X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/ac8c47a23c0bfb4fea0f160f02413eefa5ee5812..541506f8b882c39e352573e909b0bff09b735191:/blog/index.rss diff --git a/blog/index.rss b/blog/index.rss index d488b9f59f..2b3c45abc9 100644 --- a/blog/index.rss +++ b/blog/index.rss @@ -6,6 +6,383 @@ http://people.skolelinux.org/pere/blog/ + + Generating 3D prints in Debian using Cura and Slic3r(-prusa) + http://people.skolelinux.org/pere/blog/Generating_3D_prints_in_Debian_using_Cura_and_Slic3r__prusa_.html + http://people.skolelinux.org/pere/blog/Generating_3D_prints_in_Debian_using_Cura_and_Slic3r__prusa_.html + Mon, 9 Oct 2017 10:50:00 +0200 + <p>At my nearby maker space, +<a href="http://sonen.ifi.uio.no/">Sonen</a>, I heard the story that it +was easier to generate gcode files for theyr 3D printers (Ultimake 2+) +on Windows and MacOS X than Linux, because the software involved had +to be manually compiled and set up on Linux while premade packages +worked out of the box on Windows and MacOS X. I found this annoying, +as the software involved, +<a href="https://github.com/Ultimaker/Cura">Cura</a>, is free software +and should be trivial to get up and running on Linux if someone took +the time to package it for the relevant distributions. I even found +<a href="https://bugs.debian.org/706656">a request for adding into +Debian</a> from 2013, which had seem some activity over the years but +never resulted in the software showing up in Debian. So a few days +ago I offered my help to try to improve the situation.</p> + +<p>Now I am very happy to see that all the packages required by a +working Cura in Debian are uploaded into Debian and waiting in the NEW +queue for the ftpmasters to have a look. You can track the progress +on +<a href="https://qa.debian.org/developer.php?email=3dprinter-general%40lists.alioth.debian.org">the +status page for the 3D printer team</a>.</p> + +<p>The uploaded packages are a bit behind upstream, and was uploaded +now to get slots in <a href="https://ftp-master.debian.org/new.html">the NEW +queue</a> while we work up updating the packages to the latest +upstream version.</p> + +<p>On a related note, two competitors for Cura, which I found harder +to use and was unable to configure correctly for Ultimaker 2+ in the +short time I spent on it, are already in Debian. If you are looking +for 3D printer "slicers" and want something already available in +Debian, check out +<a href="https://tracker.debian.org/pkg/slic3r">slic3r</a> and +<a href="https://tracker.debian.org/pkg/slic3r-prusa">slic3r-prusa</a>. +The latter is a fork of the former.</p> + + + + + Mangler du en skrue, eller har du en skrue løs? + http://people.skolelinux.org/pere/blog/Mangler_du_en_skrue__eller_har_du_en_skrue_l_s_.html + http://people.skolelinux.org/pere/blog/Mangler_du_en_skrue__eller_har_du_en_skrue_l_s_.html + Wed, 4 Oct 2017 09:40:00 +0200 + Når jeg holder på med ulike prosjekter, så trenger jeg stadig ulike +skruer. Det siste prosjektet jeg holder på med er å lage +<a href="https://www.thingiverse.com/thing:676916">en boks til en +HDMI-touch-skjerm</a> som skal brukes med Raspberry Pi. Boksen settes +sammen med skruer og bolter, og jeg har vært i tvil om hvor jeg kan +få tak i de riktige skruene. Clas Ohlson og Jernia i nærheten har +sjelden hatt det jeg trenger. Men her om dagen fikk jeg et fantastisk +tips for oss som bor i Oslo. +<a href="http://www.zachskruer.no/">Zachariassen Jernvare AS</a> i +<a href="http://www.openstreetmap.org/?mlat=59.93421&mlon=10.76795#map=19/59.93421/10.76795">Hegermannsgate +23A på Torshov</a> har et fantastisk utvalg, og åpent mellom 09:00 og +17:00. De selger skruer, muttere, bolter, skiver etc i løs vekt, og +så langt har jeg fått alt jeg har lett etter. De har i tillegg det +meste av annen jernvare, som verktøy, lamper, ledninger, etc. Jeg +håper de har nok kunder til å holde det gående lenge, da dette er en +butikk jeg kommer til å besøke ofte. Butikken er et funn å ha i +nabolaget for oss som liker å bygge litt selv. :)</p> + + + + + Visualizing GSM radio chatter using gr-gsm and Hopglass + http://people.skolelinux.org/pere/blog/Visualizing_GSM_radio_chatter_using_gr_gsm_and_Hopglass.html + http://people.skolelinux.org/pere/blog/Visualizing_GSM_radio_chatter_using_gr_gsm_and_Hopglass.html + Fri, 29 Sep 2017 10:30:00 +0200 + <p>Every mobile phone announce its existence over radio to the nearby +mobile cell towers. And this radio chatter is available for anyone +with a radio receiver capable of receiving them. Details about the +mobile phones with very good accuracy is of course collected by the +phone companies, but this is not the topic of this blog post. The +mobile phone radio chatter make it possible to figure out when a cell +phone is nearby, as it include the SIM card ID (IMSI). By paying +attention over time, one can see when a phone arrive and when it leave +an area. I believe it would be nice to make this information more +available to the general public, to make more people aware of how +their phones are announcing their whereabouts to anyone that care to +listen.</p> + +<p>I am very happy to report that we managed to get something +visualizing this information up and running for +<a href="http://norwaymakers.org/osf17">Oslo Skaperfestival 2017</a> +(Oslo Makers Festival) taking place today and tomorrow at Deichmanske +library. The solution is based on the +<a href="http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html">simple +recipe for listening to GSM chatter</a> I posted a few days ago, and +will show up at the stand of <a href="http://sonen.ifi.uio.no/">Åpen +Sone from the Computer Science department of the University of +Oslo</a>. The presentation will show the nearby mobile phones (aka +IMSIs) as dots in a web browser graph, with lines to the dot +representing mobile base station it is talking to. It was working in +the lab yesterday, and was moved into place this morning.