X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/a72e5052cfe4e2fc68f64bf1fe580b9ba31e496f..2d047348b0dfe1d3bab7955e9bf9b52223e84373:/blog/index.rss diff --git a/blog/index.rss b/blog/index.rss index b69ae17d2d..3b4e21fa9b 100644 --- a/blog/index.rss +++ b/blog/index.rss @@ -7,728 +7,640 @@ - ReactOS Windows clone - nice free software - http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html - http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html - Tue, 1 Apr 2014 12:10:00 +0200 - <p>Microsoft have announced that Windows XP reaches its end of life -2014-04-08, in 7 days. But there are heaps of machines still running -Windows XP, and depending on Windows XP to run their applications, and -upgrading will be expensive, both when it comes to money and when it -comes to the amount of effort needed to migrate from Windows XP to a -new operating system. Some obvious options (buy new a Windows -machine, buy a MacOSX machine, install Linux on the existing machine) -are already well known and covered elsewhere. Most of them involve -leaving the user applications installed on Windows XP behind and -trying out replacements or updated versions. In this blog post I want -to mention one strange bird that allow people to keep the hardware and -the existing Windows XP applications and run them on a free software -operating system that is Windows XP compatible.</p> - -<p><a href="http://www.reactos.org/">ReactOS</a> is a free software -operating system (GNU GPL licensed) working on providing a operating -system that is binary compatible with Windows, able to run windows -programs directly and to use Windows drivers for hardware directly. -The project goal is for Windows user to keep their existing machines, -drivers and software, and gain the advantages from user a operating -system without usage limitations caused by non-free licensing. It is -a Windows clone running directly on the hardware, so quite different -from the approach taken by <a href="http://www.winehq.org/">the Wine -project</a>, which make it possible to run Windows binaries on -Linux.</p> - -<p>The ReactOS project share code with the Wine project, so most -shared libraries available on Windows are already implemented already. -There is also a software manager like the one we are used to on Linux, -allowing the user to install free software applications with a simple -click directly from the Internet. Check out the -<a href="http://www.reactos.org/screenshots">screen shots on the -project web site</a> for an idea what it look like (it looks just like -Windows before metro).</p> - -<p>I do not use ReactOS myself, preferring Linux and Unix like -operating systems. I've tested it, and it work fine in a virt-manager -virtual machine. The browser, minesweeper, notepad etc is working -fine as far as I can tell. Unfortunately, my main test application -is the software included on a CD with the Lego Mindstorms NXT, which -seem to install just fine from CD but fail to leave any binaries on -the disk after the installation. So no luck with that test software. -No idea why, but hope someone else figure out and fix the problem. -I've tried the ReactOS Live ISO on a physical machine, and it seemed -to work just fine. If you like Windows and want to keep running your -old Windows binaries, check it out by -<a href="http://www.reactos.org/download">downloading</a> the -installation CD, the live CD or the preinstalled virtual machine -image.</p> + Simpler recipe on how to make a simple $7 IMSI Catcher using Debian + http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html + http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html + Wed, 9 Aug 2017 23:59:00 +0200 + <p>On friday, I came across an interesting article in the Norwegian +web based ICT news magazine digi.no on +<a href="https://www.digi.no/artikler/sikkerhetsforsker-lagde-enkel-imsi-catcher-for-60-kroner-na-kan-mobiler-kartlegges-av-alle/398588">how +to collect the IMSI numbers of nearby cell phones</a> using the cheap +DVB-T software defined radios. The article refered to instructions +and <a href="https://www.youtube.com/watch?v=UjwgNd_as30">a recipe by +Keld Norman on Youtube on how to make a simple $7 IMSI Catcher</a>, and I decided to test them out.</p> + +<p>The instructions said to use Ubuntu, install pip using apt (to +bypass apt), use pip to install pybombs (to bypass both apt and pip), +and the ask pybombs to fetch and build everything you need from +scratch. I wanted to see if I could do the same on the most recent +Debian packages, but this did not work because pybombs tried to build +stuff that no longer build with the most recent openssl library or +some other version skew problem. While trying to get this recipe +working, I learned that the apt->pip->pybombs route was a long detour, +and the only piece of software dependency missing in Debian was the +gr-gsm package. I also found out that the lead upstream developer of +gr-gsm (the name stand for GNU Radio GSM) project already had a set of +Debian packages provided in an Ubuntu PPA repository. All I needed to +do was to dget the Debian source package and built it.</p> + +<p>The IMSI collector is a python script listening for packages on the +loopback network device and printing to the terminal some specific GSM +packages with IMSI numbers in them. The code is fairly short and easy +to understand. The reason this work is because gr-gsm include a tool +to read GSM data from a software defined radio like a DVB-T USB stick +and other software defined radios, decode them and inject them into a +network device on your Linux machine (using the loopback device by +default). This proved to work just fine, and I've been testing the +collector for a few days now.</p> + +<p>The updated and simpler recipe is thus to</p> + +<ol> + +<li>start with a Debian machine running Stretch or newer,</li> + +<li>build and install the gr-gsm package available from +<a href="http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/">http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/</a>,</li> + +<li>clone the git repostory from <a href="https://github.com/Oros42/IMSI-catcher">https://github.com/Oros42/IMSI-catcher</a>,</li> + +<li>run grgsm_livemon and adjust the frequency until the terminal +where it was started is filled with a stream of text (meaning you +found a GSM station).</li> + +<li>go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.</li> + +</ol> + +<p>To make it even easier in the future to get this sniffer up and +running, I decided to package +<a href="https://github.com/ptrkrysik/gr-gsm/">the gr-gsm project</a> +for Debian (<a href="https://bugs.debian.org/871055">WNPP +#871055</a>), and the package was uploaded into the NEW queue today. +Luckily the gnuradio maintainer has promised to help me, as I do not +know much about gnuradio stuff yet.</p> + +<p>I doubt this "IMSI cacher" is anywhere near as powerfull as +commercial tools like +<a href="https://www.thespyphone.com/portable-imsi-imei-catcher/">The +Spy Phone Portable IMSI / IMEI Catcher</a> or the +<a href="https://en.wikipedia.org/wiki/Stingray_phone_tracker">Harris +Stingray</a>, but I hope the existance of cheap alternatives can make +more people realise how their whereabouts when carrying a cell phone +is easily tracked. Seeing the data flow on the screen, realizing that +I live close to a police station and knowing that the police is also +wearing cell phones, I wonder how hard it would be for criminals to +track the position of the police officers to discover when there are +police near by, or for foreign military forces to track the location +of the Norwegian military forces, or for anyone to track the location +of government officials...</p> + +<p>It is worth noting that the data reported by the IMSI-catcher +script mentioned above is only a fraction of the data broadcasted on +the GSM network. It will only collect one frequency at the time, +while a typical phone will be using several frequencies, and not all +phones will be using the frequencies tracked by the grgsm_livemod +program. Also, there is a lot of radio chatter being ignored by the +simple_IMSI-catcher script, which would be collected by extending the +parser code. I wonder if gr-gsm can be set up to listen to more than +one frequency?