1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>Free software archive system Nikita now able to store documents
</title>
11 <link>http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html
</guid>
13 <pubDate>Sun,
19 Mar
2017 08:
00:
00 +
0100</pubDate>
14 <description><p
>The
<a href=
"https://github.com/hiOA-ABI/nikita-noark5-core
">Nikita
15 Noark
5 core project
</a
> is implementing the Norwegian standard for
16 keeping an electronic archive of government documents.
17 <a href=
"http://www.arkivverket.no/arkivverket/Offentlig-forvaltning/Noark/Noark-
5/English-version
">The
18 Noark
5 standard
</a
> document the requirement for data systems used by
19 the archives in the Norwegian government, and the Noark
5 web interface
20 specification document a REST web service for storing, searching and
21 retrieving documents and metadata in such archive. I
've been involved
22 in the project since a few weeks before Christmas, when the Norwegian
24 <a href=
"https://www.nuug.no/news/NOARK5_kjerne_som_fri_programvare_f_r_epostliste_hos_NUUG.shtml
">announced
25 it supported the project
</a
>. I believe this is an important project,
26 and hope it can make it possible for the government archives in the
27 future to use free software to keep the archives we citizens depend
28 on. But as I do not hold such archive myself, personally my first use
29 case is to store and analyse public mail journal metadata published
30 from the government. I find it useful to have a clear use case in
31 mind when developing, to make sure the system scratches one of my
34 <p
>If you would like to help make sure there is a free software
35 alternatives for the archives, please join our IRC channel
36 (
<a href=
"irc://irc.freenode.net/%
23nikita
"">#nikita on
37 irc.freenode.net
</a
>) and
38 <a href=
"https://lists.nuug.no/mailman/listinfo/nikita-noark
">the
39 project mailing list
</a
>.
</p
>
41 <p
>When I got involved, the web service could store metadata about
42 documents. But a few weeks ago, a new milestone was reached when it
43 became possible to store full text documents too. Yesterday, I
44 completed an implementation of a command line tool
45 <tt
>archive-pdf
</tt
> to upload a PDF file to the archive using this
46 API. The tool is very simple at the moment, and find existing
47 <a href=
"https://en.wikipedia.org/wiki/Fonds
">fonds
</a
>, series and
48 files while asking the user to select which one to use if more than
49 one exist. Once a file is identified, the PDF is associated with the
50 file and uploaded, using the title extracted from the PDF itself. The
51 process is fairly similar to visiting the archive, opening a cabinet,
52 locating a file and storing a piece of paper in the archive. Here is
53 a test run directly after populating the database with test data using
54 our API tester:
</p
>
56 <p
><blockquote
><pre
>
57 ~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf
58 using arkiv: Title of the test fonds created
2017-
03-
18T23:
49:
32.103446
59 using arkivdel: Title of the test series created
2017-
03-
18T23:
49:
32.103446
61 0 - Title of the test case file created
2017-
03-
18T23:
49:
32.103446
62 1 - Title of the test file created
2017-
03-
18T23:
49:
32.103446
63 Select which mappe you want (or search term):
0
64 Uploading mangelmelding/mangler.pdf
65 PDF title: Mangler i spesifikasjonsdokumentet for NOARK
5 Tjenestegrensesnitt
66 File
2017/
1: Title of the test case file created
2017-
03-
18T23:
49:
32.103446
68 </pre
></blockquote
></p
>
70 <p
>You can see here how the fonds (arkiv) and serie (arkivdel) only had
71 one option, while the user need to choose which file (mappe) to use
72 among the two created by the API tester. The
<tt
>archive-pdf
</tt
>
73 tool can be found in the git repository for the API tester.
</p
>
75 <p
>In the project, I have been mostly working on
76 <a href=
"https://github.com/petterreinholdtsen/noark5-tester
">the API
77 tester
</a
> so far, while getting to know the code base. The API
79 <a href=
"https://en.wikipedia.org/wiki/HATEOAS
">the HATEOAS links
</a
>
80 to traverse the entire exposed service API and verify that the exposed
81 operations and objects match the specification, as well as trying to
82 create objects holding metadata and uploading a simple XML file to
83 store. The tester has proved very useful for finding flaws in our
84 implementation, as well as flaws in the reference site and the
85 specification.
