Generated.

[homepage.git] / blog / index.rss

<?xml version="1.0" encoding="utf-8"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/' xmlns:atom="http://www.w3.org/2005/Atom">
        <channel>
                <title>Petter Reinholdtsen</title>
                <description></description>
                <link>http://people.skolelinux.org/pere/blog/</link>
                <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>
                <title>Public Trusted Timestamping services for everyone</title>
                <link>http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</guid>
                <pubDate>Tue, 25 Mar 2014 12:50:00 +0100</pubDate>
                <description>&lt;p&gt;Did you ever need to store logs or other files in a way that would
allow it to be used as evidence in court, and needed a way to
demonstrate without reasonable doubt that the file had not been
changed since it was created?  Or, did you ever need to document that
a given document was received at some point in time, like some
archived document or the answer to an exam, and not changed after it
was received?  The problem in these settings is to remove the need to
trust yourself and your computers, while still being able to prove
that a file is the same as it was at some given time in the past.&lt;/p&gt;

&lt;p&gt;A solution to these problems is to have a trusted third party
&quot;stamp&quot; the document and verify that at some given time the document
looked a given way.  Such
&lt;a href=&quot;https://en.wikipedia.org/wiki/Notarius&quot;&gt;notarius&lt;/a&gt; service
have been around for thousands of years, and its digital equivalent is
called a
&lt;a href=&quot;http://en.wikipedia.org/wiki/Trusted_timestamping&quot;&gt;trusted
timestamping service&lt;/a&gt;.  &lt;a href=&quot;http://www.ietf.org/&quot;&gt;The Internet
Engineering Task Force&lt;/a&gt; standardised how such service could work a
few years ago as &lt;a href=&quot;http://tools.ietf.org/html/rfc3161&quot;&gt;RFC
3161&lt;/a&gt;.  The mechanism is simple.  Create a hash of the file in
question, send it to a trusted third party which add a time stamp to
the hash and sign the result with its private key, and send back the
signed hash + timestamp.  Anyone with the document and the signature
can then verify that the document matches the signature by creating
their own hash and checking the signature using the trusted third
party public key.  There are several commercial services around
providing such timestamping.  A quick search for
&quot;&lt;a href=&quot;https://duckduckgo.com/?q=rfc+3161+service&quot;&gt;rfc 3161
service&lt;/a&gt;&quot; pointed me to at least
&lt;a href=&quot;https://www.digistamp.com/technical/how-a-digital-time-stamp-works/&quot;&gt;DigiStamp&lt;/a&gt;,
&lt;a href=&quot;http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx&quot;&gt;Quo
Vadis&lt;/a&gt;,
&lt;a href=&quot;https://www.globalsign.com/timestamp-service/&quot;&gt;Global Sign&lt;/a&gt;
and &lt;a href=&quot;http://www.globaltrustfinder.com/TSADefault.aspx&quot;&gt;Global
Trust Finder&lt;/a&gt;.  The system work as long as the private key of the
trusted third party is not compromised.&lt;/p&gt;

&lt;p&gt;But as far as I can tell, there are very few public trusted
timestamp services available for everyone.  I&#39;ve been looking for one
for a while now. But yesterday I found one over at
&lt;a href=&quot;https://www.pki.dfn.de/zeitstempeldienst/&quot;&gt;Deutches
Forschungsnetz&lt;/a&gt;mentioned in
&lt;a href=&quot;http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/&quot;&gt;a
blog by David Müller&lt;/a&gt;.  I then found a good recipe on how to use
over at the
&lt;a href=&quot;http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html&quot;&gt;University
of Greifswald&lt;/a&gt;.  The OpenSSL library contain both server and tools
to use and set up your own signing service.  See the ts(1SSL),
tsget(1SSL) manual pages for more details.  The following shell script
demonstrate how to extract a signed timestamp for any file on the disk
in a Debian environment:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
set -e
url=&quot;http://zeitstempel.dfn.de&quot;
caurl=&quot;https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt&quot;
reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
cafile=chain.txt
if [ ! -f $cafile ] ; then
    wget -O $cafile &quot;$caurl&quot;
fi
openssl ts -query -data &quot;$1&quot; -cert | tee &quot;$reqfile&quot; \
    | /usr/lib/ssl/misc/tsget -h &quot;$url&quot; -o &quot;$resfile&quot;
openssl ts -reply -in &quot;$resfile&quot; -text 1&gt;&amp;2
openssl ts -verify -data &quot;$1&quot; -in &quot;$resfile&quot; -CAfile &quot;$cafile&quot; 1&gt;&amp;2
base64 &lt; &quot;$resfile&quot;
rm &quot;$reqfile&quot; &quot;$resfile&quot;
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The argument to the script is the file to timestamp, and the output
is a base64 encoded version of the signature to STDOUT and details
about the signature to STDERR.  Note that due to
&lt;a href=&quot;http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553&quot;&gt;a bug
in the tsget script&lt;/a&gt;, you might need to modify the included script
and remove the last line.  Or just write your own HTTP uploader using
curl. :) Now you too can prove and verify that files have not been
changed.&lt;/p&gt;

