I spent last weekend recording MakerCon Nordic

23rd October 2014

I spent last weekend at Makercon -Nordic, a great conference and workshop for makers in Norway and -the surrounding countries. I had volunteered on behalf of the -Norwegian Unix Users Group (NUUG) to video record the talks, and we -had a great and exhausting time recording the entire day, two days in -a row. There were only two of us, Hans-Petter and me, and we used the -regular video equipment for NUUG, with a -dvswitch, a -camera and a VGA to DV convert box, and mixed video and slides -live.

- -

Hans-Petter did the post-processing, consisting of uploading the -around 180 GiB of raw video to Youtube, and the result is -now becoming -public on the MakerConNordic account. The videos have the license -NUUG always use on our recordings, which is -Creative -Commons Navngivelse-Del pÃ¥ samme vilkÃ¥r 3.0 Norge. Many great -talks available. Check it out! :)

Simpler recipe on how to make a simple $7 IMSI Catcher using Debian

9th August 2017

On friday, I came across an interesting article in the Norwegian +web based ICT news magazine digi.no on +how +to collect the IMSI numbers of nearby cell phones using the cheap +DVB-T software defined radios. The article refered to instructions +and a recipe by +Keld Norman on Youtube on how to make a simple $7 IMSI Catcher, and I decided to test them out.

+ +

The instructions said to use Ubuntu, install pip using apt (to +bypass apt), use pip to install pybombs (to bypass both apt and pip), +and the ask pybombs to fetch and build everything you need from +scratch. I wanted to see if I could do the same on the most recent +Debian packages, but this did not work because pybombs tried to build +stuff that no longer build with the most recent openssl library or +some other version skew problem. While trying to get this recipe +working, I learned that the apt->pip->pybombs route was a long detour, +and the only piece of software dependency missing in Debian was the +gr-gsm package. I also found out that the lead upstream developer of +gr-gsm (the name stand for GNU Radio GSM) project already had a set of +Debian packages provided in an Ubuntu PPA repository. All I needed to +do was to dget the Debian source package and built it.

+ +

The IMSI collector is a python script listening for packages on the +loopback network device and printing to the terminal some specific GSM +packages with IMSI numbers in them. The code is fairly short and easy +to understand. The reason this work is because gr-gsm include a tool +to read GSM data from a software defined radio like a DVB-T USB stick +and other software defined radios, decode them and inject them into a +network device on your Linux machine (using the loopback device by +default). This proved to work just fine, and I've been testing the +collector for a few days now.

+ +

The updated and simpler recipe is thus to

+ +

start with a Debian machine running Stretch or newer,
build and install the gr-gsm package available from +http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/,
clone the git repostory from https://github.com/Oros42/IMSI-catcher,
run grgsm_livemon and adjust the frequency until the terminal +where it was started is filled with a stream of text (meaning you +found a GSM station).
go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.

+ +

To make it even easier in the future to get this sniffer up and +running, I decided to package +the gr-gsm project +for Debian (WNPP +#871055), and the package was uploaded into the NEW queue today. +Luckily the gnuradio maintainer has promised to help me, as I do not +know much about gnuradio stuff yet.

+ +

I doubt this "IMSI cacher" is anywhere near as powerfull as +commercial tools like +The +Spy Phone Portable IMSI / IMEI Catcher or the +Harris +Stingray, but I hope the existance of cheap alternatives can make +more people realise how their whereabouts when carrying a cell phone +is easily tracked. Seeing the data flow on the screen, realizing that +I live close to a police station and knowing that the police is also +wearing cell phones, I wonder how hard it would be for criminals to +track the position of the police officers to discover when there are +police near by, or for foreign military forces to track the location +of the Norwegian military forces, or for anyone to track the location +of government officials...

+ +

It is worth noting that the data reported by the IMSI-catcher +script mentioned above is only a fraction of the data broadcasted on +the GSM network. It will only collect one frequency at the time, +while a typical phone will be using several frequencies, and not all +phones will be using the frequencies tracked by the grgsm_livemod +program. Also, there is a lot of radio chatter being ignored by the +simple_IMSI-catcher script, which would be collected by extending the +parser code. I wonder if gr-gsm can be set up to listen to more than +one frequency?

- Tags: english, nuug, video. + Tags: debian, english, personvern, surveillance.

@@ -53,96 +117,37 @@ talks available. Check it out! :)

listadmin, the quick way to moderate mailman lists - nice free software

22nd October 2014

If you ever had to moderate a mailman list, like the ones on -alioth.debian.org, you know the web interface is fairly slow to -operate. First you visit one web page, enter the moderation password -and get a new page shown with a list of all the messages to moderate -and various options for each email address. This take a while for -every list you moderate, and you need to do it regularly to do a good -job as a list moderator. But there is a quick alternative, -the -listadmin program. It allow you to check lists for new messages -to moderate in a fraction of a second. Here is a test run on two -lists I recently took over:

- -

-% time listadmin xiph
-fetching data for pkg-xiph-commits@lists.alioth.debian.org ... nothing in queue
-fetching data for pkg-xiph-maint@lists.alioth.debian.org ... nothing in queue
-
-real    0m1.709s
-user    0m0.232s
-sys     0m0.012s
-%
-

- -

In 1.7 seconds I had checked two mailing lists and confirmed that -there are no message in the moderation queue. Every morning I -currently moderate 68 mailman lists, and it normally take around two -minutes. When I took over the two pkg-xiph lists above a few days -ago, there were 400 emails waiting in the moderator queue. It took me -less than 15 minutes to process them all using the listadmin -program.

- -

If you install -the listadmin -package from Debian and create a file ~/.listadmin.ini -with content like this, the moderation task is a breeze:

- -

-username username@example.org
-spamlevel 23
-default discard
-discard_if_reason "Posting restricted to members only. Remove us from your mail list."
-
-password secret
-adminurl https://{domain}/mailman/admindb/{list}
-mailman-list@lists.example.com
-
-password hidden
-other-list@otherserver.example.org
-

- -

There are other options to set as well. Check the manual page to -learn the details.

- -

If you are forced to moderate lists on a mailman installation where -the SSL certificate is self signed or not properly signed by a -generally accepted signing authority, you can set a environment -variable when calling listadmin to disable SSL verification:

- -

-PERL_LWP_SSL_VERIFY_HOSTNAME=0 listadmin
-

- -

If you want to moderate a subset of the lists you take care of, you -can provide an argument to the listadmin script like I do in the -initial screen dump (the xiph argument). Using an argument, only -lists matching the argument string will be processed. This make it -quick to accept messages if you notice the moderation request in your -email.

- -

Without the listadmin program, I would never be the moderator of 68 -mailing lists, as I simply do not have time to spend on that if the -process was any slower. The listadmin program have saved me hours of -time I could spend elsewhere over the years. It truly is nice free -software.

- -

As usual, if you use Bitcoin and want to show your support of my -activities, please send Bitcoin donations to my address -15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- -

Update 2014-10-27: Added missing 'username' statement in -configuration example. Also, I've been told that the -PERL_LWP_SSL_VERIFY_HOSTNAME=0 setting do not work for everyone. Not -sure why.

