1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet»
</title>
11 <link>http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html
</guid>
13 <pubDate>Tue,
27 Jun
2017 17:
50:
00 +
0200</pubDate>
14 <description><p
>Jeg kom over teksten
15 «
<a href=
"https://freedom-to-tinker.com/
2017/
06/
21/killing-car-privacy-by-federal-mandate/
">Killing
16 car privacy by federal mandate
</a
>» av Leonid Reyzin på Freedom to
17 Tinker i dag, og det gleder meg å se en god gjennomgang om hvorfor det
18 er et urimelig inngrep i privatsfæren å la alle biler kringkaste sin
19 posisjon og bevegelse via radio. Det omtalte forslaget basert på
20 Dedicated Short Range Communication (DSRC) kalles Basic Safety Message
21 (BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det
22 norske Vegvesenet er en av de som ser ut til å kunne tenke seg å
23 pålegge alle biler å fjerne nok en bit av innbyggernes privatsfære.
24 Anbefaler alle å lese det som står der.
26 <p
>Mens jeg tittet litt på DSRC på biler i Norge kom jeg over et sitat
27 jeg synes er illustrativt for hvordan det offentlige Norge håndterer
28 problemstillinger rundt innbyggernes privatsfære i SINTEF-rapporten
29 «
<a href=
"https://www.sintef.no/publikasjoner/publikasjon/Download/?pubid=SINTEF+A23933
">Informasjonssikkerhet
30 i AutoPASS-brikker
</a
>» av Trond Foss:
</p
>
32 <p
><blockquote
>
33 «Rapporten ser ikke på informasjonssikkerhet knyttet til personlig
35 </blockquote
></p
>
37 <p
>Så enkelt kan det tydeligvis gjøres når en vurderer
38 informasjonssikkerheten. Det holder vel at folkene på toppen kan si
39 at «Personvernet er ivaretatt», som jo er den populære intetsigende
40 frasen som gjør at mange tror enkeltindividers integritet tas vare på.
41 Sitatet fikk meg til å undres på hvor ofte samme tilnærming, å bare se
42 bort fra behovet for personlig itegritet, blir valgt når en velger å
43 legge til rette for nok et inngrep i privatsfæren til personer i
44 Norge. Det er jo sjelden det får reaksjoner. Historien om
45 reaksjonene på Helse Sør-Østs tjenesteutsetting er jo sørgelig nok et
46 unntak og toppen av isfjellet, desverre. Tror jeg fortsatt takker nei
47 til både AutoPASS og holder meg så langt unna det norske helsevesenet
48 som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter
49 individets privatsfære og personlige integritet høyere enn kortsiktig
50 gevist og samfunnsnytte.
</p
>
55 <title>Updated sales number for my Free Culture paper editions
</title>
56 <link>http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html
</link>
57 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html
</guid>
58 <pubDate>Mon,
12 Jun
2017 11:
40:
00 +
0200</pubDate>
59 <description><p
>It is pleasing to see that the work we put down in publishing new
60 editions of the classic
<a href=
"http://www.free-culture.cc/
">Free
61 Culture book
</a
> by the founder of the Creative Commons movement,
62 Lawrence Lessig, is still being appreciated. I had a look at the
63 latest sales numbers for the paper edition today. Not too impressive,
64 but happy to see some buyers still exist. All the revenue from the
65 books is sent to the
<a href=
"https://creativecommons.org/
">Creative
66 Commons Corporation
</a
>, and they receive the largest cut if you buy
67 directly from Lulu. Most books are sold via Amazon, with Ingram
68 second and only a small fraction directly from Lulu. The ebook
69 edition is available for free from
70 <a href=
"https://github.com/petterreinholdtsen/free-culture-lessig
">Github
</a
>.
</p
>
72 <table border=
"0">
73 <tr
><th rowspan=
"2" valign=
"bottom
">Title / language
</th
><th colspan=
"3">Quantity
</th
></tr
>
74 <tr
><th
>2016 jan-jun
</th
><th
>2016 jul-dec
</th
><th
>2017 jan-may
</th
></tr
>
77 <td
><a href=
"http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-
22645082.html
">Culture Libre / French
</a
></td
>
78 <td align=
"right
">3</td
>
79 <td align=
"right
">6</td
>
80 <td align=
"right
">15</td
>
84 <td
><a href=
"http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-
22441576.html
">Fri kultur / Norwegian
</a
></td
>
85 <td align=
"right
">7</td
>
86 <td align=
"right
">1</td
>
87 <td align=
"right
">0</td
>
91 <td
><a href=
"http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-
22440520.html
">Free Culture / English
</a
></td
>
92 <td align=
"right
">14</td
>
93 <td align=
"right
">27</td
>
94 <td align=
"right
">16</td
>
98 <td
>Total
</td
>
99 <td align=
"right
">24</td
>
100 <td align=
"right
">34</td
>
101 <td align=
"right
">31</td
>
106 <p
>A bit sad to see the low sales number on the Norwegian edition, and
107 a bit surprising the English edition still selling so well.