</p> + +<p>We set up a fairly powerful desktop machine using Debian +Buster/Testing with several (five, I believe) RTL2838 DVB-T receivers +connected and visualize the visible cell phone towers using an +<a href="https://github.com/marlow925/hopglass">English version of +Hopglass</a>. A fairly powerfull machine is needed as the +grgsm_livemon_headless processes from +<a href="https://tracker.debian.org/pkg/gr-gsm">gr-gsm</a> converting +the radio signal to data packages is quite CPU intensive.</p> + +<p>The frequencies to listen to, are identified using a slightly +patched scan-and-livemon (to set the --args values for each receiver), +and the Hopglass data is generated using the +<a href="https://github.com/petterreinholdtsen/IMSI-catcher/tree/meshviewer-output">patches +in my meshviewer-output branch</a>. For some reason we could not get +more than four SDRs working. There is also a geographical map trying +to show the location of the base stations, but I believe their +coordinates are hardcoded to some random location in Germany, I +believe. The code should be replaced with code to look up location in +a text file, a sqlite database or one of the online databases +mentioned in +<a href="https://github.com/Oros42/IMSI-catcher/issues/14">the github +issue for the topic</a>. + +<p>If this sound interesting, visit the stand at the festival!</p> + + + + + Easier recipe to observe the cell phones around you + http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html + http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html + Sun, 24 Sep 2017 08:30:00 +0200 + <p>A little more than a month ago I wrote +<a href="http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html">how +to observe the SIM card ID (aka IMSI number) of mobile phones talking +to nearby mobile phone base stations using Debian GNU/Linux and a +cheap USB software defined radio</a>, and thus being able to pinpoint +the location of people and equipment (like cars and trains) with an +accuracy of a few kilometer. Since then we have worked to make the +procedure even simpler, and it is now possible to do this without any +manual frequency tuning and without building your own packages.</p> + +<p>The <a href="https://tracker.debian.org/pkg/gr-gsm">gr-gsm</a> +package is now included in Debian testing and unstable, and the +IMSI-catcher code no longer require root access to fetch and decode +the GSM data collected using gr-gsm.</p> + +<p>Here is an updated recipe, using packages built by Debian and a git +clone of two python scripts:</p> + +<ol> + +<li>Start with a Debian machine running the Buster version (aka + testing).</li> + +<li>Run '<tt>apt install gr-gsm python-numpy python-scipy + python-scapy</tt>' as root to install required packages.</li> + +<li>Fetch the code decoding GSM packages using '<tt>git clone + github.com/Oros42/IMSI-catcher.git</tt>'.</li> + +<li>Insert USB software defined radio supported by GNU Radio.</li> + +<li>Enter the IMSI-catcher directory and run '<tt>python + scan-and-livemon</tt>' to locate the frequency of nearby base + stations and start listening for GSM packages on one of them.</li> + +<li>Enter the IMSI-catcher directory and run '<tt>python + simple_IMSI-catcher.py</tt>' to display the collected information.</li> + +</ol> + +<p>Note, due to a bug somewhere the scan-and-livemon program (actually +<a href="https://github.com/ptrkrysik/gr-gsm/issues/336">its underlying +program grgsm_scanner</a>) do not work with the HackRF radio. It does +work with RTL 8232 and other similar USB radio receivers you can get +very cheaply +(<a href="https://www.ebay.com/sch/items/?_nkw=rtl+2832">for example +from ebay</a>), so for now the solution is to scan using the RTL radio +and only use HackRF for fetching GSM data.</p> + +<p>As far as I can tell, a cell phone only show up on one of the +frequencies at the time, so if you are going to track and count every +cell phone around you, you need to listen to all the frequencies used. +To listen to several frequencies, use the --numrecv argument to +scan-and-livemon to use several receivers. Further, I am not sure if +phones using 3G or 4G will show as talking GSM to base stations, so +this approach might not see all phones around you. I typically see +0-400 IMSI numbers an hour when looking around where I live.</p> + +<p>I've tried to run the scanner on a +<a href="https://wiki.debian.org/RaspberryPi">Raspberry Pi 2 and 3 +running Debian Buster</a>, but the grgsm_livemon_headless process seem +to be too CPU intensive to keep up. When GNU Radio print 'O' to +stdout, I am told there it is caused by a buffer overflow between the +radio and GNU Radio, caused by the program being unable to read the +GSM data fast enough. If you see a stream of 'O's from the terminal +where you started scan-and-livemon, you need a give the process more +CPU power. Perhaps someone are able to optimize the code to a point +where it become possible to set up RPi3 based GSM sniffers? I tried +using Raspbian instead of Debian, but there seem to be something wrong +with GNU Radio on raspbian, causing glibc to abort().</p> + + + + + Datalagringsdirektivet kaster skygger over Høyre og Arbeiderpartiet + http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html + http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html + Thu, 7 Sep 2017 21:35:00 +0200 + <p>For noen dager siden publiserte Jon Wessel-Aas en bloggpost om +«<a href="http://www.uhuru.biz/?p=1821">Konklusjonen om datalagring som +EU-kommisjonen ikke ville at vi skulle få se</a>». Det er en +interessant gjennomgang av EU-domstolens syn på snurpenotovervåkning +av befolkningen, som er klar på at det er i strid med +EU-lovgivingen.