&lt;p&gt;But the Internet need more public trusted timestamp services.
Perhaps something for &lt;a href=&quot;http://www.uninett.no/&quot;&gt;Uninett&lt;/a&gt; or
my work place the &lt;a href=&quot;http://www.uio.no/&quot;&gt;University of Oslo&lt;/a&gt;
to set up?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Video DVD reader library / python-dvdvideo - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</guid>
                <pubDate>Fri, 21 Mar 2014 15:25:00 +0100</pubDate>
                <description>&lt;p&gt;Keeping your DVD collection safe from scratches and curious
children fingers while still having it available when you want to see a
movie is not straight forward.  My preferred method at the moment is
to store a full copy of the ISO on a hard drive, and use VLC, Popcorn
Hour or other useful players to view the resulting file.  This way the
subtitles and bonus material are still available and using the ISO is
just like inserting the original DVD record in the DVD player.&lt;/p&gt;

&lt;p&gt;Earlier I used dd for taking security copies, but it do not handle
DVDs giving read errors (which are quite a few of them).  I&#39;ve also
tried using
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Ripping_problematic_DVDs_using_dvdbackup_and_genisoimage.html&quot;&gt;dvdbackup
and genisoimage&lt;/a&gt;, but these days I use the marvellous python library
and program
&lt;a href=&quot;http://bblank.thinkmo.de/blog/new-software-python-dvdvideo&quot;&gt;python-dvdvideo&lt;/a&gt;
written by Bastian Blank.  It is
&lt;a href=&quot;http://packages.qa.debian.org/p/python-dvdvideo.html&quot;&gt;in Debian
already&lt;/a&gt; and the binary package name is python3-dvdvideo. Instead
of trying to read every block from the DVD, it parses the file
structure and figure out which block on the DVD is actually in used,
and only read those blocks from the DVD.  This work surprisingly well,
and I have been able to almost backup my entire DVD collection using
this method.&lt;/p&gt; So far, python-dvdvideo have failed on between 10 and
20 DVDs, which is a small fraction of my collection.  The most common
problem is
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720831&quot;&gt;DVDs
using UTF-16 instead of UTF-8 characters&lt;/a&gt;, which according to
Bastian is against the DVD specification (and seem to cause some
players to fail too).  A rarer problem is what seem to be inconsistent
DVD structures, as the python library
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723079&quot;&gt;claim
there is a overlap between objects&lt;/a&gt;.  An equally rare problem claim
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741878&quot;&gt;some
value is out of range&lt;/a&gt;.  No idea what is going on there.  I wish I
knew enough about the DVD format to fix these, to ensure my movie
collection will stay with me in the future.&lt;/p&gt;

