1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>Easier recipe to observe the cell phones around you
</title>
11 <link>http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html
</guid>
13 <pubDate>Sun,
24 Sep
2017 08:
30:
00 +
0200</pubDate>
14 <description><p
>A little more than a month ago I wrote
15 <a href=
"http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html
">how
16 to observe the SIM card ID (aka IMSI number) of mobile phones talking
17 to nearby mobile phone base stations using Debian GNU/Linux and a
18 cheap USB software defined radio
</a
>, and thus being able to pinpoint
19 the location of people and equipment (like cars and trains) with an
20 accuracy of a few kilometer. Since then we have worked to make the
21 procedure even simpler, and it is now possible to do this without any
22 manual frequency tuning and without building your own packages.
</p
>
24 <p
>The
<a href=
"https://tracker.debian.org/pkg/gr-gsm
">gr-gsm
</a
>
25 package is now included in Debian testing and unstable, and the
26 IMSI-catcher code no longer require root access to fetch and decode
27 the GSM data collected using gr-gsm.
</p
>
29 <p
>Here is an updated recipe, using packages built by Debian and a git
30 clone of two python scripts:
</p
>
34 <li
>Start with a Debian machine running the Buster version (aka
37 <li
>Run
'<tt
>apt install gr-gsm python-numpy python-scipy
38 python-scapy
</tt
>' as root to install required packages.
</li
>
40 <li
>Fetch the code decoding GSM packages using
'<tt
>git clone
41 github.com/Oros42/IMSI-catcher.git
</tt
>'.
</li
>
43 <li
>Insert USB software defined radio supported by GNU Radio.
</li
>
45 <li
>Enter the IMSI-catcher directory and run
'<tt
>python
46 scan-and-livemon
</tt
>' to locate the frequency of nearby base
47 stations and start listening for GSM packages on one of them.
</li
>
49 <li
>Enter the IMSI-catcher directory and run
'<tt
>python
50 simple_IMSI-catcher.py
</tt
>' to display the collected information.
</li
>
54 <p
>Note, due to a bug somewhere the scan-and-livemon program (actually
55 <a href=
"https://github.com/ptrkrysik/gr-gsm/issues/
336">its underlying
56 program grgsm_scanner
</a
>) do not work with the HackRF radio. It do
57 work with RTL
8232 and other similar USB radio receivers you can get
59 (
<a href=
"https://www.ebay.com/sch/items/?_nkw=rtl+
2832">for example
60 from ebay
</a
>), so for now the solution is to scan using the RTL radio
61 and only use HackRF for fetching GSM data.
</p
>
63 <p
>As far as I can tell, a cell phone only show up on one of the
64 frequencies at the time, so if you are going to track and count every
65 cell phone around you, you need to listen to all the frequencies used.
66 To listen to several frequencies, use the --numrecv argument to
67 scan-and-livemon to use several receivers. Further, I am not sure if
68 phones using
3G or
4G will show as talking GSM to base stations, so
69 this approach might not see all phones around you. I typically see
70 0-
400 IMSI numbers an hour when looking around where I live.
</p
>
72 <p
>I
've tried to run the scanner on a
73 <a href=
"https://wiki.debian.org/RaspberryPi
">Raspberry Pi
2 and
3
74 running Debian Buster
</a
>, but the grgsm_livemon_headless process seem
75 to be too CPU intensive to keep up. When GNU Radio print
'O
' to
76 stdout, I am told there it is caused by a buffer overflow between the
77 radio and GNU Radio, caused by the program being unable to read the
78 GSM data fast enough. If you see a stream of
'O
's from the terminal
79 where you started scan-and-livemon, you need a give the process more
80 CPU power. Perhaps someone are able to optimize the code to a point
81 where it become possible to set up RPi3 based GSM sniffers? I tried
82 using Raspbian instead of Debian, but there seem to be something wrong
83 with GNU Radio on raspbian, causing glibc to abort().
