X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/79a2dc82881e483abc18900de789d987f912b0f0..bc7ce486af48211379a9e6a5c33321820b49c389:/blog/index.html?ds=sidebyside diff --git a/blog/index.html b/blog/index.html index fbebdf1efc..1a839e55ab 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,37 +20,114 @@
-
I.F. Stone - an inspiration for us all
-
13th April 2016
-

I first got to know I.F. Stone when I came across an article by Jon -Schwarz on The Intercept -about -his extraordinary contribution to investigative journalism in -USA. The article is about a new documentary in two parts -(part one is 12 minutes and -part two is 30 minutes), and -I found both truly fascinating. It is amazing what he was able to -find by digging up public sources and government papers. He -documented lots of government abuse and cover ups, and I find -his weekly news letters -inspiring to read even today.

+
Detecting NFS hangs on Linux without hanging yourself...
+
9th March 2017
+

Over the years, administrating thousand of NFS mounting linux +computers at the time, I often needed a way to detect if the machine +was experiencing NFS hang. If you try to use df or look at a +file or directory affected by the hang, the process (and possibly the +shell) will hang too. So you want to be able to detect this without +risking the detection process getting stuck too. It has not been +obvious how to do this. When the hang has lasted a while, it is +possible to find messages like these in dmesg:

-All governments are run by liars and nothing they say should be believed. -
- I. F. Stone +nfs: server nfsserver not responding, still trying +
nfs: server nfsserver OK

- -

His starting point was that reporters should not assume governments -and corporations are telling the truth, but verify all their claims as -much as possible. I wonder how many Norwegian reporters can be said -to follow the principles of I. F. Stone. They are definitely in short -supply. If you, like me half a year ago, have never heard of him, -check him out.

+ +

It is hard to know if the hang is still going on, and it is hard to +be sure looking in dmesg is going to work. If there are lots of other +messages in dmesg the lines might have rotated out of site before they +are noticed.

+ +

While reading through the nfs client implementation in linux kernel +code, I came across some statistics that seem to give a way to detect +it. The om_timeouts sunrpc value in the kernel will increase every +time the above log entry is inserted into dmesg. And after digging a +bit further, I discovered that this value show up in +/proc/self/mountstats on Linux.

+ +

The mountstats content seem to be shared between files using the +same file system context, so it is enough to check one of the +mountstats files to get the state of the mount point for the machine. +I assume this will not show lazy umounted NFS points, nor NFS mount +points in a different process context (ie with a different filesystem +view), but that does not worry me.

+ +

The content for a NFS mount point look similar to this:

+ +

+[...]
+device /dev/mapper/Debian-var mounted on /var with fstype ext3
+device nfsserver:/mnt/nfsserver/home0 mounted on /mnt/nfsserver/home0 with fstype nfs statvers=1.1
+        opts:   rw,vers=3,rsize=65536,wsize=65536,namlen=255,acregmin=3,acregmax=60,acdirmin=30,acdirmax=60,soft,nolock,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=129.240.3.145,mountvers=3,mountport=4048,mountproto=udp,local_lock=all
+        age:    7863311
+        caps:   caps=0x3fe7,wtmult=4096,dtsize=8192,bsize=0,namlen=255
+        sec:    flavor=1,pseudoflavor=1
+        events: 61063112 732346265 1028140 35486205 16220064 8162542 761447191 71714012 37189 3891185 45561809 110486139 4850138 420353 15449177 296502 52736725 13523379 0 52182 9016896 1231 0 0 0 0 0 
+        bytes:  166253035039 219519120027 0 0 40783504807 185466229638 11677877 45561809 
+        RPC iostats version: 1.0  p/v: 100003/3 (nfs)
+        xprt:   tcp 925 1 6810 0 0 111505412 111480497 109 2672418560317 0 248 53869103 22481820
+        per-op statistics
+                NULL: 0 0 0 0 0 0 0 0
+             GETATTR: 61063106 61063108 0 9621383060 6839064400 453650 77291321 78926132
+             SETATTR: 463469 463470 0 92005440 66739536 63787 603235 687943
+              LOOKUP: 17021657 17021657 0 3354097764 4013442928 57216 35125459 35566511
+              ACCESS: 14281703 14290009 5 2318400592 1713803640 1709282 4865144 7130140
+            READLINK: 125 125 0 20472 18620 0 1112 1118
+                READ: 4214236 4214237 0 715608524 41328653212 89884 22622768 22806693
+               WRITE: 8479010 8494376 22 187695798568 1356087148 178264904 51506907 231671771
+              CREATE: 171708 171708 0 38084748 46702272 873 1041833 1050398
+               MKDIR: 3680 3680 0 773980 993920 26 23990 24245
+             SYMLINK: 903 903 0 233428 245488 6 5865 5917
+               MKNOD: 80 80 0 20148 21760 0 299 304
+              REMOVE: 429921 429921 0 79796004 61908192 3313 2710416 2741636
+               RMDIR: 3367 3367 0 645112 484848 22 5782 6002
+              RENAME: 466201 466201 0 130026184 121212260 7075 5935207 5961288
+                LINK: 289155 289155 0 72775556 67083960 2199 2565060 2585579
+             READDIR: 2933237 2933237 0 516506204 13973833412 10385 3190199 3297917
+         READDIRPLUS: 1652839 1652839 0 298640972 6895997744 84735 14307895 14448937
+              FSSTAT: 6144 6144 0 1010516 1032192 51 9654 10022
+              FSINFO: 2 2 0 232 328 0 1 1
+            PATHCONF: 1 1 0 116 140 0 0 0
+              COMMIT: 0 0 0 0 0 0 0 0
+
+device binfmt_misc mounted on /proc/sys/fs/binfmt_misc with fstype binfmt_misc
+[...]
+

+ +

The key number to look at is the third number in the per-op list. +It is the number of NFS timeouts experiences per file system +operation. Here 22 write timeouts and 5 access timeouts. If these +numbers are increasing, I believe the machine is experiencing NFS +hang. Unfortunately the timeout value do not start to increase right +away. The NFS operations need to time out first, and this can take a +while. The exact timeout value depend on the setup. For example the +defaults for TCP and UDP mount points are quite different, and the +timeout value is affected by the soft, hard, timeo and retrans NFS +mount options.

+ +

The only way I have been able to get working on Debian and RedHat +Enterprise Linux for getting the timeout count is to peek in /proc/. +But according to +Solaris +10 System Administration Guide: Network Services, the 'nfsstat -c' +command can be used to get these timeout values. But this do not work +on Linux, as far as I can tell. I +asked Debian about this, +but have not seen any replies yet.

+ +

Is there a better way to figure out if a Linux NFS client is +experiencing NFS hangs? Is there a way to detect which processes are +affected? Is there a way to get the NFS mount going quickly once the +network problem causing the NFS hang has been cleared? I would very +much welcome some clues, as we regularly run into NFS hangs.

- Tags: english, offentlig innsyn. + Tags: debian, english, sysadmin.
@@ -58,57 +135,44 @@ check him out.

-
A French paperback edition of the book Free Culture by Lawrence Lessig is now available
-
12th April 2016
-

I'm happy to report that -the -French paperback edition of -my -project to translate the Free -Culture book by Lawrence Lessig is now available for sale on -Lulu.com. Once I have formally verified my proof reading copy, which -should be in the mail, the paperback edition should be available in -book stores like Amazon and Barnes & Noble too.

- -

This French edition, Culture Libre, is the work of the -dblatex developer Benoît -Guillon, who created the PO file from the initial translation -available from -the Wikilivres -wiki pages and completed and corrected the translation to match -the original docbook edition my project is using, as well as -coordinated the proof reading of the final result. I believe the end -result look great, but I am biased and do not read French. In -addition to the paperback edition, the book is available in PDF, EPUB -and Mobi format from the github project page linked to above.

- -

When enabling book store distribution on Lulu.com, I had to nearly -triple the price to allow the book stores some profit. I also had to -accept that I will get some revenue when a book is sold via Lulu.com. -But because of the non-commercial clause in the book license -(CC-BY-NC), this might be a problem. To bypass the problem I -discussed how to handle the revenue with the author, and we agreed -that the revenue for these editions go to the -Creative Commons non-profit -Corporation who handle donations to the Creative Commons project. -So far they have earned around USD 70 on sales of the -English -and -Norwegian -Bokmål editions, according to Lulu.com. They will get the revenue -for the French edition too. Their revenue is higher if you buy the -book directly from Lulu.com instead of via a book store, so I -recommend you buy directly from Lulu.com.

- -

Perhaps you would like to get the book published in your language? -The translation is done using a web based translator service, so the -technical bar to enter is fairly low. Get in touch if you would like -to make this happen.

+
How does it feel to be wiretapped, when you should be doing the wiretapping...
+
8th March 2017
+

So the new president in the United States of America claim to be +surprised to discover that he was wiretapped during the election +before he was elected president. He even claim this must be illegal. +Well, doh, if it is one thing the confirmations from Snowden +documented, it is that the entire population in USA is wiretapped, one +way or another. Of course the president candidates were wiretapped, +alongside the senators, judges and the rest of the people in USA.

+ +

Next, the Federal Bureau of Investigation ask the Department of +Justice to go public rejecting the claims that Donald Trump was +wiretapped illegally. I fail to see the relevance, given that I am +sure the surveillance industry in USA believe they have all the legal +backing they need to conduct mass surveillance on the entire +world.

+ +

There is even the director of the FBI stating that he never saw an +order requesting wiretapping of Donald Trump. That is not very +surprising, given how the FISA court work, with all its activity being +secret. Perhaps he only heard about it?

+ +

What I find most sad in this story is how Norwegian journalists +present it. In a news reports the other day in the radio from the +Norwegian National broadcasting Company (NRK), I heard the journalist +claim that 'the FBI denies any wiretapping', while the reality is that +'the FBI denies any illegal wiretapping'. There is a fundamental and +important difference, and it make me sad that the journalists are +unable to grasp it.

+ +

Update 2017-03-13: Look like +The +Intercept report that US Senator Rand Paul confirm what I state above.

- Tags: docbook, english, freeculture. + Tags: english, surveillance.
@@ -116,33 +180,33 @@ to make this happen.

