Generated.

[homepage.git] / blog / index.rss

<?xml version="1.0" encoding="utf-8"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/' xmlns:atom="http://www.w3.org/2005/Atom">
        <channel>
                <title>Petter Reinholdtsen</title>
                <description></description>
                <link>http://people.skolelinux.org/pere/blog/</link>
                <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>
                <title>Creating, updating and checking debian/copyright semi-automatically</title>
                <link>http://people.skolelinux.org/pere/blog/Creating__updating_and_checking_debian_copyright_semi_automatically.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Creating__updating_and_checking_debian_copyright_semi_automatically.html</guid>
                <pubDate>Fri, 19 Feb 2016 15:00:00 +0100</pubDate>
                <description>&lt;p&gt;Making packages for Debian requires quite a lot of attention to
details.  And one of the details is the content of the
debian/copyright file, which should list all relevant licenses used by
the code in the package in question, preferably in
&lt;a href=&quot;https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/&quot;&gt;machine
readable DEP5 format&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;For large packages with lots of contributors it is hard to write
and update this file manually, and if you get some detail wrong, the
package is normally rejected by the ftpmasters.  So getting it right
the first time around get the package into Debian faster, and save
both you and the ftpmasters some work..  Today, while trying to figure
out what was wrong with
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686447&quot;&gt;the
zfsonlinux copyright file&lt;/a&gt;, I decided to spend some time on
figuring out the options for doing this job automatically, or at least
semi-automatically.&lt;/p&gt;

&lt;p&gt;Lucikly, there are at least two tools available for generating the
file based on the code in the source package,
&lt;tt&gt;&lt;a href=&quot;https://tracker.debian.org/pkg/debmake&quot;&gt;debmake&lt;/a&gt;&lt;/tt&gt;
and &lt;tt&gt;&lt;a href=&quot;https://tracker.debian.org/pkg/cme&quot;&gt;cme&lt;/a&gt;&lt;/tt&gt;.  I&#39;m
not sure which one of them came first, but both seem to be able to
create a sensible draft file.  As far as I can tell, none of them can
be trusted to get the result just right, so the content need to be
polished a bit before the file is OK to upload.  I found the debmake
option in
&lt;a href=&quot;http://goofying-with-debian.blogspot.com/2014/07/debmake-checking-source-against-dep-5.html&quot;&gt;a
blog posts from 2014&lt;/a&gt;.

&lt;p&gt;To generate using debmake, use the -cc option:

&lt;p&gt;&lt;pre&gt;
debmake -cc &gt; debian/copyright
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;Note there are some problems with python and non-ASCII names, so
this might not be the best option.&lt;/p&gt;

&lt;p&gt;The cme option is based on a config parsing library, and I found
this approach in
&lt;a href=&quot;https://ddumont.wordpress.com/2015/04/05/improving-creation-of-debian-copyright-file/&quot;&gt;a
blog post from 2015&lt;/a&gt;.  To generate using cme, use the &#39;update
dpkg-copyright&#39; option:

&lt;p&gt;&lt;pre&gt;
cme update dpkg-copyright -quiet
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;This will create or update debian/copyright.  The cme tool seem to
handle UTF-8 names better than debmake.&lt;/p&gt;

&lt;p&gt;When the copyright file is created, I would also like some help to
check if the file is correct.  For this I found two good options,
&lt;tt&gt;debmake -k&lt;/tt&gt; and &lt;tt&gt;license-reconcile&lt;/tt&gt;.  The former seem
to focus on license types and file matching, and is able to detect
ineffective blocks in the copyright file.  The latter reports missing
copyright holders and years, but was confused by inconsistent license
names (like CDDL vs. CDDL-1.0).  I suspect it is good to use both and
fix all issues reported by them before uploading.  But I do not know
if the tools and the ftpmasters agree on what is important to fix in a
copyright file, so the package might still be rejected.&lt;/p&gt;

&lt;p&gt;The devscripts tool &lt;tt&gt;licensecheck&lt;/tt&gt; deserve mentioning.  It
will read through the source and try to find all copyright statements.
It is not comparing the result to the content of debian/copyright, but
can be useful when verifying the content of the copyright file.&lt;/p&gt;

&lt;p&gt;Are you aware of better tools in Debian to create and update
debian/copyright file.  Please let me know, or blog about it on
planet.debian.org.&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2016-02-20&lt;/strong&gt;: I got a tip from Mike Gabriel
on how to use licensecheck and cdbs to create a draft copyright file

&lt;p&gt;&lt;pre&gt;
licensecheck --copyright -r `find * -type f` | \
  /usr/lib/cdbs/licensecheck2dep5 &gt; debian/copyright.auto
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;He mentioned that he normally check the generated file into the
version control system to make it easier to discover license and
copyright changes in the upstream source.  I will try to do the same
with my packages in the future.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Using appstream in Debian to locate packages with firmware and mime type support</title>
                <link>http://people.skolelinux.org/pere/blog/Using_appstream_in_Debian_to_locate_packages_with_firmware_and_mime_type_support.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Using_appstream_in_Debian_to_locate_packages_with_firmware_and_mime_type_support.html</guid>
                <pubDate>Thu, 4 Feb 2016 16:40:00 +0100</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;https://wiki.debian.org/DEP-11&quot;&gt;appstream system&lt;/a&gt;
is taking shape in Debian, and one provided feature is a very
convenient way to tell you which package to install to make a given
firmware file available when the kernel is looking for it.  This can
be done using apt-file too, but that is for someone else to blog
about. :)&lt;/p&gt;