</p> - Debian Edu interview: Roger Marsal - http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html - http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html - Sun, 30 Mar 2014 11:40:00 +0200 - <p><a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a> -keep gaining new users. Some weeks ago, a person showed up on IRC, -<a href="irc://irc.debian.org/#debian-edu">#debian-edu</a>, with a -wish to contribute, and I managed to get a interview with this great -contributor Roger Marsal to learn more about his background.</p> - -<p><strong>Who are you, and how do you spend your days?</strong></p> - -<p>My name is Roger Marsal, I'm 27 years old (1986 generation) and I -live in Barcelona, Spain. I've got a strong business background and I -work as a patrimony manager and as a real estate agent. Additionally, -I've co-founded a British based tech company that is nowadays on the -last development phase of a new social networking concept.</p> - -<p>I'm a Linux enthusiast that started its journey with Ubuntu four years -ago and have recently switched to Debian seeking rock solid stability -and as a necessary step to gain expertise.</p> - -<p>In a nutshell, I spend my days working and learning as much as I -can to face both my job, entrepreneur project and feed my Linux -hunger.</p> - -<p><strong>How did you get in contact with the Skolelinux / Debian Edu -project?</strong></p> - -<p>I discovered the <a href="http://www.ltsp.org/">LTSP</a> advantages -with "Ubuntu 12.04 alternate install" and after a year of use I -started looking for an alternative. Even though I highly value and -respect the Ubuntu project, I thought it was necessary for me to -change to a more robust and stable alternative. As far as I was using -Debian on my personal laptop I thought it would be fine to install -Debian and configure an LTSP server myself. Surprised, I discovered -that the Debian project also supported a kind of Edubuntu equivalent, -and after having some pain I obtained a Debian Edu network up and -running. I just loved it.</p> - -<p><strong>What do you see as the advantages of Skolelinux / Debian -Edu?</strong></p> - -<p>I found a main advantage in that, once you know "the tips and -tricks", a new installation just works out of the box. It's the most -complete alternative I've found to create an LTSP network. All the -other distributions seems to be made of plastic, Debian Edu seems to -be made of steel.</p> - -<p><strong>What do you see as the disadvantages of Skolelinux / Debian -Edu?</strong></p> - -<p>I found two main disadvantages.</p> - -<p>I'm not an expert but I've got notions and I had to spent a considerable -amount of time trying to bring up a standard network topology. I'm quite -stubborn and I just worked until I did but I'm sure many people with few -resources (not big schools, but academies for example) would have switched -or dropped.</p> - -<p>It's amazing how such a complex system like Debian Edu has achieved -this out-of-the-box state. Even though tweaking without breaking gets -more difficult, as more factors have to be considered. This can -discourage many people too.</p> - -<p><strong>Which free software do you use daily?</strong></p> - -<p>I use Debian, Firefox, Okular, Inkscape, LibreOffice and -Virtualbox.</p> - - -<p><strong>Which strategy do you believe is the right one to use to -get schools to use free software?</strong></p> - -<p>I don't think there is a need for a particular strategy. The free -attribute in both "freedom" and "no price" meanings is what will -really bring free software to schools. In my experience I can think of -the <a href="http://www.r-project.org/">"R" statistical language</a>; a -few years a ago was an extremely nerd tool for university people. -Today it's being increasingly used to teach statistics at many -different level of studies. I believe free and open software will -increasingly gain popularity, but I'm sure schools will be one of the -first scenarios where this will happen.</p> + Norwegian Bokmål edition of Debian Administrator's Handbook is now available + http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html + http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html + Tue, 25 Jul 2017 21:10:00 +0200 + <p align="center"><img align="center" src="http://people.skolelinux.org/pere/blog/images/2017-07-25-debian-handbook-nb-testprint.png"/></p> + +<p>I finally received a copy of the Norwegian Bokmål edition of +"<a href="https://debian-handbook.info/">The Debian Administrator's +Handbook</a>". This test copy arrived in the mail a few days ago, and +I am very happy to hold the result in my hand. We spent around one and a half year translating it. This paperbook edition +<a href="https://debian-handbook.info/get/#norwegian">is available +from lulu.com</a>. If you buy it quickly, you save 25% on the list +price. The book is also available for download in electronic form as +PDF, EPUB and Mobipocket, as can be +<a href="https://debian-handbook.info/browse/nb-NO/stable/">read online +as a web page</a>.</p> + +<p>This is the second book I publish (the first was the book +"<a href="http://free-culture.cc/">Free Culture</a>" by Lawrence Lessig +in +<a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">English</a>, +<a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">French</a> +and +<a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Norwegian +Bokmål</a>), and I am very excited to finally wrap up this +project. I hope +"<a href="http://www.lulu.com/shop/rapha%C3%ABl-hertzog-and-roland-mas/h%C3%A5ndbok-for-debian-administratoren/paperback/product-23262290.html">Håndbok +for Debian-administratoren</a>" will be well received.</p> - Dokumentaren om Datalagringsdirektivet sendes endelig på NRK - http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html - http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html - Wed, 26 Mar 2014 09:50:00 +0100 - <p><a href="http://www.nuug.no/">Foreningen NUUG</a> melder i natt at -NRK nå har bestemt seg for -<a href="http://www.nuug.no/news/NRK_viser_filmen_om_Datalagringsdirektivet_f_rste_gang_2014_03_31.shtml">når -den norske dokumentarfilmen om datalagringsdirektivet skal -sendes</a> (se <a href="http://www.imdb.com/title/tt2832844/">IMDB</a> -for detaljer om filmen) . Første visning blir på NRK2 mandag -2014-03-31 kl. 19:50, og deretter visninger onsdag 2014-04-02 -kl. 12:30, fredag 2014-04-04 kl. 19:40 og søndag 2014-04-06 kl. 15:10. -Jeg har sett dokumentaren, og jeg anbefaler enhver å se den selv. Som -oppvarming mens vi venter anbefaler jeg Bjørn Stærks kronikk i -Aftenposten fra i går, -<a href="http://www.aftenposten.no/meninger/kronikker/Autoritar-gjokunge-7514915.html">Autoritær -gjøkunge</a>, der han gir en grei skisse av hvor ille det står til med -retten til privatliv og beskyttelsen av demokrati i Norge og resten -verden, og helt riktig slår fast at det er vi i databransjen som -sitter med nøkkelen til å gjøre noe med dette. Jeg har involvert meg -i prosjektene <a href="http://www.dugnadsnett.no/">dugnadsnett.no</a> -og <a href="https://wiki.debian.org/FreedomBox">FreedomBox</a> for å -forsøke å gjøre litt selv for å bedre situasjonen, men det er mye -hardt arbeid fra mange flere enn meg som gjenstår før vi kan sies å ha -gjenopprettet balansen.</p> - -<p>Jeg regner med at nettutgaven dukker opp på -<a href="http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet">NRKs -side om filmen om datalagringsdirektivet</a> om fem dager. Hold et -øye med siden, og tips venner og slekt om at de også bør se den.</p> - - - - - Public Trusted Timestamping services for everyone - http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html - http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html - Tue, 25 Mar 2014 12:50:00 +0100 - <p>Did you ever need to store logs or other files in a way that would -allow it to be used as evidence in court, and needed a way to -demonstrate without reasonable doubt that the file had not been -changed since it was created? Or, did you ever need to document that -a given document was received at some point in time, like some -archived document or the answer to an exam, and not changed after it -was received? The problem in these settings is to remove the need to -trust yourself and your computers, while still being able to prove -that a file is the same as it was at some given time in the past.