-
Lets make a Norwegian Bokmål edition of The Debian Administrator's Handbook
-
10th April 2016
-

During this weekends -bug -squashing party and developer gathering, we decided to do our part -to make sure there are good books about Debian available in Norwegian -Bokmål, and got in touch with the people behind the -Debian Administrator's Handbook -project to get started. If you want to help out, please start -contributing using -the -hosted weblate project page, and get in touch using -the -translators mailing list. Please also check out -the instructions for -contributors.

- -

The book is already available on paper in English, French and -Japanese, and our goal is to get it available on paper in Norwegian -Bokmål too. In addition to the paper edition, there are also EPUB and -Mobi versions available. And there are incomplete translations -available for many more languages.

+
Norwegian Bokmål translation of The Debian Administrator's Handbook complete, proofreading in progress
+
3rd March 2017
+

For almost a year now, we have been working on making a Norwegian +Bokmål edition of The Debian +Administrator's Handbook. Now, thanks to the tireless effort of +Ole-Erik, Ingrid and Andreas, the initial translation is complete, and +we are working on the proof reading to ensure consistent language and +use of correct computer science terms. The plan is to make the book +available on paper, as well as in electronic form. For that to +happen, the proof reading must be completed and all the figures need +to be translated. If you want to help out, get in touch.

+ +

A + +fresh PDF edition in A4 format (the final book will have smaller +pages) of the book created every morning is available for +proofreading. If you find any errors, please +visit +Weblate and correct the error. The +state +of the translation including figures is a useful source for those +provide Norwegian bokmål screen shots and figures.

- Tags: debian, english. + Tags: debian, debian-handbook, english.
@@ -150,49 +214,72 @@ available for many more languages.

-
One in two hundred Debian users using ZFS on Linux?
-
7th April 2016
-

Just for fun I had a look at the popcon number of ZFS related -packages in Debian, and was quite surprised with what I found. I use -ZFS myself at home, but did not really expect many others to do so. -But I might be wrong.

- -

According to -the popcon -results for spl-linux, there are 1019 Debian installations, or -0.53% of the population, with the package installed. As far as I know -the only use of the spl-linux package is as a support library for ZFS -on Linux, so I use it here as proxy for measuring the number of ZFS -installation on Linux in Debian. In the kFreeBSD variant of Debian -the ZFS feature is already available, and there -the popcon -results for zfsutils show 1625 Debian installations or 0.84% of -the population. So I guess I am not alone in using ZFS on Debian.

- -

But even though the Debian project leader Lucas Nussbaum -announced -in April 2015 that the legal obstacles blocking ZFS on Debian were -cleared, the package is still not in Debian. The package is again in -the NEW queue. Several uploads have been rejected so far because the -debian/copyright file was incomplete or wrong, but there is no reason -to give up. The current status can be seen on -the -team status page, and -the -source code is available on Alioth.

- -

As I want ZFS to be included in next version of Debian to make sure -my home server can function in the future using only official Debian -packages, and the current blocker is to get the debian/copyright file -accepted by the FTP masters in Debian, I decided a while back to try -to help out the team. This was the background for my blog post about -creating, -updating and checking debian/copyright semi-automatically, and I -used the techniques I explored there to try to find any errors in the -copyright file. It is not very easy to check every one of the around -2000 files in the source package, but I hope we this time got it -right. If you want to help out, check out the git source and try to -find missing entries in the debian/copyright file.

+
Unlimited randomness with the ChaosKey?
+
1st March 2017
+

A few days ago I ordered a small batch of +the ChaosKey, a small +USB dongle for generating entropy created by Bdale Garbee and Keith +Packard. Yesterday it arrived, and I am very happy to report that it +work great! According to its designers, to get it to work out of the +box, you need the Linux kernel version 4.1 or later. I tested on a +Debian Stretch machine (kernel version 4.9), and there it worked just +fine, increasing the available entropy very quickly. I wrote a small +test oneliner to test. It first print the current entropy level, +drain /dev/random, and then print the entropy level for five seconds. +Here is the situation without the ChaosKey inserted:

+ +
+% cat /proc/sys/kernel/random/entropy_avail; \
+  dd bs=1M if=/dev/random of=/dev/null count=1; \
+  for n in $(seq 1 5); do \
+     cat /proc/sys/kernel/random/entropy_avail; \
+     sleep 1; \
+  done
+300
+0+1 oppføringer inn
+0+1 oppføringer ut
+28 byte kopiert, 0,000264565 s, 106 kB/s
+4
+8
+12
+17
+21
+%
+
+ +

The entropy level increases by 3-4 every second. In such case any +application requiring random bits (like a HTTPS enabled web server) +will halt and wait for more entrpy. And here is the situation with +the ChaosKey inserted:

+ +
+% cat /proc/sys/kernel/random/entropy_avail; \
+  dd bs=1M if=/dev/random of=/dev/null count=1; \
+  for n in $(seq 1 5); do \
+     cat /proc/sys/kernel/random/entropy_avail; \
+     sleep 1; \
+  done
+1079
+0+1 oppføringer inn
+0+1 oppføringer ut
+104 byte kopiert, 0,000487647 s, 213 kB/s
+433
+1028
+1031
+1035
+1038
+%
+
+ +

Quite the difference. :) I bought a few more than I need, in case +someone want to buy one here in Norway. :)

+ +

Update: The dongle was presented at Debconf last year. You might +find the talk +recording illuminating. It explains exactly what the source of +randomness is, if you are unable to spot it from the schema drawing +available from the ChaosKey web site linked at the start of this blog +post.

@@ -205,473 +292,34 @@ find missing entries in the debian/copyright file.

-
Statlig hemmelighold, «mangler» i OEP og treg journalføring - statistikk for 2015
-
7th April 2016
-

For litt mer enn et år siden laget jeg litt statistikk for 2013 og -2014 basert på Offentlig elektronisk -postjournal (OEP). Tallene finnes i tre bloggposter, en over -hvem -som er mest hemmelighetsfulle, en annen med -hvor -mye som mangler og en om -hvor -stor andel dokumenter som journalføres mer enn 180 dager etter -dokumentdato. Jeg synes det er interessant å se hvordan det -utvikler seg over tid, så her er tallene for 2015 og 2014. 2014-tallene -bør være de samme som sist, men kan ha litt avvik på grunn av -endringer/korreksjoner gjort i OEP. Denne gangen har jeg samlet alle -tallene i samme bloggpost.

