1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>How does it feel to be wiretapped, when you should be doing the wiretapping...
</title>
11 <link>http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html
</guid>
13 <pubDate>Wed,
8 Mar
2017 11:
50:
00 +
0100</pubDate>
14 <description><p
>So the new president in the United States of America claim to be
15 surprised to discover that he was wiretapped during the election
16 before he was elected president. He even claim this must be illegal.
17 Well, doh, if it is one thing the confirmations from Snowden
18 documented, it is that the entire population in USA is wiretapped, one
19 way or another. Of course the president candidates were wiretapped,
20 alongside the senators, judges and the rest of the people in USA.
</p
>
22 <p
>Next, the Federal Bureau of Investigation ask the Department of
23 Justice to go public rejecting the claims that Donald Trump was
24 wiretapped illegally. I fail to see the relevance, given that I am
25 sure the surveillance industry in USA according to themselves believe
26 they have all the legal backing they need to conduct mass surveillance
27 on the entire world.
</p
>
29 <p
>There is even the director of the FBI stating that he never saw an
30 order requesting wiretapping of Donald Trump. That is not very
31 surprising, given how the FISA court work, with all its activity being
32 secret. Perhaps he only heard about it?
</p
>
34 <p
>What I find most sad in this story is how Norwegian journalists
35 present it. In a news reports the other day in the radio from the
36 Norwegian National broadcasting Company (NRK), I heard the journalist
37 claim that
'the FBI denies any wiretapping
', while the reality is that
38 'the FBI denies any illegal wiretapping
'. There is a fundamental and
39 important difference, and it make me sad that the journalists are
40 unable to grasp it.
</p
>
45 <title>Norwegian Bokmål translation of The Debian Administrator
's Handbook complete, proofreading in progress
</title>
46 <link>http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html
</link>
47 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html
</guid>
48 <pubDate>Fri,
3 Mar
2017 14:
50:
00 +
0100</pubDate>
49 <description><p
>For almost a year now, we have been working on making a Norwegian
50 Bokmål edition of
<a href=
"https://debian-handbook.info/
">The Debian
51 Administrator
's Handbook
</a
>. Now, thanks to the tireless effort of
52 Ole-Erik, Ingrid and Andreas, the initial translation is complete, and
53 we are working on the proof reading to ensure consistent language and
54 use of correct computer science terms. The plan is to make the book
55 available on paper, as well as in electronic form. For that to
56 happen, the proof reading must be completed and all the figures need
57 to be translated. If you want to help out, get in touch.
</p
>
59 <p
><a href=
"http://people.skolelinux.org/pere/debian-handbook/debian-handbook-nb-NO.pdf
">A
61 fresh PDF edition
</a
> in A4 format (the final book will have smaller
62 pages) of the book created every morning is available for
63 proofreading. If you find any errors, please
64 <a href=
"https://hosted.weblate.org/projects/debian-handbook/
">visit
65 Weblate and correct the error
</a
>. The
66 <a href=
"http://l.github.io/debian-handbook/stat/nb-NO/index.html
">state
67 of the translation including figures
</a
> is a useful source for those
68 provide Norwegian bokmål screen shots and figures.
</p
>
73 <title>Unlimited randomness with the ChaosKey?
</title>
74 <link>http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html
</link>
75 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html
</guid>
76 <pubDate>Wed,
1 Mar
2017 20:
50:
00 +
0100</pubDate>
77 <description><p
>A few days ago I ordered a small batch of
78 <a href=
"http://altusmetrum.org/ChaosKey/
">the ChaosKey
</a
>, a small
79 USB dongle for generating entropy created by Bdale Garbee and Keith
80 Packard. Yesterday it arrived, and I am very happy to report that it
81 work great! According to its designers, to get it to work out of the
82 box, you need the Linux kernel version
4.1 or later. I tested on a
83 Debian Stretch machine (kernel version
4.9), and there it worked just
84 fine, increasing the available entropy very quickly. I wrote a small
85 test oneliner to test. It first print the current entropy level,
86 drain /dev/random, and then print the entropy level for five seconds.