&lt;p&gt;Here is a small recipe to find the package with a given firmware
file, in this example I am looking for ctfw-3.2.3.0.bin, randomly
picked from the set of firmware announced using appstream in Debian
unstable.  In general you would be looking for the firmware requested
by the kernel during kernel module loading.  To find the package
providing the example file, do like this:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
% apt install appstream
[...]
% apt update
[...]
% appstreamcli what-provides firmware:runtime ctfw-3.2.3.0.bin | \
  awk &#39;/Package:/ {print $2}&#39;
firmware-qlogic
%
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;See &lt;a href=&quot;https://wiki.debian.org/AppStream/Guidelines&quot;&gt;the
appstream wiki&lt;/a&gt; page to learn how to embed the package metadata in
a way appstream can use.&lt;/p&gt;

&lt;p&gt;This same approach can be used to find any package supporting a
given MIME type.  This is very useful when you get a file you do not
know how to handle.  First find the mime type using &lt;tt&gt;file
--mime-type&lt;/tt&gt;, and next look up the package providing support for
it.  Lets say you got an SVG file.  Its MIME type is image/svg+xml,
and you can find all packages handling this type like this:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
% apt install appstream
[...]
% apt update
[...]
% appstreamcli what-provides mimetype image/svg+xml | \
  awk &#39;/Package:/ {print $2}&#39;
bkchem
phototonic
inkscape
shutter
tetzle
geeqie
xia
pinta
gthumb
karbon
comix
mirage
viewnior
postr
ristretto
kolourpaint4
eog
eom
gimagereader
midori
%
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;I believe the MIME types are fetched from the desktop file for
packages providing appstream metadata.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Creepy, visualise geotagged social media information - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html</guid>
                <pubDate>Sun, 24 Jan 2016 10:50:00 +0100</pubDate>
                <description>&lt;p&gt;Most people seem not to realise that every time they walk around
with the computerised radio beacon known as a mobile phone their
position is tracked by the phone company and often stored for a long
time (like every time a SMS is received or sent).  And if their
computerised radio beacon is capable of running programs (often called
mobile apps) downloaded from the Internet, these programs are often
also capable of tracking their location (if the app requested access
during installation).  And when these programs send out information to
central collection points, the location is often included, unless
extra care is taken to not send the location.  The provided
information is used by several entities, for good and bad (what is
good and bad, depend on your point of view).  What is certain, is that
the private sphere and the right to free movement is challenged and
perhaps even eradicated for those announcing their location this way,
when they share their whereabouts with private and public
entities.&lt;/p&gt;

&lt;p align=&quot;center&quot;&gt;&lt;img width=&quot;70%&quot; src=&quot;http://people.skolelinux.org/pere/blog/images/2016-01-24-nice-creepy-desktop-window.png&quot;&gt;&lt;/p&gt;

&lt;p&gt;The phone company logs provide a register of locations to check out
when one want to figure out what the tracked person was doing.  It is
unavailable for most of us, but provided to selected government
officials, company staff, those illegally buying information from
unfaithful servants and crackers stealing the information.  But the
public information can be collected and analysed, and a free software
tool to do so is called
&lt;a href=&quot;http://www.geocreepy.com/&quot;&gt;Creepy or Cree.py&lt;/a&gt;.  I
discovered it when I read
&lt;a href=&quot;http://www.aftenposten.no/kultur/Slik-kan-du-bli-overvaket-pa-Twitter-og-Instagram-uten-a-ane-det-7787884.html&quot;&gt;an
article about Creepy&lt;/a&gt; in the Norwegian newspaper Aftenposten i
November 2014, and decided to check if it was available in Debian.
The python program was in Debian, but
&lt;a href=&quot;https://tracker.debian.org/pkg/creepy&quot;&gt;the version in
Debian&lt;/a&gt; was completely broken and practically unmaintained.  I
uploaded a new version which did not work quite right, but did not
have time to fix it then.  This Christmas I decided to finally try to
get Creepy operational in Debian.  Now a fixed version is available in
Debian unstable and testing, and almost all Debian specific patches
are now included
&lt;a href=&quot;https://github.com/jkakavas/creepy&quot;&gt;upstream&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The Creepy program visualises geolocation information fetched from
Twitter, Instagram, Flickr and Google+, and allow one to get a
complete picture of every social media message posted recently in a
given area, or track the movement of a given individual across all
these services.  Earlier it was possible to use the search API of at
least some of these services without identifying oneself, but these
days it is impossible.  This mean that to use Creepy, you need to
configure it to log in as yourself on these services, and provide
information to them about your search interests.  This should be taken
into account when using Creepy, as it will also share information
about yourself with the services.&lt;/p&gt;