</p> + +<p>Valgkampen går for fullt i Norge, og om noen få dager er siste +frist for å avgi stemme. En ting er sikkert, Høyre og Arbeiderpartiet +får ikke min stemme +<a href="http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_gj_r_at_Oslo_H_yre_og_Arbeiderparti_ikke_f_r_min_stemme_i__r.html">denne +gangen heller</a>. Jeg har ikke glemt at de tvang igjennom loven som +skulle pålegge alle data- og teletjenesteleverandører å overvåke alle +sine kunder. En lov som er vedtatt, og aldri opphevet igjen.</p> + +<p>Det er tydelig fra diskusjonen rundt grenseløs digital overvåkning +(eller "Digital Grenseforsvar" som det kalles i Orvellisk nytale) at +hverken Høyre og Arbeiderpartiet har noen prinsipielle sperrer mot å +overvåke hele befolkningen, og diskusjonen så langt tyder på at flere +av de andre partiene heller ikke har det. Mange av +<a href="https://data.holderdeord.no/votes/1301946411e">de som stemte +for Datalagringsdirektivet i Stortinget</a> (64 fra Arbeiderpartiet, +25 fra Høyre) er fortsatt aktive og argumenterer fortsatt for å radere +vekk mer av innbyggernes privatsfære.</p> + +<p>Når myndighetene demonstrerer sin mistillit til folket, tror jeg +folket selv bør legge litt innsats i å verne sitt privatliv, ved å ta +i bruk ende-til-ende-kryptert kommunikasjon med sine kjente og kjære, +og begrense hvor mye privat informasjon som deles med uvedkommende. +Det er jo ingenting som tyder på at myndighetene kommer til å være vår +privatsfære. +<a href="http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html">Det +er mange muligheter</a>. Selv har jeg litt sans for +<a href="https://ring.cx/">Ring</a>, som er basert på p2p-teknologi +uten sentral kontroll, er fri programvare, og støtter meldinger, tale +og video. Systemet er tilgjengelig ut av boksen fra +<a href="https://tracker.debian.org/pkg/ring">Debian</a> og +<a href="https://launchpad.net/ubuntu/+source/ring">Ubuntu</a>, og det +finnes pakker for Android, MacOSX og Windows. Foreløpig er det få +brukere med Ring, slik at jeg også bruker +<a href="https://signal.org/">Signal</a> som nettleserutvidelse.</p> + + + + + Simpler recipe on how to make a simple $7 IMSI Catcher using Debian + http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html + http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html + Wed, 9 Aug 2017 23:59:00 +0200 + <p>On friday, I came across an interesting article in the Norwegian +web based ICT news magazine digi.no on +<a href="https://www.digi.no/artikler/sikkerhetsforsker-lagde-enkel-imsi-catcher-for-60-kroner-na-kan-mobiler-kartlegges-av-alle/398588">how +to collect the IMSI numbers of nearby cell phones</a> using the cheap +DVB-T software defined radios. The article refered to instructions +and <a href="https://www.youtube.com/watch?v=UjwgNd_as30">a recipe by +Keld Norman on Youtube on how to make a simple $7 IMSI Catcher</a>, and I decided to test them out.</p> + +<p>The instructions said to use Ubuntu, install pip using apt (to +bypass apt), use pip to install pybombs (to bypass both apt and pip), +and the ask pybombs to fetch and build everything you need from +scratch. I wanted to see if I could do the same on the most recent +Debian packages, but this did not work because pybombs tried to build +stuff that no longer build with the most recent openssl library or +some other version skew problem. While trying to get this recipe +working, I learned that the apt->pip->pybombs route was a long detour, +and the only piece of software dependency missing in Debian was the +gr-gsm package. I also found out that the lead upstream developer of +gr-gsm (the name stand for GNU Radio GSM) project already had a set of +Debian packages provided in an Ubuntu PPA repository. All I needed to +do was to dget the Debian source package and built it.</p> + +<p>The IMSI collector is a python script listening for packages on the +loopback network device and printing to the terminal some specific GSM +packages with IMSI numbers in them. The code is fairly short and easy +to understand. The reason this work is because gr-gsm include a tool +to read GSM data from a software defined radio like a DVB-T USB stick +and other software defined radios, decode them and inject them into a +network device on your Linux machine (using the loopback device by +default). This proved to work just fine, and I've been testing the +collector for a few days now.</p> + +<p>The updated and simpler recipe is thus to</p> + +<ol> + +<li>start with a Debian machine running Stretch or newer,</li> + +<li>build and install the gr-gsm package available from +<a href="http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/">http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/</a>,</li> + +<li>clone the git repostory from <a href="https://github.com/Oros42/IMSI-catcher">https://github.com/Oros42/IMSI-catcher</a>,</li> + +<li>run grgsm_livemon and adjust the frequency until the terminal +where it was started is filled with a stream of text (meaning you +found a GSM station).</li> + +<li>go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.</li> + +</ol> + +<p>To make it even easier in the future to get this sniffer up and +running, I decided to package +<a href="https://github.com/ptrkrysik/gr-gsm/">the gr-gsm project</a> +for Debian (<a href="https://bugs.debian.org/871055">WNPP +#871055</a>), and the package was uploaded into the NEW queue today. +Luckily the gnuradio maintainer has promised to help me, as I do not +know much about gnuradio stuff yet.