87 Here is the situation without the ChaosKey inserted:
</p
>
89 <blockquote
><pre
>
90 % cat /proc/sys/kernel/random/entropy_avail; \
91 dd bs=
1M if=/dev/random of=/dev/null count=
1; \
92 for n in $(seq
1 5); do \
93 cat /proc/sys/kernel/random/entropy_avail; \
99 28 byte kopiert,
0,
000264565 s,
106 kB/s
106 </pre
></blockquote
>
108 <p
>The entropy level increases by
3-
4 every second. In such case any
109 application requiring random bits (like a HTTPS enabled web server)
110 will halt and wait for more entrpy. And here is the situation with
111 the ChaosKey inserted:
</p
>
113 <blockquote
><pre
>
114 % cat /proc/sys/kernel/random/entropy_avail; \
115 dd bs=
1M if=/dev/random of=/dev/null count=
1; \
116 for n in $(seq
1 5); do \
117 cat /proc/sys/kernel/random/entropy_avail; \
123 104 byte kopiert,
0,
000487647 s,
213 kB/s
130 </pre
></blockquote
>
132 <p
>Quite the difference. :) I bought a few more than I need, in case
133 someone want to buy one here in Norway. :)
</p
>
135 <p
>Update: The dongle was presented at Debconf last year. You might
136 find
<a href=
"https://debconf16.debconf.org/talks/
94/
">the talk
137 recording illuminating
</a
>. It explains exactly what the source of
138 randomness is, if you are unable to spot it from the schema drawing
139 available from the ChaosKey web site linked at the start of this blog
145 <title>Detect OOXML files with undefined behaviour?
</title>
146 <link>http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html
</link>
147 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html
</guid>
148 <pubDate>Tue,
21 Feb
2017 00:
20:
00 +
0100</pubDate>
149 <description><p
>I just noticed
150 <a href=
"http://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing
">the
151 new Norwegian proposal for archiving rules in the goverment
</a
> list
152 <a href=
"http://www.ecma-international.org/publications/standards/Ecma-
376.htm
">ECMA-
376</a
>
153 / ISO/IEC
29500 (aka OOXML) as valid formats to put in long term
154 storage. Luckily such files will only be accepted based on
155 pre-approval from the National Archive. Allowing OOXML files to be
156 used for long term storage might seem like a good idea as long as we
157 forget that there are plenty of ways for a
"valid
" OOXML document to
158 have content with no defined interpretation in the standard, which
159 lead to a question and an idea.
</p
>
161 <p
>Is there any tool to detect if a OOXML document depend on such
162 undefined behaviour? It would be useful for the National Archive (and
163 anyone else interested in verifying that a document is well defined)
164 to have such tool available when considering to approve the use of
165 OOXML. I
'm aware of the
166 <a href=
"https://github.com/arlm/officeotron/
">officeotron OOXML
167 validator
</a
>, but do not know how complete it is nor if it will
168 report use of undefined behaviour. Are there other similar tools
169 available? Please send me an email if you know of any such tool.
</p
>
174 <title>Ruling ignored our objections to the seizure of popcorn-time.no (#domstolkontroll)
</title>
175 <link>http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html
</link>
176 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html
</guid>
177 <pubDate>Mon,
13 Feb
2017 21:
30:
00 +
0100</pubDate>
178 <description><p
>A few days ago, we received the ruling from
179 <a href=
"http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
">my
180 day in court
</a
>. The case in question is a challenge of the seizure
181 of the DNS domain popcorn-time.no. The ruling simply did not mention
182 most of our arguments, and seemed to take everything ØKOKRIM said at
183 face value, ignoring our demonstration and explanations. But it is
184 hard to tell for sure, as we still have not seen most of the documents
185 in the case and thus were unprepared and unable to contradict several
186 of the claims made in court by the opposition. We are considering an
187 appeal, but it is partly a question of funding, as it is costing us
188 quite a bit to pay for our lawyer. If you want to help, please
189 <a href=
"http://www.nuug.no/dns-beslag-donasjon.shtml
">donate to the
190 NUUG defense fund
</a
>.
</p
>
192 <p
>The details of the case, as far as we know it, is available in
194 <a href=
"https://www.nuug.no/news/tags/dns-domenebeslag/
">the NUUG
195 blog
</a
>. This also include
196 <a href=
"https://www.nuug.no/news/Avslag_etter_rettslig_h_ring_om_DNS_beslaget___vurderer_veien_videre.shtml
">the
197 ruling itself
</a
>.
