X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/cec4373a9fb73f8891e8366ff2a262bf78800bbd..077b7dd8148096600292d947669ddbfd0180f6f4:/blog/index.rss diff --git a/blog/index.rss b/blog/index.rss index e3462d6d3f..530fc6ddc3 100644 --- a/blog/index.rss +++ b/blog/index.rss @@ -7,734 +7,623 @@ - E-tjenesten ber om innsyn i eposten til partiene på Stortinget - http://people.skolelinux.org/pere/blog/E_tjenesten_ber_om_innsyn_i_eposten_til_partiene_p__Stortinget.html - http://people.skolelinux.org/pere/blog/E_tjenesten_ber_om_innsyn_i_eposten_til_partiene_p__Stortinget.html - Tue, 6 Sep 2016 23:00:00 +0200 - <p>I helga kom det et hårreisende forslag fra Lysne II-utvalget satt -ned av Forsvarsdepartementet. Lysne II-utvalget var bedt om å vurdere -ønskelista til Forsvarets etterretningstjeneste (e-tjenesten), og har -kommet med -<a href="http://www.aftenposten.no/norge/Utvalg-sier-ja-til-at-E-tjenesten-far-overvake-innholdet-i-all-internett--og-telefontrafikk-som-krysser-riksgrensen-603232b.html">forslag -om at e-tjenesten skal få lov til a avlytte all Internett-trafikk</a> -som passerer Norges grenser. Få er klar over at dette innebærer at -e-tjenesten får tilgang til epost sendt til de fleste politiske -partiene på Stortinget. Regjeringspartiet Høyre (@hoyre.no), -støttepartiene Venstre (@venstre.no) og Kristelig Folkeparti (@krf.no) -samt Sosialistisk Ventreparti (@sv.no) og Miljøpartiet de grønne -(@mdg.no) har nemlig alle valgt å ta imot eposten sin via utenlandske -tjenester. Det betyr at hvis noen sender epost til noen med en slik -adresse vil innholdet i eposten om dette forslaget blir vedtatt gjøres -tilgjengelig for e-tjenesten. Venstre, Sosialistisk Ventreparti og -Miljøpartiet De Grønne har valgt å motta sin epost hos Google, -Kristelig Folkeparti har valgt å motta sin epost hos Microsoft, og -Høyre har valgt å motta sin epost hos Comendo med mottak i Danmark og -Irland. Kun Arbeiderpartiet og Fremskrittspartiet har valgt å motta -eposten sin i Norge, hos henholdsvis Intility AS og Telecomputing -AS.</p> - -<p>Konsekvensen er at epost inn og ut av de politiske organisasjonene, -til og fra partimedlemmer og partiets tillitsvalgte vil gjøres -tilgjengelig for e-tjenesten for analyse og sortering. Jeg mistenker -at kunnskapen som slik blir tilgjengelig vil være nyttig hvis en -ønsker å vite hvilke argumenter som treffer publikum når en ønsker å -påvirke Stortingets representanter.</p - -<p>Ved hjelp av MX-oppslag i DNS for epost-domene, tilhørende -whois-oppslag av IP-adressene og traceroute for å se hvorvidt -trafikken går via utlandet kan enhver få bekreftet at epost sendt til -de omtalte partiene vil gjøres tilgjengelig for forsvarets -etterretningstjeneste hvis forslaget blir vedtatt. En kan også bruke -den kjekke nett-tjenesten <a href="http://ipinfo.io/">ipinfo.io</a> -for å få en ide om hvor i verden en IP-adresse hører til.</p> - -<p>På den positive siden vil forslaget gjøre at enda flere blir -motivert til å ta grep for å bruke -<a href="https://www.torproject.org/">Tor</a> og krypterte -kommunikasjonsløsninger for å kommunisere med sine kjære, for å sikre -at privatsfæren vernes. Selv bruker jeg blant annet -<a href="https://www.freedomboxfoundation.org/">FreedomBox</a> og -<a href="https://whispersystems.org/">Signal</a> til slikt. Ingen av -dem er optimale, men de fungerer ganske bra allerede og øker kostnaden -for dem som ønsker å invadere mitt privatliv.</p> - -<p>For øvrig burde varsleren Edward Snowden få politisk asyl i -Norge.</p> - -<!-- - -venstre.no - venstre.no mail is handled by 10 aspmx.l.google.com. - venstre.no mail is handled by 20 alt1.aspmx.l.google.com. - venstre.no mail is handled by 20 alt2.aspmx.l.google.com. - venstre.no mail is handled by 30 aspmx2.googlemail.com. - venstre.no mail is handled by 30 aspmx3.googlemail.com. - -traceroute to aspmx.l.google.com (173.194.222.27), 30 hops max, 60 byte packets - 1 uio-gw10.uio.no (129.240.6.1) 0.411 ms 0.438 ms 0.536 ms - 2 uio-gw8.uio.no (129.240.24.229) 0.375 ms 0.452 ms 0.548 ms - 3 oslo-gw1.uninett.no (128.39.65.17) 1.940 ms 1.950 ms 1.942 ms - 4 se-tug.nordu.net (109.105.102.108) 6.910 ms 6.949 ms 7.283 ms - 5 google-gw.nordu.net (109.105.98.6) 6.975 ms 6.967 ms 6.958 ms - 6 209.85.250.192 (209.85.250.192) 7.337 ms 7.286 ms 10.890 ms - 7 209.85.254.13 (209.85.254.13) 7.394 ms 209.85.254.31 (209.85.254.31) 7.586 ms 209.85.254.33 (209.85.254.33) 7.570 ms - 8 209.85.251.255 (209.85.251.255) 15.686 ms 209.85.249.229 (209.85.249.229) 16.118 ms 209.85.251.255 (209.85.251.255) 16.073 ms - 9 74.125.37.255 (74.125.37.255) 16.794 ms 216.239.40.248 (216.239.40.248) 16.113 ms 74.125.37.44 (74.125.37.44) 16.764 ms -10 * * * - -mdg.no - mdg.no mail is handled by 1 aspmx.l.google.com. - mdg.no mail is handled by 5 alt2.aspmx.l.google.com. - mdg.no mail is handled by 5 alt1.aspmx.l.google.com. - mdg.no mail is handled by 10 aspmx2.googlemail.com. - mdg.no mail is handled by 10 aspmx3.googlemail.com. -sv.no - sv.no mail is handled by 1 aspmx.l.google.com. - sv.no mail is handled by 5 alt1.aspmx.l.google.com. - sv.no mail is handled by 5 alt2.aspmx.l.google.com. - sv.no mail is handled by 10 aspmx3.googlemail.com. - sv.no mail is handled by 10 aspmx2.googlemail.com. -hoyre.no - hoyre.no mail is handled by 10 hoyre-no.mx1.comendosystems.com. - hoyre.no mail is handled by 20 hoyre-no.mx2.comendosystems.net. - -traceroute to hoyre-no.mx1.comendosystems.com (89.104.206.4), 30 hops max, 60 byte packets - 1 uio-gw10.uio.no (129.240.6.1) 0.450 ms 0.510 ms 0.591 ms - 2 uio-gw8.uio.no (129.240.24.229) 0.383 ms 0.508 ms 0.596 ms - 3 oslo-gw1.uninett.no (128.39.65.17) 0.311 ms 0.315 ms 0.300 ms - 4 se-tug.nordu.net (109.105.102.108) 6.837 ms 6.842 ms 6.834 ms - 5 dk-uni.nordu.net (109.105.97.10) 26.073 ms 26.085 ms 26.076 ms - 6 dix.1000m.soeborg.ip.comendo.dk (192.38.7.22) 15.372 ms 15.046 ms 15.123 ms - 7 89.104.192.65 (89.104.192.65) 15.875 ms 15.990 ms 16.239 ms - 8 89.104.192.179 (89.104.192.179) 15.676 ms 15.674 ms 15.664 ms - 9 03dm-com.mx1.staysecuregroup.com (89.104.206.4) 15.637 ms * * - -krf.no - krf.no mail is handled by 10 krf-no.mail.protection.outlook.com. - -traceroute to krf-no.mail.protection.outlook.com (213.199.154.42), 30 hops max, 60 byte packets - 1 uio-gw10.uio.no (129.240.6.1) 0.401 ms 0.438 ms 0.536 ms - 2 uio-gw8.uio.no (129.240.24.229) 11.076 ms 11.120 ms 11.204 ms - 3 oslo-gw1.uninett.no (128.39.65.17) 0.232 ms 0.234 ms 0.271 ms - 4 se-tug.nordu.net (109.105.102.108) 6.811 ms 6.820 ms 6.815 ms - 5 netnod-ix-ge-a-sth-4470.microsoft.com (195.245.240.181) 7.074 ms 7.013 ms 7.061 ms - 6 ae1-0.sto-96cbe-1b.ntwk.msn.net (104.44.225.161) 7.227 ms 7.362 ms 7.293 ms - 7 be-8-0.ibr01.ams.ntwk.msn.net (104.44.5.7) 41.993 ms 43.334 ms 41.939 ms - 8 be-1-0.ibr02.ams.ntwk.msn.net (104.44.4.214) 43.153 ms 43.507 ms 43.404 ms - 9 ae3-0.fra-96cbe-1b.ntwk.msn.net (104.44.5.17) 29.897 ms 29.831 ms 29.794 ms -10 ae10-0.vie-96cbe-1a.ntwk.msn.net (198.206.164.1) 42.309 ms 42.130 ms 41.808 ms -11 * ae8-0.vie-96cbe-1b.ntwk.msn.net (104.44.227.29) 41.425 ms * -12 * * * - -arbeiderpartiet.no - arbeiderpartiet.no mail is handled by 10 mail.intility.com. - arbeiderpartiet.no mail is handled by 20 mail2.intility.com. - -traceroute to mail.intility.com (188.95.245.87), 30 hops max, 60 byte packets - 1 uio-gw10.uio.no (129.240.6.1) 0.486 ms 0.508 ms 0.649 ms - 2 uio-gw8.uio.no (129.240.24.229) 0.416 ms 0.508 ms 0.620 ms - 3 oslo-gw1.uninett.no (128.39.65.17) 0.276 ms 0.278 ms 0.275 ms - 4 te3-1-2.br1.fn3.as2116.net (193.156.90.3) 0.374 ms 0.371 ms 0.416 ms - 5 he16-1-1.cr1.san110.as2116.net (195.0.244.234) 3.132 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48) 10.079 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234) 3.353 ms - 6 te1-2-0.ar2.ulv89.as2116.net (195.0.243.194) 0.569 ms te5-0-0.ar2.ulv89.as2116.net (195.0.243.192) 0.661 ms 0.653 ms - 7 cD2EC45C1.static.as2116.net (193.69.236.210) 0.654 ms 0.615 ms 0.590 ms - 8 185.7.132.38 (185.7.132.38) 1.661 ms 1.808 ms 1.695 ms - 9 185.7.132.100 (185.7.132.100) 1.793 ms 1.943 ms 1.546 ms -10 * * * - -frp.no - frp.no mail is handled by 10 mx03.telecomputing.no. - frp.no mail is handled by 20 mx01.telecomputing.no. - -traceroute to mx03.telecomputing.no (95.128.105.102), 30 hops max, 60 byte packets - 1 uio-gw10.uio.no (129.240.6.1) 0.378 ms 0.402 ms 0.479 ms - 2 uio-gw8.uio.no (129.240.24.229) 0.361 ms 0.458 ms 0.548 ms - 3 oslo-gw1.uninett.no (128.39.65.17) 0.361 ms 0.352 ms 0.336 ms - 4 xe-2-2-0-0.san-peer2.osl.no.ip.tdc.net (193.156.90.16) 0.375 ms 0.366 ms 0.346 ms - 5 xe-2-0-2-0.ost-pe1.osl.no.ip.tdc.net (85.19.121.97) 0.780 ms xe-2-0-0-0.ost-pe1.osl.no.ip.tdc.net (85.19.121.101) 0.713 ms xe-2-0-2-0.ost-pe1.osl.no.ip.tdc.net (85.19.121.97) 0.759 ms - 6 cpe.xe-0-2-0-100.ost-pe1.osl.no.customer.tdc.net (85.19.26.46) 0.837 ms 0.755 ms 0.759 ms - 7 95.128.105.3 (95.128.105.3) 1.050 ms 1.288 ms 1.182 ms - 8 mx03.telecomputing.no (95.128.105.102) 0.717 ms 0.703 ms 0.692 ms - ---> + How does it feel to be wiretapped, when you should be doing the wiretapping... + http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html + http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html + Wed, 8 Mar 2017 11:50:00 +0100 + <p>So the new president in the United States of America claim to be +surprised to discover that he was wiretapped during the election +before he was elected president. He even claim this must be illegal. +Well, doh, if it is one thing the confirmations from Snowden +documented, it is that the entire population in USA is wiretapped, one +way or another. Of course the president candidates were wiretapped, +alongside the senators, judges and the rest of the people in USA.