</p
>
87 <p
>The test document I uploaded is a summary of all the specification
88 defects we have collected so far while implementing the web service.
89 There are several unclear and conflicting parts of the specification,
91 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/tree/master/mangelmelding
">started
92 writing down
</a
> the questions we get from implementing it. We use a
93 format inspired by how
<a href=
"http://www.opengroup.org/austin/
">The
94 Austin Group
</a
> collect defect reports for the POSIX standard with
95 <a href=
"http://www.opengroup.org/austin/mantis.html
">their
96 instructions for the MANTIS defect tracker system
</a
>, in lack of an official way to structure defect reports for Noark
5 (our first submitted defect report was a
<a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/mangelmelding/sendt/
2017-
03-
15-mangel-prosess.md
">request for a procedure for submitting defect reports
</a
> :).
98 <p
>The Nikita project is implemented using Java and Spring, and is
99 fairly easy to get up and running using Docker containers for those
100 that want to test the current code base. The API tester is
101 implemented in Python.
</p
>
106 <title>Detecting NFS hangs on Linux without hanging yourself...
</title>
107 <link>http://people.skolelinux.org/pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html
</link>
108 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html
</guid>
109 <pubDate>Thu,
9 Mar
2017 15:
20:
00 +
0100</pubDate>
110 <description><p
>Over the years, administrating thousand of NFS mounting linux
111 computers at the time, I often needed a way to detect if the machine
112 was experiencing NFS hang. If you try to use
<tt
>df
</tt
> or look at a
113 file or directory affected by the hang, the process (and possibly the
114 shell) will hang too. So you want to be able to detect this without
115 risking the detection process getting stuck too. It has not been
116 obvious how to do this. When the hang has lasted a while, it is
117 possible to find messages like these in dmesg:
</p
>
119 <p
><blockquote
>
120 nfs: server nfsserver not responding, still trying
121 <br
>nfs: server nfsserver OK
122 </blockquote
></p
>
124 <p
>It is hard to know if the hang is still going on, and it is hard to
125 be sure looking in dmesg is going to work. If there are lots of other
126 messages in dmesg the lines might have rotated out of site before they
127 are noticed.
</p
>
129 <p
>While reading through the nfs client implementation in linux kernel
130 code, I came across some statistics that seem to give a way to detect
131 it. The om_timeouts sunrpc value in the kernel will increase every
132 time the above log entry is inserted into dmesg. And after digging a
133 bit further, I discovered that this value show up in
134 /proc/self/mountstats on Linux.
</p
>
136 <p
>The mountstats content seem to be shared between files using the
137 same file system context, so it is enough to check one of the
138 mountstats files to get the state of the mount point for the machine.
139 I assume this will not show lazy umounted NFS points, nor NFS mount
140 points in a different process context (ie with a different filesystem
141 view), but that does not worry me.
</p
>
143 <p
>The content for a NFS mount point look similar to this:
</p
>
145 <p
><blockquote
><pre
>
147 device /dev/mapper/Debian-var mounted on /var with fstype ext3
148 device nfsserver:/mnt/nfsserver/home0 mounted on /mnt/nfsserver/home0 with fstype nfs statvers=
1.1
149 opts: rw,vers=
3,rsize=
65536,wsize=
65536,namlen=
255,acregmin=
3,acregmax=
60,acdirmin=
30,acdirmax=
60,soft,nolock,proto=tcp,timeo=
600,retrans=
2,sec=sys,mountaddr=
129.240.3.145,mountvers=
3,mountport=
4048,mountproto=udp,local_lock=all
151 caps: caps=
0x3fe7,wtmult=
4096,dtsize=
8192,bsize=
0,namlen=
255
152 sec: flavor=
1,pseudoflavor=
1
153 events:
61063112 732346265 1028140 35486205 16220064 8162542 761447191 71714012 37189 3891185 45561809 110486139 4850138 420353 15449177 296502 52736725 13523379 0 52182 9016896 1231 0 0 0 0 0