</p> + +<p>I doubt this "IMSI cacher" is anywhere near as powerfull as +commercial tools like +<a href="https://www.thespyphone.com/portable-imsi-imei-catcher/">The +Spy Phone Portable IMSI / IMEI Catcher</a> or the +<a href="https://en.wikipedia.org/wiki/Stingray_phone_tracker">Harris +Stingray</a>, but I hope the existance of cheap alternatives can make +more people realise how their whereabouts when carrying a cell phone +is easily tracked. Seeing the data flow on the screen, realizing that +I live close to a police station and knowing that the police is also +wearing cell phones, I wonder how hard it would be for criminals to +track the position of the police officers to discover when there are +police near by, or for foreign military forces to track the location +of the Norwegian military forces, or for anyone to track the location +of government officials...</p> + +<p>It is worth noting that the data reported by the IMSI-catcher +script mentioned above is only a fraction of the data broadcasted on +the GSM network. It will only collect one frequency at the time, +while a typical phone will be using several frequencies, and not all +phones will be using the frequencies tracked by the grgsm_livemod +program. Also, there is a lot of radio chatter being ignored by the +simple_IMSI-catcher script, which would be collected by extending the +parser code. I wonder if gr-gsm can be set up to listen to more than +one frequency?</p> + + + + + Norwegian Bokmål edition of Debian Administrator's Handbook is now available + http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html + http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html + Tue, 25 Jul 2017 21:10:00 +0200 + <p align="center"><img align="center" src="http://people.skolelinux.org/pere/blog/images/2017-07-25-debian-handbook-nb-testprint.png"/></p> + +<p>I finally received a copy of the Norwegian Bokmål edition of +"<a href="https://debian-handbook.info/">The Debian Administrator's +Handbook</a>". This test copy arrived in the mail a few days ago, and +I am very happy to hold the result in my hand. We spent around one and a half year translating it. This paperbook edition +<a href="https://debian-handbook.info/get/#norwegian">is available +from lulu.com</a>. If you buy it quickly, you save 25% on the list +price. The book is also available for download in electronic form as +PDF, EPUB and Mobipocket, as can be +<a href="https://debian-handbook.info/browse/nb-NO/stable/">read online +as a web page</a>.</p> + +<p>This is the second book I publish (the first was the book +"<a href="http://free-culture.cc/">Free Culture</a>" by Lawrence Lessig +in +<a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">English</a>, +<a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">French</a> +and +<a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Norwegian +Bokmål</a>), and I am very excited to finally wrap up this +project. I hope +"<a href="http://www.lulu.com/shop/rapha%C3%ABl-hertzog-and-roland-mas/h%C3%A5ndbok-for-debian-administratoren/paperback/product-23262290.html">Håndbok +for Debian-administratoren</a>" will be well received.</p> + + + «Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet» http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html @@ -166,508 +543,5 @@ mailing list).</p> - - Idea for storing trusted timestamps in a Noark 5 archive - http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html - http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html - Wed, 7 Jun 2017 21:40:00 +0200 - <p><em>This is a copy of -<a href="https://lists.nuug.no/pipermail/nikita-noark/2017-June/000297.html">an -email I posted to the nikita-noark mailing list</a>. Please follow up -there if you would like to discuss this topic. The background is that -we are making a free software archive system based on the Norwegian -<a href="https://www.arkivverket.no/forvaltning-og-utvikling/regelverk-og-standarder/noark-standarden">Noark -5 standard</a> for government archives.</em></p> - -<p>I've been wondering a bit lately how trusted timestamps could be -stored in Noark 5. -<a href="https://en.wikipedia.org/wiki/Trusted_timestamping">Trusted -timestamps</a> can be used to verify that some information -(document/file/checksum/metadata) have not been changed since a -specific time in the past. This is useful to verify the integrity of -the documents in the archive.</p> - -<p>Then it occured to me, perhaps the trusted timestamps could be -stored as dokument variants (ie dokumentobjekt referered to from -dokumentbeskrivelse) with the filename set to the hash it is -stamping?</p> - -<p>Given a "dokumentbeskrivelse" with an associated "dokumentobjekt", -a new dokumentobjekt is associated with "dokumentbeskrivelse" with the -same attributes as the stamped dokumentobjekt except these -attributes:</p> - -<ul> - -<li>format -> "RFC3161" -<li>mimeType -> "application/timestamp-reply" -<li>formatDetaljer -> "&lt;source URL for timestamp service&gt;" -<li>filenavn -> "&lt;sjekksum&gt;.tsr" - -</ul> - -<p>This assume a service following -<a href="https://tools.ietf.org/html/rfc3161">IETF RFC 3161</a> is -used, which specifiy the given MIME type for replies and the .tsr file -ending for the content of such trusted timestamp. As far as I can -tell from the Noark 5 specifications, it is OK to have several -variants/renderings of a dokument attached to a given -dokumentbeskrivelse objekt. It might be stretching it a bit to make -some of these variants represent crypto-signatures useful for -verifying the document integrity instead of representing the dokument -itself.