align="right">0</td> +</tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">Free Culture / English</a></td> + <td align="right">14</td> + <td align="right">27</td> + <td align="right">16</td> +</tr> + +<tr> + <td>Total</td> + <td align="right">24</td> + <td align="right">34</td> + <td align="right">31</td> +</tr> + +</table> + +<p>A bit sad to see the low sales number on the Norwegian edition, and +a bit surprising the English edition still selling so well.</p> + +<p>If you would like to translate and publish the book in your native +language, I would be happy to help make it happen. Please get in +touch.</p> - New home and release 1.0 for netgroup and innetgr (aka ng-utils) - http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html - http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html - Sat, 22 Feb 2014 21:45:00 +0100 - <p>Many years ago, I wrote a GPL licensed version of the netgroup and -innetgr tools, because I needed them in -<a href="http://www.skolelinux.org/">Skolelinux</a>. I called the project -ng-utils, and it has served me well. I placed the project under the -<a href="http://www.hungry.com/">Hungry Programmer</a> umbrella, and it was maintained in our CVS -repository. But many years ago, the CVS repository was dropped (lost, -not migrated to new hardware, not sure), and the project have lacked a -proper home since then.</p> - -<p>Last summer, I had a look at the package and made a new release -fixing a irritating crash bug, but was unable to store the changes in -a proper source control system. I applied for a project on -<a href="https://alioth.debian.org/">Alioth</a>, but did not have time -to follow up on it. Until today. :)</p> - -<p>After many hours of cleaning and migration, the ng-utils project -now have a new home, and a git repository with the highlight of the -history of the project. I published all release tarballs and imported -them into the git repository. As the project is really stable and not -expected to gain new features any time soon, I decided to make a new -release and call it 1.0. Visit the new project home on -<a href="https://alioth.debian.org/projects/ng-utils/">https://alioth.debian.org/projects/ng-utils/</a> -if you want to check it out. The new version is also uploaded into -<a href="http://packages.qa.debian.org/n/ng-utils.html">Debian Unstable</a>.</p> + Release 0.1.1 of free software archive system Nikita announced + http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html + http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html + Sat, 10 Jun 2017 00:40:00 +0200 + <p>I am very happy to report that the +<a href="https://github.com/hiOA-ABI/nikita-noark5-core">Nikita Noark 5 +core project</a> tagged its second release today. The free software +solution is an implementation of the Norwegian archive standard Noark +5 used by government offices in Norway. These were the changes in +version 0.1.1 since version 0.1.0 (from NEWS.md): + +<ul> + + <li>Continued work on the angularjs GUI, including document upload.</li> + <li>Implemented correspondencepartPerson, correspondencepartUnit and + correspondencepartInternal</li> + <li>Applied for coverity coverage and started submitting code on + regualr basis.</li> + <li>Started fixing bugs reported by coverity</li> + <li>Corrected and completed HATEOAS links to make sure entire API is + available via URLs in _links.</li> + <li>Corrected all relation URLs to use trailing slash.</li> + <li>Add initial support for storing data in ElasticSearch.</li> + <li>Now able to receive and store uploaded files in the archive.</li> + <li>Changed JSON output for object lists to have relations in _links.</li> + <li>Improve JSON output for empty object lists.</li> + <li>Now uses correct MIME type application/vnd.noark5-v4+json.</li> + <li>Added support for docker container images.</li> + <li>Added simple API browser implemented in JavaScript/Angular.</li> + <li>Started on archive client implemented in JavaScript/Angular.</li> + <li>Started on prototype to show the public mail journal.</li> + <li>Improved performance by disabling Sprint FileWatcher.</li> + <li>Added support for 'arkivskaper', 'saksmappe' and 'journalpost'.</li> + <li>Added support for some metadata codelists.</li> + <li>Added support for Cross-origin resource sharing (CORS).</li> + <li>Changed login method from Basic Auth to JSON Web Token (RFC 7519) + style.</li> + <li>Added support for GET-ing ny-* URLs.</li> + <li>Added support for modifying entities using PUT and eTag.</li> + <li>Added support for returning XML output on request.</li> + <li>Removed support for English field and class names, limiting ourself + to the official names.</li> + <li>...</li> + +</ul> + +<p>If this sound interesting to you, please contact us on IRC (#nikita +on irc.freenode.net) or email +(<a href="https://lists.nuug.no/mailman/listinfo/nikita-noark">nikita-noark +mailing list).</p> - Testing sysvinit from experimental in Debian Hurd - http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html - http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html - Mon, 3 Feb 2014 13:40:00 +0100 - <p>A few days ago I decided to try to help the Hurd people to get -their changes into sysvinit, to allow them to use the normal sysvinit -boot system instead of their old one. This follow up on the -<a href="https://teythoon.cryptobitch.de//categories/gsoc.html">great -Google Summer of Code work</a> done last summer by Justus Winter to -get Debian on Hurd working more like Debian on Linux. To get started, -I downloaded a prebuilt hard disk image from -<a href="http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz">http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz</a>, -and started it using virt-manager.</p> - -<p>The first think I had to do after logging in (root without any -password) was to get the network operational. I followed -<a href="https://www.debian.org/ports/hurd/hurd-install">the -instructions on the Debian GNU/Hurd ports page</a> and ran these -commands as root to get the machine to accept a IP address from the -kvm internal DHCP server:</p> + Idea for storing trusted timestamps in a Noark 5 archive + http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html + http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html + Wed, 7 Jun 2017 21:40:00 +0200 + <p><em>This is a copy of +<a href="https://lists.nuug.no/pipermail/nikita-noark/2017-June/000297.html">an +email I posted to the nikita-noark mailing list</a>. Please follow up +there if you would like to discuss this topic. The background is that +we are making a free software archive system based on the Norwegian +<a href="https://www.arkivverket.no/forvaltning-og-utvikling/regelverk-og-standarder/noark-standarden">Noark +5 standard</a> for government archives.