X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/50372b09c24d419eff4f0f0df34de44755bc24d1..7cb10bba70a818afdb7f72b97c9a05045722462d:/blog/index.html diff --git a/blog/index.html b/blog/index.html index eaa1323613..4a6526caf2 100644 --- a/blog/index.html +++ b/blog/index.html @@ -19,6 +19,565 @@ +
+
UsingQR - "Electronic" paper invoices using JSON and QR codes
+
19th March 2016
+

Back in 2013 I proposed +a +way to make paper and PDF invoices easier to process electronically by +adding a QR code with the key information about the invoice. I +suggested using vCard field definition, to get some standard format +for name and address, but any format would work. I did not do +anything about the proposal, but hoped someone one day would make +something like it. It would make it possible to efficiently send +machine readable invoices directly between seller and buyer.

+ +

This was the background when I came across a proposal and +specification from the web based accounting and invoicing supplier +Visma in Sweden called +UsingQR. Their PDF invoices contain +a QR code with the key information of the invoice in JSON format. +This is the typical content of a QR code following the UsingQR +specification (based on a real world example, some numbers replaced to +get a more bogus entry). I've reformatted the JSON to make it easier +to read. Normally this is all on one long line:

+ +

+{
+ "vh":500.00,
+ "vm":0,
+ "vl":0,
+ "uqr":1,
+ "tp":1,
+ "nme":"Din Leverandør",
+ "cc":"NO",
+ "cid":"997912345 MVA",
+ "iref":"12300001",
+ "idt":"20151022",
+ "ddt":"20151105",
+ "due":2500.0000,
+ "cur":"NOK",
+ "pt":"BBAN",
+ "acc":"17202612345",
+ "bc":"BIENNOK1",
+ "adr":"0313 OSLO"
+}
+

+ +

The interpretation of the fields can be found in the +format +specification (revision 2 from june 2014). The format seem to +have most of the information needed to handle accounting and payment +of invoices, at least the fields I have needed so far here in +Norway.

+ +

Unfortunately, the site and document do not mention anything about +the patent, trademark and copyright status of the format and the +specification. Because of this, I asked the people behind it back in +November to clarify. Ann-Christine Savlid (ann-christine.savlid (at) +visma.com) replied that Visma had not applied for patent or trademark +protection for this format, and that there were no copyright based +usage limitations for the format. I urged her to make sure this was +explicitly written on the web pages and in the specification, but +unfortunately this has not happened yet. So I guess if there is +submarine patents, hidden trademarks or a will to sue for copyright +infringements, those starting to use the UsingQR format might be at +risk, but if this happen there is some legal defense in the fact that +the people behind the format claimed it was safe to do so. At least +with patents, there is always +a +chance of getting sued...

+ +

I also asked if they planned to maintain the format in an +independent standard organization to give others more confidence that +they would participate in the standardization process on equal terms +with Visma, but they had no immediate plans for this. Their plan was +to work with banks to try to get more users of the format, and +evaluate the way forward if the format proved to be popular. I hope +they conclude that using an open standard organisation like +IETF is the correct place to +maintain such specification.

+ +

Update 2016-03-20: Via Twitter I became aware of +some comments +about this blog post that had several useful links and references to +similar systems. In the Czech republic, the Czech Banking Association +standard #26, with short name SPAYD, uses QR codes with payment +information. More information is available from the Wikipedia page on +Short +Payment Descriptor. And in Germany, there is a system named +BezahlCode, +(specification +v1.8 2013-12-05 available as PDF), which uses QR codes with +URL-like formatting using "bank:" as the URI schema/protocol to +provide the payment information. There is also the +ZUGFeRD +file format that perhaps could be transfered using QR codes, but I am +not sure if it is done already. Last, in Bolivia there are reports +that tax information since november 2014 need to be printed in QR +format on invoices. I have not been able to track down a +specification for this format, because of my limited language skill +sets.

+
+
+ + + Tags: english, standard. + + +
+
+
+ +
+
Making battery measurements a little easier in Debian
+
15th March 2016
+

Back in September, I blogged about +the +system I wrote to collect statistics about my laptop battery, and +how it showed the decay and death of this battery (now replaced). I +created a simple deb package to handle the collection and graphing, +but did not want to upload it to Debian as there were already +a battery-stats +package in Debian that should do the same thing, and I did not see +a point of uploading a competing package when battery-stats could be +fixed instead. I reported a few bugs about its non-function, and +hoped someone would step in and fix it. But no-one did.

+ +

I got tired of waiting a few days ago, and took matters in my own +hands. The end result is that I am now the new upstream developer of +battery stats (available from github) and part of the team maintaining +battery-stats in Debian, and the package in Debian unstable is finally +able to collect battery status using the /sys/class/power_supply/ +information provided by the Linux kernel. If you install the +battery-stats package from unstable now, you will be able to get a +graph of the current battery fill level, to get some idea about the +status of the battery. The source package build and work just fine in +Debian testing and stable (and probably oldstable too, but I have not +tested). The default graph you get for that system look like this:

+ +

+ +

My plans for the future is to merge my old scripts into the +battery-stats package, as my old scripts collected a lot more details +about the battery. The scripts are merged into the upstream +battery-stats git repository already, but I am not convinced they work +yet, as I changed a lot of paths along the way. Will have to test a +bit more before I make a new release.

+ +

I will also consider changing the file format slightly, as I +suspect the way I combine several values into one field might make it +impossible to know the type of the value when using it for processing +and graphing.

+ +

If you would like I would like to keep an close eye on your laptop +battery, check out the battery-stats package in +Debian and +on +github. +I would love some help to improve the system further.

+
+
+ + + Tags: debian, english. + + +
+
+
+ +
+
Creating, updating and checking debian/copyright semi-automatically
+
19th February 2016
+

Making packages for Debian requires quite a lot of attention to +details. And one of the details is the content of the +debian/copyright file, which should list all relevant licenses used by +the code in the package in question, preferably in +machine +readable DEP5 format.