</p> - -<p>A solution to these problems is to have a trusted third party -"stamp" the document and verify that at some given time the document -looked a given way. Such -<a href="https://en.wikipedia.org/wiki/Notarius">notarius</a> service -have been around for thousands of years, and its digital equivalent is -called a -<a href="http://en.wikipedia.org/wiki/Trusted_timestamping">trusted -timestamping service</a>. <a href="http://www.ietf.org/">The Internet -Engineering Task Force</a> standardised how such service could work a -few years ago as <a href="http://tools.ietf.org/html/rfc3161">RFC -3161</a>. The mechanism is simple. Create a hash of the file in -question, send it to a trusted third party which add a time stamp to -the hash and sign the result with its private key, and send back the -signed hash + timestamp. Both email, FTP and HTTP can be used to -request such signature, depending on what is provided by the service -used. Anyone with the document and the signature can then verify that -the document matches the signature by creating their own hash and -checking the signature using the trusted third party public key. -There are several commercial services around providing such -timestamping. A quick search for -"<a href="https://duckduckgo.com/?q=rfc+3161+service">rfc 3161 -service</a>" pointed me to at least -<a href="https://www.digistamp.com/technical/how-a-digital-time-stamp-works/">DigiStamp</a>, -<a href="http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx">Quo -Vadis</a>, -<a href="https://www.globalsign.com/timestamp-service/">Global Sign</a> -and <a href="http://www.globaltrustfinder.com/TSADefault.aspx">Global -Trust Finder</a>. The system work as long as the private key of the -trusted third party is not compromised.</p> - -<p>But as far as I can tell, there are very few public trusted -timestamp services available for everyone. I've been looking for one -for a while now. But yesterday I found one over at -<a href="https://www.pki.dfn.de/zeitstempeldienst/">Deutches -Forschungsnetz</a> mentioned in -<a href="http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/">a -blog by David Müller</a>. I then found -<a href="http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html">a -good recipe on how to use the service</a> over at the University of -Greifswald.</p> - -<p><a href="http://www.openssl.org/">The OpenSSL library</a> contain -both server and tools to use and set up your own signing service. See -the ts(1SSL), tsget(1SSL) manual pages for more details. The -following shell script demonstrate how to extract a signed timestamp -for any file on the disk in a Debian environment:</p> + «Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet» + http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html + http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html + Tue, 27 Jun 2017 17:50:00 +0200 + <p>Jeg kom over teksten +«<a href="https://freedom-to-tinker.com/2017/06/21/killing-car-privacy-by-federal-mandate/">Killing +car privacy by federal mandate</a>» av Leonid Reyzin på Freedom to +Tinker i dag, og det gleder meg å se en god gjennomgang om hvorfor det +er et urimelig inngrep i privatsfæren å la alle biler kringkaste sin +posisjon og bevegelse via radio. Det omtalte forslaget basert på +Dedicated Short Range Communication (DSRC) kalles Basic Safety Message +(BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det +norske Vegvesenet er en av de som ser ut til å kunne tenke seg å +pålegge alle biler å fjerne nok en bit av innbyggernes privatsfære. +Anbefaler alle å lese det som står der. + +<p>Mens jeg tittet litt på DSRC på biler i Norge kom jeg over et sitat +jeg synes er illustrativt for hvordan det offentlige Norge håndterer +problemstillinger rundt innbyggernes privatsfære i SINTEF-rapporten +«<a href="https://www.sintef.no/publikasjoner/publikasjon/Download/?pubid=SINTEF+A23933">Informasjonssikkerhet +i AutoPASS-brikker</a>» av Trond Foss:</p> -<p><blockquote><pre> -#!/bin/sh -set -e -url="http://zeitstempel.dfn.de" -caurl="https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt" -reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq) -resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr) -cafile=chain.txt -if [ ! -f $cafile ] ; then - wget -O $cafile "$caurl" -fi -openssl ts -query -data "$1" -cert | tee "$reqfile" \ - | /usr/lib/ssl/misc/tsget -h "$url" -o "$resfile" -openssl ts -reply -in "$resfile" -text 1>&2 -openssl ts -verify -data "$1" -in "$resfile" -CAfile "$cafile" 1>&2 -base64 < "$resfile" -rm "$reqfile" "$resfile" -</pre></blockquote></p> +<p><blockquote> +«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig + integritet.» +</blockquote></p> -<p>The argument to the script is the file to timestamp, and the output -is a base64 encoded version of the signature to STDOUT and details -about the signature to STDERR. Note that due to -<a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553">a bug -in the tsget script</a>, you might need to modify the included script -and remove the last line. Or just write your own HTTP uploader using -curl. :) Now you too can prove and verify that files have not been -changed.</p> - -<p>But the Internet need more public trusted timestamp services. -Perhaps something for <a href="http://www.uninett.no/">Uninett</a> or -my work place the <a href="http://www.uio.no/">University of Oslo</a> -to set up?</p> +<p>Så enkelt kan det tydeligvis gjøres når en vurderer +informasjonssikkerheten. Det holder vel at folkene på toppen kan si +at «Personvernet er ivaretatt», som jo er den populære intetsigende +frasen som gjør at mange tror enkeltindividers integritet tas vare på. +Sitatet fikk meg til å undres på hvor ofte samme tilnærming, å bare se +bort fra behovet for personlig itegritet, blir valgt når en velger å +legge til rette for nok et inngrep i privatsfæren til personer i +Norge. Det er jo sjelden det får reaksjoner. Historien om +reaksjonene på Helse Sør-Østs tjenesteutsetting er jo sørgelig nok et +unntak og toppen av isfjellet, desverre. Tror jeg fortsatt takker nei +til både AutoPASS og holder meg så langt unna det norske helsevesenet +som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter +individets privatsfære og personlige integritet høyere enn kortsiktig +gevist og samfunnsnytte.</p> - Video DVD reader library / python-dvdvideo - nice free software - http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html - http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html - Fri, 21 Mar 2014 15:25:00 +0100 - <p>Keeping your DVD collection safe from scratches and curious -children fingers while still having it available when you want to see a -movie is not straight forward. My preferred method at the moment is -to store a full copy of the ISO on a hard drive, and use VLC, Popcorn -Hour or other useful players to view the resulting file. This way the -subtitles and bonus material are still available and using the ISO is -just like inserting the original DVD record in the DVD player.</p> - -<p>Earlier I used dd for taking security copies, but it do not handle -DVDs giving read errors (which are quite a few of them). I've also -tried using -<a href="http://people.skolelinux.org/pere/blog/Ripping_problematic_DVDs_using_dvdbackup_and_genisoimage.html">dvdbackup -and genisoimage</a>, but these days I use the marvellous python library -and program -<a href="http://bblank.thinkmo.de/blog/new-software-python-dvdvideo">python-dvdvideo</a> -written by Bastian Blank. It is -<a href="http://packages.qa.debian.org/p/python-dvdvideo.html">in Debian -already</a> and the binary package name is python3-dvdvideo. Instead -of trying to read every block from the DVD, it parses the file -structure and figure out which block on the DVD is actually in used, -and only read those blocks from the DVD. This work surprisingly well, -and I have been able to almost backup my entire DVD collection using -this method.