X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/25f2b5e3fc0997d9b3c013dd365ab468694844d4..2d047348b0dfe1d3bab7955e9bf9b52223e84373:/blog/index.rss diff --git a/blog/index.rss b/blog/index.rss index 82c7ef73ed..3b4e21fa9b 100644 --- a/blog/index.rss +++ b/blog/index.rss @@ -7,668 +7,640 @@ - Teaching vmdebootstrap to create Raspberry Pi SD card images - http://people.skolelinux.org/pere/blog/Teaching_vmdebootstrap_to_create_Raspberry_Pi_SD_card_images.html - http://people.skolelinux.org/pere/blog/Teaching_vmdebootstrap_to_create_Raspberry_Pi_SD_card_images.html - Sun, 27 Oct 2013 17:00:00 +0100 - <p>The -<a href="http://packages.qa.debian.org/v/vmdebootstrap.html">vmdebootstrap</a> -program is a a very nice system to create virtual machine images. It -create a image file, add a partition table, mount it and run -debootstrap in the mounted directory to create a Debian system on a -stick. Yesterday, I decided to try to teach it how to make images for -<a href="https://wiki.debian.org/RaspberryPi">Raspberry Pi</a>, as part -of a plan to simplify the build system for -<a href="https://wiki.debian.org/FreedomBox">the FreedomBox -project</a>. The FreedomBox project already uses vmdebootstrap for -the virtualbox images, but its current build system made multistrap -based system for Dreamplug images, and it is lacking support for -Raspberry Pi.</p> - -<p>Armed with the knowledge on how to build "foreign" (aka non-native -architecture) chroots for Raspberry Pi, I dived into the vmdebootstrap -code and adjusted it to be able to build armel images on my amd64 -Debian laptop. I ended up giving vmdebootstrap five new options, -allowing me to replicate the image creation process I use to make -<a href="http://people.skolelinux.org/pere/blog/A_Raspberry_Pi_based_batman_adv_Mesh_network_node.html">Debian -Jessie based mesh node images for the Raspberry Pi</a>. First, the -<tt>--foreign /path/to/binfm_handler</tt> option tell vmdebootstrap to -call debootstrap with --foreign and to copy the handler into the -generated chroot before running the second stage. This allow -vmdebootstrap to create armel images on an amd64 host. Next I added -two new options <tt>--bootsize size</tt> and <tt>--boottype -fstype</tt> to teach it to create a separate /boot/ partition with the -given file system type, allowing me to create an image with a vfat -partition for the /boot/ stuff. I also added a <tt>--variant -variant</tt> option to allow me to create smaller images without the -Debian base system packages installed. Finally, I added an option -<tt>--no-extlinux</tt> to tell vmdebootstrap to not install extlinux -as a boot loader. It is not needed on the Raspberry Pi and probably -most other non-x86 architectures. The changes were accepted by the -upstream author of vmdebootstrap yesterday and today, and is now -available from -<a href="http://git.liw.fi/cgi-bin/cgit/cgit.cgi/vmdebootstrap/">the -upstream project page</a>.</p> - -<p>To use it to build a Raspberry Pi image using Debian Jessie, first -create a small script (the customize script) to add the non-free -binary blob needed to boot the Raspberry Pi and the APT source -list:</p> - -<p><pre> -#!/bin/sh -set -e # Exit on first error -rootdir="$1" -cd "$rootdir" -cat &lt;&lt;EOF > etc/apt/sources.list -deb http://http.debian.net/debian/ jessie main contrib non-free -EOF -# Install non-free binary blob needed to boot Raspberry Pi. This -# install a kernel somewhere too. -wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update \ - -O $rootdir/usr/bin/rpi-update -chmod a+x $rootdir/usr/bin/rpi-update -mkdir -p $rootdir/lib/modules -touch $rootdir/boot/start.elf -chroot $rootdir rpi-update -</pre></p> - -<p>Next, fetch the latest vmdebootstrap script and call it like this -to build the image:</p> - -<pre> -sudo ./vmdebootstrap \ - --variant minbase \ - --arch armel \ - --distribution jessie \ - --mirror http://http.debian.net/debian \ - --image test.img \ - --size 600M \ - --bootsize 64M \ - --boottype vfat \ - --log-level debug \ - --verbose \ - --no-kernel \ - --no-extlinux \ - --root-password raspberry \ - --hostname raspberrypi \ - --foreign /usr/bin/qemu-arm-static \ - --customize `pwd`/customize \ - --package netbase \ - --package git-core \ - --package binutils \ - --package ca-certificates \ - --package wget \ - --package kmod -</pre></p> - -<p>The list of packages being installed are the ones needed by -rpi-update to make the image bootable on the Raspberry Pi, with the -exception of netbase, which is needed by debootstrap to find -/etc/hosts with the minbase variant. I really wish there was a way to -set up an Raspberry Pi using only packages in the Debian archive, but -that is not possible as far as I know, because it boots from the GPU -using a non-free binary blob.</p> - -<p>The build host need debootstrap, kpartx and qemu-user-static and -probably a few others installed. I have not checked the complete -build dependency list.</p> - -<p>The resulting image will not use the hardware floating point unit -on the Raspberry PI, because the armel architecture in Debian is not -optimized for that use. So the images created will be a bit slower -than <a href="http://www.raspbian.org/">Raspbian</a> based images.</p> + Simpler recipe on how to make a simple $7 IMSI Catcher using Debian + http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html + http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html + Wed, 9 Aug 2017 23:59:00 +0200 + <p>On friday, I came across an interesting article in the Norwegian +web based ICT news magazine digi.no on +<a href="https://www.digi.no/artikler/sikkerhetsforsker-lagde-enkel-imsi-catcher-for-60-kroner-na-kan-mobiler-kartlegges-av-alle/398588">how +to collect the IMSI numbers of nearby cell phones</a> using the cheap +DVB-T software defined radios. The article refered to instructions +and <a href="https://www.youtube.com/watch?v=UjwgNd_as30">a recipe by +Keld Norman on Youtube on how to make a simple $7 IMSI Catcher</a>, and I decided to test them out.</p> + +<p>The instructions said to use Ubuntu, install pip using apt (to +bypass apt), use pip to install pybombs (to bypass both apt and pip), +and the ask pybombs to fetch and build everything you need from +scratch. I wanted to see if I could do the same on the most recent +Debian packages, but this did not work because pybombs tried to build +stuff that no longer build with the most recent openssl library or +some other version skew problem. While trying to get this recipe +working, I learned that the apt->pip->pybombs route was a long detour, +and the only piece of software dependency missing in Debian was the +gr-gsm package. I also found out that the lead upstream developer of +gr-gsm (the name stand for GNU Radio GSM) project already had a set of +Debian packages provided in an Ubuntu PPA repository. All I needed to +do was to dget the Debian source package and built it.</p> + +<p>The IMSI collector is a python script listening for packages on the +loopback network device and printing to the terminal some specific GSM +packages with IMSI numbers in them. The code is fairly short and easy +to understand. The reason this work is because gr-gsm include a tool +to read GSM data from a software defined radio like a DVB-T USB stick +and other software defined radios, decode them and inject them into a +network device on your Linux machine (using the loopback device by +default). This proved to work just fine, and I've been testing the +collector for a few days now.</p> + +<p>The updated and simpler recipe is thus to</p> + +<ol> + +<li>start with a Debian machine running Stretch or newer,</li> + +<li>build and install the gr-gsm package available from +<a href="http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/">http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/</a>,</li> + +<li>clone the git repostory from <a href="https://github.com/Oros42/IMSI-catcher">https://github.com/Oros42/IMSI-catcher</a>,</li> + +<li>run grgsm_livemon and adjust the frequency until the terminal +where it was started is filled with a stream of text (meaning you +found a GSM station).