</p
>
109 <p
>If you would like to translate and publish the book in your native
110 language, I would be happy to help make it happen. Please get in
116 <title>Release
0.1.1 of free software archive system Nikita announced
</title>
117 <link>http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html
</link>
118 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html
</guid>
119 <pubDate>Sat,
10 Jun
2017 00:
40:
00 +
0200</pubDate>
120 <description><p
>I am very happy to report that the
121 <a href=
"https://github.com/hiOA-ABI/nikita-noark5-core
">Nikita Noark
5
122 core project
</a
> tagged its second release today. The free software
123 solution is an implementation of the Norwegian archive standard Noark
124 5 used by government offices in Norway. These were the changes in
125 version
0.1.1 since version
0.1.0 (from NEWS.md):
129 <li
>Continued work on the angularjs GUI, including document upload.
</li
>
130 <li
>Implemented correspondencepartPerson, correspondencepartUnit and
131 correspondencepartInternal
</li
>
132 <li
>Applied for coverity coverage and started submitting code on
133 regualr basis.
</li
>
134 <li
>Started fixing bugs reported by coverity
</li
>
135 <li
>Corrected and completed HATEOAS links to make sure entire API is
136 available via URLs in _links.
</li
>
137 <li
>Corrected all relation URLs to use trailing slash.
</li
>
138 <li
>Add initial support for storing data in ElasticSearch.
</li
>
139 <li
>Now able to receive and store uploaded files in the archive.
</li
>
140 <li
>Changed JSON output for object lists to have relations in _links.
</li
>
141 <li
>Improve JSON output for empty object lists.
</li
>
142 <li
>Now uses correct MIME type application/vnd.noark5-v4+json.
</li
>
143 <li
>Added support for docker container images.
</li
>
144 <li
>Added simple API browser implemented in JavaScript/Angular.
</li
>
145 <li
>Started on archive client implemented in JavaScript/Angular.
</li
>
146 <li
>Started on prototype to show the public mail journal.
</li
>
147 <li
>Improved performance by disabling Sprint FileWatcher.
</li
>
148 <li
>Added support for
'arkivskaper
',
'saksmappe
' and
'journalpost
'.
</li
>
149 <li
>Added support for some metadata codelists.
</li
>
150 <li
>Added support for Cross-origin resource sharing (CORS).
</li
>
151 <li
>Changed login method from Basic Auth to JSON Web Token (RFC
7519)
153 <li
>Added support for GET-ing ny-* URLs.
</li
>
154 <li
>Added support for modifying entities using PUT and eTag.
</li
>
155 <li
>Added support for returning XML output on request.
</li
>
156 <li
>Removed support for English field and class names, limiting ourself
157 to the official names.
</li
>
158 <li
>...
</li
>
162 <p
>If this sound interesting to you, please contact us on IRC (#nikita
163 on irc.freenode.net) or email
164 (
<a href=
"https://lists.nuug.no/mailman/listinfo/nikita-noark
">nikita-noark
165 mailing list).
</p
>
170 <title>Idea for storing trusted timestamps in a Noark
5 archive
</title>
171 <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html
</link>
172 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html
</guid>
173 <pubDate>Wed,
7 Jun
2017 21:
40:
00 +
0200</pubDate>
174 <description><p
><em
>This is a copy of
175 <a href=
"https://lists.nuug.no/pipermail/nikita-noark/
2017-June/
000297.html
">an
176 email I posted to the nikita-noark mailing list
</a
>. Please follow up
177 there if you would like to discuss this topic. The background is that
178 we are making a free software archive system based on the Norwegian
179 <a href=
"https://www.arkivverket.no/forvaltning-og-utvikling/regelverk-og-standarder/noark-standarden
">Noark
180 5 standard
</a
> for government archives.