&lt;p&gt;So, if you need to keep your DVDs safe, back them up using
python-dvdvideo. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Norsk utgave av Alaveteli / WhatDoTheyKnow på trappene</title>
                <link>http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html</guid>
                <pubDate>Sun, 16 Mar 2014 09:30:00 +0100</pubDate>
                <description>&lt;p&gt;Det offentlige Norge har mye kunnskap og informasjon.  Men hvordan
kan en få tilgang til den på en enkel måte?  Takket være et lite
knippe lover og tilhørende forskrifter, blant annet
&lt;a href=&quot;http://lovdata.no/dokument/NL/lov/2006-05-19-16&quot;&gt;offentlighetsloven&lt;/a&gt;,
&lt;a href=&quot;http://lovdata.no/dokument/NL/lov/2003-05-09-31&quot;&gt;miljøinformasjonsloven&lt;/a&gt;
og
&lt;a href=&quot;http://lovdata.no/dokument/NL/lov/1967-02-10/&quot;&gt;forvaltningsloven&lt;/a&gt;
har en rett til å spørre det offentlige og få svar.  Men det finnes
intet offentlig arkiv over hva andre har spurt om, og dermed risikerer en
å måtte forstyrre myndighetene gang på gang for å få tak i samme
informasjonen på nytt.  &lt;a href=&quot;http://www.mysociety.org/&quot;&gt;Britiske
mySociety&lt;/a&gt; har laget tjenesten
&lt;a href=&quot;http://www.whatdotheyknow.com/&quot;&gt;WhatDoTheyKnow&lt;/a&gt; som gjør
noe med dette.  I Storbritannia blir WhatdoTheyKnow brukt i
&lt;a href=&quot;http://www.mysociety.org/2011/07/01/whatdotheyknows-share-of-central-government-foi-requests-q2-2011/&quot;&gt;ca
15% av alle innsynsforespørsler mot sentraladministrasjonen&lt;/a&gt;.
Prosjektet heter &lt;a href=&quot;http://www.alaveteli.org/&quot;&gt;Alaveteli&lt;/A&gt;, og
er takk i bruk en rekke steder etter at løsningen ble generalisert og
gjort mulig å oversette.  Den hjelper borgerne med å be om innsyn,
rådgir ved purringer og klager og lar alle se hvilke henvendelser som
er sendt til det offentlige og hvilke svar som er kommet inn, i et
søkpart arkiv.  Her i Norge holder vi i foreningen NUUG på å få opp en
norsk utgave av Alaveteli, og her trenger vi din hjelp med
oversettelsen.&lt;/p&gt;

&lt;p&gt;Så langt er 76 % av Alaveteli oversatt til norsk bokmål, men vi
skulle gjerne vært oppe i 100 % før lansering.  Oversettelsen gjøres
på &lt;a href=&quot;https://www.transifex.com/projects/p/alaveteli/&quot;&gt;Transifex,
der enhver som registrerer seg&lt;/a&gt; og ber om tilgang til
bokmålsoversettelsen får bidra.  Vi har satt opp en test av tjenesten
(som ikke sender epost til det offentlige, kun til oss som holder på å
sette opp tjenesten) på maskinen
&lt;a href=&quot;http://alaveteli-dev.nuug.no/&quot;&gt;alaveteli-dev.nuug.no&lt;/a&gt;, der
en kan se hvordan de oversatte meldingen blir seende ut på nettsiden.
Når tjenesten lanseres vil den hete
&lt;a href=&quot;https://www.mimesbrønn.no/&quot;&gt;Mimes brønn&lt;/a&gt;, etter
visdomskilden som Odin måtte gi øyet sitt for å få drikke i.  Den
nettsiden er er ennå ikke klar til bruk.&lt;/p&gt;

&lt;p&gt;Hvis noen vil oversette til nynorsk også, så skal vi finne ut
hvordan vi lager en flerspråklig tjeneste.  Men i første omgang er
fokus på bokmålsoversettelsen, der vi selv har nok peiling til å ha
fått oversatt 76%, men trenger hjelp for å komme helt i mål. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine</title>
                <link>http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html</guid>
                <pubDate>Fri, 14 Mar 2014 11:00:00 +0100</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox
project&lt;/a&gt; is working on providing the software and hardware for
making it easy for non-technical people to host their data and
communication at home, and being able to communicate with their
friends and family encrypted and away from prying eyes.  It has been
going on for a while, and is slowly progressing towards a new test
release (0.2).&lt;/p&gt;

