Converted pages to temp site.

[homepage.git] / blog / archive / 2016 / 01 / 01.rss

<?xml version="1.0" encoding="ISO-8859-1"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
        <channel>
                <title>Petter Reinholdtsen - Entries from January 2016</title>
                <description>Entries from January 2016</description>
                <link>https://www.hungry.com/~pere/blog/</link>

        
        <item>
                <title>Creepy, visualise geotagged social media information - nice free software</title>
                <link>https://www.hungry.com/~pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html</link>        
                <guid isPermaLink="true">https://www.hungry.com/~pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html</guid>
                <pubDate>Sun, 24 Jan 2016 10:50:00 +0100</pubDate>
                <description>&lt;p&gt;Most people seem not to realise that every time they walk around
with the computerised radio beacon known as a mobile phone their
position is tracked by the phone company and often stored for a long
time (like every time a SMS is received or sent).  And if their
computerised radio beacon is capable of running programs (often called
mobile apps) downloaded from the Internet, these programs are often
also capable of tracking their location (if the app requested access
during installation).  And when these programs send out information to
central collection points, the location is often included, unless
extra care is taken to not send the location.  The provided
information is used by several entities, for good and bad (what is
good and bad, depend on your point of view).  What is certain, is that
the private sphere and the right to free movement is challenged and
perhaps even eradicated for those announcing their location this way,
when they share their whereabouts with private and public
entities.&lt;/p&gt;

&lt;p align=&quot;center&quot;&gt;&lt;img width=&quot;70%&quot; src=&quot;https://people.skolelinux.org/pere/blog/images/2016-01-24-nice-creepy-desktop-window.png&quot;&gt;&lt;/p&gt;

&lt;p&gt;The phone company logs provide a register of locations to check out
when one want to figure out what the tracked person was doing.  It is
unavailable for most of us, but provided to selected government
officials, company staff, those illegally buying information from
unfaithful servants and crackers stealing the information.  But the
public information can be collected and analysed, and a free software
tool to do so is called
&lt;a href=&quot;http://www.geocreepy.com/&quot;&gt;Creepy or Cree.py&lt;/a&gt;.  I
discovered it when I read
&lt;a href=&quot;http://www.aftenposten.no/kultur/Slik-kan-du-bli-overvaket-pa-Twitter-og-Instagram-uten-a-ane-det-7787884.html&quot;&gt;an
article about Creepy&lt;/a&gt; in the Norwegian newspaper Aftenposten i
November 2014, and decided to check if it was available in Debian.
The python program was in Debian, but
&lt;a href=&quot;https://tracker.debian.org/pkg/creepy&quot;&gt;the version in
Debian&lt;/a&gt; was completely broken and practically unmaintained.  I
uploaded a new version which did not work quite right, but did not
have time to fix it then.  This Christmas I decided to finally try to
get Creepy operational in Debian.  Now a fixed version is available in
Debian unstable and testing, and almost all Debian specific patches
are now included
&lt;a href=&quot;https://github.com/jkakavas/creepy&quot;&gt;upstream&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The Creepy program visualises geolocation information fetched from
Twitter, Instagram, Flickr and Google+, and allow one to get a
complete picture of every social media message posted recently in a
given area, or track the movement of a given individual across all
these services.  Earlier it was possible to use the search API of at
least some of these services without identifying oneself, but these
days it is impossible.  This mean that to use Creepy, you need to
configure it to log in as yourself on these services, and provide
information to them about your search interests.  This should be taken
into account when using Creepy, as it will also share information
about yourself with the services.&lt;/p&gt;

&lt;p&gt;The picture above show the twitter messages sent from (or at least
geotagged with a position from) the city centre of Oslo, the capital
of Norway.  One useful way to use Creepy is to first look at
information tagged with an area of interest, and next look at all the
information provided by one or more individuals who was in the area.
I tested it by checking out which celebrity provide their location in
twitter messages by checkout out who sent twitter messages near a
Norwegian TV station, and next could track their position over time,
making it possible to locate their home and work place, among other
things.  A similar technique have been
&lt;a href=&quot;http://www.buzzfeed.com/maxseddon/does-this-soldiers-instagram-account-prove-russia-is-covertl&quot;&gt;used
to locate Russian soldiers in Ukraine&lt;/a&gt;, and it is both a powerful
tool to discover lying governments, and a useful tool to help people
understand the value of the private information they provide to the
public.&lt;/p&gt;

&lt;p&gt;The package is not trivial to backport to Debian Stable/Jessie, as
it depend on several python modules currently missing in Jessie (at
least python-instagram, python-flickrapi and
python-requests-toolbelt).&lt;/p&gt;

