1 <?xml version=
"1.0" encoding=
"ISO-8859-1"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries from January
2016</title>
5 <description>Entries from January
2016</description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
10 <title>Always download Debian packages using Tor - the simple recipe
</title>
11 <link>http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html
</guid>
13 <pubDate>Fri,
15 Jan
2016 00:
30:
00 +
0100</pubDate>
14 <description><p
>During his DebConf15 keynote, Jacob Applebaum
15 <a href=
"https://summit.debconf.org/debconf15/meeting/
331/what-is-to-be-done/
">observed
16 that those listening on the Internet lines would have good reason to
17 believe a computer have a given security hole
</a
> if it download a
18 security fix from a Debian mirror. This is a good reason to always
19 use encrypted connections to the Debian mirror, to make sure those
20 listening do not know which IP address to attack. In August, Richard
21 Hartmann observed that encryption was not enough, when it was possible
22 to interfere download size to security patches or the fact that
23 download took place shortly after a security fix was released, and
24 <a href=
"http://richardhartmann.de/blog/posts/
2015/
08/
24-Tor-enabled_Debian_mirror/
">proposed
25 to always use Tor to download packages from the Debian mirror
</a
>. He
26 was not the first to propose this, as the
<tt
>apt-transport-tor
</tt
>
27 package by Tim Retout already existed to make it easy to convince apt
28 to use
<a href=
"https://www.torproject.org/
">Tor
</a
>, but I was not
29 aware of that package when I read the blog post from Richard.
</p
>
31 <p
>Richard discussed the idea with Peter Palfrader, one of the Debian
32 sysadmins, and he set up a Tor hidden service on one of the central
33 Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
34 it possible to download packages directly between two tor nodes,
35 making sure the network traffic always were encrypted.
</p
>
37 <p
>Here is a short recipe for enabling this on your machine, by
38 installing
<tt
>apt-transport-tor
</tt
> and replacing http and https
39 urls with tor+http and https, and using the hidden service instead of
40 the official Debian mirror site. I recommend installing
41 <tt
>etckeeper
</tt
> before you start to have a history of the changes
42 done in /etc/.
</p
>
44 <blockquote
><pre
>
45 apt install apt-transport-tor
46 sed -i
's% http://ftp.debian.org/%tor+http://vwakviie2ienjx6t.onion/%
' /etc/apt/sources.list
47 sed -i
's% http% tor+http%
' /etc/apt/sources.list
48 </pre
></blockquote
>
50 <p
>If you have more sources listed in /etc/apt/sources.list.d/, run
51 the sed commands for these too. The sed command is assuming your are
52 using the ftp.debian.org Debian mirror. Adjust the command (or just
53 edit the file manually) to match your mirror.
</p
>
55 <p
>This work in Debian Jessie and later. Note that tools like
56 <tt
>apt-file
</tt
> only recently started using the apt transport
57 system, and do not work with these tor+http URLs. For
58 <tt
>apt-file
</tt
> you need the version currently in experimental,
59 which need a recent apt version currently only in unstable. So if you
60 need a working
<tt
>apt-file
</tt
>, this is not for you.
</p
>
62 <p
>Another advantage from this change is that your machine will start
63 using Tor regularly and at fairly random intervals (every time you
64 update the package lists or upgrade or install a new package), thus
65 masking other Tor traffic done from the same machine. Using Tor will
66 become normal for the machine in question.
</p
>
68 <p
>On
<a href=
"https://wiki.debian.org/FreedomBox
">Freedombox
</a
>, APT
69 is set up by default to use
<tt
>apt-transport-tor
</tt
> when Tor is
70 enabled. It would be great if it was the default on any Debian
76 <title>Nedlasting fra NRK, som Matroska med undertekster
</title>
77 <link>http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html
</link>
78 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html
</guid>
79 <pubDate>Sat,
2 Jan
2016 13:
50:
00 +
0100</pubDate>
80 <description><p
>Det kommer stadig nye løsninger for å ta lagre unna innslag fra NRK
81 for å se på det senere. For en stund tilbake kom jeg over et script
82 nrkopptak laget av Ingvar Hagelund. Han fjernet riktignok sitt script
83 etter forespørsel fra Erik Bolstad i NRK, men noen tok heldigvis og
84 gjorde det
<a href=
"https://github.com/liangqi/nrkopptak
">tilgjengelig
85 via github
</a
>.
</p
>
87 <p
>Scriptet kan lagre som MPEG4 eller Matroska, og bake inn
88 undertekster i fila på et vis som blant annet VLC forstår. For å
89 bruke scriptet, kopier ned git-arkivet og kjør
</p
>
92 nrkopptak/bin/nrk-opptak k
<ahref=
"https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-
1/episode-
1">https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-
1/episode-
1</a
>
93 </pre
></p
>
95 <p
>URL-eksemplet er dagens toppsak på tv.nrk.no. Argument
'k
' ber
96 scriptet laste ned og lagre som Matroska. Det finnes en rekke andre
97 muligheter for valg av kvalitet og format.
</p
>
99 <p
>Jeg foretrekker dette scriptet fremfor youtube-dl, som
100 <a href=
"http://people.skolelinux.org/pere/blog/Hvordan_enkelt_laste_ned_filmer_fra_NRK_med_den__nye__l_sningen.html
">
101 nevnt i
2014 støtter NRK
</a
> og en rekke andre videokilder, på grunn
102 av at nrkopptak samler undertekster og video i en enkelt fil, hvilket
103 gjør håndtering enklere på disk.
</p
>
projects / homepage.git / blob