154 bytes:
166253035039 219519120027 0 0 40783504807 185466229638 11677877 45561809
155 RPC iostats version:
1.0 p/v:
100003/
3 (nfs)
156 xprt: tcp
925 1 6810 0 0 111505412 111480497 109 2672418560317 0 248 53869103 22481820
158 NULL:
0 0 0 0 0 0 0 0
159 GETATTR:
61063106 61063108 0 9621383060 6839064400 453650 77291321 78926132
160 SETATTR:
463469 463470 0 92005440 66739536 63787 603235 687943
161 LOOKUP:
17021657 17021657 0 3354097764 4013442928 57216 35125459 35566511
162 ACCESS:
14281703 14290009 5 2318400592 1713803640 1709282 4865144 7130140
163 READLINK:
125 125 0 20472 18620 0 1112 1118
164 READ:
4214236 4214237 0 715608524 41328653212 89884 22622768 22806693
165 WRITE:
8479010 8494376 22 187695798568 1356087148 178264904 51506907 231671771
166 CREATE:
171708 171708 0 38084748 46702272 873 1041833 1050398
167 MKDIR:
3680 3680 0 773980 993920 26 23990 24245
168 SYMLINK:
903 903 0 233428 245488 6 5865 5917
169 MKNOD:
80 80 0 20148 21760 0 299 304
170 REMOVE:
429921 429921 0 79796004 61908192 3313 2710416 2741636
171 RMDIR:
3367 3367 0 645112 484848 22 5782 6002
172 RENAME:
466201 466201 0 130026184 121212260 7075 5935207 5961288
173 LINK:
289155 289155 0 72775556 67083960 2199 2565060 2585579
174 READDIR:
2933237 2933237 0 516506204 13973833412 10385 3190199 3297917
175 READDIRPLUS:
1652839 1652839 0 298640972 6895997744 84735 14307895 14448937
176 FSSTAT:
6144 6144 0 1010516 1032192 51 9654 10022
177 FSINFO:
2 2 0 232 328 0 1 1
178 PATHCONF:
1 1 0 116 140 0 0 0
179 COMMIT:
0 0 0 0 0 0 0 0
181 device binfmt_misc mounted on /proc/sys/fs/binfmt_misc with fstype binfmt_misc
183 </pre
></blockquote
></p
>
185 <p
>The key number to look at is the third number in the per-op list.
186 It is the number of NFS timeouts experiences per file system
187 operation. Here
22 write timeouts and
5 access timeouts. If these
188 numbers are increasing, I believe the machine is experiencing NFS
189 hang. Unfortunately the timeout value do not start to increase right
190 away. The NFS operations need to time out first, and this can take a
191 while. The exact timeout value depend on the setup. For example the
192 defaults for TCP and UDP mount points are quite different, and the
193 timeout value is affected by the soft, hard, timeo and retrans NFS
194 mount options.
</p
>
196 <p
>The only way I have been able to get working on Debian and RedHat
197 Enterprise Linux for getting the timeout count is to peek in /proc/.
199 <ahref=
"http://docs.oracle.com/cd/E19253-
01/
816-
4555/netmonitor-
12/index.html
">Solaris
200 10 System Administration Guide: Network Services
</a
>, the
'nfsstat -c
'
201 command can be used to get these timeout values. But this do not work
202 on Linux, as far as I can tell. I
203 <ahref=
"http://bugs.debian.org/
857043">asked Debian about this
</a
>,
204 but have not seen any replies yet.
</p
>
206 <p
>Is there a better way to figure out if a Linux NFS client is
207 experiencing NFS hangs? Is there a way to detect which processes are
208 affected? Is there a way to get the NFS mount going quickly once the
209 network problem causing the NFS hang has been cleared? I would very
210 much welcome some clues, as we regularly run into NFS hangs.
</p
>
215 <title>How does it feel to be wiretapped, when you should be doing the wiretapping...
</title>
216 <link>http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html
</link>
217 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html
</guid>
218 <pubDate>Wed,
8 Mar
2017 11:
50:
00 +
0100</pubDate>
219 <description><p
>So the new president in the United States of America claim to be
220 surprised to discover that he was wiretapped during the election
221 before he was elected president. He even claim this must be illegal.
222 Well, doh, if it is one thing the confirmations from Snowden
223 documented, it is that the entire population in USA is wiretapped, one
224 way or another. Of course the president candidates were wiretapped,
225 alongside the senators, judges and the rest of the people in USA.