- -

Først kommer statistikken over antall dokumenter som er registrert -unntatt offentligheten i OEP. Merk at klassifiseringen i OEP er -foreløpig, slik at en kan få innsyn i dokumenter merket unntatt -offentlighet når en spør, etter nærmere vurdering. Det er dermed ikke -gitt at prosentsatsen representerer hvor mange dokumenter som ville -blitt holdt tilbake på forespørsel.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
20152014Instans
ProsentAntall u.off.TotaltProsentAntall u.off.Totalt
0.0 0 2 0.0 0 0Valgdirektoratet
0.0 0 30 0.0 0 0Innstillingsrådet for dommere
0.3 11 3303 0.2 8 3589Medietilsynet
0.6 56 8013 0.9 60 6146Utlendingsnemnda
0.9 2 206 0.0 0 0Norsk Romsenter
1.0 182 17238 3.7 764 20353Norsk Filminstitutt
1.6 483 29920 2.7 720 26364Direktoratet for byggkvalitet
1.7 30 1674 2.5 42 1649Fredskorpset
2.42815116570 2.52098 82445Landbruksdirektoratet Oslo
2.5 621 24150 2.5 689 26855Direktoratet for utviklingssamarbeid
2.6 62 234013.3 288 2164Kunst i offentlige rom
3.2 272 8391 4.9 388 7838Statens strålevern
3.7 372 9970 4.4 480 10808Petroleumstilsynet
4.4 456 10318 3.7 408 10782Forbrukerombudet
5.0 14 27811.0 22 200Kompetansesenter for distriktsutvikling
6.2 467 7486 4.8 385 7973Sysselmannen på Svalbard
6.3 294 4651 7.4 304 4078Språkrådet
6.51241 18817 6.51352 20776Riksantikvaren - Direktoratet for kulturminneforvaltning
6.85381 79048 7.95981 75393Fiskeridirektoratet
7.24201 57778 2.81542 53911Norges vassdrags- og energidirektorat
7.42028 2738510.82342 21539Kulturdepartementet
7.713994179777 7.913743171924Arbeidstilsynet
8.63256 37553 8.53203 37675Nærings- og fiskeridepartementet
9.87256 73440 8.86541 74189Statens vegvesen Region midt
10.73802 35467 7.52780 36664Forsvarsbygg
11.01157 10448 9.61148 11935Landbruks- og matdepartementet
11.11408912665211.712439105491Statens vegvesen Region vest
11.11756 15726 6.91242 17980Brønnøysundregistrene
11.23417 30277 9.32653 28291Lotteri- og stiftelsestilsynet
12.22012 1649013.02183 16736Fylkesmannen i Hedmark
12.69751 7714515.311188 72933Sjøfartsdirektoratet
12.811031 8599610.57895 74653Arkivverket
12.82112616490612.619230151541Statens vegvesen Region øst
12.9 941 724722.81687 7393Domstoladministrasjonen
13.01417010828414.015650111147Statens vegvesen Region sør
13.41394 1036417.51484 8440Direktoratet for mineralforvaltning med Bergmesteren for Svalbard
13.65297 3870711.54366 37961Statens vegvesen Vegdirektoratet
14.43001 2082013.02943 22557Samferdselsdepartementet
14.49453 6564212.77841 61425Statens vegvesen Region nord
14.66998 4767011.25179 46025Statsbygg
15.43984 2576914.63663 25010Kunnskapsdepartementet
15.66769 43139 8.53697 43364Justervesenet
15.8 178 112616.1 184 1140Landinfo
16.2 516 318324.2 919 3790Landbruksdirektoratet Alta
16.21859 1142412.01100 9120Havforskningsinstituttet
16.3 142 869 0.0 0 0Fylkesmannen i Aust-Agder (frem til 31.12.15)
16.62081 1252221.12722 12850Statens jernbanetilsyn
17.210669 6202320.911602 55388Utdanningsdirektoratet
18.411189 6057712.96743 51881Miljødirektoratet
18.52719314680349.92549 5108Norsk kulturråd
18.82499 1328120.82888 13853Olje- og energidepartementet
18.87804 4136215.05824 38769Luftfartstilsynet
19.1 479 250521.1 563 2660Norges geologiske undersøkelse
19.213777 7140920.413318 65121Utenriksdepartementet
19.83605 1819422.14177 18833Klima- og miljødepartementet
20.61736 841223.12018 8701Statens lånekasse for utdanning
20.62930 1422018.72459 13138Barne-, ungdoms- og familiedirektoratet
21.03786 1797518.43213 17452Fylkesmannen i Telemark
21.44930 2297122.54565 20202Fylkesmannen i Møre og Romsdal
22.08244 3738517.56420 36587Statens kartverk
23.02212 959323.01797 7799Norsk Akkreditering
23.06622 2877721.46142 28622Nasjonal kommunikasjonsmyndighet
23.42672 1140525.73039 11812Oljedirektoratet
23.65430 2291820.24847 23968Fylkesmannen i Oppland
23.83657 1533422.63277 14499Fylkesmannen i Aust-Agder
23.88182 3432523.77754 32598Kommunal- og moderniseringsdepartementet
24.05806 2410327.45998 21864Barne-, likestillings- og inkluderingsdepartementet
24.2 197 81431.6 196 620Statens institutt for rusmiddelforskning
24.43266 1333821.62600 11993Senter for internasjonalisering av utdanning
24.64728 1920824.44584 18715Fylkesmannen i Vest-Agder
24.83711 14933 6.4 795 12300Direktoratet for forvaltning og IKT
24.95002 2003321.63997 18424Fylkesmannen i Nord-Trøndelag
25.11246 495427.21305 4781Konkurransetilsynet
25.65674 2212820.44936 24189Helse- og omsorgsdepartementet
26.922947 8529324.321337 87572Helsedirektoratet
27.23648 1340118.51898 10234Vox, nasjonalt fagorgan for kompetansepolitikk
27.623161 8379529.722587 75973Statens legemiddelverk
27.76373 2294128.36449 22738Fylkesmannen i Sør-Trøndelag
27.9 784 2807 0.0 0 0Jernbaneverket
29.61290 435247.01401 2976Nasjonalt organ for kvalitet i utdanningen (NOKUT)
29.86990 2338830.27263 23997Fylkesmannen i Buskerud
29.92932 977832.33439 10643Statsministerens kontor
30.3 147 485 0.0 0 0Fylkesmannen i Vest-Agder (frem til 31.12.115)
31.59472 3004728.99498 32839Fylkesmannen i Rogaland
31.81627 511234.22082 6072Datatilsynet
31.91128 352832.91302 3950Statens pensjonskasse
31.913718 4291832.212887 39921Fylkesmannen i Hordaland
32.07510 2346433.07544 22837Fylkesmannen i Vestfold
32.51116 342732.41261 3883Nasjonalbiblioteket
32.81662 505348.22689 5578Direktoratet for økonomistyring
33.16811 2056728.75041 17513Fylkesmannen i Sogn og Fjordane
33.76975 2066629.16110 20994Fylkesmannen i Finnmark
33.87254 2140233.57138 21304Finansdepartementet
34.1 387 1133 0.0 0 0Tilsynsutvalget for dommere
34.510466 3026142.77416 17342Integrerings- og mangfoldsdirektoratet
36.616005 4361940.717996 44140Finanstilsynet
36.77170 1952536.67481 20434Fylkesmannen i Østfold
40.216584 4121132.712187 37237Kystverket
40.94942 1208046.35934 12802Forsvarsdepartementet
41.413295 3205041.311805 28568Fylkesmannen i Troms
43.09595 2227543.910288 23422Arbeids- og sosialdepartementet
44.69809 2196748.09627 20021Politidirektoratet
45.225158 5561143.822379 51043Justis- og beredskapsdepartementet
49.518312 3697649.613752 27719Fylkesmannen i Nordland
49.827453 5502850.024782 49473Fylkesmannen i Oslo og Akershus
50.332997 6551339.524644 62276Direktoratet for samfunnssikkerhet og beredskap
54.411213 2060649.47519 15204Utlendingsdirektoratet
54.510338 1894839.75986 15043Statistisk sentralbyrå
54.85075 925656.04781 8528Direktoratet for nødkommunikasjon
55.47765 1399846.76278 13421Nasjonalt folkehelseinstitutt
57.61690 293170.23401 4840Statens innkrevingssentral
58.07019 1210139.23671 9352Departementenes sikkerhets- og serviceorganisasjon
66.217293 2609768.118027 26463Skattedirektoratet
69.53949 567660.12576 4284Kriminalomsorgsdirektoratet
70.816713 2358170.612556 17777Statens helsetilsyn
71.11146 161076.51160 1516Statens arbeidsmiljøinstitutt
79.29343 1179174.78328 11144Toll- og avgiftsdirektoratet
83.712231714599482.2112645137034Husbanken
85.684427 9862687.082682 94950Norges forskningsråd
91.1 609 668 0.0 0 0Direktoratet for e-helse
91.410838 1185487.110278 11798Garantiinstituttet for eksportkreditt
98.917373 17563 0.0 0 0Forbrukerrådet
- -

Interessant å se hvordan Utenriksdepartementet tilsynelatende er -blitt ekstremt mer hemmelighetsfull på tre år. I 2015 var 99,8% av -71409 dokumenter merket som unntatt offentlighet, mens i 2014 var det -44,3% av 65121 og og i 2013 var det bare 12,1% av 67828. Lurer på hva -som har skjedd. (Oppdatering 13:40: Dette er en teknisk feil -i databasen, da UD har begynt å legge inn '-' der det ikke er unntak, -mens det tidligere var et tomt felt. Skal lage ny statistikk, men det -tar noen timer å lage ny tabell. Oppdatering 15:30: Ny tabell på -plass, mer forklaring nederst i teksten.)