</p> + +<p>Next, the Federal Bureau of Investigation ask the Department of +Justice to go public rejecting the claims that Donald Trump was +wiretapped illegally. I fail to see the relevance, given that I am +sure the surveillance industry in USA believe they have all the legal +backing they need to conduct mass surveillance on the entire +world.</p> + +<p>There is even the director of the FBI stating that he never saw an +order requesting wiretapping of Donald Trump. That is not very +surprising, given how the FISA court work, with all its activity being +secret. Perhaps he only heard about it?</p> + +<p>What I find most sad in this story is how Norwegian journalists +present it. In a news reports the other day in the radio from the +Norwegian National broadcasting Company (NRK), I heard the journalist +claim that 'the FBI denies any wiretapping', while the reality is that +'the FBI denies any illegal wiretapping'. There is a fundamental and +important difference, and it make me sad that the journalists are +unable to grasp it.</p> - First draft Norwegian Bokmål edition of The Debian Administrator's Handbook now public - http://people.skolelinux.org/pere/blog/First_draft_Norwegian_Bokm_l_edition_of_The_Debian_Administrator_s_Handbook_now_public.html - http://people.skolelinux.org/pere/blog/First_draft_Norwegian_Bokm_l_edition_of_The_Debian_Administrator_s_Handbook_now_public.html - Tue, 30 Aug 2016 10:10:00 +0200 - <p>In April we -<a href="http://people.skolelinux.org/pere/blog/Lets_make_a_Norwegian_Bokm_l_edition_of_The_Debian_Administrator_s_Handbook.html">started -to work</a> on a Norwegian Bokmål edition of the "open access" book on -how to set up and administrate a Debian system. Today I am happy to -report that the first draft is now publicly available. You can find -it on <a href="https://debian-handbook.info/get/">get the Debian -Administrator's Handbook page</a> (under Other languages). The first -eight chapters have a first draft translation, and we are working on -proofreading the content. If you want to help out, please start -contributing using -<a href="https://hosted.weblate.org/projects/debian-handbook/">the -hosted weblate project page</a>, and get in touch using -<a href="http://lists.alioth.debian.org/mailman/listinfo/debian-handbook-translators">the -translators mailing list</a>. Please also check out -<a href="https://debian-handbook.info/contribute/">the instructions for -contributors</a>. A good way to contribute is to proofread the text -and update weblate if you find errors.</p> - -<p>Our goal is still to make the Norwegian book available on paper as well as -electronic form.</p> + Norwegian Bokmål translation of The Debian Administrator's Handbook complete, proofreading in progress + http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html + http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html + Fri, 3 Mar 2017 14:50:00 +0100 + <p>For almost a year now, we have been working on making a Norwegian +Bokmål edition of <a href="https://debian-handbook.info/">The Debian +Administrator's Handbook</a>. Now, thanks to the tireless effort of +Ole-Erik, Ingrid and Andreas, the initial translation is complete, and +we are working on the proof reading to ensure consistent language and +use of correct computer science terms. The plan is to make the book +available on paper, as well as in electronic form. For that to +happen, the proof reading must be completed and all the figures need +to be translated. If you want to help out, get in touch.</p> + +<p><a href="http://people.skolelinux.org/pere/debian-handbook/debian-handbook-nb-NO.pdf">A + +fresh PDF edition</a> in A4 format (the final book will have smaller +pages) of the book created every morning is available for +proofreading. If you find any errors, please +<a href="https://hosted.weblate.org/projects/debian-handbook/">visit +Weblate and correct the error</a>. The +<a href="http://l.github.io/debian-handbook/stat/nb-NO/index.html">state +of the translation including figures</a> is a useful source for those +provide Norwegian bokmål screen shots and figures.</p> - Coz can help you find bottlenecks in multi-threaded software - nice free software - http://people.skolelinux.org/pere/blog/Coz_can_help_you_find_bottlenecks_in_multi_threaded_software___nice_free_software.html - http://people.skolelinux.org/pere/blog/Coz_can_help_you_find_bottlenecks_in_multi_threaded_software___nice_free_software.html - Thu, 11 Aug 2016 12:00:00 +0200 - <p>This summer, I read a great article -"<a href="https://www.usenix.org/publications/login/summer2016/curtsinger">coz: -This Is the Profiler You're Looking For</a>" in USENIX ;login: about -how to profile multi-threaded programs. It presented a system for -profiling software by running experiences in the running program, -testing how run time performance is affected by "speeding up" parts of -the code to various degrees compared to a normal run. It does this by -slowing down parallel threads while the "faster up" code is running -and measure how this affect processing time. The processing time is -measured using probes inserted into the code, either using progress -counters (COZ_PROGRESS) or as latency meters (COZ_BEGIN/COZ_END). It -can also measure unmodified code by measuring complete the program -runtime and running the program several times instead.</p> - -<p>The project and presentation was so inspiring that I would like to -get the system into Debian. I -<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830708">created -a WNPP request for it</a> and contacted upstream to try to make the -system ready for Debian by sending patches. The build process need to -be changed a bit to avoid running 'git clone' to get dependencies, and -to include the JavaScript web page used to visualize the collected -profiling information included in the source package. -But I expect that should work out fairly soon.</p> - -<p>The way the system work is fairly simple. To run an coz experiment -on a binary with debug symbols available, start the program like this: - -<p><blockquote><pre> -coz run --- program-to-run -</pre></blockquote></p> - -<p>This will create a text file profile.coz with the instrumentation -information. To show what part of the code affect the performance -most, use a web browser and either point it to -<a href="http://plasma-umass.github.io/coz/">http://plasma-umass.github.io/coz/</a> -or use the copy from git (in the gh-pages branch). Check out this web -site to have a look at several example profiling runs and get an idea what the end result from the profile runs look like. To make the -profiling more useful you include &lt;coz.h&gt; and insert the -COZ_PROGRESS or COZ_BEGIN and COZ_END at appropriate places in the -code, rebuild and run the profiler. This allow coz to do more -targeted experiments.</p> - -<p>A video published by ACM -<a href="https://www.youtube.com/watch?v=jE0V-p1odPg">presenting the -Coz profiler</a> is available from Youtube. There is also a paper -from the 25th Symposium on Operating Systems Principles available -titled -<a href="https://www.usenix.org/conference/atc16/technical-sessions/presentation/curtsinger">Coz: -finding code that counts with causal profiling</a>.</p> - -<p><a href="https://github.com/plasma-umass/coz">The source code</a> -for Coz is available from github. It will only build with clang -because it uses a -<a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55606">C++ -feature missing in GCC</a>, but I've submitted -<a href="https://github.com/plasma-umass/coz/pull/67">a patch to solve -it</a> and hope it will be included in the upstream source soon.</p> - -<p>Please get in touch if you, like me, would like to see this piece -of software in Debian. I would very much like some help with the -packaging effort, as I lack the in depth knowledge on how to package -C++ libraries.