</em
></p
>
182 <p
>I
've been wondering a bit lately how trusted timestamps could be
184 <a href=
"https://en.wikipedia.org/wiki/Trusted_timestamping
">Trusted
185 timestamps
</a
> can be used to verify that some information
186 (document/file/checksum/metadata) have not been changed since a
187 specific time in the past. This is useful to verify the integrity of
188 the documents in the archive.
</p
>
190 <p
>Then it occured to me, perhaps the trusted timestamps could be
191 stored as dokument variants (ie dokumentobjekt referered to from
192 dokumentbeskrivelse) with the filename set to the hash it is
195 <p
>Given a
"dokumentbeskrivelse
" with an associated
"dokumentobjekt
",
196 a new dokumentobjekt is associated with
"dokumentbeskrivelse
" with the
197 same attributes as the stamped dokumentobjekt except these
198 attributes:
</p
>
202 <li
>format -
> "RFC3161
"
203 <li
>mimeType -
> "application/timestamp-reply
"
204 <li
>formatDetaljer -
> "&lt;source URL for timestamp service
&gt;
"
205 <li
>filenavn -
> "&lt;sjekksum
&gt;.tsr
"
209 <p
>This assume a service following
210 <a href=
"https://tools.ietf.org/html/rfc3161
">IETF RFC
3161</a
> is
211 used, which specifiy the given MIME type for replies and the .tsr file
212 ending for the content of such trusted timestamp. As far as I can
213 tell from the Noark
5 specifications, it is OK to have several
214 variants/renderings of a dokument attached to a given
215 dokumentbeskrivelse objekt. It might be stretching it a bit to make
216 some of these variants represent crypto-signatures useful for
217 verifying the document integrity instead of representing the dokument
220 <p
>Using the source of the service in formatDetaljer allow several
221 timestamping services to be used. This is useful to spread the risk
222 of key compromise over several organisations. It would only be a
223 problem to trust the timestamps if all of the organisations are
224 compromised.
</p
>
226 <p
>The following oneliner on Linux can be used to generate the tsr
227 file. $input is the path to the file to checksum, and $sha256 is the
228 SHA-
256 checksum of the file (ie the
"<sjekksum
>.tsr
" value mentioned
231 <p
><blockquote
><pre
>
232 openssl ts -query -data
"$inputfile
" -cert -sha256 -no_nonce \
233 | curl -s -H
"Content-Type: application/timestamp-query
" \
234 --data-binary
"@-
" http://zeitstempel.dfn.de
> $sha256.tsr
235 </pre
></blockquote
></p
>
237 <p
>To verify the timestamp, you first need to download the public key
238 of the trusted timestamp service, for example using this command:
</p
>
240 <p
><blockquote
><pre
>
241 wget -O ca-cert.txt \
242 https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
243 </pre
></blockquote
></p
>
245 <p
>Note, the public key should be stored alongside the timestamps in
246 the archive to make sure it is also available
100 years from now. It
247 is probably a good idea to standardise how and were to store such
248 public keys, to make it easier to find for those trying to verify
249 documents
100 or
1000 years from now. :)
</p
>
251 <p
>The verification itself is a simple openssl command:
</p
>
253 <p
><blockquote
><pre
>
254 openssl ts -verify -data $inputfile -in $sha256.tsr \
255 -CAfile ca-cert.txt -text
256 </pre
></blockquote
></p
>
258 <p
>Is there any reason this approach would not work? Is it somehow against
259 the Noark
5 specification?
</p
>
264 <title>Når nynorskoversettelsen svikter til eksamen...
</title>
265 <link>http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html
</link>
266 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html
</guid>
267 <pubDate>Sat,
3 Jun
2017 08:
20:
00 +
0200</pubDate>
268 <description><p
><a href=
"http://www.aftenposten.no/norge/Krever-at-elever-ma-fa-annullert-eksamen-etter-rot-med-oppgavetekster-
622459b.html
">Aftenposten
269 melder i dag
</a
> om feil i eksamensoppgavene for eksamen i politikk og
270 menneskerettigheter, der teksten i bokmåls og nynorskutgaven ikke var
271 like. Oppgaveteksten er gjengitt i artikkelen, og jeg ble nysgjerring
272 på om den fri oversetterløsningen
273 <a href=
"https://www.apertium.org/
">Apertium
</a
> ville gjort en bedre
274 jobb enn Utdanningsdirektoratet. Det kan se slik ut.
</p
>
276 <p
>Her er bokmålsoppgaven fra eksamenen:
</p
>
279 <p
>Drøft utfordringene knyttet til nasjonalstatenes og andre aktørers
280 rolle og muligheter til å håndtere internasjonale utfordringer, som
281 for eksempel flykningekrisen.