</p
>
202 <title>A day in court challenging seizure of popcorn-time.no for #domstolkontroll
</title>
203 <link>http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
</link>
204 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
</guid>
205 <pubDate>Fri,
3 Feb
2017 11:
10:
00 +
0100</pubDate>
206 <description><p align=
"center
"><img width=
"70%
" src=
"http://people.skolelinux.org/pere/blog/images/
2017-
02-
01-popcorn-time-in-court.jpeg
"></p
>
208 <p
>On Wednesday, I spent the entire day in court in Follo Tingrett
209 representing
<a href=
"https://www.nuug.no/
">the member association
210 NUUG
</a
>, alongside
<a href=
"https://www.efn.no/
">the member
211 association EFN
</a
> and
<a href=
"http://www.imc.no
">the DNS registrar
212 IMC
</a
>, challenging the seizure of the DNS name popcorn-time.no. It
213 was interesting to sit in a court of law for the first time in my
214 life. Our team can be seen in the picture above: attorney Ola
215 Tellesbø, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil
216 Eriksen and NUUG board member Petter Reinholdtsen.
</p
>
218 <p
><a href=
"http://www.domstol.no/no/Enkelt-domstol/follo-tingrett/Nar-gar-rettssaken/Beramming/?cid=AAAA1701301512081262234UJFBVEZZZZZEJBAvtale
">The
219 case at hand
</a
> is that the Norwegian National Authority for
220 Investigation and Prosecution of Economic and Environmental Crime (aka
221 Økokrim) decided on their own, to seize a DNS domain early last
222 year, without following
223 <a href=
"https://www.norid.no/no/regelverk/navnepolitikk/#link12
">the
224 official policy of the Norwegian DNS authority
</a
> which require a
225 court decision. The web site in question was a site covering Popcorn
226 Time. And Popcorn Time is the name of a technology with both legal
227 and illegal applications. Popcorn Time is a client combining
228 searching a Bittorrent directory available on the Internet with
229 downloading/distribute content via Bittorrent and playing the
230 downloaded content on screen. It can be used illegally if it is used
231 to distribute content against the will of the right holder, but it can
232 also be used legally to play a lot of content, for example the
234 <a href=
"https://archive.org/details/movies
">available from the
235 Internet Archive
</a
> or the collection
236 <a href=
"http://vodo.net/films/
">available from Vodo
</a
>. We created
237 <a href=
"magnet:?xt=urn:btih:
86c1802af5a667ca56d3918aecb7d3c0f7173084
&dn=PresentasjonFolloTingrett.mov
&tr=udp%
3A%
2F%
2Fpublic.popcorn-tracker.org%
3A6969%
2Fannounce
">a
238 video demonstrating legally use of Popcorn Time
</a
> and played it in
239 Court. It can of course be downloaded using Bittorrent.
</p
>
241 <p
>I did not quite know what to expect from a day in court. The
242 government held on to their version of the story and we held on to
243 ours, and I hope the judge is able to make sense of it all. We will
244 know in two weeks time. Unfortunately I do not have high hopes, as
245 the Government have the upper hand here with more knowledge about the
246 case, better training in handling criminal law and in general higher
247 standing in the courts than fairly unknown DNS registrar and member
248 associations. It is expensive to be right also in Norway. So far the
249 case have cost more than NOK
70 000,-. To help fund the case, NUUG
250 and EFN have asked for donations, and managed to collect around NOK
25
251 000,- so far. Given the presentation from the Government, I expect
252 the government to appeal if the case go our way. And if the case do
253 not go our way, I hope we have enough funding to appeal.
</p
>
255 <p
>From the other side came two people from Økokrim. On the benches,
256 appearing to be part of the group from the government were two people
257 from the Simonsen Vogt Wiik lawyer office, and three others I am not
258 quite sure who was. Økokrim had proposed to present two witnesses
259 from The Motion Picture Association, but this was rejected because
260 they did not speak Norwegian and it was a bit late to bring in a
261 translator, but perhaps the two from MPA were present anyway. All
262 seven appeared to know each other. Good to see the case is take
265 <p
>If you, like me, believe the courts should be involved before a DNS
266 domain is hijacked by the government, or you believe the Popcorn Time
267 technology have a lot of useful and legal applications, I suggest you
268 too
<a href=
"http://www.nuug.no/dns-beslag-donasjon.shtml
">donate to
269 the NUUG defense fund
</a
>. Both Bitcoin and bank transfer are
270 available. If NUUG get more than we need for the legal action (very
271 unlikely), the rest will be spend promoting free software, open
272 standards and unix-like operating systems in Norway, so no matter what
273 happens the money will be put to good use.