</p> + Unlimited randomness with the ChaosKey? + http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html + http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html + Wed, 1 Mar 2017 20:50:00 +0100 + <p>A few days ago I ordered a small batch of +<a href="http://altusmetrum.org/ChaosKey/">the ChaosKey</a>, a small +USB dongle for generating entropy created by Bdale Garbee and Keith +Packard. Yesterday it arrived, and I am very happy to report that it +work great! According to its designers, to get it to work out of the +box, you need the Linux kernel version 4.1 or later. I tested on a +Debian Stretch machine (kernel version 4.9), and there it worked just +fine, increasing the available entropy very quickly. I wrote a small +test oneliner to test. It first print the current entropy level, +drain /dev/random, and then print the entropy level for five seconds. +Here is the situation without the ChaosKey inserted:</p> + +<blockquote><pre> +% cat /proc/sys/kernel/random/entropy_avail; \ + dd bs=1M if=/dev/random of=/dev/null count=1; \ + for n in $(seq 1 5); do \ + cat /proc/sys/kernel/random/entropy_avail; \ + sleep 1; \ + done +300 +0+1 oppføringer inn +0+1 oppføringer ut +28 byte kopiert, 0,000264565 s, 106 kB/s +4 +8 +12 +17 +21 +% +</pre></blockquote> + +<p>The entropy level increases by 3-4 every second. In such case any +application requiring random bits (like a HTTPS enabled web server) +will halt and wait for more entrpy. And here is the situation with +the ChaosKey inserted:</p> + +<blockquote><pre> +% cat /proc/sys/kernel/random/entropy_avail; \ + dd bs=1M if=/dev/random of=/dev/null count=1; \ + for n in $(seq 1 5); do \ + cat /proc/sys/kernel/random/entropy_avail; \ + sleep 1; \ + done +1079 +0+1 oppføringer inn +0+1 oppføringer ut +104 byte kopiert, 0,000487647 s, 213 kB/s +433 +1028 +1031 +1035 +1038 +% +</pre></blockquote> + +<p>Quite the difference. :) I bought a few more than I need, in case +someone want to buy one here in Norway. :)</p> + +<p>Update: The dongle was presented at Debconf last year. You might +find <a href="https://debconf16.debconf.org/talks/94/">the talk +recording illuminating</a>. It explains exactly what the source of +randomness is, if you are unable to spot it from the schema drawing +available from the ChaosKey web site linked at the start of this blog +post.</p> - Sales number for the Free Culture translation, first half of 2016 - http://people.skolelinux.org/pere/blog/Sales_number_for_the_Free_Culture_translation__first_half_of_2016.html - http://people.skolelinux.org/pere/blog/Sales_number_for_the_Free_Culture_translation__first_half_of_2016.html - Fri, 5 Aug 2016 22:45:00 +0200 - <p>As my regular readers probably remember, the last year I published -a French and Norwegian translation of the classic -<a href="http://www.free-culture.cc/">Free Culture book</a> by the -founder of the Creative Commons movement, Lawrence Lessig. A bit less -known is the fact that due to the way I created the translations, -using docbook and po4a, I also recreated the English original. And -because I already had created a new the PDF edition, I published it -too. The revenue from the books are sent to the Creative Commons -Corporation. In other words, I do not earn any money from this -project, I just earn the warm fuzzy feeling that the text is available -for a wider audience and more people can learn why the Creative -Commons is needed.</p> - -<p>Today, just for fun, I had a look at the sales number over at -Lulu.com, which take care of payment, printing and shipping. Much to -my surprise, the English edition is selling better than both the -French and Norwegian edition, despite the fact that it has been -available in English since it was first published. In total, 24 paper -books was sold for USD $19.99 between 2016-01-01 and 2016-07-31:</p> - -<table border="0"> -<tr><th>Title / language</th><th>Quantity</th></tr> -<tr><td><a href="http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html">Culture Libre / French</a></td><td align="right">3</td></tr> -<tr><td><a href="http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html">Fri kultur / Norwegian</a></td><td align="right">7</td></tr> -<tr><td><a href="http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html">Free Culture / English</a></td><td align="right">14</td></tr> -</table> - -<p>The books are available both from Lulu.com and from large book -stores like Amazon and Barnes&Noble. Most revenue, around $10 per -book, is sent to the Creative Commons project when the book is sold -directly by Lulu.com. The other channels give less revenue. The -summary from Lulu tell me 10 books was sold via the Amazon channel, 10 -via Ingram (what is this?) and 4 directly by Lulu. And Lulu.com tells -me that the revenue sent so far this year is USD $101.42. No idea -what kind of sales numbers to expect, so I do not know if that is a -good amount of sales for a 10 year old book or not. But it make me -happy that the buyers find the book, and I hope they enjoy reading it -as much as I did.</p> - -<p>The ebook edition is available for free from -<a href="https://github.com/petterreinholdtsen/free-culture-lessig">Github</a>.</p> - -<p>If you would like to translate and publish the book in your native -language, I would be happy to help make it happen. Please get in -touch.</p> + Detect OOXML files with undefined behaviour? + http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html + http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html + Tue, 21 Feb 2017 00:20:00 +0100 + <p>I just noticed +<a href="http://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing">the +new Norwegian proposal for archiving rules in the goverment</a> list +<a href="http://www.ecma-international.org/publications/standards/Ecma-376.htm">ECMA-376</a> +/ ISO/IEC 29500 (aka OOXML) as valid formats to put in long term +storage. Luckily such files will only be accepted based on +pre-approval from the National Archive. Allowing OOXML files to be +used for long term storage might seem like a good idea as long as we +forget that there are plenty of ways for a "valid" OOXML document to +have content with no defined interpretation in the standard, which +lead to a question and an idea.</p> + +<p>Is there any tool to detect if a OOXML document depend on such +undefined behaviour? It would be useful for the National Archive (and +anyone else interested in verifying that a document is well defined) +to have such tool available when considering to approve the use of +OOXML. I'm aware of the +<a href="https://github.com/arlm/officeotron/">officeotron OOXML +validator</a>, but do not know how complete it is nor if it will +report use of undefined behaviour. Are there other similar tools +available? Please send me an email if you know of any such tool.</p> - Vitenskapen tar som vanlig feil igjen - relativt feil - http://people.skolelinux.org/pere/blog/Vitenskapen_tar_som_vanlig_feil_igjen___relativt_feil.html - http://people.skolelinux.org/pere/blog/Vitenskapen_tar_som_vanlig_feil_igjen___relativt_feil.html - Mon, 1 Aug 2016 16:00:00 +0200 - <p>For mange år siden leste jeg en klassisk tekst som gjorde såpass -inntrykk på meg at jeg husker den fortsatt, flere år senere, og bruker -argumentene fra den stadig vekk. Teksten var «The Relativity of -Wrong» som Isaac Asimov publiserte i Skeptical Inquirer i 1989. Den -gir litt perspektiv rundt formidlingen av vitenskapelige resultater. -Jeg har hatt lyst til å kunne dele den også med folk som ikke -behersker engelsk så godt, som barn og noen av mine eldre slektninger, -og har savnet å ha den tilgjengelig på norsk. For to uker siden tok -jeg meg sammen og kontaktet Asbjørn Dyrendal i foreningen Skepsis om -de var interessert i å publisere en norsk utgave på bloggen sin, og da -han var positiv tok jeg kontakt med Skeptical Inquirer og spurte om -det var greit for dem. I løpet av noen dager fikk vi tilbakemelding -fra Barry Karr hos The Skeptical Inquirer som hadde sjekket og fått OK -fra Robyn Asimov som representerte arvingene i Asmiov-familien og gikk -igang med oversettingen.</p> - -<p>Resultatet, <a href="http://www.skepsis.no/?p=1617">«Relativt -feil»</a>, ble publisert på skepsis-bloggen for noen minutter siden. -Jeg anbefaler deg på det varmeste å lese denne teksten og dele den med -dine venner.</p> - -<p>For å håndtere oversettelsen og sikre at original og oversettelse -var i sync brukte vi git, po4a, GNU make og Transifex. Det hele -fungerte utmerket og gjorde det enkelt å dele tekstene og jobbe sammen -om finpuss på formuleringene. Hadde hosted.weblate.org latt meg -opprette nye prosjekter selv i stedet for å måtte kontakte -administratoren der, så hadde jeg brukt weblate i stedet.