</p> - -<p>Using the source of the service in formatDetaljer allow several -timestamping services to be used. This is useful to spread the risk -of key compromise over several organisations. It would only be a -problem to trust the timestamps if all of the organisations are -compromised.</p> - -<p>The following oneliner on Linux can be used to generate the tsr -file. $input is the path to the file to checksum, and $sha256 is the -SHA-256 checksum of the file (ie the "<sjekksum>.tsr" value mentioned -above).</p> - -<p><blockquote><pre> -openssl ts -query -data "$inputfile" -cert -sha256 -no_nonce \ - | curl -s -H "Content-Type: application/timestamp-query" \ - --data-binary "@-" http://zeitstempel.dfn.de > $sha256.tsr -</pre></blockquote></p> - -<p>To verify the timestamp, you first need to download the public key -of the trusted timestamp service, for example using this command:</p> - -<p><blockquote><pre> -wget -O ca-cert.txt \ - https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt -</pre></blockquote></p> - -<p>Note, the public key should be stored alongside the timestamps in -the archive to make sure it is also available 100 years from now. It -is probably a good idea to standardise how and were to store such -public keys, to make it easier to find for those trying to verify -documents 100 or 1000 years from now. :)</p> - -<p>The verification itself is a simple openssl command:</p> - -<p><blockquote><pre> -openssl ts -verify -data $inputfile -in $sha256.tsr \ - -CAfile ca-cert.txt -text -</pre></blockquote></p> - -<p>Is there any reason this approach would not work? Is it somehow against -the Noark 5 specification?</p> - - - - - Når nynorskoversettelsen svikter til eksamen... - http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html - http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html - Sat, 3 Jun 2017 08:20:00 +0200 - <p><a href="http://www.aftenposten.no/norge/Krever-at-elever-ma-fa-annullert-eksamen-etter-rot-med-oppgavetekster-622459b.html">Aftenposten -melder i dag</a> om feil i eksamensoppgavene for eksamen i politikk og -menneskerettigheter, der teksten i bokmåls og nynorskutgaven ikke var -like. Oppgaveteksten er gjengitt i artikkelen, og jeg ble nysgjerring -på om den fri oversetterløsningen -<a href="https://www.apertium.org/">Apertium</a> ville gjort en bedre -jobb enn Utdanningsdirektoratet. Det kan se slik ut.</p> - -<p>Her er bokmålsoppgaven fra eksamenen:</p> - -<blockquote> -<p>Drøft utfordringene knyttet til nasjonalstatenes og andre aktørers -rolle og muligheter til å håndtere internasjonale utfordringer, som -for eksempel flykningekrisen.</p> - -<p>Vedlegge er eksempler på tekster som kan gi relevante perspektiver -på temaet:</p> -<ol> -<li>Flykningeregnskapet 2016, UNHCR og IDMC -<li>«Grenseløst Europa for fall» A-Magasinet, 26. november 2015 -</ol> - -</blockquote> - -<p>Dette oversetter Apertium slik:</p> - -<blockquote> -<p>Drøft utfordringane knytte til nasjonalstatane sine og rolla til -andre aktørar og høve til å handtera internasjonale utfordringar, som -til dømes *flykningekrisen.</p> - -<p>Vedleggja er døme på tekster som kan gje relevante perspektiv på -temaet:</p> - -<ol> -<li>*Flykningeregnskapet 2016, *UNHCR og *IDMC</li> -<li>«*Grenseløst Europa for fall» A-Magasinet, 26. november 2015</li> -</ol> - -</blockquote> - -<p>Ord som ikke ble forstått er markert med stjerne (*), og trenger -ekstra språksjekk. Men ingen ord er forsvunnet, slik det var i -oppgaven elevene fikk presentert på eksamen. Jeg mistenker dog at -"andre aktørers rolle og muligheter til ..." burde vært oversatt til -"rolla til andre aktørar og deira høve til ..." eller noe slikt, men -det er kanskje flisespikking. Det understreker vel bare at det alltid -trengs korrekturlesning etter automatisk oversettelse.</p> - - - - - Epost inn som arkivformat i Riksarkivarens forskrift? - http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html - http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html - Thu, 27 Apr 2017 11:30:00 +0200 - <p>I disse dager, med frist 1. mai, har Riksarkivaren ute en høring på -sin forskrift. Som en kan se er det ikke mye tid igjen før fristen -som går ut på søndag. Denne forskriften er det som lister opp hvilke -formater det er greit å arkivere i -<a href="http://www.arkivverket.no/arkivverket/Offentleg-forvalting/Noark/Noark-5">Noark -5-løsninger</a> i Norge.</p> - -<p>Jeg fant høringsdokumentene hos -<a href="https://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing">Norsk -Arkivråd</a> etter å ha blitt tipset på epostlisten til -<a href="https://github.com/hiOA-ABI/nikita-noark5-core">fri -programvareprosjektet Nikita Noark5-Core</a>, som lager et Noark 5 -Tjenestegresesnitt. Jeg er involvert i Nikita-prosjektet og takket -være min interesse for tjenestegrensesnittsprosjektet har jeg lest en -god del Noark 5-relaterte dokumenter, og til min overraskelse oppdaget -at standard epost ikke er på listen over godkjente formater som kan -arkiveres. Høringen med frist søndag er en glimrende mulighet til å -forsøke å gjøre noe med det. Jeg holder på med -<a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/hoering-arkivforskrift.tex">egen -høringsuttalelse</a>, og lurer på om andre er interessert i å støtte -forslaget om å tillate arkivering av epost som epost i arkivet.</p> - -<p>Er du igang med å skrive egen høringsuttalelse allerede? I så fall -kan du jo vurdere å ta med en formulering om epost-lagring. Jeg tror -ikke det trengs så mye. Her et kort forslag til tekst:</p> - -<p><blockquote> - - <p>Viser til høring sendt ut 2017-02-17 (Riksarkivarens referanse - 2016/9840 HELHJO), og tillater oss å sende inn noen innspill om - revisjon av Forskrift om utfyllende tekniske og arkivfaglige - bestemmelser om behandling av offentlige arkiver (Riksarkivarens - forskrift).