Norwegian BokmÃ¥l edition of Debian Administrator's Handbook is now available

25th July 2017

+ +

I finally received a copy of the Norwegian BokmÃ¥l edition of +"The Debian Administrator's +Handbook". This test copy arrived in the mail a few days ago, and +I am very happy to hold the result in my hand. We spent around one and a half year translating it. This paperbook edition +is available +from lulu.com. If you buy it quickly, you save 25% on the list +price. The book is also available for download in electronic form as +PDF, EPUB and Mobipocket, as can be +read online +as a web page.

+ +

This is the second book I publish (the first was the book +"Free Culture" by Lawrence Lessig +in +English, +French +and +Norwegian +BokmÃ¥l), and I am very excited to finally wrap up this +project. I hope +"HÃ¥ndbok +for Debian-administratoren" will be well received.

- Tags: debian, english. + Tags: debian, debian-handbook, english.

@@ -150,114 +155,50 @@ sure why.

Debian Jessie, PXE and automatic firmware installation

17th October 2014

When PXE installing laptops with Debian, I often run into the -problem that the WiFi card require some firmware to work properly. -And it has been a pain to fix this using preseeding in Debian. -Normally something more is needed. But thanks to -my isenkram -package and its recent tasksel extension, it has now become easy -to do this using simple preseeding.

- -

The isenkram-cli package provide tasksel tasks which will install -firmware for the hardware found in the machine (actually, requested by -the kernel modules for the hardware). (It can also install user space -programs supporting the hardware detected, but that is not the focus -of this story.)

- -

To get this working in the default installation, two preeseding -values are needed. First, the isenkram-cli package must be installed -into the target chroot (aka the hard drive) before tasksel is executed -in the pkgsel step of the debian-installer system. This is done by -preseeding the base-installer/includes debconf value to include the -isenkram-cli package. The package name is next passed to debootstrap -for installation. With the isenkram-cli package in place, tasksel -will automatically use the isenkram tasks to detect hardware specific -packages for the machine being installed and install them, because -isenkram-cli contain tasksel tasks.

- -

Second, one need to enable the non-free APT repository, because -most firmware unfortunately is non-free. This is done by preseeding -the apt-mirror-setup step. This is unfortunate, but for a lot of -hardware it is the only option in Debian.

- -

The end result is two lines needed in your preseeding file to get -firmware installed automatically by the installer:

- -

-base-installer base-installer/includes string isenkram-cli
-apt-mirror-setup apt-setup/non-free boolean true
-

- -

The current version of isenkram-cli in testing/jessie will install -both firmware and user space packages when using this method. It also -do not work well, so use version 0.15 or later. Installing both -firmware and user space packages might give you a bit more than you -want, so I decided to split the tasksel task in two, one for firmware -and one for user space programs. The firmware task is enabled by -default, while the one for user space programs is not. This split is -implemented in the package currently in unstable.

- -

If you decide to give this a go, please let me know (via email) how -this recipe work for you. :)

- -

So, I bet you are wondering, how can this work. First and -foremost, it work because tasksel is modular, and driven by whatever -files it find in /usr/lib/tasksel/ and /usr/share/tasksel/. So the -isenkram-cli package place two files for tasksel to find. First there -is the task description file (/usr/share/tasksel/descs/isenkram.desc):

- -

-Task: isenkram-packages
-Section: hardware
-Description: Hardware specific packages (autodetected by isenkram)
- Based on the detected hardware various hardware specific packages are
- proposed.
-Test-new-install: show show
-Relevance: 8
-Packages: for-current-hardware
-
-Task: isenkram-firmware
-Section: hardware
-Description: Hardware specific firmware packages (autodetected by isenkram)
- Based on the detected hardware various hardware specific firmware
- packages are proposed.
-Test-new-install: mark show
-Relevance: 8
-Packages: for-current-hardware-firmware
-

- -

The key parts are Test-new-install which indicate how the task -should be handled and the Packages line referencing to a script in -/usr/lib/tasksel/packages/. The scripts use other scripts to get a -list of packages to install. The for-current-hardware-firmware script -look like this to list relevant firmware for the machine: - -

-#!/bin/sh
-#
-PATH=/usr/sbin:$PATH
-export PATH
-isenkram-autoinstall-firmware -l
-

- -

With those two pieces in place, the firmware is installed by -tasksel during the normal d-i run. :)

- -

If you want to test what tasksel will install when isenkram-cli is -installed, run DEBIAN_PRIORITY=critical tasksel --test ---new-install to get the list of packages that tasksel would -install.

- -

Debian Edu will be -pilots in testing this feature, as isenkram is used there now to -install firmware, replacing the earlier scripts.

Â«Rapporten ser ikke pÃ¥ informasjonssikkerhet knyttet til personlig integritetÂ»

27th June 2017

Jeg kom over teksten +Â«Killing +car privacy by federal mandateÂ» av Leonid Reyzin pÃ¥ Freedom to +Tinker i dag, og det gleder meg Ã¥ se en god gjennomgang om hvorfor det +er et urimelig inngrep i privatsfÃ¦ren Ã¥ la alle biler kringkaste sin +posisjon og bevegelse via radio. Det omtalte forslaget basert pÃ¥ +Dedicated Short Range Communication (DSRC) kalles Basic Safety Message +(BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det +norske Vegvesenet er en av de som ser ut til Ã¥ kunne tenke seg Ã¥ +pÃ¥legge alle biler Ã¥ fjerne nok en bit av innbyggernes privatsfÃ¦re. +Anbefaler alle Ã¥ lese det som stÃ¥r der. + +

Mens jeg tittet litt pÃ¥ DSRC pÃ¥ biler i Norge kom jeg over et sitat +jeg synes er illustrativt for hvordan det offentlige Norge hÃ¥ndterer +problemstillinger rundt innbyggernes privatsfÃ¦re i SINTEF-rapporten +Â«Informasjonssikkerhet +i AutoPASS-brikkerÂ» av Trond Foss:

+ +

+Â«Rapporten ser ikke pÃ¥ informasjonssikkerhet knyttet til personlig + integritet.Â» +

+ +

SÃ¥ enkelt kan det tydeligvis gjÃ¸res nÃ¥r en vurderer +informasjonssikkerheten. Det holder vel at folkene pÃ¥ toppen kan si +at Â«Personvernet er ivaretattÂ», som jo er den populÃ¦re intetsigende +frasen som gjÃ¸r at mange tror enkeltindividers integritet tas vare pÃ¥. +Sitatet fikk meg til Ã¥ undres pÃ¥ hvor ofte samme tilnÃ¦rming, Ã¥ bare se +bort fra behovet for personlig itegritet, blir valgt nÃ¥r en velger Ã¥ +legge til rette for nok et inngrep i privatsfÃ¦ren til personer i +Norge. Det er jo sjelden det fÃ¥r reaksjoner. Historien om +reaksjonene pÃ¥ Helse SÃ¸r-Ãsts tjenesteutsetting er jo sÃ¸rgelig nok et +unntak og toppen av isfjellet, desverre. Tror jeg fortsatt takker nei +til bÃ¥de AutoPASS og holder meg sÃ¥ langt unna det norske helsevesenet +som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter +individets privatsfÃ¦re og personlige integritet hÃ¸yere enn kortsiktig +gevist og samfunnsnytte.