- -

Dernest kommer statistikken over hvor mange saksnummer og -dokumenter som ikke finnes i OEP (dvs. hull i saksnummer- og -dokumentnummerserien). Se tidligere omtalte bloggpost for å forstå -hvordan slike hull kan oppstå uten at det er noe galt eller -mistenkelig med det.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SaksnummerDokumentnummerInstans
201520142015
%Upubl. saksnr.Totalt%Upubl. saksnrTotalt%Upubl. dok.nr.Totalt
0.0 0 1 0.0 0 0 0.0 0 2Valgdirektoratet
0.0 0 85 5.2 6 116 0.0 0 450Statens institutt for rusmiddelforskning
0.5 100 2125842.49849 23215 0.6 475 85333Norsk kulturråd
0.6 80 13924 1.0 154 15663 0.2 75 41603Justervesenet
1.2 20 1622 0.4 7 1568 0.6 90 15028Statistisk sentralbyrå
1.4 67 4623 1.5 74 5066 1.5 237 15762Arbeids- og sosialdepartementet
1.4 166 11932 0.9 84 9863 1.7 510 29452Direktoratet for byggkvalitet
1.4 451 32677 1.0 276 28515 0.4 298 78470Arkivverket
1.9 11 589 3.0 27 891 0.6 14 2211Statens innkrevingssentral
1.9 41 2162 2.2 44 1973 1.1 84 7583Direktoratet for mineralforvaltning med Bergmesteren for Svalbard
2.5 68 2728 4.0 99 2488 2.1 197 9393Forbrukerombudet
2.7 47 1758 0.6 8 1282 5.1 445 8359Vox, nasjonalt fagorgan for kompetansepolitikk
2.9 157 5351 3.0 129 4326 0.7 95 12763Brønnøysundregistrene
3.2 293 9121 2.0 132 6571 6.41653 24287Statens kartverk
3.5 40 1151 3.8 51 1326 6.0 275 4271Sysselmannen på Svalbard
3.6 53 1458 2.0 30 1470 1.6 155 9331Norsk Filminstitutt
3.7 313 8449 3.2 227 7092 1.3 413 31241Lotteri- og stiftelsestilsynet
3.8 645 17136 5.5 942 17213 2.91688 57442Statens legemiddelverk
4.7 353 748212.41001 8069 2.6 662 25153Norges vassdrags- og energidirektorat
4.9 940 19148 5.0 896 17781 1.61031 63978Fiskeridirektoratet
5.1 61 1206 4.4 47 1060 3.0 134 4317Statens strålevern
5.5 95 1721 6.9 126 1813 0.1 8 8231Statsministerens kontor
5.5 720 1298514.22803 19734 1.4 641 46830Direktoratet for samfunnssikkerhet og beredskap
5.7 252 4425 4.9 228 4638 1.8 298 16197Barne-, likestillings- og inkluderingsdepartementet
5.9 207 3534 5.2 207 3997 2.3 230 9930Klima- og miljødepartementet
5.9 731 12360 6.6 976 14712 2.91174 39309Miljødirektoratet
6.2 472 7629 7.5 496 6649 2.21011 44077Utdanningsdirektoratet
6.5 434 6680 3.2 202 6250 1.5 364 23587Nasjonal kommunikasjonsmyndighet
6.6 19 287 6.9 28 408 6.5 122 1742Landbruksdirektoratet Alta
6.8 400 5867 9.0 707 7835 3.0 761 24952Kommunal- og moderniseringsdepartementet
7.5 496 658713.51324 9785 1.8 509 27790Nærings- og fiskeridepartementet
7.6 938 12297 6.6 741 11218 5.63412 57624Norges forskningsråd
8.2 122 148410.2 169 1664 6.8 680 9291Direktoratet for utviklingssamarbeid
8.2 705 8648 9.3 843 9040 3.11269 40179Justis- og beredskapsdepartementet
8.6 97 1133 5.8 78 1336 6.7 179 2511Medietilsynet
8.6 425 494113.6 510 375811.42721 21076Integrerings- og mangfoldsdirektoratet
8.7 491 5662 6.8 309 4514 7.11712 22269Luftfartstilsynet
9.0 193 2134 7.6 125 1650 9.41442 13937Statens helsetilsyn
9.3 435 4690 7.6 395 5216 1.3 188 13881Helse- og omsorgsdepartementet
9.6 142 1477 5.5 81 1486 2.0 155 7737Petroleumstilsynet
9.6 169 1760 6.9 151 2181 1.2 67 5418Landbruks- og matdepartementet
9.7 473 489011.0 594 5398 2.1 432 19704Kulturdepartementet
10.0 2 2017.4 4 2311.2 14 111Kompetansesenter for distriktsutvikling
10.1 49 485 6.1 30 49213.2 486 3187Konkurransetilsynet
10.2 133 130011.5 201 1745 5.3 168 3012Språkrådet
10.41471 14109 9.81165 11893 3.41976 55929Helsedirektoratet
10.5 267 2535 7.3 203 2787 4.1 344 8104Riksantikvaren - Direktoratet for kulturminneforvaltning
10.6 100 941 9.8 95 973 5.7 358 5875Utlendingsnemnda
10.7 58 541 9.4 51 542 1.6 22 1370Statens arbeidsmiljøinstitutt
11.0 144 1314 6.9 102 1478 9.5 466 4435Statens jernbanetilsyn
11.4 487 4281 7.0 189 2700 1.1 253 22570Samferdselsdepartementet
12.5 622 495710.1 497 4902 7.91407 16479Politidirektoratet
12.7 73 57321.1 107 50714.8 327 1877Nasjonalbiblioteket
12.7 738 5829 8.7 519 5949 2.6 414 15481Finansdepartementet
13.0 176 1352 6.7 81 1204 1.6 120 7347Oljedirektoratet
13.9 856 614510.6 679 6383 5.71112 18326Kunnskapsdepartementet
14.1 715 507310.3 609 593339.515199 23238Kystverket
14.3 240 1676 2.2 33 1478 1.9 68 3459Datatilsynet
14.3 319 222313.0 301 2309 1.1 65 5903Olje- og energidepartementet
14.5 24 166 0.0 0 017.4 59 281Norsk Romsenter
14.51945 13404 8.71096 12632 5.01962 37143Finanstilsynet
15.1 87 57821.6 94 435 2.8 66 2292Norges geologiske undersøkelse
15.2 156 102812.5 137 1097 2.7 312 11389Direktoratet for forvaltning og IKT
15.9 501 315712.7 379 2996 6.5 550 7966Nasjonalt folkehelseinstitutt
16.1 58 36013.8 48 348 8.2 653 7294Senter for internasjonalisering av utdanning
17.1 692 4040 9.2 285 3085 6.1 484 7439Forsvarsdepartementet
17.8 161 90424.9 255 1023 9.7 616 5752Direktoratet for nødkommunikasjon
17.81278 716218.71359 7269 2.0 458 21904Fylkesmannen i Troms
17.9 68 379 7.6 27 355 1.9 79 3981Norsk Akkreditering
19.3 878 455719.6 930 4737 2.9 378 12737Fylkesmannen i Sogn og Fjordane
19.61645 839421.01821 8659 6.41621 23898Fylkesmannen i Nordland
21.0 72 343 0.0 0 0 1.0 10 950Direktoratet for e-helse
21.01102 523739.62409 607930.48669 19865Forsvarsbygg
23.0 384 167127.4 544 1986 3.6 251 6633Statens lånekasse for utdanning
23.1 216 93723.5 195 829 2.6 110 4116Direktoratet for økonomistyring
23.7 274 115426.0 379 1456 2.5 206 7995Departementenes sikkerhets- og serviceorganisasjon
24.1 32 13319.8 24 121 4.4 53 1149Kunst i offentlige rom
26.014552 5606763.667940106802 7.612846155665Arbeidstilsynet
28.1 460 163527.2 401 1475 8.3 481 5348Domstoladministrasjonen
31.2 815 260834.91267 3627 4.1 598 14039Statsbygg
32.1 88 27421.6 50 232 5.3 55 974Fredskorpset
32.9 267 81233.0 232 702 8.1 239 2717Nasjonalt organ for kvalitet i utdanningen (NOKUT)
33.01665 504629.01520 5249 5.9 968 15372Fylkesmannen i Finnmark
33.3 506 152127.4 421 1538 5.7 406 6687Havforskningsinstituttet
34.024084 7077553.839567 73495 0.5 515109638Landbruksdirektoratet Oslo
37.96306 1663838.46123 15947 1.3 443 34527Fylkesmannen i Hordaland
38.03267 860039.83060 7698 4.3 738 16551Fylkesmannen i Nord-Trøndelag
40.13359 837035.93135 8744 9.51603 15300Fylkesmannen i Oppland
41.83052 729843.03285 7645 0.8 142 16847Fylkesmannen i Vestfold
42.02260 537739.42115 5365 2.3 296 12662Fylkesmannen i Telemark
42.02677 637342.22826 6700 3.5 425 11560Fylkesmannen i Vest-Agder
42.22302 546042.72283 5350 2.1 217 10030Fylkesmannen i Aust-Agder
42.33249 768842.53359 7911 3.6 602 15959Fylkesmannen i Møre og Romsdal
43.14750 1101329.01435 4944 4.7 925 18789Utlendingsdirektoratet
45.3 511 112934.1 415 121714.9 784 4468Garantiinstituttet for eksportkreditt
48.44663 962750.55064 10024 4.9 869 16950Fylkesmannen i Sør-Trøndelag
49.14160 848048.74261 8747 1.0 170 16593Fylkesmannen i Buskerud
49.98296 1661726.03844 14785 1.7 696 41263Utenriksdepartementet
51.47375 1435343.05492 12773 6.01457 22780Fylkesmannen i Rogaland
51.54432 861051.44472 8703 3.8 494 12494Fylkesmannen i Hedmark
54.34718 868952.54648 8852 3.9 567 13903Fylkesmannen i Østfold
60.26147 1021699.88133 8153 4.01010 24464Forbrukerrådet
60.945659 75035 3.5 926 26466 5.75706 94908Husbanken
62.315943 2559559.414766 24867 6.62978 42345Fylkesmannen i Oslo og Akershus
76.56354 830987.213391 1536312.31011 7202Barne-, ungdoms- og familiedirektoratet
78.820488725996369.6109962157962 2.93765128230Statens vegvesen Region øst
82.578652 9534078.554063 68912 2.41358 55810Sjøfartsdirektoratet
83.18088 973394.67535 796811.3 953 7468Jernbaneverket
85.122126525997280.9127825157956 2.22345102032Statens vegvesen Region vest
86.622504125995678.4123819157956 3.22699 81896Statens vegvesen Region sør
89.91466 163096.31381 143419.6 267 1093Tilsynsutvalget for dommere
89.92498 278095.44656 4883 1.8 18 996Landinfo
91.223718825994487.1137656157962 2.61480 55993Statens vegvesen Region midt
91.75198 567199.15201 5247 3.3 25 744Fylkesmannen i Aust-Agder (frem til 31.12.15)
93.424273525993090.7143324157956 3.81949 48772Statens vegvesen Region nord
96.06190 644699.46117 6157 1.9 7 354Fylkesmannen i Vest-Agder (frem til 31.12.115)
97.223095 2376696.923911 2466642.01746 2409Kriminalomsorgsdirektoratet
97.338602 3967998.260831 61922 3.1 83 2626Statens pensjonskasse
97.425308025976896.0151565157870 9.02294 23257Statens vegvesen Vegdirektoratet
97.884989 8686597.210145210433212.2 983 7089Toll- og avgiftsdirektoratet
98.01542 157399.1 889 897 5.7 4 66Innstillingsrådet for dommere
99.43934 395799.6 944 94852.9 37 33Barne- og likestillingsdepartementet
99.61199296120439499.4990362995873 3.5 624 17298Skattedirektoratet
- -