</p
>
88 <title>Datalagringsdirektivet kaster skygger over Høyre og Arbeiderpartiet
</title>
89 <link>http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html
</link>
90 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html
</guid>
91 <pubDate>Thu,
7 Sep
2017 21:
35:
00 +
0200</pubDate>
92 <description><p
>For noen dager siden publiserte Jon Wessel-Aas en bloggpost om
93 «
<a href=
"http://www.uhuru.biz/?p=
1821">Konklusjonen om datalagring som
94 EU-kommisjonen ikke ville at vi skulle få se
</a
>». Det er en
95 interessant gjennomgang av EU-domstolens syn på snurpenotovervåkning
96 av befolkningen, som er klar på at det er i strid med
97 EU-lovgivingen.
</p
>
99 <p
>Valgkampen går for fullt i Norge, og om noen få dager er siste
100 frist for å avgi stemme. En ting er sikkert, Høyre og Arbeiderpartiet
102 <a href=
"http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_gj_r_at_Oslo_H_yre_og_Arbeiderparti_ikke_f_r_min_stemme_i__r.html
">denne
103 gangen heller
</a
>. Jeg har ikke glemt at de tvang igjennom loven som
104 skulle pålegge alle data- og teletjenesteleverandører å overvåke alle
105 sine kunder. En lov som er vedtatt, og aldri opphevet igjen.
</p
>
107 <p
>Det er tydelig fra diskusjonen rundt grenseløs digital overvåkning
108 (eller
"Digital Grenseforsvar
" som det kalles i Orvellisk nytale) at
109 hverken Høyre og Arbeiderpartiet har noen prinsipielle sperrer mot å
110 overvåke hele befolkningen, og diskusjonen så langt tyder på at flere
111 av de andre partiene heller ikke har det. Mange av
112 <a href=
"https://data.holderdeord.no/votes/
1301946411e
">de som stemte
113 for Datalagringsdirektivet i Stortinget
</a
> (
64 fra Arbeiderpartiet,
114 25 fra Høyre) er fortsatt aktive og argumenterer fortsatt for å radere
115 vekk mer av innbyggernes privatsfære.
</p
>
117 <p
>Når myndighetene demonstrerer sin mistillit til folket, tror jeg
118 folket selv bør legge litt innsats i å verne sitt privatliv, ved å ta
119 i bruk ende-til-ende-kryptert kommunikasjon med sine kjente og kjære,
120 og begrense hvor mye privat informasjon som deles med uvedkommende.
121 Det er jo ingenting som tyder på at myndighetene kommer til å være vår
123 <a href=
"http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html
">Det
124 er mange muligheter
</a
>. Selv har jeg litt sans for
125 <a href=
"https://ring.cx/
">Ring
</a
>, som er basert på p2p-teknologi
126 uten sentral kontroll, er fri programvare, og støtter meldinger, tale
127 og video. Systemet er tilgjengelig ut av boksen fra
128 <a href=
"https://tracker.debian.org/pkg/ring
">Debian
</a
> og
129 <a href=
"https://launchpad.net/ubuntu/+source/ring
">Ubuntu
</a
>, og det
130 finnes pakker for Android, MacOSX og Windows. Foreløpig er det få
131 brukere med Ring, slik at jeg også bruker
132 <a href=
"https://signal.org/
">Signal
</a
> som nettleserutvidelse.
</p
>
137 <title>Simpler recipe on how to make a simple $
7 IMSI Catcher using Debian
</title>
138 <link>http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html
</link>
139 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html
</guid>
140 <pubDate>Wed,
9 Aug
2017 23:
59:
00 +
0200</pubDate>
141 <description><p
>On friday, I came across an interesting article in the Norwegian
142 web based ICT news magazine digi.no on
143 <a href=
"https://www.digi.no/artikler/sikkerhetsforsker-lagde-enkel-imsi-catcher-for-
60-kroner-na-kan-mobiler-kartlegges-av-alle/
398588">how
144 to collect the IMSI numbers of nearby cell phones
</a
> using the cheap
145 DVB-T software defined radios. The article refered to instructions
146 and
<a href=
"https://www.youtube.com/watch?v=UjwgNd_as30
">a recipe by
147 Keld Norman on Youtube on how to make a simple $
7 IMSI Catcher
</a
>, and I decided to test them out.