&lt;p&gt;And what day could be better than the Pi day to announce that the
new version will provide &quot;hard drive&quot; / SD card / USB stick images for
Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization
system), and can also be installed using a Debian installer preseed
file.  The Debian based Freedombox is now based on Debian Jessie,
where most of the needed packages used are already present.  Only one,
the freedombox-setup package, is missing.  To try to build your own
boot image to test the current status, fetch the freedom-maker scripts
and build using
&lt;a href=&quot;http://packages.qa.debian.org/vmdebootstrap&quot;&gt;vmdebootstrap&lt;/a&gt;
with a user with sudo access to become root:

&lt;pre&gt;
git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
  freedom-maker
sudo apt-get install git vmdebootstrap mercurial python-docutils \
  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
  u-boot-tools
make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
&lt;/pre&gt;

&lt;p&gt;Root access is needed to run debootstrap and mount loopback
devices.  See the README for more details on the build. If you do not
want all three images, trim the make line.  But note that thanks to &lt;a
href=&quot;https://bugs.debian.org/741407&quot;&gt;a race condition in
vmdebootstrap&lt;/a&gt;, the build might fail without the patch to the
kpartx call.&lt;/p&gt;

&lt;p&gt;If you instead want to install using a Debian CD and the preseed
method, boot a Debian Wheezy ISO and use this boot argument to load
the preseed values:&lt;/p&gt;

&lt;pre&gt;
url=&lt;a href=&quot;http://www.reinholdtsen.name/freedombox/preseed-jessie.dat&quot;&gt;http://www.reinholdtsen.name/freedombox/preseed-jessie.dat&lt;/a&gt;
&lt;/pre&gt;

&lt;p&gt;But note that due to &lt;a href=&quot;https://bugs.debian.org/740673&quot;&gt;a
recently introduced bug in apt in Jessie&lt;/a&gt;, the installer will
currently hang while setting up APT sources.  Killing the
&#39;&lt;tt&gt;apt-cdrom ident&lt;/tt&gt;&#39; process when it hang a few times during the
installation will get the installation going.  This affect all
installations in Jessie, and I expect it will be fixed soon.&lt;/p&gt;

Give it a go and let us know how it goes on the mailing list, and help
us get the new release published. :) Please join us on
&lt;a href=&quot;irc://irc.debian.org:6667/%23freedombox&quot;&gt;IRC (#freedombox on
irc.debian.org)&lt;/a&gt; and
&lt;a href=&quot;http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss&quot;&gt;the
mailing list&lt;/a&gt; if you want to help make this vision come true.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How to add extra storage servers in Debian Edu / Skolelinux</title>
                <link>http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html</guid>
                <pubDate>Wed, 12 Mar 2014 12:50:00 +0100</pubDate>
                <description>&lt;p&gt;On larger sites, it is useful to use a dedicated storage server for
storing user home directories and data.  The design for handling this
in &lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian Edu / Skolelinux&lt;/a&gt;, is
to update the automount rules in LDAP and let the automount daemon on
the clients take care of the rest.  I was reminded about the need to
document this better when one of the customers of
&lt;a href=&quot;http://www.slxdrift.no/&quot;&gt;Skolelinux Drift AS&lt;/a&gt;, where I am
on the board of directors, asked about how to do this.  The steps to
get this working are the following:&lt;/p&gt;

&lt;p&gt;&lt;ol&gt;

&lt;li&gt;Add new storage server in DNS.  I use nas-server.intern as the
example host here.&lt;/li&gt;

&lt;li&gt;Add automoun LDAP information about this server in LDAP, to allow
all clients to automatically mount it on reqeust.&lt;/li&gt;

&lt;li&gt;Add the relevant entries in tjener.intern:/etc/fstab, because
tjener.intern do not use automount to avoid mounting loops.&lt;/li&gt;

&lt;/ol&gt;&lt;/p&gt;

&lt;p&gt;DNS entries are added in GOsa², and not described here.  Follow the
&lt;a href=&quot;https://wiki.debian.org/DebianEdu/Documentation/Wheezy/GettingStarted&quot;&gt;instructions
in the manual&lt;/a&gt; (Machine Management with GOsa² in section Getting
started).&lt;/p&gt;

&lt;p&gt;Ensure that the NFS export points on the server are exported to the
relevant subnets or machines:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
root@tjener:~# showmount -e nas-server
Export list for nas-server:
/storage         10.0.0.0/8
root@tjener:~#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Here everything on the backbone network is granted access to the
/storage export.  With NFSv3 it is slightly better to limit it to
netgroup membership or single IP addresses to have some limits on the
NFS access.&lt;/p&gt;