+ +

For large packages with lots of contributors it is hard to write +and update this file manually, and if you get some detail wrong, the +package is normally rejected by the ftpmasters. So getting it right +the first time around get the package into Debian faster, and save +both you and the ftpmasters some work.. Today, while trying to figure +out what was wrong with +the +zfsonlinux copyright file, I decided to spend some time on +figuring out the options for doing this job automatically, or at least +semi-automatically.

+ +

Lucikly, there are at least two tools available for generating the +file based on the code in the source package, +debmake +and cme. I'm +not sure which one of them came first, but both seem to be able to +create a sensible draft file. As far as I can tell, none of them can +be trusted to get the result just right, so the content need to be +polished a bit before the file is OK to upload. I found the debmake +option in +a +blog posts from 2014. + +

To generate using debmake, use the -cc option: + +

+debmake -cc > debian/copyright
+

+ +

Note there are some problems with python and non-ASCII names, so +this might not be the best option.

+ +

The cme option is based on a config parsing library, and I found +this approach in +a +blog post from 2015. To generate using cme, use the 'update +dpkg-copyright' option: + +

+cme update dpkg-copyright
+

+ +

This will create or update debian/copyright. The cme tool seem to +handle UTF-8 names better than debmake.

+ +

When the copyright file is created, I would also like some help to +check if the file is correct. For this I found two good options, +debmake -k and license-reconcile. The former seem +to focus on license types and file matching, and is able to detect +ineffective blocks in the copyright file. The latter reports missing +copyright holders and years, but was confused by inconsistent license +names (like CDDL vs. CDDL-1.0). I suspect it is good to use both and +fix all issues reported by them before uploading. But I do not know +if the tools and the ftpmasters agree on what is important to fix in a +copyright file, so the package might still be rejected.

+ +

The devscripts tool licensecheck deserve mentioning. It +will read through the source and try to find all copyright statements. +It is not comparing the result to the content of debian/copyright, but +can be useful when verifying the content of the copyright file.

+ +

Are you aware of better tools in Debian to create and update +debian/copyright file. Please let me know, or blog about it on +planet.debian.org.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+ +

Update 2016-02-20: I got a tip from Mike Gabriel +on how to use licensecheck and cdbs to create a draft copyright file + +

+licensecheck --copyright -r `find * -type f` | \
+  /usr/lib/cdbs/licensecheck2dep5 > debian/copyright.auto
+

+ +

He mentioned that he normally check the generated file into the +version control system to make it easier to discover license and +copyright changes in the upstream source. I will try to do the same +with my packages in the future.

+ +

Update 2016-02-21: The cme author recommended +against using -quiet for new users, so I removed it from the proposed +command line.

+
+
+ + + Tags: debian, english. + + +
+
+
+ +
+
Using appstream in Debian to locate packages with firmware and mime type support
+
4th February 2016
+

The appstream system +is taking shape in Debian, and one provided feature is a very +convenient way to tell you which package to install to make a given +firmware file available when the kernel is looking for it. This can +be done using apt-file too, but that is for someone else to blog +about. :)

+ +

Here is a small recipe to find the package with a given firmware +file, in this example I am looking for ctfw-3.2.3.0.bin, randomly +picked from the set of firmware announced using appstream in Debian +unstable. In general you would be looking for the firmware requested +by the kernel during kernel module loading. To find the package +providing the example file, do like this:

+ +
+% apt install appstream
+[...]
+% apt update
+[...]
+% appstreamcli what-provides firmware:runtime ctfw-3.2.3.0.bin | \
+  awk '/Package:/ {print $2}'
+firmware-qlogic
+%
+
+ +

See the +appstream wiki page to learn how to embed the package metadata in +a way appstream can use.

+ +

This same approach can be used to find any package supporting a +given MIME type. This is very useful when you get a file you do not +know how to handle. First find the mime type using file +--mime-type, and next look up the package providing support for +it. Lets say you got an SVG file. Its MIME type is image/svg+xml, +and you can find all packages handling this type like this:

+ +
+% apt install appstream
+[...]
+% apt update
+[...]
+% appstreamcli what-provides mimetype image/svg+xml | \
+  awk '/Package:/ {print $2}'
+bkchem
+phototonic
+inkscape
+shutter
+tetzle
+geeqie
+xia
+pinta
+gthumb
+karbon
+comix
+mirage
+viewnior
+postr
+ristretto
+kolourpaint4
+eog
+eom
+gimagereader
+midori
+%
+
+ +

I believe the MIME types are fetched from the desktop file for +packages providing appstream metadata.

+
+
+ + + Tags: debian, english. + + +
+
+
+ +
+
Creepy, visualise geotagged social media information - nice free software
+
24th January 2016
+

Most people seem not to realise that every time they walk around +with the computerised radio beacon known as a mobile phone their +position is tracked by the phone company and often stored for a long +time (like every time a SMS is received or sent). And if their +computerised radio beacon is capable of running programs (often called +mobile apps) downloaded from the Internet, these programs are often +also capable of tracking their location (if the app requested access +during installation). And when these programs send out information to +central collection points, the location is often included, unless +extra care is taken to not send the location. The provided +information is used by several entities, for good and bad (what is +good and bad, depend on your point of view). What is certain, is that +the private sphere and the right to free movement is challenged and +perhaps even eradicated for those announcing their location this way, +when they share their whereabouts with private and public +entities.

+ +

+ +

The phone company logs provide a register of locations to check out +when one want to figure out what the tracked person was doing. It is +unavailable for most of us, but provided to selected government +officials, company staff, those illegally buying information from +unfaithful servants and crackers stealing the information. But the +public information can be collected and analysed, and a free software +tool to do so is called +Creepy or Cree.py. I +discovered it when I read +an +article about Creepy in the Norwegian newspaper Aftenposten i +November 2014, and decided to check if it was available in Debian. +The python program was in Debian, but +the version in +Debian was completely broken and practically unmaintained. I +uploaded a new version which did not work quite right, but did not +have time to fix it then. This Christmas I decided to finally try to +get Creepy operational in Debian. Now a fixed version is available in +Debian unstable and testing, and almost all Debian specific patches +are now included +upstream.