</li> + +<li>go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.</li> + +</ol> + +<p>To make it even easier in the future to get this sniffer up and +running, I decided to package +<a href="https://github.com/ptrkrysik/gr-gsm/">the gr-gsm project</a> +for Debian (<a href="https://bugs.debian.org/871055">WNPP +#871055</a>), and the package was uploaded into the NEW queue today. +Luckily the gnuradio maintainer has promised to help me, as I do not +know much about gnuradio stuff yet.</p> + +<p>I doubt this "IMSI cacher" is anywhere near as powerfull as +commercial tools like +<a href="https://www.thespyphone.com/portable-imsi-imei-catcher/">The +Spy Phone Portable IMSI / IMEI Catcher</a> or the +<a href="https://en.wikipedia.org/wiki/Stingray_phone_tracker">Harris +Stingray</a>, but I hope the existance of cheap alternatives can make +more people realise how their whereabouts when carrying a cell phone +is easily tracked. Seeing the data flow on the screen, realizing that +I live close to a police station and knowing that the police is also +wearing cell phones, I wonder how hard it would be for criminals to +track the position of the police officers to discover when there are +police near by, or for foreign military forces to track the location +of the Norwegian military forces, or for anyone to track the location +of government officials...</p> + +<p>It is worth noting that the data reported by the IMSI-catcher +script mentioned above is only a fraction of the data broadcasted on +the GSM network. It will only collect one frequency at the time, +while a typical phone will be using several frequencies, and not all +phones will be using the frequencies tracked by the grgsm_livemod +program. Also, there is a lot of radio chatter being ignored by the +simple_IMSI-catcher script, which would be collected by extending the +parser code. I wonder if gr-gsm can be set up to listen to more than +one frequency?</p> - Det er jo makta som er mest sårbar ved massiv overvåkning av Internett - http://people.skolelinux.org/pere/blog/Det_er_jo_makta_som_er_mest_s_rbar_ved_massiv_overv_kning_av_Internett.html - http://people.skolelinux.org/pere/blog/Det_er_jo_makta_som_er_mest_s_rbar_ved_massiv_overv_kning_av_Internett.html - Sat, 26 Oct 2013 20:30:00 +0200 - <p>De siste måneders eksponering av -<a href="http://www.aftenposten.no/nyheter/uriks/Her-er-Edvard-Snowdens-mest-omtalte-avsloringer-7351734.html">den -totale overvåkningen som foregår i den vestlige verden dokumenterer -hvor sårbare vi er</a>. Men det slår meg at de som er mest sårbare -for dette, myndighetspersoner på alle nivåer, neppe har innsett at de -selv er de mest interessante personene å lage profiler på, for å kunne -påvirke dem.</p> - -<p>For å ta et lite eksempel: Stortingets nettsted, -<a href="http://www.stortinget.no/">www.stortinget.no</a> (og -forsåvidt også -<a href="http://data.stortinget.no/">data.stortinget.no</a>), -inneholder informasjon om det som foregår på Stortinget, og jeg antar -de største brukerne av informasjonen der er representanter og -rådgivere på Stortinget. Intet overraskende med det. Det som derimot -er mer skjult er at Stortingets nettsted bruker -<a href="http://en.wikipedia.org/wiki/Google_Analytics">Google -Analytics</a>, hvilket gjør at enhver som besøker nettsidene der også -rapporterer om besøket via Internett-linjer som passerer Sverige, -England og videre til USA. Det betyr at informasjon om ethvert besøk -på stortingets nettsider kan snappes opp av svensk, britisk og USAs -etterretningsvesen. De kan dermed holde et øye med hvilke -Stortingssaker stortingsrepresentantene synes er interessante å sjekke -ut, og hvilke sider rådgivere og andre på stortinget synes er -interessant å besøke, når de gjør det og hvilke andre representanter -som sjekker de samme sidene omtrent samtidig. Stortingets bruk av -Google Analytics gjør det dermed enkelt for utenlands etteretning å -spore representantenes aktivitet og interesse. Hvis noen av -representantene bruker Google Mail eller noen andre tjenestene som -krever innlogging, så vil det være enda enklere å finne ut nøyaktig -hvilke personer som bruker hvilke nettlesere og dermed knytte -informasjonen opp til enkeltpersoner på Stortinget.</p> - -<p>Og jo flere nettsteder som bruker Google Analytics, jo bedre -oversikt over stortingsrepresentantenes lesevaner og interesse blir -tilgjengelig for svensk, britisk og USAs etterretning. Hva de kan -bruke den informasjonen til overlater jeg til leseren å undres -over.</p> + Norwegian Bokmål edition of Debian Administrator's Handbook is now available + http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html + http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html + Tue, 25 Jul 2017 21:10:00 +0200 + <p align="center"><img align="center" src="http://people.skolelinux.org/pere/blog/images/2017-07-25-debian-handbook-nb-testprint.png"/></p> + +<p>I finally received a copy of the Norwegian Bokmål edition of +"<a href="https://debian-handbook.info/">The Debian Administrator's +Handbook</a>". This test copy arrived in the mail a few days ago, and +I am very happy to hold the result in my hand. We spent around one and a half year translating it. This paperbook edition +<a href="https://debian-handbook.info/get/#norwegian">is available +from lulu.com</a>. If you buy it quickly, you save 25% on the list +price. The book is also available for download in electronic form as +PDF, EPUB and Mobipocket, as can be +<a href="https://debian-handbook.info/browse/nb-NO/stable/">read online +as a web page</a>.</p> + +<p>This is the second book I publish (the first was the book +"<a href="http://free-culture.cc/">Free Culture</a>" by Lawrence Lessig +in +<a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">English</a>, +<a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">French</a> +and +<a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Norwegian +Bokmål</a>), and I am very excited to finally wrap up this +project. I hope +"<a href="http://www.lulu.com/shop/rapha%C3%ABl-hertzog-and-roland-mas/h%C3%A5ndbok-for-debian-administratoren/paperback/product-23262290.html">Håndbok +for Debian-administratoren</a>" will be well received.</p> - A Raspberry Pi based batman-adv Mesh network node - http://people.skolelinux.org/pere/blog/A_Raspberry_Pi_based_batman_adv_Mesh_network_node.html - http://people.skolelinux.org/pere/blog/A_Raspberry_Pi_based_batman_adv_Mesh_network_node.html - Mon, 21 Oct 2013 11:40:00 +0200 - <p>The last few days I have been experimenting with -<a href="http://www.open-mesh.org/projects/batman-adv/wiki">the -batman-adv mesh technology</a>. I want to gain some experience to see -if it will fit <a href="https://wiki.debian.org/FreedomBox">the -Freedombox project</a>, and together with my neighbors try to build a -mesh network around the park where I live. Batman-adv is a layer 2 -mesh system ("ethernet" in other words), where the mesh network appear -as if all the mesh clients are connected to the same switch.</p> - -<p>My hardware of choice was the Linksys WRT54GL routers I had lying -around, but I've been unable to get them working with batman-adv. So -instead, I started playing with a -<a href="http://www.raspberrypi.org/">Raspberry Pi</a>, and tried to -get it working as a mesh node. My idea is to use it to create a mesh -node which function as a switch port, where everything connected to -the Raspberry Pi ethernet plug is connected (bridged) to the mesh -network. This allow me to hook a wifi base station like the Linksys -WRT54GL to the mesh by plugging it into a Raspberry Pi, and allow -non-mesh clients to hook up to the mesh. This in turn is useful for -Android phones using <a href="http://servalproject.org/">the Serval -Project</a> voip client, allowing every one around the playground to -phone and message each other for free. The reason is that Android -phones do not see ad-hoc wifi networks (they are filtered away from -the GUI view), and can not join the mesh without being rooted. But if -they are connected using a normal wifi base station, they can talk to -every client on the local network.