&lt;p&gt;The picture above show the twitter messages sent from (or at least
geotagged with a position from) the city centre of Oslo, the capital
of Norway.  One useful way to use Creepy is to first look at
information tagged with an area of interest, and next look at all the
information provided by one or more individuals who was in the area.
I tested it by checking out which celebrity provide their location in
twitter messages by checkout out who sent twitter messages near a
Norwegian TV station, and next could track their position over time,
making it possible to locate their home and work place, among other
things.  A similar technique have been
&lt;a href=&quot;http://www.buzzfeed.com/maxseddon/does-this-soldiers-instagram-account-prove-russia-is-covertl&quot;&gt;used
to locate Russian soldiers in Ukraine&lt;/a&gt;, and it is both a powerful
tool to discover lying governments, and a useful tool to help people
understand the value of the private information they provide to the
public.&lt;/p&gt;

&lt;p&gt;The package is not trivial to backport to Debian Stable/Jessie, as
it depend on several python modules currently missing in Jessie (at
least python-instagram, python-flickrapi and
python-requests-toolbelt).&lt;/p&gt;

&lt;p&gt;(I have uploaded
&lt;a href=&quot;https://screenshots.debian.net/package/creepy&quot;&gt;the image to
screenshots.debian.net&lt;/a&gt; and licensed it under the same terms as the
Creepy program in Debian.)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Always download Debian packages using Tor - the simple recipe</title>
                <link>http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</guid>
                <pubDate>Fri, 15 Jan 2016 00:30:00 +0100</pubDate>
                <description>&lt;p&gt;During his DebConf15 keynote, Jacob Appelbaum
&lt;a href=&quot;https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/&quot;&gt;observed
that those listening on the Internet lines would have good reason to
believe a computer have a given security hole&lt;/a&gt; if it download a
security fix from a Debian mirror.  This is a good reason to always
use encrypted connections to the Debian mirror, to make sure those
listening do not know which IP address to attack.  In August, Richard
Hartmann observed that encryption was not enough, when it was possible
to interfere download size to security patches or the fact that
download took place shortly after a security fix was released, and
&lt;a href=&quot;http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/&quot;&gt;proposed
to always use Tor to download packages from the Debian mirror&lt;/a&gt;.  He
was not the first to propose this, as the
&lt;tt&gt;&lt;a href=&quot;https://tracker.debian.org/pkg/apt-transport-tor&quot;&gt;apt-transport-tor&lt;/a&gt;&lt;/tt&gt;
package by Tim Retout already existed to make it easy to convince apt
to use &lt;a href=&quot;https://www.torproject.org/&quot;&gt;Tor&lt;/a&gt;, but I was not
aware of that package when I read the blog post from Richard.&lt;/p&gt;

&lt;p&gt;Richard discussed the idea with Peter Palfrader, one of the Debian
sysadmins, and he set up a Tor hidden service on one of the central
Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
it possible to download packages directly between two tor nodes,
making sure the network traffic always were encrypted.&lt;/p&gt;

&lt;p&gt;Here is a short recipe for enabling this on your machine, by
installing &lt;tt&gt;apt-transport-tor&lt;/tt&gt; and replacing http and https
urls with tor+http and tor+https, and using the hidden service instead
of the official Debian mirror site.  I recommend installing
&lt;tt&gt;etckeeper&lt;/tt&gt; before you start to have a history of the changes
done in /etc/.&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
apt install apt-transport-tor
sed -i &#39;s% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%&#39; /etc/apt/sources.list
sed -i &#39;s% http% tor+http%&#39; /etc/apt/sources.list
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;If you have more sources listed in /etc/apt/sources.list.d/, run
the sed commands for these too.  The sed command is assuming your are
using the ftp.debian.org Debian mirror.  Adjust the command (or just
edit the file manually) to match your mirror.&lt;/p&gt;

&lt;p&gt;This work in Debian Jessie and later.  Note that tools like
&lt;tt&gt;apt-file&lt;/tt&gt; only recently started using the apt transport
system, and do not work with these tor+http URLs.  For
&lt;tt&gt;apt-file&lt;/tt&gt; you need the version currently in experimental,
which need a recent apt version currently only in unstable.  So if you
need a working &lt;tt&gt;apt-file&lt;/tt&gt;, this is not for you.&lt;/p&gt;

&lt;p&gt;Another advantage from this change is that your machine will start
using Tor regularly and at fairly random intervals (every time you
update the package lists or upgrade or install a new package), thus
masking other Tor traffic done from the same machine.  Using Tor will
become normal for the machine in question.&lt;/p&gt;

&lt;p&gt;On &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox&lt;/a&gt;, APT
is set up by default to use &lt;tt&gt;apt-transport-tor&lt;/tt&gt; when Tor is
enabled.  It would be great if it was the default on any Debian
system.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Nedlasting fra NRK, som Matroska med undertekster</title>
                <link>http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html</guid>
                <pubDate>Sat, 2 Jan 2016 13:50:00 +0100</pubDate>
                <description>&lt;p&gt;Det kommer stadig nye løsninger for å ta lagre unna innslag fra NRK
for å se på det senere.  For en stund tilbake kom jeg over et script
nrkopptak laget av Ingvar Hagelund.  Han fjernet riktignok sitt script
etter forespørsel fra Erik Bolstad i NRK, men noen tok heldigvis og
gjorde det &lt;a href=&quot;https://github.com/liangqi/nrkopptak&quot;&gt;tilgjengelig
via github&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Scriptet kan lagre som MPEG4 eller Matroska, og bake inn
undertekster i fila på et vis som blant annet VLC forstår.  For å
bruke scriptet, kopier ned git-arkivet og kjør&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
nrkopptak/bin/nrk-opptak k &lt;ahref=&quot;https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-1/episode-1&quot;&gt;https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-1/episode-1&lt;/a&gt;
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;URL-eksemplet er dagens toppsak på tv.nrk.no.  Argument &#39;k&#39; ber
scriptet laste ned og lagre som Matroska.  Det finnes en rekke andre
muligheter for valg av kvalitet og format.&lt;/p&gt;