</p> - - <p>Svært mye av vår kommuikasjon foregår i dag på e-post.  Vi - foreslår derfor at Internett-e-post, slik det er beskrevet i IETF - RFC 5322, - <a href="https://tools.ietf.org/html/rfc5322">https://tools.ietf.org/html/rfc5322</a>. bør - inn som godkjent dokumentformat.  Vi foreslår at forskriftens - oversikt over godkjente dokumentformater ved innlevering i § 5-16 - endres til å ta med Internett-e-post.</p> - -</blockquote></p> - -<p>Som del av arbeidet med tjenestegrensesnitt har vi testet hvordan -epost kan lagres i en Noark 5-struktur, og holder på å skrive et -forslag om hvordan dette kan gjøres som vil bli sendt over til -arkivverket så snart det er ferdig. De som er interesserte kan -<a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/epostlagring.md">følge -fremdriften på web</a>.</p> - -<p>Oppdatering 2017-04-28: I dag ble høringuttalelsen jeg skrev - <a href="https://www.nuug.no/news/NUUGs_h_ringuttalelse_til_Riksarkivarens_forskrift.shtml">sendt - inn av foreningen NUUG</a>.</p> - - - - - Offentlig elektronisk postjournal blokkerer tilgang for utvalgte webklienter - http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html - http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html - Thu, 20 Apr 2017 13:00:00 +0200 - <p>Jeg oppdaget i dag at <a href="https://www.oep.no/">nettstedet som -publiserer offentlige postjournaler fra statlige etater</a>, OEP, har -begynt å blokkerer enkelte typer webklienter fra å få tilgang. Vet -ikke hvor mange det gjelder, men det gjelder i hvert fall libwww-perl -og curl. For å teste selv, kjør følgende:</p> - -<blockquote><pre> -% curl -v -s https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP' -< HTTP/1.1 404 Not Found -% curl -v -s --header 'User-Agent:Opera/12.0' https://www.oep.no/pub/report.xhtml?reportId=3 2>&1 |grep '< HTTP' -< HTTP/1.1 200 OK -% -</pre></blockquote> - -<p>Her kan en se at tjenesten gir «404 Not Found» for curl i -standardoppsettet, mens den gir «200 OK» hvis curl hevder å være Opera -versjon 12.0. Offentlig elektronisk postjournal startet blokkeringen -2017-03-02.</p> - -<p>Blokkeringen vil gjøre det litt vanskeligere å maskinelt hente -informasjon fra oep.no. Kan blokkeringen være gjort for å hindre -automatisert innsamling av informasjon fra OEP, slik Pressens -Offentlighetsutvalg gjorde for å dokumentere hvordan departementene -hindrer innsyn i -<a href="http://presse.no/dette-mener-np/undergraver-offentlighetsloven/">rapporten -«Slik hindrer departementer innsyn» som ble publiserte i januar -2017</a>. Det virker usannsynlig, da det jo er trivielt å bytte -User-Agent til noe nytt.</p> - -<p>Finnes det juridisk grunnlag for det offentlige å diskriminere -webklienter slik det gjøres her? Der tilgang gis eller ikke alt etter -hva klienten sier at den heter? Da OEP eies av DIFI og driftes av -Basefarm, finnes det kanskje noen dokumenter sendt mellom disse to -aktørene man kan be om innsyn i for å forstå hva som har skjedd. Men -<a href="https://www.oep.no/search/result.html?period=dateRange&fromDate=01.01.2016&toDate=01.04.2017&dateType=documentDate&caseDescription=&descType=both&caseNumber=&documentNumber=&sender=basefarm&senderType=both&documentType=all&legalAuthority=&archiveCode=&list2=196&searchType=advanced&Search=Search+in+records">postjournalen -til DIFI viser kun to dokumenter</a> det siste året mellom DIFI og -Basefarm. -<a href="https://www.mimesbronn.no/request/blokkering_av_tilgang_til_oep_fo">Mimes brønn neste</a>, -tenker jeg.</p> - - - - - Free software archive system Nikita now able to store documents - http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html - http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html - Sun, 19 Mar 2017 08:00:00 +0100 - <p>The <a href="https://github.com/hiOA-ABI/nikita-noark5-core">Nikita -Noark 5 core project</a> is implementing the Norwegian standard for -keeping an electronic archive of government documents. -<a href="http://www.arkivverket.no/arkivverket/Offentlig-forvaltning/Noark/Noark-5/English-version">The -Noark 5 standard</a> document the requirement for data systems used by -the archives in the Norwegian government, and the Noark 5 web interface -specification document a REST web service for storing, searching and -retrieving documents and metadata in such archive. I've been involved -in the project since a few weeks before Christmas, when the Norwegian -Unix User Group -<a href="https://www.nuug.no/news/NOARK5_kjerne_som_fri_programvare_f_r_epostliste_hos_NUUG.shtml">announced -it supported the project</a>. I believe this is an important project, -and hope it can make it possible for the government archives in the -future to use free software to keep the archives we citizens depend -on. But as I do not hold such archive myself, personally my first use -case is to store and analyse public mail journal metadata published -from the government. I find it useful to have a clear use case in -mind when developing, to make sure the system scratches one of my -itches.</p> - -<p>If you would like to help make sure there is a free software -alternatives for the archives, please join our IRC channel -(<a href="irc://irc.freenode.net/%23nikita"">#nikita on -irc.freenode.net</a>) and -<a href="https://lists.nuug.no/mailman/listinfo/nikita-noark">the -project mailing list</a>.