</p
>
149 <p
>The instructions said to use Ubuntu, install pip using apt (to
150 bypass apt), use pip to install pybombs (to bypass both apt and pip),
151 and the ask pybombs to fetch and build everything you need from
152 scratch. I wanted to see if I could do the same on the most recent
153 Debian packages, but this did not work because pybombs tried to build
154 stuff that no longer build with the most recent openssl library or
155 some other version skew problem. While trying to get this recipe
156 working, I learned that the apt-
>pip-
>pybombs route was a long detour,
157 and the only piece of software dependency missing in Debian was the
158 gr-gsm package. I also found out that the lead upstream developer of
159 gr-gsm (the name stand for GNU Radio GSM) project already had a set of
160 Debian packages provided in an Ubuntu PPA repository. All I needed to
161 do was to dget the Debian source package and built it.
</p
>
163 <p
>The IMSI collector is a python script listening for packages on the
164 loopback network device and printing to the terminal some specific GSM
165 packages with IMSI numbers in them. The code is fairly short and easy
166 to understand. The reason this work is because gr-gsm include a tool
167 to read GSM data from a software defined radio like a DVB-T USB stick
168 and other software defined radios, decode them and inject them into a
169 network device on your Linux machine (using the loopback device by
170 default). This proved to work just fine, and I
've been testing the
171 collector for a few days now.
</p
>
173 <p
>The updated and simpler recipe is thus to
</p
>
177 <li
>start with a Debian machine running Stretch or newer,
</li
>
179 <li
>build and install the gr-gsm package available from
180 <a href=
"http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/
">http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/
</a
>,
</li
>
182 <li
>clone the git repostory from
<a href=
"https://github.com/Oros42/IMSI-catcher
">https://github.com/Oros42/IMSI-catcher
</a
>,
</li
>
184 <li
>run grgsm_livemon and adjust the frequency until the terminal
185 where it was started is filled with a stream of text (meaning you
186 found a GSM station).
</li
>
188 <li
>go into the IMSI-catcher directory and run
'sudo python simple_IMSI-catcher.py
' to extract the IMSI numbers.
</li
>
192 <p
>To make it even easier in the future to get this sniffer up and
193 running, I decided to package
194 <a href=
"https://github.com/ptrkrysik/gr-gsm/
">the gr-gsm project
</a
>
195 for Debian (
<a href=
"https://bugs.debian.org/
871055">WNPP
196 #
871055</a
>), and the package was uploaded into the NEW queue today.
197 Luckily the gnuradio maintainer has promised to help me, as I do not
198 know much about gnuradio stuff yet.
</p
>
200 <p
>I doubt this
"IMSI cacher
" is anywhere near as powerfull as
201 commercial tools like
202 <a href=
"https://www.thespyphone.com/portable-imsi-imei-catcher/
">The
203 Spy Phone Portable IMSI / IMEI Catcher
</a
> or the
204 <a href=
"https://en.wikipedia.org/wiki/Stingray_phone_tracker
">Harris
205 Stingray
</a
>, but I hope the existance of cheap alternatives can make
206 more people realise how their whereabouts when carrying a cell phone
207 is easily tracked. Seeing the data flow on the screen, realizing that
208 I live close to a police station and knowing that the police is also
209 wearing cell phones, I wonder how hard it would be for criminals to
210 track the position of the police officers to discover when there are
211 police near by, or for foreign military forces to track the location
212 of the Norwegian military forces, or for anyone to track the location
213 of government officials...
</p
>
215 <p
>It is worth noting that the data reported by the IMSI-catcher
216 script mentioned above is only a fraction of the data broadcasted on
217 the GSM network. It will only collect one frequency at the time,
218 while a typical phone will be using several frequencies, and not all
219 phones will be using the frequencies tracked by the grgsm_livemod
220 program. Also, there is a lot of radio chatter being ignored by the
221 simple_IMSI-catcher script, which would be collected by extending the
222 parser code. I wonder if gr-gsm can be set up to listen to more than
223 one frequency?