&lt;p&gt;Jeg foretrekker dette scriptet fremfor youtube-dl, som
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Hvordan_enkelt_laste_ned_filmer_fra_NRK_med_den__nye__l_sningen.html&quot;&gt;
nevnt i 2014 støtter NRK&lt;/a&gt; og en rekke andre videokilder, på grunn
av at nrkopptak samler undertekster og video i en enkelt fil, hvilket
gjør håndtering enklere på disk.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>OpenALPR, find car license plates in video streams - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/OpenALPR__find_car_license_plates_in_video_streams___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/OpenALPR__find_car_license_plates_in_video_streams___nice_free_software.html</guid>
                <pubDate>Wed, 23 Dec 2015 01:00:00 +0100</pubDate>
                <description>&lt;p&gt;When I was a kid, we used to collect &quot;car numbers&quot;, as we used to
call the car license plate numbers in those days.  I would write the
numbers down in my little book and compare notes with the other kids
to see how many region codes we had seen and if we had seen some
exotic or special region codes and numbers.  It was a fun game to pass
time, as we kids have plenty of it.&lt;/p&gt;

&lt;p&gt;A few days I came across
&lt;a href=&quot;https://github.com/openalpr/openalpr&quot;&gt;the OpenALPR
project&lt;/a&gt;, a free software project to automatically discover and
report license plates in images and video streams, and provide the
&quot;car numbers&quot; in a machine readable format.  I&#39;ve been looking for
such system for a while now, because I believe it is a bad idea that the
&lt;a href=&quot;https://en.wikipedia.org/wiki/Automatic_number_plate_recognition&quot;&gt;automatic
number plate recognition&lt;/a&gt; tool only is available in the hands of
the powerful, and want it to be available also for the powerless to
even the score when it comes to surveillance and sousveillance.  I
discovered the developer
&lt;a href=&quot;https://bugs.debian.org/747509&quot;&gt;wanted to get the tool into
Debian&lt;/a&gt;, and as I too wanted it to be in Debian, I volunteered to
help him get it into shape to get the package uploaded into the Debian
archive.&lt;/p&gt;

&lt;p&gt;Today we finally managed to get the package into shape and uploaded
it into Debian, where it currently
&lt;a href=&quot;https://ftp-master.debian.org//new/openalpr_2.2.1-1.html&quot;&gt;waits
in the NEW queue&lt;/a&gt; for review by the Debian ftpmasters.&lt;/p&gt;

&lt;p&gt;I guess you are wondering why on earth such tool would be useful
for the common folks, ie those not running a large government
surveillance system?  Well, I plan to put it in a computer on my bike
and in my car, tracking the cars nearby and allowing me to be notified
when number plates on my watch list are discovered.  Another use case
was suggested by a friend of mine, who wanted to set it up at his home
to open the car port automatically when it discovered the plate on his
car.  When I mentioned it perhaps was a bit foolhardy to allow anyone
capable of placing his license plate number of a piece of cardboard to
open his car port, men replied that it was always unlocked anyway.  I
guess for such use case it make sense.  I am sure there are other use
cases too, for those with imagination and a vision.&lt;/p&gt;

&lt;p&gt;If you want to build your own version of the Debian package, check
out the upstream git source and symlink ./distros/debian to ./debian/
before running &quot;debuild&quot; to build the source.  Or wait a bit until the
package show up in unstable.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Using appstream with isenkram to install hardware related packages in Debian</title>
                <link>http://people.skolelinux.org/pere/blog/Using_appstream_with_isenkram_to_install_hardware_related_packages_in_Debian.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Using_appstream_with_isenkram_to_install_hardware_related_packages_in_Debian.html</guid>
                <pubDate>Sun, 20 Dec 2015 12:20:00 +0100</pubDate>
                <description>&lt;p&gt;Around three years ago, I created
&lt;a href=&quot;http://packages.qa.debian.org/isenkram&quot;&gt;the isenkram
system&lt;/a&gt; to get a more practical solution in Debian for handing
hardware related packages.  A GUI system in the isenkram package will
present a pop-up dialog when some hardware dongle supported by
relevant packages in Debian is inserted into the machine.  The same
lookup mechanism to detect packages is available as command line
tools in the isenkram-cli package.  In addition to mapping hardware,
it will also map kernel firmware files to packages and make it easy to
install needed firmware packages automatically.  The key for this
system to work is a good way to map hardware to packages, in other
words, allow packages to announce what hardware they will work
with.&lt;/p&gt;