</em></p> + +<p>I've been wondering a bit lately how trusted timestamps could be +stored in Noark 5. +<a href="https://en.wikipedia.org/wiki/Trusted_timestamping">Trusted +timestamps</a> can be used to verify that some information +(document/file/checksum/metadata) have not been changed since a +specific time in the past. This is useful to verify the integrity of +the documents in the archive.</p> + +<p>Then it occured to me, perhaps the trusted timestamps could be +stored as dokument variants (ie dokumentobjekt referered to from +dokumentbeskrivelse) with the filename set to the hash it is +stamping?</p> + +<p>Given a "dokumentbeskrivelse" with an associated "dokumentobjekt", +a new dokumentobjekt is associated with "dokumentbeskrivelse" with the +same attributes as the stamped dokumentobjekt except these +attributes:</p> -<p><blockquote><pre> -settrans -fgap /dev/netdde /hurd/netdde -kill $(ps -ef|awk '/[p]finet/ { print $2}') -kill $(ps -ef|awk '/[d]evnode/ { print $2}') -dhclient /dev/eth0 -</pre></blockquote></p> +<ul> -<p>After this, the machine had internet connectivity, and I could -upgrade it and install the sysvinit packages from experimental and -enable it as the default boot system in Hurd.</p> +<li>format -> "RFC3161" +<li>mimeType -> "application/timestamp-reply" +<li>formatDetaljer -> "&lt;source URL for timestamp service&gt;" +<li>filenavn -> "&lt;sjekksum&gt;.tsr" -<p>But before I did that, I set a password on the root user, as ssh is -running on the machine it for ssh login to work a password need to be -set. Also, note that a bug somewhere in openssh on Hurd block -compression from working. Remember to turn that off on the client -side.</p> +</ul> -<p>Run these commands as root to upgrade and test the new sysvinit -stuff:</p> +<p>This assume a service following +<a href="https://tools.ietf.org/html/rfc3161">IETF RFC 3161</a> is +used, which specifiy the given MIME type for replies and the .tsr file +ending for the content of such trusted timestamp. As far as I can +tell from the Noark 5 specifications, it is OK to have several +variants/renderings of a dokument attached to a given +dokumentbeskrivelse objekt. It might be stretching it a bit to make +some of these variants represent crypto-signatures useful for +verifying the document integrity instead of representing the dokument +itself.</p> + +<p>Using the source of the service in formatDetaljer allow several +timestamping services to be used. This is useful to spread the risk +of key compromise over several organisations. It would only be a +problem to trust the timestamps if all of the organisations are +compromised.</p> + +<p>The following oneliner on Linux can be used to generate the tsr +file. $input is the path to the file to checksum, and $sha256 is the +SHA-256 checksum of the file (ie the "<sjekksum>.tsr" value mentioned +above).</p> <p><blockquote><pre> -cat > /etc/apt/sources.list.d/experimental.list &lt;&lt;EOF -deb http://http.debian.net/debian/ experimental main -EOF -apt-get update -apt-get dist-upgrade -apt-get install -t experimental initscripts sysv-rc sysvinit \ - sysvinit-core sysvinit-utils -update-alternatives --config runsystem +openssl ts -query -data "$inputfile" -cert -sha256 -no_nonce \ + | curl -s -H "Content-Type: application/timestamp-query" \ + --data-binary "@-" http://zeitstempel.dfn.de > $sha256.tsr </pre></blockquote></p> -<p>To reboot after switching boot system, you have to use -<tt>reboot-hurd</tt> instead of just <tt>reboot</tt>, as there is not -yet a sysvinit process able to receive the signals from the normal -'reboot' command. After switching to sysvinit as the boot system, -upgrading every package and rebooting, the network come up with DHCP -after boot as it should, and the settrans/pkill hack mentioned at the -start is no longer needed. But for some strange reason, there are no -longer any login prompt in the virtual console, so I logged in using -ssh instead. - -<p>Note that there are some race conditions in Hurd making the boot -fail some times. No idea what the cause is, but hope the Hurd porters -figure it out. At least Justus said on IRC (#debian-hurd on -irc.debian.org) that they are aware of the problem. A way to reduce -the impact is to upgrade to the Hurd packages built by Justus by -adding this repository to the machine:</p> +<p>To verify the timestamp, you first need to download the public key +of the trusted timestamp service, for example using this command:</p> <p><blockquote><pre> -cat > /etc/apt/sources.list.d/hurd-ci.list &lt;&lt;EOF -deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main -EOF +wget -O ca-cert.txt \ + https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt </pre></blockquote></p> -<p>At the moment the prebuilt virtual machine get some packages from -http://ftp.debian-ports.org/debian, because some of the packages in -unstable do not yet include the required patches that are lingering in -BTS. This is the completely list of "unofficial" packages installed:</p> +<p>Note, the public key should be stored alongside the timestamps in +the archive to make sure it is also available 100 years from now. It +is probably a good idea to standardise how and were to store such +public keys, to make it easier to find for those trying to verify +documents 100 or 1000 years from now. :)</p> + +<p>The verification itself is a simple openssl command:</p> <p><blockquote><pre> -# aptitude search '?narrow(?version(CURRENT),?origin(Debian Ports))' -i emacs - GNU Emacs editor (metapackage) -i gdb - GNU Debugger -i hurd-recommended - Miscellaneous translators -i isc-dhcp-client - ISC DHCP client -i isc-dhcp-common - common files used by all the isc-dhcp* packages -i libc-bin - Embedded GNU C Library: Binaries -i libc-dev-bin - Embedded GNU C Library: Development binaries -i libc0.3 - Embedded GNU C Library: Shared libraries -i A libc0.3-dbg - Embedded GNU C Library: detached debugging symbols -i libc0.3-dev - Embedded GNU C Library: Development Libraries and Hea -i multiarch-support - Transitional package to ensure multiarch compatibilit -i A x11-common - X Window System (X.Org) infrastructure -i xorg - X.Org X Window System -i A xserver-xorg - X.Org X server -i A xserver-xorg-input-all - X.Org X server -- input driver metapackage -# +openssl ts -verify -data $inputfile -in $sha256.tsr \ + -CAfile ca-cert.txt -text </pre></blockquote></p> -<p>All in all, testing hurd has been an interesting experience. :) -X.org did not work out of the box and I never took the time to follow -the porters instructions to fix it. This time I was interested in the -command line stuff.