1 <?xml version=
"1.0" encoding=
"ISO-8859-1"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries from November
2016</title>
5 <description>Entries from November
2016</description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
10 <title>How to talk with your loved ones in private
</title>
11 <link>http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html
</guid>
13 <pubDate>Mon,
7 Nov
2016 10:
25:
00 +
0100</pubDate>
14 <description><p
>A few days ago I ran a very biased and informal survey to get an
15 idea about what options are being used to communicate with end to end
16 encryption with friends and family. I explicitly asked people not to
17 list options only used in a work setting. The background is the
18 uneasy feeling I get when using Signal, a feeling shared by others as
19 a blog post from Sander Venima about
20 <a href=
"https://sandervenema.ch/
2016/
11/why-i-wont-recommend-signal-anymore/
">why
21 he do not recommend Signal anymore
</a
> (with
22 <a href=
"https://news.ycombinator.com/item?id=
12883410">feedback from
23 the Signal author available from ycombinator
</a
>). I wanted an
24 overview of the options being used, and hope to include those options
25 in a less biased survey later on. So far I have not taken the time to
26 look into the individual proposed systems. They range from text
27 sharing web pages, via file sharing and email to instant messaging,
28 VOIP and video conferencing. For those considering which system to
29 use, it is also useful to have a look at
30 <a href=
"https://www.eff.org/secure-messaging-scorecard
">the EFF Secure
31 messaging scorecard
</a
> which is slightly out of date but still
32 provide valuable information.
</p
>
34 <p
>So, on to the list. There were some used by many, some used by a
35 few, some rarely used ones and a few mentioned but without anyone
36 claiming to use them. Notice the grouping is in realty quite random
37 given the biased self selected set of participants. First the ones
38 used by many:
</p
>
42 <li
><a href=
"https://whispersystems.org/
">Signal
</a
></li
>
43 <li
>Email w/
<a href=
"http://openpgp.org/
">OpenPGP
</a
> (Enigmail, GPGSuite,etc)
</li
>
44 <li
><a href=
"https://www.whatsapp.com/
">Whatsapp
</a
></li
>
45 <li
>IRC w/
<a href=
"https://otr.cypherpunks.ca/
">OTR
</a
></li
>
46 <li
>XMPP w/
<a href=
"https://otr.cypherpunks.ca/
">OTR
</a
></li
>
50 <p
>Then the ones used by a few.
</p
>
54 <li
><a href=
"https://wiki.mumble.info/wiki/Main_Page
">Mumble
</a
></li
>
55 <li
>iMessage (included in iOS from Apple)
</li
>
56 <li
><a href=
"https://telegram.org/
">Telegram
</a
></li
>
57 <li
><a href=
"https://jitsi.org/
">Jitsi
</a
></li
>
58 <li
><a href=
"https://keybase.io/download
">Keybase file
</a
></li
>
62 <p
>Then the ones used by even fewer people
</p
>
66 <li
><a href=
"https://ring.cx/
">Ring
</a
></li
>
67 <li
><a href=
"https://bitmessage.org/
">Bitmessage
</a
></li
>
68 <li
><a href=
"https://wire.com/
">Wire
</a
></li
>
69 <li
>VoIP w/
<a href=
"https://en.wikipedia.org/wiki/ZRTP
">ZRTP
</a
> or controlled
<a href=
"https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol
">SRTP
</a
> (e.g using
<a href=
"https://en.wikipedia.org/wiki/CSipSimple
">CSipSimple
</a
>,
<a href=
"https://en.wikipedia.org/wiki/Linphone
">Linphone
</a
>)
</li
>
70 <li
><a href=
"https://matrix.org/
">Matrix
</a
></li
>
71 <li
><a href=
"https://kontalk.org/
">Kontalk
</a
></li
>
72 <li
><a href=
"https://
0bin.net/
">0bin
</a
> (encrypted pastebin)
</li
>
73 <li
><a href=
"https://appear.in
">Appear.in
</a
></li
>
74 <li
><a href=
"https://riot.im/
">riot
</a
></li
>
75 <li
><a href=
"https://www.wickr.com/
">Wickr Me
</a
></li
>
79 <p
>And finally the ones mentioned by not marked as used by
80 anyone. This might be a mistake, perhaps the person adding the entry
81 forgot to flag it as used?