</p
>
227 <p
>Next, the Federal Bureau of Investigation ask the Department of
228 Justice to go public rejecting the claims that Donald Trump was
229 wiretapped illegally. I fail to see the relevance, given that I am
230 sure the surveillance industry in USA believe they have all the legal
231 backing they need to conduct mass surveillance on the entire
234 <p
>There is even the director of the FBI stating that he never saw an
235 order requesting wiretapping of Donald Trump. That is not very
236 surprising, given how the FISA court work, with all its activity being
237 secret. Perhaps he only heard about it?
</p
>
239 <p
>What I find most sad in this story is how Norwegian journalists
240 present it. In a news reports the other day in the radio from the
241 Norwegian National broadcasting Company (NRK), I heard the journalist
242 claim that
'the FBI denies any wiretapping
', while the reality is that
243 'the FBI denies any illegal wiretapping
'. There is a fundamental and
244 important difference, and it make me sad that the journalists are
245 unable to grasp it.
</p
>
247 <p
><strong
>Update
2017-
03-
13:
</strong
> Look like
248 <a href=
"https://theintercept.com/
2017/
03/
13/rand-paul-is-right-nsa-routinely-monitors-americans-communications-without-warrants/
">The
249 Intercept report that US Senator Rand Paul confirm what I state above
</a
>.
</p
>
254 <title>Norwegian Bokmål translation of The Debian Administrator
's Handbook complete, proofreading in progress
</title>
255 <link>http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html
</link>
256 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html
</guid>
257 <pubDate>Fri,
3 Mar
2017 14:
50:
00 +
0100</pubDate>
258 <description><p
>For almost a year now, we have been working on making a Norwegian
259 Bokmål edition of
<a href=
"https://debian-handbook.info/
">The Debian
260 Administrator
's Handbook
</a
>. Now, thanks to the tireless effort of
261 Ole-Erik, Ingrid and Andreas, the initial translation is complete, and
262 we are working on the proof reading to ensure consistent language and
263 use of correct computer science terms. The plan is to make the book
264 available on paper, as well as in electronic form. For that to
265 happen, the proof reading must be completed and all the figures need
266 to be translated. If you want to help out, get in touch.
</p
>
268 <p
><a href=
"http://people.skolelinux.org/pere/debian-handbook/debian-handbook-nb-NO.pdf
">A
270 fresh PDF edition
</a
> in A4 format (the final book will have smaller
271 pages) of the book created every morning is available for
272 proofreading. If you find any errors, please
273 <a href=
"https://hosted.weblate.org/projects/debian-handbook/
">visit
274 Weblate and correct the error
</a
>. The
275 <a href=
"http://l.github.io/debian-handbook/stat/nb-NO/index.html
">state
276 of the translation including figures
</a
> is a useful source for those
277 provide Norwegian bokmål screen shots and figures.
</p
>
282 <title>Unlimited randomness with the ChaosKey?
</title>
283 <link>http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html
</link>
284 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html
</guid>
285 <pubDate>Wed,
1 Mar
2017 20:
50:
00 +
0100</pubDate>
286 <description><p
>A few days ago I ordered a small batch of
287 <a href=
"http://altusmetrum.org/ChaosKey/
">the ChaosKey
</a
>, a small
288 USB dongle for generating entropy created by Bdale Garbee and Keith
289 Packard. Yesterday it arrived, and I am very happy to report that it
290 work great! According to its designers, to get it to work out of the
291 box, you need the Linux kernel version
4.1 or later. I tested on a
292 Debian Stretch machine (kernel version
4.9), and there it worked just
293 fine, increasing the available entropy very quickly. I wrote a small
294 test oneliner to test. It first print the current entropy level,
295 drain /dev/random, and then print the entropy level for five seconds.