<p> +<p>Is there any reason this approach would not work? Is it somehow against +the Noark 5 specification?</p> - A fist full of non-anonymous Bitcoins - http://people.skolelinux.org/pere/blog/A_fist_full_of_non_anonymous_Bitcoins.html - http://people.skolelinux.org/pere/blog/A_fist_full_of_non_anonymous_Bitcoins.html - Wed, 29 Jan 2014 14:10:00 +0100 - <p>Bitcoin is a incredible use of peer to peer communication and -encryption, allowing direct and immediate money transfer without any -central control. It is sometimes claimed to be ideal for illegal -activity, which I believe is quite a long way from the truth. At least -I would not conduct illegal money transfers using a system where the -details of every transaction are kept forever. This point is -investigated in -<a href="https://www.usenix.org/publications/login">USENIX ;login:</a> -from December 2013, in the article -"<a href="https://www.usenix.org/system/files/login/articles/03_meiklejohn-online.pdf">A -Fistful of Bitcoins - Characterizing Payments Among Men with No -Names</a>" by Sarah Meiklejohn, Marjori Pomarole,Grant Jordan, Kirill -Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. They -analyse the transaction log in the Bitcoin system, using it to find -addresses belong to individuals and organisations and follow the flow -of money from both Bitcoin theft and trades on Silk Road to where the -money end up. This is how they wrap up their article:</p> - -<p><blockquote> -<p>"To demonstrate the usefulness of this type of analysis, we turned -our attention to criminal activity. In the Bitcoin economy, criminal -activity can appear in a number of forms, such as dealing drugs on -Silk Road or simply stealing someone else’s bitcoins. We followed the -flow of bitcoins out of Silk Road (in particular, from one notorious -address) and from a number of highly publicized thefts to see whether -we could track the bitcoins to known services. Although some of the -thieves attempted to use sophisticated mixing techniques (or possibly -mix services) to obscure the flow of bitcoins, for the most part -tracking the bitcoins was quite straightforward, and we ultimately saw -large quantities of bitcoins flow to a variety of exchanges directly -from the point of theft (or the withdrawal from Silk Road).</p> - -<p>As acknowledged above, following stolen bitcoins to the point at -which they are deposited into an exchange does not in itself identify -the thief; however, it does enable further de-anonymization in the -case in which certain agencies can determine (through, for example, -subpoena power) the real-world owner of the account into which the -stolen bitcoins were deposited. Because such exchanges seem to serve -as chokepoints into and out of the Bitcoin economy (i.e., there are -few alternative ways to cash out), we conclude that using Bitcoin for -money laundering or other illicit purposes does not (at least at -present) seem to be particularly attractive."</p> -</blockquote><p> - -<p>These researches are not the first to analyse the Bitcoin -transaction log. The 2011 paper -"<a href="http://arxiv.org/abs/1107.4524">An Analysis of Anonymity in -the Bitcoin System</A>" by Fergal Reid and Martin Harrigan is -summarized like this:</p> - -<p><blockquote> -"Anonymity in Bitcoin, a peer-to-peer electronic currency system, is a -complicated issue. Within the system, users are identified by -public-keys only. An attacker wishing to de-anonymize its users will -attempt to construct the one-to-many mapping between users and -public-keys and associate information external to the system with the -users. Bitcoin tries to prevent this attack by storing the mapping of -a user to his or her public-keys on that user's node only and by -allowing each user to generate as many public-keys as required. In -this chapter we consider the topological structure of two networks -derived from Bitcoin's public transaction history. We show that the -two networks have a non-trivial topological structure, provide -complementary views of the Bitcoin system and have implications for -anonymity. We combine these structures with external information and -techniques such as context discovery and flow analysis to investigate -an alleged theft of Bitcoins, which, at the time of the theft, had a -market value of approximately half a million U.S. dollars." -</blockquote></p> - -<p>I hope these references can help kill the urban myth that Bitcoin -is anonymous. It isn't really a good fit for illegal activites. Use -cash if you need to stay anonymous, at least until regular DNA -sampling of notes and coins become the norm. :)</p> - -<p>As usual, if you use Bitcoin and want to show your support of my -activities, please send Bitcoin donations to my address -<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p> + Når nynorskoversettelsen svikter til eksamen... + http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html + http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html + Sat, 3 Jun 2017 08:20:00 +0200 + <p><a href="http://www.aftenposten.no/norge/Krever-at-elever-ma-fa-annullert-eksamen-etter-rot-med-oppgavetekster-622459b.html">Aftenposten +melder i dag</a> om feil i eksamensoppgavene for eksamen i politikk og +menneskerettigheter, der teksten i bokmåls og nynorskutgaven ikke var +like. Oppgaveteksten er gjengitt i artikkelen, og jeg ble nysgjerring +på om den fri oversetterløsningen +<a href="https://www.apertium.org/">Apertium</a> ville gjort en bedre +jobb enn Utdanningsdirektoratet. Det kan se slik ut.</p> + +<p>Her er bokmålsoppgaven fra eksamenen:</p> + +<blockquote> +<p>Drøft utfordringene knyttet til nasjonalstatenes og andre aktørers +rolle og muligheter til å håndtere internasjonale utfordringer, som +for eksempel flykningekrisen.</p> + +<p>Vedlegge er eksempler på tekster som kan gi relevante perspektiver +på temaet:</p> +<ol> +<li>Flykningeregnskapet 2016, UNHCR og IDMC +<li>«Grenseløst Europa for fall» A-Magasinet, 26. november 2015 +</ol> + +</blockquote> + +<p>Dette oversetter Apertium slik:</p> + +<blockquote> +<p>Drøft utfordringane knytte til nasjonalstatane sine og rolla til +andre aktørar og høve til å handtera internasjonale utfordringar, som +til dømes *flykningekrisen.