</p
>
228 <title>Norwegian Bokmål edition of Debian Administrator
's Handbook is now available
</title>
229 <link>http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html
</link>
230 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_edition_of_Debian_Administrator_s_Handbook_is_now_available.html
</guid>
231 <pubDate>Tue,
25 Jul
2017 21:
10:
00 +
0200</pubDate>
232 <description><p align=
"center
"><img align=
"center
" src=
"http://people.skolelinux.org/pere/blog/images/
2017-
07-
25-debian-handbook-nb-testprint.png
"/
></p
>
234 <p
>I finally received a copy of the Norwegian Bokmål edition of
235 "<a href=
"https://debian-handbook.info/
">The Debian Administrator
's
236 Handbook
</a
>". This test copy arrived in the mail a few days ago, and
237 I am very happy to hold the result in my hand. We spent around one and a half year translating it. This paperbook edition
238 <a href=
"https://debian-handbook.info/get/#norwegian
">is available
239 from lulu.com
</a
>. If you buy it quickly, you save
25% on the list
240 price. The book is also available for download in electronic form as
241 PDF, EPUB and Mobipocket, as can be
242 <a href=
"https://debian-handbook.info/browse/nb-NO/stable/
">read online
243 as a web page
</a
>.
</p
>
245 <p
>This is the second book I publish (the first was the book
246 "<a href=
"http://free-culture.cc/
">Free Culture
</a
>" by Lawrence Lessig
248 <a href=
"http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-
22440520.html
">English
</a
>,
249 <a href=
"http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-
22645082.html
">French
</a
>
251 <a href=
"http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-
22441576.html
">Norwegian
252 Bokmål
</a
>), and I am very excited to finally wrap up this
254 "<a href=
"http://www.lulu.com/shop/rapha%C3%ABl-hertzog-and-roland-mas/h%C3%A5ndbok-for-debian-administratoren/paperback/product-
23262290.html
">Håndbok
255 for Debian-administratoren
</a
>" will be well received.
</p
>
260 <title>«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet»
</title>
261 <link>http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html
</link>
262 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html
</guid>
263 <pubDate>Tue,
27 Jun
2017 17:
50:
00 +
0200</pubDate>
264 <description><p
>Jeg kom over teksten
265 «
<a href=
"https://freedom-to-tinker.com/
2017/
06/
21/killing-car-privacy-by-federal-mandate/
">Killing
266 car privacy by federal mandate
</a
>» av Leonid Reyzin på Freedom to
267 Tinker i dag, og det gleder meg å se en god gjennomgang om hvorfor det
268 er et urimelig inngrep i privatsfæren å la alle biler kringkaste sin
269 posisjon og bevegelse via radio. Det omtalte forslaget basert på
270 Dedicated Short Range Communication (DSRC) kalles Basic Safety Message
271 (BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det
272 norske Vegvesenet er en av de som ser ut til å kunne tenke seg å
273 pålegge alle biler å fjerne nok en bit av innbyggernes privatsfære.
274 Anbefaler alle å lese det som står der.
276 <p
>Mens jeg tittet litt på DSRC på biler i Norge kom jeg over et sitat
277 jeg synes er illustrativt for hvordan det offentlige Norge håndterer
278 problemstillinger rundt innbyggernes privatsfære i SINTEF-rapporten
279 «
<a href=
"https://www.sintef.no/publikasjoner/publikasjon/Download/?pubid=SINTEF+A23933
">Informasjonssikkerhet
280 i AutoPASS-brikker
</a
>» av Trond Foss:
</p
>
282 <p
><blockquote
>
283 «Rapporten ser ikke på informasjonssikkerhet knyttet til personlig
285 </blockquote
></p
>
287 <p
>Så enkelt kan det tydeligvis gjøres når en vurderer
288 informasjonssikkerheten. Det holder vel at folkene på toppen kan si
289 at «Personvernet er ivaretatt», som jo er den populære intetsigende
290 frasen som gjør at mange tror enkeltindividers integritet tas vare på.
291 Sitatet fikk meg til å undres på hvor ofte samme tilnærming, å bare se
292 bort fra behovet for personlig itegritet, blir valgt når en velger å
293 legge til rette for nok et inngrep i privatsfæren til personer i
294 Norge. Det er jo sjelden det får reaksjoner. Historien om
295 reaksjonene på Helse Sør-Østs tjenesteutsetting er jo sørgelig nok et
296 unntak og toppen av isfjellet, desverre. Tror jeg fortsatt takker nei
297 til både AutoPASS og holder meg så langt unna det norske helsevesenet
298 som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter
299 individets privatsfære og personlige integritet høyere enn kortsiktig
300 gevist og samfunnsnytte.