</p> - -<p>To get this working, I've created a debian package -<a href="https://github.com/petterreinholdtsen/meshfx-node">meshfx-node</a> -and a script -<a href="https://github.com/petterreinholdtsen/meshfx-node/blob/master/build-rpi-mesh-node">build-rpi-mesh-node</a> -to create the Raspberry Pi boot image. I'm using Debian Jessie (and -not Raspbian), to get more control over the packages available. -Unfortunately a huge binary blob need to be inserted into the boot -image to get it booting, but I'll ignore that for now. Also, as -Debian lack support for the CPU features available in the Raspberry -Pi, the system do not use the hardware floating point unit. I hope -the routing performance isn't affected by the lack of hardware FPU -support.</p> - -<p>To create an image, run the following with a sudo enabled user -after inserting the target SD card into the build machine:</p> - -<p><pre> -% wget -O build-rpi-mesh-node \ - https://raw.github.com/petterreinholdtsen/meshfx-node/master/build-rpi-mesh-node -% sudo bash -x ./build-rpi-mesh-node > build.log 2>&1 -% dd if=/root/rpi/rpi_basic_jessie_$(date +%Y%m%d).img of=/dev/mmcblk0 bs=1M -% -</pre></p> - -<p>Booting with the resulting SD card on a Raspberry PI with a USB -wifi card inserted should give you a mesh node. At least it does for -me with a the wifi card I am using. The default mesh settings are the -ones used by the Oslo mesh project at Hackeriet, as I mentioned in -<a href="http://people.skolelinux.org/pere/blog/Oslo_community_mesh_network___with_NUUG_and_Hackeriet_at_Hausmania.html">an -earlier blog post about this mesh testing</a>.</p> - -<p>The mesh node was not horribly expensive either. I bought -everything over the counter in shops nearby. If I had ordered online -from the lowest bidder, the price should be significantly lower:</p> - -<p><table> - -<tr><th>Supplier</th><th>Model</th><th>NOK</th></tr> -<tr><td>Teknikkmagasinet</td><td>Raspberry Pi model B</td><td>349.90</td></tr> -<tr><td>Teknikkmagasinet</td><td>Raspberry Pi type B case</td><td>99.90</td></tr> -<tr><td>Lefdal</td><td>Jensen Air:Link 25150</td><td>295.-</td></tr> -<tr><td>Clas Ohlson</td><td>Kingston 16 GB SD card</td><td>199.-</td></tr> -<tr><td>Total cost</td><td></td><td>943.80</td></tr> - -</table></p> - -<p>Now my mesh network at home consist of one laptop in the basement -connected to my production network, one Raspberry Pi node on the 1th -floor that can be seen by my neighbor across the park, and one -play-node I use to develop the image building script. And some times -I hook up my work horse laptop to the mesh to test it. I look forward -to figuring out what kind of latency the batman-adv setup will give, -and how much packet loss we will experience around the park. :)</p> - - - - - Perl library to control the Spykee robot moved to github - http://people.skolelinux.org/pere/blog/Perl_library_to_control_the_Spykee_robot_moved_to_github.html - http://people.skolelinux.org/pere/blog/Perl_library_to_control_the_Spykee_robot_moved_to_github.html - Sat, 19 Oct 2013 10:20:00 +0200 - <p>Back in 2010, I created a Perl library to talk to -<a href="http://en.wikipedia.org/wiki/Spykee">the Spykee robot</a> -(with two belts, wifi, USB and Linux) and made it available from my -web page. Today I concluded that it should move to a site that is -easier to use to cooperate with others, and moved it to github. If -you got a Spykee robot, you might want to check out -<a href="https://github.com/petterreinholdtsen/libspykee-perl">the -libspykee-perl github repository</a>.</p> - - - - - Good causes: Debian Outreach Program for Women, EFF documenting the spying and Open access in Norway - http://people.skolelinux.org/pere/blog/Good_causes__Debian_Outreach_Program_for_Women__EFF_documenting_the_spying_and_Open_access_in_Norway.html - http://people.skolelinux.org/pere/blog/Good_causes__Debian_Outreach_Program_for_Women__EFF_documenting_the_spying_and_Open_access_in_Norway.html - Tue, 15 Oct 2013 21:30:00 +0200 - <p>The last few days I came across a few good causes that should get -wider attention. I recommend signing and donating to each one of -these. :)</p> - -<p>Via <a href="http://www.debian.org/News/weekly/2013/18/">Debian -Project News for 2013-10-14</a> I came across the Outreach Program for -Women program which is a Google Summer of Code like initiative to get -more women involved in free software. One debian sponsor has offered -to match <a href="http://debian.ch/opw2013">any donation done to Debian -earmarked</a> for this initiative. I donated a few minutes ago, and -hope you will to. :)</p> - -<p>And the Electronic Frontier Foundation just announced plans to -create <a href="https://supporters.eff.org/donate/nsa-videos">video -documentaries about the excessive spying</a> on every Internet user that -take place these days, and their need to fund the work. I've already -donated. Are you next?</p> - -<p>For my Norwegian audience, the organisation Studentenes og -Akademikernes Internasjonale Hjelpefond is collecting signatures for a -statement under the heading -<a href="http://saih.no/Bloggers_United/">Bloggers United for Open -Access</a> for those of us asking for more focus on open access in the -Norwegian government. So far 499 signatures. I hope you will sign it -too.</p> - - - - - Oslo community mesh network - with NUUG and Hackeriet at Hausmania - http://people.skolelinux.org/pere/blog/Oslo_community_mesh_network___with_NUUG_and_Hackeriet_at_Hausmania.html - http://people.skolelinux.org/pere/blog/Oslo_community_mesh_network___with_NUUG_and_Hackeriet_at_Hausmania.html - Fri, 11 Oct 2013 14:10:00 +0200 - <p>Wireless mesh networks are self organising and self healing -networks that can be used to connect computers across small and large -areas, depending on the radio technology used. Normal wifi equipment -can be used to create home made radio networks, and there are several -successful examples like -<a href="http://www.freifunk.net/">Freifunk</a> and -<a href="http://www.awmn.net/">Athens Wireless Metropolitan Network</a> -(see -<a href="http://en.wikipedia.org/wiki/List_of_wireless_community_networks_by_region#Greece">wikipedia -for a large list</a>) around the globe. To give you an idea how it -work, check out the nice overview of the Kiel Freifunk community which -can be seen from their -<a href="http://freifunk.in-kiel.de/ffmap/nodes.html">dynamically -updated node graph and map</a>, where one can see how the mesh nodes -automatically handle routing and recover from nodes disappearing. -There is also a small community mesh network group in Oslo, Norway, -and that is the main topic of this blog post.</p> - -<p>I've wanted to check out mesh networks for a while now, and hoped -to do it as part of my involvement with the <a -href="http://www.nuug.no/">NUUG member organisation</a> community, and -my recent involvement in -<a href="https://wiki.debian.org/FreedomBox">the Freedombox project</a> -finally lead me to give mesh networks some priority, as I suspect a -Freedombox should use mesh networks to connect neighbours and family -when possible, given that most communication between people are -between those nearby (as shown for example by research on Facebook -communication patterns). It also allow people to communicate without -any central hub to tap into for those that want to listen in on the -private communication of citizens, which have become more and more -important over the years.