</p> - -<p>So far, python-dvdvideo have failed on between 10 and -20 DVDs, which is a small fraction of my collection. The most common -problem is -<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720831">DVDs -using UTF-16 instead of UTF-8 characters</a>, which according to -Bastian is against the DVD specification (and seem to cause some -players to fail too). A rarer problem is what seem to be inconsistent -DVD structures, as the python library -<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723079">claim -there is a overlap between objects</a>. An equally rare problem claim -<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741878">some -value is out of range</a>. No idea what is going on there. I wish I -knew enough about the DVD format to fix these, to ensure my movie -collection will stay with me in the future.</p> - -<p>So, if you need to keep your DVDs safe, back them up using -python-dvdvideo. :)</p> + Updated sales number for my Free Culture paper editions + http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html + http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html + Mon, 12 Jun 2017 11:40:00 +0200 + <p>It is pleasing to see that the work we put down in publishing new +editions of the classic <a href="http://www.free-culture.cc/">Free +Culture book</a> by the founder of the Creative Commons movement, +Lawrence Lessig, is still being appreciated. I had a look at the +latest sales numbers for the paper edition today. Not too impressive, +but happy to see some buyers still exist. All the revenue from the +books is sent to the <a href="https://creativecommons.org/">Creative +Commons Corporation</a>, and they receive the largest cut if you buy +directly from Lulu. Most books are sold via Amazon, with Ingram +second and only a small fraction directly from Lulu. The ebook +edition is available for free from +<a href="https://github.com/petterreinholdtsen/free-culture-lessig">Github</a>.</p> + +<table border="0"> +<tr><th rowspan="2" valign="bottom">Title / language</th><th colspan="3">Quantity</th></tr> +<tr><th>2016 jan-jun</th><th>2016 jul-dec</th><th>2017 jan-may</th></tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">Culture Libre / French</a></td> + <td align="right">3</td> + <td align="right">6</td> + <td align="right">15</td> +</tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Fri kultur / Norwegian</a></td> + <td align="right">7</td> + <td align="right">1</td> + <td align="right">0</td> +</tr> + +<tr> + <td><a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">Free Culture / English</a></td> + <td align="right">14</td> + <td align="right">27</td> + <td align="right">16</td> +</tr> + +<tr> + <td>Total</td> + <td align="right">24</td> + <td align="right">34</td> + <td align="right">31</td> +</tr> + +</table> + +<p>A bit sad to see the low sales number on the Norwegian edition, and +a bit surprising the English edition still selling so well.</p> + +<p>If you would like to translate and publish the book in your native +language, I would be happy to help make it happen. Please get in +touch.</p> - Norsk utgave av Alaveteli / WhatDoTheyKnow på trappene - http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html - http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html - Sun, 16 Mar 2014 09:30:00 +0100 - <p>Det offentlige Norge har mye kunnskap og informasjon. Men hvordan -kan en få tilgang til den på en enkel måte? Takket være et lite -knippe lover og tilhørende forskrifter, blant annet -<a href="http://lovdata.no/dokument/NL/lov/2006-05-19-16">offentlighetsloven</a>, -<a href="http://lovdata.no/dokument/NL/lov/2003-05-09-31">miljøinformasjonsloven</a> -og -<a href="http://lovdata.no/dokument/NL/lov/1967-02-10/">forvaltningsloven</a> -har en rett til å spørre det offentlige og få svar. Men det finnes -intet offentlig arkiv over hva andre har spurt om, og dermed risikerer en -å måtte forstyrre myndighetene gang på gang for å få tak i samme -informasjonen på nytt. <a href="http://www.mysociety.org/">Britiske -mySociety</a> har laget tjenesten -<a href="http://www.whatdotheyknow.com/">WhatDoTheyKnow</a> som gjør -noe med dette. I Storbritannia blir WhatdoTheyKnow brukt i -<a href="http://www.mysociety.org/2011/07/01/whatdotheyknows-share-of-central-government-foi-requests-q2-2011/">ca -15% av alle innsynsforespørsler mot sentraladministrasjonen</a>. -Prosjektet heter <a href="http://www.alaveteli.org/">Alaveteli</A>, og -er takk i bruk en rekke steder etter at løsningen ble generalisert og -gjort mulig å oversette. Den hjelper borgerne med å be om innsyn, -rådgir ved purringer og klager og lar alle se hvilke henvendelser som -er sendt til det offentlige og hvilke svar som er kommet inn, i et -søkpart arkiv. Her i Norge holder vi i foreningen NUUG på å få opp en -norsk utgave av Alaveteli, og her trenger vi din hjelp med -oversettelsen.</p> - -<p>Så langt er 76 % av Alaveteli oversatt til norsk bokmål, men vi -skulle gjerne vært oppe i 100 % før lansering. Oversettelsen gjøres -på <a href="https://www.transifex.com/projects/p/alaveteli/">Transifex, -der enhver som registrerer seg</a> og ber om tilgang til -bokmålsoversettelsen får bidra. Vi har satt opp en test av tjenesten -(som ikke sender epost til det offentlige, kun til oss som holder på å -sette opp tjenesten) på maskinen -<a href="http://alaveteli-dev.nuug.no/">alaveteli-dev.nuug.no</a>, der -en kan se hvordan de oversatte meldingen blir seende ut på nettsiden. -Når tjenesten lanseres vil den hete -<a href="https://www.mimesbrønn.no/">Mimes brønn</a>, etter -visdomskilden som Odin måtte gi øyet sitt for å få drikke i. Den -nettsiden er er ennå ikke klar til bruk.</p> - -<p>Hvis noen vil oversette til nynorsk også, så skal vi finne ut -hvordan vi lager en flerspråklig tjeneste. Men i første omgang er -fokus på bokmålsoversettelsen, der vi selv har nok peiling til å ha -fått oversatt 76%, men trenger hjelp for å komme helt i mål. :)</p> - - - - - Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine - http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html - http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html - Fri, 14 Mar 2014 11:00:00 +0100 - <p>The <a href="https://wiki.debian.org/FreedomBox">Freedombox -project</a> is working on providing the software and hardware for -making it easy for non-technical people to host their data and -communication at home, and being able to communicate with their -friends and family encrypted and away from prying eyes. It has been -going on for a while, and is slowly progressing towards a new test -release (0.2).</p> - -<p>And what day could be better than the Pi day to announce that the -new version will provide "hard drive" / SD card / USB stick images for -Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization -system), and can also be installed using a Debian installer preseed -file. The Debian based Freedombox is now based on Debian Jessie, -where most of the needed packages used are already present. Only one, -the freedombox-setup package, is missing. To try to build your own -boot image to test the current status, fetch the freedom-maker scripts -and build using -<a href="http://packages.qa.debian.org/vmdebootstrap">vmdebootstrap</a> -with a user with sudo access to become root: - -<pre> -git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \ - freedom-maker -sudo apt-get install git vmdebootstrap mercurial python-docutils \ - mktorrent extlinux virtualbox qemu-user-static binfmt-support \ - u-boot-tools -make -C freedom-maker dreamplug-image raspberry-image virtualbox-image -</pre> - -<p>Root access is needed to run debootstrap and mount loopback -devices. See the README for more details on the build. If you do not -want all three images, trim the make line. But note that thanks to <a -href="https://bugs.debian.org/741407">a race condition in -vmdebootstrap</a>, the build might fail without the patch to the -kpartx call.