</p> + Ruling ignored our objections to the seizure of popcorn-time.no (#domstolkontroll) + http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html + http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html + Mon, 13 Feb 2017 21:30:00 +0100 + <p>A few days ago, we received the ruling from +<a href="http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html">my +day in court</a>. The case in question is a challenge of the seizure +of the DNS domain popcorn-time.no. The ruling simply did not mention +most of our arguments, and seemed to take everything ØKOKRIM said at +face value, ignoring our demonstration and explanations. But it is +hard to tell for sure, as we still have not seen most of the documents +in the case and thus were unprepared and unable to contradict several +of the claims made in court by the opposition. We are considering an +appeal, but it is partly a question of funding, as it is costing us +quite a bit to pay for our lawyer. If you want to help, please +<a href="http://www.nuug.no/dns-beslag-donasjon.shtml">donate to the +NUUG defense fund</a>.</p> + +<p>The details of the case, as far as we know it, is available in +Norwegian from +<a href="https://www.nuug.no/news/tags/dns-domenebeslag/">the NUUG +blog</a>. This also include +<a href="https://www.nuug.no/news/Avslag_etter_rettslig_h_ring_om_DNS_beslaget___vurderer_veien_videre.shtml">the +ruling itself</a>.</p> - Techno TV broadcasting live across Norway and the Internet (#debconf16, #nuug) on @frikanalen - http://people.skolelinux.org/pere/blog/Techno_TV_broadcasting_live_across_Norway_and_the_Internet___debconf16___nuug__on__frikanalen.html - http://people.skolelinux.org/pere/blog/Techno_TV_broadcasting_live_across_Norway_and_the_Internet___debconf16___nuug__on__frikanalen.html - Mon, 1 Aug 2016 10:30:00 +0200 - <p>Did you know there is a TV channel broadcasting talks from DebConf -16 across an entire country? Or that there is a TV channel -broadcasting talks by or about -<a href="http://beta.frikanalen.no/video/625529/">Linus Torvalds</a>, -<a href="http://beta.frikanalen.no/video/625599/">Tor</a>, -<a href="http://beta.frikanalen.no/video/624019/">OpenID</A>, -<a href="http://beta.frikanalen.no/video/625624/">Common Lisp</a>, -<a href="http://beta.frikanalen.no/video/625446/">Civic Tech</a>, -<a href="http://beta.frikanalen.no/video/625090/">EFF founder John Barlow</a>, -<a href="http://beta.frikanalen.no/video/625432/">how to make 3D -printer electronics</a> and many more fascinating topics? It works -using only free software (all of it -<a href="http://github.com/Frikanalen">available from Github</a>), and -is administrated using a web browser and a web API.</p> - -<p>The TV channel is the Norwegian open channel -<a href="http://www.frikanalen.no/">Frikanalen</a>, and I am involved -via <a href="https://www.nuug.no/">the NUUG member association</a> in -running and developing the software for the channel. The channel is -organised as a member organisation where its members can upload and -broadcast what they want (think of it as Youtube for national -broadcasting television). Individuals can broadcast too. The time -slots are handled on a first come, first serve basis. Because the -channel have almost no viewers and very few active members, we can -experiment with TV technology without too much flack when we make -mistakes. And thanks to the few active members, most of the slots on -the schedule are free. I see this as an opportunity to spread -knowledge about technology and free software, and have a script I run -regularly to fill up all the open slots the next few days with -technology related video. The end result is a channel I like to -describe as Techno TV - filled with interesting talks and -presentations.</p> - -<p>It is available on channel 50 on the Norwegian national digital TV -network (RiksTV). It is also available as a multicast stream on -Uninett. And finally, it is available as -<a href="http://beta.frikanalen.no/">a WebM unicast stream</a> from -Frikanalen and NUUG. Check it out. :)</p> + A day in court challenging seizure of popcorn-time.no for #domstolkontroll + http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html + http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html + Fri, 3 Feb 2017 11:10:00 +0100 + <p align="center"><img width="70%" src="http://people.skolelinux.org/pere/blog/images/2017-02-01-popcorn-time-in-court.jpeg"></p> + +<p>On Wednesday, I spent the entire day in court in Follo Tingrett +representing <a href="https://www.nuug.no/">the member association +NUUG</a>, alongside <a href="https://www.efn.no/">the member +association EFN</a> and <a href="http://www.imc.no">the DNS registrar +IMC</a>, challenging the seizure of the DNS name popcorn-time.no. It +was interesting to sit in a court of law for the first time in my +life. Our team can be seen in the picture above: attorney Ola +Tellesbø, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil +Eriksen and NUUG board member Petter Reinholdtsen.</p> + +<p><a href="http://www.domstol.no/no/Enkelt-domstol/follo-tingrett/Nar-gar-rettssaken/Beramming/?cid=AAAA1701301512081262234UJFBVEZZZZZEJBAvtale">The +case at hand</a> is that the Norwegian National Authority for +Investigation and Prosecution of Economic and Environmental Crime (aka +Økokrim) decided on their own, to seize a DNS domain early last +year, without following +<a href="https://www.norid.no/no/regelverk/navnepolitikk/#link12">the +official policy of the Norwegian DNS authority</a> which require a +court decision. The web site in question was a site covering Popcorn +Time. And Popcorn Time is the name of a technology with both legal +and illegal applications. Popcorn Time is a client combining +searching a Bittorrent directory available on the Internet with +downloading/distribute content via Bittorrent and playing the +downloaded content on screen. It can be used illegally if it is used +to distribute content against the will of the right holder, but it can +also be used legally to play a lot of content, for example the +millions of movies +<a href="https://archive.org/details/movies">available from the +Internet Archive</a> or the collection +<a href="http://vodo.net/films/">available from Vodo</a>. We created +<a href="magnet:?xt=urn:btih:86c1802af5a667ca56d3918aecb7d3c0f7173084&dn=PresentasjonFolloTingrett.mov&tr=udp%3A%2F%2Fpublic.popcorn-tracker.org%3A6969%2Fannounce">a +video demonstrating legally use of Popcorn Time</a> and played it in +Court. It can of course be downloaded using Bittorrent.</p> + +<p>I did not quite know what to expect from a day in court. The +government held on to their version of the story and we held on to +ours, and I hope the judge is able to make sense of it all. We will +know in two weeks time. Unfortunately I do not have high hopes, as +the Government have the upper hand here with more knowledge about the +case, better training in handling criminal law and in general higher +standing in the courts than fairly unknown DNS registrar and member +associations. It is expensive to be right also in Norway. So far the +case have cost more than NOK 70 000,-. To help fund the case, NUUG +and EFN have asked for donations, and managed to collect around NOK 25 +000,- so far. Given the presentation from the Government, I expect +the government to appeal if the case go our way. And if the case do +not go our way, I hope we have enough funding to appeal.</p> + +<p>From the other side came two people from Økokrim. On the benches, +appearing to be part of the group from the government were two people +from the Simonsen Vogt Wiik lawyer office, and three others I am not +quite sure who was. Økokrim had proposed to present two witnesses +from The Motion Picture Association, but this was rejected because +they did not speak Norwegian and it was a bit late to bring in a +translator, but perhaps the two from MPA were present anyway. All +seven appeared to know each other. Good to see the case is take +seriously.</p> + +<p>If you, like me, believe the courts should be involved before a DNS +domain is hijacked by the government, or you believe the Popcorn Time +technology have a lot of useful and legal applications, I suggest you +too <a href="http://www.nuug.no/dns-beslag-donasjon.shtml">donate to +the NUUG defense fund</a>. Both Bitcoin and bank transfer are +available. If NUUG get more than we need for the legal action (very +unlikely), the rest will be spend promoting free software, open +standards and unix-like operating systems in Norway, so no matter what +happens the money will be put to good use.</p> + +<p>If you want to lean more about the case, I recommend you check out +<a href="https://www.nuug.no/news/tags/dns-domenebeslag/">the blog +posts from NUUG covering the case</a>. They cover the legal arguments +on both sides.