</p> - -<p>So far I have only been able to find one group of people in Oslo -working on community mesh networks, over at the hack space -<a href="http://hackeriet.no/">Hackeriet</a> at Husmania. They seem to -have started with some Freifunk based effort using OLSR, called -<a href="http://oslo.freifunk.net/index.php?title=Main_Page">the Oslo -Freifunk project</a>, but that effort is now dead and the people -behind it have moved on to a batman-adv based system called -<a href="http://meshfx.org/trac">meshfx</a>. Unfortunately the wiki -site for the Oslo Freifunk project is no longer possible to update to -reflect this fact, so the old project page can't be updated to point to -the new project. A while back, the people at Hackeriet invited people -from the Freifunk community to Oslo to talk about mesh networks. I -came across this video where Hans Jørgen Lysglimt interview the -speakers about this talk (from -<a href="https://www.youtube.com/watch?v=N2Kd7CLkhSY">youtube</a>):</p> - -<p><iframe width="420" height="315" src="https://www.youtube.com/embed/N2Kd7CLkhSY" frameborder="0" allowfullscreen></iframe></p> - -<p>I mentioned OLSR and batman-adv, which are mesh routing protocols. -There are heaps of different protocols, and I am still struggling to -figure out which one would be "best" for some definitions of best, but -given that the community mesh group in Oslo is so small, I believe it -is best to hook up with the existing one instead of trying to create a -completely different setup, and thus I have decided to focus on -batman-adv for now. It sure help me to know that the very cool -<a href="http://www.servalproject.org/">Serval project in Australia</a> -is using batman-adv as their meshing technology when it create a self -organizing and self healing telephony system for disaster areas and -less industrialized communities. Check out this cool video presenting -that project (from -<a href="https://www.youtube.com/watch?v=30qNfzJCQOA">youtube</a>):</p> - -<p><iframe width="560" height="315" src="https://www.youtube.com/embed/30qNfzJCQOA" frameborder="0" allowfullscreen></iframe></p> - -<p>According to the wikipedia page on -<a href="http://en.wikipedia.org/wiki/Wireless_mesh_network">Wireless -mesh network</a> there are around 70 competing schemes for routing -packets across mesh networks, and OLSR, B.A.T.M.A.N. and -B.A.T.M.A.N. advanced are protocols used by several free software -based community mesh networks.</p> - -<p>The batman-adv protocol is a bit special, as it provide layer 2 -(as in ethernet ) routing, allowing ipv4 and ipv6 to work on the same -network. One way to think about it is that it provide a mesh based -vlan you can bridge to or handle like any other vlan connected to your -computer. The required drivers are already in the Linux kernel at -least since Debian Wheezy, and it is fairly easy to set up. A -<a href="http://www.open-mesh.org/projects/batman-adv/wiki/Quick-start-guide">good -introduction</a> is available from the Open Mesh project. These are -the key settings needed to join the Oslo meshfx network:</p> - -<p><table> -<tr><th>Setting</th><th>Value</th></tr> -<tr><td>Protocol / kernel module</td><td>batman-adv</td></tr> -<tr><td>ESSID</td><td>meshfx@hackeriet</td></tr> -<td>Channel / Frequency</td><td>11 / 2462</td></tr> -<td>Cell ID</td><td>02:BA:00:00:00:01</td> -</table></p> - -<p>The reason for setting ad-hoc wifi Cell ID is to work around bugs -in firmware used in wifi card and wifi drivers. (See a nice post from -VillageTelco about -"<a href="http://tiebing.blogspot.no/2009/12/ad-hoc-cell-splitting-re-post-original.html">Information -about cell-id splitting, stuck beacons, and failed IBSS merges!</a> -for details.) When these settings are activated and you have some -other mesh node nearby, your computer will be connected to the mesh -network and can communicate with any mesh node that is connected to -any of the nodes in your network of nodes. :)</p> - -<p>My initial plan was to reuse my old Linksys WRT54GL as a mesh node, -but that seem to be very hard, as I have not been able to locate a -firmware supporting batman-adv. If anyone know how to use that old -wifi access point with batman-adv these days, please let me know.</p> - -<p>If you find this project interesting and want to join, please join -us on IRC, either channel -<a href="irc://irc.freenode.net/#oslohackerspace">#oslohackerspace</a> -or <a href="irc://irc.freenode.net/#nuug">#nuug</a> on -irc.freenode.net.</p> - -<p>While investigating mesh networks in Oslo, I came across an old -research paper from the university of Stavanger and Telenor Research -and Innovation called -<a href="http://folk.uio.no/paalee/publications/netrel-egeland-iswcs-2008.pdf">The -reliability of wireless backhaul mesh networks</a> and elsewhere -learned that Telenor have been experimenting with mesh networks at -Grünerløkka in Oslo. So mesh networks are also interesting for -commercial companies, even though Telenor discovered that it was hard -to figure out a good business plan for mesh networking and as far as I -know have closed down the experiment. Perhaps Telenor or others would -be interested in a cooperation?</p> - -<p><strong>Update 2013-10-12</strong>: I was just -<a href="http://lists.alioth.debian.org/pipermail/freedombox-discuss/2013-October/005900.html">told -by the Serval project developers</a> that they no longer use -batman-adv (but are compatible with it), but their own crypto based -mesh system.</p> - - - - - Skolelinux / Debian Edu 7.1 install and overview video from Marcelo Salvador - http://people.skolelinux.org/pere/blog/Skolelinux___Debian_Edu_7_1_install_and_overview_video_from_Marcelo_Salvador.html - http://people.skolelinux.org/pere/blog/Skolelinux___Debian_Edu_7_1_install_and_overview_video_from_Marcelo_Salvador.html - Tue, 8 Oct 2013 17:10:00 +0200 - <p>The other day I was pleased and surprised to discover that Marcelo -Salvador had published a -<a href="https://www.youtube.com/watch?v=w-GgpdqgLFc">video on -Youtube</a> showing how to install the standalone Debian Edu / -Skolelinux profile. This is the profile intended for use at home or -on laptops that should not be integrated into the provided network -services (no central home directory, no Kerberos / LDAP directory etc, -in other word a single user machine). The result is 11 minutes long, -and show some user applications (seem to be rather randomly picked). -Missed a few of my favorites like celestia, planets and chromium -showing the <a href="http://www.zygotebody.com/">Zygote Body 3D model -of the human body</a>, but I guess he did not know about those or find -other programs more interesting. :) And the video do not show the -advantages I believe is one of the most valuable featuers in Debian -Edu, its central school server making it possible to run hundreds of -computers without hard drives by installing one central -<a href="http://www.ltsp.org/">LTSP server</a>.</p> - -<p>Anyway, check out the video, embedded below and linked to above:</p> - -<iframe width="420" height="315" src="http://www.youtube.com/embed/w-GgpdqgLFc" frameborder="0" allowfullscreen></iframe> - -<p>Are there other nice videos demonstrating Skolelinux? Please let -me know. :)</p> + «Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet» + http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html + http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html + Tue, 27 Jun 2017 17:50:00 +0200 + <p>Jeg kom over teksten +«<a href="https://freedom-to-tinker.com/2017/06/21/killing-car-privacy-by-federal-mandate/">Killing +car privacy by federal mandate</a>» av Leonid Reyzin på Freedom to +Tinker i dag, og det gleder meg å se en god gjennomgang om hvorfor det +er et urimelig inngrep i privatsfæren å la alle biler kringkaste sin +posisjon og bevegelse via radio. Det omtalte forslaget basert på +Dedicated Short Range Communication (DSRC) kalles Basic Safety Message +(BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det +norske Vegvesenet er en av de som ser ut til å kunne tenke seg å +pålegge alle biler å fjerne nok en bit av innbyggernes privatsfære. +Anbefaler alle å lese