</p
>
283 <p
>Vedlegge er eksempler på tekster som kan gi relevante perspektiver
286 <li
>Flykningeregnskapet
2016, UNHCR og IDMC
287 <li
>«Grenseløst Europa for fall» A-Magasinet,
26. november
2015
292 <p
>Dette oversetter Apertium slik:
</p
>
295 <p
>Drøft utfordringane knytte til nasjonalstatane sine og rolla til
296 andre aktørar og høve til å handtera internasjonale utfordringar, som
297 til dømes *flykningekrisen.
</p
>
299 <p
>Vedleggja er døme på tekster som kan gje relevante perspektiv på
303 <li
>*Flykningeregnskapet
2016, *UNHCR og *IDMC
</li
>
304 <li
>«*Grenseløst Europa for fall» A-Magasinet,
26. november
2015</li
>
309 <p
>Ord som ikke ble forstått er markert med stjerne (*), og trenger
310 ekstra språksjekk. Men ingen ord er forsvunnet, slik det var i
311 oppgaven elevene fikk presentert på eksamen. Jeg mistenker dog at
312 "andre aktørers rolle og muligheter til ...
" burde vært oversatt til
313 "rolla til andre aktørar og deira høve til ...
" eller noe slikt, men
314 det er kanskje flisespikking. Det understreker vel bare at det alltid
315 trengs korrekturlesning etter automatisk oversettelse.
</p
>
320 <title>Epost inn som arkivformat i Riksarkivarens forskrift?
</title>
321 <link>http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html
</link>
322 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html
</guid>
323 <pubDate>Thu,
27 Apr
2017 11:
30:
00 +
0200</pubDate>
324 <description><p
>I disse dager, med frist
1. mai, har Riksarkivaren ute en høring på
325 sin forskrift. Som en kan se er det ikke mye tid igjen før fristen
326 som går ut på søndag. Denne forskriften er det som lister opp hvilke
327 formater det er greit å arkivere i
328 <a href=
"http://www.arkivverket.no/arkivverket/Offentleg-forvalting/Noark/Noark-
5">Noark
329 5-løsninger
</a
> i Norge.
</p
>
331 <p
>Jeg fant høringsdokumentene hos
332 <a href=
"https://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing
">Norsk
333 Arkivråd
</a
> etter å ha blitt tipset på epostlisten til
334 <a href=
"https://github.com/hiOA-ABI/nikita-noark5-core
">fri
335 programvareprosjektet Nikita Noark5-Core
</a
>, som lager et Noark
5
336 Tjenestegresesnitt. Jeg er involvert i Nikita-prosjektet og takket
337 være min interesse for tjenestegrensesnittsprosjektet har jeg lest en
338 god del Noark
5-relaterte dokumenter, og til min overraskelse oppdaget
339 at standard epost ikke er på listen over godkjente formater som kan
340 arkiveres. Høringen med frist søndag er en glimrende mulighet til å
341 forsøke å gjøre noe med det. Jeg holder på med
342 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/hoering-arkivforskrift.tex
">egen
343 høringsuttalelse
</a
>, og lurer på om andre er interessert i å støtte
344 forslaget om å tillate arkivering av epost som epost i arkivet.
</p
>
346 <p
>Er du igang med å skrive egen høringsuttalelse allerede? I så fall
347 kan du jo vurdere å ta med en formulering om epost-lagring. Jeg tror
348 ikke det trengs så mye. Her et kort forslag til tekst:
</p
>
350 <p
><blockquote
>
352 <p
>Viser til høring sendt ut
2017-
02-
17 (Riksarkivarens referanse
353 2016/
9840 HELHJO), og tillater oss å sende inn noen innspill om
354 revisjon av Forskrift om utfyllende tekniske og arkivfaglige
355 bestemmelser om behandling av offentlige arkiver (Riksarkivarens
356 forskrift).
</p
>
358 <p
>Svært mye av vår kommuikasjon foregår i dag på e-post. Vi
359 foreslår derfor at Internett-e-post, slik det er beskrevet i IETF
361 <a href=
"https://tools.ietf.org/html/rfc5322
">https://tools.ietf.org/html/rfc5322
</a
>. bør
362 inn som godkjent dokumentformat. Vi foreslår at forskriftens
363 oversikt over godkjente dokumentformater ved innlevering i §
5-
16
364 endres til å ta med Internett-e-post.