+ +

The Creepy program visualises geolocation information fetched from +Twitter, Instagram, Flickr and Google+, and allow one to get a +complete picture of every social media message posted recently in a +given area, or track the movement of a given individual across all +these services. Earlier it was possible to use the search API of at +least some of these services without identifying oneself, but these +days it is impossible. This mean that to use Creepy, you need to +configure it to log in as yourself on these services, and provide +information to them about your search interests. This should be taken +into account when using Creepy, as it will also share information +about yourself with the services.

+ +

The picture above show the twitter messages sent from (or at least +geotagged with a position from) the city centre of Oslo, the capital +of Norway. One useful way to use Creepy is to first look at +information tagged with an area of interest, and next look at all the +information provided by one or more individuals who was in the area. +I tested it by checking out which celebrity provide their location in +twitter messages by checkout out who sent twitter messages near a +Norwegian TV station, and next could track their position over time, +making it possible to locate their home and work place, among other +things. A similar technique have been +used +to locate Russian soldiers in Ukraine, and it is both a powerful +tool to discover lying governments, and a useful tool to help people +understand the value of the private information they provide to the +public.

+ +

The package is not trivial to backport to Debian Stable/Jessie, as +it depend on several python modules currently missing in Jessie (at +least python-instagram, python-flickrapi and +python-requests-toolbelt).

+ +

(I have uploaded +the image to +screenshots.debian.net and licensed it under the same terms as the +Creepy program in Debian.)

+
+
+ + + Tags: debian, english, nice free software. + + +
+
+
+ +
+
Always download Debian packages using Tor - the simple recipe
+
15th January 2016
+

During his DebConf15 keynote, Jacob Appelbaum +observed +that those listening on the Internet lines would have good reason to +believe a computer have a given security hole if it download a +security fix from a Debian mirror. This is a good reason to always +use encrypted connections to the Debian mirror, to make sure those +listening do not know which IP address to attack. In August, Richard +Hartmann observed that encryption was not enough, when it was possible +to interfere download size to security patches or the fact that +download took place shortly after a security fix was released, and +proposed +to always use Tor to download packages from the Debian mirror. He +was not the first to propose this, as the +apt-transport-tor +package by Tim Retout already existed to make it easy to convince apt +to use Tor, but I was not +aware of that package when I read the blog post from Richard.

+ +

Richard discussed the idea with Peter Palfrader, one of the Debian +sysadmins, and he set up a Tor hidden service on one of the central +Debian mirrors using the address vwakviie2ienjx6t.onion, thus making +it possible to download packages directly between two tor nodes, +making sure the network traffic always were encrypted.

+ +

Here is a short recipe for enabling this on your machine, by +installing apt-transport-tor and replacing http and https +urls with tor+http and tor+https, and using the hidden service instead +of the official Debian mirror site. I recommend installing +etckeeper before you start to have a history of the changes +done in /etc/.

+ +
+apt install apt-transport-tor
+sed -i 's% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%' /etc/apt/sources.list
+sed -i 's% http% tor+http%' /etc/apt/sources.list
+
+ +

If you have more sources listed in /etc/apt/sources.list.d/, run +the sed commands for these too. The sed command is assuming your are +using the ftp.debian.org Debian mirror. Adjust the command (or just +edit the file manually) to match your mirror.

+ +

This work in Debian Jessie and later. Note that tools like +apt-file only recently started using the apt transport +system, and do not work with these tor+http URLs. For +apt-file you need the version currently in experimental, +which need a recent apt version currently only in unstable. So if you +need a working apt-file, this is not for you.

+ +

Another advantage from this change is that your machine will start +using Tor regularly and at fairly random intervals (every time you +update the package lists or upgrade or install a new package), thus +masking other Tor traffic done from the same machine. Using Tor will +become normal for the machine in question.

+ +

On Freedombox, APT +is set up by default to use apt-transport-tor when Tor is +enabled. It would be great if it was the default on any Debian +system.

+
+
+ + + Tags: debian, english, sikkerhet. + + +
+
+
+ +
+
Nedlasting fra NRK, som Matroska med undertekster
+
2nd January 2016
+

Det kommer stadig nye løsninger for å ta lagre unna innslag fra NRK +for å se på det senere. For en stund tilbake kom jeg over et script +nrkopptak laget av Ingvar Hagelund. Han fjernet riktignok sitt script +etter forespørsel fra Erik Bolstad i NRK, men noen tok heldigvis og +gjorde det tilgjengelig +via github.

+ +

Scriptet kan lagre som MPEG4 eller Matroska, og bake inn +undertekster i fila på et vis som blant annet VLC forstår. For å +bruke scriptet, kopier ned git-arkivet og kjør

+ +

+nrkopptak/bin/nrk-opptak k https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-1/episode-1
+

+ +

URL-eksemplet er dagens toppsak på tv.nrk.no. Argument 'k' ber +scriptet laste ned og lagre som Matroska. Det finnes en rekke andre +muligheter for valg av kvalitet og format.

+ +

Jeg foretrekker dette scriptet fremfor youtube-dl, som + +nevnt i 2014 støtter NRK og en rekke andre videokilder, på grunn +av at nrkopptak samler undertekster og video i en enkelt fil, hvilket +gjør håndtering enklere på disk.

+
+
+ + + Tags: multimedia, norsk, video, web. + + +
+
+
+
OpenALPR, find car license plates in video streams - nice free software
23rd December 2015
@@ -42,7 +601,7 @@ even the score when it comes to surveillance and sousveillance. I discovered the developer wanted to get the tool into Debian, and as I too wanted it to be in Debian, I volunteered to -help him get into into shape to get it uploaded into the Debian +help him get it into shape to get the package uploaded into the Debian archive.

Today we finally managed to get the package into shape and uploaded @@ -71,7 +630,7 @@ package show up in unstable.