det som står der. + +<p>Mens jeg tittet litt på DSRC på biler i Norge kom jeg over et sitat +jeg synes er illustrativt for hvordan det offentlige Norge håndterer +problemstillinger rundt innbyggernes privatsfære i SINTEF-rapporten +«<a href="https://www.sintef.no/publikasjoner/publikasjon/Download/?pubid=SINTEF+A23933">Informasjonssikkerhet +i AutoPASS-brikker</a>» av Trond Foss:</p> + +<p><blockquote> +«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig + integritet.» +</blockquote></p> + +<p>Så enkelt kan det tydeligvis gjøres når en vurderer +informasjonssikkerheten. Det holder vel at folkene på toppen kan si +at «Personvernet er ivaretatt», som jo er den populære intetsigende +frasen som gjør at mange tror enkeltindividers integritet tas vare på. +Sitatet fikk meg til å undres på hvor ofte samme tilnærming, å bare se +bort fra behovet for personlig itegritet, blir valgt når en velger å +legge til rette for nok et inngrep i privatsfæren til personer i +Norge. Det er jo sjelden det får reaksjoner. Historien om +reaksjonene på Helse Sør-Østs tjenesteutsetting er jo sørgelig nok et +unntak og toppen av isfjellet, desverre. Tror jeg fortsatt takker nei +til både AutoPASS og holder meg så langt unna det norske helsevesenet +som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter +individets privatsfære og personlige integritet høyere enn kortsiktig +gevist og samfunnsnytte.</p> - Finally, Debian Edu Wheezy is released today! - http://people.skolelinux.org/pere/blog/Finally__Debian_Edu_Wheezy_is_released_today_.html - http://people.skolelinux.org/pere/blog/Finally__Debian_Edu_Wheezy_is_released_today_.html - Sun, 29 Sep 2013 10:20:00 +0200 - <p>A few hours ago, the announcement for the first stable release of -Debian Edu Wheezy went out from the Debian publicity team. The -complete announcement text can be found at -<a href="http://www.debian.org/News/2013/20130928">the Debian News -section</a>, translated to several languages. Please check it out.</p> - -<p>There is one minor known problem that we will fix very soon. One -can not install a amd64 Thin Client Server using PXE, as the /var/ -partition is too small. A workaround is to extend the partition (use -lvresize + resize2fs in tty 2 while installing).</p> + Updated sales number for my Free Culture paper editions + http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html + http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html + Mon, 12 Jun 2017 11:40:00 +0200 + <p>It is pleasing to see that the work we put down in publishing new +editions of the classic <a href="http://www.free-culture.cc/">Free +Culture book</a> by the founder of the Creative Commons movement, +Lawrence Lessig, is still being appreciated. I had a look at the +latest sales numbers for the paper edition today. Not too impressive, +but happy to see some buyers still exist. All the revenue from the +books is sent to the <a href="https://creativecommons.org/">Creative +Commons Corporation</a>, and they receive the largest cut if you buy +directly from Lulu. Most books are sold via Amazon, with Ingram +second and only a small fraction directly from Lulu. The ebook +edition is available for free from +<a href="https://github.com/petterreinholdtsen/free-culture-lessig">Github</a>.</p> + +<table border="0"> +<tr><th rowspan="2" valign="bottom">Title / language</th><th colspan="3">Quantity</th></tr> +<tr><th>2016 jan-jun</th><th>2016 jul-dec</th><th>2017 jan-may</th></tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">Culture Libre / French</a></td> + <td align="right">3</td> + <td align="right">6</td> + <td align="right">15</td> +</tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Fri kultur / Norwegian</a></td> + <td align="right">7</td> + <td align="right">1</td> + <td align="right">0</td> +</tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">Free Culture / English</a></td> + <td align="right">14</td> + <td align="right">27</td> + <td align="right">16</td> +</tr> + +<tr> + <td>Total</td> + <td align="right">24</td> + <td align="right">34</td> + <td align="right">31</td> +</tr> + +</table> + +<p>A bit sad to see the low sales number on the Norwegian edition, and +a bit surprising the English edition still selling so well.</p> + +<p>If you would like to translate and publish the book in your native +language, I would be happy to help make it happen. Please get in +touch.</p> - Videos about the Freedombox project - for inspiration and learning - http://people.skolelinux.org/pere/blog/Videos_about_the_Freedombox_project___for_inspiration_and_learning.html - http://people.skolelinux.org/pere/blog/Videos_about_the_Freedombox_project___for_inspiration_and_learning.html - Fri, 27 Sep 2013 14:10:00 +0200 - <p>The <a href="http://www.freedomboxfoundation.org/">Freedombox -project</a> have been going on for a while, and have presented the -vision, ideas and solution several places. Here is a little -collection of videos of talks and presentation of the project.</p> + Release 0.1.1 of free software archive system Nikita announced + http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html + http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html + Sat, 10 Jun 2017 00:40:00 +0200 + <p>I am very happy to report that the +<a href="https://github.com/hiOA-ABI/nikita-noark5-core">Nikita Noark 5 +core project</a> tagged its second release today. The free software +solution is an implementation of the Norwegian archive standard Noark +5 used by government offices in Norway. These were the changes in +version 0.1.1 since version 0.1.0 (from NEWS.md): <ul> -<li><a href="http://www.youtube.com/watch?v=ukvUz5taxvA">FreedomBox - -2,5 minute marketing film</a> (Youtube)</li> - -<li><a href="http://www.youtube.com/watch?v=SzW25QTVWsE">Eben Moglen -discusses the Freedombox on CBS news 2011</a> (Youtube)</li> - -<li><a href="http://www.youtube.com/watch?v=Ae8SZbxfE0g">Eben Moglen - -Freedom in the Cloud - Software Freedom, Privacy and and Security for -Web 2.0 and Cloud computing at ISOC-NY Public Meeting 2010</a> -(Youtube)</li> - -<li><a href="http://www.youtube.com/watch?v=vNaIji_3xBE">Fosdem 2011 -Keynote by Eben Moglen presenting the Freedombox</a> (Youtube)</li> - -<li><a href="http://www.youtube.com/watch?v=9bDDUyJSQ9s">Presentation of -the Freedombox by James Vasile at Elevate in Gratz 2011</a> (Youtube)</li> - -<li><a href="http://www.youtube.com/watch?v=zQTmnk27g9s"> Freedombox - -Discovery, Identity, and Trust by Nick Daly at Freedombox Hackfest New -York City in 2012</a> (Youtube)</li> - -<li><a href="http://www.youtube.com/watch?v=tkbSB4Ba7Ck">Introduction -to the Freedombox at Freedombox Hackfest New York City in 2012</a> -(Youtube)</li> - -<li><a href="http://www.youtube.com/watch?v=z-P2Jaeg0aQ">Freedom, Out -of the Box! by Bdale Garbee at linux.conf.au Ballarat, 2012</a> (Youtube) </li> - -<li><a href="https://archive.fosdem.org/2013/schedule/event/freedombox/">Freedombox -1.0 by Eben Moglen and Bdale Garbee at Fosdem 2013</a> (FOSDEM) </li> - -<li><a href="http://www.youtube.com/watch?v=e1LpYX2zVYg">What is the -FreedomBox today by Bdale Garbee at Debconf13 in Vaumarcus -2013</a> (Youtube)</li> - + <li>Continued work on the angularjs GUI, including document upload.</li> + <li>Implemented correspondencepartPerson, correspondencepartUnit and + correspondencepartInternal</li> + <li>Applied for coverity coverage and started submitting code on + regualr basis.</li> + <li>Started fixing bugs reported by coverity</li> + <li>Corrected and completed HATEOAS links to make sure entire API is + available via URLs in _links.</li> + <li>Corrected all relation URLs to use trailing slash.</li> + <li>Add initial support for storing data in ElasticSearch.</li> + <li>Now able to receive and store uploaded files in the archive.</li> + <li>Changed JSON output for object lists to have relations in _links.</li> + <li>Improve JSON output for empty object lists.</li> + <li>Now uses correct MIME type application/vnd.noark5-v4+json.