X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/db23c334417fbc93be4e1b04abd0aceb32354fd0..8988e891075fcfb7c3c36b99a9bc41e725cd6dcd:/blog/archive/2014/03/03.rss
diff --git a/blog/archive/2014/03/03.rss b/blog/archive/2014/03/03.rss
index f825bdf398..9ab9ccdd4a 100644
--- a/blog/archive/2014/03/03.rss
+++ b/blog/archive/2014/03/03.rss
@@ -6,6 +6,150 @@
http://people.skolelinux.org/pere/blog/
+
+ Public Trusted Timestamping services for everyone
+ http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html
+ http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html
+ Tue, 25 Mar 2014 12:50:00 +0100
+ <p>Did you ever need to store logs or other files in a way that would
+allow it to be used as evidence in court, and needed a way to
+demonstrate without reasonable doubt that the file had not been
+changed since it was created? Or, did you ever need to document that
+a given document was received at some point in time, like some
+archived document or the answer to an exam, and not changed after it
+was received? The problem in these settings is to remove the need to
+trust yourself and your computers, while still being able to prove
+that a file is the same as it was at some given time in the past.</p>
+
+<p>A solution to these problems is to have a trusted third party
+"stamp" the document and verify that at some given time the document
+looked a given way. Such
+<a href="https://en.wikipedia.org/wiki/Notarius">notarius</a> service
+have been around for thousands of years, and its digital equivalent is
+called a
+<a href="http://en.wikipedia.org/wiki/Trusted_timestamping">trusted
+timestamping service</a>. <a href="http://www.ietf.org/">The Internet
+Engineering Task Force</a> standardised how such service could work a
+few years ago as <a href="http://tools.ietf.org/html/rfc3161">RFC
+3161</a>. The mechanism is simple. Create a hash of the file in
+question, send it to a trusted third party which add a time stamp to
+the hash and sign the result with its private key, and send back the
+signed hash + timestamp. Both email, FTP and HTTP can be used to
+request such signature, depending on what is provided by the service
+used. Anyone with the document and the signature can then verify that
+the document matches the signature by creating their own hash and
+checking the signature using the trusted third party public key.
+There are several commercial services around providing such
+timestamping. A quick search for
+"<a href="https://duckduckgo.com/?q=rfc+3161+service">rfc 3161
+service</a>" pointed me to at least
+<a href="https://www.digistamp.com/technical/how-a-digital-time-stamp-works/">DigiStamp</a>,
+<a href="http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx">Quo
+Vadis</a>,
+<a href="https://www.globalsign.com/timestamp-service/">Global Sign</a>
+and <a href="http://www.globaltrustfinder.com/TSADefault.aspx">Global
+Trust Finder</a>. The system work as long as the private key of the
+trusted third party is not compromised.</p>
+
+<p>But as far as I can tell, there are very few public trusted
+timestamp services available for everyone. I've been looking for one
+for a while now. But yesterday I found one over at
+<a href="https://www.pki.dfn.de/zeitstempeldienst/">Deutches
+Forschungsnetz</a> mentioned in
+<a href="http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/">a
+blog by David Müller</a>. I then found
+<a href="http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html">a
+good recipe on how to use the service</a> over at the University of
+Greifswald.</p>
+
+<p><a href="http://www.openssl.org/">The OpenSSL library</a> contain
+both server and tools to use and set up your own signing service. See
+the ts(1SSL), tsget(1SSL) manual pages for more details. The
+following shell script demonstrate how to extract a signed timestamp
+for any file on the disk in a Debian environment:</p>
+
+<p><blockquote><pre>
+#!/bin/sh
+set -e
+url="http://zeitstempel.dfn.de"
+caurl="https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt"
+reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
+resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
+cafile=chain.txt
+if [ ! -f $cafile ] ; then
+ wget -O $cafile "$caurl"
+fi
+openssl ts -query -data "$1" -cert | tee "$reqfile" \
+ | /usr/lib/ssl/misc/tsget -h "$url" -o "$resfile"
+openssl ts -reply -in "$resfile" -text 1>&2
+openssl ts -verify -data "$1" -in "$resfile" -CAfile "$cafile" 1>&2
+base64 < "$resfile"
+rm "$reqfile" "$resfile"
+</pre></blockquote></p>
+
+<p>The argument to the script is the file to timestamp, and the output
+is a base64 encoded version of the signature to STDOUT and details
+about the signature to STDERR. Note that due to
+<a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553">a bug
+in the tsget script</a>, you might need to modify the included script
+and remove the last line. Or just write your own HTTP uploader using
+curl. :) Now you too can prove and verify that files have not been
+changed.</p>
+
+<p>But the Internet need more public trusted timestamp services.