</p
>
366 </blockquote
></p
>
368 <p
>Som del av arbeidet med tjenestegrensesnitt har vi testet hvordan
369 epost kan lagres i en Noark
5-struktur, og holder på å skrive et
370 forslag om hvordan dette kan gjøres som vil bli sendt over til
371 arkivverket så snart det er ferdig. De som er interesserte kan
372 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/epostlagring.md
">følge
373 fremdriften på web
</a
>.
</p
>
375 <p
>Oppdatering
2017-
04-
28: I dag ble høringuttalelsen jeg skrev
376 <a href=
"https://www.nuug.no/news/NUUGs_h_ringuttalelse_til_Riksarkivarens_forskrift.shtml
">sendt
377 inn av foreningen NUUG
</a
>.
</p
>
382 <title>Offentlig elektronisk postjournal blokkerer tilgang for utvalgte webklienter
</title>
383 <link>http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html
</link>
384 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html
</guid>
385 <pubDate>Thu,
20 Apr
2017 13:
00:
00 +
0200</pubDate>
386 <description><p
>Jeg oppdaget i dag at
<a href=
"https://www.oep.no/
">nettstedet som
387 publiserer offentlige postjournaler fra statlige etater
</a
>, OEP, har
388 begynt å blokkerer enkelte typer webklienter fra å få tilgang. Vet
389 ikke hvor mange det gjelder, men det gjelder i hvert fall libwww-perl
390 og curl. For å teste selv, kjør følgende:
</p
>
392 <blockquote
><pre
>
393 % curl -v -s https://www.oep.no/pub/report.xhtml?reportId=
3 2>&1 |grep
'< HTTP
'
394 < HTTP/
1.1 404 Not Found
395 % curl -v -s --header
'User-Agent:Opera/
12.0' https://www.oep.no/pub/report.xhtml?reportId=
3 2>&1 |grep
'< HTTP
'
398 </pre
></blockquote
>
400 <p
>Her kan en se at tjenesten gir «
404 Not Found» for curl i
401 standardoppsettet, mens den gir «
200 OK» hvis curl hevder å være Opera
402 versjon
12.0. Offentlig elektronisk postjournal startet blokkeringen
403 2017-
03-
02.
</p
>
405 <p
>Blokkeringen vil gjøre det litt vanskeligere å maskinelt hente
406 informasjon fra oep.no. Kan blokkeringen være gjort for å hindre
407 automatisert innsamling av informasjon fra OEP, slik Pressens
408 Offentlighetsutvalg gjorde for å dokumentere hvordan departementene
410 <a href=
"http://presse.no/dette-mener-np/undergraver-offentlighetsloven/
">rapporten
411 «Slik hindrer departementer innsyn» som ble publiserte i januar
412 2017</a
>. Det virker usannsynlig, da det jo er trivielt å bytte
413 User-Agent til noe nytt.
</p
>
415 <p
>Finnes det juridisk grunnlag for det offentlige å diskriminere
416 webklienter slik det gjøres her? Der tilgang gis eller ikke alt etter
417 hva klienten sier at den heter? Da OEP eies av DIFI og driftes av
418 Basefarm, finnes det kanskje noen dokumenter sendt mellom disse to
419 aktørene man kan be om innsyn i for å forstå hva som har skjedd. Men
420 <a href=
"https://www.oep.no/search/result.html?period=dateRange
&fromDate=
01.01.2016&toDate=
01.04.2017&dateType=documentDate
&caseDescription=
&descType=both
&caseNumber=
&documentNumber=
&sender=basefarm
&senderType=both
&documentType=all
&legalAuthority=
&archiveCode=
&list2=
196&searchType=advanced
&Search=Search+in+records
">postjournalen
421 til DIFI viser kun to dokumenter
</a
> det siste året mellom DIFI og
423 <a href=
"https://www.mimesbronn.no/request/blokkering_av_tilgang_til_oep_fo
">Mimes brønn neste
</a
>,
424 tenker jeg.
</p
>
429 <title>Free software archive system Nikita now able to store documents
</title>
430 <link>http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html
</link>
431 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html
</guid>
432 <pubDate>Sun,
19 Mar
2017 08:
00:
00 +
0100</pubDate>
433 <description><p
>The
<a href=
"https://github.com/hiOA-ABI/nikita-noark5-core
">Nikita
434 Noark
5 core project
</a
> is implementing the Norwegian standard for
435 keeping an electronic archive of government documents.