</p
>
85 <li
>Email w/Certificates
<a href=
"https://en.wikipedia.org/wiki/S/MIME
">S/MIME
</a
></li
>
86 <li
><a href=
"https://www.crypho.com/
">Crypho
</a
></li
>
87 <li
><a href=
"https://cryptpad.fr/
">CryptPad
</a
></li
>
88 <li
><a href=
"https://github.com/ricochet-im/ricochet
">ricochet
</a
></li
>
92 <p
>Given the network effect it seem obvious to me that we as a society
93 have been divided and conquered by those interested in keeping
94 encrypted and secure communication away from the masses. The
95 finishing remarks
<a href=
"https://vimeo.com/
97505679">from Aral Balkan
96 in his talk
"Free is a lie
"</a
> about the usability of free software
97 really come into effect when you want to communicate in private with
98 your friends and family. We can not expect them to allow the
99 usability of communication tool to block their ability to talk to
100 their loved ones.
</p
>
102 <p
>Note for example the option IRC w/OTR. Most IRC clients do not
103 have OTR support, so in most cases OTR would not be an option, even if
104 you wanted to. In my personal experience, about
1 in
20 I talk to
105 have a IRC client with OTR. For private communication to really be
106 available, most people to talk to must have the option in their
107 currently used client. I can not simply ask my family to install an
108 IRC client. I need to guide them through a technical multi-step
109 process of adding extensions to the client to get them going. This is
110 a non-starter for most.
</p
>
112 <p
>I would like to be able to do video phone calls, audio phone calls,
113 exchange instant messages and share files with my loved ones, without
114 being forced to share with people I do not know. I do not want to
115 share the content of the conversations, and I do not want to share who
116 I communicate with or the fact that I communicate with someone.
117 Without all these factors in place, my private life is being more or
118 less invaded.
</p
>
123 <title>My own self balancing Lego Segway
</title>
124 <link>http://people.skolelinux.org/pere/blog/My_own_self_balancing_Lego_Segway.html
</link>
125 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/My_own_self_balancing_Lego_Segway.html
</guid>
126 <pubDate>Fri,
4 Nov
2016 10:
15:
00 +
0100</pubDate>
127 <description><p
>A while back I received a Gyro sensor for the NXT
128 <a href=
"mindstorms.lego.com
">Mindstorms
</a
> controller as a birthday
129 present. It had been on my wishlist for a while, because I wanted to
130 build a Segway like balancing lego robot. I had already built
131 <a href=
"http://www.nxtprograms.com/NXT2/segway/
">a simple balancing
132 robot
</a
> with the kids, using the light/color sensor included in the
133 NXT kit as the balance sensor, but it was not working very well. It
134 could balance for a while, but was very sensitive to the light
135 condition in the room and the reflective properties of the surface and
136 would fall over after a short while. I wanted something more robust,
138 <a href=
"https://www.hitechnic.com/cgi-bin/commerce.cgi?preadd=action
&key=NGY1044
">the
139 gyro sensor from HiTechnic
</a
> I believed would solve it on my
140 wishlist for some years before it suddenly showed up as a gift from my
141 loved ones. :)
</p
>
143 <p
>Unfortunately I have not had time to sit down and play with it
144 since then. But that changed some days ago, when I was searching for
145 lego segway information and came across a recipe from HiTechnic for
147 <a href=
"http://www.hitechnic.com/blog/gyro-sensor/htway/
">the
148 HTWay
</a
>, a segway like balancing robot. Build instructions and
149 <a href=
"https://www.hitechnic.com/upload/
786-HTWayC.nxc
">source
150 code
</a
> was included, so it was just a question of putting it all
151 together. And thanks to the great work of many Debian developers, the
152 compiler needed to build the source for the NXT is already included in
153 Debian, so I was read to go in less than an hour. The resulting robot
154 do not look very impressive in its simplicity:
</p
>
156 <p align=
"center
"><img width=
"70%
" src=
"http://people.skolelinux.org/pere/blog/images/
2016-
11-
04-lego-htway-robot.jpeg
"></p
>
158 <p
>Because I lack the infrared sensor used to control the robot in the
159 design from HiTechnic, I had to comment out the last task
160 (taskControl). I simply placed /* and */ around it get the program
161 working without that sensor present. Now it balances just fine until
162 the battery status run low:
</p
>
164 <p align=
"center
"><video width=
"70%
" controls=
"true
">
165 <source src=
"http://people.skolelinux.org/pere/blog/images/
2016-
11-
04-lego-htway-balancing.ogv
" type=
"video/ogg
">
166 </video
></p
>
168 <p
>Now we would like to teach it how to follow a line and take remote
169 control instructions using the included Bluetooth receiver in the NXT.