- Tags: debian, english, isenkram, sysadmin. + Tags: norsk, personvern, sikkerhet.

@@ -265,23 +206,66 @@ install firmware, replacing the earlier scripts.

Ubuntu used to show the bread prizes at ICA Storo

4th October 2014

Today I came across an unexpected Ubuntu boot screen. Above the -bread shelf on the ICA shop at Storo in Oslo, the grub menu of Ubuntu -with Linux kernel 3.2.0-23 (ie probably version 12.04 LTS) was stuck -on a screen normally showing the bread types and prizes:

- -

If it had booted as it was supposed to, I would never had known -about this hidden Linux installation. It is interesting what -errors can reveal.

Updated sales number for my Free Culture paper editions

12th June 2017

It is pleasing to see that the work we put down in publishing new +editions of the classic Free +Culture book by the founder of the Creative Commons movement, +Lawrence Lessig, is still being appreciated. I had a look at the +latest sales numbers for the paper edition today. Not too impressive, +but happy to see some buyers still exist. All the revenue from the +books is sent to the Creative +Commons Corporation, and they receive the largest cut if you buy +directly from Lulu. Most books are sold via Amazon, with Ingram +second and only a small fraction directly from Lulu. The ebook +edition is available for free from +Github.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Title / language	Quantity
Title / language	2016 jan-jun	2016 jul-dec	2017 jan-may
Culture Libre / French	3	6	15
Fri kultur / Norwegian	7	1	0
Free Culture / English	14	27	16
Total	24	34	31

+ +

A bit sad to see the low sales number on the Norwegian edition, and +a bit surprising the English edition still selling so well.

+ +

If you would like to translate and publish the book in your native +language, I would be happy to help make it happen. Please get in +touch.

- Tags: debian, english. + Tags: docbook, english, freeculture.

@@ -289,49 +273,59 @@ about this hidden Linux installation. It is interesting what

New lsdvd release version 0.17 is ready

4th October 2014

The lsdvd project -got a new set of developers a few weeks ago, after the original -developer decided to step down and pass the project to fresh blood. -This project is now maintained by Petter Reinholdtsen and Steve -Dibb.

- -

I just wrapped up -a -new lsdvd release, available in git or from -the -download page. This is the changelog dated 2014-10-03 for version -0.17.

Release 0.1.1 of free software archive system Nikita announced

10th June 2017

I am very happy to report that the +Nikita Noark 5 +core project tagged its second release today. The free software +solution is an implementation of the Norwegian archive standard Noark +5 used by government offices in Norway. These were the changes in +version 0.1.1 since version 0.1.0 (from NEWS.md):

Ignore 'phantom' audio, subtitle tracks
Check for garbage in the program chains, which indicate that a track is - non-existant, to work around additional copy protection
Fix displaying content type for audio tracks, subtitles
Fix pallete display of first entry
Fix include orders
Ignore read errors in titles that would not be displayed anyway
Fix the chapter count
Make sure the array size and the array limit used when initialising - the palette size is the same.
Fix array printing.
Correct subsecond calculations.
Add sector information to the output format.
Clean up code to be closer to ANSI C and compile without warnings - with more GCC compiler warnings.
Continued work on the angularjs GUI, including document upload.
Implemented correspondencepartPerson, correspondencepartUnit and + correspondencepartInternal
Applied for coverity coverage and started submitting code on + regualr basis.
Started fixing bugs reported by coverity
Corrected and completed HATEOAS links to make sure entire API is + available via URLs in _links.
Corrected all relation URLs to use trailing slash.
Add initial support for storing data in ElasticSearch.
Now able to receive and store uploaded files in the archive.
Changed JSON output for object lists to have relations in _links.
Improve JSON output for empty object lists.
Now uses correct MIME type application/vnd.noark5-v4+json.
Added support for docker container images.
Added simple API browser implemented in JavaScript/Angular.
Started on archive client implemented in JavaScript/Angular.
Started on prototype to show the public mail journal.
Improved performance by disabling Sprint FileWatcher.
Added support for 'arkivskaper', 'saksmappe' and 'journalpost'.
Added support for some metadata codelists.
Added support for Cross-origin resource sharing (CORS).
Changed login method from Basic Auth to JSON Web Token (RFC 7519) + style.
Added support for GET-ing ny-* URLs.
Added support for modifying entities using PUT and eTag.
Added support for returning XML output on request.
Removed support for English field and class names, limiting ourself + to the official names.
...

This change bring together patches for lsdvd in use in various -Linux and Unix distributions, as well as patches submitted to the -project the last nine years. Please check it out. :)

If this sound interesting to you, please contact us on IRC (#nikita +on irc.freenode.net) or email +(nikita-noark +mailing list).

- Tags: debian, english, lsdvd, multimedia. + Tags: english, nuug, offentlig innsyn, standard.

@@ -339,77 +333,99 @@ project the last nine years. Please check it out. :)

How to test Debian Edu Jessie despite some fatal problems with the installer

26th September 2014

The Debian Edu / Skolelinux -project provide a Linux solution for schools, including a -powerful desktop with education software, a central server providing -web pages, user database, user home directories, central login and PXE -boot of both clients without disk and the installation to install Debian -Edu on machines with disk (and a few other services perhaps to small -to mention here). We in the Debian Edu team are currently working on -the Jessie based version, trying to get everything in shape before the -freeze, to avoid having to maintain our own package repository in the -future. The -current -status can be seen on the Debian wiki, and there is still heaps of -work left. Some fatal problems block testing, breaking the installer, -but it is possible to work around these to get anyway. Here is a -recipe on how to get the installation limping along.

- -

First, download the test ISO via -ftp, -http -or rsync (use -ftp.skolelinux.org::cd-edu-testing-nolocal-netinst/debian-edu-amd64-i386-NETINST-1.iso). -The ISO build was broken on Tuesday, so we do not get a new ISO every -12 hours or so, but thankfully the ISO we already got we are able to -install with some tweaking.

- -

When you get to the Debian Edu profile question, go to tty2 -(use Alt-Ctrl-F2), run

Idea for storing trusted timestamps in a Noark 5 archive

7th June 2017

This is a copy of +an +email I posted to the nikita-noark mailing list. Please follow up +there if you would like to discuss this topic. The background is that +we are making a free software archive system based on the Norwegian +Noark +5 standard for government archives.

+ +

I've been wondering a bit lately how trusted timestamps could be +stored in Noark 5. +Trusted +timestamps can be used to verify that some information +(document/file/checksum/metadata) have not been changed since a +specific time in the past. This is useful to verify the integrity of +the documents in the archive.

+ +

Then it occured to me, perhaps the trusted timestamps could be +stored as dokument variants (ie dokumentobjekt referered to from +dokumentbeskrivelse) with the filename set to the hash it is +stamping?

+ +

Given a "dokumentbeskrivelse" with an associated "dokumentobjekt", +a new dokumentobjekt is associated with "dokumentbeskrivelse" with the +same attributes as the stamped dokumentobjekt except these +attributes:

+ +

format -> "RFC3161" +
mimeType -> "application/timestamp-reply" +
formatDetaljer -> "<source URL for timestamp service>" +
filenavn -> "<sjekksum>.tsr" + +

+ +

This assume a service following +IETF RFC 3161 is +used, which specifiy the given MIME type for replies and the .tsr file +ending for the content of such trusted timestamp. As far as I can +tell from the Noark 5 specifications, it is OK to have several +variants/renderings of a dokument attached to a given +dokumentbeskrivelse objekt. It might be stretching it a bit to make +some of these variants represent crypto-signatures useful for +verifying the document integrity instead of representing the dokument +itself.

