Generated.

[homepage.git] / blog / index.rss

<?xml version="1.0" encoding="utf-8"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/' xmlns:atom="http://www.w3.org/2005/Atom">
        <channel>
                <title>Petter Reinholdtsen</title>
                <description></description>
                <link>http://people.skolelinux.org/pere/blog/</link>
                <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>
                <title>Mangler du en skrue, eller har du en skrue løs?</title>
                <link>http://people.skolelinux.org/pere/blog/Mangler_du_en_skrue__eller_har_du_en_skrue_l_s_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Mangler_du_en_skrue__eller_har_du_en_skrue_l_s_.html</guid>
                <pubDate>Wed, 4 Oct 2017 09:40:00 +0200</pubDate>
                <description>Når jeg holder på med ulike prosjekter, så trenger jeg stadig ulike
skruer.  Det siste prosjektet jeg holder på med er å lage
&lt;a href=&quot;https://www.thingiverse.com/thing:676916&quot;&gt;en boks til en
HDMI-touch-skjerm&lt;/a&gt; som skal brukes med Raspberry Pi.  Boksen settes
sammen emed skruer og bolter, og jeg har vært i tvil om hvor jeg kan
få tak i de riktige skruene.  Clas Ohlson eller Jernia i nærheten har
sjelden hatt det jeg trenger.  Men her om dagen fikk jeg et fantastisk
tips for oss som bor i Oslo.
&lt;a href=&quot;http://www.zachskruer.no/&quot;&gt;Zachariassen Jernvare AS&lt;/a&gt; i
&lt;a href=&quot;http://www.openstreetmap.org/?mlat=59.93421&amp;mlon=10.76795#map=19/59.93421/10.76795&quot;&gt;Hegermannsgate
23A på Torshov&lt;/a&gt; har et fantastisk utvalg, og åpent mellom 09:00 og
17:00.  De selger skruer, muttere, bolter, skiver etc i løs vekt, og
så langt har jeg fått alt jeg har lett etter.  De har i tillegg det
meste av annen jernvare, som verktøy, lamper, ledninger, etc.  Jeg
håper de har nok kunder til å holde det gående lenge, da dette er en
butikk jeg kommer til å besøke ofte.  Butikken er et funn å ha i
nabolaget for oss som liker å bygge litt selv. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Visualizing GSM radio chatter using gr-gsm and Hopglass</title>
                <link>http://people.skolelinux.org/pere/blog/Visualizing_GSM_radio_chatter_using_gr_gsm_and_Hopglass.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Visualizing_GSM_radio_chatter_using_gr_gsm_and_Hopglass.html</guid>
                <pubDate>Fri, 29 Sep 2017 10:30:00 +0200</pubDate>
                <description>&lt;p&gt;Every mobile phone announce its existence over radio to the nearby
mobile cell towers.  And this radio chatter is available for anyone
with a radio receiver capable of receiving them.  Details about the
mobile phones with very good accuracy is of course collected by the
phone companies, but this is not the topic of this blog post.  The
mobile phone radio chatter make it possible to figure out when a cell
phone is nearby, as it include the SIM card ID (IMSI).  By paying
attention over time, one can see when a phone arrive and when it leave
an area.  I believe it would be nice to make this information more
available to the general public, to make more people aware of how
their phones are announcing their whereabouts to anyone that care to
listen.&lt;/p&gt;

&lt;p&gt;I am very happy to report that we managed to get something
visualizing this information up and running for
&lt;a href=&quot;http://norwaymakers.org/osf17&quot;&gt;Oslo Skaperfestival 2017&lt;/a&gt;
(Oslo Makers Festival) taking place today and tomorrow at Deichmanske
library.  The solution is based on the
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html&quot;&gt;simple
recipe for listening to GSM chatter&lt;/a&gt; I posted a few days ago, and
will show up at the stand of &lt;a href=&quot;http://sonen.ifi.uio.no/&quot;&gt;Åpen
Sone from the Computer Science department of the University of
Oslo&lt;/a&gt;.  The presentation will show the nearby mobile phones (aka
IMSIs) as dots in a web browser graph, with lines to the dot
representing mobile base station it is talking to. It was working in
the lab yesterday, and was moved into place this morning.&lt;/p&gt;