</p
>
171 <p
>If you, like me, love LEGO and want to make sure we find the tools
172 they need to work with LEGO in Debian and all our derivative
173 distributions like Ubuntu, check out
174 <a href=
"http://wiki.debian.org/LegoDesigners
">the LEGO designers
175 project page
</a
> and join the Debian LEGO team. Personally I own a
176 RCX and NXT controller (no EV3), and would like to make sure the
177 Debian tools needed to program the systems I own work as they
183 <title>Aktivitetsbånd som beskytter privatsfæren
</title>
184 <link>http://people.skolelinux.org/pere/blog/Aktivitetsb_nd_som_beskytter_privatsf_ren.html
</link>
185 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Aktivitetsb_nd_som_beskytter_privatsf_ren.html
</guid>
186 <pubDate>Thu,
3 Nov
2016 09:
55:
00 +
0100</pubDate>
187 <description><p
>Jeg ble så imponert over
188 <a href=
"https://www.nrk.no/norge/forbrukerradet-mener-aktivitetsarmband-strider-mot-norsk-lov-
1.13209079">dagens
189 gladnyhet på NRK
</a
>, om at Forbrukerrådet klager inn vilkårene for
190 bruk av aktivitetsbånd fra Fitbit, Garmin, Jawbone og Mio til
191 Datatilsynet og forbrukerombudet, at jeg sendte følgende brev til
192 forbrukerrådet for å uttrykke min støtte:
196 <p
>Jeg ble veldig glad over å lese at Forbrukerrådet
197 <a href=
"http://www.forbrukerradet.no/siste-nytt/klager-inn-aktivitetsarmband-for-brudd-pa-norsk-lov/
">klager
198 inn flere aktivitetsbånd til Datatilsynet for dårlige vilkår
</a
>. Jeg
199 har ønsket meg et aktivitetsbånd som kan måle puls, bevegelse og
200 gjerne også andre helserelaterte indikatorer en stund nå. De eneste
201 jeg har funnet i salg gjør, som dere også har oppdaget, graverende
202 inngrep i privatsfæren og sender informasjonen ut av huset til folk og
203 organisasjoner jeg ikke ønsker å dele aktivitets- og helseinformasjon
204 med. Jeg ønsker et alternativ som
<em
>ikke
</em
> sender informasjon til
205 skyen, men derimot bruker
206 <a href=
"http://people.skolelinux.org/pere/blog/Fri_og__pen_standard__slik_Digistan_ser_det.html
">en
207 fritt og åpent standardisert
</a
> protokoll (eller i det minste en
208 dokumentert protokoll uten patent- og opphavsrettslige
209 bruksbegrensinger) til å kommunisere med datautstyr jeg kontrollerer.
210 Er jo ikke interessert i å betale noen for å tilrøve seg
211 personopplysninger fra meg. Desverre har jeg ikke funnet noe
212 alternativ så langt.
</p
>
214 <p
>Det holder ikke å endre på bruksvilkårene for enhetene, slik
215 Datatilsynet ofte legger opp til i sin behandling, når de gjør slik
216 f.eks. Fitbit (den jeg har sett mest på). Fitbit krypterer
217 informasjonen på enheten og sender den kryptert til leverandøren. Det
218 gjør det i praksis umulig både å sjekke hva slags informasjon som
219 sendes over, og umulig å ta imot informasjonen selv i stedet for
220 Fitbit. Uansett hva slags historie som forteller i bruksvilkårene er
221 en jo både prisgitt leverandørens godvilje og at de ikke tvinges av
222 sitt lands myndigheter til å lyve til sine kunder om hvorvidt
223 personopplysninger spres ut over det bruksvilkårene sier. Det er
224 veldokumentert hvordan f.eks. USA tvinger selskaper vha. såkalte
225 National security letters til å utlevere personopplysninger samtidig
226 som de ikke får lov til å fortelle dette til kundene sine.
</p
>
228 <p
>Stå på, jeg er veldig glade for at dere har sett på saken. Vet
229 dere om aktivitetsbånd i salg i dag som ikke tvinger en til å utlevere
230 aktivitets- og helseopplysninger med leverandøren?
</p
>
234 <p
>Jeg håper en konkurrent som respekterer kundenes privatliv klarer å
235 nå opp i markedet, slik at det finnes et reelt alternativ for oss som
236 har full tillit til at skyleverandører vil prioritere egen inntjening
237 og myndighetspålegg langt foran kundenes rett til privatliv. Jeg har
238 ingen tiltro til at Datatilsynet vil kreve noe mer enn at vilkårene
239 endres slik at de forklarer eksplisitt i hvor stor grad bruk av
240 produktene utraderer privatsfæren til kundene. Det vil nok gjøre de
241 innklagede armbåndene «lovlige», men fortsatt tvinge kundene til å
242 dele sine personopplysninger med leverandøren.
</p
>
projects / homepage.git / blob