&lt;p&gt;The next step is to update LDAP.  This can not be done using GOsa²,
because it lack a module for automount.  Instead, use ldapvi and add
the required LDAP objects using an editor.&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
ldapvi --ldap-conf -ZD &#39;(cn=admin)&#39; -b ou=automount,dc=skole,dc=skolelinux,dc=no
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;When the editor show up, add the following LDAP objects at the
bottom of the document.  The &quot;/&amp;&quot; part in the last LDAP object is a
wild card matching everything the nas-server exports, removing the
need to list individual mount points in LDAP.&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
objectClass: automount
cn: nas-server
automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no

add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: automountMap
ou: auto.nas-server

add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
objectClass: automount
cn: /
automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&amp;
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The last step to remember is to mount the relevant mount points in
tjener.intern by adding them to /etc/fstab, creating the mount
directories using mkdir and running &quot;mount -a&quot; to mount them.&lt;/p&gt;

&lt;p&gt;When this is done, your users should be able to access the files on
the storage server directly by just visiting the
/tjener/nas-server/storage/ directory using any application on any
workstation, LTSP client or LTSP server.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Hvordan bør RFC 822-formattert epost lagres i en NOARK5-database?</title>
                <link>http://people.skolelinux.org/pere/blog/Hvordan_b_r_RFC_822_formattert_epost_lagres_i_en_NOARK5_database_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Hvordan_b_r_RFC_822_formattert_epost_lagres_i_en_NOARK5_database_.html</guid>
                <pubDate>Fri, 7 Mar 2014 15:20:00 +0100</pubDate>
                <description>&lt;p&gt;For noen uker siden ble NXCs fri programvarelisenserte
NOARK5-løsning
&lt;a href=&quot;http://www.nuug.no/aktiviteter/20140211-noark/&quot;&gt;presentert hos
NUUG&lt;/a&gt; (video
&lt;a href=&quot;https://www.youtube.com/watch?v=JCb_dNS3MHQ&quot;&gt;på youtube
foreløbig&lt;/a&gt;), og det fikk meg til å titte litt mer på NOARK5,
standarden for arkivhåndtering i det offentlige Norge.  Jeg lurer på
om denne kjernen kan være nyttig i et par av mine prosjekter, og for ett
av dem er det mest aktuelt å lagre epost.  Jeg klarte ikke finne noen
anbefaling om hvordan RFC 822-formattert epost (aka Internett-epost)
burde lagres i NOARK5, selv om jeg vet at noen arkiver tar
PDF-utskrift av eposten med sitt epostprogram og så arkiverer PDF-en
(eller enda værre, tar papirutskrift og lagrer bildet av eposten som
PDF i arkivet).&lt;/p&gt;

&lt;p&gt;Det er ikke så mange formater som er akseptert av riksarkivet til
langtidsoppbevaring av offentlige arkiver, og PDF og XML er de mest
aktuelle i så måte.  Det slo meg at det måtte da finnes en eller annen
egnet XML-representasjon og at det kanskje var enighet om hvilken som
burde brukes, så jeg tok mot til meg og spurte
&lt;a href=&quot;http://samdok.com/&quot;&gt;SAMDOK&lt;/a&gt;, en gruppe tilknyttet
arkivverket som ser ut til å jobbe med NOARK-samhandling, om de hadde
noen anbefalinger:

&lt;p&gt;&lt;blockquote&gt;
&lt;p&gt;Hei.&lt;/p&gt;