</p> + +<p>Vedleggja er døme på tekster som kan gje relevante perspektiv på +temaet:</p> + +<ol> +<li>*Flykningeregnskapet 2016, *UNHCR og *IDMC</li> +<li>«*Grenseløst Europa for fall» A-Magasinet, 26. november 2015</li> +</ol> + +</blockquote> + +<p>Ord som ikke ble forstått er markert med stjerne (*), og trenger +ekstra språksjekk. Men ingen ord er forsvunnet, slik det var i +oppgaven elevene fikk presentert på eksamen. Jeg mistenker dog at +"andre aktørers rolle og muligheter til ..." burde vært oversatt til +"rolla til andre aktørar og deira høve til ..." eller noe slikt, men +det er kanskje flisespikking. Det understreker vel bare at det alltid +trengs korrekturlesning etter automatisk oversettelse.</p> - New chrpath release 0.16 - http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html - http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html - Tue, 14 Jan 2014 11:00:00 +0100 - <p><a href="http://www.coverity.com/">Coverity</a> is a nice tool to -find problems in C, C++ and Java code using static source code -analysis. It can detect a lot of different problems, and is very -useful to find memory and locking bugs in the error handling part of -the source. The company behind it provide -<a href="https://scan.coverity.com/">check of free software projects as -a community service</a>, and many hundred free software projects are -already checked. A few days ago I decided to have a closer look at -the Coverity system, and discovered that the -<a href="http://www.gnu.org/software/gnash/">gnash</a> and -<a href="http://sourceforge.net/projects/ipmitool/">ipmitool</a> -projects I am involved with was already registered. But these are -fairly big, and I would also like to have a small and easy project to -check, and decided to <a href="http://scan.coverity.com/projects/1179">request -checking of the chrpath project</a>. It was -added to the checker and discovered seven potential defects. Six of -these were real, mostly resource "leak" when the program detected an -error. Nothing serious, as the resources would be released a fraction -of a second later when the program exited because of the error, but it -is nice to do it right in case the source of the program some time in -the future end up in a library. Having fixed all defects and added -<a href="https://lists.alioth.debian.org/mailman/listinfo/chrpath-devel">a -mailing list for the chrpath developers</a>, I decided it was time to -publish a new release. These are the release notes:</p> - -<p>New in 0.16 released 2014-01-14:</p> + Epost inn som arkivformat i Riksarkivarens forskrift? + http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html + http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html + Thu, 27 Apr 2017 11:30:00 +0200 + <p>I disse dager, med frist 1. mai, har Riksarkivaren ute en høring på +sin forskrift. Som en kan se er det ikke mye tid igjen før fristen +som går ut på søndag. Denne forskriften er det som lister opp hvilke +formater det er greit å arkivere i +<a href="http://www.arkivverket.no/arkivverket/Offentleg-forvalting/Noark/Noark-5">Noark +5-løsninger</a> i Norge.</p> + +<p>Jeg fant høringsdokumentene hos +<a href="https://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing">Norsk +Arkivråd</a> etter å ha blitt tipset på epostlisten til +<a href="https://github.com/hiOA-ABI/nikita-noark5-core">fri +programvareprosjektet Nikita Noark5-Core</a>, som lager et Noark 5 +Tjenestegresesnitt. Jeg er involvert i Nikita-prosjektet og takket +være min interesse for tjenestegrensesnittsprosjektet har jeg lest en +god del Noark 5-relaterte dokumenter, og til min overraskelse oppdaget +at standard epost ikke er på listen over godkjente formater som kan +arkiveres. Høringen med frist søndag er en glimrende mulighet til å +forsøke å gjøre noe med det. Jeg holder på med +<a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/hoering-arkivforskrift.tex">egen +høringsuttalelse</a>, og lurer på om andre er interessert i å støtte +forslaget om å tillate arkivering av epost som epost i arkivet.</p> + +<p>Er du igang med å skrive egen høringsuttalelse allerede? I så fall +kan du jo vurdere å ta med en formulering om epost-lagring. Jeg tror +ikke det trengs så mye. Her et kort forslag til tekst:</p> -<ul> - - <li>Fixed all minor bugs discovered by Coverity.</li> - <li>Updated config.sub and config.guess from the GNU project.</li> - <li>Mention new project mailing list in the documentation.</li> - -</ul> +<p><blockquote> -<p>You can -<a href="https://alioth.debian.org/frs/?group_id=31052">download the -new version 0.16 from alioth</a>. Please let us know via the Alioth -project if something is wrong with the new release. The test suite -did not discover any old errors, so if you find a new one, please also -include a test suite check.</p> - - - - - Debian Edu interview: Dominik George - http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Dominik_George.html - http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Dominik_George.html - Wed, 25 Dec 2013 13:40:00 +0100 - <p>The <a href="http://www.skolelinux.org/">Debian Edu / Skolelinux -project</a> consist of both newcomers and old timers, and this time I -was able to get an interview with a newcomer in the project who showed -up on the IRC channel a few weeks ago to let us know about his -successful installation of Debian Edu Wheezy in his School. Say hello -to <a href="https://www.ohloh.net/accounts/Natureshadow">Dominik -George</a>.</p> - -<!-- http://www.dominik-george.de/images/foto.jpg --> - -<p><strong>Who are you, and how do you spend your days?</strong></p> - -<p>I am a 23 year-old student from Germany who has spent half of his -life with open source. In "real life", I am, as already mentioned, a -student in the fields of Computer Science, Electrical Engineering, -Information Technologies and Anglistics. Due to my (only partially -voluntary) huge engagement in the open source world, these things are -a bit vacant right now however.</p> - -<p>I also have been working as a project teacher at a Gymasnium -(public school) for various years now. I took up that work some time -around 2005 when still attending that school myself and have continued -it until today. I also had been running the (kind of very advanced) -network of that school together with a team of very interested and -talented students in the age of 11 to 15 years, who took the chance to -learn a lot about open source and networking before I left the school -to help building another school's informational education concept from -scratch.</p> - -<p>That said, one might see me as a kind of "glue" between school kids -and the elderly of teachers as well as between the open source -ecosystem and the (even more complex) educational ecosystem.</p> - -<p>When I am not busy with open source or education, I like Geocaching -and cycling.</p> - -<p><strong>How did you get in contact with the Skolelinux / Debian Edu -project?