Til sist er statistikken over hvor stor andel av utgående, -inngående, og andre dokumenter som blir journalført mer enn 180 dager -etter dokumentets dato, dvs. hvor stor andel som blir journalført -ekstremt sent for utgående og interne dokumenter, mens det for -innkommende like gjerne kan være at det tok lang tid før de ble -mottatt.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2015Instans
UtgåendeInnkommendeAnnet
%# > 180d liggetidTotalt%# > 180d liggetidTotalt%# > 180d liggetidTotalt
0.0 0 1 0.0 0 1 0.0 0 0Valgdirektoratet
0.0 0 17 0.0 0 13 0.0 0 0Innstillingsrådet for dommere
0.0 0 20 0.7 2 258 0.0 0 0Kompetansesenter for distriktsutvikling
0.0 0 50 0.0 0 156 0.0 0 0Norsk Romsenter
0.0 0 14410 0.0 0 20625 0.0 0 1941Fylkesmannen i Nordland
0.0 0 19475 0.0 0 33158 0.0 0 2395Fylkesmannen i Oslo og Akershus
0.0 2 6513 0.0 2 8366 0.0 1 2684Forbrukerrådet
0.0 2 14848 0.0 12 13720 0.1 2 1709Lotteri- og stiftelsestilsynet
0.0 3 3242 0.1 10 6728 0.0 0 0Petroleumstilsynet
0.0 35 39417 1.8 55 3023 4.1 29 699Justervesenet
0.1 1 563 0.1 1 568 0.0 0 2Tilsynsutvalget for dommere
0.1 2 1412 0.1 2 1889 0.0 0 2Medietilsynet
0.1 3 1922 0.2 7 3032 0.0 0 0Konkurransetilsynet
0.1 3 2861 0.2 11 4625 0.0 0 0Sysselmannen på Svalbard
0.1 4 2019 0.3 10 308628.5 2 7Datatilsynet
0.1 10 6724 0.0 5 11621 0.0 0 1180Fylkesmannen i Østfold
0.1 15 7701 0.2 19 7959 3.0 2 66Brønnøysundregistrene
0.1 23 13317 0.1 33 16601 0.0 0 2Direktoratet for byggkvalitet
0.1 207106179 0.3 285 73027 1.0 6 571Arbeidstilsynet
0.2 4 1958 1.9 46 2394 0.0 0 0Nasjonalt organ for kvalitet i utdanningen (NOKUT)
0.2 6 2924 0.1 10 6854 0.0 0 0Statsministerens kontor
0.2 42 14193 0.1 46 26329 7.4 179 2396Fylkesmannen i Hordaland
0.3 11 3042 0.1 8 6898 0.2 1 378Forbrukerombudet
0.3 12 3792 0.0 5 636412.0 25 208Direktoratet for mineralforvaltning med Bergmesteren for Svalbard
0.3 13 3468 0.9 62 6883 1.4 25 1729Forsvarsdepartementet
0.3 15 4463 0.5 40 7903 1.2 2 156Statens jernbanetilsyn
0.3 19 5470 0.7 104 13525 6.5 68 1038Fylkesmannen i Nord-Trøndelag
0.3 130 36848 0.3 148 46603 7.1 183 2545Arkivverket
0.3 130 38432 1.6 691 42125 1.5 442 27727Statens vegvesen Region sør
0.4 26 6320 0.1 21 12884 0.0 0 4Fylkesmannen i Vest-Agder
0.4 29 6530 2.4 362 14872 0.0 0 0Finansdepartementet
0.4 35 7248 0.4 58 12097 2.2 30 1321Fylkesmannen i Finnmark
0.4 64 14367 0.4 128 26712 7.0 20 283Luftfartstilsynet
0.5 6 1090 1.7 25 1415 0.0 0 0Norges geologiske undersøkelse
0.5 30 5810 1.0 71 6812 1.7 14 779Vox, nasjonalt fagorgan for kompetansepolitikk
0.5 38 7595 0.6 93 1508317.4 51 293Fylkesmannen i Møre og Romsdal
0.5 321 63780 0.2 135 51738 2.0 22 1052Landbruksdirektoratet Oslo
0.6 21 3049 0.8 71 8356 0.0 0 0Oljedirektoratet
0.6 58 8800 0.6 123 20412 1.9 163 8341Nærings- og fiskeridepartementet
0.7 56 7339 1.1 90 812525.8 458 1774Norsk Filminstitutt
0.7 191 26033 0.7 307 42834 2.1 215 10181Fiskeridirektoratet
0.7 357 44844 0.5 301 52202 1.9 590 29606Statens vegvesen Region vest
0.8 2 239 0.0 0 246 0.0 0 0Fylkesmannen i Vest-Agder (frem til 31.12.115)
0.8 119 14631 0.3 39 1246512.9 217 1681Nasjonal kommunikasjonsmyndighet
0.9 36 3886 2.0 94 4505 0.0 0 0Statens strålevern
0.9 41 4128 1.5 141 9101 7.6 4 52Olje- og energidepartementet
0.9 76 7829 0.6 95 14804 4.2 35 831Fylkesmannen i Vestfold
0.9 385 41153 0.5 330 62989 0.9 404 42661Norsk kulturråd
1.0 37 3538 0.2 19 6906 0.0 0 4Landbruks- og matdepartementet
1.1 753 64926 0.6 433 67975 2.3 747 32005Statens vegvesen Region øst
1.2 33 2558 2.0 97 4643 0.0 0 46Domstoladministrasjonen
1.2 49 3849 0.4 20 4078 6.3 31 485Statens lånekasse for utdanning
1.2 91 7120 0.6 83 13700 0.0 0 0Samferdselsdepartementet
1.2 179 14775 0.5 167 28844 0.0 0 0Finanstilsynet
1.3 86 6175 0.3 39 11738 1.8 82 4362Arbeids- og sosialdepartementet
1.3 101 7741 0.8 115 14226 0.0 0 0Politidirektoratet
1.3 229 16626 0.8 264 31782 3.9 283 7203Justis- og beredskapsdepartementet
1.4 13 873 1.5 23 1467 0.0 0 0Kunst i offentlige rom
1.4 28 2000 1.0 26 2446 7.8 16 205Språkrådet
1.4 146 10001 0.6 132 19008 2.9 31 1038Fylkesmannen i Rogaland
1.4 176 12255 0.3 64 18762 9.1 95 1033Fylkesmannen i Troms
1.5 137 8801 2.2 190 857810.7 169 1569Statistisk sentralbyrå
1.5 298 19717 2.5 833 3231311.0 637 5748Norges vassdrags- og energidirektorat
1.5 376 24323 0.4 119 24404 3.5 606 16915Statens vegvesen Region nord
1.5 424 26628 0.9 268 29189 3.5 623 17623Statens vegvesen Region midt
1.7 79 4582 8.5 431 5070 6.6 142 2139Toll- og avgiftsdirektoratet
1.7 469 26133 3.0 923 3019520.51891 9185Direktoratet for samfunnssikkerhet og beredskap
1.8 23 1272 2.9 64 2155 0.0 0 0Nasjonalbiblioteket
1.9 150 7763 1.3 202 14603 4.8 50 1022Fylkesmannen i Buskerud
2.0 25 1217 1.3 21 1556 3.1 13 410Landbruksdirektoratet Alta
2.0 136 6656 1.7 97 5480 9.3 261 2797Direktoratet for forvaltning og IKT
2.0 263 12584 0.8 113 13273 3.7 484 12850Statens vegvesen Vegdirektoratet
2.1 184 8700 0.3 68 17957 1.5 117 7668Kommunal- og moderniseringsdepartementet
2.3 65 2777 1.6 71 4405 6.9 58 831Utlendingsnemnda
2.3 118 4986 0.2 30 10584 1.1 11 920Fylkesmannen i Hedmark
2.4 26 1068 1.2 21 1640 1.7 4 223Statens innkrevingssentral
2.5 101 3979 6.7 354 5219 8.6 251 2903Departementenes sikkerhets- og serviceorganisasjon
2.5 119 4698 3.0 134 443426.6 123 461Norsk Akkreditering
2.6 45 1705 0.6 15 2438 0.4 7 1533Kriminalomsorgsdirektoratet
2.6 140 5260 1.4 165 1149914.7 212 1435Klima- og miljødepartementet
2.6 172 6552 0.6 88 13413 4.0 168 4138Barne-, likestillings- og inkluderingsdepartementet
2.7 63 2292 9.3 259 2761 0.0 0 0Direktoratet for økonomistyring
2.9 22 741 1.4 13 869 0.0 0 0Statens arbeidsmiljøinstitutt
2.91766 59502 3.72457 66026 3.5 729 20466Husbanken
3.0 198 6525 0.3 36 10925 9.1 48 525Fylkesmannen i Telemark
3.2 92 2824 1.6 126 7663 8.3 114 1367Garantiinstituttet for eksportkreditt
3.2 113 3508 1.2 98 7916 0.0 0 0Havforskningsinstituttet
3.2 178 5477 0.5 48 926413.3 79 593Fylkesmannen i Aust-Agder
3.2 211 6542 2.3 178 7678 0.0 0 0Barne-, ungdoms- og familiedirektoratet
3.2 499 15144 2.2 562 24560 2.4 767 31705Utenriksdepartementet
3.3 266 7831 0.3 44 1171712.5 128 1019Fylkesmannen i Sogn og Fjordane
3.3 275 8151 2.7 323 1162916.61052 6317Skattedirektoratet
3.4 887 25797 1.6 569 34780 0.0 0 0Miljødirektoratet
3.41378 39669 1.6 847 49862 2.9 267 9095Norges forskningsråd
3.6 277 7638 0.3 26 847311.8 888 7470Statens helsetilsyn
3.6 291 8056 1.1 110 967713.7 394 2873Utlendingsdirektoratet
3.7 305 8158 2.9 366 1230012.8 475 3692Direktoratet for utviklingssamarbeid
3.7 730 19384 1.1 242 20898 5.5 52 929Kystverket
4.2 271 6327 1.3 174 12490 0.0 0 0Riksantikvaren - Direktoratet for kulturminneforvaltning
4.3 19 432 0.0 0 386 7.8 4 51Fylkesmannen i Aust-Agder (frem til 31.12.15)
4.4 458 10325 3.4 623 1814114.31003 7001Forsvarsbygg
4.6 22 47611.4 198 172215.4 94 609Jernbaneverket
4.6 774 16824 8.41329 1572315.6 756 4838Statens kartverk
5.1 85 1635 1.4 27 1892 0.0 0 1Statens pensjonskasse
5.1 339 6602 5.1 381 7396 0.0 0 0Nasjonalt folkehelseinstitutt
5.2 377 7225 0.7 112 15036 9.8 67 680Fylkesmannen i Sør-Trøndelag
5.7 376 6526 0.3 59 15602 0.0 0 0Helse- og omsorgsdepartementet
6.11645 26666 0.7 220 3101715.3 665 4340Utdanningsdirektoratet
6.2 470 7517 0.2 51 19868 0.0 0 0Kulturdepartementet
6.7 48 706 7.6 74 968 0.0 0 0Fredskorpset
6.8 19 279 4.6 20 429 4.7 5 106Statens institutt for rusmiddelforskning
6.92173 31077 3.11342 4302532.93691 11191Helsedirektoratet
7.41053 14189 6.0 764 1263832.51119 3434Integrerings- og mangfoldsdirektoratet
8.1 322 3961 7.3 271 3675 8.7 141 1620Direktoratet for nødkommunikasjon
8.6 51 590 6.8 12 17423.7 86 362Landinfo
10.81034 9557 1.4 238 16191 9.5 2 21Kunnskapsdepartementet
13.0 764 5873 5.5 417 745142.8 6 14Senter for internasjonalisering av utdanning
14.64088 27956 0.3 171 43364 6.9 402 5825Sjøfartsdirektoratet
20.24464 22016 6.63076 46377 2.3 366 15402Statens legemiddelverk
24.35085 20862 9.51486 1554538.74368 11263Statsbygg
28.01859 6637 3.2 488 1521921.6 230 1062Fylkesmannen i Oppland
32.5 41 12641.7 172 41260.0 78 130Direktoratet for e-helse
- -

Jeg lurer virkelig på hvordan så mange i det offentlige klarer å -ikke journalføre utgående dokumenter med en gang de gjøres ferdig. Er -det manglende opplæring, vanskelige systemer, vond vilje eller noe -helt annet som er årsaken? Det hadde vært interessant å finne ut om -det var noen fellestrekk for dokumenter som ikke blir journalført før -det er gått et halvt år.

- -

Oppdatering 2016-04-07: En nærmere undersøkelse av -OEP-oppføringene til Utenriksdepartementet viste at det var en teknisk -feil i måten jeg laget statistikken, der alle oppføringer med '-' i -unntaksgrunnlagsfeltet ble talt opp som unntatt offentlighet. Det -var UD ikke alene om. Det viste seg å gjelde Barne-, likestillings- -og inkluderingsdepartementet (4), Helse- og omsorgsdepartementet -(3525), Landbruks- og matdepartementet (1753), Nærings- og -fiskeridepartementet (11780), Nærings- og handelsdepartementet (7), -Nærings- og handelsdepartementet (frem til 31.12.13) (10417) og -Utenriksdepartementet (78798) også. Antall påvirkede oppføringer står -i parentes. Jeg har fikset problemet og oppdatert tabellen for -hemmelighold over. Oppføringene for Nærings- og handelsdepartementet, -Landbruks- og matdepartementet, Utenriksdepartementet og Helse- og -omsorgsdepartementet fikk ny plassering i lista.