436 <a href=
"http://www.arkivverket.no/arkivverket/Offentlig-forvaltning/Noark/Noark-
5/English-version
">The
437 Noark
5 standard
</a
> document the requirement for data systems used by
438 the archives in the Norwegian government, and the Noark
5 web interface
439 specification document a REST web service for storing, searching and
440 retrieving documents and metadata in such archive. I
've been involved
441 in the project since a few weeks before Christmas, when the Norwegian
443 <a href=
"https://www.nuug.no/news/NOARK5_kjerne_som_fri_programvare_f_r_epostliste_hos_NUUG.shtml
">announced
444 it supported the project
</a
>. I believe this is an important project,
445 and hope it can make it possible for the government archives in the
446 future to use free software to keep the archives we citizens depend
447 on. But as I do not hold such archive myself, personally my first use
448 case is to store and analyse public mail journal metadata published
449 from the government. I find it useful to have a clear use case in
450 mind when developing, to make sure the system scratches one of my
453 <p
>If you would like to help make sure there is a free software
454 alternatives for the archives, please join our IRC channel
455 (
<a href=
"irc://irc.freenode.net/%
23nikita
"">#nikita on
456 irc.freenode.net
</a
>) and
457 <a href=
"https://lists.nuug.no/mailman/listinfo/nikita-noark
">the
458 project mailing list
</a
>.
</p
>
460 <p
>When I got involved, the web service could store metadata about
461 documents. But a few weeks ago, a new milestone was reached when it
462 became possible to store full text documents too. Yesterday, I
463 completed an implementation of a command line tool
464 <tt
>archive-pdf
</tt
> to upload a PDF file to the archive using this
465 API. The tool is very simple at the moment, and find existing
466 <a href=
"https://en.wikipedia.org/wiki/Fonds
">fonds
</a
>, series and
467 files while asking the user to select which one to use if more than
468 one exist. Once a file is identified, the PDF is associated with the
469 file and uploaded, using the title extracted from the PDF itself. The
470 process is fairly similar to visiting the archive, opening a cabinet,
471 locating a file and storing a piece of paper in the archive. Here is
472 a test run directly after populating the database with test data using
473 our API tester:
</p
>
475 <p
><blockquote
><pre
>
476 ~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf
477 using arkiv: Title of the test fonds created
2017-
03-
18T23:
49:
32.103446
478 using arkivdel: Title of the test series created
2017-
03-
18T23:
49:
32.103446
480 0 - Title of the test case file created
2017-
03-
18T23:
49:
32.103446
481 1 - Title of the test file created
2017-
03-
18T23:
49:
32.103446
482 Select which mappe you want (or search term):
0
483 Uploading mangelmelding/mangler.pdf
484 PDF title: Mangler i spesifikasjonsdokumentet for NOARK
5 Tjenestegrensesnitt
485 File
2017/
1: Title of the test case file created
2017-
03-
18T23:
49:
32.103446
486 ~/src//noark5-tester$
487 </pre
></blockquote
></p
>
489 <p
>You can see here how the fonds (arkiv) and serie (arkivdel) only had
490 one option, while the user need to choose which file (mappe) to use
491 among the two created by the API tester. The
<tt
>archive-pdf
</tt
>
492 tool can be found in the git repository for the API tester.
</p
>
494 <p
>In the project, I have been mostly working on
495 <a href=
"https://github.com/petterreinholdtsen/noark5-tester
">the API
496 tester
</a
> so far, while getting to know the code base. The API
498 <a href=
"https://en.wikipedia.org/wiki/HATEOAS
">the HATEOAS links
</a
>
499 to traverse the entire exposed service API and verify that the exposed
500 operations and objects match the specification, as well as trying to
501 create objects holding metadata and uploading a simple XML file to
502 store. The tester has proved very useful for finding flaws in our
503 implementation, as well as flaws in the reference site and the
504 specification.
</p
>
506 <p
>The test document I uploaded is a summary of all the specification
507 defects we have collected so far while implementing the web service.
508 There are several unclear and conflicting parts of the specification,
510 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/tree/master/mangelmelding
">started
511 writing down
</a
> the questions we get from implementing it. We use a
512 format inspired by how
<a href=
"http://www.opengroup.org/austin/
">The
513 Austin Group
</a
> collect defect reports for the POSIX standard with
514 <a href=
"http://www.opengroup.org/austin/mantis.html
">their
515 instructions for the MANTIS defect tracker system
</a
>, in lack of an official way to structure defect reports for Noark
5 (our first submitted defect report was a
<a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/mangelmelding/sendt/
2017-
03-
15-mangel-prosess.md
">request for a procedure for submitting defect reports
</a
> :).