</p
>
275 <p
>If you want to lean more about the case, I recommend you check out
276 <a href=
"https://www.nuug.no/news/tags/dns-domenebeslag/
">the blog
277 posts from NUUG covering the case
</a
>. They cover the legal arguments
278 on both sides.
</p
>
283 <title>Nasjonalbiblioteket avslutter sin ulovlige bruk av Google Skjemaer
</title>
284 <link>http://people.skolelinux.org/pere/blog/Nasjonalbiblioteket_avslutter_sin_ulovlige_bruk_av_Google_Skjemaer.html
</link>
285 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Nasjonalbiblioteket_avslutter_sin_ulovlige_bruk_av_Google_Skjemaer.html
</guid>
286 <pubDate>Thu,
12 Jan
2017 09:
40:
00 +
0100</pubDate>
287 <description><p
>I dag fikk jeg en skikkelig gladmelding. Bakgrunnen er at før jul
288 arrangerte Nasjonalbiblioteket
289 <a href=
"http://www.nb.no/Bibliotekutvikling/Kunnskapsorganisering/Nasjonalt-verksregister/Seminar-om-verksregister
">et
290 seminar om sitt knakende gode tiltak «verksregister»
</a
>. Eneste
291 måten å melde seg på dette seminaret var å sende personopplysninger
292 til Google via Google Skjemaer. Dette syntes jeg var tvilsom praksis,
293 da det bør være mulig å delta på seminarer arrangert av det offentlige
294 uten å måtte dele sine interesser, posisjon og andre
295 personopplysninger med Google. Jeg ba derfor om innsyn via
296 <a href=
"https://www.mimesbronn.no/
">Mimes brønn
</a
> i
297 <a href=
"https://www.mimesbronn.no/request/personopplysninger_til_google_sk
">avtaler
298 og vurderinger Nasjonalbiblioteket hadde rundt dette
</a
>.
299 Personopplysningsloven legger klare rammer for hva som må være på
300 plass før en kan be tredjeparter, spesielt i utlandet, behandle
301 personopplysninger på sine vegne, så det burde eksistere grundig
302 dokumentasjon før noe slikt kan bli lovlig. To jurister hos
303 Nasjonalbiblioteket mente først dette var helt i orden, og at Googles
304 standardavtale kunne brukes som databehandlingsavtale. Det syntes jeg
305 var merkelig, men har ikke hatt kapasitet til å følge opp saken før
306 for to dager siden.
</p
>
308 <p
>Gladnyheten i dag, som kom etter at jeg tipset Nasjonalbiblioteket
309 om at Datatilsynet underkjente Googles standardavtaler som
310 databehandleravtaler i
2011, er at Nasjonalbiblioteket har bestemt seg
311 for å avslutte bruken av Googles Skjemaer/Apps og gå i dialog med DIFI
312 for å finne bedre måter å håndtere påmeldinger i tråd med
313 personopplysningsloven. Det er fantastisk å se at av og til hjelper
314 det å spørre hva i alle dager det offentlige holder på med.
</p
>
319 <title>Bryter NAV sin egen personvernerklæring?
</title>
320 <link>http://people.skolelinux.org/pere/blog/Bryter_NAV_sin_egen_personvernerkl_ring_.html
</link>
321 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Bryter_NAV_sin_egen_personvernerkl_ring_.html
</guid>
322 <pubDate>Wed,
11 Jan
2017 06:
50:
00 +
0100</pubDate>
323 <description><p
>Jeg leste med interesse en nyhetssak hos
324 <a href=
"http://www.digi.no/artikler/nav-avslorer-trygdemisbruk-ved-a-spore-ip-adresser/
367394">digi.no
</a
>
326 <a href=
"https://www.nrk.no/buskerud/trygdesvindlere-avslores-av-utenlandske-ip-adresser-
1.13313461">NRK
</a
>
327 om at det ikke bare er meg, men at også NAV bedriver geolokalisering
328 av IP-adresser, og at det gjøres analyse av IP-adressene til de som
329 sendes inn meldekort for å se om meldekortet sendes inn fra
330 utenlandske IP-adresser. Politiadvokat i Drammen, Hans Lyder Haare,
331 er sitert i NRK på at «De to er jo blant annet avslørt av
332 IP-adresser. At man ser at meldekortet kommer fra utlandet.»
</p
>
334 <p
>Jeg synes det er fint at det blir bedre kjent at IP-adresser
335 knyttes til enkeltpersoner og at innsamlet informasjon brukes til å
336 stedsbestemme personer også av aktører her i Norge. Jeg ser det som
337 nok et argument for å bruke
338 <a href=
"https://www.torproject.org/
">Tor
</a
> så mye som mulig for å
339 gjøre gjøre IP-lokalisering vanskeligere, slik at en kan beskytte sin
340 privatsfære og unngå å dele sin fysiske plassering med
341 uvedkommede.