&lt;p&gt;(I have uploaded
&lt;a href=&quot;https://screenshots.debian.net/package/creepy&quot;&gt;the image to
screenshots.debian.net&lt;/a&gt; and licensed it under the same terms as the
Creepy program in Debian.)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Always download Debian packages using Tor - the simple recipe</title>
                <link>https://www.hungry.com/~pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</link>        
                <guid isPermaLink="true">https://www.hungry.com/~pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</guid>
                <pubDate>Fri, 15 Jan 2016 00:30:00 +0100</pubDate>
                <description>&lt;p&gt;During his DebConf15 keynote, Jacob Appelbaum
&lt;a href=&quot;https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/&quot;&gt;observed
that those listening on the Internet lines would have good reason to
believe a computer have a given security hole&lt;/a&gt; if it download a
security fix from a Debian mirror.  This is a good reason to always
use encrypted connections to the Debian mirror, to make sure those
listening do not know which IP address to attack.  In August, Richard
Hartmann observed that encryption was not enough, when it was possible
to interfere download size to security patches or the fact that
download took place shortly after a security fix was released, and
&lt;a href=&quot;http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/&quot;&gt;proposed
to always use Tor to download packages from the Debian mirror&lt;/a&gt;.  He
was not the first to propose this, as the
&lt;tt&gt;&lt;a href=&quot;https://tracker.debian.org/pkg/apt-transport-tor&quot;&gt;apt-transport-tor&lt;/a&gt;&lt;/tt&gt;
package by Tim Retout already existed to make it easy to convince apt
to use &lt;a href=&quot;https://www.torproject.org/&quot;&gt;Tor&lt;/a&gt;, but I was not
aware of that package when I read the blog post from Richard.&lt;/p&gt;

&lt;p&gt;Richard discussed the idea with Peter Palfrader, one of the Debian
sysadmins, and he set up a Tor hidden service on one of the central
Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
it possible to download packages directly between two tor nodes,
making sure the network traffic always were encrypted.&lt;/p&gt;

&lt;p&gt;Here is a short recipe for enabling this on your machine, by
installing &lt;tt&gt;apt-transport-tor&lt;/tt&gt; and replacing http and https
urls with tor+http and tor+https, and using the hidden service instead
of the official Debian mirror site.  I recommend installing
&lt;tt&gt;etckeeper&lt;/tt&gt; before you start to have a history of the changes
done in /etc/.&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
apt install apt-transport-tor
sed -i &#39;s% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%&#39; /etc/apt/sources.list
sed -i &#39;s% http% tor+http%&#39; /etc/apt/sources.list
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;If you have more sources listed in /etc/apt/sources.list.d/, run
the sed commands for these too.  The sed command is assuming your are
using the ftp.debian.org Debian mirror.  Adjust the command (or just
edit the file manually) to match your mirror.&lt;/p&gt;

&lt;p&gt;This work in Debian Jessie and later.  Note that tools like
&lt;tt&gt;apt-file&lt;/tt&gt; only recently started using the apt transport
system, and do not work with these tor+http URLs.  For
&lt;tt&gt;apt-file&lt;/tt&gt; you need the version currently in experimental,
which need a recent apt version currently only in unstable.  So if you
need a working &lt;tt&gt;apt-file&lt;/tt&gt;, this is not for you.&lt;/p&gt;

&lt;p&gt;Another advantage from this change is that your machine will start
using Tor regularly and at fairly random intervals (every time you
update the package lists or upgrade or install a new package), thus
masking other Tor traffic done from the same machine.  Using Tor will
become normal for the machine in question.&lt;/p&gt;

&lt;p&gt;On &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox&lt;/a&gt;, APT
is set up by default to use &lt;tt&gt;apt-transport-tor&lt;/tt&gt; when Tor is
enabled.  It would be great if it was the default on any Debian
system.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Nedlasting fra NRK, som Matroska med undertekster</title>
                <link>https://www.hungry.com/~pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html</link>        
                <guid isPermaLink="true">https://www.hungry.com/~pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html</guid>
                <pubDate>Sat, 2 Jan 2016 13:50:00 +0100</pubDate>
                <description>&lt;p&gt;Det kommer stadig nye løsninger for å ta lagre unna innslag fra NRK
for å se på det senere.  For en stund tilbake kom jeg over et script
nrkopptak laget av Ingvar Hagelund.  Han fjernet riktignok sitt script
etter forespørsel fra Erik Bolstad i NRK, men noen tok heldigvis og
gjorde det &lt;a href=&quot;https://github.com/liangqi/nrkopptak&quot;&gt;tilgjengelig
via github&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Scriptet kan lagre som MPEG4 eller Matroska, og bake inn
undertekster i fila på et vis som blant annet VLC forstår.  For å
bruke scriptet, kopier ned git-arkivet og kjør&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
nrkopptak/bin/nrk-opptak k &lt;ahref=&quot;https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-1/episode-1&quot;&gt;https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-1/episode-1&lt;/a&gt;
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;URL-eksemplet er dagens toppsak på tv.nrk.no.  Argument &#39;k&#39; ber
scriptet laste ned og lagre som Matroska.  Det finnes en rekke andre
muligheter for valg av kvalitet og format.&lt;/p&gt;

&lt;p&gt;Jeg foretrekker dette scriptet fremfor youtube-dl, som
&lt;a href=&quot;https://people.skolelinux.org/pere/blog/Hvordan_enkelt_laste_ned_filmer_fra_NRK_med_den__nye__l_sningen.html&quot;&gt;
nevnt i 2014 støtter NRK&lt;/a&gt; og en rekke andre videokilder, på grunn
av at nrkopptak samler undertekster og video i en enkelt fil, hvilket
gjør håndtering enklere på disk.&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>