&lt;p&gt;We set up a fairly powerful desktop machine using Debian
Buster/Testing with several (five, I believe) RTL2838 DVB-T receivers
connected and visualize the visible cell phone towers using an
&lt;a href=&quot;https://github.com/marlow925/hopglass&quot;&gt;English version of
Hopglass&lt;/a&gt;.  A fairly powerfull machine is needed as the
grgsm_livemon_headless processes from
&lt;a href=&quot;https://tracker.debian.org/pkg/gr-gsm&quot;&gt;gr-gsm&lt;/a&gt; converting
the radio signal to data packages is quite CPU intensive.&lt;/p&gt;
                                        
&lt;p&gt;The frequencies to listen to, are identified using a slightly
patched scan-and-livemon (to set the --args values for each receiver),
and the Hopglass data is generated using the
&lt;a href=&quot;https://github.com/petterreinholdtsen/IMSI-catcher/tree/meshviewer-output&quot;&gt;patches
in my meshviewer-output branch&lt;/a&gt;.  For some reason we could not get
more than four SDRs working.  There is also a geographical map trying
to show the location of the base stations, but I believe their
coordinates are hardcoded to some random location in Germany, I
believe.  The code should be replaced with code to look up location in
a text file, a sqlite database or one of the online databases
mentioned in
&lt;a href=&quot;https://github.com/Oros42/IMSI-catcher/issues/14&quot;&gt;the github
issue for the topic&lt;/a&gt;.

&lt;p&gt;If this sound interesting, visit the stand at the festival!&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Easier recipe to observe the cell phones around you</title>
                <link>http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html</guid>
                <pubDate>Sun, 24 Sep 2017 08:30:00 +0200</pubDate>
                <description>&lt;p&gt;A little more than a month ago I wrote
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html&quot;&gt;how
to observe the SIM card ID (aka IMSI number) of mobile phones talking
to nearby mobile phone base stations using Debian GNU/Linux and a
cheap USB software defined radio&lt;/a&gt;, and thus being able to pinpoint
the location of people and equipment (like cars and trains) with an
accuracy of a few kilometer.  Since then we have worked to make the
procedure even simpler, and it is now possible to do this without any
manual frequency tuning and without building your own packages.&lt;/p&gt;

&lt;p&gt;The &lt;a href=&quot;https://tracker.debian.org/pkg/gr-gsm&quot;&gt;gr-gsm&lt;/a&gt;
package is now included in Debian testing and unstable, and the
IMSI-catcher code no longer require root access to fetch and decode
the GSM data collected using gr-gsm.&lt;/p&gt;

&lt;p&gt;Here is an updated recipe, using packages built by Debian and a git
clone of two python scripts:&lt;/p&gt;

&lt;ol&gt;

&lt;li&gt;Start with a Debian machine running the Buster version (aka
  testing).&lt;/li&gt;

&lt;li&gt;Run &#39;&lt;tt&gt;apt install gr-gsm python-numpy python-scipy
  python-scapy&lt;/tt&gt;&#39; as root to install required packages.&lt;/li&gt;

&lt;li&gt;Fetch the code decoding GSM packages using &#39;&lt;tt&gt;git clone
  github.com/Oros42/IMSI-catcher.git&lt;/tt&gt;&#39;.&lt;/li&gt;

&lt;li&gt;Insert USB software defined radio supported by GNU Radio.&lt;/li&gt;

&lt;li&gt;Enter the IMSI-catcher directory and run &#39;&lt;tt&gt;python
  scan-and-livemon&lt;/tt&gt;&#39; to locate the frequency of nearby base
  stations and start listening for GSM packages on one of them.&lt;/li&gt;

&lt;li&gt;Enter the IMSI-catcher directory and run &#39;&lt;tt&gt;python
  simple_IMSI-catcher.py&lt;/tt&gt;&#39; to display the collected information.&lt;/li&gt;

&lt;/ol&gt;

&lt;p&gt;Note, due to a bug somewhere the scan-and-livemon program (actually
&lt;a href=&quot;https://github.com/ptrkrysik/gr-gsm/issues/336&quot;&gt;its underlying
program grgsm_scanner&lt;/a&gt;) do not work with the HackRF radio.  It does
work with RTL 8232 and other similar USB radio receivers you can get
very cheaply
(&lt;a href=&quot;https://www.ebay.com/sch/items/?_nkw=rtl+2832&quot;&gt;for example
from ebay&lt;/a&gt;), so for now the solution is to scan using the RTL radio
and only use HackRF for fetching GSM data.&lt;/p&gt;