296 Here is the situation without the ChaosKey inserted:
</p
>
298 <blockquote
><pre
>
299 % cat /proc/sys/kernel/random/entropy_avail; \
300 dd bs=
1M if=/dev/random of=/dev/null count=
1; \
301 for n in $(seq
1 5); do \
302 cat /proc/sys/kernel/random/entropy_avail; \
308 28 byte kopiert,
0,
000264565 s,
106 kB/s
315 </pre
></blockquote
>
317 <p
>The entropy level increases by
3-
4 every second. In such case any
318 application requiring random bits (like a HTTPS enabled web server)
319 will halt and wait for more entrpy. And here is the situation with
320 the ChaosKey inserted:
</p
>
322 <blockquote
><pre
>
323 % cat /proc/sys/kernel/random/entropy_avail; \
324 dd bs=
1M if=/dev/random of=/dev/null count=
1; \
325 for n in $(seq
1 5); do \
326 cat /proc/sys/kernel/random/entropy_avail; \
332 104 byte kopiert,
0,
000487647 s,
213 kB/s
339 </pre
></blockquote
>
341 <p
>Quite the difference. :) I bought a few more than I need, in case
342 someone want to buy one here in Norway. :)
</p
>
344 <p
>Update: The dongle was presented at Debconf last year. You might
345 find
<a href=
"https://debconf16.debconf.org/talks/
94/
">the talk
346 recording illuminating
</a
>. It explains exactly what the source of
347 randomness is, if you are unable to spot it from the schema drawing
348 available from the ChaosKey web site linked at the start of this blog
354 <title>Detect OOXML files with undefined behaviour?
</title>
355 <link>http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html
</link>
356 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html
</guid>
357 <pubDate>Tue,
21 Feb
2017 00:
20:
00 +
0100</pubDate>
358 <description><p
>I just noticed
359 <a href=
"http://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing
">the
360 new Norwegian proposal for archiving rules in the goverment
</a
> list
361 <a href=
"http://www.ecma-international.org/publications/standards/Ecma-
376.htm
">ECMA-
376</a
>
362 / ISO/IEC
29500 (aka OOXML) as valid formats to put in long term
363 storage. Luckily such files will only be accepted based on
364 pre-approval from the National Archive. Allowing OOXML files to be
365 used for long term storage might seem like a good idea as long as we
366 forget that there are plenty of ways for a
"valid
" OOXML document to
367 have content with no defined interpretation in the standard, which
368 lead to a question and an idea.
</p
>
370 <p
>Is there any tool to detect if a OOXML document depend on such
371 undefined behaviour? It would be useful for the National Archive (and
372 anyone else interested in verifying that a document is well defined)
373 to have such tool available when considering to approve the use of
374 OOXML. I
'm aware of the
375 <a href=
"https://github.com/arlm/officeotron/
">officeotron OOXML
376 validator
</a
>, but do not know how complete it is nor if it will
377 report use of undefined behaviour. Are there other similar tools
378 available? Please send me an email if you know of any such tool.
</p
>
383 <title>Ruling ignored our objections to the seizure of popcorn-time.no (#domstolkontroll)
</title>
384 <link>http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html
</link>
385 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html
</guid>
386 <pubDate>Mon,
13 Feb
2017 21:
30:
00 +
0100</pubDate>
387 <description><p
>A few days ago, we received the ruling from
388 <a href=
"http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
">my
389 day in court
</a
>. The case in question is a challenge of the seizure
390 of the DNS domain popcorn-time.no. The ruling simply did not mention
391 most of our arguments, and seemed to take everything ØKOKRIM said at
392 face value, ignoring our demonstration and explanations. But it is
393 hard to tell for sure, as we still have not seen most of the documents
394 in the case and thus were unprepared and unable to contradict several
395 of the claims made in court by the opposition. We are considering an
396 appeal, but it is partly a question of funding, as it is costing us
397 quite a bit to pay for our lawyer. If you want to help, please
398 <a href=
"http://www.nuug.no/dns-beslag-donasjon.shtml
">donate to the
399 NUUG defense fund
</a
>.
</p
>
401 <p
>The details of the case, as far as we know it, is available in
403 <a href=
"https://www.nuug.no/news/tags/dns-domenebeslag/
">the NUUG
404 blog
</a
>. This also include
405 <a href=
"https://www.nuug.no/news/Avslag_etter_rettslig_h_ring_om_DNS_beslaget___vurderer_veien_videre.shtml
">the
406 ruling itself
</a
>.