</p
>
305 <title>Updated sales number for my Free Culture paper editions
</title>
306 <link>http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html
</link>
307 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Updated_sales_number_for_my_Free_Culture_paper_editions.html
</guid>
308 <pubDate>Mon,
12 Jun
2017 11:
40:
00 +
0200</pubDate>
309 <description><p
>It is pleasing to see that the work we put down in publishing new
310 editions of the classic
<a href=
"http://www.free-culture.cc/
">Free
311 Culture book
</a
> by the founder of the Creative Commons movement,
312 Lawrence Lessig, is still being appreciated. I had a look at the
313 latest sales numbers for the paper edition today. Not too impressive,
314 but happy to see some buyers still exist. All the revenue from the
315 books is sent to the
<a href=
"https://creativecommons.org/
">Creative
316 Commons Corporation
</a
>, and they receive the largest cut if you buy
317 directly from Lulu. Most books are sold via Amazon, with Ingram
318 second and only a small fraction directly from Lulu. The ebook
319 edition is available for free from
320 <a href=
"https://github.com/petterreinholdtsen/free-culture-lessig
">Github
</a
>.
</p
>
322 <table border=
"0">
323 <tr
><th rowspan=
"2" valign=
"bottom
">Title / language
</th
><th colspan=
"3">Quantity
</th
></tr
>
324 <tr
><th
>2016 jan-jun
</th
><th
>2016 jul-dec
</th
><th
>2017 jan-may
</th
></tr
>
327 <td
><a href=
"http://www.lulu.com/shop/lawrence-lessig/culture-libre/paperback/product-
22645082.html
">Culture Libre / French
</a
></td
>
328 <td align=
"right
">3</td
>
329 <td align=
"right
">6</td
>
330 <td align=
"right
">15</td
>
334 <td
><a href=
"http://www.lulu.com/shop/lawrence-lessig/fri-kultur/paperback/product-
22441576.html
">Fri kultur / Norwegian
</a
></td
>
335 <td align=
"right
">7</td
>
336 <td align=
"right
">1</td
>
337 <td align=
"right
">0</td
>
341 <td
><a href=
"http://www.lulu.com/shop/lawrence-lessig/free-culture/paperback/product-
22440520.html
">Free Culture / English
</a
></td
>
342 <td align=
"right
">14</td
>
343 <td align=
"right
">27</td
>
344 <td align=
"right
">16</td
>
348 <td
>Total
</td
>
349 <td align=
"right
">24</td
>
350 <td align=
"right
">34</td
>
351 <td align=
"right
">31</td
>
356 <p
>A bit sad to see the low sales number on the Norwegian edition, and
357 a bit surprising the English edition still selling so well.
</p
>
359 <p
>If you would like to translate and publish the book in your native
360 language, I would be happy to help make it happen. Please get in
366 <title>Release
0.1.1 of free software archive system Nikita announced
</title>
367 <link>http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html
</link>
368 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Release_0_1_1_of_free_software_archive_system_Nikita_announced.html
</guid>
369 <pubDate>Sat,
10 Jun
2017 00:
40:
00 +
0200</pubDate>
370 <description><p
>I am very happy to report that the
371 <a href=
"https://github.com/hiOA-ABI/nikita-noark5-core
">Nikita Noark
5
372 core project
</a
> tagged its second release today. The free software
373 solution is an implementation of the Norwegian archive standard Noark
374 5 used by government offices in Norway. These were the changes in
375 version
0.1.1 since version
0.1.0 (from NEWS.md):
379 <li
>Continued work on the angularjs GUI, including document upload.
</li
>
380 <li
>Implemented correspondencepartPerson, correspondencepartUnit and
381 correspondencepartInternal
</li
>
382 <li
>Applied for coverity coverage and started submitting code on
383 regualr basis.
</li
>
384 <li
>Started fixing bugs reported by coverity
</li
>
385 <li
>Corrected and completed HATEOAS links to make sure entire API is
386 available via URLs in _links.