+ +

Using the source of the service in formatDetaljer allow several +timestamping services to be used. This is useful to spread the risk +of key compromise over several organisations. It would only be a +problem to trust the timestamps if all of the organisations are +compromised.

+ +

The following oneliner on Linux can be used to generate the tsr +file. $input is the path to the file to checksum, and $sha256 is the +SHA-256 checksum of the file (ie the ".tsr" value mentioned +above).

-nano /usr/bin/edu-eatmydata-install
+openssl ts -query -data "$inputfile" -cert -sha256 -no_nonce \
+  | curl -s -H "Content-Type: application/timestamp-query" \
+      --data-binary "@-" http://zeitstempel.dfn.de > $sha256.tsr

and add 'exit 0' as the second line, disabling the eatmydata -optimization. Return to the installation, select the profile you want -and continue. Without this change, exim4-config will fail to install -due to a known bug in eatmydata.

- -

When you get the grub question at the end, answer /dev/sda (or if -this do not work, figure out what your correct value would be. All my -test machines need /dev/sda, so I have no advice if it do not fit -your need.

- -

If you installed a profile including a graphical desktop, log in as -root after the initial boot from hard drive, and install the -education-desktop-XXX metapackage. XXX can be kde, gnome, lxde, xfce -or mate. If you want several desktop options, install more than one -metapackage. Once this is done, reboot and you should have a working -graphical login screen. This workaround should no longer be needed -once the education-tasks package version 1.801 enter testing in two -days.

- -

I believe the ISO build will start working on two days when the new -tasksel package enter testing and Steve McIntyre get a chance to -update the debian-cd git repository. The eatmydata, grub and desktop -issues are already fixed in unstable and testing, and should show up -on the ISO as soon as the ISO build start working again. Well the -eatmydata optimization is really just disabled. The proper fix -require an upload by the eatmydata maintainer applying the patch -provided in bug #702711. -The rest have proper fixes in unstable.

- -

I hope this get you going with the installation testing, as we are -quickly running out of time trying to get our Jessie based -installation ready before the distribution freeze in a month.

To verify the timestamp, you first need to download the public key +of the trusted timestamp service, for example using this command:

+ +

+wget -O ca-cert.txt \
+  https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
+

+ +

Note, the public key should be stored alongside the timestamps in +the archive to make sure it is also available 100 years from now. It +is probably a good idea to standardise how and were to store such +public keys, to make it easier to find for those trying to verify +documents 100 or 1000 years from now. :)

+ +

The verification itself is a simple openssl command:

+ +

+openssl ts -verify -data $inputfile -in $sha256.tsr \
+  -CAfile ca-cert.txt -text
+

+ +

Is there any reason this approach would not work? Is it somehow against +the Noark 5 specification?

- Tags: debian, debian edu, english. + Tags: english, offentlig innsyn, standard.

@@ -417,37 +433,61 @@ installation ready before the distribution freeze in a month.

Suddenly I am the new upstream of the lsdvd command line tool

25th September 2014

I use the lsdvd tool -to handle my fairly large DVD collection. It is a nice command line -tool to get details about a DVD, like title, tracks, track length, -etc, in XML, Perl or human readable format. But lsdvd have not seen -any new development since 2006 and had a few irritating bugs affecting -its use with some DVDs. Upstream seemed to be dead, and in January I -sent a small probe asking for a version control repository for the -project, without any reply. But I use it regularly and would like to -get an updated version -into Debian. So two weeks ago I tried harder to get in touch with -the project admin, and after getting a reply from him explaining that -he was no longer interested in the project, I asked if I could take -over. And yesterday, I became project admin.

- -

I've been in touch with a Gentoo developer and the Debian -maintainer interested in joining forces to maintain the upstream -project, and I hope we can get a new release out fairly quickly, -collecting the patches spread around on the internet into on place. -I've added the relevant Debian patches to the freshly created git -repository, and expect the Gentoo patches to make it too. If you got -a DVD collection and care about command line tools, check out -the git source and join -the project mailing -list. :)

NÃ¥r nynorskoversettelsen svikter til eksamen...

3rd June 2017

Aftenposten +melder i dag om feil i eksamensoppgavene for eksamen i politikk og +menneskerettigheter, der teksten i bokmÃ¥ls og nynorskutgaven ikke var +like. Oppgaveteksten er gjengitt i artikkelen, og jeg ble nysgjerring +pÃ¥ om den fri oversetterlÃ¸sningen +Apertium ville gjort en bedre +jobb enn Utdanningsdirektoratet. Det kan se slik ut.

+ +

Her er bokmÃ¥lsoppgaven fra eksamenen:

+ +

+
DrÃ¸ft utfordringene knyttet til nasjonalstatenes og andre aktÃ¸rers +rolle og muligheter til Ã¥ hÃ¥ndtere internasjonale utfordringer, som +for eksempel flykningekrisen.
+ +
Vedlegge er eksempler pÃ¥ tekster som kan gi relevante perspektiver +pÃ¥ temaet:
+
+
Flykningeregnskapet 2016, UNHCR og IDMC +
Â«GrenselÃ¸st Europa for fallÂ» A-Magasinet, 26. november 2015 +
+ +

+ +

Dette oversetter Apertium slik:

+ +

+
DrÃ¸ft utfordringane knytte til nasjonalstatane sine og rolla til +andre aktÃ¸rar og hÃ¸ve til Ã¥ handtera internasjonale utfordringar, som +til dÃ¸mes *flykningekrisen.
+ +
Vedleggja er dÃ¸me pÃ¥ tekster som kan gje relevante perspektiv pÃ¥ +temaet:
+ +
+
*Flykningeregnskapet 2016, *UNHCR og *IDMC
+
Â«*GrenselÃ¸st Europa for fallÂ» A-Magasinet, 26. november 2015
+
+ +

+ +

Ord som ikke ble forstÃ¥tt er markert med stjerne (*), og trenger +ekstra sprÃ¥ksjekk. Men ingen ord er forsvunnet, slik det var i +oppgaven elevene fikk presentert pÃ¥ eksamen. Jeg mistenker dog at +"andre aktÃ¸rers rolle og muligheter til ..." burde vÃ¦rt oversatt til +"rolla til andre aktÃ¸rar og deira hÃ¸ve til ..." eller noe slikt, men +det er kanskje flisespikking. Det understreker vel bare at det alltid +trengs korrekturlesning etter automatisk oversettelse.

- Tags: debian, english, lsdvd, multimedia. + Tags: debian, norsk, stavekontroll.

@@ -455,263 +495,67 @@ list. :)

Hva henger under skibrua over E16 pÃ¥ SollihÃ¸gda?

