X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/17a7cc8c1a60f7341f92e0f757b83700189144a7..2377a19a2fcd67c09830cbb4a2a81cfd5a6f00d6:/blog/archive/2017/06/06.rss diff --git a/blog/archive/2017/06/06.rss b/blog/archive/2017/06/06.rss index 8212ae963a..8f2483d2f1 100644 --- a/blog/archive/2017/06/06.rss +++ b/blog/archive/2017/06/06.rss @@ -6,6 +6,260 @@ http://people.skolelinux.org/pere/blog/ + + «Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet» + http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html + http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html + Tue, 27 Jun 2017 17:50:00 +0200 + <p>Jeg kom over teksten +«<a href="https://freedom-to-tinker.com/2017/06/21/killing-car-privacy-by-federal-mandate/">Killing +car privacy by federal mandate</a>» av Leonid Reyzin på Freedom to +Tinker i dag, og det gleder meg å se en god gjennomgang om hvorfor det +er et urimelig inngrep i privatsfæren å la alle biler kringkaste sin +posisjon og bevegelse via radio. Det omtalte forslaget basert på +Dedicated Short Range Communication (DSRC) kalles Basic Safety Message +(BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det +norske Vegvesenet er en av de som ser ut til å kunne tenke seg å +pålegge alle biler å fjerne nok en bit av innbyggernes privatsfære. +Anbefaler alle å lese det som står der. + +<p>Mens jeg tittet litt på DSRC på biler i Norge kom jeg over et sitat +jeg synes er illustrativt for hvordan det offentlige Norge håndterer +problemstillinger rundt innbyggernes privatsfære i SINTEF-rapporten +«<a href="https://www.sintef.no/publikasjoner/publikasjon/Download/?pubid=SINTEF+A23933">Informasjonssikkerhet +i AutoPASS-brikker</a>» av Trond Foss:</p> + +<p><blockquote> +«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig + integritet.» +</blockquote></p> + +<p>Så enkelt kan det tydeligvis gjøres når en vurderer +informasjonssikkerheten. Det holder vel at folkene på toppen kan si +at «Personvernet er ivaretatt», som jo er den populære intetsigende +frasen som gjør at mange tror enkeltindividers integritet tas vare på. +Sitatet fikk meg til å undres på hvor ofte samme tilnærming, å bare se +bort fra behovet for personlig itegritet, blir valgt når en velger å +legge til rette for nok et inngrep i privatsfæren til personer i +Norge. Det er jo sjelden det får reaksjoner. Historien om +reaksjonene på Helse Sør-Østs tjenesteutsetting er jo sørgelig nok et +unntak og toppen av isfjellet, desverre. Tror jeg fortsatt takker nei +til både AutoPASS og holder meg så langt unna det norske helsevesenet +som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter +individets privatsfære og personlige integritet høyere enn kortsiktig +gevist og samfunnsnytte.</p> + + + + + Updated sales number for my Free Culture paper editions + http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html + http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html + Mon, 12 Jun 2017 11:40:00 +0200 + <p>It is pleasing to see that the work we put down in publishing new +editions of the classic <a href="http://www.free-culture.cc/">Free +Culture book</a> by the founder of the Creative Commons movement, +Lawrence Lessig, is still being appreciated. I had a look at the +latest sales numbers for the paper edition today. Not too impressive, +but happy to see some buyers still exist. All the revenue from the +books is sent to the <a href="https://creativecommons.org/">Creative +Commons Corporation</a>, and they receive the largest cut if you buy +directly from Lulu. Most books are sold via Amazon, with Ingram +second and only a small fraction directly from Lulu. The ebook +edition is available for free from +<a href="https://github.com/petterreinholdtsen/free-culture-lessig">Github</a>.</p> + +<table border="0"> +<tr><th rowspan="2" valign="bottom">Title / language</th><th colspan="3">Quantity</th></tr> +<tr><th>2016 jan-jun</th><th>2016 jul-dec</th><th>2017 jan-may</th></tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">Culture Libre / French</a></td> + <td align="right">3</td> + <td align="right">6</td> + <td align="right">15</td> +</tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Fri kultur / Norwegian</a></td> + <td align="right">7</td> + <td align="right">1</td> + <td align="right">0</td> +</tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">Free Culture / English</a></td> + <td align="right">14</td> + <td align="right">27</td> + <td align="right">16</td> +</tr> + +<tr> + <td>Total</td> + <td align="right">24</td> + <td align="right">34</td> + <td align="right">31</td> +</tr> + +</table> + +<p>A bit sad to see the low sales number on the Norwegian edition, and +a bit surprising the English edition still selling so well.</p> + +<p>If you would like to translate and publish the book in your native +language, I would be happy to help make it happen. Please get in +touch.</p> + + + + + Release 0.1.1 of free software archive system Nikita announced + http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html + http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html + Sat, 10 Jun 2017 00:40:00 +0200 + <p>I am very happy to report that the +<a href="https://github.com/hiOA-ABI/nikita-noark5-core">Nikita Noark 5 +core project</a> tagged its second release today. The free software +solution is an implementation of the Norwegian archive standard Noark +5 used by government offices in Norway. These were the changes in +version 0.1.1 since version 0.1.0 (from NEWS.md): + +<ul> + + <li>Continued work on the angularjs GUI, including document upload.</li> + <li>Implemented correspondencepartPerson, correspondencepartUnit and + correspondencepartInternal</li> + <li>Applied for coverity coverage and started submitting code on + regualr basis.