</p
>
411 <title>A day in court challenging seizure of popcorn-time.no for #domstolkontroll
</title>
412 <link>http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
</link>
413 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
</guid>
414 <pubDate>Fri,
3 Feb
2017 11:
10:
00 +
0100</pubDate>
415 <description><p align=
"center
"><img width=
"70%
" src=
"http://people.skolelinux.org/pere/blog/images/
2017-
02-
01-popcorn-time-in-court.jpeg
"></p
>
417 <p
>On Wednesday, I spent the entire day in court in Follo Tingrett
418 representing
<a href=
"https://www.nuug.no/
">the member association
419 NUUG
</a
>, alongside
<a href=
"https://www.efn.no/
">the member
420 association EFN
</a
> and
<a href=
"http://www.imc.no
">the DNS registrar
421 IMC
</a
>, challenging the seizure of the DNS name popcorn-time.no. It
422 was interesting to sit in a court of law for the first time in my
423 life. Our team can be seen in the picture above: attorney Ola
424 Tellesbø, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil
425 Eriksen and NUUG board member Petter Reinholdtsen.
</p
>
427 <p
><a href=
"http://www.domstol.no/no/Enkelt-domstol/follo-tingrett/Nar-gar-rettssaken/Beramming/?cid=AAAA1701301512081262234UJFBVEZZZZZEJBAvtale
">The
428 case at hand
</a
> is that the Norwegian National Authority for
429 Investigation and Prosecution of Economic and Environmental Crime (aka
430 Økokrim) decided on their own, to seize a DNS domain early last
431 year, without following
432 <a href=
"https://www.norid.no/no/regelverk/navnepolitikk/#link12
">the
433 official policy of the Norwegian DNS authority
</a
> which require a
434 court decision. The web site in question was a site covering Popcorn
435 Time. And Popcorn Time is the name of a technology with both legal
436 and illegal applications. Popcorn Time is a client combining
437 searching a Bittorrent directory available on the Internet with
438 downloading/distribute content via Bittorrent and playing the
439 downloaded content on screen. It can be used illegally if it is used
440 to distribute content against the will of the right holder, but it can
441 also be used legally to play a lot of content, for example the
443 <a href=
"https://archive.org/details/movies
">available from the
444 Internet Archive
</a
> or the collection
445 <a href=
"http://vodo.net/films/
">available from Vodo
</a
>. We created
446 <a href=
"magnet:?xt=urn:btih:
86c1802af5a667ca56d3918aecb7d3c0f7173084
&dn=PresentasjonFolloTingrett.mov
&tr=udp%
3A%
2F%
2Fpublic.popcorn-tracker.org%
3A6969%
2Fannounce
">a
447 video demonstrating legally use of Popcorn Time
</a
> and played it in
448 Court. It can of course be downloaded using Bittorrent.
</p
>
450 <p
>I did not quite know what to expect from a day in court. The
451 government held on to their version of the story and we held on to
452 ours, and I hope the judge is able to make sense of it all. We will
453 know in two weeks time. Unfortunately I do not have high hopes, as
454 the Government have the upper hand here with more knowledge about the
455 case, better training in handling criminal law and in general higher
456 standing in the courts than fairly unknown DNS registrar and member
457 associations. It is expensive to be right also in Norway. So far the
458 case have cost more than NOK
70 000,-. To help fund the case, NUUG
459 and EFN have asked for donations, and managed to collect around NOK
25
460 000,- so far. Given the presentation from the Government, I expect
461 the government to appeal if the case go our way. And if the case do
462 not go our way, I hope we have enough funding to appeal.
</p
>
464 <p
>From the other side came two people from Økokrim. On the benches,
465 appearing to be part of the group from the government were two people
466 from the Simonsen Vogt Wiik lawyer office, and three others I am not
467 quite sure who was. Økokrim had proposed to present two witnesses
468 from The Motion Picture Association, but this was rejected because
469 they did not speak Norwegian and it was a bit late to bring in a
470 translator, but perhaps the two from MPA were present anyway. All
471 seven appeared to know each other. Good to see the case is take
474 <p
>If you, like me, believe the courts should be involved before a DNS
475 domain is hijacked by the government, or you believe the Popcorn Time
476 technology have a lot of useful and legal applications, I suggest you
477 too
<a href=
"http://www.nuug.no/dns-beslag-donasjon.shtml
">donate to
478 the NUUG defense fund
</a
>. Both Bitcoin and bank transfer are
479 available. If NUUG get more than we need for the legal action (very
480 unlikely), the rest will be spend promoting free software, open
481 standards and unix-like operating systems in Norway, so no matter what
482 happens the money will be put to good use.