</strong></p> - -<p>I think that happened some time around 2009 when I first attended -<a href="http://www.froscon.org">FrOSCon</a> and visited the project -booth. I think I wasn't too interested back then because I used to -have an attitude of disliking software that does too much stuff on its -own. Maybe I was too inexperienced to realise the upsides of an -"out-of-the-box" solution ;).</p> - -<p>The first time I actively talked to Skolelinux people was at -<a href="http://www.openrheinruhr.de">OpenRheinRuhr</a> 2011 when the -BiscuIT project, a home-grewn software used by my school for various -really cool things from timetables and class contact lists to lunch -ordering, student ID card printing and project elections first got to -a stage where it could have been published. I asked the Skolelinux -guys running the booth if the project were interested in it and gave a -small demonstration, but there wasn't any real feedback and the guys -seemed rather uninterested.</p> - -<p>After I left the school where I developed the software, it got -mostly lost, but I am now reimplementing it for my new school. I have -reusability and compatibility in mind, and I hop there will be a new -basis for contributing it to the Skolelinux project ;)!</p> - -<p><strong>What do you see as the advantages of Skolelinux / Debian -Edu?</strong></p> - -<p>The most important advantage seems to be that it "just -works". After overcoming some minor (but still very annoying) glitches -in the installer, I got a fully functional, working school network, -without the month-long hassle I experienced when setting all that up -from scratch in earlier years. And above that, it rocked - I didn't -have any real hardware at hand, because the school was just founded -and has no money whatsoever, so I installed a combined server (main -server, terminal services and workstation) in a VM on my personal -notebook, bridging the LTSP network interface to the ethernet port, -and then PXE-booted the Windows notebooks that were lying around from -it. I could use 8 clients without any performance issues, by using a -tiny little VM on a tiny little notebook. I think that's enough to say -that it rocks!</p> - -<p>Secondly, there are marketing reasons. Life's bad, and so no -politician will ever permit a setup described as "Debian, an universal -operating system, with some really cool educational tools" while they -will be jsut fine with "Skolelinux, a single-purpose solution for your -school network", even if both turn out to be the very same thing (yes, -this is unfair towards the Skolelinux project, and must not be taken -too seriously - you get the idea, anyway).</p> - -<p><strong>What do you see as the disadvantages of Skolelinux / Debian -Edu?</strong></p> - -<p>I have not been involved with Skolelinux long enough to really -answer this question in a fair way. Thus, please allow me to put it in -other words: "What do you expect from Skolelinux to keep liking it?" I -can list a few points about that:</p> + <p>Viser til høring sendt ut 2017-02-17 (Riksarkivarens referanse + 2016/9840 HELHJO), og tillater oss å sende inn noen innspill om + revisjon av Forskrift om utfyllende tekniske og arkivfaglige + bestemmelser om behandling av offentlige arkiver (Riksarkivarens + forskrift).</p> -<ul> + <p>Svært mye av vår kommuikasjon foregår i dag på e-post.  Vi + foreslår derfor at Internett-e-post, slik det er beskrevet i IETF + RFC 5322, + <a href="https://tools.ietf.org/html/rfc5322">https://tools.ietf.org/html/rfc5322</a>. bør + inn som godkjent dokumentformat.  Vi foreslår at forskriftens + oversikt over godkjente dokumentformater ved innlevering i § 5-16 + endres til å ta med Internett-e-post.</p> - <li>always strive to get all things integrated into Debian upstream - <li>be open to discussion about changes and the like, even with newcomers - <li>be helpful at being helpful ;) +</blockquote></p> -</ul> +<p>Som del av arbeidet med tjenestegrensesnitt har vi testet hvordan +epost kan lagres i en Noark 5-struktur, og holder på å skrive et +forslag om hvordan dette kan gjøres som vil bli sendt over til +arkivverket så snart det er ferdig. De som er interesserte kan +<a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/epostlagring.md">følge +fremdriften på web</a>.</p> -<p>I'm really sorry I cannot say much more about that :(!</p> - -<p><strong>Which free software do you use daily?</strong></p> - -<p>First of all, all software I use is free and open. I have abandoned -all non-free software (except for firmware on my darned phone) this -year.</p> - -<p>I run Debian GNU/Linux on all PC systems I use. On that, I mostly -run text tools. I use -<a href="https://www.mirbsd.org/mksh.htm">mksh</a> as shell, -<a href="https://www.mirbsd.org/jupp.htm">jupp</a> as very advanced -text editor (I even got the developer to help me write a script/macro -based full-featured student management software with the two), -<a href="http://mcabber.com/">mcabber</a> for XMPP and -<a href="http://www.irssi.org/">irssi</a> for IRC. For that overly -coloured world called the WWW, I use -<a href="https://www.mozilla.org/en-US/firefox/new/">Iceweasel -(Firefox)</a>. Oh, and <a href="http://www.mutt.org/">mutt</a> for -e-mail.</p> - -<p>However, while I am personally aware of the fact that text tools -are more efficient and powerful than anything else, I also use (or at -least operate) some tools that are suitable to bring open source to -kids. One of these things is <a href="http://jappix.org/">Jappix</a>, -which I already introduced to some kids even before they got aware of -Facebook, making them see for themselves that they do not need -Facebook now ;).</p> - -<p><strong>Which strategy do you believe is the right one to use to -get schools to use free software?</strong></p> - -<p>Well, that's a two-sided thing. One side is what I believe, and one -side is what I have experienced.</p> - -<p>I believe that the right strategy is showing them the benefits. But -that won't work out as long as the acceptance of free alternatives -grows globally. What I mean is that if all the kids are almost forced -to use Windows, Facebook, Skype, you name it at home, they will not -see why they would want to use alternatives at school. I have seen -students take seat in front of a fully-functional, modern Debian -desktop that could do anything their Windows at home could do, and -they jsut refused to use it because "Linux sucks". It is something -that makes the council of our city spend around 600000 € to buy -software - not including hardware, mind you - for operating school -networks, and for installing a system that, as has been proved, does -not work. For those of you readers who are good at maths, have you -already found out how many lives could have been saved with that money -if we had instead used it to bring education to parts of the world -that need it? I have, and found it to be nothing less dramatic than -plain criminal.