&lt;p&gt;I started by providing data files in the isenkram source, and
adding code to download the latest version of these data files at run
time, to ensure every user had the most up to date mapping available.
I also added support for storing the mapping in the Packages file in
the apt repositories, but did not push this approach because while I
was trying to figure out how to best store hardware/package mappings,
&lt;a href=&quot;http://www.freedesktop.org/software/appstream/docs/&quot;&gt;the
appstream system&lt;/a&gt; was announced.  I got in touch and suggested to
add the hardware mapping into that data set to be able to use
appstream as a data source, and this was accepted at least for the
Debian version of appstream.&lt;/p&gt;

&lt;p&gt;A few days ago using appstream in Debian for this became possible,
and today I uploaded a new version 0.20 of isenkram adding support for
appstream as a data source for mapping hardware to packages.  The only
package so far using appstream to announce its hardware support is my
pymissile package.  I got help from Matthias Klumpp with figuring out
how do add the required
&lt;a href=&quot;https://appstream.debian.org/html/sid/main/metainfo/pymissile.html&quot;&gt;metadata
in pymissile&lt;/a&gt;.  I added a file debian/pymissile.metainfo.xml with
this content:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
&amp;lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&amp;gt;
&amp;lt;component&amp;gt;
  &amp;lt;id&amp;gt;pymissile&amp;lt;/id&amp;gt;
  &amp;lt;metadata_license&amp;gt;MIT&amp;lt;/metadata_license&amp;gt;
  &amp;lt;name&amp;gt;pymissile&amp;lt;/name&amp;gt;
  &amp;lt;summary&amp;gt;Control original Striker USB Missile Launcher&amp;lt;/summary&amp;gt;
  &amp;lt;description&amp;gt;
    &amp;lt;p&amp;gt;
      Pymissile provides a curses interface to control an original
      Marks and Spencer / Striker USB Missile Launcher, as well as a
      motion control script to allow a webcamera to control the
      launcher.
    &amp;lt;/p&amp;gt;
  &amp;lt;/description&amp;gt;
  &amp;lt;provides&amp;gt;
    &amp;lt;modalias&amp;gt;usb:v1130p0202d*&amp;lt;/modalias&amp;gt;
  &amp;lt;/provides&amp;gt;
&amp;lt;/component&amp;gt;
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The key for isenkram is the component/provides/modalias value,
which is a glob style match rule for hardware specific strings
(modalias strings) provided by the Linux kernel.  In this case, it
will map to all USB devices with vendor code 1130 and product code
0202.&lt;/p&gt;

&lt;p&gt;Note, it is important that the license of all the metadata files
are compatible to have permissions to aggregate them into archive wide
appstream files.  Matthias suggested to use MIT or BSD licenses for
these files.  A challenge is figuring out a good id for the data, as
it is supposed to be globally unique and shared across distributions
(in other words, best to coordinate with upstream what to use).  But
it can be changed later or, so we went with the package name as
upstream for this project is dormant.&lt;/p&gt;

&lt;p&gt;To get the metadata file installed in the correct location for the
mirror update scripts to pick it up and include its content the
appstream data source, the file must be installed in the binary
package under /usr/share/appdata/.  I did this by adding the following
line to debian/pymissile.install:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
debian/pymissile.metainfo.xml usr/share/appdata
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;With that in place, the command line tool isenkram-lookup will list
all packages useful on the current computer automatically, and the GUI
pop-up handler will propose to install the package not already
installed if a hardware dongle is inserted into the machine in
question.&lt;/p&gt;

&lt;p&gt;Details of the modalias field in appstream is available from the 
&lt;a href=&quot;https://wiki.debian.org/DEP-11&quot;&gt;DEP-11&lt;/a&gt; proposal.&lt;/p&gt;