</li> + <li>Added support for docker container images.</li> + <li>Added simple API browser implemented in JavaScript/Angular.</li> + <li>Started on archive client implemented in JavaScript/Angular.</li> + <li>Started on prototype to show the public mail journal.</li> + <li>Improved performance by disabling Sprint FileWatcher.</li> + <li>Added support for 'arkivskaper', 'saksmappe' and 'journalpost'.</li> + <li>Added support for some metadata codelists.</li> + <li>Added support for Cross-origin resource sharing (CORS).</li> + <li>Changed login method from Basic Auth to JSON Web Token (RFC 7519) + style.</li> + <li>Added support for GET-ing ny-* URLs.</li> + <li>Added support for modifying entities using PUT and eTag.</li> + <li>Added support for returning XML output on request.</li> + <li>Removed support for English field and class names, limiting ourself + to the official names.</li> + <li>...</li> + </ul> -<p>A larger list is available from -<a href="https://wiki.debian.org/FreedomBox/TalksAndPresentations">the -Freedombox Wiki</a>.</p> - -<p>On other news, I am happy to report that Freedombox based on Debian -Jessie is coming along quite well, and soon both Owncloud and using -Tor should be available for testers of the Freedombox solution. :) In -a few weeks I hope everything needed to test it is included in Debian. -The withsqlite package is already in Debian, and the plinth package is -pending in NEW. The third and vital part of that puzzle is the -metapackage/setup framework, which is still pending an upload. Join -us on <a href="irc://irc.debian.org:6667/%23freedombox">IRC -(#freedombox on irc.debian.org)</a> and -<a href="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">the -mailing list</a> if you want to help make this vision come true.</p> +<p>If this sound interesting to you, please contact us on IRC (#nikita +on irc.freenode.net) or email +(<a href="https://lists.nuug.no/mailman/listinfo/nikita-noark">nikita-noark +mailing list).</p> - Third and probably last beta release of Debian Edu Wheezy - http://people.skolelinux.org/pere/blog/Third_and_probably_last_beta_release_of_Debian_Edu_Wheezy.html - http://people.skolelinux.org/pere/blog/Third_and_probably_last_beta_release_of_Debian_Edu_Wheezy.html - Mon, 16 Sep 2013 21:30:00 +0200 - <p>The third wheezy based beta release of Debian Edu was wrapped up -today. This is the release announcement from Holger Levsen:</p> - -<blockquote> -<p>Hi,</p> - -<p>it is my pleasure to announce the third beta release (beta 2 for -short) of <a href="http://www.skolelinux.org/">Debian Edu / -Skolelinux</a> based on Debian Wheezy!</p> - -<p>Please test these images extensivly, if no new problems are found -we plan to do this final Debian Edu Wheezy release this coming -weekend. We are not aware of any major problems or blockers in beta2, -if you find something, please notify us immediately!</p> - -<p>(More about the remaining steps for the Edu Wheezy release in -another mail to the edu list tonight or tomorrow...)</p> - -<p>Noteworthy changes and software updates for Debian Edu 7.1+edu0~b2 -compared to beta1:</p> + Idea for storing trusted timestamps in a Noark 5 archive + http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html + http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html + Wed, 7 Jun 2017 21:40:00 +0200 + <p><em>This is a copy of +<a href="https://lists.nuug.no/pipermail/nikita-noark/2017-June/000297.html">an +email I posted to the nikita-noark mailing list</a>. Please follow up +there if you would like to discuss this topic. The background is that +we are making a free software archive system based on the Norwegian +<a href="https://www.arkivverket.no/forvaltning-og-utvikling/regelverk-og-standarder/noark-standarden">Noark +5 standard</a> for government archives.</em></p> + +<p>I've been wondering a bit lately how trusted timestamps could be +stored in Noark 5. +<a href="https://en.wikipedia.org/wiki/Trusted_timestamping">Trusted +timestamps</a> can be used to verify that some information +(document/file/checksum/metadata) have not been changed since a +specific time in the past. This is useful to verify the integrity of +the documents in the archive.</p> + +<p>Then it occured to me, perhaps the trusted timestamps could be +stored as dokument variants (ie dokumentobjekt referered to from +dokumentbeskrivelse) with the filename set to the hash it is +stamping?</p> + +<p>Given a "dokumentbeskrivelse" with an associated "dokumentobjekt", +a new dokumentobjekt is associated with "dokumentbeskrivelse" with the +same attributes as the stamped dokumentobjekt except these +attributes:</p> <ul> -<li>The KDE proxy setup has been adjusted to use the provided wpad.dat. This -also gets Chromium to use this proxy.</li> -<li>Install kdepim-groupware with KDE desktops to make sure korganizer -understand ical/dav sources.</li> -<li>Increased default maximum size of /var/spool/squid and /skole/backup on the -main server.</li> -<li>A source DVD image containing all source packages is now available as well.</li> -<li>Updates for chromium (29.0.1547.57-1~deb7u1), imagemagick -(6.7.7.10-5+deb7u2), php5 (5.4.4-14+deb7u4), libmodplug -(0.8.8.4-3+deb7u1+git20130828), tiff (4.0.2-6+deb7u2), linux-image -(3.2.0-4-486_3.2.46-1+deb7u1).</li> +<li>format -> "RFC3161" +<li>mimeType -> "application/timestamp-reply" +<li>formatDetaljer -> "&lt;source URL for timestamp service&gt;" +<li>filenavn -> "&lt;sjekksum&gt;.tsr" </ul> -<p>Where to get it:</p> - -<p>To download the multiarch netinstall CD release you can use</p> - -<ul> -<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso</a></li> -<li><a href="http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso</a></li> -<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso .</li> -</ul> - -<p>The SHA1SUM of this image is: 3a1c89f4666df80eebcd46c5bf5fedb866f9472f</p> - -<p>To download the multiarch USB stick ISO release you can use -<ul> -<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso">ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso</a></li> -<li><a href="http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso">http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso</a></li> -<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso .</li> -</ul> - -<p>The SHA1SUM of this image is: 702d1718548f401c74bfa6df9f032cc3ee16597e</p> - -<p>The Source DVD image has the filename -debian-edu-7.1+edu0~b2-source-DVD.iso and the SHA1SUM -089eed8b3f962db47aae1f6a9685e9bb2fa30ca5 and is available the same way -as the other isos.</p> - -<p>How to report bugs</p> - -<p>For information how to report bugs please see -<br><a href="http://wiki.debian.org/DebianEdu/HowTo/ReportBugs">http://wiki.debian.org/DebianEdu/HowTo/ReportBugs</a></p> +<p>This assume a service following +<a href="https://tools.ietf.org/html/rfc3161">IETF RFC 3161</a> is +used, which specifiy the given MIME type for replies and the .tsr file +ending for the content of such trusted timestamp. As far as I can +tell from the Noark 5 specifications, it is OK to have several +variants/renderings of a dokument attached to a given +dokumentbeskrivelse objekt. It might be stretching it a bit to make +some of these variants represent crypto-signatures useful for +verifying the document integrity instead of representing the dokument +itself.</p> + +<p>Using the source of the service in formatDetaljer allow several +timestamping services to be used. This is useful to spread the risk +of key compromise over several organisations. It would only be a +problem to trust the timestamps if all of the organisations are +compromised.</p> + +<p>The following oneliner on Linux can be used to generate the tsr +file. $input is the path to the file to checksum, and $sha256 is the +SHA-256 checksum of the file (ie the "<sjekksum>.tsr" value mentioned +above).