</p
>
343 <P
>Men det er en ting som bekymrer meg rundt denne nyheten. Jeg ble
344 tipset (takk #nuug) om
345 <a href=
"https://www.nav.no/no/NAV+og+samfunn/Kontakt+NAV/Teknisk+brukerstotte/Snarveier/personvernerkl%C3%A6ring-for-arbeids-og-velferdsetaten
">NAVs
346 personvernerklæring
</a
>, som under punktet «Personvern og statistikk»
349 <p
><blockquote
>
351 <p
>«Når du besøker nav.no, etterlater du deg elektroniske spor. Sporene
352 dannes fordi din nettleser automatisk sender en rekke opplysninger til
353 NAVs tjener (server-maskin) hver gang du ber om å få vist en side. Det
354 er eksempelvis opplysninger om hvilken nettleser og -versjon du
355 bruker, og din internettadresse (ip-adresse). For hver side som vises,
356 lagres følgende opplysninger:
</p
>
359 <li
>hvilken side du ser på
</li
>
360 <li
>dato og tid
</li
>
361 <li
>hvilken nettleser du bruker
</li
>
362 <li
>din ip-adresse
</li
>
365 <p
>Ingen av opplysningene vil bli brukt til å identifisere
366 enkeltpersoner. NAV bruker disse opplysningene til å generere en
367 samlet statistikk som blant annet viser hvilke sider som er mest
368 populære. Statistikken er et redskap til å forbedre våre
369 tjenester.»
</p
>
371 </blockquote
></p
>
373 <p
>Jeg klarer ikke helt å se hvordan analyse av de besøkendes
374 IP-adresser for å se hvem som sender inn meldekort via web fra en
375 IP-adresse i utlandet kan gjøres uten å komme i strid med påstanden om
376 at «ingen av opplysningene vil bli brukt til å identifisere
377 enkeltpersoner». Det virker dermed for meg som at NAV bryter sine
378 egen personvernerklæring, hvilket
379 <a href=
"http://people.skolelinux.org/pere/blog/Er_lover_brutt_n_r_personvernpolicy_ikke_stemmer_med_praksis_.html
">Datatilsynet
380 fortalte meg i starten av desember antagelig er brudd på
381 personopplysningsloven
</a
>.
383 <p
>I tillegg er personvernerklæringen ganske misvisende i og med at
384 NAVs nettsider ikke bare forsyner NAV med personopplysninger, men i
385 tillegg ber brukernes nettleser kontakte fem andre nettjenere
386 (script.hotjar.com, static.hotjar.com, vars.hotjar.com,
387 www.google-analytics.com og www.googletagmanager.com), slik at
388 personopplysninger blir gjort tilgjengelig for selskapene Hotjar og
389 Google , og alle som kan lytte på trafikken på veien (som FRA, GCHQ og
390 NSA). Jeg klarer heller ikke se hvordan slikt spredning av
391 personopplysninger kan være i tråd med kravene i
392 personopplysningloven, eller i tråd med NAVs personvernerklæring.
</p
>
394 <p
>Kanskje NAV bør ta en nøye titt på sin personvernerklæring? Eller
395 kanskje Datatilsynet bør gjøre det?
</p
>
400 <title>Where did that package go?
&mdash; geolocated IP traceroute
</title>
401 <link>http://people.skolelinux.org/pere/blog/Where_did_that_package_go___mdash__geolocated_IP_traceroute.html
</link>
402 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Where_did_that_package_go___mdash__geolocated_IP_traceroute.html
</guid>
403 <pubDate>Mon,
9 Jan
2017 12:
20:
00 +
0100</pubDate>
404 <description><p
>Did you ever wonder where the web trafic really flow to reach the
405 web servers, and who own the network equipment it is flowing through?