&lt;p&gt;As far as I can tell, a cell phone only show up on one of the
frequencies at the time, so if you are going to track and count every
cell phone around you, you need to listen to all the frequencies used.
To listen to several frequencies, use the --numrecv argument to
scan-and-livemon to use several receivers.  Further, I am not sure if
phones using 3G or 4G will show as talking GSM to base stations, so
this approach might not see all phones around you.  I typically see
0-400 IMSI numbers an hour when looking around where I live.&lt;/p&gt;

&lt;p&gt;I&#39;ve tried to run the scanner on a
&lt;a href=&quot;https://wiki.debian.org/RaspberryPi&quot;&gt;Raspberry Pi 2 and 3
running Debian Buster&lt;/a&gt;, but the grgsm_livemon_headless process seem
to be too CPU intensive to keep up.  When GNU Radio print &#39;O&#39; to
stdout, I am told there it is caused by a buffer overflow between the
radio and GNU Radio, caused by the program being unable to read the
GSM data fast enough.  If you see a stream of &#39;O&#39;s from the terminal
where you started scan-and-livemon, you need a give the process more
CPU power.  Perhaps someone are able to optimize the code to a point
where it become possible to set up RPi3 based GSM sniffers?  I tried
using Raspbian instead of Debian, but there seem to be something wrong
with GNU Radio on raspbian, causing glibc to abort().&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Datalagringsdirektivet kaster skygger over Høyre og Arbeiderpartiet</title>
                <link>http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html</guid>
                <pubDate>Thu, 7 Sep 2017 21:35:00 +0200</pubDate>
                <description>&lt;p&gt;For noen dager siden publiserte Jon Wessel-Aas en bloggpost om
«&lt;a href=&quot;http://www.uhuru.biz/?p=1821&quot;&gt;Konklusjonen om datalagring som
EU-kommisjonen ikke ville at vi skulle få se&lt;/a&gt;».  Det er en
interessant gjennomgang av EU-domstolens syn på snurpenotovervåkning
av befolkningen, som er klar på at det er i strid med
EU-lovgivingen.&lt;/p&gt;

&lt;p&gt;Valgkampen går for fullt i Norge, og om noen få dager er siste
frist for å avgi stemme.  En ting er sikkert, Høyre og Arbeiderpartiet
får ikke min stemme
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_gj_r_at_Oslo_H_yre_og_Arbeiderparti_ikke_f_r_min_stemme_i__r.html&quot;&gt;denne
gangen heller&lt;/a&gt;.  Jeg har ikke glemt at de tvang igjennom loven som
skulle pålegge alle data- og teletjenesteleverandører å overvåke alle
sine kunder.  En lov som er vedtatt, og aldri opphevet igjen.&lt;/p&gt;

&lt;p&gt;Det er tydelig fra diskusjonen rundt grenseløs digital overvåkning
(eller &quot;Digital Grenseforsvar&quot; som det kalles i Orvellisk nytale) at
hverken Høyre og Arbeiderpartiet har noen prinsipielle sperrer mot å
overvåke hele befolkningen, og diskusjonen så langt tyder på at flere
av de andre partiene heller ikke har det. Mange av
&lt;a href=&quot;https://data.holderdeord.no/votes/1301946411e&quot;&gt;de som stemte
for Datalagringsdirektivet i Stortinget&lt;/a&gt; (64 fra Arbeiderpartiet,
25 fra Høyre) er fortsatt aktive og argumenterer fortsatt for å radere
vekk mer av innbyggernes privatsfære.&lt;/p&gt;