- Tags: debian, english. + Tags: debian, english, nice free software.
@@ -283,916 +842,24 @@ hva slags problemer vi ser med dagens opphavsrettsregime.

-
-
The GNU General Public License is not magic pixie dust
-
30th November 2015
-

A blog post from my fellow Debian developer Paul Wise titled -"The -GPL is not magic pixie dust" explain the importance of making sure -the GPL is enforced. -I quote the blog post from Paul in full here with his permission:

- -

- -

Become a Software Freedom Conservancy Supporter!

- -
-The GPL is not magic pixie dust. It does not work by itself.
- -The first step is to choose a -copyleft license for your -code.
- -The next step is, when someone fails to follow that copyleft license, -it must be enforced
- -and its a simple fact of our modern society that such type of -work
- -is incredibly expensive to do and incredibly difficult to do. -
- -

-- Bradley Kuhn, in -FaiF -episode -0x57

- -

As the Debian Website -used -to -imply, public domain and permissively licensed software can lead to -the production of more proprietary software as people discover useful -software, extend it and or incorporate it into their hardware or -software products. Copyleft licenses such as the GNU GPL were created -to close off this avenue to the production of proprietary software but -such licenses are not enough. With the ongoing adoption of Free -Software by individuals and groups, inevitably the community's -expectations of license compliance are violated, usually out of -ignorance of the way Free Software works, but not always. As Karen -and Bradley explained in FaiF -episode 0x57, -copyleft is nothing if no-one is willing and able to stand up in court -to protect it. The reality of today's world is that legal -representation is expensive, difficult and time consuming. With -gpl-violations.org in hiatus -until -some time in 2016, the Software -Freedom Conservancy (a tax-exempt charity) is the major defender -of the Linux project, Debian and other groups against GPL violations. -In March the SFC supported a -lawsuit -by Christoph Hellwig against VMware for refusing to -comply -with the GPL in relation to their use of parts of the Linux -kernel. Since then two of their sponsors pulled corporate funding and -conferences -blocked -or cancelled their talks. As a result they have decided to rely -less on corporate funding and more on the broad community of -individuals who support Free Software and copyleft. So the SFC has -launched -a campaign to create -a community of folks who stand up for copyleft and the GPL by -supporting their work on promoting and supporting copyleft and Free -Software.

- -

If you support Free Software, -like -what the SFC do, agree with their -compliance -principles, are happy about their -successes in 2015, -work on a project that is an SFC -member and or -just want to stand up for copyleft, please join -Christopher -Allan Webber, -Carol -Smith, -Jono -Bacon, myself and -others in -becoming a -supporter. For the -next week your donation will be -matched -by an anonymous donor. Please also consider asking your employer to -match your donation or become a sponsor of SFC. Don't forget to -spread the word about your support for SFC via email, your blog and or -social media accounts.

- -
- -

I agree with Paul on this topic and just signed up as a Supporter -of Software Freedom Conservancy myself. Perhaps you should be a -supporter too?

-
-
- - - Tags: debian, debian edu, english, opphavsrett. - - -
-
-
- -
-
PGP key transition statement for key EE4E02F9
-
17th November 2015
-

I've needed a new OpenPGP key for a while, but have not had time to -set it up properly. I wanted to generate it offline and have it -available on a OpenPGP -smart card for daily use, and learning how to do it and finding -time to sit down with an offline machine almost took forever. But -finally I've been able to complete the process, and have now moved -from my old GPG key to a new GPG key. See -the -full transition statement, signed with both my old and new key for -the details. This is my new key:

- -
-pub   3936R/111D6B29EE4E02F9 2015-11-03 [expires: 2019-11-14]
-      Key fingerprint = 3AC7 B2E3 ACA5 DF87 78F1  D827 111D 6B29 EE4E 02F9
-uid                  Petter Reinholdtsen <pere@hungry.com>
-uid                  Petter Reinholdtsen <pere@debian.org>
-sub   4096R/87BAFB0E 2015-11-03 [expires: 2019-11-02]
-sub   4096R/F91E6DE9 2015-11-03 [expires: 2019-11-02]
-sub   4096R/A0439BAB 2015-11-03 [expires: 2019-11-02]
-
- -

The key can be downloaded from the OpenPGP key servers, signed by -my old key.

- -

If you signed my old key -(DB4CCC4B2A30D729), -I'd very much appreciate a signature on my new key, details and -instructions in the transition statement. I m happy to reciprocate if -you have a similarly signed transition statement to present.

-
-
- - - Tags: debian, english, sikkerhet. - - -
-
-
- -
-
Redegjørelse holdt i Pentagon om «Internet Governance og påvirkning på nasjonal sikkerhet» - klagesak hos Sivilombudsmannen
-
11th November 2015
-

Jeg -blogget -for noen dager siden hva jeg har klart å finne ut så langt om en -redegjørelse med tittelen «Internet Governance og påvirkning på -nasjonal sikkerhet» fra et møte «holdt i Pentagon for et avgrenset -utvalg av NATO-nasjoner, hvor arrangør ikke hadde til hensikt å gjøre -innholdet offentlig kjent». Innsynssaken er påklaget til -Sivilombudsmannen, og her er utvekslingen med Sivilombudsmannen så -langt. Det startet med en innsynshenvendelse til Samferdselsdepartementet -(sak -2012/914 -- -kopi -av noen av dokumenter på Mimes brønn). Deretter gikk det slag i slag. -Se den overnevnte bloggposten for detaljer.

- -

Da det virket rart at Utenriksdepartementet og -Samferdselsdepartementet ikke er enige i hvorfor dokumentet skulle -unndras offentlighet, og at et dokument relevant for en tre år gammel -forhandling fortsatt skulle holdes hemmelig for å ikke avsløre Norges -forhandlingsposisjon, klaget vi saken inn for Sivilombudsmannen. -Foreningen NUUG sa seg villig til å -dekke advokatkostnader til å formulere klagen, og advokat Ola Tellesbø -tok på seg oppgaven. Her er klagen vi sendte for noen uker siden: - -

-

Klage til Sivilombudsmannen

- -

Norsk Unix User Group, heretter NUUG, klager på vegne av sitt -medlem Petter Reinholdtsen over manglende innsyn. Det klages også over -manglende journalføring hos den norske FN-delegasjonen i Geneve.