&lt;p&gt;To locate the modalias values of all hardware present in a machine,
try running this command on the command line:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
cat $(find /sys/devices/|grep modalias)
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;To learn more about the isenkram system, please check out
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/tags/isenkram/&quot;&gt;my
blog posts tagged isenkram&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Bokhandeldistribusjon av boken Fri kultur av Lawrence Lessig</title>
                <link>http://people.skolelinux.org/pere/blog/Bokhandeldistribusjon_av_boken_Fri_kultur_av_Lawrence_Lessig.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Bokhandeldistribusjon_av_boken_Fri_kultur_av_Lawrence_Lessig.html</guid>
                <pubDate>Mon, 14 Dec 2015 12:10:00 +0100</pubDate>
                <description>&lt;p&gt;&lt;strong&gt;Besøk
&lt;a href=&quot;https://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html&quot;&gt;lulu.com&lt;/a&gt;
eller
&lt;a href=&quot;https://www.amazon.com/Fri-kultur-Norwegian-Lawrence-Lessig/dp/8269018236/&quot;&gt;Amazon&lt;/a&gt;
for å kjøpe boken på papir, eller last ned ebook som
&lt;a href=&quot;https://github.com/petterreinholdtsen/free-culture-lessig/raw/master/archive/freeculture.nb.pdf&quot;&gt;PDF&lt;/a&gt;,
&lt;a href=&quot;https://github.com/petterreinholdtsen/free-culture-lessig/raw/master/archive/freeculture.nb.epub&quot;&gt;ePub&lt;/a&gt;
eller
&lt;a href=&quot;https://github.com/petterreinholdtsen/free-culture-lessig/raw/master/archive/freeculture.nb.mobi&quot;&gt;MOBI&lt;/a&gt;
fra
&lt;a href=&quot;https://github.com/petterreinholdtsen/free-culture-lessig/&quot;&gt;github&lt;/a&gt;.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Jeg ble gledelig overrasket i dag da jeg oppdaget at boken jeg har
gitt ut
&lt;a href=&quot;https://www.amazon.com/Fri-kultur-Norwegian-Lawrence-Lessig/dp/8269018236/&quot;&gt;hadde
dukket opp i Amazon&lt;/a&gt;.  Jeg hadde trodd det skulle ta lenger tid, da
jeg fikk beskjed om at det skulle ta seks til åtte uker.
Amazonoppføringen er et resultat av at jeg for noen uker siden
diskuterte prissetting og håndtering av profitt med forfatteren.  Det
måtte avklares da bruksvilkårene til boken har krav om
ikke-kommersiell bruk.  Vi ble enige om at overskuddet fra salg av
boken skal sendes til
&lt;a href=&quot;https://creativecommons.org/&quot;&gt;Creative Commons-stiftelsen&lt;/a&gt;.
Med det på plass kunne jeg be
&lt;a href=&quot;https://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-22441576.html&quot;&gt;lulu.com&lt;/a&gt;
om å gi boken «utvidet» distribusjon.  Årsaken til at
bokhandeldistribusjon var litt utfordrende er at bokhandlere krever
mulighet for profitt på bøkene de selger (selvfølgelig), og dermed
måtte de få lov til å selge til høyere pris enn lulu.com.  I tillegg
er det krav om samme pris på lulu.com og i bokhandlene, dermed blir
prisen økt også hos lulu.com.  Hva skulle jeg gjøre med den profitten
uten å bryte med klausulen om ikkekommersiell?  Løsningen var å gi
bort profitten til CC-stiftelsen.  Prisen på boken ble nesten
tredoblet, til $19.99 (ca. 160,-) pluss frakt, men synligheten øker
betraktelig når den kan finnes i katalogene til store nettbokhandlere.
Det betyr at hvis du allerede har kjøpt boken har du fått den veldig
billig, og kjøper du den nå, får du den fortsatt billig samt donerer i
tillegg noen tiere til fremme av Creative Commons.&lt;/p&gt;

&lt;p&gt;Mens jeg var i gang med å titte etter informasjon om boken 
oppdaget jeg  at den også var dukket opp på
&lt;a href=&quot;https://books.google.no/books?id=uKUGCwAAQBAJ&quot;&gt;Google
Books&lt;/a&gt;, der en kan lese den på web.  PDF-utgaven har ennå ikke
dukket opp hos &lt;a href=&quot;https://www.nb.no/&quot;&gt;Nasjonalbiblioteket&lt;/a&gt;,
men det regner jeg med kommer på plass i løpet av noen uker.  Boken er
heller ikke dukket opp hos
&lt;a href=&quot;https://www.barnesandnoble.com/&quot;&gt;Barnes &amp; Noble&lt;/a&gt; ennå, men
jeg antar det bare er et tidsspørsmål før dette er på plass.&lt;/p&gt;

&lt;p&gt;Boken er dessverre ikke tilgjengelig fra norske bokhandlere, og
kommer neppe til å bli det med det første.  Årsaken er at for å få det
til måtte jeg personlig håndtere bestilling av bøker, hvilket jeg ikke
er interessert i å bruke tid på.  Jeg kunne betalt ca 2000,- til
&lt;a href=&quot;http://www.bokbasen.no/&quot;&gt;den norske bokbasen&lt;/a&gt;, en felles
database over bøker tilgjengelig for norske bokhandlere, for å få en
oppføring der, men da måtte jeg tatt imot bestillinger på epost og
sendt ut bøker selv.  Det ville krevd at jeg var klar til å
sende ut bøker på kort varsel, dvs. holdt meg med ekstra bøker,
konvolutter og frimerker.  Bokbasen har visst ikke opplegg for å be
bokhandlene bestille direkte via web, så jeg droppet oppføring der.
Jeg har spurt Haugen bok og Tronsmo direkte på epost om de er
interessert i å ta inn boken i sin bestillingskatalog, men ikke fått
svar, så jeg antar de ikke er interessert.  Derimot har jeg fått en
hyggelig henvendelse fra Biblioteksentralen som fortalte at de har
lagt den inn i sin database slik at deres bibliotekskunder enkelt kan
bestille den via dem.&lt;/p&gt;