</p> - -<p>If you instead want to install using a Debian CD and the preseed -method, boot a Debian Wheezy ISO and use this boot argument to load -the preseed values:</p> - -<pre> -url=<a href="http://www.reinholdtsen.name/freedombox/preseed-jessie.dat">http://www.reinholdtsen.name/freedombox/preseed-jessie.dat</a> -</pre> - -<p>But note that due to <a href="https://bugs.debian.org/740673">a -recently introduced bug in apt in Jessie</a>, the installer will -currently hang while setting up APT sources. Killing the -'<tt>apt-cdrom ident</tt>' process when it hang a few times during the -installation will get the installation going. This affect all -installations in Jessie, and I expect it will be fixed soon.</p> - -<p>Give it a go and let us know how it goes on the mailing list, and help -us get the new release published. :) Please join us on -<a href="irc://irc.debian.org:6667/%23freedombox">IRC (#freedombox on -irc.debian.org)</a> and -<a href="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">the -mailing list</a> if you want to help make this vision come true.</p> + Release 0.1.1 of free software archive system Nikita announced + http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html + http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html + Sat, 10 Jun 2017 00:40:00 +0200 + <p>I am very happy to report that the +<a href="https://github.com/hiOA-ABI/nikita-noark5-core">Nikita Noark 5 +core project</a> tagged its second release today. The free software +solution is an implementation of the Norwegian archive standard Noark +5 used by government offices in Norway. These were the changes in +version 0.1.1 since version 0.1.0 (from NEWS.md): + +<ul> + + <li>Continued work on the angularjs GUI, including document upload.</li> + <li>Implemented correspondencepartPerson, correspondencepartUnit and + correspondencepartInternal</li> + <li>Applied for coverity coverage and started submitting code on + regualr basis.</li> + <li>Started fixing bugs reported by coverity</li> + <li>Corrected and completed HATEOAS links to make sure entire API is + available via URLs in _links.</li> + <li>Corrected all relation URLs to use trailing slash.</li> + <li>Add initial support for storing data in ElasticSearch.</li> + <li>Now able to receive and store uploaded files in the archive.</li> + <li>Changed JSON output for object lists to have relations in _links.</li> + <li>Improve JSON output for empty object lists.</li> + <li>Now uses correct MIME type application/vnd.noark5-v4+json.</li> + <li>Added support for docker container images.</li> + <li>Added simple API browser implemented in JavaScript/Angular.</li> + <li>Started on archive client implemented in JavaScript/Angular.</li> + <li>Started on prototype to show the public mail journal.</li> + <li>Improved performance by disabling Sprint FileWatcher.</li> + <li>Added support for 'arkivskaper', 'saksmappe' and 'journalpost'.</li> + <li>Added support for some metadata codelists.</li> + <li>Added support for Cross-origin resource sharing (CORS).</li> + <li>Changed login method from Basic Auth to JSON Web Token (RFC 7519) + style.</li> + <li>Added support for GET-ing ny-* URLs.</li> + <li>Added support for modifying entities using PUT and eTag.</li> + <li>Added support for returning XML output on request.</li> + <li>Removed support for English field and class names, limiting ourself + to the official names.</li> + <li>...</li> + +</ul> + +<p>If this sound interesting to you, please contact us on IRC (#nikita +on irc.freenode.net) or email +(<a href="https://lists.nuug.no/mailman/listinfo/nikita-noark">nikita-noark +mailing list).</p> - How to add extra storage servers in Debian Edu / Skolelinux - http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html - http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html - Wed, 12 Mar 2014 12:50:00 +0100 - <p>On larger sites, it is useful to use a dedicated storage server for -storing user home directories and data. The design for handling this -in <a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a>, is -to update the automount rules in LDAP and let the automount daemon on -the clients take care of the rest. I was reminded about the need to -document this better when one of the customers of -<a href="http://www.slxdrift.no/">Skolelinux Drift AS</a>, where I am -on the board of directors, asked about how to do this. The steps to -get this working are the following:</p> + Idea for storing trusted timestamps in a Noark 5 archive + http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html + http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html + Wed, 7 Jun 2017 21:40:00 +0200 + <p><em>This is a copy of +<a href="https://lists.nuug.no/pipermail/nikita-noark/2017-June/000297.html">an +email I posted to the nikita-noark mailing list</a>. Please follow up +there if you would like to discuss this topic. The background is that +we are making a free software archive system based on the Norwegian +<a href="https://www.arkivverket.no/forvaltning-og-utvikling/regelverk-og-standarder/noark-standarden">Noark +5 standard</a> for government archives.</em></p> + +<p>I've been wondering a bit lately how trusted timestamps could be +stored in Noark 5. +<a href="https://en.wikipedia.org/wiki/Trusted_timestamping">Trusted +timestamps</a> can be used to verify that some information +(document/file/checksum/metadata) have not been changed since a +specific time in the past. This is useful to verify the integrity of +the documents in the archive.</p> + +<p>Then it occured to me, perhaps the trusted timestamps could be +stored as dokument variants (ie dokumentobjekt referered to from +dokumentbeskrivelse) with the filename set to the hash it is +stamping?</p> + +<p>Given a "dokumentbeskrivelse" with an associated "dokumentobjekt", +a new dokumentobjekt is associated with "dokumentbeskrivelse" with the +same attributes as the stamped dokumentobjekt except these +attributes:</p> -<p><ol> - -<li>Add new storage server in DNS. I use nas-server.intern as the -example host here.</li> - -<li>Add automoun LDAP information about this server in LDAP, to allow -all clients to automatically mount it on reqeust.</li> - -<li>Add the relevant entries in tjener.intern:/etc/fstab, because -tjener.intern do not use automount to avoid mounting loops.</li> +<ul> -</ol></p> +<li>format -> "RFC3161" +<li>mimeType -> "application/timestamp-reply" +<li>formatDetaljer -> "&lt;source URL for timestamp service&gt;" +<li>filenavn -> "&lt;sjekksum&gt;.tsr" -<p>DNS entries are added in GOsa², and not described here. Follow the -<a href="https://wiki.debian.org/DebianEdu/Documentation/Wheezy/GettingStarted">instructions -in the manual</a> (Machine Management with GOsa² in section Getting -started).</p> +</ul> -<p>Ensure that the NFS export points on the server are exported to the -relevant subnets or machines:</p> +<p>This assume a service following +<a href="https://tools.ietf.org/html/rfc3161">IETF RFC 3161</a> is +used, which specifiy the given MIME type for replies and the .tsr file +ending for the content of such trusted timestamp. As far as I can +tell from the Noark 5 specifications, it is OK to have several +variants/renderings of a dokument attached to a given +dokumentbeskrivelse objekt. It might be stretching it a bit to make +some of these variants represent crypto-signatures useful for +verifying the document integrity instead of representing the dokument +itself.</p> + +<p>Using the source of the service in formatDetaljer allow several +timestamping services to be used. This is useful to spread the risk +of key compromise over several organisations. It would only be a +problem to trust the timestamps if all of the organisations are +compromised.</p> + +<p>The following oneliner on Linux can be used to generate the tsr +file. $input is the path to the file to checksum, and $sha256 is the +SHA-256 checksum of the file (ie the "<sjekksum>.tsr" value mentioned +above).