&lt;p&gt;Når myndighetene demonstrerer sin mistillit til folket, tror jeg
folket selv bør legge litt innsats i å verne sitt privatliv, ved å ta
i bruk ende-til-ende-kryptert kommunikasjon med sine kjente og kjære,
og begrense hvor mye privat informasjon som deles med uvedkommende.
Det er jo ingenting som tyder på at myndighetene kommer til å være vår
privatsfære.
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html&quot;&gt;Det
er mange muligheter&lt;/a&gt;.  Selv har jeg litt sans for
&lt;a href=&quot;https://ring.cx/&quot;&gt;Ring&lt;/a&gt;, som er basert på p2p-teknologi
uten sentral kontroll, er fri programvare, og støtter meldinger, tale
og video.  Systemet er tilgjengelig ut av boksen fra
&lt;a href=&quot;https://tracker.debian.org/pkg/ring&quot;&gt;Debian&lt;/a&gt; og
&lt;a href=&quot;https://launchpad.net/ubuntu/+source/ring&quot;&gt;Ubuntu&lt;/a&gt;, og det
finnes pakker for Android, MacOSX og Windows.  Foreløpig er det få
brukere med Ring, slik at jeg også bruker
&lt;a href=&quot;https://signal.org/&quot;&gt;Signal&lt;/a&gt; som nettleserutvidelse.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Simpler recipe on how to make a simple $7 IMSI Catcher using Debian</title>
                <link>http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html</guid>
                <pubDate>Wed, 9 Aug 2017 23:59:00 +0200</pubDate>
                <description>&lt;p&gt;On friday, I came across an interesting article in the Norwegian
web based ICT news magazine digi.no on
&lt;a href=&quot;https://www.digi.no/artikler/sikkerhetsforsker-lagde-enkel-imsi-catcher-for-60-kroner-na-kan-mobiler-kartlegges-av-alle/398588&quot;&gt;how
to collect the IMSI numbers of nearby cell phones&lt;/a&gt; using the cheap
DVB-T software defined radios.  The article refered to instructions
and &lt;a href=&quot;https://www.youtube.com/watch?v=UjwgNd_as30&quot;&gt;a recipe by
Keld Norman on Youtube on how to make a simple $7 IMSI Catcher&lt;/a&gt;, and I decided to test them out.&lt;/p&gt;

&lt;p&gt;The instructions said to use Ubuntu, install pip using apt (to
bypass apt), use pip to install pybombs (to bypass both apt and pip),
and the ask pybombs to fetch and build everything you need from
scratch.  I wanted to see if I could do the same on the most recent
Debian packages, but this did not work because pybombs tried to build
stuff that no longer build with the most recent openssl library or
some other version skew problem.  While trying to get this recipe
working, I learned that the apt-&gt;pip-&gt;pybombs route was a long detour,
and the only piece of software dependency missing in Debian was the
gr-gsm package.  I also found out that the lead upstream developer of
gr-gsm (the name stand for GNU Radio GSM) project already had a set of
Debian packages provided in an Ubuntu PPA repository.  All I needed to
do was to dget the Debian source package and built it.&lt;/p&gt;

&lt;p&gt;The IMSI collector is a python script listening for packages on the
loopback network device and printing to the terminal some specific GSM
packages with IMSI numbers in them.  The code is fairly short and easy
to understand.  The reason this work is because gr-gsm include a tool
to read GSM data from a software defined radio like a DVB-T USB stick
and other software defined radios, decode them and inject them into a
network device on your Linux machine (using the loopback device by
default).  This proved to work just fine, and I&#39;ve been testing the
collector for a few days now.&lt;/p&gt;

&lt;p&gt;The updated and simpler recipe is thus to&lt;/p&gt;

&lt;ol&gt;

&lt;li&gt;start with a Debian machine running Stretch or newer,&lt;/li&gt;

&lt;li&gt;build and install the gr-gsm package available from
&lt;a href=&quot;http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/&quot;&gt;http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/&lt;/a&gt;,&lt;/li&gt;

&lt;li&gt;clone the git repostory from &lt;a href=&quot;https://github.com/Oros42/IMSI-catcher&quot;&gt;https://github.com/Oros42/IMSI-catcher&lt;/a&gt;,&lt;/li&gt;

&lt;li&gt;run grgsm_livemon and adjust the frequency until the terminal
where it was started is filled with a stream of text (meaning you
found a GSM station).&lt;/li&gt;

&lt;li&gt;go into the IMSI-catcher directory and run &#39;sudo python simple_IMSI-catcher.py&#39; to extract the IMSI numbers.&lt;/li&gt;

&lt;/ol&gt;