21st September 2014

Rundt omkring i Oslo og ÃstlandsomrÃ¥det henger det bokser over -veiene som jeg har lurt pÃ¥ hva gjÃ¸r. De har ut fra plassering og -vinkling sett ut som bokser som sniffer ut et eller annet fra -forbipasserende trafikk, men det har vÃ¦rt uklart for meg hva det er de -leser av. Her om dagen tok jeg bilde av en slik boks som henger under -ei -skibru pÃ¥ SollihÃ¸gda:

- -

Boksen er tydelig merket Â«Kapsch >>>Â», logoen til -det sveitsiske selskapet Kapsch som -blant annet lager sensorsystemer for veitrafikk. Men de lager mye -forskjellig, og jeg kjente ikke igjen boksen pÃ¥ utseendet etter en -kjapp titt pÃ¥ produktlista til selskapet.

- -

I og med at boksen henger over veien E16, en riksvei vedlikeholdt -av Statens Vegvesen, sÃ¥ antok jeg at det burde vÃ¦re mulig Ã¥ bruke -REST-API-et som gir tilgang til vegvesenets database over veier, -skilter og annet veirelatert til Ã¥ finne ut hva i alle dager dette -kunne vÃ¦re. De har bÃ¥de -en -datakatalog og -et -sÃ¸k, der en kan sÃ¸ke etter ulike typer oppfÃ¸ringer innen for et -gitt geografisk omrÃ¥de. Jeg laget et enkelt shell-script for Ã¥ hente -ut antall av en gitt type innenfor omrÃ¥det skibrua dekker, og listet -opp navnet pÃ¥ typene som ble funnet. Orket ikke slÃ¥ opp hvordan -URL-koding av aktuelle strenger kunne gjÃ¸res mer generisk, og brukte -en stygg sed-linje i stedet.

- -

-#!/bin/sh
-urlmap() {
-    sed \
-    -e 's/  / /g'   -e 's/{/%7B/g'  \
-    -e 's/}/%7D/g'  -e 's/\[/%5B/g' \
-    -e 's/\]/%5D/g' -e 's/ /%20/g'  \
-    -e 's/,/%2C/g'  -e 's/\"/%22/g' \
-    -e 's/:/%3A/g'
-}
-
-lookup() {
-    url="$1"
-    curl -s -H 'Accept: application/vnd.vegvesen.nvdb-v1+xml' \
-       "https://www.vegvesen.no/nvdb/api$url" | xmllint --format -
-}
-
-for id in $(seq 1 874) ; do
-    search="{
-  lokasjon: {
-    bbox: \"10.34425,59.96386,10.34458,59.96409\",
-    srid: \"WGS84\"
-  },
-   objektTyper: [{
-     id: $id, antall: 10
-   }]
-}"
-
-    query=/sok?kriterie=$(echo $search | urlmap)
-    if lookup "$query" |
-    grep -q '<totaltAntallReturnert>0<'
-    then
-    :
-    else
-    echo $id
-    lookup "/datakatalog/objekttyper/$id" |grep '^  <navn>'
-    fi
-done
-
-exit 0
-

- -Aktuelt ID-omrÃ¥de 1-874 var riktig i datakatalogen da jeg laget -scriptet. Det vil endre seg over tid. Skriptet listet sÃ¥ opp -aktuelle typer i og rundt skibrua: - -

-5
-  <navn>Rekkverk</navn>
-14
-  <navn>Rekkverksende</navn>
-47
-  <navn>Trafikklomme</navn>
-49
-  <navn>TrafikkÃ¸y</navn>
-60
-  <navn>Bru</navn>
-79
-  <navn>Stikkrenne/Kulvert</navn>
-80
-  <navn>GrÃ¸ft, Ã¥pen</navn>
-86
-  <navn>Belysningsstrekning</navn>
-95
-  <navn>Skiltpunkt</navn>
-96
-  <navn>Skiltplate</navn>
-98
-  <navn>Referansestolpe</navn>
-99
-  <navn>Vegoppmerking, langsgÃ¥ende</navn>
-105
-  <navn>Fartsgrense</navn>
-106
-  <navn>Vinterdriftsstrategi</navn>
-172
-  <navn>Trafikkdeler</navn>
-241
-  <navn>Vegdekke</navn>
-293
-  <navn>BreddemÃ¥ling</navn>
-301
-  <navn>Kantklippareal</navn>
-318
-  <navn>SnÃ¸-/isrydding</navn>
-445
-  <navn>Skred</navn>
-446
-  <navn>Dokumentasjon</navn>
-452
-  <navn>Undergang</navn>
-528
-  <navn>Tverrprofil</navn>
-532
-  <navn>Vegreferanse</navn>
-534
-  <navn>Region</navn>
-535
-  <navn>Fylke</navn>
-536
-  <navn>Kommune</navn>
-538
-  <navn>Gate</navn>
-539
-  <navn>Transportlenke</navn>
-540
-  <navn>Trafikkmengde</navn>
-570
-  <navn>Trafikkulykke</navn>
-571
-  <navn>Ulykkesinvolvert enhet</navn>
-572
-  <navn>Ulykkesinvolvert person</navn>
-579
-  <navn>Politidistrikt</navn>
-583
-  <navn>Vegbredde</navn>
-591
-  <navn>HÃ¸ydebegrensning</navn>
-592
-  <navn>NedbÃ¸yningsmÃ¥ling</navn>
-597
-  <navn>StÃ¸y-luft, Strekningsdata</navn>
-601
-  <navn>Oppgravingsdata</navn>
-602
-  <navn>Oppgravingslag</navn>
-603
-  <navn>PMS-parsell</navn>
-604
-  <navn>Vegnormalstrekning</navn>
-605
-  <navn>VÃ¦rrelatert strekning</navn>
-616
-  <navn>Feltstrekning</navn>
-617
-  <navn>Adressepunkt</navn>
-626
-  <navn>FriksjonsmÃ¥leserie</navn>
-629
-  <navn>Vegdekke, flatelapping</navn>
-639
-  <navn>Kurvatur, horisontalelement</navn>
-640
-  <navn>Kurvatur, vertikalelement</navn>
-642
-  <navn>Kurvatur, vertikalpunkt</navn>
-643
-  <navn>Statistikk, trafikkmengde</navn>
-647
-  <navn>Statistikk, vegbredde</navn>
-774
-  <navn>NedbÃ¸yningsmÃ¥leserie</navn>
-775
-  <navn>ATK, influensstrekning</navn>
-794
-  <navn>Systemobjekt</navn>
-810
-  <navn>Vinterdriftsklasse</navn>
-821
-  <navn>Funksjonell vegklasse</navn>
-825
-  <navn>Kurvatur, stigning</navn>
-838
-  <navn>Vegbredde, beregnet</navn>
-862
-  <navn>Reisetidsregistreringspunkt</navn>
-871
-  <navn>Bruksklasse</navn>
-