</li
>
387 <li
>Corrected all relation URLs to use trailing slash.
</li
>
388 <li
>Add initial support for storing data in ElasticSearch.
</li
>
389 <li
>Now able to receive and store uploaded files in the archive.
</li
>
390 <li
>Changed JSON output for object lists to have relations in _links.
</li
>
391 <li
>Improve JSON output for empty object lists.
</li
>
392 <li
>Now uses correct MIME type application/vnd.noark5-v4+json.
</li
>
393 <li
>Added support for docker container images.
</li
>
394 <li
>Added simple API browser implemented in JavaScript/Angular.
</li
>
395 <li
>Started on archive client implemented in JavaScript/Angular.
</li
>
396 <li
>Started on prototype to show the public mail journal.
</li
>
397 <li
>Improved performance by disabling Sprint FileWatcher.
</li
>
398 <li
>Added support for
'arkivskaper
',
'saksmappe
' and
'journalpost
'.
</li
>
399 <li
>Added support for some metadata codelists.
</li
>
400 <li
>Added support for Cross-origin resource sharing (CORS).
</li
>
401 <li
>Changed login method from Basic Auth to JSON Web Token (RFC
7519)
403 <li
>Added support for GET-ing ny-* URLs.
</li
>
404 <li
>Added support for modifying entities using PUT and eTag.
</li
>
405 <li
>Added support for returning XML output on request.
</li
>
406 <li
>Removed support for English field and class names, limiting ourself
407 to the official names.
</li
>
408 <li
>...
</li
>
412 <p
>If this sound interesting to you, please contact us on IRC (#nikita
413 on irc.freenode.net) or email
414 (
<a href=
"https://lists.nuug.no/mailman/listinfo/nikita-noark
">nikita-noark
415 mailing list).
</p
>
420 <title>Idea for storing trusted timestamps in a Noark
5 archive
</title>
421 <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html
</link>
422 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html
</guid>
423 <pubDate>Wed,
7 Jun
2017 21:
40:
00 +
0200</pubDate>
424 <description><p
><em
>This is a copy of
425 <a href=
"https://lists.nuug.no/pipermail/nikita-noark/
2017-June/
000297.html
">an
426 email I posted to the nikita-noark mailing list
</a
>. Please follow up
427 there if you would like to discuss this topic. The background is that
428 we are making a free software archive system based on the Norwegian
429 <a href=
"https://www.arkivverket.no/forvaltning-og-utvikling/regelverk-og-standarder/noark-standarden
">Noark
430 5 standard
</a
> for government archives.
</em
></p
>
432 <p
>I
've been wondering a bit lately how trusted timestamps could be
434 <a href=
"https://en.wikipedia.org/wiki/Trusted_timestamping
">Trusted
435 timestamps
</a
> can be used to verify that some information
436 (document/file/checksum/metadata) have not been changed since a
437 specific time in the past. This is useful to verify the integrity of
438 the documents in the archive.
</p
>
440 <p
>Then it occured to me, perhaps the trusted timestamps could be
441 stored as dokument variants (ie dokumentobjekt referered to from
442 dokumentbeskrivelse) with the filename set to the hash it is
445 <p
>Given a
"dokumentbeskrivelse
" with an associated
"dokumentobjekt
",
446 a new dokumentobjekt is associated with
"dokumentbeskrivelse
" with the
447 same attributes as the stamped dokumentobjekt except these
448 attributes:
</p
>
452 <li
>format -
> "RFC3161
"
453 <li
>mimeType -
> "application/timestamp-reply
"
454 <li
>formatDetaljer -
> "&lt;source URL for timestamp service
&gt;
"
455 <li
>filenavn -
> "&lt;sjekksum
&gt;.tsr
"
459 <p
>This assume a service following
460 <a href=
"https://tools.ietf.org/html/rfc3161
">IETF RFC
3161</a
> is
461 used, which specifiy the given MIME type for replies and the .tsr file
462 ending for the content of such trusted timestamp. As far as I can
463 tell from the Noark
5 specifications, it is OK to have several
464 variants/renderings of a dokument attached to a given
465 dokumentbeskrivelse objekt. It might be stretching it a bit to make
466 some of these variants represent crypto-signatures useful for
467 verifying the document integrity instead of representing the dokument
470 <p
>Using the source of the service in formatDetaljer allow several
471 timestamping services to be used. This is useful to spread the risk
472 of key compromise over several organisations. It would only be a
473 problem to trust the timestamps if all of the organisations are
474 compromised.