&lt;p&gt;To make it even easier in the future to get this sniffer up and
running, I decided to package
&lt;a href=&quot;https://github.com/ptrkrysik/gr-gsm/&quot;&gt;the gr-gsm project&lt;/a&gt;
for Debian (&lt;a href=&quot;https://bugs.debian.org/871055&quot;&gt;WNPP
#871055&lt;/a&gt;), and the package was uploaded into the NEW queue today.
Luckily the gnuradio maintainer has promised to help me, as I do not
know much about gnuradio stuff yet.&lt;/p&gt;

&lt;p&gt;I doubt this &quot;IMSI cacher&quot; is anywhere near as powerfull as
commercial tools like
&lt;a href=&quot;https://www.thespyphone.com/portable-imsi-imei-catcher/&quot;&gt;The
Spy Phone Portable IMSI / IMEI Catcher&lt;/a&gt; or the
&lt;a href=&quot;https://en.wikipedia.org/wiki/Stingray_phone_tracker&quot;&gt;Harris
Stingray&lt;/a&gt;, but I hope the existance of cheap alternatives can make
more people realise how their whereabouts when carrying a cell phone
is easily tracked.  Seeing the data flow on the screen, realizing that
I live close to a police station and knowing that the police is also
wearing cell phones, I wonder how hard it would be for criminals to
track the position of the police officers to discover when there are
police near by, or for foreign military forces to track the location
of the Norwegian military forces, or for anyone to track the location
of government officials...&lt;/p&gt;

&lt;p&gt;It is worth noting that the data reported by the IMSI-catcher
script mentioned above is only a fraction of the data broadcasted on
the GSM network.  It will only collect one frequency at the time,
while a typical phone will be using several frequencies, and not all
phones will be using the frequencies tracked by the grgsm_livemod
program.  Also, there is a lot of radio chatter being ignored by the
simple_IMSI-catcher script, which would be collected by extending the
parser code.  I wonder if gr-gsm can be set up to listen to more than
one frequency?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Norwegian Bokmål edition of Debian Administrator&#39;s Handbook is now available</title>
                <link>http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html</guid>
                <pubDate>Tue, 25 Jul 2017 21:10:00 +0200</pubDate>
                <description>&lt;p align=&quot;center&quot;&gt;&lt;img align=&quot;center&quot; src=&quot;http://people.skolelinux.org/pere/blog/images/2017-07-25-debian-handbook-nb-testprint.png&quot;/&gt;&lt;/p&gt;

&lt;p&gt;I finally received a copy of the Norwegian Bokmål edition of
&quot;&lt;a href=&quot;https://debian-handbook.info/&quot;&gt;The Debian Administrator&#39;s
Handbook&lt;/a&gt;&quot;.  This test copy arrived in the mail a few days ago, and
I am very happy to hold the result in my hand.   We spent around one and a half year translating it. This paperbook edition
&lt;a href=&quot;https://debian-handbook.info/get/#norwegian&quot;&gt;is available
from lulu.com&lt;/a&gt;.  If you buy it quickly, you save 25% on the list
price.  The book is also available for download in electronic form as
PDF, EPUB and Mobipocket, as can be
&lt;a href=&quot;https://debian-handbook.info/browse/nb-NO/stable/&quot;&gt;read online
as a web page&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;This is the second book I publish (the first was the book
&quot;&lt;a href=&quot;http://free-culture.cc/&quot;&gt;Free Culture&lt;/a&gt;&quot; by Lawrence Lessig
in
&lt;a href=&quot;http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html&quot;&gt;English&lt;/a&gt;,
&lt;a href=&quot;http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html&quot;&gt;French&lt;/a&gt;
and
&lt;a href=&quot;http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html&quot;&gt;Norwegian
Bokmål&lt;/a&gt;), and I am very excited to finally wrap up this
project.  I hope
&quot;&lt;a href=&quot;http://www.lulu.com/shop/rapha%C3%ABl-hertzog-and-roland-mas/h%C3%A5ndbok-for-debian-administratoren/paperback/product-23262290.html&quot;&gt;Håndbok
for Debian-administratoren&lt;/a&gt;&quot; will be well received.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet»</title>
                <link>http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html</guid>
                <pubDate>Tue, 27 Jun 2017 17:50:00 +0200</pubDate>
                <description>&lt;p&gt;Jeg kom over teksten
«&lt;a href=&quot;https://freedom-to-tinker.com/2017/06/21/killing-car-privacy-by-federal-mandate/&quot;&gt;Killing
car privacy by federal mandate&lt;/a&gt;» av Leonid Reyzin på Freedom to
Tinker i dag, og det gleder meg å se en god gjennomgang om hvorfor det
er et urimelig inngrep i privatsfæren å la alle biler kringkaste sin
posisjon og bevegelse via radio.  Det omtalte forslaget basert på
Dedicated Short Range Communication (DSRC) kalles Basic Safety Message
(BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det
norske Vegvesenet er en av de som ser ut til å kunne tenke seg å
pålegge alle biler å fjerne nok en bit av innbyggernes privatsfære.
Anbefaler alle å lese det som står der.