</p> - -<p>That said, the only feasible way appears to be the bottom up -method. We have to bring free software to kids and parents. I have -founded an association named -<a href="https://www.teckids.org">Teckids</a> here in Germany that does -just that. We organise several events for kids and adolescents in the -area of free and open source software, for example the -<a href="http://kids.froscon.org">FrogLabs</a>, which share staff with -Teckids and are the youth programme of -<a href="http://www.froscon.org">the Free and Open Source Software -Conference (FrOSCon)</a>. We do a lot more than most other conferences -- this year, we first offered the FrogLabs as a holiday camp for kids -aged 10 to 16. It was a huge success, with approx. 30 kids taking part -and learning with and about free software through a whole weekend. All -of us had a lot of fun, and the results were really exciting.</p> - -<p>Apart from that, we are preparing a campaign that is supposed to bring -the message of free alternatives to stuff kids use every day to them and -their parents, e.g. the use of Jabber / Jappix instead of Facebook and -Skype. To make that possible, we are planning to get together a team of -clever kids who understand very well what their peers need and can bring -it across to them. So we will have a peer-driven network of adolescents -who teach each other and collect feedback from the community of minors. -We then take that feedback and our own experience to work closely with -open source projects, such as Skolelinux or Jappix, at improving their -software in a way that makes it more and more attractive for the target -group. At least I hope that we will have good cooperation with -Skolelinux in the future ;)!</p> - -<p>So in conclusion, what I believe is that, if it weren't for the world -being so bad, it should be very clear to the political decision makers -that the only way to go nowadays is free software for various reasons, -but I have learnt that the only way that seems to work is bottom up.</p> - -<!-- - -> * Who should be interviewed with this questions in the future? - -That's probably the hardest question of them all, as I do not know the -community. However, I would be willing to do the following: - - <li>Run an interview with a German headteacher who is very open to - free software, and also prefers it, but cannot really use it because - of the decision makers above; - <li>Run interviews with some kids, both with and without previous - knowledge about free software - -If that is wanted, just let me know ;). - ---> +<p>Oppdatering 2017-04-28: I dag ble høringuttalelsen jeg skrev + <a href="https://www.nuug.no/news/NUUGs_h_ringuttalelse_til_Riksarkivarens_forskrift.shtml">sendt + inn av foreningen NUUG</a>.</p> - Dugnadsnett for alle stiller på Oslo Maker Faire i januar 2014 - http://people.skolelinux.org/pere/blog/Dugnadsnett_for_alle_stiller_p__Oslo_Maker_Faire_i_januar_2014.html - http://people.skolelinux.org/pere/blog/Dugnadsnett_for_alle_stiller_p__Oslo_Maker_Faire_i_januar_2014.html - Tue, 10 Dec 2013 19:20:00 +0100 - <p>Helga 18. og 19. januar 2014 arrangeres -<a href="http://makerfaireoslo.no/no/program/dugnadsnett">Oslo Maker -Faire</a>, og <a href="http://www.dugnadsnett.no/">Dugnadsnett for -alle</a> har fått plass! Planen er å ha et bord med en plakat der vi -forteller om hva Dugnadsnett for alle er for noe, og et lite verksted -der vi hjelper folk som er interessert i å få opp sin egen mesh-node. -Jeg gleder meg til å se hvordan prosjektet blir mottatt der.</p> - -<p>Målet med dugnadsnett for alle i Oslo er å få på plass et datanett -for kommunikasjon ved hjelp av radio-repeaterstasjoner (kalt -mesh-noder) som gjør at en kan direkte kommunisere med slekt, venner -og bekjente i Oslo via andre som deltar i dugnadsnettet, samt gjøre -det mulig komme ut på internett via dugnadsnettet. Første delmål er å -kunne sende SMS-meldinger vha. IP-telefoni løsningen -<a href="http://www.servalproject.org/">Serval project</a> mellom -deltagerne i Dugnadsnett for alle i Oslo. Formålet er å ta tilbake -kontrollen over egen nett-infrastruktur og gjøre det dyrere å bedrive -massiv innsamling av informasjon om borgernes bruk av datanett.</p> - -<p>Høres dette interessant ut? Bli med på prosjektet, fortell oss -hvor du kunne tenke deg å sette opp en radio-repeater (slik at folk i -nærheten kan finne hverandre ved hjelp av -<a href="http://flynor.net/mesh/mesh.php">kartet over planlagte og -eksisterende radio-repeatere</A>), bli med på epostlisten -<a href="http://lists.nuug.no/mailman/listinfo/dugnadsnett">dugnadsnett -(at) nuug.no</a> og stikk innom -<a href="irc://irc.freenode.net/#dugnadsnett.no">IRC-kanalen -#dugnadsnett.no</a>. Så langt er det planlagt over 40 -radio-repeatere, med VPN-forbindelser via Internet for å la de delene -av nettet som ikke når hverandre via radio kunne snakke med hverandre -likevel.</p> + Offentlig elektronisk postjournal blokkerer tilgang for utvalgte webklienter + http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html + http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html + Thu, 20 Apr 2017 13:00:00 +0200 + <p>Jeg oppdaget i dag at <a href="https://www.oep.no/">nettstedet som +publiserer offentlige postjournaler fra statlige etater</a>, OEP, har +begynt å blokkerer enkelte typer webklienter fra å få tilgang. Vet +ikke hvor mange det gjelder, men det gjelder i hvert fall libwww-perl +og curl. For å teste selv, kjør følgende:</p> + +<blockquote><pre> +% curl -v -s https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP' +< HTTP/1.1 404 Not Found +% curl -v -s --header 'User-Agent:Opera/12.0' https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP' +< HTTP/1.1 200 OK +% +</pre></blockquote> + +<p>Her kan en se at tjenesten gir «404 Not Found» for curl i +standardoppsettet, mens den gir «200 OK» hvis curl hevder å være Opera +versjon 12.0. Offentlig elektronisk postjournal startet blokkeringen +2017-03-02.</p> + +<p>Blokkeringen vil gjøre det litt vanskeligere å maskinelt hente +informasjon fra oep.no. Kan blokkeringen være gjort for å hindre +automatisert innsamling av informasjon fra OEP, slik Pressens +Offentlighetsutvalg gjorde for å dokumentere hvordan departementene +hindrer innsyn i +<a href="http://presse.no/dette-mener-np/undergraver-offentlighetsloven/">rapporten +«Slik hindrer departementer innsyn» som ble publiserte i januar +2017</a>. Det virker usannsynlig, da det jo er trivielt å bytte +User-Agent til noe nytt.