+
Detect OOXML files with undefined behaviour?
+
21st February 2017
+

I just noticed +the +new Norwegian proposal for archiving rules in the goverment list +ECMA-376 +/ ISO/IEC 29500 (aka OOXML) as valid formats to put in long term +storage. Luckily such files will only be accepted based on +pre-approval from the National Archive. Allowing OOXML files to be +used for long term storage might seem like a good idea as long as we +forget that there are plenty of ways for a "valid" OOXML document to +have content with no defined interpretation in the standard, which +lead to a question and an idea.

+ +

Is there any tool to detect if a OOXML document depend on such +undefined behaviour? It would be useful for the National Archive (and +anyone else interested in verifying that a document is well defined) +to have such tool available when considering to approve the use of +OOXML. I'm aware of the +officeotron OOXML +validator, but do not know how complete it is nor if it will +report use of undefined behaviour. Are there other similar tools +available? Please send me an email if you know of any such tool.

- Tags: norsk, nuug, offentlig innsyn. + Tags: english, nuug, standard.
@@ -679,120 +327,33 @@ omsorgsdepartementet fikk ny plassering i lista.

-
syslog-trusted-timestamp - chain of trusted timestamps for your syslog
-
2nd April 2016
-

Two years ago, I had -a -look at trusted timestamping options available, and among -other things noted a still open -bug in the tsget script -included in openssl that made it harder than necessary to use openssl -as a trusted timestamping client. A few days ago I was told -the Norwegian government office DIFI is -close to releasing their own trusted timestamp service, and in the -process I was happy to learn about a replacement for the tsget script -using only curl:

- -

-openssl ts -query -data "/etc/shells" -cert -sha256 -no_nonce \
-  | curl -s -H "Content-Type: application/timestamp-query" \
-         --data-binary "@-" http://zeitstempel.dfn.de > etc-shells.tsr
-openssl ts -reply -text -in etc-shells.tsr
-

- -

This produces a binary timestamp file (etc-shells.tsr) which can be -used to verify that the content of the file /etc/shell with the -calculated sha256 hash existed at the point in time when the request -was made. The last command extract the content of the etc-shells.tsr -in human readable form. The idea behind such timestamp is to be able -to prove using cryptography that the content of a file have not -changed since the file was stamped.

- -

To verify that the file on disk match the public key signature in -the timestamp file, run the following commands. It make sure you have -the required certificate for the trusted timestamp service available -and use it to compare the file content with the timestamp. In -production, one should of course use a better method to verify the -service certificate.

- -

-wget -O ca-cert.txt https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
-openssl ts -verify -data /etc/shells -in etc-shells.tsr -CAfile ca-cert.txt -text
-

- -

Wikipedia have a lot more information about -trusted -Timestamping and -linked -timestamping, and there are several trusted timestamping services -around, both as commercial services and as free and public services. -Among the latter is -the -zeitstempel.dfn.de service mentioned above and -freetsa.org service linked to from the -wikipedia web site. I believe the DIFI service should show up on -https://tsa.difi.no, but it is not available to the public at the -moment. I hope this will change when it is into production. The -RFC 3161 trusted -timestamping protocol standard is even implemented in LibreOffice, -Microsoft Office and Adobe Acrobat, making it possible to verify when -a document was created.

- -

I would find it useful to be able to use such trusted timestamp -service to make it possible to verify that my stored syslog files have -not been tampered with. This is not a new idea. I found one example -implemented on the Endian network appliances where -the -configuration of such feature was described in 2012.

- -

But I could not find any free implementation of such feature when I -searched, so I decided to try to -build -a prototype named syslog-trusted-timestamp. My idea is to -generate a timestamp of the old log files after they are rotated, and -store the timestamp in the new log file just after rotation. This -will form a chain that would make it possible to see if any old log -files are tampered with. But syslog is bad at handling kilobytes of -binary data, so I decided to base64 encode the timestamp and add an ID -and line sequence numbers to the base64 data to make it possible to -reassemble the timestamp file again. To use it, simply run it like -this: - -

-syslog-trusted-timestamp /path/to/list-of-log-files
-

- -

This will send a timestamp from one or more timestamp services (not -yet decided nor implemented) for each listed file to the syslog using -logger(1). To verify the timestamp, the same program is used with the ---verify option:

- -

-syslog-trusted-timestamp --verify /path/to/log-file /path/to/log-with-timestamp
-

- -

The verification step is not yet well designed. The current -implementation depend on the file path being unique and unchanging, -and this is not a solid assumption. It also uses process number as -timestamp ID, and this is bound to create ID collisions. I hope to -have time to come up with a better way to handle timestamp IDs and -verification later.

- -

Please check out -the -prototype for syslog-trusted-timestamp on github and send -suggestions and improvement, or let me know if there already exist a -similar system for timestamping logs already to allow me to join -forces with others with the same interest.

- -

As usual, if you use Bitcoin and want to show your support of my -activities, please send Bitcoin donations to my address -15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+
Ruling ignored our objections to the seizure of popcorn-time.no (#domstolkontroll)
+
13th February 2017
+

A few days ago, we received the ruling from +my +day in court. The case in question is a challenge of the seizure +of the DNS domain popcorn-time.no. The ruling simply did not mention +most of our arguments, and seemed to take everything ØKOKRIM said at +face value, ignoring our demonstration and explanations. But it is +hard to tell for sure, as we still have not seen most of the documents +in the case and thus were unprepared and unable to contradict several +of the claims made in court by the opposition. We are considering an +appeal, but it is partly a question of funding, as it is costing us +quite a bit to pay for our lawyer. If you want to help, please +donate to the +NUUG defense fund.

+ +

The details of the case, as far as we know it, is available in +Norwegian from +the NUUG +blog. This also include +the +ruling itself.

- Tags: english, sikkerhet. + Tags: english, nuug, offentlig innsyn, opphavsrett.
@@ -800,61 +361,86 @@ activities, please send Bitcoin donations to my address
-
Full battery stats collector is now available in Debian
-
23rd March 2016
-

Since this morning, the battery-stats package in Debian include an -extended collector that will collect the complete battery history for -later processing and graphing. The original collector store the -battery level as percentage of last full level, while the new -collector also record battery vendor, model, serial number, design -full level, last full level and current battery level. This make it -possible to predict the lifetime of the battery as well as visualise -the energy flow when the battery is charging or discharging.

- -

The new tools are available in /usr/share/battery-stats/ -in the version 0.5.1 package in unstable. Get the new battery level graph -and lifetime prediction by running: - -

-/usr/share/battery-stats/battery-stats-graph /var/log/battery-stats.csv
-

- -

Or select the 'Battery Level Graph' from your application menu.

- -

The flow in/out of the battery can be seen by running (no menu -entry yet):

- -

-/usr/share/battery-stats/battery-stats-graph-flow
-

- -

I'm not quite happy with the way the data is visualised, at least -when there are few data points. The graphs look a bit better with a -few years of data.

- -

A while back one important feature I use in the battery stats -collector broke in Debian. The scripts in -/usr/lib/pm-utils/power.d/ were no longer executed. I -suspect it happened when Jessie started using systemd, but I do not -know. The issue is reported as -bug #818649 against -pm-utils. I managed to work around it by adding an udev rule to call -the collector script every time the power connector is connected and -disconnected. With this fix in place it was finally time to make a -new release of the package, and get it into Debian.

- -

If you are interested in how your laptop battery is doing, please -check out the -battery-stats -in Debian unstable, or rebuild it on Jessie to get it working on -Debian stable. :) The upstream source is available from -github. -As always, patches are very welcome.

+
A day in court challenging seizure of popcorn-time.no for #domstolkontroll
+
3rd February 2017
+

+ +

On Wednesday, I spent the entire day in court in Follo Tingrett +representing the member association +NUUG, alongside the member +association EFN and the DNS registrar +IMC, challenging the seizure of the DNS name popcorn-time.no. It +was interesting to sit in a court of law for the first time in my +life. Our team can be seen in the picture above: attorney Ola +Tellesbø, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil +Eriksen and NUUG board member Petter Reinholdtsen.

+ +

The +case at hand is that the Norwegian National Authority for +Investigation and Prosecution of Economic and Environmental Crime (aka +Økokrim) decided on their own, to seize a DNS domain early last +year, without following +the +official policy of the Norwegian DNS authority which require a +court decision. The web site in question was a site covering Popcorn +Time. And Popcorn Time is the name of a technology with both legal +and illegal applications. Popcorn Time is a client combining +searching a Bittorrent directory available on the Internet with +downloading/distribute content via Bittorrent and playing the +downloaded content on screen. It can be used illegally if it is used +to distribute content against the will of the right holder, but it can +also be used legally to play a lot of content, for example the +millions of movies +available from the +Internet Archive or the collection +available from Vodo. We created +a +video demonstrating legally use of Popcorn Time and played it in +Court. It can of course be downloaded using Bittorrent.

+ +

I did not quite know what to expect from a day in court. The +government held on to their version of the story and we held on to +ours, and I hope the judge is able to make sense of it all. We will +know in two weeks time. Unfortunately I do not have high hopes, as +the Government have the upper hand here with more knowledge about the +case, better training in handling criminal law and in general higher +standing in the courts than fairly unknown DNS registrar and member +associations. It is expensive to be right also in Norway. So far the +case have cost more than NOK 70 000,-. To help fund the case, NUUG +and EFN have asked for donations, and managed to collect around NOK 25 +000,- so far. Given the presentation from the Government, I expect +the government to appeal if the case go our way. And if the case do +not go our way, I hope we have enough funding to appeal.

+ +

From the other side came two people from Økokrim. On the benches, +appearing to be part of the group from the government were two people +from the Simonsen Vogt Wiik lawyer office, and three others I am not +quite sure who was. Økokrim had proposed to present two witnesses +from The Motion Picture Association, but this was rejected because +they did not speak Norwegian and it was a bit late to bring in a +translator, but perhaps the two from MPA were present anyway. All +seven appeared to know each other. Good to see the case is take +seriously.

+ +

If you, like me, believe the courts should be involved before a DNS +domain is hijacked by the government, or you believe the Popcorn Time +technology have a lot of useful and legal applications, I suggest you +too donate to +the NUUG defense fund. Both Bitcoin and bank transfer are +available. If NUUG get more than we need for the legal action (very +unlikely), the rest will be spend promoting free software, open +standards and unix-like operating systems in Norway, so no matter what +happens the money will be put to good use.