&lt;p&gt;Mens jeg tittet litt på DSRC på biler i Norge kom jeg over et sitat
jeg synes er illustrativt for hvordan det offentlige Norge håndterer
problemstillinger rundt innbyggernes privatsfære i SINTEF-rapporten
«&lt;a href=&quot;https://www.sintef.no/publikasjoner/publikasjon/Download/?pubid=SINTEF+A23933&quot;&gt;Informasjonssikkerhet
i AutoPASS-brikker&lt;/a&gt;» av Trond Foss:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig
  integritet.»
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Så enkelt kan det tydeligvis gjøres når en vurderer
informasjonssikkerheten.  Det holder vel at folkene på toppen kan si
at «Personvernet er ivaretatt», som jo er den populære intetsigende
frasen som gjør at mange tror enkeltindividers integritet tas vare på.
Sitatet fikk meg til å undres på hvor ofte samme tilnærming, å bare se
bort fra behovet for personlig itegritet, blir valgt når en velger å
legge til rette for nok et inngrep i privatsfæren til personer i
Norge.  Det er jo sjelden det får reaksjoner.  Historien om
reaksjonene på Helse Sør-Østs tjenesteutsetting er jo sørgelig nok et
unntak og toppen av isfjellet, desverre.  Tror jeg fortsatt takker nei
til både AutoPASS og holder meg så langt unna det norske helsevesenet
som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter
individets privatsfære og personlige integritet høyere enn kortsiktig
gevist og samfunnsnytte.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Updated sales number for my Free Culture paper editions</title>
                <link>http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html</guid>
                <pubDate>Mon, 12 Jun 2017 11:40:00 +0200</pubDate>
                <description>&lt;p&gt;It is pleasing to see that the work we put down in publishing new
editions of the classic &lt;a href=&quot;http://www.free-culture.cc/&quot;&gt;Free
Culture book&lt;/a&gt; by the founder of the Creative Commons movement,
Lawrence Lessig, is still being appreciated.  I had a look at the
latest sales numbers for the paper edition today.  Not too impressive,
but happy to see some buyers still exist.  All the revenue from the
books is sent to the &lt;a href=&quot;https://creativecommons.org/&quot;&gt;Creative
Commons Corporation&lt;/a&gt;, and they receive the largest cut if you buy
directly from Lulu.  Most books are sold via Amazon, with Ingram
second and only a small fraction directly from Lulu.  The ebook
edition is available for free from
&lt;a href=&quot;https://github.com/petterreinholdtsen/free-culture-lessig&quot;&gt;Github&lt;/a&gt;.&lt;/p&gt;

&lt;table border=&quot;0&quot;&gt;
&lt;tr&gt;&lt;th rowspan=&quot;2&quot; valign=&quot;bottom&quot;&gt;Title / language&lt;/th&gt;&lt;th colspan=&quot;3&quot;&gt;Quantity&lt;/th&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;th&gt;2016 jan-jun&lt;/th&gt;&lt;th&gt;2016 jul-dec&lt;/th&gt;&lt;th&gt;2017 jan-may&lt;/th&gt;&lt;/tr&gt;

&lt;tr&gt;
  &lt;td&gt;&lt;a href=&quot;http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-22645082.html&quot;&gt;Culture Libre / French&lt;/a&gt;&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;3&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;6&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;15&lt;/td&gt;
&lt;/tr&gt;

&lt;tr&gt;
  &lt;td&gt;&lt;a href=&quot;http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html&quot;&gt;Fri kultur / Norwegian&lt;/a&gt;&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;7&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;1&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;0&lt;/td&gt;
&lt;/tr&gt;