&lt;p&gt;Usikker på om dette er riktig forum å ta opp mitt spørsmål, men jeg
lurer på om det er definert en anbefaling om hvordan RFC
822-formatterte epost (aka vanlig Internet-epost) bør lages håndteres
i NOARK5, slik at en bevarer all informasjon i eposten
(f.eks. Received-linjer).  Finnes det en anbefalt XML-mapping ala den
som beskrives på
&amp;lt;URL: &lt;a href=&quot;https://www.informit.com/articles/article.aspx?p=32074&quot;&gt;https://www.informit.com/articles/article.aspx?p=32074&lt;/a&gt; &amp;gt;?  Mitt
mål er at det skal være mulig å lagre eposten i en NOARK5-kjerne og
kunne få ut en identisk formattert kopi av opprinnelig epost ved
behov.&lt;/p&gt;
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Postmottaker hos SAMDOK mente spørsmålet heller burde stilles
direkte til riksarkivet, og jeg fikk i dag svar derfra formulert av
seniorrådgiver Geir Ivar Tungesvik:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
&lt;p&gt;Riksarkivet har ingen anbefalinger når det gjelder konvertering fra
e-post til XML.  Det står arkivskaper fritt å eventuelt definere/bruke
eget format.  Inklusive da - som det spørres om - et format der det er
mulig å re-etablere e-post format ut fra XML-en.  XML (e-post)
dokumenter må være referert i arkivstrukturen, og det må vedlegges et
gyldig XML skjema (.xsd) for XML-filene. Arkivskaper står altså fritt
til å gjøre hva de vil, bare det dokumenteres og det kan dannes et
utrekk ved avlevering til depot.&lt;/p&gt;

&lt;p&gt;De obligatoriske kravene i Noark 5 standarden må altså oppfylles -
etter dialog med Riksarkivet i forbindelse med godkjenning. For
offentlige arkiv er det særlig viktig med filene loependeJournal.xml
og offentligJournal.xml. Private arkiv som vil forholde seg til Noark
5 standarden er selvsagt frie til å bruke det som er relevant for dem
av obligatoriske krav.&lt;/p&gt;
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Det ser dermed ut for meg som om det er et lite behov for å
standardisere XML-lagring av RFC-822-formatterte meldinger.  Noen som
vet om god spesifikasjon i så måte?  I tillegg til den omtalt over,
har jeg kommet over flere aktuelle beskrivelser (søk på &quot;rfc 822
xml&quot;, så finner du aktuelle alternativer).&lt;/p&gt;

&lt;ul&gt;

&lt;li&gt;&lt;a href=&quot;http://www.openhealth.org/xmtp/&quot;&gt;XML MIME Transformation
protocol (XMTP)&lt;/a&gt; fra OpenHealth, sist oppdatert 2001.&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;https://tools.ietf.org/html/draft-klyne-message-rfc822-xml-03&quot;&gt;An
XML format for mail and other messages&lt;/a&gt; utkast fra IETF datert
2001.&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.informit.com/articles/article.aspx?p=32074&quot;&gt;xMail:
E-mail as XML&lt;/a&gt; en artikkel fra 2003 som beskriver python-modulen
rfc822 som gir ut XML-representasjon av en RFC 822-formattert epost.&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;Finnes det andre og bedre spesifikasjoner for slik lagring?  Send
meg en epost hvis du har innspill.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Lenker for 2014-02-28</title>
                <link>http://people.skolelinux.org/pere/blog/Lenker_for_2014_02_28.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenker_for_2014_02_28.html</guid>
                <pubDate>Fri, 28 Feb 2014 13:30:00 +0100</pubDate>
                <description>&lt;p&gt;Her er noen lenker til tekster jeg har satt pris på å lese de siste
månedene.  Det er mye om varsleren Edward Snowden, som burde få all
hjelp, støtte og beskyttelse Norge kan stille opp med for å ha satt
totalitær overvåkning på sakskartet, men også endel annet
tankevekkende og interessant.&lt;/p&gt;

&lt;ul&gt;

&lt;li&gt;2013-12-21
&lt;a href=&quot;http://www.dagbladet.no/2013/12/21/nyheter/thomas_drake/nsa/overvakning/snowden/30925886/&quot;&gt;-
NSA tenker som Stasi&lt;/a&gt; - Dagbladet.no&lt;/li&gt;

&lt;li&gt;2013-12-19 &lt;a href=&quot;http://www.dagensit.no/article2732734.ece&quot;&gt;-
Staten har ikke rett til å vite alt om deg&lt;/a&gt; - DN.no&lt;/li&gt;