- -

Om NUUG og offentlighet - -

Herværende sak er av stor prinsipiell verdi for NUUG. NUUG er en -ikke-kommersiell forening som arbeider for utbredelse av UNIX-lignende -systemer, fri programvare og åpne standarder i Norge. Foreningen har -306 medlemmer og driver tjenestene FiksGataMi og Mimes Brønn.

- -

Tjenesten Mimes Brønn er en innsynstjeneste hvor NUUGs medlemmer og -allmennheten kan spørre om innsyn i statens og kommunens -dokumenter. Mimes Brønn er basert på programvare fra MySociety i -England og er tilpasset på dugnad av NUUGs medlemmer. Noen av -medlemmene har benyttet tjenesten til selv å be om innsyn i -dokumenter. Vi i NUUG holder på med dette først og fremst fordi vi -syntes det er gøy å benytte fri programvare til samfunnsnyttige -formål. Dessuten ønsker NUUG å støtte opp under allmennhetens -innsynsrett etter Grunnlovens §100 og formålet til -offentlighetsloven. NUUG ønsker å legge til rette for en mer åpen, -tilgjengelig og vennlig forvaltning.

- -

Innsynshenvendelser flest imøtekommes tilfredsstillende. Enkelte -andre henvendelser har avstedkommet mindre imøtekommende svar og en -mer lukket forvaltning. En av sakene som har vist seg vanskelig og -uoversiktlig, er NUUG-medlem Petter Reinholdtsens langvarige søk etter -opplysninger om dokumenter i en sak som berører 'Interent -Governance'. Siden NUUG mener behandlingen strider med formålet til -offentlighetsloven, og svekker tilliten til forvaltningen, trer NUUG -inn i sitt medlems krav om rett til innsyn i opplysninger i disse -dokumentene. Saken er av stor prinsipiell verdi for NUUG fordi NUUG -driver Mimes Brønn og medlemmene ønsker informasjon om hvordan Norge -forsøker å påvirke reguleringen av Internettet.

- -

NUUG ønsker at flere borgere engasjerer seg i de tingene våre -utøvende myndigheter foretar seg og er bekymret for at saksbehandling -som dette kan svekke den demokratisk deltakelsen.

- -

Det legges til at NUUG sitter på betydelig kompetanse på 'Internett -Governance' med gode forutsetninger til å bidra konstruktivt. Det er -viktig at staten ikke begrenser innsyn i Internettets fellesanliggende -utover det loven hjemler samt aktivt praktiserer meroffentlighet på -feltet.

- -

Sakens bakgrunn

- -

I 2012 ba Petter Reinholdtsen om innsyn i et brev datert 22.5.2012 -med tittelen 'Internet Governance og påvirkning på nasjonal -sikkerhet'. Det ble gitt avslag med begrunnelse i pågående -forhandlinger.

- -

Tre år etterpå begjærte Reinholdtsen på ny innsyn, henholdsvis av -10.6.2015 til Utenriksdepartementet (UD) som avsender av brevet og av -21.6.2015 til Samferdselsdepartementet (SD) som mottaker.

- -

UD avslo innsyn 'med henvisning til offentleglova § 20 1. ledd -litra b'. Som bevis for det tilbys:

- -

Link 1: https://www.mimesbronn.no/request/brev_om_internet_governance_og_p

- -

SD avslo innsyn 'med begrunnelse i offentleglova § 20, bokstav -c'. Som bevis for det tilbys:

- -

Link 2: https://www.mimesbronn.no/request/kopi_av_dokumenter_i_sak_2012914

- -

Begge departementene vurderte merinnsyn.

- -

Linkene viser at det er klaget. SD opprettholdt den 28.8.2015 -avslaget med begrunnelse at dokumentet 'tilkjennegir posisjoner i de -internasjonale forhandlingene om regulering av Internett. Dette er -forhandlinger som pågår fremdeles i ulike internasjonale fora der -Norge deltar.'

- -

UD har ikke besvart klagen. Det ble purret 7.10.2015.

- -

Det klages herved på avslagene. Det klages også over manglende -begrunnelse for hvorfor SD og UD hver for seg har kommet til at -meroffentlighet ikke kommer til anvendelse.

- -

Klagen utvides til å omfatte at Norges FN-delegasjon i Geneve som -stod som avsender til SD, ikke har journalført dokumentet i sin -postjournal. Manglende journalføring forklarte UD 31.6.2015 med at -'siden delegasjonen kun var kopimottaker for dokumentet og -videresending til Samferdselsdepartementet ikke inngikk som en del av -intern saksbehandling er dokumentet ikke blitt journalført ved -delegasjonen'. Det anføres at dette ikke er et tilstrekkelig grunnlag -for ikke å journalføre dokumentet.

- -

Dersom Sivilombudsmannen kommer fram til at innsyn ikke skal gis, -ber vi om å få vurdert rett til innsyn i metainformasjon om når det -aktuelle møtet i Pentagon var, saksnummer hos avsender, hvilke stater -som deltok og navn på delegatene.

- -

Rettslige anførsler

- -

Avslagene er hjemlet i offentlighetslovens §20 som gjelder 'omsyn -til Norges utanrikspolitiske interesser'. UD viser til bokstav b om -rett til å avslå innsyn fordi opplysningene er gitt under forutsetning -av hemmelighold. SD viser til bokstav c om rett til å avslå innsyn i -opplysninger som gjelder norske forhandlingsposisjoner, -forhandlingsstrategier eller liknende.