517 <p
>The Nikita project is implemented using Java and Spring, and is
518 fairly easy to get up and running using Docker containers for those
519 that want to test the current code base. The API tester is
520 implemented in Python.
</p
>
525 <title>Detecting NFS hangs on Linux without hanging yourself...
</title>
526 <link>http://people.skolelinux.org/pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html
</link>
527 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html
</guid>
528 <pubDate>Thu,
9 Mar
2017 15:
20:
00 +
0100</pubDate>
529 <description><p
>Over the years, administrating thousand of NFS mounting linux
530 computers at the time, I often needed a way to detect if the machine
531 was experiencing NFS hang. If you try to use
<tt
>df
</tt
> or look at a
532 file or directory affected by the hang, the process (and possibly the
533 shell) will hang too. So you want to be able to detect this without
534 risking the detection process getting stuck too. It has not been
535 obvious how to do this. When the hang has lasted a while, it is
536 possible to find messages like these in dmesg:
</p
>
538 <p
><blockquote
>
539 nfs: server nfsserver not responding, still trying
540 <br
>nfs: server nfsserver OK
541 </blockquote
></p
>
543 <p
>It is hard to know if the hang is still going on, and it is hard to
544 be sure looking in dmesg is going to work. If there are lots of other
545 messages in dmesg the lines might have rotated out of site before they
546 are noticed.
</p
>
548 <p
>While reading through the nfs client implementation in linux kernel
549 code, I came across some statistics that seem to give a way to detect
550 it. The om_timeouts sunrpc value in the kernel will increase every
551 time the above log entry is inserted into dmesg. And after digging a
552 bit further, I discovered that this value show up in
553 /proc/self/mountstats on Linux.
</p
>
555 <p
>The mountstats content seem to be shared between files using the
556 same file system context, so it is enough to check one of the
557 mountstats files to get the state of the mount point for the machine.
558 I assume this will not show lazy umounted NFS points, nor NFS mount
559 points in a different process context (ie with a different filesystem
560 view), but that does not worry me.
</p
>
562 <p
>The content for a NFS mount point look similar to this:
</p
>
564 <p
><blockquote
><pre
>
566 device /dev/mapper/Debian-var mounted on /var with fstype ext3
567 device nfsserver:/mnt/nfsserver/home0 mounted on /mnt/nfsserver/home0 with fstype nfs statvers=
1.1
568 opts: rw,vers=
3,rsize=
65536,wsize=
65536,namlen=
255,acregmin=
3,acregmax=
60,acdirmin=
30,acdirmax=
60,soft,nolock,proto=tcp,timeo=
600,retrans=
2,sec=sys,mountaddr=
129.240.3.145,mountvers=
3,mountport=
4048,mountproto=udp,local_lock=all
570 caps: caps=
0x3fe7,wtmult=
4096,dtsize=
8192,bsize=
0,namlen=
255
571 sec: flavor=
1,pseudoflavor=
1
572 events:
61063112 732346265 1028140 35486205 16220064 8162542 761447191 71714012 37189 3891185 45561809 110486139 4850138 420353 15449177 296502 52736725 13523379 0 52182 9016896 1231 0 0 0 0 0
573 bytes:
166253035039 219519120027 0 0 40783504807 185466229638 11677877 45561809
574 RPC iostats version:
1.0 p/v:
100003/
3 (nfs)
575 xprt: tcp
925 1 6810 0 0 111505412 111480497 109 2672418560317 0 248 53869103 22481820
577 NULL:
0 0 0 0 0 0 0 0
578 GETATTR:
61063106 61063108 0 9621383060 6839064400 453650 77291321 78926132
579 SETATTR:
463469 463470 0 92005440 66739536 63787 603235 687943
580 LOOKUP:
17021657 17021657 0 3354097764 4013442928 57216 35125459 35566511
581 ACCESS:
14281703 14290009 5 2318400592 1713803640 1709282 4865144 7130140
582 READLINK:
125 125 0 20472 18620 0 1112 1118
583 READ:
4214236 4214237 0 715608524 41328653212 89884 22622768 22806693
584 WRITE:
8479010 8494376 22 187695798568 1356087148 178264904 51506907 231671771
585 CREATE:
171708 171708 0 38084748 46702272 873 1041833 1050398
586 MKDIR:
3680 3680 0 773980 993920 26 23990 24245
587 SYMLINK:
903 903 0 233428 245488 6 5865 5917
588 MKNOD:
80 80 0 20148 21760 0 299 304
589 REMOVE:
429921 429921 0 79796004 61908192 3313 2710416 2741636
590 RMDIR:
3367 3367 0 645112 484848 22 5782 6002
591 RENAME:
466201 466201 0 130026184 121212260 7075 5935207 5961288
592 LINK:
289155 289155 0 72775556 67083960 2199 2565060 2585579
593 READDIR:
2933237 2933237 0 516506204 13973833412 10385 3190199 3297917
594 READDIRPLUS:
1652839 1652839 0 298640972 6895997744 84735 14307895 14448937
595 FSSTAT:
6144 6144 0 1010516 1032192 51 9654 10022
596 FSINFO:
2 2 0 232 328 0 1 1
597 PATHCONF:
1 1 0 116 140 0 0 0
598 COMMIT:
0 0 0 0 0 0 0 0
600 device binfmt_misc mounted on /proc/sys/fs/binfmt_misc with fstype binfmt_misc
602 </pre
></blockquote
></p
>
604 <p
>The key number to look at is the third number in the per-op list.