+Perhaps something for <a href="http://www.uninett.no/">Uninett</a> or
+my work place the <a href="http://www.uio.no/">University of Oslo</a>
+to set up?</p>
+
+
+
+
+ Video DVD reader library / python-dvdvideo - nice free software
+ http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html
+ http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html
+ Fri, 21 Mar 2014 15:25:00 +0100
+ <p>Keeping your DVD collection safe from scratches and curious
+children fingers while still having it available when you want to see a
+movie is not straight forward. My preferred method at the moment is
+to store a full copy of the ISO on a hard drive, and use VLC, Popcorn
+Hour or other useful players to view the resulting file. This way the
+subtitles and bonus material are still available and using the ISO is
+just like inserting the original DVD record in the DVD player.</p>
+
+<p>Earlier I used dd for taking security copies, but it do not handle
+DVDs giving read errors (which are quite a few of them). I've also
+tried using
+<a href="http://people.skolelinux.org/pere/blog/Ripping_problematic_DVDs_using_dvdbackup_and_genisoimage.html">dvdbackup
+and genisoimage</a>, but these days I use the marvellous python library
+and program
+<a href="http://bblank.thinkmo.de/blog/new-software-python-dvdvideo">python-dvdvideo</a>
+written by Bastian Blank. It is
+<a href="http://packages.qa.debian.org/p/python-dvdvideo.html">in Debian
+already</a> and the binary package name is python3-dvdvideo. Instead
+of trying to read every block from the DVD, it parses the file
+structure and figure out which block on the DVD is actually in used,
+and only read those blocks from the DVD. This work surprisingly well,
+and I have been able to almost backup my entire DVD collection using
+this method.</p> So far, python-dvdvideo have failed on between 10 and
+20 DVDs, which is a small fraction of my collection. The most common
+problem is
+<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720831">DVDs
+using UTF-16 instead of UTF-8 characters</a>, which according to
+Bastian is against the DVD specification (and seem to cause some
+players to fail too). A rarer problem is what seem to be inconsistent
+DVD structures, as the python library
+<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723079">claim
+there is a overlap between objects</a>. An equally rare problem claim
+<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741878">some
+value is out of range</a>. No idea what is going on there. I wish I
+knew enough about the DVD format to fix these, to ensure my movie
+collection will stay with me in the future.</p>
+
+<p>So, if you need to keep your DVDs safe, back them up using
+python-dvdvideo. :)</p>
+
+
+
Norsk utgave av Alaveteli / WhatDoTheyKnow på trappene
http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html
@@ -46,7 +190,7 @@ sette opp tjenesten) på maskinen
<a href="http://alaveteli-dev.nuug.no/">alaveteli-dev.nuug.no</a>, der
en kan se hvordan de oversatte meldingen blir seende ut på nettsiden.
NÃ¥r tjenesten lanseres vil den hete
-<a href="http://www.mimesbrønn.no/">Mimes brønn</a>, etter
+<a href="https://www.mimesbrønn.no/">Mimes brønn</a>, etter
visdomskilden som Odin måtte gi øyet sitt for å få drikke i. Den
nettsiden er er ennå ikke klar til bruk.</p>