</p> + +<p><blockquote><pre> +openssl ts -query -data "$inputfile" -cert -sha256 -no_nonce \ + | curl -s -H "Content-Type: application/timestamp-query" \ + --data-binary "@-" http://zeitstempel.dfn.de > $sha256.tsr +</pre></blockquote></p> + +<p>To verify the timestamp, you first need to download the public key +of the trusted timestamp service, for example using this command:</p> + +<p><blockquote><pre> +wget -O ca-cert.txt \ + https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt +</pre></blockquote></p> + +<p>Note, the public key should be stored alongside the timestamps in +the archive to make sure it is also available 100 years from now. It +is probably a good idea to standardise how and were to store such +public keys, to make it easier to find for those trying to verify +documents 100 or 1000 years from now. :)</p> + +<p>The verification itself is a simple openssl command:</p> + +<p><blockquote><pre> +openssl ts -verify -data $inputfile -in $sha256.tsr \ + -CAfile ca-cert.txt -text +</pre></blockquote></p> + +<p>Is there any reason this approach would not work? Is it somehow against +the Noark 5 specification?</p> + + + + + Når nynorskoversettelsen svikter til eksamen... + http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html + http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html + Sat, 3 Jun 2017 08:20:00 +0200 + <p><a href="http://www.aftenposten.no/norge/Krever-at-elever-ma-fa-annullert-eksamen-etter-rot-med-oppgavetekster-622459b.html">Aftenposten +melder i dag</a> om feil i eksamensoppgavene for eksamen i politikk og +menneskerettigheter, der teksten i bokmåls og nynorskutgaven ikke var +like. Oppgaveteksten er gjengitt i artikkelen, og jeg ble nysgjerring +på om den fri oversetterløsningen +<a href="https://www.apertium.org/">Apertium</a> ville gjort en bedre +jobb enn Utdanningsdirektoratet. Det kan se slik ut.</p> + +<p>Her er bokmålsoppgaven fra eksamenen:</p> +<blockquote> +<p>Drøft utfordringene knyttet til nasjonalstatenes og andre aktørers +rolle og muligheter til å håndtere internasjonale utfordringer, som +for eksempel flykningekrisen.</p> -<p>About Debian Edu and Skolelinux</p> +<p>Vedlegge er eksempler på tekster som kan gi relevante perspektiver +på temaet:</p> +<ol> +<li>Flykningeregnskapet 2016, UNHCR og IDMC +<li>«Grenseløst Europa for fall» A-Magasinet, 26. november 2015 +</ol> -<p>Debian Edu, also known as Skolelinux, is a Linux distribution based -on Debian providing an out-of-the box environment of a completely -configured school network. Immediately after installation a school -server running all services needed for a school network is set up just -waiting for users and machines being added via GOsa², a comfortable -Web-UI. A netbooting environment is prepared using PXE, so after -initial installation of the main server from CD or USB stick all other -machines can be installed via the network. The provided school server -provides LDAP database and Kerberos authentication service, -centralized home directories, DHCP server, web proxy and many other -services. The desktop contains more than 60 educational software -packages and more are available from the Debian archive, and schools -can choose between KDE, Gnome, LXDE and Xfce desktop environment.</p> +</blockquote> -<p>This is the seventh test release based on Debian Wheezy. Basically -this is an updated and slightly improved version compared to the -Squeeze release.</p> +<p>Dette oversetter Apertium slik:</p> -<p>Notes for upgrades from Alpha Prereleases</p> +<blockquote> +<p>Drøft utfordringane knytte til nasjonalstatane sine og rolla til +andre aktørar og høve til å handtera internasjonale utfordringar, som +til dømes *flykningekrisen.</p> -<p>Alpha based installations should reinstall or downgrade the -versions of gosa and libpam-mklocaluser to the ones used in this beta -release. Both alpha and beta0 based installations should reinstall or -deal with gosa.conf manually; there are two options: (1) Keep -gosa.conf and edit this file as outlined on the mailing list. (2) -Accept the new version of gosa.conf and replace both contained admin -password placeholders with the password hashes found in the old one -(backup copy!). In both cases all users need to change their password -to make sure a password is set for CIFS access to their home -directory.</p> +<p>Vedleggja er døme på tekster som kan gje relevante perspektiv på +temaet:</p> +<ol> +<li>*Flykningeregnskapet 2016, *UNHCR og *IDMC</li> +<li>«*Grenseløst Europa for fall» A-Magasinet, 26. november 2015</li> +</ol> -<p>cheers, -<br> Holger</p> </blockquote> + +<p>Ord som ikke ble forstått er markert med stjerne (*), og trenger +ekstra språksjekk. Men ingen ord er forsvunnet, slik det var i +oppgaven elevene fikk presentert på eksamen. Jeg mistenker dog at +"andre aktørers rolle og muligheter til ..." burde vært oversatt til +"rolla til andre aktørar og deira høve til ..." eller noe slikt, men +det er kanskje flisespikking. Det understreker vel bare at det alltid +trengs korrekturlesning etter automatisk oversettelse.</p> + + + + + Epost inn som arkivformat i Riksarkivarens forskrift? + http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html + http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html + Thu, 27 Apr 2017 11:30:00 +0200 + <p>I disse dager, med frist 1. mai, har Riksarkivaren ute en høring på +sin forskrift. Som en kan se er det ikke mye tid igjen før fristen +som går ut på søndag. Denne forskriften er det som lister opp hvilke +formater det er greit å arkivere i +<a href="http://www.arkivverket.no/arkivverket/Offentleg-forvalting/Noark/Noark-5">Noark +5-løsninger</a> i Norge.</p> + +<p>Jeg fant høringsdokumentene hos +<a href="https://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing">Norsk +Arkivråd</a> etter å ha blitt tipset på epostlisten til +<a href="https://github.com/hiOA-ABI/nikita-noark5-core">fri +programvareprosjektet Nikita Noark5-Core</a>, som lager et Noark 5 +Tjenestegresesnitt. Jeg er involvert i Nikita-prosjektet og takket +være min interesse for tjenestegrensesnittsprosjektet har jeg lest en +god del Noark 5-relaterte dokumenter, og til min overraskelse oppdaget +at standard epost ikke er på listen over godkjente formater som kan +arkiveres. Høringen med frist søndag er en glimrende mulighet til å +forsøke å gjøre noe med det. Jeg holder på med +<a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/hoering-arkivforskrift.tex">egen +høringsuttalelse</a>, og lurer på om andre er interessert i å støtte +forslaget om å tillate arkivering av epost som epost i arkivet.</p> + +<p>Er du igang med å skrive egen høringsuttalelse allerede? I så fall +kan du jo vurdere å ta med en formulering om epost-lagring. Jeg tror +ikke det trengs så mye. Her et kort forslag til tekst:</p> + +<p><blockquote> + + <p>Viser til høring sendt ut 2017-02-17 (Riksarkivarens referanse + 2016/9840 HELHJO), og tillater oss å sende inn noen innspill om + revisjon av Forskrift om utfyllende tekniske og arkivfaglige + bestemmelser om behandling av offentlige arkiver (Riksarkivarens + forskrift).</p> + + <p>Svært mye av vår kommuikasjon foregår i dag på e-post.  Vi + foreslår derfor at Internett-e-post, slik det er beskrevet i IETF + RFC 5322, + <a href="https://tools.ietf.org/html/rfc5322">https://tools.ietf.org/html/rfc5322</a>. bør + inn som godkjent dokumentformat.  Vi foreslår at forskriftens + oversikt over godkjente dokumentformater ved innlevering i § 5-16 + endres til å ta med Internett-e-post.</p> + +</blockquote></p> + +<p>Som del av arbeidet med tjenestegrensesnitt har vi testet hvordan +epost kan lagres i en Noark 5-struktur, og holder på å skrive et +forslag om hvordan dette kan gjøres som vil bli sendt over til +arkivverket så snart det er ferdig. De som er interesserte kan +<a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/epostlagring.md">følge +fremdriften på web</a>.</p> + +<p>Oppdatering 2017-04-28: I dag ble høringuttalelsen jeg skrev + <a href="https://www.nuug.no/news/NUUGs_h_ringuttalelse_til_Riksarkivarens_forskrift.shtml">sendt + inn av foreningen NUUG</a>.