</p
>
476 <p
>The following oneliner on Linux can be used to generate the tsr
477 file. $input is the path to the file to checksum, and $sha256 is the
478 SHA-
256 checksum of the file (ie the
"<sjekksum
>.tsr
" value mentioned
481 <p
><blockquote
><pre
>
482 openssl ts -query -data
"$inputfile
" -cert -sha256 -no_nonce \
483 | curl -s -H
"Content-Type: application/timestamp-query
" \
484 --data-binary
"@-
" http://zeitstempel.dfn.de
> $sha256.tsr
485 </pre
></blockquote
></p
>
487 <p
>To verify the timestamp, you first need to download the public key
488 of the trusted timestamp service, for example using this command:
</p
>
490 <p
><blockquote
><pre
>
491 wget -O ca-cert.txt \
492 https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
493 </pre
></blockquote
></p
>
495 <p
>Note, the public key should be stored alongside the timestamps in
496 the archive to make sure it is also available
100 years from now. It
497 is probably a good idea to standardise how and were to store such
498 public keys, to make it easier to find for those trying to verify
499 documents
100 or
1000 years from now. :)
</p
>
501 <p
>The verification itself is a simple openssl command:
</p
>
503 <p
><blockquote
><pre
>
504 openssl ts -verify -data $inputfile -in $sha256.tsr \
505 -CAfile ca-cert.txt -text
506 </pre
></blockquote
></p
>
508 <p
>Is there any reason this approach would not work? Is it somehow against
509 the Noark
5 specification?
</p
>
514 <title>Når nynorskoversettelsen svikter til eksamen...
</title>
515 <link>http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html
</link>
516 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html
</guid>
517 <pubDate>Sat,
3 Jun
2017 08:
20:
00 +
0200</pubDate>
518 <description><p
><a href=
"http://www.aftenposten.no/norge/Krever-at-elever-ma-fa-annullert-eksamen-etter-rot-med-oppgavetekster-
622459b.html
">Aftenposten
519 melder i dag
</a
> om feil i eksamensoppgavene for eksamen i politikk og
520 menneskerettigheter, der teksten i bokmåls og nynorskutgaven ikke var
521 like. Oppgaveteksten er gjengitt i artikkelen, og jeg ble nysgjerring
522 på om den fri oversetterløsningen
523 <a href=
"https://www.apertium.org/
">Apertium
</a
> ville gjort en bedre
524 jobb enn Utdanningsdirektoratet. Det kan se slik ut.
</p
>
526 <p
>Her er bokmålsoppgaven fra eksamenen:
</p
>
529 <p
>Drøft utfordringene knyttet til nasjonalstatenes og andre aktørers
530 rolle og muligheter til å håndtere internasjonale utfordringer, som
531 for eksempel flykningekrisen.
</p
>
533 <p
>Vedlegge er eksempler på tekster som kan gi relevante perspektiver
536 <li
>Flykningeregnskapet
2016, UNHCR og IDMC
537 <li
>«Grenseløst Europa for fall» A-Magasinet,
26. november
2015
542 <p
>Dette oversetter Apertium slik:
</p
>
545 <p
>Drøft utfordringane knytte til nasjonalstatane sine og rolla til
546 andre aktørar og høve til å handtera internasjonale utfordringar, som
547 til dømes *flykningekrisen.
</p
>
549 <p
>Vedleggja er døme på tekster som kan gje relevante perspektiv på
553 <li
>*Flykningeregnskapet
2016, *UNHCR og *IDMC
</li
>
554 <li
>«*Grenseløst Europa for fall» A-Magasinet,
26. november
2015</li
>
559 <p
>Ord som ikke ble forstått er markert med stjerne (*), og trenger
560 ekstra språksjekk. Men ingen ord er forsvunnet, slik det var i
561 oppgaven elevene fikk presentert på eksamen. Jeg mistenker dog at
562 "andre aktørers rolle og muligheter til ...