- -

Offentlighetslovens §1 gir klare føringer for hvordan loven skal praktiseres: -

+

RSS feed

+
- -

Klagesaken fikk saksnummer 2015/2866 hos Sivilombudsmannen, og -foreløpig svar fulgte noen dager etter at vi sendte inn klagen: - -

-

FORELØPIG SVAR - SAK OM INNSYN I BREV OM «INTERNET GOVERNANCE»

- -

Ombudsmannen har mottatt ditt brev 17. september 2015 med vedlegg på -vegne av Norsk Unix User Group, som igjen representerer sitt medlem -Petter Reinholdtsen. Brevet ble mottatt her 14. oktober 2015.

- -

Saken gjelder for det første spørsmål om rett til innsyn hos -Utenriksdepartementet og Samferdselsdepartementet i et dokument med -tittelen «Internet Governance og påvirkning på nasjonal sikkerhet». -Det klages på Utenriksdepartementets avslag på innsyn i dokumentet -23. juli 2015 og Samferdselsdepartementets avslag på innsyn, som etter -klage ble opprettholdt 28. august 2015. Klagen gjelder også manglende -journalføring hos FN-delegasjonen i Genève.

- -

Samferdselsdepartementet er i brev herfra i dag bedt om å oversendte -sakens dokumenter, se vedlagte kopi. Når dokumentene er mottatt, vil -ombudsmannen vurdere om den delen av klagen som gjelder -Samferdselsdepartementets behandling av innsynsbegjæringen gir grunn -til videre behandling.

- -

Det fremgår av klagen at Reinholdtsen klaget til Utenriksdepartementet -på departementets avslag, men at han ikke har fått svar, og at han -purret departementet 7. oktober 2015. Det er herfra tatt kontakt med -Utenriksdepartementet Birger Veum opplyste til seniorrådgiver -Elisabeth Fougner, at svaret på grunn av en intern misforståelse ikke -er blitt sendt ut, men at Reinholdtsen nå vil få svar i løpet av få -dager.

- -

Ombudsmannens kontroll med forvaltningen skal være etterfølgende. Det -vil si at en sak ikke kan behandles før den er endelig avgjort i -forvaltningen. I første omgang må Norsk Unix User Group derfor -avvente Utenriksdepartementet behandling av klagen. Når departementet -har gitt et svar, kan det eventuelt rettes en ny klage hit om saken. -Dersom Reinholdtsen ikke snarlig mottar svar fra departementet kan det -også sendes en ny klage hit om dette.

- -

Prinsippet om at ombudsmannens kontroll skal være etterfølgende -tilsier også at Riksarkivet, som har tilsynssvar for arkivarbeid i -offentlige organer, bør ta stilling til klagen på manglende -journalføring hos den norske FN-delegasjonen i Genève før spørsmålet -behandles her. Norsk Unix User Group må derfor i første omgang ta -denne delen av klagen opp med Riksarkivet. Når Riksarkivet har tatt -endelig stilling til Journalføringsspørsmålet, kan det eventuelt -rettes en ny klage hit om dette spørsmålet.

- -

Det vil bli gikk tilbakemelding i saken om Samferdselsdepartementets -avslag på innsyn innen 2 - 4 uker.

-
- -

Henvendelsen fra Sivilombudsmannen til Samferdselsdepartementet ble -gitt samme saksnummer som opprinnelig avslag (sak -2015/3192), -og jeg ser fra Offentlig Elektronisk Postjournal (OEP) at -Samferdselsdepartementet har svart Sivilombudsmannen 2015-10-29. -Venter spent på hva de kommer frem til der.

- -

Vi ble bedt om å ta opp manglende journalføring først med -Riksarkivet, så der sendte jeg inn et -spørsmål -om innsyn i praksis og klage på manglende journalføring via Mimes -brønn, og har fått beskjed om at denne har fått -saksnummer -2015/29039. Den saken har ikke dukket opp på OEP i skrivende -stund, men jeg antar den kommer inn om noen dager.

- -

Samtidig som Sivilombudsmannen sendte oss det foreløpige svaret om -avslaget fra Samferdselsdepartementet kom Utenriksdepartementets svar -der de opprettholdt avslaget på innsyn. Dette sendte vi beskjed om -til Sivilombudsmannen like etter: - -

-

Vi viser til Sivilombudsmannens foreløpige svar av 22.10.2015.

- -

Utenriksdepartementet opprettholdt den 22.10.2015 sitt avslag, se -siste postering i linken:

- -

<https://www.mimesbronn.no/request/brev_om_internet_governance_og_p>

- -

Originaldokumentet fra Utenriksdepartementet kan lastes ned fra den -samme posteringen.

- -

Saken er dermed endelig avgjort i forvaltningen. Vi ber -Sivilombudsmannen om å ta opp igjen vår klage til fortsatt -behandling.

-
- -

Dette brevet ble tilordnet ny sak 2015/3077 hos Sivilombudsmannen, -som så vidt jeg kan forstå gjelder klagen mot Utenriksdepartementet. -Postjournalen hos Sivilombudsmannen har kun det ene dokumentet så -langt, og jeg fant ingenting hos Utenriksdepartementet fra -Sivilombudsmannen i OEP. Regner med at det dukker opp mer om noen -dager, når Sivilombudsmannen har bedt om mer informasjon.

- -

Jeg venter spent på fortsettelsen.

- -

Oppdatering 2015-11-17: Innsynshenvendelsen og klagen har fått saksnummer 2015/9816 hos Utenriksdepartementet.

-
-
- - - Tags: norsk, offentlig innsyn, opphavsrett, personvern. - - -
-
-
- -
-
Snurpenot-overvåkning av sensitiv personinformasjon
-
9th November 2015
-

Tenk om et norsk sykehus delte informasjon om hva som blir lest og -hvem som leser på sykehusets nettsted, med noen som samarbeider med et -fremmed lands etterretningsvesen, og at flere andre fremmede lands -etterretningstjenester kan snappe opp informasjonen.

- -

Tenk om flere sykehus, kommuner, helsestasjoner, universitet, -høyskoler, grunnskoler, Stortinget, det meste av offentlig -forvaltning, medier, adopsjonstjenester og krisesenter gjør det -samme?