</p> + + + + + Offentlig elektronisk postjournal blokkerer tilgang for utvalgte webklienter + http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html + http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html + Thu, 20 Apr 2017 13:00:00 +0200 + <p>Jeg oppdaget i dag at <a href="https://www.oep.no/">nettstedet som +publiserer offentlige postjournaler fra statlige etater</a>, OEP, har +begynt å blokkerer enkelte typer webklienter fra å få tilgang. Vet +ikke hvor mange det gjelder, men det gjelder i hvert fall libwww-perl +og curl. For å teste selv, kjør følgende:</p> + +<blockquote><pre> +% curl -v -s https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP' +< HTTP/1.1 404 Not Found +% curl -v -s --header 'User-Agent:Opera/12.0' https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP' +< HTTP/1.1 200 OK +% +</pre></blockquote> + +<p>Her kan en se at tjenesten gir «404 Not Found» for curl i +standardoppsettet, mens den gir «200 OK» hvis curl hevder å være Opera +versjon 12.0. Offentlig elektronisk postjournal startet blokkeringen +2017-03-02.</p> + +<p>Blokkeringen vil gjøre det litt vanskeligere å maskinelt hente +informasjon fra oep.no. Kan blokkeringen være gjort for å hindre +automatisert innsamling av informasjon fra OEP, slik Pressens +Offentlighetsutvalg gjorde for å dokumentere hvordan departementene +hindrer innsyn i +<a href="http://presse.no/dette-mener-np/undergraver-offentlighetsloven/">rapporten +«Slik hindrer departementer innsyn» som ble publiserte i januar +2017</a>. Det virker usannsynlig, da det jo er trivielt å bytte +User-Agent til noe nytt.</p> + +<p>Finnes det juridisk grunnlag for det offentlige å diskriminere +webklienter slik det gjøres her? Der tilgang gis eller ikke alt etter +hva klienten sier at den heter? Da OEP eies av DIFI og driftes av +Basefarm, finnes det kanskje noen dokumenter sendt mellom disse to +aktørene man kan be om innsyn i for å forstå hva som har skjedd. Men +<a href="https://www.oep.no/search/result.html?period=dateRange&fromDate=01.01.2016&toDate=01.04.2017&dateType=documentDate&caseDescription=&descType=both&caseNumber=&documentNumber=&sender=basefarm&senderType=both&documentType=all&legalAuthority=&archiveCode=&list2=196&searchType=advanced&Search=Search+in+records">postjournalen +til DIFI viser kun to dokumenter</a> det siste året mellom DIFI og +Basefarm. +<a href="https://www.mimesbronn.no/request/blokkering_av_tilgang_til_oep_fo">Mimes brønn neste</a>, +tenker jeg.</p> + + + + + Free software archive system Nikita now able to store documents + http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html + http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html + Sun, 19 Mar 2017 08:00:00 +0100 + <p>The <a href="https://github.com/hiOA-ABI/nikita-noark5-core">Nikita +Noark 5 core project</a> is implementing the Norwegian standard for +keeping an electronic archive of government documents. +<a href="http://www.arkivverket.no/arkivverket/Offentlig-forvaltning/Noark/Noark-5/English-version">The +Noark 5 standard</a> document the requirement for data systems used by +the archives in the Norwegian government, and the Noark 5 web interface +specification document a REST web service for storing, searching and +retrieving documents and metadata in such archive. I've been involved +in the project since a few weeks before Christmas, when the Norwegian +Unix User Group +<a href="https://www.nuug.no/news/NOARK5_kjerne_som_fri_programvare_f_r_epostliste_hos_NUUG.shtml">announced +it supported the project</a>. I believe this is an important project, +and hope it can make it possible for the government archives in the +future to use free software to keep the archives we citizens depend +on. But as I do not hold such archive myself, personally my first use +case is to store and analyse public mail journal metadata published +from the government. I find it useful to have a clear use case in +mind when developing, to make sure the system scratches one of my +itches.</p> + +<p>If you would like to help make sure there is a free software +alternatives for the archives, please join our IRC channel +(<a href="irc://irc.freenode.net/%23nikita"">#nikita on +irc.freenode.net</a>) and +<a href="https://lists.nuug.no/mailman/listinfo/nikita-noark">the +project mailing list</a>.</p> + +<p>When I got involved, the web service could store metadata about +documents. But a few weeks ago, a new milestone was reached when it +became possible to store full text documents too. Yesterday, I +completed an implementation of a command line tool +<tt>archive-pdf</tt> to upload a PDF file to the archive using this +API. The tool is very simple at the moment, and find existing +<a href="https://en.wikipedia.org/wiki/Fonds">fonds</a>, series and +files while asking the user to select which one to use if more than +one exist. Once a file is identified, the PDF is associated with the +file and uploaded, using the title extracted from the PDF itself. The +process is fairly similar to visiting the archive, opening a cabinet, +locating a file and storing a piece of paper in the archive. Here is +a test run directly after populating the database with test data using +our API tester:</p> + +<p><blockquote><pre> +~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf +using arkiv: Title of the test fonds created 2017-03-18T23:49:32.103446 +using arkivdel: Title of the test series created 2017-03-18T23:49:32.103446 + + 0 - Title of the test case file created 2017-03-18T23:49:32.103446 + 1 - Title of the test file created 2017-03-18T23:49:32.103446 +Select which mappe you want (or search term): 0 +Uploading mangelmelding/mangler.pdf + PDF title: Mangler i spesifikasjonsdokumentet for NOARK 5 Tjenestegrensesnitt + File 2017/1: Title of the test case file created 2017-03-18T23:49:32.103446 +~/src//noark5-tester$ +</pre></blockquote></p> + +<p>You can see here how the fonds (arkiv) and serie (arkivdel) only had +one option, while the user need to choose which file (mappe) to use +among the two created by the API tester. The <tt>archive-pdf</tt> +tool can be found in the git repository for the API tester.</p> + +<p>In the project, I have been mostly working on +<a href="https://github.com/petterreinholdtsen/noark5-tester">the API +tester</a> so far, while getting to know the code base. The API +tester currently use +<a href="https://en.wikipedia.org/wiki/HATEOAS">the HATEOAS links</a> +to traverse the entire exposed service API and verify that the exposed +operations and objects match the specification, as well as trying to +create objects holding metadata and uploading a simple XML file to +store. The tester has proved very useful for finding flaws in our +implementation, as well as flaws in the reference site and the +specification.</p> + +<p>The test document I uploaded is a summary of all the specification +defects we have collected so far while implementing the web service. +There are several unclear and conflicting parts of the specification, +and we have +<a href="https://github.com/petterreinholdtsen/noark5-tester/tree/master/mangelmelding">started +writing down</a> the questions we get from implementing it. We use a +format inspired by how <a href="http://www.opengroup.org/austin/">The +Austin Group</a> collect defect reports for the POSIX standard with +<a href="http://www.opengroup.org/austin/mantis.html">their +instructions for the MANTIS defect tracker system</a>, in lack of an official way to structure defect reports for Noark 5 (our first submitted defect report was a <a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/mangelmelding/sendt/2017-03-15-mangel-prosess.md">request for a procedure for submitting defect reports</a> :). + +<p>The Nikita project is implemented using Java and Spring, and is +fairly easy to get up and running using Docker containers for those +that want to test the current code base. The API tester is +implemented in Python.</p>