</p> - Unlocking HTC Desire HD on Linux using unruu and fastboot - http://people.skolelinux.org/pere/blog/Unlocking_HTC_Desire_HD_on_Linux_using_unruu_and_fastboot.html - http://people.skolelinux.org/pere/blog/Unlocking_HTC_Desire_HD_on_Linux_using_unruu_and_fastboot.html - Thu, 7 Jul 2016 11:30:00 +0200 - <p>Yesterday, I tried to unlock a HTC Desire HD phone, and it proved -to be a slight challenge. Here is the recipe if I ever need to do it -again. It all started by me wanting to try the recipe to set up -<a href="https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy">an -hardened Android installation</a> from the Tor project blog on a -device I had access to. It is a old mobile phone with a broken -microphone The initial idea had been to just -<a href="http://wiki.cyanogenmod.org/w/Install_CM_for_ace">install -CyanogenMod on it</a>, but did not quite find time to start on it -until a few days ago.</p> - -<p>The unlock process is supposed to be simple: (1) Boot into the boot -loader (press volume down and power at the same time), (2) select -'fastboot' before (3) connecting the device via USB to a Linux -machine, (4) request the device identifier token by running 'fastboot -oem get_identifier_token', (5) request the device unlocking key using -the <a href="http://www.htcdev.com/bootloader/">HTC developer web -site</a> and unlock the phone using the key file emailed to you.</p> - -<p>Unfortunately, this only work fi you have hboot version 2.00.0029 -or newer, and the device I was working on had 2.00.0027. This -apparently can be easily fixed by downloading a Windows program and -running it on your Windows machine, if you accept the terms Microsoft -require you to accept to use Windows - which I do not. So I had to -come up with a different approach. I got a lot of help from AndyCap -on #nuug, and would not have been able to get this working without -him.</p> - -<p>First I needed to extract the hboot firmware from -<a href="http://www.htcdev.com/ruu/PD9810000_Ace_Sense30_S_hboot_2.00.0029.exe">the -windows binary for HTC Desire HD</a> downloaded as 'the RUU' from HTC. -For this there is is <a href="https://github.com/kmdm/unruu/">a github -project named unruu</a> using libunshield. The unshield tool did not -recognise the file format, but unruu worked and extracted rom.zip, -containing the new hboot firmware and a text file describing which -devices it would work for.</p> - -<p>Next, I needed to get the new firmware into the device. For this I -followed some instructions -<a href="http://www.htc1guru.com/2013/09/new-ruu-zips-posted/">available -from HTC1Guru.com</a>, and ran these commands as root on a Linux -machine with Debian testing:</p> - -<p><pre> -adb reboot-bootloader -fastboot oem rebootRUU -fastboot flash zip rom.zip -fastboot flash zip rom.zip -fastboot reboot -</pre></p> - -<p>The flash command apparently need to be done twice to take effect, -as the first is just preparations and the second one do the flashing. -The adb command is just to get to the boot loader menu, so turning the -device on while holding volume down and the power button should work -too.</p> - -<p>With the new hboot version in place I could start following the -instructions on the HTC developer web site. I got the device token -like this:</p> - -<p><pre> -fastboot oem get_identifier_token 2>&1 | sed 's/(bootloader) //' -</pre> - -<p>And once I got the unlock code via email, I could use it like -this:</p> - -<p><pre> -fastboot flash unlocktoken Unlock_code.bin -</pre></p> - -<p>And with that final step in place, the phone was unlocked and I -could start stuffing the software of my own choosing into the device. -So far I only inserted a replacement recovery image to wipe the phone -before I start. We will see what happen next. Perhaps I should -install <a href="https://www.debian.org/">Debian</a> on it. :)</p> + Nasjonalbiblioteket avslutter sin ulovlige bruk av Google Skjemaer + http://people.skolelinux.org/pere/blog/Nasjonalbiblioteket_avslutter_sin_ulovlige_bruk_av_Google_Skjemaer.html + http://people.skolelinux.org/pere/blog/Nasjonalbiblioteket_avslutter_sin_ulovlige_bruk_av_Google_Skjemaer.html + Thu, 12 Jan 2017 09:40:00 +0100 + <p>I dag fikk jeg en skikkelig gladmelding. Bakgrunnen er at før jul +arrangerte Nasjonalbiblioteket +<a href="http://www.nb.no/Bibliotekutvikling/Kunnskapsorganisering/Nasjonalt-verksregister/Seminar-om-verksregister">et +seminar om sitt knakende gode tiltak «verksregister»</a>. Eneste +måten å melde seg på dette seminaret var å sende personopplysninger +til Google via Google Skjemaer. Dette syntes jeg var tvilsom praksis, +da det bør være mulig å delta på seminarer arrangert av det offentlige +uten å måtte dele sine interesser, posisjon og andre +personopplysninger med Google. Jeg ba derfor om innsyn via +<a href="https://www.mimesbronn.no/">Mimes brønn</a> i +<a href="https://www.mimesbronn.no/request/personopplysninger_til_google_sk">avtaler +og vurderinger Nasjonalbiblioteket hadde rundt dette</a>. +Personopplysningsloven legger klare rammer for hva som må være på +plass før en kan be tredjeparter, spesielt i utlandet, behandle +personopplysninger på sine vegne, så det burde eksistere grundig +dokumentasjon før noe slikt kan bli lovlig. To jurister hos +Nasjonalbiblioteket mente først dette var helt i orden, og at Googles +standardavtale kunne brukes som databehandlingsavtale. Det syntes jeg +var merkelig, men har ikke hatt kapasitet til å følge opp saken før +for to dager siden.</p> + +<p>Gladnyheten i dag, som kom etter at jeg tipset Nasjonalbiblioteket +om at Datatilsynet underkjente Googles standardavtaler som +databehandleravtaler i 2011, er at Nasjonalbiblioteket har bestemt seg +for å avslutte bruken av Googles Skjemaer/Apps og gå i dialog med DIFI +for å finne bedre måter å håndtere påmeldinger i tråd med +personopplysningsloven. Det er fantastisk å se at av og til hjelper +det å spørre hva i alle dager det offentlige holder på med.</p> - How to use the Signal app if you only have a land line (ie no mobile phone) - http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html - http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html - Sun, 3 Jul 2016 14:20:00 +0200 - <p>For a while now, I have wanted to test -<a href="https://whispersystems.org/">the Signal app</a>, as it is -said to provide end to end encrypted communication and several of my -friends and family are already using it. As I by choice do not own a -mobile phone, this proved to be harder than expected. And I wanted to -have the source of the client and know that it was the code used on my -machine. But yesterday I managed to get it working. I used the -Github source, compared it to the source in -<a href="https://chrome.google.com/webstore/detail/signal-private-messenger/bikioccmkafdpakkkcpdbppfkghcmihk?hl=en-US">the -Signal Chrome app</a> available from the Chrome web store, applied -patches to use the production Signal servers, started the app and -asked for the hidden "register without a smart phone" form. Here is -the recipe how I did it.</p> - -<p>First, I fetched the Signal desktop source from Github, using - -<pre> -git clone https://github.com/WhisperSystems/Signal-Desktop.git -</pre> - -<p>Next, I patched the source to use the production servers, to be -able to talk to other Signal users:</p> - -<pre> -cat &lt;&lt;EOF | patch -p0 -diff -ur ./js/background.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js ---- ./js/background.js 2016-06-29 13:43:15.630344628 +0200 -+++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js 2016-06-29 14:06:29.530300934 +0200 -@@ -47,8 +47,8 @@ - }); - }); - -- var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org'; -- var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com'; -+ var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org:4433'; -+ var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com'; - var messageReceiver; - window.getSocketStatus = function() { - if (messageReceiver) { -diff -ur ./js/expire.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js ---- ./js/expire.js 2016-06-29 13:43:15.630344628 +0200 -+++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js2016-06-29 14:06:29.530300934 +0200 -@@ -1,6 +1,6 @@ - ;(function() { - 'use strict'; -- var BUILD_EXPIRATION = 0; -+ var BUILD_EXPIRATION = 1474492690000; - - window.extension = window.extension || {}; - -EOF -</pre> - -<p>The first part is changing the servers, and the second is updating -an expiration timestamp. This timestamp need to be updated regularly. -It is set 90 days in the future by the build process (Gruntfile.js). -The value is seconds since 1970 times 1000, as far as I can tell.</p> - -<p>Based on a tip and good help from the #nuug IRC channel, I wrote a -script to launch Signal in Chromium.</p> - -<pre> -#!