</p
>
484 <p
>If you want to lean more about the case, I recommend you check out
485 <a href=
"https://www.nuug.no/news/tags/dns-domenebeslag/
">the blog
486 posts from NUUG covering the case
</a
>. They cover the legal arguments
487 on both sides.
</p
>
492 <title>Nasjonalbiblioteket avslutter sin ulovlige bruk av Google Skjemaer
</title>
493 <link>http://people.skolelinux.org/pere/blog/Nasjonalbiblioteket_avslutter_sin_ulovlige_bruk_av_Google_Skjemaer.html
</link>
494 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Nasjonalbiblioteket_avslutter_sin_ulovlige_bruk_av_Google_Skjemaer.html
</guid>
495 <pubDate>Thu,
12 Jan
2017 09:
40:
00 +
0100</pubDate>
496 <description><p
>I dag fikk jeg en skikkelig gladmelding. Bakgrunnen er at før jul
497 arrangerte Nasjonalbiblioteket
498 <a href=
"http://www.nb.no/Bibliotekutvikling/Kunnskapsorganisering/Nasjonalt-verksregister/Seminar-om-verksregister
">et
499 seminar om sitt knakende gode tiltak «verksregister»
</a
>. Eneste
500 måten å melde seg på dette seminaret var å sende personopplysninger
501 til Google via Google Skjemaer. Dette syntes jeg var tvilsom praksis,
502 da det bør være mulig å delta på seminarer arrangert av det offentlige
503 uten å måtte dele sine interesser, posisjon og andre
504 personopplysninger med Google. Jeg ba derfor om innsyn via
505 <a href=
"https://www.mimesbronn.no/
">Mimes brønn
</a
> i
506 <a href=
"https://www.mimesbronn.no/request/personopplysninger_til_google_sk
">avtaler
507 og vurderinger Nasjonalbiblioteket hadde rundt dette
</a
>.
508 Personopplysningsloven legger klare rammer for hva som må være på
509 plass før en kan be tredjeparter, spesielt i utlandet, behandle
510 personopplysninger på sine vegne, så det burde eksistere grundig
511 dokumentasjon før noe slikt kan bli lovlig. To jurister hos
512 Nasjonalbiblioteket mente først dette var helt i orden, og at Googles
513 standardavtale kunne brukes som databehandlingsavtale. Det syntes jeg
514 var merkelig, men har ikke hatt kapasitet til å følge opp saken før
515 for to dager siden.
</p
>
517 <p
>Gladnyheten i dag, som kom etter at jeg tipset Nasjonalbiblioteket
518 om at Datatilsynet underkjente Googles standardavtaler som
519 databehandleravtaler i
2011, er at Nasjonalbiblioteket har bestemt seg
520 for å avslutte bruken av Googles Skjemaer/Apps og gå i dialog med DIFI
521 for å finne bedre måter å håndtere påmeldinger i tråd med
522 personopplysningsloven. Det er fantastisk å se at av og til hjelper
523 det å spørre hva i alle dager det offentlige holder på med.
</p
>
528 <title>Bryter NAV sin egen personvernerklæring?
</title>
529 <link>http://people.skolelinux.org/pere/blog/Bryter_NAV_sin_egen_personvernerkl_ring_.html
</link>
530 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Bryter_NAV_sin_egen_personvernerkl_ring_.html
</guid>
531 <pubDate>Wed,
11 Jan
2017 06:
50:
00 +
0100</pubDate>
532 <description><p
>Jeg leste med interesse en nyhetssak hos
533 <a href=
"http://www.digi.no/artikler/nav-avslorer-trygdemisbruk-ved-a-spore-ip-adresser/
367394">digi.no
</a
>
535 <a href=
"https://www.nrk.no/buskerud/trygdesvindlere-avslores-av-utenlandske-ip-adresser-