</p> <p><blockquote><pre> -root@tjener:~# showmount -e nas-server -Export list for nas-server: -/storage 10.0.0.0/8 -root@tjener:~# +openssl ts -query -data "$inputfile" -cert -sha256 -no_nonce \ + | curl -s -H "Content-Type: application/timestamp-query" \ + --data-binary "@-" http://zeitstempel.dfn.de > $sha256.tsr </pre></blockquote></p> -<p>Here everything on the backbone network is granted access to the -/storage export. With NFSv3 it is slightly better to limit it to -netgroup membership or single IP addresses to have some limits on the -NFS access.</p> - -<p>The next step is to update LDAP. This can not be done using GOsa², -because it lack a module for automount. Instead, use ldapvi and add -the required LDAP objects using an editor.</p> +<p>To verify the timestamp, you first need to download the public key +of the trusted timestamp service, for example using this command:</p> <p><blockquote><pre> -ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no +wget -O ca-cert.txt \ + https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt </pre></blockquote></p> -<p>When the editor show up, add the following LDAP objects at the -bottom of the document. The "/&" part in the last LDAP object is a -wild card matching everything the nas-server exports, removing the -need to list individual mount points in LDAP.</p> +<p>Note, the public key should be stored alongside the timestamps in +the archive to make sure it is also available 100 years from now. It +is probably a good idea to standardise how and were to store such +public keys, to make it easier to find for those trying to verify +documents 100 or 1000 years from now. :)</p> + +<p>The verification itself is a simple openssl command:</p> <p><blockquote><pre> -add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no -objectClass: automount -cn: nas-server -automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no - -add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no -objectClass: top -objectClass: automountMap -ou: auto.nas-server - -add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no -objectClass: automount -cn: / -automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/& +openssl ts -verify -data $inputfile -in $sha256.tsr \ + -CAfile ca-cert.txt -text </pre></blockquote></p> -<p>The last step to remember is to mount the relevant mount points in -tjener.intern by adding them to /etc/fstab, creating the mount -directories using mkdir and running "mount -a" to mount them.</p> - -<p>When this is done, your users should be able to access the files on -the storage server directly by just visiting the -/tjener/nas-server/storage/ directory using any application on any -workstation, LTSP client or LTSP server.</p> +<p>Is there any reason this approach would not work? Is it somehow against +the Noark 5 specification?</p> - Hvordan bør RFC 822-formattert epost lagres i en NOARK5-database? - http://people.skolelinux.org/pere/blog/Hvordan_b_r_RFC_822_formattert_epost_lagres_i_en_NOARK5_database_.html - http://people.skolelinux.org/pere/blog/Hvordan_b_r_RFC_822_formattert_epost_lagres_i_en_NOARK5_database_.html - Fri, 7 Mar 2014 15:20:00 +0100 - <p>For noen uker siden ble NXCs fri programvarelisenserte -NOARK5-løsning -<a href="http://www.nuug.no/aktiviteter/20140211-noark/">presentert hos -NUUG</a> (video -<a href="https://www.youtube.com/watch?v=JCb_dNS3MHQ">på youtube -foreløbig</a>), og det fikk meg til å titte litt mer på NOARK5, -standarden for arkivhåndtering i det offentlige Norge. Jeg lurer på -om denne kjernen kan være nyttig i et par av mine prosjekter, og for ett -av dem er det mest aktuelt å lagre epost. Jeg klarte ikke finne noen -anbefaling om hvordan RFC 822-formattert epost (aka Internett-epost) -burde lagres i NOARK5, selv om jeg vet at noen arkiver tar -PDF-utskrift av eposten med sitt epostprogram og så arkiverer PDF-en -(eller enda værre, tar papirutskrift og lagrer bildet av eposten som -PDF i arkivet).</p> - -<p>Det er ikke så mange formater som er akseptert av riksarkivet til -langtidsoppbevaring av offentlige arkiver, og PDF og XML er de mest -aktuelle i så måte. Det slo meg at det måtte da finnes en eller annen -egnet XML-representasjon og at det kanskje var enighet om hvilken som -burde brukes, så jeg tok mot til meg og spurte -<a href="http://samdok.com/">SAMDOK</a>, en gruppe tilknyttet -arkivverket som ser ut til å jobbe med NOARK-samhandling, om de hadde -noen anbefalinger: - -<p><blockquote> -<p>Hei.</p> - -<p>Usikker på om dette er riktig forum å ta opp mitt spørsmål, men jeg -lurer på om det er definert en anbefaling om hvordan RFC -822-formatterte epost (aka vanlig Internet-epost) bør lages håndteres -i NOARK5, slik at en bevarer all informasjon i eposten -(f.eks. Received-linjer). Finnes det en anbefalt XML-mapping ala den -som beskrives på -&lt;URL: <a href="https://www.informit.com/articles/article.aspx?p=32074">https://www.informit.com/articles/article.aspx?p=32074</a> &gt;? Mitt -mål er at det skal være mulig å lagre eposten i en NOARK5-kjerne og -kunne få ut en identisk formattert kopi av opprinnelig epost ved -behov.</p> -</blockquote></p> - -<p>Postmottaker hos SAMDOK mente spørsmålet heller burde stilles -direkte til riksarkivet, og jeg fikk i dag svar derfra formulert av -seniorrådgiver Geir Ivar Tungesvik:</p> + Når nynorskoversettelsen svikter til eksamen... + http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html + http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html + Sat, 3 Jun 2017 08:20:00 +0200 + <p><a href="http://www.aftenposten.no/norge/Krever-at-elever-ma-fa-annullert-eksamen-etter-rot-med-oppgavetekster-622459b.html">Aftenposten +melder i dag</a> om feil i eksamensoppgavene for eksamen i politikk og +menneskerettigheter, der teksten i bokmåls og nynorskutgaven ikke var +like. Oppgaveteksten er gjengitt i artikkelen, og jeg ble nysgjerring +på om den fri oversetterløsningen +<a href="https://www.apertium.org/">Apertium</a> ville gjort en bedre +jobb enn Utdanningsdirektoratet. Det kan se slik ut.</p> + +<p>Her er bokmålsoppgaven fra eksamenen:</p> + +<blockquote> +<p>Drøft utfordringene knyttet til nasjonalstatenes og andre aktørers +rolle og muligheter til å håndtere internasjonale utfordringer, som +for eksempel flykningekrisen.</p> + +<p>Vedlegge er eksempler på tekster som kan gi relevante perspektiver +på temaet:</p> +<ol> +<li>Flykningeregnskapet 2016, UNHCR og IDMC +<li>«Grenseløst Europa for fall» A-Magasinet, 26. november 2015 +</ol> + +</blockquote> + +<p>Dette oversetter Apertium slik:</p> + +<blockquote> +<p>Drøft utfordringane knytte til nasjonalstatane sine og rolla til +andre aktørar og høve til å handtera internasjonale utfordringar, som +til dømes *flykningekrisen.</p> + +<p>Vedleggja er døme på tekster som kan gje relevante perspektiv på +temaet:</p> + +<ol> +<li>*Flykningeregnskapet 2016, *UNHCR og *IDMC</li> +<li>«*Grenseløst Europa for fall» A-Magasinet, 26. november 2015</li> +</ol> + +</blockquote> + +<p>Ord som ikke ble forstått er markert med stjerne (*), og trenger +ekstra språksjekk. Men ingen ord er forsvunnet, slik det var i +oppgaven elevene fikk presentert på eksamen. Jeg mistenker dog at +"andre aktørers rolle og muligheter til ..." burde vært oversatt til +"rolla til andre aktørar og deira høve til ..." eller noe slikt, men +det er kanskje flisespikking. Det understreker vel bare at det alltid +trengs korrekturlesning etter automatisk oversettelse.</p> + + + + + Epost inn som arkivformat i Riksarkivarens forskrift? + http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html + http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html + Thu, 27 Apr 2017 11:30:00 +0200 + <p>I disse dager, med frist 1. mai, har Riksarkivaren ute en høring på +sin forskrift. Som en kan se er det ikke mye tid igjen før fristen +som går ut på søndag. Denne forskriften er det som lister opp hvilke +formater det er greit å arkivere i +<a href="http://www.arkivverket.no/arkivverket/Offentleg-forvalting/Noark/Noark-5">Noark +5-løsninger</a> i Norge.