+ +

If you want to lean more about the case, I recommend you check out +the blog +posts from NUUG covering the case. They cover the legal arguments +on both sides.

- Tags: debian, english. + Tags: english, nuug, offentlig innsyn, opphavsrett.
@@ -862,109 +448,41 @@ As always, patches are very welcome.

-
UsingQR - "Electronic" paper invoices using JSON and QR codes
-
19th March 2016
-

Back in 2013 I proposed -a -way to make paper and PDF invoices easier to process electronically by -adding a QR code with the key information about the invoice. I -suggested using vCard field definition, to get some standard format -for name and address, but any format would work. I did not do -anything about the proposal, but hoped someone one day would make -something like it. It would make it possible to efficiently send -machine readable invoices directly between seller and buyer.

- -

This was the background when I came across a proposal and -specification from the web based accounting and invoicing supplier -Visma in Sweden called -UsingQR. Their PDF invoices contain -a QR code with the key information of the invoice in JSON format. -This is the typical content of a QR code following the UsingQR -specification (based on a real world example, some numbers replaced to -get a more bogus entry). I've reformatted the JSON to make it easier -to read. Normally this is all on one long line:

- -

-{
- "vh":500.00,
- "vm":0,
- "vl":0,
- "uqr":1,
- "tp":1,
- "nme":"Din Leverandør",
- "cc":"NO",
- "cid":"997912345 MVA",
- "iref":"12300001",
- "idt":"20151022",
- "ddt":"20151105",
- "due":2500.0000,
- "cur":"NOK",
- "pt":"BBAN",
- "acc":"17202612345",
- "bc":"BIENNOK1",
- "adr":"0313 OSLO"
-}
-

- -

The interpretation of the fields can be found in the -format -specification (revision 2 from june 2014). The format seem to -have most of the information needed to handle accounting and payment -of invoices, at least the fields I have needed so far here in -Norway.

- -

Unfortunately, the site and document do not mention anything about -the patent, trademark and copyright status of the format and the -specification. Because of this, I asked the people behind it back in -November to clarify. Ann-Christine Savlid (ann-christine.savlid (at) -visma.com) replied that Visma had not applied for patent or trademark -protection for this format, and that there were no copyright based -usage limitations for the format. I urged her to make sure this was -explicitly written on the web pages and in the specification, but -unfortunately this has not happened yet. So I guess if there is -submarine patents, hidden trademarks or a will to sue for copyright -infringements, those starting to use the UsingQR format might be at -risk, but if this happen there is some legal defense in the fact that -the people behind the format claimed it was safe to do so. At least -with patents, there is always -a -chance of getting sued...

- -

I also asked if they planned to maintain the format in an -independent standard organization to give others more confidence that -they would participate in the standardization process on equal terms -with Visma, but they had no immediate plans for this. Their plan was -to work with banks to try to get more users of the format, and -evaluate the way forward if the format proved to be popular. I hope -they conclude that using an open standard organisation like -IETF is the correct place to -maintain such specification.

- -

Update 2016-03-20: Via Twitter I became aware of -some comments -about this blog post that had several useful links and references to -similar systems. In the Czech republic, the Czech Banking Association -standard #26, with short name SPAYD, uses QR codes with payment -information. More information is available from the Wikipedia page on -Short -Payment Descriptor. And in Germany, there is a system named -BezahlCode, -(specification -v1.8 2013-12-05 available as PDF), which uses QR codes with -URL-like formatting using "bank:" as the URI schema/protocol to -provide the payment information. There is also the -ZUGFeRD -file format that perhaps could be transfered using QR codes, but I am -not sure if it is done already. Last, in Bolivia there are reports -that tax information since november 2014 need to be printed in QR -format on invoices. I have not been able to track down a -specification for this format, because of my limited language skill -sets.

+
Nasjonalbiblioteket avslutter sin ulovlige bruk av Google Skjemaer
+
12th January 2017
+

I dag fikk jeg en skikkelig gladmelding. Bakgrunnen er at før jul +arrangerte Nasjonalbiblioteket +et +seminar om sitt knakende gode tiltak «verksregister». Eneste +måten å melde seg på dette seminaret var å sende personopplysninger +til Google via Google Skjemaer. Dette syntes jeg var tvilsom praksis, +da det bør være mulig å delta på seminarer arrangert av det offentlige +uten å måtte dele sine interesser, posisjon og andre +personopplysninger med Google. Jeg ba derfor om innsyn via +Mimes brønn i +avtaler +og vurderinger Nasjonalbiblioteket hadde rundt dette. +Personopplysningsloven legger klare rammer for hva som må være på +plass før en kan be tredjeparter, spesielt i utlandet, behandle +personopplysninger på sine vegne, så det burde eksistere grundig +dokumentasjon før noe slikt kan bli lovlig. To jurister hos +Nasjonalbiblioteket mente først dette var helt i orden, og at Googles +standardavtale kunne brukes som databehandlingsavtale. Det syntes jeg +var merkelig, men har ikke hatt kapasitet til å følge opp saken før +for to dager siden.

+ +

Gladnyheten i dag, som kom etter at jeg tipset Nasjonalbiblioteket +om at Datatilsynet underkjente Googles standardavtaler som +databehandleravtaler i 2011, er at Nasjonalbiblioteket har bestemt seg +for å avslutte bruken av Googles Skjemaer/Apps og gå i dialog med DIFI +for å finne bedre måter å håndtere påmeldinger i tråd med +personopplysningsloven. Det er fantastisk å se at av og til hjelper +det å spørre hva i alle dager det offentlige holder på med.

- Tags: english, standard. + Tags: norsk, personvern, surveillance, web.
@@ -972,57 +490,86 @@ sets.

-
Making battery measurements a little easier in Debian
-
15th March 2016
-

Back in September, I blogged about -the -system I wrote to collect statistics about my laptop battery, and -how it showed the decay and death of this battery (now replaced). I -created a simple deb package to handle the collection and graphing, -but did not want to upload it to Debian as there were already -a battery-stats -package in Debian that should do the same thing, and I did not see -a point of uploading a competing package when battery-stats could be -fixed instead. I reported a few bugs about its non-function, and -hoped someone would step in and fix it. But no-one did.

- -

I got tired of waiting a few days ago, and took matters in my own -hands. The end result is that I am now the new upstream developer of -battery stats (available from github) and part of the team maintaining -battery-stats in Debian, and the package in Debian unstable is finally -able to collect battery status using the /sys/class/power_supply/ -information provided by the Linux kernel. If you install the -battery-stats package from unstable now, you will be able to get a -graph of the current battery fill level, to get some idea about the -status of the battery. The source package build and work just fine in -Debian testing and stable (and probably oldstable too, but I have not -tested). The default graph you get for that system look like this:

- -

- -

My plans for the future is to merge my old scripts into the -battery-stats package, as my old scripts collected a lot more details -about the battery. The scripts are merged into the upstream -battery-stats git repository already, but I am not convinced they work -yet, as I changed a lot of paths along the way. Will have to test a -bit more before I make a new release.

- -

I will also consider changing the file format slightly, as I -suspect the way I combine several values into one field might make it -impossible to know the type of the value when using it for processing -and graphing.

- -

If you would like I would like to keep an close eye on your laptop -battery, check out the battery-stats package in -Debian and -on -github. -I would love some help to improve the system further.

+
Bryter NAV sin egen personvernerklæring?
+
11th January 2017
+

Jeg leste med interesse en nyhetssak hos +digi.no +og +NRK +om at det ikke bare er meg, men at også NAV bedriver geolokalisering +av IP-adresser, og at det gjøres analyse av IP-adressene til de som +sendes inn meldekort for å se om meldekortet sendes inn fra +utenlandske IP-adresser. Politiadvokat i Drammen, Hans Lyder Haare, +er sitert i NRK på at «De to er jo blant annet avslørt av +IP-adresser. At man ser at meldekortet kommer fra utlandet.»

+ +

Jeg synes det er fint at det blir bedre kjent at IP-adresser +knyttes til enkeltpersoner og at innsamlet informasjon brukes til å +stedsbestemme personer også av aktører her i Norge. Jeg ser det som +nok et argument for å bruke +Tor så mye som mulig for å +gjøre gjøre IP-lokalisering vanskeligere, slik at en kan beskytte sin +privatsfære og unngå å dele sin fysiske plassering med +uvedkommede.

+ +

Men det er en ting som bekymrer meg rundt denne nyheten. Jeg ble +tipset (takk #nuug) om +NAVs +personvernerklæring, som under punktet «Personvern og statistikk» +lyder:

+ +

+ +

«Når du besøker nav.no, etterlater du deg elektroniske spor. Sporene +dannes fordi din nettleser automatisk sender en rekke opplysninger til +NAVs tjener (server-maskin) hver gang du ber om å få vist en side. Det +er eksempelvis opplysninger om hvilken nettleser og -versjon du +bruker, og din internettadresse (ip-adresse). For hver side som vises, +lagres følgende opplysninger:

+ +
    +
  • hvilken side du ser pÃ¥
    • +
  • dato og tid
    • +
  • hvilken nettleser du bruker
    • +
  • din ip-adresse
    • +
+ +

Ingen av opplysningene vil bli brukt til å identifisere +enkeltpersoner. NAV bruker disse opplysningene til å generere en +samlet statistikk som blant annet viser hvilke sider som er mest +populære. Statistikken er et redskap til å forbedre våre +tjenester.»

+ +

+ +

Jeg klarer ikke helt å se hvordan analyse av de besøkendes +IP-adresser for å se hvem som sender inn meldekort via web fra en +IP-adresse i utlandet kan gjøres uten å komme i strid med påstanden om +at «ingen av opplysningene vil bli brukt til å identifisere +enkeltpersoner». Det virker dermed for meg som at NAV bryter sine +egen personvernerklæring, hvilket +Datatilsynet +fortalte meg i starten av desember antagelig er brudd på +personopplysningsloven. + +

I tillegg er personvernerklæringen ganske misvisende i og med at +NAVs nettsider ikke bare forsyner NAV med personopplysninger, men i +tillegg ber brukernes nettleser kontakte fem andre nettjenere +(script.hotjar.com, static.hotjar.com, vars.hotjar.com, +www.google-analytics.com og www.googletagmanager.com), slik at +personopplysninger blir gjort tilgjengelig for selskapene Hotjar og +Google , og alle som kan lytte på trafikken på veien (som FRA, GCHQ og +NSA). Jeg klarer heller ikke se hvordan slikt spredning av +personopplysninger kan være i tråd med kravene i +personopplysningloven, eller i tråd med NAVs personvernerklæring.