</li> + <li>Started fixing bugs reported by coverity</li> + <li>Corrected and completed HATEOAS links to make sure entire API is + available via URLs in _links.</li> + <li>Corrected all relation URLs to use trailing slash.</li> + <li>Add initial support for storing data in ElasticSearch.</li> + <li>Now able to receive and store uploaded files in the archive.</li> + <li>Changed JSON output for object lists to have relations in _links.</li> + <li>Improve JSON output for empty object lists.</li> + <li>Now uses correct MIME type application/vnd.noark5-v4+json.</li> + <li>Added support for docker container images.</li> + <li>Added simple API browser implemented in JavaScript/Angular.</li> + <li>Started on archive client implemented in JavaScript/Angular.</li> + <li>Started on prototype to show the public mail journal.</li> + <li>Improved performance by disabling Sprint FileWatcher.</li> + <li>Added support for 'arkivskaper', 'saksmappe' and 'journalpost'.</li> + <li>Added support for some metadata codelists.</li> + <li>Added support for Cross-origin resource sharing (CORS).</li> + <li>Changed login method from Basic Auth to JSON Web Token (RFC 7519) + style.</li> + <li>Added support for GET-ing ny-* URLs.</li> + <li>Added support for modifying entities using PUT and eTag.</li> + <li>Added support for returning XML output on request.</li> + <li>Removed support for English field and class names, limiting ourself + to the official names.</li> + <li>...</li> + +</ul> + +<p>If this sound interesting to you, please contact us on IRC (#nikita +on irc.freenode.net) or email +(<a href="https://lists.nuug.no/mailman/listinfo/nikita-noark">nikita-noark +mailing list).</p> + + + + + Idea for storing trusted timestamps in a Noark 5 archive + http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html + http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html + Wed, 7 Jun 2017 21:40:00 +0200 + <p><em>This is a copy of +<a href="https://lists.nuug.no/pipermail/nikita-noark/2017-June/000297.html">an +email I posted to the nikita-noark mailing list</a>. Please follow up +there if you would like to discuss this topic. The background is that +we are making a free software archive system based on the Norwegian +<a href="https://www.arkivverket.no/forvaltning-og-utvikling/regelverk-og-standarder/noark-standarden">Noark +5 standard</a> for government archives.</em></p> + +<p>I've been wondering a bit lately how trusted timestamps could be +stored in Noark 5. +<a href="https://en.wikipedia.org/wiki/Trusted_timestamping">Trusted +timestamps</a> can be used to verify that some information +(document/file/checksum/metadata) have not been changed since a +specific time in the past. This is useful to verify the integrity of +the documents in the archive.</p> + +<p>Then it occured to me, perhaps the trusted timestamps could be +stored as dokument variants (ie dokumentobjekt referered to from +dokumentbeskrivelse) with the filename set to the hash it is +stamping?</p> + +<p>Given a "dokumentbeskrivelse" with an associated "dokumentobjekt", +a new dokumentobjekt is associated with "dokumentbeskrivelse" with the +same attributes as the stamped dokumentobjekt except these +attributes:</p> + +<ul> + +<li>format -> "RFC3161" +<li>mimeType -> "application/timestamp-reply" +<li>formatDetaljer -> "&lt;source URL for timestamp service&gt;" +<li>filenavn -> "&lt;sjekksum&gt;.tsr" + +</ul> + +<p>This assume a service following +<a href="https://tools.ietf.org/html/rfc3161">IETF RFC 3161</a> is +used, which specifiy the given MIME type for replies and the .tsr file +ending for the content of such trusted timestamp. As far as I can +tell from the Noark 5 specifications, it is OK to have several +variants/renderings of a dokument attached to a given +dokumentbeskrivelse objekt. It might be stretching it a bit to make +some of these variants represent crypto-signatures useful for +verifying the document integrity instead of representing the dokument +itself.</p> + +<p>Using the source of the service in formatDetaljer allow several +timestamping services to be used. This is useful to spread the risk +of key compromise over several organisations. It would only be a +problem to trust the timestamps if all of the organisations are +compromised.</p> + +<p>The following oneliner on Linux can be used to generate the tsr +file. $input is the path to the file to checksum, and $sha256 is the +SHA-256 checksum of the file (ie the "<sjekksum>.tsr" value mentioned +above).</p> + +<p><blockquote><pre> +openssl ts -query -data "$inputfile" -cert -sha256 -no_nonce \ + | curl -s -H "Content-Type: application/timestamp-query" \ + --data-binary "@-" http://zeitstempel.dfn.de > $sha256.tsr +</pre></blockquote></p> + +<p>To verify the timestamp, you first need to download the public key +of the trusted timestamp service, for example using this command:</p> + +<p><blockquote><pre> +wget -O ca-cert.txt \ + https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt +</pre></blockquote></p> + +<p>Note, the public key should be stored alongside the timestamps in +the archive to make sure it is also available 100 years from now. It +is probably a good idea to standardise how and were to store such +public keys, to make it easier to find for those trying to verify +documents 100 or 1000 years from now. :)</p> + +<p>The verification itself is a simple openssl command:</p> + +<p><blockquote><pre> +openssl ts -verify -data $inputfile -in $sha256.tsr \ + -CAfile ca-cert.txt -text +</pre></blockquote></p> + +<p>Is there any reason this approach would not work? Is it somehow against +the Noark 5 specification?</p> + + + Når nynorskoversettelsen svikter til eksamen... http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html