</p> + +<p>Jeg fant høringsdokumentene hos +<a href="https://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing">Norsk +Arkivråd</a> etter å ha blitt tipset på epostlisten til +<a href="https://github.com/hiOA-ABI/nikita-noark5-core">fri +programvareprosjektet Nikita Noark5-Core</a>, som lager et Noark 5 +Tjenestegresesnitt. Jeg er involvert i Nikita-prosjektet og takket +være min interesse for tjenestegrensesnittsprosjektet har jeg lest en +god del Noark 5-relaterte dokumenter, og til min overraskelse oppdaget +at standard epost ikke er på listen over godkjente formater som kan +arkiveres. Høringen med frist søndag er en glimrende mulighet til å +forsøke å gjøre noe med det. Jeg holder på med +<a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/hoering-arkivforskrift.tex">egen +høringsuttalelse</a>, og lurer på om andre er interessert i å støtte +forslaget om å tillate arkivering av epost som epost i arkivet.</p> + +<p>Er du igang med å skrive egen høringsuttalelse allerede? I så fall +kan du jo vurdere å ta med en formulering om epost-lagring. Jeg tror +ikke det trengs så mye. Her et kort forslag til tekst:</p> <p><blockquote> -<p>Riksarkivet har ingen anbefalinger når det gjelder konvertering fra -e-post til XML. Det står arkivskaper fritt å eventuelt definere/bruke -eget format. Inklusive da - som det spørres om - et format der det er -mulig å re-etablere e-post format ut fra XML-en. XML (e-post) -dokumenter må være referert i arkivstrukturen, og det må vedlegges et -gyldig XML skjema (.xsd) for XML-filene. Arkivskaper står altså fritt -til å gjøre hva de vil, bare det dokumenteres og det kan dannes et -utrekk ved avlevering til depot.</p> - -<p>De obligatoriske kravene i Noark 5 standarden må altså oppfylles - -etter dialog med Riksarkivet i forbindelse med godkjenning. For -offentlige arkiv er det særlig viktig med filene loependeJournal.xml -og offentligJournal.xml. Private arkiv som vil forholde seg til Noark -5 standarden er selvsagt frie til å bruke det som er relevant for dem -av obligatoriske krav.</p> -</blockquote></p> -<p>Det ser dermed ut for meg som om det er et lite behov for å -standardisere XML-lagring av RFC-822-formatterte meldinger. Noen som -vet om god spesifikasjon i så måte? I tillegg til den omtalt over, -har jeg kommet over flere aktuelle beskrivelser (søk på "rfc 822 -xml", så finner du aktuelle alternativer).</p> + <p>Viser til høring sendt ut 2017-02-17 (Riksarkivarens referanse + 2016/9840 HELHJO), og tillater oss å sende inn noen innspill om + revisjon av Forskrift om utfyllende tekniske og arkivfaglige + bestemmelser om behandling av offentlige arkiver (Riksarkivarens + forskrift).</p> -<ul> - -<li><a href="http://www.openhealth.org/xmtp/">XML MIME Transformation -protocol (XMTP)</a> fra OpenHealth, sist oppdatert 2001.</li> - -<li><a href="https://tools.ietf.org/html/draft-klyne-message-rfc822-xml-03">An -XML format for mail and other messages</a> utkast fra IETF datert -2001.</li> + <p>Svært mye av vår kommuikasjon foregår i dag på e-post.  Vi + foreslår derfor at Internett-e-post, slik det er beskrevet i IETF + RFC 5322, + <a href="https://tools.ietf.org/html/rfc5322">https://tools.ietf.org/html/rfc5322</a>. bør + inn som godkjent dokumentformat.  Vi foreslår at forskriftens + oversikt over godkjente dokumentformater ved innlevering i § 5-16 + endres til å ta med Internett-e-post.</p> -<li><a href="http://www.informit.com/articles/article.aspx?p=32074">xMail: -E-mail as XML</a> en artikkel fra 2003 som beskriver python-modulen -rfc822 som gir ut XML-representasjon av en RFC 822-formattert epost.</li> +</blockquote></p> -</ul> +<p>Som del av arbeidet med tjenestegrensesnitt har vi testet hvordan +epost kan lagres i en Noark 5-struktur, og holder på å skrive et +forslag om hvordan dette kan gjøres som vil bli sendt over til +arkivverket så snart det er ferdig. De som er interesserte kan +<a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/epostlagring.md">følge +fremdriften på web</a>.</p> -<p>Finnes det andre og bedre spesifikasjoner for slik lagring? Send -meg en epost hvis du har innspill.</p> +<p>Oppdatering 2017-04-28: I dag ble høringuttalelsen jeg skrev + <a href="https://www.nuug.no/news/NUUGs_h_ringuttalelse_til_Riksarkivarens_forskrift.shtml">sendt + inn av foreningen NUUG</a>.</p> - Lenker for 2014-02-28 - http://people.skolelinux.org/pere/blog/Lenker_for_2014_02_28.html - http://people.skolelinux.org/pere/blog/Lenker_for_2014_02_28.html - Fri, 28 Feb 2014 13:30:00 +0100 - <p>Her er noen lenker til tekster jeg har satt pris på å lese de siste -månedene. Det er mye om varsleren Edward Snowden, som burde få all -hjelp, støtte og beskyttelse Norge kan stille opp med for å ha satt -totalitær overvåkning på sakskartet, men også endel annet -tankevekkende og interessant.</p> - -<ul> - -<li>2013-12-21 -<a href="http://www.dagbladet.no/2013/12/21/nyheter/thomas_drake/nsa/overvakning/snowden/30925886/">- -NSA tenker som Stasi</a> - Dagbladet.no</li> - -<li>2013-12-19 <a href="http://www.dagensit.no/article2732734.ece">- -Staten har ikke rett til å vite alt om deg</a> - DN.no</li> - -<li>2013-12-21 -<a href="http://www.dagbladet.no/2013/12/21/nyheter/krig_og_konflikter/politikk/utenriks/30961126/">Nye -mål for NSAs spionasje avslørt</a> - Dagbladet.no</li> - -<li>2013-12-19 -<a href="http://www.dagbladet.no/2013/12/19/nyheter/nsa/usa/politikk/barack_obama/30918684/">«NSA -bør fjernes fra sin makt til å samle inn metadata fra amerikanske -telefonsamtaler»</a> - Dagbladet.no</li> - -<li>2013-12-18 -<a href="http://www.dagbladet.no/2013/12/18/kultur/meninger/hovedkronikk/debatt/snowden/30901089/">Etterretning, -overvåking, frihet og sikkerhet</a> - Dagbladet.no</li> - -<li>2013-12-17 -<a href="http://www.nrk.no/verden/snowden-vil-ha-asyl-i-brasil-1.11423444">Snowden -angriper USA i åpent brev</a> - nrk.no</li> - -<li>2013-12-17 -<a href="http://www.digi.no/925820/rettslig-nederlag-for-etterretning">Rettslig -nederlag for etterretning</a> - digi.no</li> - -<li>2013-12-21 -<a href="http://www.dagbladet.no/2013/12/21/kultur/meninger/hovedkommentar/kommentar/etterretning/30963284/">Truende -nedkjøling</a> - dagbladet.no</li> - -<li>2013-12-20 -<a href="http://www.aftenposten.no/viten/Matematikk-og-forstaelse-7411849.html">Matematikk -og forståelse</a> - aftenposten.no</li> - -<li>2013-10-20 -<a href="http://www.nrk.no/viten/ny-studie_sovn-reinser-hjernen-var-1.11306106">Vi -søv for å reinse hjernen vår, ifølgje ny studie</a> - nrk.no</li> - -<li>2013-12-11 -<a href="http://www.nrk.no/buskerud/julebaksten-i-vasken-1.11410033">Rotterace -i kloakken</a> - nrk.no</li> - -<li>2013-12-30 -<a href="http://www.aftenposten.no/viten/Apne-brev-og-frie-tanker-7413734.html">Åpne -brev og frie tanker</a> - aftenposten.no</li> - -<li>2014-01-12 -<a href="http://www.aftenposten.no/viten/Stopp-kunnskapsapartheidet-7428229.html">Stopp dagens kunnskapsapartheid!</a> - aftenposten.no</li> - -<li>2014-01-09 -<a href="http://www.aftenposten.no/nyheter/uriks/EU-rapport-Britisk-og-amerikansk-overvaking-ser-ut-til-a-vare-ulovlig-7428933.html">EU-rapport: -Britisk og amerikansk overvåking ser ut til å være ulovlig</a> - -aftenposten.no</li> - -<li>2013-10-23 Professor Jan Arild Audestad -<a href="http://www.digi.no/924008/advarer-mot-konspirasjonsteori">Advarer -mot konspirasjonsteori</a> i digi.no og sier han ikke tror NSA kan -avlytte mobiltelefoner, mens han noen måneder senere forteller:</li> - -<li>2014-01-09 -<a href="http://www.aftenposten.no/nyheter/iriks/--Vi-ble-presset-til-a-svekke-mobilsikkerheten-pa-80-tallet-7410467.html">- -Vi ble presset til å svekke mobilsikkerheten på 80-tallet</a> - -aftenposten.no</li> - -<li>2014-02-12 -<a href="http://tv.nrk.no/program/koid20005814/et-moete-med-edward-snowden">Et -møte med Edward Snowden</a> - intervju sendt av nrk, tilgjengelig til -2015-01-31</li> - -<li>2014-02-17 -<a href="http://politiken.dk/debat/profiler/jessteinpedersen/ECE2210356/litteraturredaktoeren-helle-thornings-tavshed-om-snowden-er-en-skandale/">Litteraturredaktøren: -Helle Thornings tavshed om Snowden er en skandale</a> - -politiken.dk</li> - -<li>2014-02-21 -<a href="http://www.aftenposten.no/meninger/kronikker/Bra-a-ha-en-Storebror-7476734.html">Bra å ha en «Storebror»</a> - aftenposten.no</li> - -<li>2014-02-28 -<a href="http://johnchristianelden.blogg.no/1393536806_narkotikasiktet_stort.html">"Narkotikasiktet -Stortingsmann" - Spillet bak kulissene</a> - John Christian Eldens -blogg</li> + Offentlig elektronisk postjournal blokkerer tilgang for utvalgte webklienter + http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html + http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html + Thu, 20 Apr 2017 13:00:00 +0200 + <p>Jeg oppdaget i dag at <a href="https://www.oep.no/">nettstedet som +publiserer offentlige postjournaler fra statlige etater</a>, OEP, har +begynt å blokkerer enkelte typer webklienter fra å få tilgang. Vet +ikke hvor mange det gjelder, men det gjelder i hvert fall libwww-perl +og curl. For å teste selv, kjør følgende:</p> + +<blockquote><pre> +% curl -v -s https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP' +< HTTP/1.1 404 Not Found +% curl -v -s --header 'User-Agent:Opera/12.0' https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP' +< HTTP/1.1 200 OK +% +</pre></blockquote> + +<p>Her kan en se at tjenesten gir «404 Not Found» for curl i +standardoppsettet, mens den gir «200 OK» hvis curl hevder å være Opera +versjon 12.0. Offentlig elektronisk postjournal startet blokkeringen +2017-03-02.