</p> - -<p>When I got involved, the web service could store metadata about -documents. But a few weeks ago, a new milestone was reached when it -became possible to store full text documents too. Yesterday, I -completed an implementation of a command line tool -<tt>archive-pdf</tt> to upload a PDF file to the archive using this -API. The tool is very simple at the moment, and find existing -<a href="https://en.wikipedia.org/wiki/Fonds">fonds</a>, series and -files while asking the user to select which one to use if more than -one exist. Once a file is identified, the PDF is associated with the -file and uploaded, using the title extracted from the PDF itself. The -process is fairly similar to visiting the archive, opening a cabinet, -locating a file and storing a piece of paper in the archive. Here is -a test run directly after populating the database with test data using -our API tester:</p> - -<p><blockquote><pre> -~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf -using arkiv: Title of the test fonds created 2017-03-18T23:49:32.103446 -using arkivdel: Title of the test series created 2017-03-18T23:49:32.103446 - - 0 - Title of the test case file created 2017-03-18T23:49:32.103446 - 1 - Title of the test file created 2017-03-18T23:49:32.103446 -Select which mappe you want (or search term): 0 -Uploading mangelmelding/mangler.pdf - PDF title: Mangler i spesifikasjonsdokumentet for NOARK 5 Tjenestegrensesnitt - File 2017/1: Title of the test case file created 2017-03-18T23:49:32.103446 -~/src//noark5-tester$ -</pre></blockquote></p> - -<p>You can see here how the fonds (arkiv) and serie (arkivdel) only had -one option, while the user need to choose which file (mappe) to use -among the two created by the API tester. The <tt>archive-pdf</tt> -tool can be found in the git repository for the API tester.</p> - -<p>In the project, I have been mostly working on -<a href="https://github.com/petterreinholdtsen/noark5-tester">the API -tester</a> so far, while getting to know the code base. The API -tester currently use -<a href="https://en.wikipedia.org/wiki/HATEOAS">the HATEOAS links</a> -to traverse the entire exposed service API and verify that the exposed -operations and objects match the specification, as well as trying to -create objects holding metadata and uploading a simple XML file to -store. The tester has proved very useful for finding flaws in our -implementation, as well as flaws in the reference site and the -specification.</p> - -<p>The test document I uploaded is a summary of all the specification -defects we have collected so far while implementing the web service. -There are several unclear and conflicting parts of the specification, -and we have -<a href="https://github.com/petterreinholdtsen/noark5-tester/tree/master/mangelmelding">started -writing down</a> the questions we get from implementing it. We use a -format inspired by how <a href="http://www.opengroup.org/austin/">The -Austin Group</a> collect defect reports for the POSIX standard with -<a href="http://www.opengroup.org/austin/mantis.html">their -instructions for the MANTIS defect tracker system</a>, in lack of an official way to structure defect reports for Noark 5 (our first submitted defect report was a <a href="https://github.com/petterreinholdtsen/noark5-tester/blob/master/mangelmelding/sendt/2017-03-15-mangel-prosess.md">request for a procedure for submitting defect reports</a> :). - -<p>The Nikita project is implemented using Java and Spring, and is -fairly easy to get up and running using Docker containers for those -that want to test the current code base. The API tester is -implemented in Python.</p> - - - - - Detecting NFS hangs on Linux without hanging yourself... - http://people.skolelinux.org/pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html - http://people.skolelinux.org/pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html - Thu, 9 Mar 2017 15:20:00 +0100 - <p>Over the years, administrating thousand of NFS mounting linux -computers at the time, I often needed a way to detect if the machine -was experiencing NFS hang. If you try to use <tt>df</tt> or look at a -file or directory affected by the hang, the process (and possibly the -shell) will hang too. So you want to be able to detect this without -risking the detection process getting stuck too. It has not been -obvious how to do this. When the hang has lasted a while, it is -possible to find messages like these in dmesg:</p> - -<p><blockquote> -nfs: server nfsserver not responding, still trying -<br>nfs: server nfsserver OK -</blockquote></p> - -<p>It is hard to know if the hang is still going on, and it is hard to -be sure looking in dmesg is going to work. If there are lots of other -messages in dmesg the lines might have rotated out of site before they -are noticed.</p> - -<p>While reading through the nfs client implementation in linux kernel -code, I came across some statistics that seem to give a way to detect -it. The om_timeouts sunrpc value in the kernel will increase every -time the above log entry is inserted into dmesg. And after digging a -bit further, I discovered that this value show up in -/proc/self/mountstats on Linux.</p> - -<p>The mountstats content seem to be shared between files using the -same file system context, so it is enough to check one of the -mountstats files to get the state of the mount point for the machine. -I assume this will not show lazy umounted NFS points, nor NFS mount -points in a different process context (ie with a different filesystem -view), but that does not worry me.