" burde vært oversatt til
563 "rolla til andre aktørar og deira høve til ...
" eller noe slikt, men
564 det er kanskje flisespikking. Det understreker vel bare at det alltid
565 trengs korrekturlesning etter automatisk oversettelse.
</p
>
570 <title>Epost inn som arkivformat i Riksarkivarens forskrift?
</title>
571 <link>http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html
</link>
572 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html
</guid>
573 <pubDate>Thu,
27 Apr
2017 11:
30:
00 +
0200</pubDate>
574 <description><p
>I disse dager, med frist
1. mai, har Riksarkivaren ute en høring på
575 sin forskrift. Som en kan se er det ikke mye tid igjen før fristen
576 som går ut på søndag. Denne forskriften er det som lister opp hvilke
577 formater det er greit å arkivere i
578 <a href=
"http://www.arkivverket.no/arkivverket/Offentleg-forvalting/Noark/Noark-
5">Noark
579 5-løsninger
</a
> i Norge.
</p
>
581 <p
>Jeg fant høringsdokumentene hos
582 <a href=
"https://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing
">Norsk
583 Arkivråd
</a
> etter å ha blitt tipset på epostlisten til
584 <a href=
"https://github.com/hiOA-ABI/nikita-noark5-core
">fri
585 programvareprosjektet Nikita Noark5-Core
</a
>, som lager et Noark
5
586 Tjenestegresesnitt. Jeg er involvert i Nikita-prosjektet og takket
587 være min interesse for tjenestegrensesnittsprosjektet har jeg lest en
588 god del Noark
5-relaterte dokumenter, og til min overraskelse oppdaget
589 at standard epost ikke er på listen over godkjente formater som kan
590 arkiveres. Høringen med frist søndag er en glimrende mulighet til å
591 forsøke å gjøre noe med det. Jeg holder på med
592 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/hoering-arkivforskrift.tex
">egen
593 høringsuttalelse
</a
>, og lurer på om andre er interessert i å støtte
594 forslaget om å tillate arkivering av epost som epost i arkivet.
</p
>
596 <p
>Er du igang med å skrive egen høringsuttalelse allerede? I så fall
597 kan du jo vurdere å ta med en formulering om epost-lagring. Jeg tror
598 ikke det trengs så mye. Her et kort forslag til tekst:
</p
>
600 <p
><blockquote
>
602 <p
>Viser til høring sendt ut
2017-
02-
17 (Riksarkivarens referanse
603 2016/
9840 HELHJO), og tillater oss å sende inn noen innspill om
604 revisjon av Forskrift om utfyllende tekniske og arkivfaglige
605 bestemmelser om behandling av offentlige arkiver (Riksarkivarens
606 forskrift).
</p
>
608 <p
>Svært mye av vår kommuikasjon foregår i dag på e-post. Vi
609 foreslår derfor at Internett-e-post, slik det er beskrevet i IETF
611 <a href=
"https://tools.ietf.org/html/rfc5322
">https://tools.ietf.org/html/rfc5322
</a
>. bør
612 inn som godkjent dokumentformat. Vi foreslår at forskriftens
613 oversikt over godkjente dokumentformater ved innlevering i §
5-
16
614 endres til å ta med Internett-e-post.
</p
>
616 </blockquote
></p
>
618 <p
>Som del av arbeidet med tjenestegrensesnitt har vi testet hvordan
619 epost kan lagres i en Noark
5-struktur, og holder på å skrive et
620 forslag om hvordan dette kan gjøres som vil bli sendt over til
621 arkivverket så snart det er ferdig. De som er interesserte kan
622 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/epostlagring.md
">følge
623 fremdriften på web
</a
>.
</p
>
625 <p
>Oppdatering
2017-
04-
28: I dag ble høringuttalelsen jeg skrev
626 <a href=
"https://www.nuug.no/news/NUUGs_h_ringuttalelse_til_Riksarkivarens_forskrift.shtml
">sendt
627 inn av foreningen NUUG
</a
>.
</p
>
projects / homepage.git / blob