/bin/sh -cd $(dirname $0) -mkdir -p userdata -exec chromium \ - --proxy-server="socks://localhost:9050" \ - --user-data-dir=`pwd`/userdata --load-and-launch-app=`pwd` -</pre> - -<p> The script start the app and configure Chromium to use the Tor -SOCKS5 proxy to make sure those controlling the Signal servers (today -Amazon and Whisper Systems) as well as those listening on the lines -will have a harder time location my laptop based on the Signal -connections if they use source IP address.</p> - -<p>When the script starts, one need to follow the instructions under -"Standalone Registration" in the CONTRIBUTING.md file in the git -repository. I right clicked on the Signal window to get up the -Chromium debugging tool, visited the 'Console' tab and wrote -'extension.install("standalone")' on the console prompt to get the -registration form. Then I entered by land line phone number and -pressed 'Call'. 5 seconds later the phone rang and a robot voice -repeated the verification code three times. After entering the number -into the verification code field in the form, I could start using -Signal from my laptop. - -<p>As far as I can tell, The Signal app will leak who is talking to -whom and thus who know who to those controlling the central server, -but such leakage is hard to avoid with a centrally controlled server -setup. It is something to keep in mind when using Signal - the -content of your chats are harder to intercept, but the meta data -exposing your contact network is available to people you do not know. -So better than many options, but not great. And sadly the usage is -connected to my land line, thus allowing those controlling the server -to associate it to my home and person. I would prefer it if only -those I knew could tell who I was on Signal. There are options -avoiding such information leakage, but most of my friends are not -using them, so I am stuck with Signal for now.</p> + Bryter NAV sin egen personvernerklæring? + http://people.skolelinux.org/pere/blog/Bryter_NAV_sin_egen_personvernerkl_ring_.html + http://people.skolelinux.org/pere/blog/Bryter_NAV_sin_egen_personvernerkl_ring_.html + Wed, 11 Jan 2017 06:50:00 +0100 + <p>Jeg leste med interesse en nyhetssak hos +<a href="http://www.digi.no/artikler/nav-avslorer-trygdemisbruk-ved-a-spore-ip-adresser/367394">digi.no</a> +og +<a href="https://www.nrk.no/buskerud/trygdesvindlere-avslores-av-utenlandske-ip-adresser-1.13313461">NRK</a> +om at det ikke bare er meg, men at også NAV bedriver geolokalisering +av IP-adresser, og at det gjøres analyse av IP-adressene til de som +sendes inn meldekort for å se om meldekortet sendes inn fra +utenlandske IP-adresser. Politiadvokat i Drammen, Hans Lyder Haare, +er sitert i NRK på at «De to er jo blant annet avslørt av +IP-adresser. At man ser at meldekortet kommer fra utlandet.»</p> + +<p>Jeg synes det er fint at det blir bedre kjent at IP-adresser +knyttes til enkeltpersoner og at innsamlet informasjon brukes til å +stedsbestemme personer også av aktører her i Norge. Jeg ser det som +nok et argument for å bruke +<a href="https://www.torproject.org/">Tor</a> så mye som mulig for å +gjøre gjøre IP-lokalisering vanskeligere, slik at en kan beskytte sin +privatsfære og unngå å dele sin fysiske plassering med +uvedkommede.</p> + +<P>Men det er en ting som bekymrer meg rundt denne nyheten. Jeg ble +tipset (takk #nuug) om +<a href="https://www.nav.no/no/NAV+og+samfunn/Kontakt+NAV/Teknisk+brukerstotte/Snarveier/personvernerkl%C3%A6ring-for-arbeids-og-velferdsetaten">NAVs +personvernerklæring</a>, som under punktet «Personvern og statistikk» +lyder:</p> + +<p><blockquote> + +<p>«Når du besøker nav.no, etterlater du deg elektroniske spor. Sporene +dannes fordi din nettleser automatisk sender en rekke opplysninger til +NAVs tjener (server-maskin) hver gang du ber om å få vist en side. Det +er eksempelvis opplysninger om hvilken nettleser og -versjon du +bruker, og din internettadresse (ip-adresse). For hver side som vises, +lagres følgende opplysninger:</p> + +<ul> +<li>hvilken side du ser på</li> +<li>dato og tid</li> +<li>hvilken nettleser du bruker</li> +<li>din ip-adresse</li> +</ul> + +<p>Ingen av opplysningene vil bli brukt til å identifisere +enkeltpersoner. NAV bruker disse opplysningene til å generere en +samlet statistikk som blant annet viser hvilke sider som er mest +populære. Statistikken er et redskap til å forbedre våre +tjenester.»</p> + +</blockquote></p> + +<p>Jeg klarer ikke helt å se hvordan analyse av de besøkendes +IP-adresser for å se hvem som sender inn meldekort via web fra en +IP-adresse i utlandet kan gjøres uten å komme i strid med påstanden om +at «ingen av opplysningene vil bli brukt til å identifisere +enkeltpersoner». Det virker dermed for meg som at NAV bryter sine +egen personvernerklæring, hvilket +<a href="http://people.skolelinux.org/pere/blog/Er_lover_brutt_n_r_personvernpolicy_ikke_stemmer_med_praksis_.html">Datatilsynet +fortalte meg i starten av desember antagelig er brudd på +personopplysningsloven</a>. + +<p>I tillegg er personvernerklæringen ganske misvisende i og med at +NAVs nettsider ikke bare forsyner NAV med personopplysninger, men i +tillegg ber brukernes nettleser kontakte fem andre nettjenere +(script.hotjar.com, static.hotjar.com, vars.hotjar.com, +www.google-analytics.com og www.googletagmanager.com), slik at +personopplysninger blir gjort tilgjengelig for selskapene Hotjar og +Google , og alle som kan lytte på trafikken på veien (som FRA, GCHQ og +NSA). Jeg klarer heller ikke se hvordan slikt spredning av +personopplysninger kan være i tråd med kravene i +personopplysningloven, eller i tråd med NAVs personvernerklæring.</p> + +<p>Kanskje NAV bør ta en nøye titt på sin personvernerklæring? Eller +kanskje Datatilsynet bør gjøre det?</p> - The new "best" multimedia player in Debian? - http://people.skolelinux.org/pere/blog/The_new__best__multimedia_player_in_Debian_.html - http://people.skolelinux.org/pere/blog/The_new__best__multimedia_player_in_Debian_.html - Mon, 6 Jun 2016 12:50:00 +0200 - <p>When I set out a few weeks ago to figure out -<a href="http://people.skolelinux.org/pere/blog/What_is_the_best_multimedia_player_in_Debian_.html">which -multimedia player in Debian claimed to support most file formats / -MIME types</a>, I was a bit surprised how varied the sets of MIME types -the various players claimed support for. The range was from 55 to 130 -MIME types. I suspect most media formats are supported by all -players, but this is not really reflected in the MimeTypes values in -their desktop files. There are probably also some bogus MIME types -listed, but it is hard to identify which one this is.</p> - -<p>Anyway, in the mean time I got in touch with upstream for some of -the players suggesting to add more MIME types to their desktop files, -and decided to spend some time myself improving the situation for my -favorite media player VLC. The fixes for VLC entered Debian unstable -yesterday. The complete list of MIME types can be seen on the -<a href="https://wiki.debian.org/DebianMultimedia/PlayerSupport">Multimedia -player MIME type support status</a> Debian wiki page.</p> - -<p>The new "best" multimedia player in Debian? It is VLC, followed by -totem, parole, kplayer, gnome-mpv, mpv, smplayer, mplayer-gui and -kmplayer. I am sure some of the other players desktop files support -several of the formats currently listed as working only with vlc, -toten and parole.</p> - -<p>A sad observation is that only 14 MIME types are listed as -supported by all the tested multimedia players in Debian in their -desktop files: audio/mpeg, audio/vnd.rn-realaudio, audio/x-mpegurl, -audio/x-ms-wma, audio/x-scpls, audio/x-wav, video/mp4, video/mpeg, -video/quicktime, video/vnd.rn-realvideo, video/x-matroska, -video/x-ms-asf, video/x-ms-wmv and video/x-msvideo. Personally I find -it sad that video/ogg and video/webm is not supported by all the media -players in Debian. As far as I can tell, all of them can handle both -formats.