</p> + +<p>Finnes det juridisk grunnlag for det offentlige å diskriminere +webklienter slik det gjøres her? Der tilgang gis eller ikke alt etter +hva klienten sier at den heter? Da OEP eies av DIFI og driftes av +Basefarm, finnes det kanskje noen dokumenter sendt mellom disse to +aktørene man kan be om innsyn i for å forstå hva som har skjedd. Men +<a href="https://www.oep.no/search/result.html?period=dateRange&fromDate=01.01.2016&toDate=01.04.2017&dateType=documentDate&caseDescription=&descType=both&caseNumber=&documentNumber=&sender=basefarm&senderType=both&documentType=all&legalAuthority=&archiveCode=&list2=196&searchType=advanced&Search=Search+in+records">postjournalen +til DIFI viser kun to dokumenter</a> det siste året mellom DIFI og +Basefarm. +<a href="https://www.mimesbronn.no/request/blokkering_av_tilgang_til_oep_fo">Mimes brønn neste</a>, +tenker jeg.</p> - Debian Edu interview: Klaus Knopper - http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Klaus_Knopper.html - http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Klaus_Knopper.html - Fri, 6 Dec 2013 09:50:00 +0100 - <p>It has been a while since I managed to publish the last interview, -but the <a href="http://www.skolelinux.org/">Debian Edu / -Skolelinux</a> community is still going strong, and yesterday we even -had a new school administrator show up on -<a href="irc://irc.debian.org/#debian-edu">#debian-edu</a> to share -his success story with installing Debian Edu at their school. This -time I have been able to get some helpful comments from the creator of -Knoppix, Klaus Knopper, who was involved in a Skolelinux project in -Germany a few years ago.</p> - -<p><strong>Who are you, and how do you spend your days?</strong></p> - -<p>I am Klaus Knopper. I have a master degree in electrical -engineering, and is currently professor in information management at -the university of applied sciences Kaiserslautern / Germany and -freelance Open Source software developer and consultant.</p> - -<p>All of this is pretty much of the work I spend my days with. Apart -from teaching, I'm also conducting some more or less experimental -projects like the <a href="http://www.knoppix.org">Knoppix GNU/Linux live -system</a> (Debian-based like Skolelinux), -<a href="http://www.knopper.net/knoppix-adriane/index-en.html">ADRIANE</a> -(a blind-friendly talking desktop system) and -<a href="http://www.knopper.net/linbo/index-en.html">LINBO</a> -(Linux-based network boot console, a fast remote install and repair -system supporting various operating systems).</p> - -<p><strong>How did you get in contact with the Skolelinux / Debian Edu -project?</strong></p> - -<p>The credit for this have to go to Kurt Gramlich, who is the German -coordinator for Skolelinux. We were looking for an all-in-one open -source community-supported distribution for schools, and Kurt -introduced us to Skolelinux for this purpose.</p> - -<p><strong>What do you see as the advantages of Skolelinux / Debian -Edu?</strong></p> + Free software archive system Nikita now able to store documents + http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html + http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html + Sun, 19 Mar 2017 08:00:00 +0100 + <p>The <a href="https://github.com/hiOA-ABI/nikita-noark5-core">Nikita +Noark 5 core project</a> is implementing the Norwegian standard for +keeping an electronic archive of government documents. +<a href="http://www.arkivverket.no/arkivverket/Offentlig-forvaltning/Noark/Noark-5/English-version">The +Noark 5 standard</a> document the requirement for data systems used by +the archives in the Norwegian government, and the Noark 5 web interface +specification document a REST web service for storing, searching and +retrieving documents and metadata in such archive. I've been involved +in the project since a few weeks before Christmas, when the Norwegian +Unix User Group +<a href="https://www.nuug.no/news/NOARK5_kjerne_som_fri_programvare_f_r_epostliste_hos_NUUG.shtml">announced +it supported the project</a>. I believe this is an important project, +and hope it can make it possible for the government archives in the +future to use free software to keep the archives we citizens depend +on. But as I do not hold such archive myself, personally my first use +case is to store and analyse public mail journal metadata published +from the government. I find it useful to have a clear use case in +mind when developing, to make sure the system scratches one of my +itches.</p> + +<p>If you would like to help make sure there is a free software +alternatives for the archives, please join our IRC channel +(<a href="irc://irc.freenode.net/%23nikita"">#nikita on +irc.freenode.net</a>) and +<a href="https://lists.nuug.no/mailman/listinfo/nikita-noark">the +project mailing list</a>.</p> + +<p>When I got involved, the web service could store metadata about +documents. But a few weeks ago, a new milestone was reached when it +became possible to store full text documents too. Yesterday, I +completed an implementation of a command line tool +<tt>archive-pdf</tt> to upload a PDF file to the archive using this +API. The tool is very simple at the moment, and find existing +<a href="https://en.wikipedia.org/wiki/Fonds">fonds</a>, series and +files while asking the user to select which one to use if more than +one exist. Once a file is identified, the PDF is associated with the +file and uploaded, using the title extracted from the PDF itself. The +process is fairly similar to visiting the archive, opening a cabinet, +locating a file and storing a piece of paper in the archive. Here is +a test run directly after populating the database with test data using +our API tester:</p> -<ul> - <li>Quick installation,</li> - <li>works (almost) out of the box,</li> - <li>contains many useful software packages for teaching and learning,</li> - <li>is a purely community-based distro and not controlled by a - single company,</li> - <li>has a large number of supporters and teachers who share their - experience and problem solutions.</li> -</ul> - -<p><strong>What do you see as the disadvantages of Skolelinux / Debian -Edu?