&lt;tr&gt;
  &lt;td&gt;&lt;a href=&quot;http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-22440520.html&quot;&gt;Free Culture / English&lt;/a&gt;&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;14&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;27&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;16&lt;/td&gt;
&lt;/tr&gt;

&lt;tr&gt;
  &lt;td&gt;Total&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;24&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;34&lt;/td&gt;
  &lt;td align=&quot;right&quot;&gt;31&lt;/td&gt;
&lt;/tr&gt;

&lt;/table&gt;

&lt;p&gt;A bit sad to see the low sales number on the Norwegian edition, and
a bit surprising the English edition still selling so well.&lt;/p&gt;

&lt;p&gt;If you would like to translate and publish the book in your native
language, I would be happy to help make it happen.  Please get in
touch.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Release 0.1.1 of free software archive system Nikita announced</title>
                <link>http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html</guid>
                <pubDate>Sat, 10 Jun 2017 00:40:00 +0200</pubDate>
                <description>&lt;p&gt;I am very happy to report that the
&lt;a href=&quot;https://github.com/hiOA-ABI/nikita-noark5-core&quot;&gt;Nikita Noark 5
core project&lt;/a&gt; tagged its second release today.  The free software
solution is an implementation of the Norwegian archive standard Noark
5 used by government offices in Norway.  These were the changes in
version 0.1.1 since version 0.1.0 (from NEWS.md):

&lt;ul&gt;

 &lt;li&gt;Continued work on the angularjs GUI, including document upload.&lt;/li&gt;
 &lt;li&gt;Implemented correspondencepartPerson, correspondencepartUnit and
   correspondencepartInternal&lt;/li&gt;
 &lt;li&gt;Applied for coverity coverage and started submitting code on
   regualr basis.&lt;/li&gt;
 &lt;li&gt;Started fixing bugs reported by coverity&lt;/li&gt;
 &lt;li&gt;Corrected and completed HATEOAS links to make sure entire API is
   available via URLs in _links.&lt;/li&gt;
 &lt;li&gt;Corrected all relation URLs to use trailing slash.&lt;/li&gt;
 &lt;li&gt;Add initial support for storing data in ElasticSearch.&lt;/li&gt;
 &lt;li&gt;Now able to receive and store uploaded files in the archive.&lt;/li&gt;
 &lt;li&gt;Changed JSON output for object lists to have relations in _links.&lt;/li&gt;
 &lt;li&gt;Improve JSON output for empty object lists.&lt;/li&gt;
 &lt;li&gt;Now uses correct MIME type application/vnd.noark5-v4+json.&lt;/li&gt;
 &lt;li&gt;Added support for docker container images.&lt;/li&gt;
 &lt;li&gt;Added simple API browser implemented in JavaScript/Angular.&lt;/li&gt;
 &lt;li&gt;Started on archive client implemented in JavaScript/Angular.&lt;/li&gt;
 &lt;li&gt;Started on prototype to show the public mail journal.&lt;/li&gt;
 &lt;li&gt;Improved performance by disabling Sprint FileWatcher.&lt;/li&gt;
 &lt;li&gt;Added support for &#39;arkivskaper&#39;, &#39;saksmappe&#39; and &#39;journalpost&#39;.&lt;/li&gt;
 &lt;li&gt;Added support for some metadata codelists.&lt;/li&gt;
 &lt;li&gt;Added support for Cross-origin resource sharing (CORS).&lt;/li&gt;
 &lt;li&gt;Changed login method from Basic Auth to JSON Web Token (RFC 7519)
   style.&lt;/li&gt;
 &lt;li&gt;Added support for GET-ing ny-* URLs.&lt;/li&gt;
 &lt;li&gt;Added support for modifying entities using PUT and eTag.&lt;/li&gt;
 &lt;li&gt;Added support for returning XML output on request.&lt;/li&gt;
 &lt;li&gt;Removed support for English field and class names, limiting ourself
   to the official names.&lt;/li&gt;
 &lt;li&gt;...&lt;/li&gt;
 
&lt;/ul&gt;