605 It is the number of NFS timeouts experiences per file system
606 operation. Here
22 write timeouts and
5 access timeouts. If these
607 numbers are increasing, I believe the machine is experiencing NFS
608 hang. Unfortunately the timeout value do not start to increase right
609 away. The NFS operations need to time out first, and this can take a
610 while. The exact timeout value depend on the setup. For example the
611 defaults for TCP and UDP mount points are quite different, and the
612 timeout value is affected by the soft, hard, timeo and retrans NFS
613 mount options.
</p
>
615 <p
>The only way I have been able to get working on Debian and RedHat
616 Enterprise Linux for getting the timeout count is to peek in /proc/.
618 <ahref=
"http://docs.oracle.com/cd/E19253-
01/
816-
4555/netmonitor-
12/index.html
">Solaris
619 10 System Administration Guide: Network Services
</a
>, the
'nfsstat -c
'
620 command can be used to get these timeout values. But this do not work
621 on Linux, as far as I can tell. I
622 <ahref=
"http://bugs.debian.org/
857043">asked Debian about this
</a
>,
623 but have not seen any replies yet.
</p
>
625 <p
>Is there a better way to figure out if a Linux NFS client is
626 experiencing NFS hangs? Is there a way to detect which processes are
627 affected? Is there a way to get the NFS mount going quickly once the
628 network problem causing the NFS hang has been cleared? I would very
629 much welcome some clues, as we regularly run into NFS hangs.
</p
>
634 <title>How does it feel to be wiretapped, when you should be doing the wiretapping...
</title>
635 <link>http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html
</link>
636 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html
</guid>
637 <pubDate>Wed,
8 Mar
2017 11:
50:
00 +
0100</pubDate>
638 <description><p
>So the new president in the United States of America claim to be
639 surprised to discover that he was wiretapped during the election
640 before he was elected president. He even claim this must be illegal.
641 Well, doh, if it is one thing the confirmations from Snowden
642 documented, it is that the entire population in USA is wiretapped, one
643 way or another. Of course the president candidates were wiretapped,
644 alongside the senators, judges and the rest of the people in USA.
</p
>
646 <p
>Next, the Federal Bureau of Investigation ask the Department of
647 Justice to go public rejecting the claims that Donald Trump was
648 wiretapped illegally. I fail to see the relevance, given that I am
649 sure the surveillance industry in USA believe they have all the legal
650 backing they need to conduct mass surveillance on the entire
653 <p
>There is even the director of the FBI stating that he never saw an
654 order requesting wiretapping of Donald Trump. That is not very
655 surprising, given how the FISA court work, with all its activity being
656 secret. Perhaps he only heard about it?
</p
>
658 <p
>What I find most sad in this story is how Norwegian journalists
659 present it. In a news reports the other day in the radio from the
660 Norwegian National broadcasting Company (NRK), I heard the journalist
661 claim that
'the FBI denies any wiretapping
', while the reality is that
662 'the FBI denies any illegal wiretapping
'. There is a fundamental and
663 important difference, and it make me sad that the journalists are
664 unable to grasp it.
</p
>
666 <p
><strong
>Update
2017-
03-
13:
</strong
> Look like
667 <a href=
"https://theintercept.com/
2017/
03/
13/rand-paul-is-right-nsa-routinely-monitors-americans-communications-without-warrants/
">The
668 Intercept report that US Senator Rand Paul confirm what I state above
</a
>.
</p
>
projects / homepage.git / blob