</p> + Where did that package go? &mdash; geolocated IP traceroute + http://people.skolelinux.org/pere/blog/Where_did_that_package_go___mdash__geolocated_IP_traceroute.html + http://people.skolelinux.org/pere/blog/Where_did_that_package_go___mdash__geolocated_IP_traceroute.html + Mon, 9 Jan 2017 12:20:00 +0100 + <p>Did you ever wonder where the web trafic really flow to reach the +web servers, and who own the network equipment it is flowing through? +It is possible to get a glimpse of this from using traceroute, but it +is hard to find all the details. Many years ago, I wrote a system to +map the Norwegian Internet (trying to figure out if our plans for a +network game service would get low enough latency, and who we needed +to talk to about setting up game servers close to the users. Back +then I used traceroute output from many locations (I asked my friends +to run a script and send me their traceroute output) to create the +graph and the map. The output from traceroute typically look like +this: + +<p><pre> +traceroute to www.stortinget.no (85.88.67.10), 30 hops max, 60 byte packets + 1 uio-gw10.uio.no (129.240.202.1) 0.447 ms 0.486 ms 0.621 ms + 2 uio-gw8.uio.no (129.240.24.229) 0.467 ms 0.578 ms 0.675 ms + 3 oslo-gw1.uninett.no (128.39.65.17) 0.385 ms 0.373 ms 0.358 ms + 4 te3-1-2.br1.fn3.as2116.net (193.156.90.3) 1.174 ms 1.172 ms 1.153 ms + 5 he16-1-1.cr1.san110.as2116.net (195.0.244.234) 2.627 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48) 3.172 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234) 2.857 ms + 6 ae1.ar8.oslosda310.as2116.net (195.0.242.39) 0.662 ms 0.637 ms ae0.ar8.oslosda310.as2116.net (195.0.242.23) 0.622 ms + 7 89.191.10.146 (89.191.10.146) 0.931 ms 0.917 ms 0.955 ms + 8 * * * + 9 * * * +[...] +</pre></p> + +<p>This show the DNS names and IP addresses of (at least some of the) +network equipment involved in getting the data traffic from me to the +www.stortinget.no server, and how long it took in milliseconds for a +package to reach the equipment and return to me. Three packages are +sent, and some times the packages do not follow the same path. This +is shown for hop 5, where three different IP addresses replied to the +traceroute request.</p> + +<p>There are many ways to measure trace routes. Other good traceroute +implementations I use are traceroute (using ICMP packages) mtr (can do +both ICMP, UDP and TCP) and scapy (python library with ICMP, UDP, TCP +traceroute and a lot of other capabilities). All of them are easily +available in <a href="https://www.debian.org/">Debian</a>.</p> + +<p>This time around, I wanted to know the geographic location of +different route points, to visualize how visiting a web page spread +information about the visit to a lot of servers around the globe. The +background is that a web site today often will ask the browser to get +from many servers the parts (for example HTML, JSON, fonts, +JavaScript, CSS, video) required to display the content. This will +leak information about the visit to those controlling these servers +and anyone able to peek at the data traffic passing by (like your ISP, +the ISPs backbone provider, FRA, GCHQ, NSA and others).</p> + +<p>Lets pick an example, the Norwegian parliament web site +www.stortinget.no. It is read daily by all members of parliament and +their staff, as well as political journalists, activits and many other +citizens of Norway. A visit to the www.stortinget.no web site will +ask your browser to contact 8 other servers: ajax.googleapis.com, +insights.hotjar.com, script.hotjar.com, static.hotjar.com, +stats.g.doubleclick.net, www.google-analytics.com, +www.googletagmanager.com and www.netigate.se. I extracted this by +asking <a href="http://phantomjs.org/">PhantomJS</a> to visit the +Stortinget web page and tell me all the URLs PhantomJS downloaded to +render the page (in HAR format using +<a href="https://github.com/ariya/phantomjs/blob/master/examples/netsniff.js">their +netsniff example</a>. I am very grateful to Gorm for showing me how +to do this). My goal is to visualize network traces to all IP +addresses behind these DNS names, do show where visitors personal +information is spread when visiting the page.</p> + +<p align="center"><a href="www.stortinget.no-geoip.kml"><img +src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geoip-small.png" alt="map of combined traces for URLs used by www.stortinget.no using GeoIP"/></a></p> + +<p>When I had a look around for options, I could not find any good +free software tools to do this, and decided I needed my own traceroute +wrapper outputting KML based on locations looked up using GeoIP. KML +is easy to work with and easy to generate, and understood by several +of the GIS tools I have available. I got good help from by NUUG +colleague Anders Einar with this, and the result can be seen in +<a href="https://github.com/petterreinholdtsen/kmltraceroute">my +kmltraceroute git repository</a>. Unfortunately, the quality of the +free GeoIP databases I could find (and the for-pay databases my +friends had access to) is not up to the task. The IP addresses of +central Internet infrastructure would typically be placed near the +controlling companies main office, and not where the router is really +located, as you can see from <a href="www.stortinget.no-geoip.kml">the +KML file I created</a> using the GeoLite City dataset from MaxMind. + +<p align="center"><a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy.svg"><img +src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy-small.png" alt="scapy traceroute graph for URLs used by www.stortinget.no"/></a></p> + +<p>I also had a look at the visual traceroute graph created by +<a href="http://www.secdev.org/projects/scapy/">the scrapy project</a>, +showing IP network ownership (aka AS owner) for the IP address in +question. +<a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-scapy.svg">The +graph display a lot of useful information about the traceroute in SVG +format</a>, and give a good indication on who control the network +equipment involved, but it do not include geolocation. This graph +make it possible to see the information is made available at least for +UNINETT, Catchcom, Stortinget, Nordunet, Google, Amazon, Telia, Level +3 Communications and NetDNA.</p> + +<p align="center"><a href="https://geotraceroute.com/index.php?node=4&host=www.stortinget.no"><img +src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-small.png" alt="example geotraceroute view for www.stortinget.no"/></a></p> + +<p>In the process, I came across the +<a href="https://geotraceroute.com/">web service GeoTraceroute</a> by +Salim Gasmi. Its methology of combining guesses based on DNS names, +various location databases and finally use latecy times to rule out +candidate locations seemed to do a very good job of guessing correct +geolocation. But it could only do one trace at the time, did not have +a sensor in Norway and did not make the geolocations easily available +for postprocessing. So I contacted the developer and asked if he +would be willing to share the code (he refused until he had time to +clean it up), but he was interested in providing the geolocations in a +machine readable format, and willing to set up a sensor in Norway. So +since yesterday, it is possible to run traces from Norway in this +service thanks to a sensor node set up by +<a href="https://www.nuug.no/">the NUUG assosiation</a>, and get the +trace in KML format for further processing.</p> + +<p align="center"><a href="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-kml-join.kml"><img +src="http://people.skolelinux.org/pere/blog/images/2017-01-09-www.stortinget.no-geotraceroute-kml-join.png" alt="map of combined traces for URLs used by www.stortinget.no using geotraceroute"/></a></p> + +<p>Here we can see a lot of trafic passes Sweden on its way to +Denmark, Germany, Holland and Ireland. Plenty of places where the +Snowden confirmations verified the traffic is read by various actors +without your best interest as their top priority.</p> + +<p>Combining KML files is trivial using a text editor, so I could loop +over all the hosts behind the urls imported by www.stortinget.no and +ask for the KML file from GeoTraceroute, and create a combined KML +file with all the traces (unfortunately only one of the IP addresses +behind the DNS name is traced this time. To get them all, one would +have to request traces using IP number instead of DNS names from +GeoTraceroute). That might be the next step in this project.</p> + +<p>Armed with these tools, I find it a lot easier to figure out where +the IP traffic moves and who control the boxes involved in moving it. +And every time the link crosses for example the Swedish border, we can +be sure Swedish Signal Intelligence (FRA) is listening, as GCHQ do in +Britain and NSA in USA and cables around the globe. (Hm, what should +we tell them? :) Keep that in mind if you ever send anything +unencrypted over the Internet.</p> + +<p>PS: KML files are drawn using +<a href="http://ivanrublev.me/kml/">the KML viewer from Ivan +Rublev<a/>, as it was less cluttered than the local Linux application +Marble. There are heaps of other options too.