1.13313461">NRK
</a
>
536 om at det ikke bare er meg, men at også NAV bedriver geolokalisering
537 av IP-adresser, og at det gjøres analyse av IP-adressene til de som
538 sendes inn meldekort for å se om meldekortet sendes inn fra
539 utenlandske IP-adresser. Politiadvokat i Drammen, Hans Lyder Haare,
540 er sitert i NRK på at «De to er jo blant annet avslørt av
541 IP-adresser. At man ser at meldekortet kommer fra utlandet.»
</p
>
543 <p
>Jeg synes det er fint at det blir bedre kjent at IP-adresser
544 knyttes til enkeltpersoner og at innsamlet informasjon brukes til å
545 stedsbestemme personer også av aktører her i Norge. Jeg ser det som
546 nok et argument for å bruke
547 <a href=
"https://www.torproject.org/
">Tor
</a
> så mye som mulig for å
548 gjøre gjøre IP-lokalisering vanskeligere, slik at en kan beskytte sin
549 privatsfære og unngå å dele sin fysiske plassering med
550 uvedkommede.
</p
>
552 <P
>Men det er en ting som bekymrer meg rundt denne nyheten. Jeg ble
553 tipset (takk #nuug) om
554 <a href=
"https://www.nav.no/no/NAV+og+samfunn/Kontakt+NAV/Teknisk+brukerstotte/Snarveier/personvernerkl%C3%A6ring-for-arbeids-og-velferdsetaten
">NAVs
555 personvernerklæring
</a
>, som under punktet «Personvern og statistikk»
558 <p
><blockquote
>
560 <p
>«Når du besøker nav.no, etterlater du deg elektroniske spor. Sporene
561 dannes fordi din nettleser automatisk sender en rekke opplysninger til
562 NAVs tjener (server-maskin) hver gang du ber om å få vist en side. Det
563 er eksempelvis opplysninger om hvilken nettleser og -versjon du
564 bruker, og din internettadresse (ip-adresse). For hver side som vises,
565 lagres følgende opplysninger:
</p
>
568 <li
>hvilken side du ser på
</li
>
569 <li
>dato og tid
</li
>
570 <li
>hvilken nettleser du bruker
</li
>
571 <li
>din ip-adresse
</li
>
574 <p
>Ingen av opplysningene vil bli brukt til å identifisere
575 enkeltpersoner. NAV bruker disse opplysningene til å generere en
576 samlet statistikk som blant annet viser hvilke sider som er mest
577 populære. Statistikken er et redskap til å forbedre våre
578 tjenester.»
</p
>
580 </blockquote
></p
>
582 <p
>Jeg klarer ikke helt å se hvordan analyse av de besøkendes
583 IP-adresser for å se hvem som sender inn meldekort via web fra en
584 IP-adresse i utlandet kan gjøres uten å komme i strid med påstanden om
585 at «ingen av opplysningene vil bli brukt til å identifisere
586 enkeltpersoner». Det virker dermed for meg som at NAV bryter sine
587 egen personvernerklæring, hvilket
588 <a href=
"http://people.skolelinux.org/pere/blog/Er_lover_brutt_n_r_personvernpolicy_ikke_stemmer_med_praksis_.html
">Datatilsynet
589 fortalte meg i starten av desember antagelig er brudd på
590 personopplysningsloven
</a
>.
592 <p
>I tillegg er personvernerklæringen ganske misvisende i og med at
593 NAVs nettsider ikke bare forsyner NAV med personopplysninger, men i
594 tillegg ber brukernes nettleser kontakte fem andre nettjenere
595 (script.hotjar.com, static.hotjar.com, vars.hotjar.com,
596 www.google-analytics.com og www.googletagmanager.com), slik at
597 personopplysninger blir gjort tilgjengelig for selskapene Hotjar og
598 Google , og alle som kan lytte på trafikken på veien (som FRA, GCHQ og
599 NSA). Jeg klarer heller ikke se hvordan slikt spredning av
600 personopplysninger kan være i tråd med kravene i
601 personopplysningloven, eller i tråd med NAVs personvernerklæring.
</p
>
603 <p
>Kanskje NAV bør ta en nøye titt på sin personvernerklæring? Eller
604 kanskje Datatilsynet bør gjøre det?
</p
>
projects / homepage.git / blob