</strong></p> - -<ul> - <li>Skolelinux is - as we had to learn - not easily upgradable to - the next version. Opposed to its genuine Debian base, upgrading to - a new version means a full new installation from scratch to get it - working again reliably. - - <li>Skolelinux is based on Debian/stable, and therefore always a - little outdated in terms of program versions compared to Edubuntu or - similar educational Linux distros, which rather use Debian/testing - as their base. - - <li>Skolelinux has some very self-opinionated and stubborn default - configuration which in my opinion adds unnecessary complexity and is - not always suitable for a schools needs, the preset network - configuration is actually a core definition feature of Skolelinux - and not easy to change, so schools sometimes have to change their - network configuration to make it "Skolelinux-compatible". - - <li>Some proposed extensions, which were made available as - contribution, like secure examination mode and lecture material - distribution and collection, were not accepted into the mainline - Skolelinux development and are now not easy to maintain in the - future because of Skolelinux somewhat undeterministic update - schemes.</li> - - <li>Skolelinux has only a very tiny number of base developers - compared to Debian.</li> - -</ul> - -<p>For these reasons and experience from our project, I would now -rather consider using plain Debian for schools next time, until -Skolelinux is more closely integrated into Debian and becomes -upgradeable without reinstallation.</p> - -<p><strong>Which free software do you use daily?</strong></p> - -<p>GNU/Linux with LXDE desktop, bash for interactive dialog and -programming, texlive for documentation and correspondence, -occasionally LibreOffice for document format conversion. Various -programming languages for teaching.</p> - -<p><strong>Which strategy do you believe is the right one to use to -get schools to use free software?</strong></p> - -<p>Strong arguments are</p> - -<ul> - - <li>Knowledge is free, and so should be methods and tools for - teaching and learning.</li> - - <li>Students can learn with and use the same software at school, at - home, and at their working place without running into license or - conversion problems.</li> - - <li>Closed source or proprietary software hides knowledge rather - than exposing it, and proprietary software vendors try to bind - customers to certain products. But teachers need to teach - science, not products.</li> - - <li>If you have everything you for daily work as open source, what - would you need proprietary software for?</li> +<p><blockquote><pre> +~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf +using arkiv: Title of the test fonds created 2017-03-18T23:49:32.103446 +using arkivdel: Title of the test series created 2017-03-18T23:49:32.103446 + + 0 - Title of the test case file created 2017-03-18T23:49:32.103446 + 1 - Title of the test file created 2017-03-18T23:49:32.103446 +Select which mappe you want (or search term): 0 +Uploading mangelmelding/mangler.pdf + PDF title: Mangler i spesifikasjonsdokumentet for NOARK 5 Tjenestegrensesnitt + File 2017/1: Title of the test case file created 2017-03-18T23:49:32.103446 +~/src//noark5-tester$ +</pre></blockquote></p> -</ul> - - - - - Dugnadsnett for alle, a wireless community network in Oslo, take shape - http://people.skolelinux.org/pere/blog/Dugnadsnett_for_alle__a_wireless_community_network_in_Oslo__take_shape.html - http://people.skolelinux.org/pere/blog/Dugnadsnett_for_alle__a_wireless_community_network_in_Oslo__take_shape.html - Sat, 30 Nov 2013 10:10:00 +0100 - <p>If you want the ability to electronically communicate directly with -your neighbors and friends using a network controlled by your peers in -stead of centrally controlled by a few corporations, or would like to -experiment with interesting network technology, the -<a href="http://www.dugnadsnett.no/">Dugnasnett for alle i Oslo</a> -might be project for you. 39 mesh nodes are currently being planned, -in the freshly started initiative from NUUG and Hackeriet to create a -wireless community network. The work is inspired by -<a href="http://freifunk.net/">Freifunk</a>, -<a href="http://www.awmn.net/">Athens Wireless Metropolitan -Network</a>, <a href="http://en.wikipedia.org/wiki/Roofnet">Roofnet</a> -and other successful mesh networks around the globe. Two days ago we -held a workshop to try to get people started on setting up their own -mesh node, and there we decided to create a new mailing list -<a href="http://lists.nuug.no/mailman/listinfo/dugnadsnett">dugnadsnett -(at) nuug.no</a> and IRC channel -<a href="irc://irc.freenode.net/#dugnadsnett.no">#dugnadsnett.no</a> to -coordinate the work. See also the NUUG blog post -<a href="http://www.nuug.no/news/E_postliste_og_IRC_kanal_for_Dugnadsnett_for_alle_i_Oslo.shtml">announcing -the mailing list and IRC channel</a>.</p> +<p>You can see here how the fonds (arkiv) and serie (arkivdel) only had +one option, while the user need to choose which file (mappe) to use +among the two created by the API tester. The <tt>archive-pdf</tt> +tool can be found in the git repository for the API tester.</p> + +<p>In the project, I have been mostly working on +<a href="https://github.com/petterreinholdtsen/noark5-tester">the API +tester</a> so far, while getting to know the code base. The API +tester currently use +<a href="https://en.wikipedia.org/wiki/HATEOAS">the HATEOAS links</a> +to traverse the entire exposed service API and verify that the exposed +operations and objects match the specification, as well as trying to +create objects holding metadata and uploading a simple XML file to +store. The tester has proved very useful for finding flaws in our +implementation, as well as flaws in the reference site and the +specification.</p> + +<p>The test document I uploaded is a summary of all the specification +defects we have collected so far while implementing the web service. +There are several unclear and conflicting parts of the specification, +and we have +<a href="https://github.com/petterreinholdtsen/noark5-tester/tree/master/mangelmelding">started +writing down</a> the questions we get from implementing it. We use a +format inspired by how <a href="http://www.opengroup.org/austin/">The +Austin Group</a> collect defect reports for the POSIX standard with +<a href="http://www.opengroup.org/austin/mantis.html">their +instructions for the MANTIS defect tracker system</a>, in lack of an official way to structure defect reports for Noark 5 (our first submitted defect report was a <a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/mangelmelding/sendt/2017-03-15-mangel-prosess.md">request for a procedure for submitting defect reports</a> :). + +<p>The Nikita project is implemented using Java and Spring, and is +fairly easy to get up and running using Docker containers for those +that want to test the current code base. The API tester is +implemented in Python.</p>