</p> + +<p>As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p> - A program should be able to open its own files on Linux - http://people.skolelinux.org/pere/blog/A_program_should_be_able_to_open_its_own_files_on_Linux.html - http://people.skolelinux.org/pere/blog/A_program_should_be_able_to_open_its_own_files_on_Linux.html - Sun, 5 Jun 2016 08:30:00 +0200 - <p>Many years ago, when koffice was fresh and with few users, I -decided to test its presentation tool when making the slides for a -talk I was giving for NUUG on Japhar, a free Java virtual machine. I -wrote the first draft of the slides, saved the result and went to bed -the day before I would give the talk. The next day I took a plane to -the location where the meeting should take place, and on the plane I -started up koffice again to polish the talk a bit, only to discover -that kpresenter refused to load its own data file. I cursed a bit and -started making the slides again from memory, to have something to -present when I arrived. I tested that the saved files could be -loaded, and the day seemed to be rescued. I continued to polish the -slides until I suddenly discovered that the saved file could no longer -be loaded into kpresenter. In the end I had to rewrite the slides -three times, condensing the content until the talk became shorter and -shorter. After the talk I was able to pinpoint the problem &ndash; -kpresenter wrote inline images in a way itself could not understand. -Eventually that bug was fixed and kpresenter ended up being a great -program to make slides. The point I'm trying to make is that we -expect a program to be able to load its own data files, and it is -embarrassing to its developers if it can't.</p> - -<p>Did you ever experience a program failing to load its own data -files from the desktop file browser? It is not a uncommon problem. A -while back I discovered that the screencast recorder -gtk-recordmydesktop would save an Ogg Theora video file the KDE file -browser would refuse to open. No video player claimed to understand -such file. I tracked down the cause being <tt>file --mime-type</tt> -returning the application/ogg MIME type, which no video player I had -installed listed as a MIME type they would understand. I asked for -<a href="http://bugs.gw.com/view.php?id=382">file to change its -behavour</a> and use the MIME type video/ogg instead. I also asked -several video players to add video/ogg to their desktop files, to give -the file browser an idea what to do about Ogg Theora files. After a -while, the desktop file browsers in Debian started to handle the -output from gtk-recordmydesktop properly.</p> - -<p>But history repeats itself. A few days ago I tested the music -system Rosegarden again, and I discovered that the KDE and xfce file -browsers did not know what to do with the Rosegarden project files -(*.rg). I've reported <a href="http://bugs.debian.org/825993">the -rosegarden problem to BTS</a> and a fix is commited to git and will be -included in the next upload. To increase the chance of me remembering -how to fix the problem next time some program fail to load its files -from the file browser, here are some notes on how to fix it.</p> - -<p>The file browsers in Debian in general operates on MIME types. -There are two sources for the MIME type of a given file. The output from -<tt>file --mime-type</tt> mentioned above, and the content of the -shared MIME type registry (under /usr/share/mime/). The file MIME -type is mapped to programs supporting the MIME type, and this -information is collected from -<a href="https://www.freedesktop.org/wiki/Specifications/desktop-entry-spec/">the -desktop files</a> available in /usr/share/applications/. If there is -one desktop file claiming support for the MIME type of the file, it is -activated when asking to open a given file. If there are more, one -can normally select which one to use by right-clicking on the file and -selecting the wanted one using 'Open with' or similar. In general -this work well. But it depend on each program picking a good MIME -type (preferably -<a href="http://www.iana.org/assignments/media-types/media-types.xhtml">a -MIME type registered with IANA</a>), file and/or the shared MIME -registry recognizing the file and the desktop file to list the MIME -type in its list of supported MIME types.</p> - -<p>The <tt>/usr/share/mime/packages/rosegarden.xml</tt> entry for -<a href="http://www.freedesktop.org/wiki/Specifications/shared-mime-info-spec">the -Shared MIME database</a> look like this:</p> - -<p><blockquote><pre> -&lt;?xml version="1.0" encoding="UTF-8"?&gt; -&lt;mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info"&gt; - &lt;mime-type type="audio/x-rosegarden"&gt; - &lt;sub-class-of type="application/x-gzip"/&gt; - &lt;comment&gt;Rosegarden project file&lt;/comment&gt; - &lt;glob pattern="*.rg"/&gt; - &lt;/mime-type&gt; -&lt;/mime-info&gt; -</pre></blockquote></p> - -<p>This states that audio/x-rosegarden is a kind of application/x-gzip -(it is a gzipped XML file). Note, it is much better to use an -official MIME type registered with IANA than it is to make up ones own -unofficial ones like the x-rosegarden type used by rosegarden.</p> - -<p>The desktop file of the rosegarden program failed to list -audio/x-rosegarden in its list of supported MIME types, causing the -file browsers to have no idea what to do with *.rg files:</p> - -<p><blockquote><pre> -% grep Mime /usr/share/applications/rosegarden.desktop -MimeType=audio/x-rosegarden-composition;audio/x-rosegarden-device;audio/x-rosegarden-project;audio/x-rosegarden-template;audio/midi; -X-KDE-NativeMimeType=audio/x-rosegarden-composition + Introducing ical-archiver to split out old iCalendar entries + http://people.skolelinux.org/pere/blog/Introducing_ical_archiver_to_split_out_old_iCalendar_entries.html + http://people.skolelinux.org/pere/blog/Introducing_ical_archiver_to_split_out_old_iCalendar_entries.html + Wed, 4 Jan 2017 12:20:00 +0100 + <p>Do you have a large <a href="https://icalendar.org/">iCalendar</a> +file with lots of old entries, and would like to archive them to save +space and resources? At least those of us using KOrganizer know that +turning on and off an event set become slower and slower the more +entries are in the set. While working on migrating our calendars to a +<a href="http://radicale.org/">Radicale CalDAV server</a> on our +<a href="https://freedomboxfoundation.org/">Freedombox server</a/>, my +loved one wondered if I could find a way to split up the calendar file +she had in KOrganizer, and I set out to write a tool. I spent a few +days writing and polishing the system, and it is now ready for general +consumption. The +<a href="https://github.com/petterreinholdtsen/ical-archiver">code for +ical-archiver</a> is publicly available from a git repository on +github. The system is written in Python and depend on +<a href="http://eventable.github.io/vobject/">the vobject Python +module</a>.</p> + +<p>To use it, locate the iCalendar file you want to operate on and +give it as an argument to the ical-archiver script. This will +generate a set of new files, one file per component type per year for +all components expiring more than two years in the past. The vevent, +vtodo and vjournal entries are handled by the script. The remaining +entries are stored in a 'remaining' file.</p> + +<p>This is what a test run can look like: + +<p><pre> +% ical-archiver t/2004-2016.ics +Found 3612 vevents +Found 6 vtodos +Found 2 vjournals +Writing t/2004-2016.ics-subset-vevent-2004.ics +Writing t/2004-2016.ics-subset-vevent-2005.ics +Writing t/2004-2016.ics-subset-vevent-2006.ics +Writing t/2004-2016.ics-subset-vevent-2007.ics +Writing t/2004-2016.ics-subset-vevent-2008.ics +Writing t/2004-2016.ics-subset-vevent-2009.ics +Writing t/2004-2016.ics-subset-vevent-2010.ics +Writing t/2004-2016.ics-subset-vevent-2011.ics +Writing t/2004-2016.ics-subset-vevent-2012.ics +Writing t/2004-2016.ics-subset-vevent-2013.ics +Writing t/2004-2016.ics-subset-vevent-2014.ics +Writing t/2004-2016.ics-subset-vjournal-2007.ics +Writing t/2004-2016.ics-subset-vjournal-2011.ics +Writing t/2004-2016.ics-subset-vtodo-2012.ics +Writing t/2004-2016.ics-remaining.ics % -</pre></blockquote></p> - -<p>The fix was to add "audio/x-rosegarden;" at the end of the -MimeType= line.</p> - -<p>If you run into a file which fail to open the correct program when -selected from the file browser, please check out the output from -<tt>file --mime-type</tt> for the file, ensure the file ending and -MIME type is registered somewhere under /usr/share/mime/ and check -that some desktop file under /usr/share/applications/ is claiming -support for this MIME type. If not, please report a bug to have it -fixed. :)</p> +</pre></p> + +<p>As you can see, the original file is untouched and new files are +written with names derived from the original file. If you are happy +with their content, the *-remaining.ics file can replace the original +the the others can be archived or imported as historical calendar +collections.</p> + +<p>The script should probably be improved a bit. The error handling +when discovering broken entries is not good, and I am not sure yet if +it make sense to split different entry types into separate files or +not. The program is thus likely to change. If you find it +interesting, please get in touch. :)</p> + +<p>As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>