+ +

Kanskje NAV bør ta en nøye titt på sin personvernerklæring? Eller +kanskje Datatilsynet bør gjøre det?

- Tags: debian, english. + Tags: norsk, nuug, personvern, surveillance.
@@ -1030,105 +577,164 @@ I would love some help to improve the system further.

-
Creating, updating and checking debian/copyright semi-automatically
-
19th February 2016
-

Making packages for Debian requires quite a lot of attention to -details. And one of the details is the content of the -debian/copyright file, which should list all relevant licenses used by -the code in the package in question, preferably in -machine -readable DEP5 format.

- -

For large packages with lots of contributors it is hard to write -and update this file manually, and if you get some detail wrong, the -package is normally rejected by the ftpmasters. So getting it right -the first time around get the package into Debian faster, and save -both you and the ftpmasters some work.. Today, while trying to figure -out what was wrong with -the -zfsonlinux copyright file, I decided to spend some time on -figuring out the options for doing this job automatically, or at least -semi-automatically.

- -

Lucikly, there are at least two tools available for generating the -file based on the code in the source package, -debmake -and cme. I'm -not sure which one of them came first, but both seem to be able to -create a sensible draft file. As far as I can tell, none of them can -be trusted to get the result just right, so the content need to be -polished a bit before the file is OK to upload. I found the debmake -option in -a -blog posts from 2014. - -

To generate using debmake, use the -cc option: - -

-debmake -cc > debian/copyright
-

- -

Note there are some problems with python and non-ASCII names, so -this might not be the best option.

- -

The cme option is based on a config parsing library, and I found -this approach in -a -blog post from 2015. To generate using cme, use the 'update -dpkg-copyright' option: +

Where did that package go? — geolocated IP traceroute
+
9th January 2017
+

Did you ever wonder where the web trafic really flow to reach the +web servers, and who own the network equipment it is flowing through? +It is possible to get a glimpse of this from using traceroute, but it +is hard to find all the details. Many years ago, I wrote a system to +map the Norwegian Internet (trying to figure out if our plans for a +network game service would get low enough latency, and who we needed +to talk to about setting up game servers close to the users. Back +then I used traceroute output from many locations (I asked my friends +to run a script and send me their traceroute output) to create the +graph and the map. The output from traceroute typically look like +this: 

-cme update dpkg-copyright
+traceroute to www.stortinget.no (85.88.67.10), 30 hops max, 60 byte packets
+ 1  uio-gw10.uio.no (129.240.202.1)  0.447 ms  0.486 ms  0.621 ms
+ 2  uio-gw8.uio.no (129.240.24.229)  0.467 ms  0.578 ms  0.675 ms
+ 3  oslo-gw1.uninett.no (128.39.65.17)  0.385 ms  0.373 ms  0.358 ms
+ 4  te3-1-2.br1.fn3.as2116.net (193.156.90.3)  1.174 ms  1.172 ms  1.153 ms
+ 5  he16-1-1.cr1.san110.as2116.net (195.0.244.234)  2.627 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48)  3.172 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234)  2.857 ms
+ 6  ae1.ar8.oslosda310.as2116.net (195.0.242.39)  0.662 ms  0.637 ms ae0.ar8.oslosda310.as2116.net (195.0.242.23)  0.622 ms
+ 7  89.191.10.146 (89.191.10.146)  0.931 ms  0.917 ms  0.955 ms
+ 8  * * *
+ 9  * * *
+[...]

-

This will create or update debian/copyright. The cme tool seem to -handle UTF-8 names better than debmake.

- -

When the copyright file is created, I would also like some help to -check if the file is correct. For this I found two good options, -debmake -k and license-reconcile. The former seem -to focus on license types and file matching, and is able to detect -ineffective blocks in the copyright file. The latter reports missing -copyright holders and years, but was confused by inconsistent license -names (like CDDL vs. CDDL-1.0). I suspect it is good to use both and -fix all issues reported by them before uploading. But I do not know -if the tools and the ftpmasters agree on what is important to fix in a -copyright file, so the package might still be rejected.

- -

The devscripts tool licensecheck deserve mentioning. It -will read through the source and try to find all copyright statements. -It is not comparing the result to the content of debian/copyright, but -can be useful when verifying the content of the copyright file.

- -

Are you aware of better tools in Debian to create and update -debian/copyright file. Please let me know, or blog about it on -planet.debian.org.

+

This show the DNS names and IP addresses of (at least some of the) +network equipment involved in getting the data traffic from me to the +www.stortinget.no server, and how long it took in milliseconds for a +package to reach the equipment and return to me. Three packages are +sent, and some times the packages do not follow the same path. This +is shown for hop 5, where three different IP addresses replied to the +traceroute request.

+ +

There are many ways to measure trace routes. Other good traceroute +implementations I use are traceroute (using ICMP packages) mtr (can do +both ICMP, UDP and TCP) and scapy (python library with ICMP, UDP, TCP +traceroute and a lot of other capabilities). All of them are easily +available in Debian.

+ +

This time around, I wanted to know the geographic location of +different route points, to visualize how visiting a web page spread +information about the visit to a lot of servers around the globe. The +background is that a web site today often will ask the browser to get +from many servers the parts (for example HTML, JSON, fonts, +JavaScript, CSS, video) required to display the content. This will +leak information about the visit to those controlling these servers +and anyone able to peek at the data traffic passing by (like your ISP, +the ISPs backbone provider, FRA, GCHQ, NSA and others).

+ +

Lets pick an example, the Norwegian parliament web site +www.stortinget.no. It is read daily by all members of parliament and +their staff, as well as political journalists, activits and many other +citizens of Norway. A visit to the www.stortinget.no web site will +ask your browser to contact 8 other servers: ajax.googleapis.com, +insights.hotjar.com, script.hotjar.com, static.hotjar.com, +stats.g.doubleclick.net, www.google-analytics.com, +www.googletagmanager.com and www.netigate.se. I extracted this by +asking PhantomJS to visit the +Stortinget web page and tell me all the URLs PhantomJS downloaded to +render the page (in HAR format using +their +netsniff example. I am very grateful to Gorm for showing me how +to do this). My goal is to visualize network traces to all IP +addresses behind these DNS names, do show where visitors personal +information is spread when visiting the page.

+ +

map of combined traces for URLs used by www.stortinget.no using GeoIP

+ +

When I had a look around for options, I could not find any good +free software tools to do this, and decided I needed my own traceroute +wrapper outputting KML based on locations looked up using GeoIP. KML +is easy to work with and easy to generate, and understood by several +of the GIS tools I have available. I got good help from by NUUG +colleague Anders Einar with this, and the result can be seen in +my +kmltraceroute git repository. Unfortunately, the quality of the +free GeoIP databases I could find (and the for-pay databases my +friends had access to) is not up to the task. The IP addresses of +central Internet infrastructure would typically be placed near the +controlling companies main office, and not where the router is really +located, as you can see from the +KML file I created using the GeoLite City dataset from MaxMind. + +

scapy traceroute graph for URLs used by www.stortinget.no

+ +

I also had a look at the visual traceroute graph created by +the scrapy project, +showing IP network ownership (aka AS owner) for the IP address in +question. +The +graph display a lot of useful information about the traceroute in SVG +format, and give a good indication on who control the network +equipment involved, but it do not include geolocation. This graph +make it possible to see the information is made available at least for +UNINETT, Catchcom, Stortinget, Nordunet, Google, Amazon, Telia, Level +3 Communications and NetDNA.

+ +

example geotraceroute view for www.stortinget.no

+ +

In the process, I came across the +web service GeoTraceroute by +Salim Gasmi. Its methology of combining guesses based on DNS names, +various location databases and finally use latecy times to rule out +candidate locations seemed to do a very good job of guessing correct +geolocation. But it could only do one trace at the time, did not have +a sensor in Norway and did not make the geolocations easily available +for postprocessing. So I contacted the developer and asked if he +would be willing to share the code (he refused until he had time to +clean it up), but he was interested in providing the geolocations in a +machine readable format, and willing to set up a sensor in Norway. So +since yesterday, it is possible to run traces from Norway in this +service thanks to a sensor node set up by +the NUUG assosiation, and get the +trace in KML format for further processing.

+ +

map of combined traces for URLs used by www.stortinget.no using geotraceroute

+ +

Here we can see a lot of trafic passes Sweden on its way to +Denmark, Germany, Holland and Ireland. Plenty of places where the +Snowden confirmations verified the traffic is read by various actors +without your best interest as their top priority.

+ +

Combining KML files is trivial using a text editor, so I could loop +over all the hosts behind the urls imported by www.stortinget.no and +ask for the KML file from GeoTraceroute, and create a combined KML +file with all the traces (unfortunately only one of the IP addresses +behind the DNS name is traced this time. To get them all, one would +have to request traces using IP number instead of DNS names from +GeoTraceroute). That might be the next step in this project.

+ +

Armed with these tools, I find it a lot easier to figure out where +the IP traffic moves and who control the boxes involved in moving it. +And every time the link crosses for example the Swedish border, we can +be sure Swedish Signal Intelligence (FRA) is listening, as GCHQ do in +Britain and NSA in USA and cables around the globe. (Hm, what should +we tell them? :) Keep that in mind if you ever send anything +unencrypted over the Internet.

+ +

PS: KML files are drawn using +the KML viewer from Ivan +Rublev, as it was less cluttered than the local Linux application +Marble. There are heaps of other options too.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address -15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- -

Update 2016-02-20: I got a tip from Mike Gabriel -on how to use licensecheck and cdbs to create a draft copyright file - -

-licensecheck --copyright -r `find * -type f` | \
-  /usr/lib/cdbs/licensecheck2dep5 > debian/copyright.auto
-

- -

He mentioned that he normally check the generated file into the -version control system to make it easier to discover license and -copyright changes in the upstream source. I will try to do the same -with my packages in the future.

- -

Update 2016-02-21: The cme author recommended -against using -quiet for new users, so I removed it from the proposed -command line.

+15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english. + Tags: debian, english, kart, nuug, personvern, stortinget, surveillance, web.
@@ -1143,6 +749,17 @@ command line.

Archive