</p> + +<p>Blokkeringen vil gjøre det litt vanskeligere å maskinelt hente +informasjon fra oep.no. Kan blokkeringen være gjort for å hindre +automatisert innsamling av informasjon fra OEP, slik Pressens +Offentlighetsutvalg gjorde for å dokumentere hvordan departementene +hindrer innsyn i +<a href="http://presse.no/dette-mener-np/undergraver-offentlighetsloven/">rapporten +«Slik hindrer departementer innsyn» som ble publiserte i januar +2017</a>. Det virker usannsynlig, da det jo er trivielt å bytte +User-Agent til noe nytt.</p> + +<p>Finnes det juridisk grunnlag for det offentlige å diskriminere +webklienter slik det gjøres her? Der tilgang gis eller ikke alt etter +hva klienten sier at den heter? Da OEP eies av DIFI og driftes av +Basefarm, finnes det kanskje noen dokumenter sendt mellom disse to +aktørene man kan be om innsyn i for å forstå hva som har skjedd. Men +<a href="https://www.oep.no/search/result.html?period=dateRange&fromDate=01.01.2016&toDate=01.04.2017&dateType=documentDate&caseDescription=&descType=both&caseNumber=&documentNumber=&sender=basefarm&senderType=both&documentType=all&legalAuthority=&archiveCode=&list2=196&searchType=advanced&Search=Search+in+records">postjournalen +til DIFI viser kun to dokumenter</a> det siste året mellom DIFI og +Basefarm. +<a href="https://www.mimesbronn.no/request/blokkering_av_tilgang_til_oep_fo">Mimes brønn neste</a>, +tenker jeg.</p> + + + + + Free software archive system Nikita now able to store documents + http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html + http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html + Sun, 19 Mar 2017 08:00:00 +0100 + <p>The <a href="https://github.com/hiOA-ABI/nikita-noark5-core">Nikita +Noark 5 core project</a> is implementing the Norwegian standard for +keeping an electronic archive of government documents. +<a href="http://www.arkivverket.no/arkivverket/Offentlig-forvaltning/Noark/Noark-5/English-version">The +Noark 5 standard</a> document the requirement for data systems used by +the archives in the Norwegian government, and the Noark 5 web interface +specification document a REST web service for storing, searching and +retrieving documents and metadata in such archive. I've been involved +in the project since a few weeks before Christmas, when the Norwegian +Unix User Group +<a href="https://www.nuug.no/news/NOARK5_kjerne_som_fri_programvare_f_r_epostliste_hos_NUUG.shtml">announced +it supported the project</a>. I believe this is an important project, +and hope it can make it possible for the government archives in the +future to use free software to keep the archives we citizens depend +on. But as I do not hold such archive myself, personally my first use +case is to store and analyse public mail journal metadata published +from the government. I find it useful to have a clear use case in +mind when developing, to make sure the system scratches one of my +itches.</p> + +<p>If you would like to help make sure there is a free software +alternatives for the archives, please join our IRC channel +(<a href="irc://irc.freenode.net/%23nikita"">#nikita on +irc.freenode.net</a>) and +<a href="https://lists.nuug.no/mailman/listinfo/nikita-noark">the +project mailing list</a>.</p> + +<p>When I got involved, the web service could store metadata about +documents. But a few weeks ago, a new milestone was reached when it +became possible to store full text documents too. Yesterday, I +completed an implementation of a command line tool +<tt>archive-pdf</tt> to upload a PDF file to the archive using this +API. The tool is very simple at the moment, and find existing +<a href="https://en.wikipedia.org/wiki/Fonds">fonds</a>, series and +files while asking the user to select which one to use if more than +one exist. Once a file is identified, the PDF is associated with the +file and uploaded, using the title extracted from the PDF itself. The +process is fairly similar to visiting the archive, opening a cabinet, +locating a file and storing a piece of paper in the archive. Here is +a test run directly after populating the database with test data using +our API tester:</p> -<li>2014-02-28 -<a href="http://www.aftenposten.no/meninger/Heksejakt-pa-hasjbrukere-7486283.html">Heksejakt -på hasjbrukere</a> - aftenposten.no</li> +<p><blockquote><pre> +~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf +using arkiv: Title of the test fonds created 2017-03-18T23:49:32.103446 +using arkivdel: Title of the test series created 2017-03-18T23:49:32.103446 + + 0 - Title of the test case file created 2017-03-18T23:49:32.103446 + 1 - Title of the test file created 2017-03-18T23:49:32.103446 +Select which mappe you want (or search term): 0 +Uploading mangelmelding/mangler.pdf + PDF title: Mangler i spesifikasjonsdokumentet for NOARK 5 Tjenestegrensesnitt + File 2017/1: Title of the test case file created 2017-03-18T23:49:32.103446 +~/src//noark5-tester$ +</pre></blockquote></p> -</ul> +<p>You can see here how the fonds (arkiv) and serie (arkivdel) only had +one option, while the user need to choose which file (mappe) to use +among the two created by the API tester. The <tt>archive-pdf</tt> +tool can be found in the git repository for the API tester.</p> + +<p>In the project, I have been mostly working on +<a href="https://github.com/petterreinholdtsen/noark5-tester">the API +tester</a> so far, while getting to know the code base. The API +tester currently use +<a href="https://en.wikipedia.org/wiki/HATEOAS">the HATEOAS links</a> +to traverse the entire exposed service API and verify that the exposed +operations and objects match the specification, as well as trying to +create objects holding metadata and uploading a simple XML file to +store. The tester has proved very useful for finding flaws in our +implementation, as well as flaws in the reference site and the +specification.</p> + +<p>The test document I uploaded is a summary of all the specification +defects we have collected so far while implementing the web service. +There are several unclear and conflicting parts of the specification, +and we have +<a href="https://github.com/petterreinholdtsen/noark5-tester/tree/master/mangelmelding">started +writing down</a> the questions we get from implementing it. We use a +format inspired by how <a href="http://www.opengroup.org/austin/">The +Austin Group</a> collect defect reports for the POSIX standard with +<a href="http://www.opengroup.org/austin/mantis.html">their +instructions for the MANTIS defect tracker system</a>, in lack of an official way to structure defect reports for Noark 5 (our first submitted defect report was a <a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/mangelmelding/sendt/2017-03-15-mangel-prosess.md">request for a procedure for submitting defect reports</a> :). + +<p>The Nikita project is implemented using Java and Spring, and is +fairly easy to get up and running using Docker containers for those +that want to test the current code base. The API tester is +implemented in Python.</p>