406 It is possible to get a glimpse of this from using traceroute, but it
407 is hard to find all the details. Many years ago, I wrote a system to
408 map the Norwegian Internet (trying to figure out if our plans for a
409 network game service would get low enough latency, and who we needed
410 to talk to about setting up game servers close to the users. Back
411 then I used traceroute output from many locations (I asked my friends
412 to run a script and send me their traceroute output) to create the
413 graph and the map. The output from traceroute typically look like
417 traceroute to www.stortinget.no (
85.88.67.10),
30 hops max,
60 byte packets
418 1 uio-gw10.uio.no (
129.240.202.1)
0.447 ms
0.486 ms
0.621 ms
419 2 uio-gw8.uio.no (
129.240.24.229)
0.467 ms
0.578 ms
0.675 ms
420 3 oslo-gw1.uninett.no (
128.39.65.17)
0.385 ms
0.373 ms
0.358 ms
421 4 te3-
1-
2.br1.fn3.as2116.net (
193.156.90.3)
1.174 ms
1.172 ms
1.153 ms
422 5 he16-
1-
1.cr1.san110.as2116.net (
195.0.244.234)
2.627 ms he16-
1-
1.cr2.oslosda310.as2116.net (
195.0.244.48)
3.172 ms he16-
1-
1.cr1.san110.as2116.net (
195.0.244.234)
2.857 ms
423 6 ae1.ar8.oslosda310.as2116.net (
195.0.242.39)
0.662 ms
0.637 ms ae0.ar8.oslosda310.as2116.net (
195.0.242.23)
0.622 ms
424 7 89.191.10.146 (
89.191.10.146)
0.931 ms
0.917 ms
0.955 ms
428 </pre
></p
>
430 <p
>This show the DNS names and IP addresses of (at least some of the)
431 network equipment involved in getting the data traffic from me to the
432 www.stortinget.no server, and how long it took in milliseconds for a
433 package to reach the equipment and return to me. Three packages are
434 sent, and some times the packages do not follow the same path. This
435 is shown for hop
5, where three different IP addresses replied to the
436 traceroute request.
</p
>
438 <p
>There are many ways to measure trace routes. Other good traceroute
439 implementations I use are traceroute (using ICMP packages) mtr (can do
440 both ICMP, UDP and TCP) and scapy (python library with ICMP, UDP, TCP
441 traceroute and a lot of other capabilities). All of them are easily
442 available in
<a href=
"https://www.debian.org/
">Debian
</a
>.
</p
>
444 <p
>This time around, I wanted to know the geographic location of
445 different route points, to visualize how visiting a web page spread
446 information about the visit to a lot of servers around the globe. The
447 background is that a web site today often will ask the browser to get
448 from many servers the parts (for example HTML, JSON, fonts,
449 JavaScript, CSS, video) required to display the content. This will
450 leak information about the visit to those controlling these servers
451 and anyone able to peek at the data traffic passing by (like your ISP,
452 the ISPs backbone provider, FRA, GCHQ, NSA and others).
</p
>
454 <p
>Lets pick an example, the Norwegian parliament web site
455 www.stortinget.no. It is read daily by all members of parliament and
456 their staff, as well as political journalists, activits and many other
457 citizens of Norway. A visit to the www.stortinget.no web site will
458 ask your browser to contact
8 other servers: ajax.googleapis.com,
459 insights.hotjar.com, script.hotjar.com, static.hotjar.com,
460 stats.g.doubleclick.net, www.google-analytics.com,
461 www.googletagmanager.com and www.netigate.se. I extracted this by
462 asking
<a href=
"http://phantomjs.org/
">PhantomJS
</a
> to visit the
463 Stortinget web page and tell me all the URLs PhantomJS downloaded to
464 render the page (in HAR format using
465 <a href=
"https://github.com/ariya/phantomjs/blob/master/examples/netsniff.js
">their
466 netsniff example
</a
>. I am very grateful to Gorm for showing me how
467 to do this). My goal is to visualize network traces to all IP
468 addresses behind these DNS names, do show where visitors personal
469 information is spread when visiting the page.
</p
>
471 <p align=
"center
"><a href=
"www.stortinget.no-geoip.kml
"><img
472 src=
"http://people.skolelinux.org/pere/blog/images/
2017-
01-
09-www.stortinget.no-geoip-small.png
" alt=
"map of combined traces for URLs used by www.stortinget.no using GeoIP
"/
></a
></p
>
474 <p
>When I had a look around for options, I could not find any good
475 free software tools to do this, and decided I needed my own traceroute
476 wrapper outputting KML based on locations looked up using GeoIP. KML
477 is easy to work with and easy to generate, and understood by several
478 of the GIS tools I have available. I got good help from by NUUG
479 colleague Anders Einar with this, and the result can be seen in
480 <a href=
"https://github.com/petterreinholdtsen/kmltraceroute
">my
481 kmltraceroute git repository
</a
>. Unfortunately, the quality of the
482 free GeoIP databases I could find (and the for-pay databases my
483 friends had access to) is not up to the task. The IP addresses of
484 central Internet infrastructure would typically be placed near the
485 controlling companies main office, and not where the router is really
486 located, as you can see from
<a href=
"www.stortinget.no-geoip.kml
">the
487 KML file I created
</a
> using the GeoLite City dataset from MaxMind.