&lt;p&gt;Boken er i følge
&lt;a href=&quot;http://bibsys-almaprimo.hosted.exlibrisgroup.com/primo_library/libweb/action/display.do?tabs=detailsTab&amp;ct=display&amp;fn=search&amp;doc=BIBSYS_ILS71518423420002201&amp;indx=1&amp;recIds=BIBSYS_ILS71518423420002201&amp;recIdxs=0&amp;elementId=0&amp;renderMode=poppedOut&amp;displayMode=full&amp;frbrVersion=&amp;dscnt=0&amp;tab=library_catalogue&amp;dstmp=1448543801124&amp;vl(freeText0)=fri%20kultur&amp;vid=UBO&amp;mode=Basic&quot;&gt;Bibsys/Oria&lt;/a&gt;
og bokdatabasen til
&lt;a href=&quot;https://www.deich.folkebibl.no/cgi-bin/websok?tnr=1819617&quot;&gt;Deichmanske&lt;/a&gt;
tilgjengelig fra flere biblioteker allerede, og alle eksemplarer er
visst allerede utlånt med ventetid.  Det synes jeg er veldig gledelig
å se.  Jeg håper mange kommer til å lese boken.  Jeg tror den er
spesielt egnet for foreldre og bekjente av oss nerder for å forklare
hva slags problemer vi ser med dagens opphavsrettsregime.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>The GNU General Public License is not magic pixie dust</title>
                <link>http://people.skolelinux.org/pere/blog/The_GNU_General_Public_License_is_not_magic_pixie_dust.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/The_GNU_General_Public_License_is_not_magic_pixie_dust.html</guid>
                <pubDate>Mon, 30 Nov 2015 09:55:00 +0100</pubDate>
                <description>&lt;p&gt;A blog post from my fellow Debian developer Paul Wise titled
&quot;&lt;a href=&quot;http://bonedaddy.net/pabs3/log/2015/11/27/sfc-supporter/&quot;&gt;The
GPL is not magic pixie dust&lt;/a&gt;&quot; explain the importance of making sure
the &lt;a href=&quot;http://www.gnu.org/copyleft/gpl.html&quot;&gt;GPL&lt;/a&gt; is enforced.
I quote the blog post from Paul in full here with his permission:&lt;p&gt;

&lt;blockquote&gt;

&lt;p&gt;&lt;a href=&quot;https://sfconservancy.org/supporter/&quot;&gt;&lt;img src=&quot;https://sfconservancy.org/img/supporter-badge.png&quot; width=&quot;194&quot; height=&quot;90&quot; alt=&quot;Become a Software Freedom Conservancy Supporter!&quot; align=&quot;right&quot; border=&quot;0&quot; /&gt;&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
The GPL is not magic pixie dust. It does not work by itself.&lt;br/&gt;

The first step is to choose a
&lt;a href=&quot;https://copyleft.org/&quot;&gt;copyleft&lt;/a&gt; license for your
code.&lt;br/&gt;

The next step is, when someone fails to follow that copyleft license,
&lt;b&gt;it must be enforced&lt;/b&gt;&lt;br/&gt;

and its a simple fact of our modern society that such type of
work&lt;br/&gt;

is incredibly expensive to do and incredibly difficult to do.
&lt;/blockquote&gt;

&lt;p&gt;&lt;small&gt;-- &lt;a href=&quot;http://ebb.org/bkuhn/&quot;&gt;Bradley Kuhn&lt;/a&gt;, in
&lt;a href=&quot;http://faif.us/&quot; title=&quot;Free as in Freedom&quot;&gt;FaiF&lt;/a&gt;
&lt;a href=&quot;http://faif.us/cast/2015/nov/24/0x57/&quot;&gt;episode
0x57&lt;/a&gt;&lt;/small&gt;&lt;/p&gt;

&lt;p&gt;As the Debian Website
&lt;a href=&quot;https://bugs.debian.org/794116&quot;&gt;used&lt;/a&gt;
&lt;a href=&quot;https://anonscm.debian.org/viewvc/webwml/webwml/english/intro/free.wml?r1=1.24&amp;amp;r2=1.25&quot;&gt;to&lt;/a&gt;
imply, public domain and permissively licensed software can lead to
the production of more proprietary software as people discover useful
software, extend it and or incorporate it into their hardware or
software products.  Copyleft licenses such as the GNU GPL were created
to close off this avenue to the production of proprietary software but
such licenses are not enough.  With the ongoing adoption of Free
Software by individuals and groups, inevitably the community&#39;s
expectations of license compliance are violated, usually out of
ignorance of the way Free Software works, but not always.  As Karen
and Bradley explained in &lt;a href=&quot;http://faif.us/&quot; title=&quot;Free as in
Freedom&quot;&gt;FaiF&lt;/a&gt;
&lt;a href=&quot;http://faif.us/cast/2015/nov/24/0x57/&quot;&gt;episode 0x57&lt;/a&gt;,
copyleft is nothing if no-one is willing and able to stand up in court
to protect it.  The reality of today&#39;s world is that legal
representation is expensive, difficult and time consuming.  With
&lt;a href=&quot;http://gpl-violations.org/&quot;&gt;gpl-violations.org&lt;/a&gt; in hiatus
&lt;a href=&quot;http://gpl-violations.org/news/20151027-homepage-recovers/&quot;&gt;until&lt;/a&gt;
some time in 2016, the &lt;a href=&quot;https://sfconservancy.org/&quot;&gt;Software
Freedom Conservancy&lt;/a&gt; (a tax-exempt charity) is the major defender
of the Linux project, Debian and other groups against GPL violations.
In March the SFC supported a
&lt;a href=&quot;https://sfconservancy.org/news/2015/mar/05/vmware-lawsuit/&quot;&gt;lawsuit
by Christoph Hellwig&lt;/a&gt; against VMware for refusing to
&lt;a href=&quot;https://sfconservancy.org/linux-compliance/vmware-lawsuit-faq.html&quot;&gt;comply
with the GPL&lt;/a&gt; in relation to their use of parts of the Linux
kernel.  Since then two of their sponsors pulled corporate funding and
conferences
&lt;a href=&quot;https://sfconservancy.org/blog/2015/nov/24/faif-carols-fundraiser/&quot;&gt;blocked
or cancelled their talks&lt;/a&gt;.  As a result they have decided to rely
less on corporate funding and more on the broad community of
individuals who support Free Software and copyleft.  So the SFC has
&lt;a href=&quot;https://sfconservancy.org/news/2015/nov/23/2015fundraiser/&quot;&gt;launched&lt;/a&gt;
a &lt;a href=&quot;https://sfconservancy.org/supporter/&quot;&gt;campaign&lt;/a&gt; to create
a community of folks who stand up for copyleft and the GPL by
supporting their work on promoting and supporting copyleft and Free
Software.&lt;/p&gt;