- -

Tenk om de som lytter kan holde oversikt over norske borgeres -interesser, sykdommer, rusmisbruk, adopsjon, abort, barnehager, -politiske interesser og sympatier samt hvilke argumenter som har best -effekt på beslutningstagere og måter de kan påvirkes. Ville det gitt -grunn til bekymring?

- -

Høres det ut som noe tatt ut fra fantasien til George Orwell, -forfatteren av dystopien 1984? Det er virkeligheten i Norge i dag, -takket være bruken av statistikktjenester som Google Analytics.

- -

Du kan beskytte deg

- -

Men borgerne har et forsvar mot dette angrepet på privatsfæren. -Dagens nettlesere har utvidelser som støtter å blokkere slik -utlevering av informasjon. Personlig bruker jeg Privacy Badger, -Ghostery, NoScript og AdBlock, og anbefaler alle å gjøre noe -tilsvarende. Merk at noen av verktøyene lekker informasjon, i tillegg -til å gjøre en nyttig jobb, så det er lurt å bruke flere sammen. I -tillegg bør hver og en av oss sende inn protest til organisasjonene -bak nettsteder som bidrar til dette inngrepet i privatsfæren.

- -

Hvem bidrar til overvåkningen?

- -

Takket være Ghostery la jeg merke til at flere og flere norske -nettsteder begynte å la Google Analytics overvåke brukerne. Jeg ble -nysgjerrig på hvor mange det gjaldt, og gikk igjennom ca. 2700 norske -nettsteder, hovedsakelig offentlig forvaltning. Jeg laget et system -for å koble seg opp automatisk og sjekke hvor nettstedene spredte -informasjon om besøket. Jeg ble overrasket både over omfanget og hva -slags nettsteder som rapporterer besøksinformasjon ut av landet. -Omtrent 70 prosent av de 2700 sender informasjon til Google Analytics. -Noen tilfeldige eksempler er Akershus Universitetssykehus, Sykehuset -Østfold, Lommelegen, Oslo krisesenter, Stortinget, den norske -regjering, de fleste politiske partier på Stortinget, NAV, Altinn, -NRK, TV2, Helse Førde, Helse Stavanger, Oslo kommune, -Nasjonalbiblioteket, Pasientombudet, Kongehuset, Politiet, -Teknologirådet, Tollvesenet, Norsk romsenter, Forsvarsbygg og -Sivilforsvaret. Og det er mange flere.

- -

Hvordan kan det offentlige Norge omfavne en slik praksis? Det er -gode hensikter bak. Google har laget en god tjeneste for -nettstedseiere, der de uten å betale med noe annet enn en bit av de -besøkenes privatsfære får tilgang til nyttig og presis statistikk over -nettstedets bruk ved å besøke netttjenesten hos Google. De færreste -merker ulempene angrepet på privatsfæren som nettstedene og Google -utgjør.

- -

Hvordan foregår det?

- -

I nettsider kan nettsteder legge inn lenker til programkode som -skal kjøres av brukerens nettleser. De som tar i bruk Google -Analytics legger typisk inn lenke til et javascript-program hos Google -som ber nettleseren ta kontakt med Google og dele IP-adresse, side -besøkt, aktuelle cookies og endel informasjon om nettleseren med -Google Analytics. Programmet trenger ikke være det samme for alle som -henter det fra Google. Det finnes et Google Analytics-tilvalg kalt -«anonymisering» som nettstedeier kan ta i bruk. Dette instruerer det -omtalte programmet om å be Google slette deler av den oversendte -IP-adressen. Full IP-adresse sendes likevel over og er tilgjengelig -for alle som snapper opp informasjonen underveis.

- -

Takket være varsleren Edward Snowden, som bidro til uvurderlig -dokumentasjon på snurpenot-overvåkningen som nordmenn blir utsatt for, -vet vi at Google samarbeider med USAs etteretning som avlytter trafikk -sendt til Google Analytics.

- -

Men allerede før Snowden var det bekreftet at både britiske GCHQ og -USAs NSA avlytter og lagrer blant annet Internett-trafikk som er innom -et av landene, i tillegg til at FRA i Sverige avlytter og lagrer -trafikk som passerte grensa til Sverige.

- -

Og som -Datatilsynet -sa til Dagens Næringsliv i 2013 kunne de vanskelig nekte bruk av -skytjenester som Google Analytics når Norge var bundet av EUs «Safe -Harbour»-avtale med USA. De måtte derfor se bort fra -f.eks. FISAAA-loven (som lar NSA avlytte Internett-trafikk) i sine -vurderinger. Når nå EUs «Safe Harbour»-avtale er underkjent, og det -foreslås å bruke individuell avtalerett mellom selskaper som juridisk -grunnlag for å sende personopplysninger til USA, er det greit å huske -på at FISAA-loven og andre som brukes av USA som grunnlag for -masseovervåkning overstyrer slike avtaler.

- -

For øvrig burde varsleren Edward Snowden få politisk asyl i -Norge.

-
-
- - - Tags: norsk, personvern, surveillance. - - -
-
-
- -
-
TISA - nok en problematisk og hemmelig handelsavtale
-
5th November 2015
-

Norge er aktiv i Trade in Services Agreement-forhandlingene, og -regjeringen forteller at -«TISA -vil sikre norske tjenesteeksportører forutsigbar og -ikke-diskriminerende adgang til utenlandske tjenestemarkeder». -Det er mulig at det stemmer. Men den gjør mye mer enn det. Avtalen -forhandles i hemmelighet, og kun takket være -Wikileaks er -utkast og biter kjent i offentligheten. Det som er blitt kjent er -for eksempel at TISA kan -blokkere -myndigheter fra å kreve bruk av fri programvare i mange -situasjoner, hvilket vil fjerne muligheten vår til å ha kontroll -over egne datasystemer i slike tilfeller. Den kan også -blokkere -Norges mulighet til å holde kontroll med overføring av -personinformasjon ut av landet, hvilket Snowden-bekreftelsene har -dokumentert er svært problematisk. - -

Jeg ble derfor veldig glad da jeg i dag ble tipset i dag om at det -allerede finnes en aktiv organisasjon, -Folkeaksjonen mot -TISA, som jobber for å hindre at Norge signerer på TISA-avtalen. -Her må alle gode krefter jobbe sammen. Jeg skal sende dem litt -penger, og se om jeg har kapasitet til å bidra med mer.