&lt;p&gt;If this sound interesting to you, please contact us on IRC (#nikita
on irc.freenode.net) or email
(&lt;a href=&quot;https://lists.nuug.no/mailman/listinfo/nikita-noark&quot;&gt;nikita-noark
mailing list).&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Idea for storing trusted timestamps in a Noark 5 archive</title>
                <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html</guid>
                <pubDate>Wed, 7 Jun 2017 21:40:00 +0200</pubDate>
                <description>&lt;p&gt;&lt;em&gt;This is a copy of
&lt;a href=&quot;https://lists.nuug.no/pipermail/nikita-noark/2017-June/000297.html&quot;&gt;an
email I posted to the nikita-noark mailing list&lt;/a&gt;.  Please follow up
there if you would like to discuss this topic.  The background is that
we are making a free software archive system based on the Norwegian
&lt;a href=&quot;https://www.arkivverket.no/forvaltning-og-utvikling/regelverk-og-standarder/noark-standarden&quot;&gt;Noark
5 standard&lt;/a&gt; for government archives.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;I&#39;ve been wondering a bit lately how trusted timestamps could be
stored in Noark 5.
&lt;a href=&quot;https://en.wikipedia.org/wiki/Trusted_timestamping&quot;&gt;Trusted
timestamps&lt;/a&gt; can be used to verify that some information
(document/file/checksum/metadata) have not been changed since a
specific time in the past.  This is useful to verify the integrity of
the documents in the archive.&lt;/p&gt;

&lt;p&gt;Then it occured to me, perhaps the trusted timestamps could be
stored as dokument variants (ie dokumentobjekt referered to from
dokumentbeskrivelse) with the filename set to the hash it is
stamping?&lt;/p&gt;

&lt;p&gt;Given a &quot;dokumentbeskrivelse&quot; with an associated &quot;dokumentobjekt&quot;,
a new dokumentobjekt is associated with &quot;dokumentbeskrivelse&quot; with the
same attributes as the stamped dokumentobjekt except these
attributes:&lt;/p&gt;

&lt;ul&gt;

&lt;li&gt;format -&gt; &quot;RFC3161&quot;
&lt;li&gt;mimeType -&gt; &quot;application/timestamp-reply&quot;
&lt;li&gt;formatDetaljer -&gt; &quot;&amp;lt;source URL for timestamp service&amp;gt;&quot;
&lt;li&gt;filenavn -&gt; &quot;&amp;lt;sjekksum&amp;gt;.tsr&quot;

&lt;/ul&gt;

&lt;p&gt;This assume a service following
&lt;a href=&quot;https://tools.ietf.org/html/rfc3161&quot;&gt;IETF RFC 3161&lt;/a&gt; is
used, which specifiy the given MIME type for replies and the .tsr file
ending for the content of such trusted timestamp.  As far as I can
tell from the Noark 5 specifications, it is OK to have several
variants/renderings of a dokument attached to a given
dokumentbeskrivelse objekt.  It might be stretching it a bit to make
some of these variants represent crypto-signatures useful for
verifying the document integrity instead of representing the dokument
itself.&lt;/p&gt;

&lt;p&gt;Using the source of the service in formatDetaljer allow several
timestamping services to be used.  This is useful to spread the risk
of key compromise over several organisations.  It would only be a
problem to trust the timestamps if all of the organisations are
compromised.&lt;/p&gt;

&lt;p&gt;The following oneliner on Linux can be used to generate the tsr
file.  $input is the path to the file to checksum, and $sha256 is the
SHA-256 checksum of the file (ie the &quot;&lt;sjekksum&gt;.tsr&quot; value mentioned
above).&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
openssl ts -query -data &quot;$inputfile&quot; -cert -sha256 -no_nonce \
  | curl -s -H &quot;Content-Type: application/timestamp-query&quot; \
      --data-binary &quot;@-&quot; http://zeitstempel.dfn.de &gt; $sha256.tsr
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;To verify the timestamp, you first need to download the public key
of the trusted timestamp service, for example using this command:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
wget -O ca-cert.txt \
  https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Note, the public key should be stored alongside the timestamps in
the archive to make sure it is also available 100 years from now.  It
is probably a good idea to standardise how and were to store such
public keys, to make it easier to find for those trying to verify
documents 100 or 1000 years from now. :)&lt;/p&gt;

&lt;p&gt;The verification itself is a simple openssl command:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
openssl ts -verify -data $inputfile -in $sha256.tsr \
  -CAfile ca-cert.txt -text
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Is there any reason this approach would not work?  Is it somehow against
the Noark 5 specification?&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>