&lt;p&gt;If you support Free Software,
&lt;a href=&quot;https://sfconservancy.org/blog/2015/nov/26/like-what-I-do/&quot;&gt;like&lt;/a&gt;
what the SFC do, agree with their
&lt;a href=&quot;https://sfconservancy.org/linux-compliance/principles.html&quot;&gt;compliance
principles&lt;/a&gt;, are happy about their
&lt;a href=&quot;https://sfconservancy.org/supporter/&quot;&gt;successes&lt;/a&gt; in 2015,
work on a project that is an SFC
&lt;a href=&quot;https://sfconservancy.org/members/current/&quot;&gt;member&lt;/a&gt; and or
just want to stand up for copyleft, please join
&lt;a href=&quot;https://identi.ca/cwebber/image/JQGPA4qbTyyp3-MY8QpvuA&quot;&gt;Christopher
Allan Webber&lt;/a&gt;,
&lt;a href=&quot;https://sfconservancy.org/blog/2015/nov/24/faif-carols-fundraiser/&quot;&gt;Carol
Smith&lt;/a&gt;,
&lt;a href=&quot;http://www.jonobacon.org/2015/11/25/supporting-software-freedom-conservancy/&quot;&gt;Jono
Bacon&lt;/a&gt;, myself and
&lt;a href=&quot;https://sfconservancy.org/sponsors/#supporters&quot;&gt;others&lt;/a&gt; in
becoming a
&lt;a href=&quot;https://sfconservancy.org/supporter/&quot;&gt;supporter&lt;/a&gt;.  For the
next week your donation will be
&lt;a href=&quot;https://sfconservancy.org/news/2015/nov/27/black-friday/&quot;&gt;matched&lt;/a&gt;
by an anonymous donor.  Please also consider asking your employer to
match your donation or become a sponsor of SFC.  Don&#39;t forget to
spread the word about your support for SFC via email, your blog and or
social media accounts.&lt;/p&gt;

&lt;/blockquote&gt;

&lt;p&gt;I agree with Paul on this topic and just signed up as a Supporter
of Software Freedom Conservancy myself.  Perhaps you should be a
supporter too?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>PGP key transition statement for key EE4E02F9</title>
                <link>http://people.skolelinux.org/pere/blog/PGP_key_transition_statement_for_key_EE4E02F9.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/PGP_key_transition_statement_for_key_EE4E02F9.html</guid>
                <pubDate>Tue, 17 Nov 2015 10:50:00 +0100</pubDate>
                <description>&lt;p&gt;I&#39;ve needed a new OpenPGP key for a while, but have not had time to
set it up properly.  I wanted to generate it offline and have it
available on &lt;a href=&quot;http://shop.kernelconcepts.de/#openpgp&quot;&gt;a OpenPGP
smart card&lt;/a&gt; for daily use, and learning how to do it and finding
time to sit down with an offline machine almost took forever.  But
finally I&#39;ve been able to complete the process, and have now moved
from my old GPG key to a new GPG key.  See
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/images/2015-11-17-new-gpg-key-transition.txt&quot;&gt;the
full transition statement, signed with both my old and new key&lt;/a&gt; for
the details.  This is my new key:&lt;/p&gt;

&lt;pre&gt;
pub   3936R/&lt;a href=&quot;http://pgp.cs.uu.nl/stats/111D6B29EE4E02F9.html&quot;&gt;111D6B29EE4E02F9&lt;/a&gt; 2015-11-03 [expires: 2019-11-14]
      Key fingerprint = 3AC7 B2E3 ACA5 DF87 78F1  D827 111D 6B29 EE4E 02F9
uid                  Petter Reinholdtsen &amp;lt;pere@hungry.com&amp;gt;
uid                  Petter Reinholdtsen &amp;lt;pere@debian.org&amp;gt;
sub   4096R/87BAFB0E 2015-11-03 [expires: 2019-11-02]
sub   4096R/F91E6DE9 2015-11-03 [expires: 2019-11-02]
sub   4096R/A0439BAB 2015-11-03 [expires: 2019-11-02]
&lt;/pre&gt;

&lt;p&gt;The key can be downloaded from the OpenPGP key servers, signed by
my old key.&lt;/p&gt;

&lt;p&gt;If you signed my old key
(&lt;a href=&quot;http://pgp.cs.uu.nl/stats/DB4CCC4B2A30D729.html&quot;&gt;DB4CCC4B2A30D729&lt;/a&gt;),
I&#39;d very much appreciate a signature on my new key, details and
instructions in the transition statement. I m happy to reciprocate if
you have a similarly signed transition statement to present.&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>