-
-
- - - Tags: norsk, opphavsrett, personvern. - - -
-
-
- -
-
Is Pentagon deciding the Norwegian negotiating position on Internet governance?
-
3rd November 2015
-

In Norway, all government offices are required by law to keep a -list of every document or letter arriving and leaving their offices. -Internal notes should also be documented. The document list (called a mail -journal - "postjournal" in Norwegian) is public information and thanks -to the Norwegian Freedom of Information Act (Offentleglova) the mail -journal is available for everyone. Most offices even publish the mail -journal on their web pages, as PDFs or tables in web pages. The state-level offices even have a shared web based search service (called -Offentlig Elektronisk Postjournal - -OEP) to make it possible to search the entries in the list. Not -all journal entries show up on OEP, and the search service is hard to -use, but OEP does make it easier to find at least some interesting -journal entries .

- -

In 2012 I came across a document in the mail journal for the -Norwegian Ministry of Transport and Communications on OEP that -piqued my interest. The title of the document was -"Internet -Governance and how it affects national security" (Norwegian: -"Internet Governance og påvirkning på nasjonal sikkerhet"). The -document date was 2012-05-22, and it was said to be sent from the -"Permanent Mission of Norway to the United Nations". I asked for a -copy, but my request was rejected with a reference to a legal clause said to authorize them to reject it -(offentleglova § 20, -letter c) and an explanation that the document was exempt because -of foreign policy interests as it contained information related to the -Norwegian negotiating position, negotiating strategies or similar. I -was told the information in the document related to the ongoing -negotiation in the International Telecommunications Union (ITU). The -explanation made sense to me in early January 2013, as a ITU -conference in Dubay discussing Internet Governance -(World -Conference on International Telecommunications - WCIT-12) had just -ended, -reportedly -in chaos when USA walked out of the negotiations and 25 countries -including Norway refused to sign the new treaty. It seemed -reasonable to believe talks were still going on a few weeks later. -Norway was represented at the ITU meeting by two authorities, the -Norwegian Communications Authority -and the Ministry of -Transport and Communications. This might be the reason the letter -was sent to the ministry. As I was unable to find the document in the -mail journal of any Norwegian UN mission, I asked the ministry who had -sent the document to the ministry, and was told that it was the Deputy -Permanent Representative with the Permanent Mission of Norway in -Geneva.

- -

Three years later, I was still curious about the content of that -document, and again asked for a copy, believing the negotiation was -over now. This time -I -asked both the Ministry of Transport and Communications as the -receiver and -asked -the Permanent Mission of Norway in Geneva as the sender for a -copy, to see if they both agreed that it should be withheld from the -public. The ministry upheld its rejection quoting the same law -reference as before, while the permanent mission rejected it quoting a -different clause -(offentleglova § 20 -letter b), claiming that they were required to keep the -content of the document from the public because it contained -information given to Norway with the expressed or implied expectation -that the information should not be made public. I asked the permanent -mission for an explanation, and was told that the document contained -an account from a meeting held in the Pentagon for a limited group of NATO -nations where the organiser of the meeting did not intend the content -of the meeting to be publicly known. They explained that giving me a -copy might cause Norway to not get access to similar information in -the future and thus hurt the future foreign interests of Norway. They -also explained that the Permanent Mission of Norway in Geneva was not -the author of the document, they only got a copy of it, and because of -this had not listed it in their mail journal.

- -

Armed with this -knowledge I asked the Ministry to reconsider and asked who was the -author of the document, now realising that it was not same as the -"sender" according to Ministry of Transport and Communications. The -ministry upheld its rejection but told me the name of the author of -the document. According to -a -government report the author was with the Permanent Mission of -Norway in New York a bit more than a year later (2014-09-22), so I -guessed that might be the office responsible for writing and sending -the report initially and -asked -them for a copy but I was obviously wrong as I was told that the -document was unknown to them and that the author did not work there -when the document was written. Next, I asked the Permanent Mission of -Norway in Geneva and the Foreign Ministry to reconsider and at least -tell me who sent the document to Deputy Permanent Representative with -the Permanent Mission of Norway in Geneva. The Foreign Ministry also -upheld its rejection, but told me that the person sending the document -to Permanent Mission of Norway in Geneva was the defence attaché with -the Norwegian Embassy in Washington. I do not know if this is the -same person as the author of the document.

- -

If I understand the situation correctly, someone capable of -inviting selected NATO nations to a meeting in Pentagon organised a -meeting where someone representing the Norwegian defence attaché in -Washington attended, and the account from this meeting is interpreted -by the Ministry of Transport and Communications to expose Norways -negotiating position, negotiating strategies and similar regarding the -ITU negotiations on Internet Governance. It is truly amazing what can -be derived from mere meta-data.

- -

I wonder which NATO countries besides Norway attended this meeting? -And what exactly was said and done at the meeting? Anyone know?

-
-
- - - Tags: english, offentlig innsyn, opphavsrett, personvern. - - -
-
-
- -
-
New book, "Fri kultur" by @lessig, a Norwegian Bokmål translation of "Free Culture" from 2004
-
31st October 2015
-

People keep asking me where to get the various forms of the book I -published last week, the Norwegian Bokmål edition of Lawrence Lessigs -book Free Culture. It was -published on paper via lulu.com, and is also available in PDF, ePub -and MOBI format. I currently sell the paper edition for self cost -from lulu.com, but might extend the distribution to book stores like -Amazon and Barnes & Noble later. This will double the price and force -me to make a profit from selling the book. Anyway, here are links to -get the book in different formats:

+

Archive

-
- - - Tags: english, freeculture. - - -
-
-
- -

RSS feed

-