- -

Av disse ser ID 775 og 862 mest relevant ut. ID 775 antar jeg -refererer til fotoboksen som stÃ¥r like ved brua, mens -Â«ReisetidsregistreringspunktÂ» kanskje kan vÃ¦re boksen som henger der. -Hvordan finner jeg sÃ¥ ut hva dette kan vÃ¦re for noe. En titt pÃ¥ -datakatalogsiden -for ID 862/Reisetidsregistreringspunkt viser at det er finnes 53 -slike mÃ¥lere i Norge, og hvor de er plassert, men gir ellers fÃ¥ -detaljer. Det er plassert 40 pÃ¥ Ã¸stlandet og 13 i Trondheimsregionen. -Men siden nevner Â«AutoPASSÂ», og hvis en slÃ¥r opp oppfÃ¸ringen pÃ¥ -SollihÃ¸gda nevner den Â«Ciber ASÂ» som ID for eksternt system. (Kan det -vÃ¦re snakk om -Ciber -Norge AS, et selskap eid av Ciber Europe Bv?) Et nettsÃ¸k pÃ¥ - Â«Ciber AS autopassÂ» fÃ¸rer meg til en artikkel fra NRK TrÃ¸ndelag i - 2013 med tittel -Â«Sjekk -dette hvis du vil unngÃ¥ kÃ¸Â». Artikkelen henviser til vegvesenets -nettside -reisetider.no -som har en -kartside -for Ãstlandet som viser at det mÃ¥les mellom Sandvika og SollihÃ¸gda. -Det kan dermed se ut til at jeg har funnet ut hva boksene gjÃ¸r.

- -

Hvis det stemmer, sÃ¥ er dette bokser som leser av AutoPASS-ID-en -til alle passerende biler med AutoPASS-brikke, og dermed gjÃ¸r det mulig -for de som kontrollerer boksene Ã¥ holde rede pÃ¥ hvor en gitt bil er -nÃ¥r den passerte et slikt mÃ¥lepunkt. NRK-artikkelen forteller at -denne informasjonen i dag kun brukes til Ã¥ koble to -AutoPASS-brikkepasseringer passeringer sammen for Ã¥ beregne -reisetiden, og at bruken er godkjent av Datatilsynet. Det er desverre -ikke mulig for en sjÃ¥fÃ¸r som passerer under en slik boks Ã¥ kontrollere -at AutoPASS-ID-en kun brukes til dette i dag og i fremtiden.

- -

I tillegg til denne type AutoPASS-sniffere vet jeg at det ogsÃ¥ -finnes mange automatiske stasjoner som tar betalt pr. passering (aka -bomstasjoner), og der lagres informasjon om tid, sted og bilnummer i -10 Ã¥r. Finnes det andre slike sniffere plassert ut pÃ¥ veiene?

- -

Personlig har jeg valgt Ã¥ ikke bruke AutoPASS-brikke, for Ã¥ gjÃ¸re -det vanskeligere og mer kostbart for de som vil invadere privatsfÃ¦ren -og holde rede pÃ¥ hvor bilen min beveger seg til enhver tid. Jeg hÃ¥per -flere vil gjÃ¸re det samme, selv om det gir litt hÃ¸yere private -utgifter (dyrere bompassering). Vern om privatsfÃ¦ren koster i disse -dager.

- -

Takk til Jan Kristian Jensen i Statens Vegvesen for tips om -dokumentasjon pÃ¥ vegvesenets REST-API.

Epost inn som arkivformat i Riksarkivarens forskrift?

27th April 2017

I disse dager, med frist 1. mai, har Riksarkivaren ute en hÃ¸ring pÃ¥ +sin forskrift. Som en kan se er det ikke mye tid igjen fÃ¸r fristen +som gÃ¥r ut pÃ¥ sÃ¸ndag. Denne forskriften er det som lister opp hvilke +formater det er greit Ã¥ arkivere i +Noark +5-lÃ¸sninger i Norge.

+ +

Jeg fant hÃ¸ringsdokumentene hos +Norsk +ArkivrÃ¥d etter Ã¥ ha blitt tipset pÃ¥ epostlisten til +fri +programvareprosjektet Nikita Noark5-Core, som lager et Noark 5 +Tjenestegresesnitt. Jeg er involvert i Nikita-prosjektet og takket +vÃ¦re min interesse for tjenestegrensesnittsprosjektet har jeg lest en +god del Noark 5-relaterte dokumenter, og til min overraskelse oppdaget +at standard epost ikke er pÃ¥ listen over godkjente formater som kan +arkiveres. HÃ¸ringen med frist sÃ¸ndag er en glimrende mulighet til Ã¥ +forsÃ¸ke Ã¥ gjÃ¸re noe med det. Jeg holder pÃ¥ med +egen +hÃ¸ringsuttalelse, og lurer pÃ¥ om andre er interessert i Ã¥ stÃ¸tte +forslaget om Ã¥ tillate arkivering av epost som epost i arkivet.

+ +

Er du igang med Ã¥ skrive egen hÃ¸ringsuttalelse allerede? I sÃ¥ fall +kan du jo vurdere Ã¥ ta med en formulering om epost-lagring. Jeg tror +ikke det trengs sÃ¥ mye. Her et kort forslag til tekst:

+ +

+ +
Viser til hÃ¸ring sendt ut 2017-02-17 (Riksarkivarens referanse + 2016/9840 HELHJO), og tillater oss Ã¥ sende inn noen innspill om + revisjon av Forskrift om utfyllende tekniske og arkivfaglige + bestemmelser om behandling av offentlige arkiver (Riksarkivarens + forskrift).
+ +
SvÃ¦rt mye av vÃ¥r kommuikasjon foregÃ¥r i dag pÃ¥ e-post.Â Vi + foreslÃ¥r derfor at Internett-e-post, slik det er beskrevet i IETF + RFC 5322, + https://tools.ietf.org/html/rfc5322. bÃ¸r + inn som godkjent dokumentformat.Â Vi foreslÃ¥r at forskriftens + oversikt over godkjente dokumentformater ved innlevering i Â§ 5-16 + endres til Ã¥ ta med Internett-e-post.
+ +

+ +

Som del av arbeidet med tjenestegrensesnitt har vi testet hvordan +epost kan lagres i en Noark 5-struktur, og holder pÃ¥ Ã¥ skrive et +forslag om hvordan dette kan gjÃ¸res som vil bli sendt over til +arkivverket sÃ¥ snart det er ferdig. De som er interesserte kan +fÃ¸lge +fremdriften pÃ¥ web.

+ +

Oppdatering 2017-04-28: I dag ble hÃ¸ringuttalelsen jeg skrev + sendt + inn av foreningen NUUG.

- Tags: kart, norsk, personvern, rfid, surveillance. + Tags: norsk, offentlig innsyn, standard.

@@ -719,221 +563,52 @@ dokumentasjon pÃ¥ vegvesenets REST-API.

Speeding up the Debian installer using eatmydata and dpkg-divert

16th September 2014

The Debian installer could be -a lot quicker. When we install more than 2000 packages in -Skolelinux / Debian Edu using -tasksel in the installer, unpacking the binary packages take forever. -A part of the slow I/O issue was discussed in -bug #613428 about too -much file system sync-ing done by dpkg, which is the package -responsible for unpacking the binary packages. Other parts (like code -executed by postinst scripts) might also sync to disk during -installation. All this sync-ing to disk do not really make sense to -me. If the machine crash half-way through, I start over, I do not try -to salvage the half installed system. So the failure sync-ing is -supposed to protect against, hardware or system crash, is not really -relevant while the installer is running.