</p> - -<p>The content for a NFS mount point look similar to this:</p> - -<p><blockquote><pre> -[...] -device /dev/mapper/Debian-var mounted on /var with fstype ext3 -device nfsserver:/mnt/nfsserver/home0 mounted on /mnt/nfsserver/home0 with fstype nfs statvers=1.1 - opts: rw,vers=3,rsize=65536,wsize=65536,namlen=255,acregmin=3,acregmax=60,acdirmin=30,acdirmax=60,soft,nolock,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=129.240.3.145,mountvers=3,mountport=4048,mountproto=udp,local_lock=all - age: 7863311 - caps: caps=0x3fe7,wtmult=4096,dtsize=8192,bsize=0,namlen=255 - sec: flavor=1,pseudoflavor=1 - events: 61063112 732346265 1028140 35486205 16220064 8162542 761447191 71714012 37189 3891185 45561809 110486139 4850138 420353 15449177 296502 52736725 13523379 0 52182 9016896 1231 0 0 0 0 0 - bytes: 166253035039 219519120027 0 0 40783504807 185466229638 11677877 45561809 - RPC iostats version: 1.0 p/v: 100003/3 (nfs) - xprt: tcp 925 1 6810 0 0 111505412 111480497 109 2672418560317 0 248 53869103 22481820 - per-op statistics - NULL: 0 0 0 0 0 0 0 0 - GETATTR: 61063106 61063108 0 9621383060 6839064400 453650 77291321 78926132 - SETATTR: 463469 463470 0 92005440 66739536 63787 603235 687943 - LOOKUP: 17021657 17021657 0 3354097764 4013442928 57216 35125459 35566511 - ACCESS: 14281703 14290009 5 2318400592 1713803640 1709282 4865144 7130140 - READLINK: 125 125 0 20472 18620 0 1112 1118 - READ: 4214236 4214237 0 715608524 41328653212 89884 22622768 22806693 - WRITE: 8479010 8494376 22 187695798568 1356087148 178264904 51506907 231671771 - CREATE: 171708 171708 0 38084748 46702272 873 1041833 1050398 - MKDIR: 3680 3680 0 773980 993920 26 23990 24245 - SYMLINK: 903 903 0 233428 245488 6 5865 5917 - MKNOD: 80 80 0 20148 21760 0 299 304 - REMOVE: 429921 429921 0 79796004 61908192 3313 2710416 2741636 - RMDIR: 3367 3367 0 645112 484848 22 5782 6002 - RENAME: 466201 466201 0 130026184 121212260 7075 5935207 5961288 - LINK: 289155 289155 0 72775556 67083960 2199 2565060 2585579 - READDIR: 2933237 2933237 0 516506204 13973833412 10385 3190199 3297917 - READDIRPLUS: 1652839 1652839 0 298640972 6895997744 84735 14307895 14448937 - FSSTAT: 6144 6144 0 1010516 1032192 51 9654 10022 - FSINFO: 2 2 0 232 328 0 1 1 - PATHCONF: 1 1 0 116 140 0 0 0 - COMMIT: 0 0 0 0 0 0 0 0 - -device binfmt_misc mounted on /proc/sys/fs/binfmt_misc with fstype binfmt_misc -[...] -</pre></blockquote></p> - -<p>The key number to look at is the third number in the per-op list. -It is the number of NFS timeouts experiences per file system -operation. Here 22 write timeouts and 5 access timeouts. If these -numbers are increasing, I believe the machine is experiencing NFS -hang. Unfortunately the timeout value do not start to increase right -away. The NFS operations need to time out first, and this can take a -while. The exact timeout value depend on the setup. For example the -defaults for TCP and UDP mount points are quite different, and the -timeout value is affected by the soft, hard, timeo and retrans NFS -mount options.</p> - -<p>The only way I have been able to get working on Debian and RedHat -Enterprise Linux for getting the timeout count is to peek in /proc/. -But according to -<ahref="http://docs.oracle.com/cd/E19253-01/816-4555/netmonitor-12/index.html">Solaris -10 System Administration Guide: Network Services</a>, the 'nfsstat -c' -command can be used to get these timeout values. But this do not work -on Linux, as far as I can tell. I -<ahref="http://bugs.debian.org/857043">asked Debian about this</a>, -but have not seen any replies yet.</p> - -<p>Is there a better way to figure out if a Linux NFS client is -experiencing NFS hangs? Is there a way to detect which processes are -affected? Is there a way to get the NFS mount going quickly once the -network problem causing the NFS hang has been cleared? I would very -much welcome some clues, as we regularly run into NFS hangs.</p> - - - - - How does it feel to be wiretapped, when you should be doing the wiretapping... - http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html - http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html - Wed, 8 Mar 2017 11:50:00 +0100 - <p>So the new president in the United States of America claim to be -surprised to discover that he was wiretapped during the election -before he was elected president. He even claim this must be illegal. -Well, doh, if it is one thing the confirmations from Snowden -documented, it is that the entire population in USA is wiretapped, one -way or another. Of course the president candidates were wiretapped, -alongside the senators, judges and the rest of the people in USA.</p> - -<p>Next, the Federal Bureau of Investigation ask the Department of -Justice to go public rejecting the claims that Donald Trump was -wiretapped illegally. I fail to see the relevance, given that I am -sure the surveillance industry in USA believe they have all the legal -backing they need to conduct mass surveillance on the entire -world.</p> - -<p>There is even the director of the FBI stating that he never saw an -order requesting wiretapping of Donald Trump. That is not very -surprising, given how the FISA court work, with all its activity being -secret. Perhaps he only heard about it?</p> - -<p>What I find most sad in this story is how Norwegian journalists -present it. In a news reports the other day in the radio from the -Norwegian National broadcasting Company (NRK), I heard the journalist -claim that 'the FBI denies any wiretapping', while the reality is that -'the FBI denies any illegal wiretapping'. There is a fundamental and -important difference, and it make me sad that the journalists are -unable to grasp it.</p> - -<p><strong>Update 2017-03-13:</strong> Look like -<a href="https://theintercept.com/2017/03/13/rand-paul-is-right-nsa-routinely-monitors-americans-communications-without-warrants/">The -Intercept report that US Senator Rand Paul confirm what I state above</a>.</p> - - -