489 <p align=
"center
"><a href=
"http://people.skolelinux.org/pere/blog/images/
2017-
01-
09-www.stortinget.no-scapy.svg
"><img
490 src=
"http://people.skolelinux.org/pere/blog/images/
2017-
01-
09-www.stortinget.no-scapy-small.png
" alt=
"scapy traceroute graph for URLs used by www.stortinget.no
"/
></a
></p
>
492 <p
>I also had a look at the visual traceroute graph created by
493 <a href=
"http://www.secdev.org/projects/scapy/
">the scrapy project
</a
>,
494 showing IP network ownership (aka AS owner) for the IP address in
496 <a href=
"http://people.skolelinux.org/pere/blog/images/
2017-
01-
09-www.stortinget.no-scapy.svg
">The
497 graph display a lot of useful information about the traceroute in SVG
498 format
</a
>, and give a good indication on who control the network
499 equipment involved, but it do not include geolocation. This graph
500 make it possible to see the information is made available at least for
501 UNINETT, Catchcom, Stortinget, Nordunet, Google, Amazon, Telia, Level
502 3 Communications and NetDNA.
</p
>
504 <p align=
"center
"><a href=
"https://geotraceroute.com/index.php?node=
4&host=www.stortinget.no
"><img
505 src=
"http://people.skolelinux.org/pere/blog/images/
2017-
01-
09-www.stortinget.no-geotraceroute-small.png
" alt=
"example geotraceroute view for www.stortinget.no
"/
></a
></p
>
507 <p
>In the process, I came across the
508 <a href=
"https://geotraceroute.com/
">web service GeoTraceroute
</a
> by
509 Salim Gasmi. Its methology of combining guesses based on DNS names,
510 various location databases and finally use latecy times to rule out
511 candidate locations seemed to do a very good job of guessing correct
512 geolocation. But it could only do one trace at the time, did not have
513 a sensor in Norway and did not make the geolocations easily available
514 for postprocessing. So I contacted the developer and asked if he
515 would be willing to share the code (he refused until he had time to
516 clean it up), but he was interested in providing the geolocations in a
517 machine readable format, and willing to set up a sensor in Norway. So
518 since yesterday, it is possible to run traces from Norway in this
519 service thanks to a sensor node set up by
520 <a href=
"https://www.nuug.no/
">the NUUG assosiation
</a
>, and get the
521 trace in KML format for further processing.
</p
>
523 <p align=
"center
"><a href=
"http://people.skolelinux.org/pere/blog/images/
2017-
01-
09-www.stortinget.no-geotraceroute-kml-join.kml
"><img
524 src=
"http://people.skolelinux.org/pere/blog/images/
2017-
01-
09-www.stortinget.no-geotraceroute-kml-join.png
" alt=
"map of combined traces for URLs used by www.stortinget.no using geotraceroute
"/
></a
></p
>
526 <p
>Here we can see a lot of trafic passes Sweden on its way to
527 Denmark, Germany, Holland and Ireland. Plenty of places where the
528 Snowden confirmations verified the traffic is read by various actors
529 without your best interest as their top priority.
</p
>
531 <p
>Combining KML files is trivial using a text editor, so I could loop
532 over all the hosts behind the urls imported by www.stortinget.no and
533 ask for the KML file from GeoTraceroute, and create a combined KML
534 file with all the traces (unfortunately only one of the IP addresses
535 behind the DNS name is traced this time. To get them all, one would
536 have to request traces using IP number instead of DNS names from
537 GeoTraceroute). That might be the next step in this project.
</p
>
539 <p
>Armed with these tools, I find it a lot easier to figure out where
540 the IP traffic moves and who control the boxes involved in moving it.
541 And every time the link crosses for example the Swedish border, we can
542 be sure Swedish Signal Intelligence (FRA) is listening, as GCHQ do in
543 Britain and NSA in USA and cables around the globe. (Hm, what should
544 we tell them? :) Keep that in mind if you ever send anything
545 unencrypted over the Internet.