- -

A few days ago, I thought of a way to get rid of all the file -system sync()-ing in a fairly non-intrusive way, without the need to -change the code in several packages. The idea is not new, but I have -not heard anyone propose the approach using dpkg-divert before. It -depend on the small and clever package -eatmydata, which -uses LD_PRELOAD to replace the system functions for syncing data to -disk with functions doing nothing, thus allowing programs to live -dangerous while speeding up disk I/O significantly. Instead of -modifying the implementation of dpkg, apt and tasksel (which are the -packages responsible for selecting, fetching and installing packages), -it occurred to me that we could just divert the programs away, replace -them with a simple shell wrapper calling -"eatmydata $program $@", to get the same effect. -Two days ago I decided to test the idea, and wrapped up a simple -implementation for the Debian Edu udeb.

- -

The effect was stunning. In my first test it reduced the running -time of the pkgsel step (installing tasks) from 64 to less than 44 -minutes (20 minutes shaved off the installation) on an old Dell -Latitude D505 machine. I am not quite sure what the optimised time -would have been, as I messed up the testing a bit, causing the debconf -priority to get low enough for two questions to pop up during -installation. As soon as I saw the questions I moved the installation -along, but do not know how long the question were holding up the -installation. I did some more measurements using Debian Edu Jessie, -and got these results. The time measured is the time stamp in -/var/log/syslog between the "pkgsel: starting tasksel" and the -"pkgsel: finishing up" lines, if you want to do the same measurement -yourself. In Debian Edu, the tasksel dialog do not show up, and the -timing thus do not depend on how quickly the user handle the tasksel -dialog.

- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Machine/setup Original tasksel Optimised tasksel Reduction
Latitude D505 Main+LTSP LXDE 64 min (07:46-08:50) <44 min (11:27-12:11) >20 min 18%
Latitude D505 Roaming LXDE 57 min (08:48-09:45) 34 min (07:43-08:17) 23 min 40%
Latitude D505 Minimal 22 min (10:37-10:59) 11 min (11:16-11:27) 11 min 50%
Thinkpad X200 Minimal 6 min (08:19-08:25) 4 min (08:04-08:08) 2 min 33%
Thinkpad X200 Roaming KDE 19 min (09:21-09:40) 15 min (10:25-10:40) 4 min 21%

Machine/setup	Original tasksel	Optimised tasksel	Reduction
Latitude D505 Main+LTSP LXDE	64 min (07:46-08:50)	<44 min (11:27-12:11)	>20 min 18%
Latitude D505 Roaming LXDE	57 min (08:48-09:45)	34 min (07:43-08:17)	23 min 40%
Latitude D505 Minimal	22 min (10:37-10:59)	11 min (11:16-11:27)	11 min 50%
Thinkpad X200 Minimal	6 min (08:19-08:25)	4 min (08:04-08:08)	2 min 33%
Thinkpad X200 Roaming KDE	19 min (09:21-09:40)	15 min (10:25-10:40)	4 min 21%

- -

The test is done using a netinst ISO on a USB stick, so some of the -time is spent downloading packages. The connection to the Internet -was 100Mbit/s during testing, so downloading should not be a -significant factor in the measurement. Download typically took a few -seconds to a few minutes, depending on the amount of packages being -installed.

- -

The speedup is implemented by using two hooks in -Debian -Installer, the pre-pkgsel.d hook to set up the diverts, and the -finish-install.d hook to remove the divert at the end of the -installation. I picked the pre-pkgsel.d hook instead of the -post-base-installer.d hook because I test using an ISO without the -eatmydata package included, and the post-base-installer.d hook in -Debian Edu can only operate on packages included in the ISO. The -negative effect of this is that I am unable to activate this -optimization for the kernel installation step in d-i. If the code is -moved to the post-base-installer.d hook, the speedup would be larger -for the entire installation.

- -

I've implemented this in the -debian-edu-install -git repository, and plan to provide the optimization as part of the -Debian Edu installation. If you want to test this yourself, you can -create two files in the installer (or in an udeb). One shell script -need do go into /usr/lib/pre-pkgsel.d/, with content like this:

Offentlig elektronisk postjournal blokkerer tilgang for utvalgte webklienter

20th April 2017

Jeg oppdaget i dag at nettstedet som +publiserer offentlige postjournaler fra statlige etater, OEP, har +begynt Ã¥ blokkerer enkelte typer webklienter fra Ã¥ fÃ¥ tilgang. Vet +ikke hvor mange det gjelder, men det gjelder i hvert fall libwww-perl +og curl. For Ã¥ teste selv, kjÃ¸r fÃ¸lgende:

-#!/bin/sh
-set -e
-. /usr/share/debconf/confmodule
-info() {
-    logger -t my-pkgsel "info: $*"
-}
-error() {
-    logger -t my-pkgsel "error: $*"
-}
-override_install() {
-    apt-install eatmydata || true
-    if [ -x /target/usr/bin/eatmydata ] ; then
-        for bin in dpkg apt-get aptitude tasksel ; do
-            file=/usr/bin/$bin
-            # Test that the file exist and have not been diverted already.
-            if [ -f /target$file ] ; then
-                info "diverting $file using eatmydata"
-                printf "#!/bin/sh\neatmydata $bin.distrib \"\$@\"\n" \
-                    > /target$file.edu
-                chmod 755 /target$file.edu
-                in-target dpkg-divert --package debian-edu-config \
-                    --rename --quiet --add $file
-                ln -sf ./$bin.edu /target$file
-            else
-                error "unable to divert $file, as it is missing."
-            fi
-        done
-    else
-        error "unable to find /usr/bin/eatmydata after installing the eatmydata pacage"
-    fi
-}
-
-override_install
-

- -

To clean up, another shell script should go into -/usr/lib/finish-install.d/ with code like this: - -

-#! /bin/sh -e
-. /usr/share/debconf/confmodule
-error() {
-    logger -t my-finish-install "error: $@"
-}
-remove_install_override() {
-    for bin in dpkg apt-get aptitude tasksel ; do
-        file=/usr/bin/$bin
-        if [ -x /target$file.edu ] ; then
-            rm /target$file
-            in-target dpkg-divert --package debian-edu-config \
-                --rename --quiet --remove $file
-            rm /target$file.edu
-        else
-            error "Missing divert for $file."
-        fi
-    done
-    sync # Flush file buffers before continuing
-}
-
-remove_install_override
-

+% curl -v -s https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP'
+< HTTP/1.1 404 Not Found
+% curl -v -s --header 'User-Agent:Opera/12.0' https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP'
+< HTTP/1.1 200 OK
+%
+

In Debian Edu, I placed both code fragments in a separate script -edu-eatmydata-install and call it from the pre-pkgsel.d and -finish-install.d scripts.

- -

By now you might ask if this change should get into the normal -Debian installer too? I suspect it should, but am not sure the -current debian-installer coordinators find it useful enough. It also -depend on the side effects of the change. I'm not aware of any, but I -guess we will see if the change is safe after some more testing. -Perhaps there is some package in Debian depending on sync() and -fsync() having effect? Perhaps it should go into its own udeb, to -allow those of us wanting to enable it to do so without affecting -everyone.

- -

Update 2014-09-24: Since a few days ago, enabling this optimization -will break installation of all programs using gnutls because of -bug #702711. An updated -eatmydata package in Debian will solve it.