</p
>
547 <p
>PS: KML files are drawn using
548 <a href=
"http://ivanrublev.me/kml/
">the KML viewer from Ivan
549 Rublev
<a/
>, as it was less cluttered than the local Linux application
550 Marble. There are heaps of other options too.
</p
>
552 <p
>As usual, if you use Bitcoin and want to show your support of my
553 activities, please send Bitcoin donations to my address
554 <b
><a href=
"bitcoin:
15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
&label=PetterReinholdtsenBlog
">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
</a
></b
>.
</p
>
559 <title>Introducing ical-archiver to split out old iCalendar entries
</title>
560 <link>http://people.skolelinux.org/pere/blog/Introducing_ical_archiver_to_split_out_old_iCalendar_entries.html
</link>
561 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Introducing_ical_archiver_to_split_out_old_iCalendar_entries.html
</guid>
562 <pubDate>Wed,
4 Jan
2017 12:
20:
00 +
0100</pubDate>
563 <description><p
>Do you have a large
<a href=
"https://icalendar.org/
">iCalendar
</a
>
564 file with lots of old entries, and would like to archive them to save
565 space and resources? At least those of us using KOrganizer know that
566 turning on and off an event set become slower and slower the more
567 entries are in the set. While working on migrating our calendars to a
568 <a href=
"http://radicale.org/
">Radicale CalDAV server
</a
> on our
569 <a href=
"https://freedomboxfoundation.org/
">Freedombox server
</a/
>, my
570 loved one wondered if I could find a way to split up the calendar file
571 she had in KOrganizer, and I set out to write a tool. I spent a few
572 days writing and polishing the system, and it is now ready for general
574 <a href=
"https://github.com/petterreinholdtsen/ical-archiver
">code for
575 ical-archiver
</a
> is publicly available from a git repository on
576 github. The system is written in Python and depend on
577 <a href=
"http://eventable.github.io/vobject/
">the vobject Python
578 module
</a
>.
</p
>
580 <p
>To use it, locate the iCalendar file you want to operate on and
581 give it as an argument to the ical-archiver script. This will
582 generate a set of new files, one file per component type per year for
583 all components expiring more than two years in the past. The vevent,
584 vtodo and vjournal entries are handled by the script. The remaining
585 entries are stored in a
'remaining
' file.
</p
>
587 <p
>This is what a test run can look like:
590 % ical-archiver t/
2004-
2016.ics
594 Writing t/
2004-
2016.ics-subset-vevent-
2004.ics
595 Writing t/
2004-
2016.ics-subset-vevent-
2005.ics
596 Writing t/
2004-
2016.ics-subset-vevent-
2006.ics
597 Writing t/
2004-
2016.ics-subset-vevent-
2007.ics
598 Writing t/
2004-
2016.ics-subset-vevent-
2008.ics
599 Writing t/
2004-
2016.ics-subset-vevent-
2009.ics
600 Writing t/
2004-
2016.ics-subset-vevent-
2010.ics
601 Writing t/
2004-
2016.ics-subset-vevent-
2011.ics
602 Writing t/
2004-
2016.ics-subset-vevent-
2012.ics
603 Writing t/
2004-
2016.ics-subset-vevent-
2013.ics
604 Writing t/
2004-
2016.ics-subset-vevent-
2014.ics
605 Writing t/
2004-
2016.ics-subset-vjournal-
2007.ics
606 Writing t/
2004-
2016.ics-subset-vjournal-
2011.ics
607 Writing t/
2004-
2016.ics-subset-vtodo-
2012.ics
608 Writing t/
2004-
2016.ics-remaining.ics
610 </pre
></p
>
612 <p
>As you can see, the original file is untouched and new files are
613 written with names derived from the original file. If you are happy
614 with their content, the *-remaining.ics file can replace the original
615 the the others can be archived or imported as historical calendar
616 collections.
</p
>
618 <p
>The script should probably be improved a bit. The error handling
619 when discovering broken entries is not good, and I am not sure yet if
620 it make sense to split different entry types into separate files or
621 not. The program is thus likely to change. If you find it
622 interesting, please get in touch. :)
</p
>
624 <p
>As usual, if you use Bitcoin and want to show your support of my
625 activities, please send Bitcoin donations to my address
626 <b
><a href=
"bitcoin:
15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
&label=PetterReinholdtsenBlog
">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
</a
></b
>.
</p
>
projects / homepage.git / blob