- -

Update 2014-10-17: The bug mentioned above is fixed in testing and -the optimization work again. And I have discovered that the -dpkg-divert trick is not really needed and implemented a slightly -simpler approach as part of the debian-edu-install package. See -tools/edu-eatmydata-install in the source package.

Her kan en se at tjenesten gir Â«404 Not FoundÂ» for curl i +standardoppsettet, mens den gir Â«200 OKÂ» hvis curl hevder Ã¥ vÃ¦re Opera +versjon 12.0. Offentlig elektronisk postjournal startet blokkeringen +2017-03-02.

+ +

Blokkeringen vil gjÃ¸re det litt vanskeligere Ã¥ maskinelt hente +informasjon fra oep.no. Kan blokkeringen vÃ¦re gjort for Ã¥ hindre +automatisert innsamling av informasjon fra OEP, slik Pressens +Offentlighetsutvalg gjorde for Ã¥ dokumentere hvordan departementene +hindrer innsyn i +rapporten +Â«Slik hindrer departementer innsynÂ» som ble publiserte i januar +2017. Det virker usannsynlig, da det jo er trivielt Ã¥ bytte +User-Agent til noe nytt.

+ +

Finnes det juridisk grunnlag for det offentlige Ã¥ diskriminere +webklienter slik det gjÃ¸res her? Der tilgang gis eller ikke alt etter +hva klienten sier at den heter? Da OEP eies av DIFI og driftes av +Basefarm, finnes det kanskje noen dokumenter sendt mellom disse to +aktÃ¸rene man kan be om innsyn i for Ã¥ forstÃ¥ hva som har skjedd. Men +postjournalen +til DIFI viser kun to dokumenter det siste Ã¥ret mellom DIFI og +Basefarm. +Mimes brÃ¸nn neste, +tenker jeg.

- Tags: debian, debian edu, english. + Tags: norsk, offentlig innsyn.

@@ -941,62 +616,101 @@ tools/edu-eatmydata-install in the source package.

Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net

10th September 2014

Yesterday, I had the pleasure of attending a talk with the -Norwegian Unix User Group about -the -OpenPGP keyserver pool sks-keyservers.net, and was very happy to -learn that there is a large set of publicly available key servers to -use when looking for peoples public key. So far I have used -subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former -were misbehaving, but those days are ended. The servers I have used -up until yesterday have been slow and some times unavailable. I hope -those problems are gone now.

- -

Behind the round robin DNS entry of the -sks-keyservers.net service -there is a pool of more than 100 keyservers which are checked every -day to ensure they are well connected and up to date. It must be -better than what I have used so far. :)

- -

Yesterdays speaker told me that the service is the default -keyserver provided by the default configuration in GnuPG, but this do -not seem to be used in Debian. Perhaps it should?

- -

Anyway, I've updated my ~/.gnupg/options file to now include this -line:

- -

-keyserver pool.sks-keyservers.net
-

- -

With GnuPG version 2 one can also locate the keyserver using SRV -entries in DNS. Just for fun, I did just that at work, so now every -user of GnuPG at the University of Oslo should find a OpenGPG -keyserver automatically should their need it:

Free software archive system Nikita now able to store documents

19th March 2017

The Nikita +Noark 5 core project is implementing the Norwegian standard for +keeping an electronic archive of government documents. +The +Noark 5 standard document the requirement for data systems used by +the archives in the Norwegian government, and the Noark 5 web interface +specification document a REST web service for storing, searching and +retrieving documents and metadata in such archive. I've been involved +in the project since a few weeks before Christmas, when the Norwegian +Unix User Group +announced +it supported the project. I believe this is an important project, +and hope it can make it possible for the government archives in the +future to use free software to keep the archives we citizens depend +on. But as I do not hold such archive myself, personally my first use +case is to store and analyse public mail journal metadata published +from the government. I find it useful to have a clear use case in +mind when developing, to make sure the system scratches one of my +itches.

+ +

If you would like to help make sure there is a free software +alternatives for the archives, please join our IRC channel +(#nikita on +irc.freenode.net) and +the +project mailing list.

+ +

When I got involved, the web service could store metadata about +documents. But a few weeks ago, a new milestone was reached when it +became possible to store full text documents too. Yesterday, I +completed an implementation of a command line tool +archive-pdf to upload a PDF file to the archive using this +API. The tool is very simple at the moment, and find existing +fonds, series and +files while asking the user to select which one to use if more than +one exist. Once a file is identified, the PDF is associated with the +file and uploaded, using the title extracted from the PDF itself. The +process is fairly similar to visiting the archive, opening a cabinet, +locating a file and storing a piece of paper in the archive. Here is +a test run directly after populating the database with test data using +our API tester:

-% host -t srv _pgpkey-http._tcp.uio.no
-_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
-%
+~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf
+using arkiv: Title of the test fonds created 2017-03-18T23:49:32.103446
+using arkivdel: Title of the test series created 2017-03-18T23:49:32.103446
+
+ 0 - Title of the test case file created 2017-03-18T23:49:32.103446
+ 1 - Title of the test file created 2017-03-18T23:49:32.103446
+Select which mappe you want (or search term): 0
+Uploading mangelmelding/mangler.pdf
+  PDF title: Mangler i spesifikasjonsdokumentet for NOARK 5 Tjenestegrensesnitt
+  File 2017/1: Title of the test case file created 2017-03-18T23:49:32.103446
+~/src//noark5-tester$

Now if only -the -HKP lookup protocol supported finding signature paths, I would be -very happy. It can look up a given key or search for a user ID, but I -normally do not want that, but to find a trust path from my key to -another key. Given a user ID or key ID, I would like to find (and -download) the keys representing a signature path from my key to the -key in question, to be able to get a trust path between the two keys. -This is as far as I can tell not possible today. Perhaps something -for a future version of the protocol?

You can see here how the fonds (arkiv) and serie (arkivdel) only had +one option, while the user need to choose which file (mappe) to use +among the two created by the API tester. The archive-pdf +tool can be found in the git repository for the API tester.

+ +

In the project, I have been mostly working on +the API +tester so far, while getting to know the code base. The API +tester currently use +the HATEOAS links +to traverse the entire exposed service API and verify that the exposed +operations and objects match the specification, as well as trying to +create objects holding metadata and uploading a simple XML file to +store. The tester has proved very useful for finding flaws in our +implementation, as well as flaws in the reference site and the +specification.

+ +

The test document I uploaded is a summary of all the specification +defects we have collected so far while implementing the web service. +There are several unclear and conflicting parts of the specification, +and we have +started +writing down the questions we get from implementing it. We use a +format inspired by how The +Austin Group collect defect reports for the POSIX standard with +their +instructions for the MANTIS defect tracker system, in lack of an official way to structure defect reports for Noark 5 (our first submitted defect report was a request for a procedure for submitting defect reports :). + +

The Nikita project is implemented using Java and Spring, and is +fairly easy to get up and running using Docker containers for those +that want to test the current code base. The API tester is +implemented in Python.

- Tags: debian, english, personvern, sikkerhet. + Tags: english, nuug, offentlig innsyn, standard.

@@ -1011,6 +725,83 @@ for a future version of the protocol?

Archive