&lt;li&gt;2013-12-21
&lt;a href=&quot;http://www.dagbladet.no/2013/12/21/nyheter/krig_og_konflikter/politikk/utenriks/30961126/&quot;&gt;Nye
mål for NSAs spionasje avslørt&lt;/a&gt; - Dagbladet.no&lt;/li&gt;

&lt;li&gt;2013-12-19
&lt;a href=&quot;http://www.dagbladet.no/2013/12/19/nyheter/nsa/usa/politikk/barack_obama/30918684/&quot;&gt;«NSA
bør fjernes fra sin makt til å samle inn metadata fra amerikanske
telefonsamtaler»&lt;/a&gt; - Dagbladet.no&lt;/li&gt;

&lt;li&gt;2013-12-18
&lt;a href=&quot;http://www.dagbladet.no/2013/12/18/kultur/meninger/hovedkronikk/debatt/snowden/30901089/&quot;&gt;Etterretning,
overvåking, frihet og sikkerhet&lt;/a&gt; - Dagbladet.no&lt;/li&gt;

&lt;li&gt;2013-12-17
&lt;a href=&quot;http://www.nrk.no/verden/snowden-vil-ha-asyl-i-brasil-1.11423444&quot;&gt;Snowden
angriper USA i åpent brev&lt;/a&gt; - nrk.no&lt;/li&gt;

&lt;li&gt;2013-12-17
&lt;a href=&quot;http://www.digi.no/925820/rettslig-nederlag-for-etterretning&quot;&gt;Rettslig
nederlag for etterretning&lt;/a&gt; - digi.no&lt;/li&gt;

&lt;li&gt;2013-12-21
&lt;a href=&quot;http://www.dagbladet.no/2013/12/21/kultur/meninger/hovedkommentar/kommentar/etterretning/30963284/&quot;&gt;Truende
nedkjøling&lt;/a&gt; - dagbladet.no&lt;/li&gt;

&lt;li&gt;2013-12-20
&lt;a href=&quot;http://www.aftenposten.no/viten/Matematikk-og-forstaelse-7411849.html&quot;&gt;Matematikk
og forståelse&lt;/a&gt; - aftenposten.no&lt;/li&gt;

&lt;li&gt;2013-10-20
&lt;a href=&quot;http://www.nrk.no/viten/ny-studie_sovn-reinser-hjernen-var-1.11306106&quot;&gt;Vi
søv for å reinse hjernen vår, ifølgje ny studie&lt;/a&gt; - nrk.no&lt;/li&gt;

&lt;li&gt;2013-12-11
&lt;a href=&quot;http://www.nrk.no/buskerud/julebaksten-i-vasken-1.11410033&quot;&gt;Rotterace
i kloakken&lt;/a&gt; - nrk.no&lt;/li&gt;

&lt;li&gt;2013-12-30
&lt;a href=&quot;http://www.aftenposten.no/viten/Apne-brev-og-frie-tanker-7413734.html&quot;&gt;Åpne
brev og frie tanker&lt;/a&gt; - aftenposten.no&lt;/li&gt;

&lt;li&gt;2014-01-12
&lt;a href=&quot;http://www.aftenposten.no/viten/Stopp-kunnskapsapartheidet-7428229.html&quot;&gt;Stopp dagens kunnskapsapartheid!&lt;/a&gt; - aftenposten.no&lt;/li&gt;

&lt;li&gt;2014-01-09
&lt;a href=&quot;http://www.aftenposten.no/nyheter/uriks/EU-rapport-Britisk-og-amerikansk-overvaking-ser-ut-til-a-vare-ulovlig-7428933.html&quot;&gt;EU-rapport:
Britisk og amerikansk overvåking ser ut til å være ulovlig&lt;/a&gt; -
aftenposten.no&lt;/li&gt;

&lt;li&gt;2013-10-23 Professor Jan Arild Audestad
&lt;a href=&quot;http://www.digi.no/924008/advarer-mot-konspirasjonsteori&quot;&gt;Advarer
mot konspirasjonsteori&lt;/a&gt; i digi.no og sier han ikke tror NSA kan
avlytte mobiltelefoner, mens han noen måneder senere forteller:&lt;/li&gt;

&lt;li&gt;2014-01-09
&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/--Vi-ble-presset-til-a-svekke-mobilsikkerheten-pa-80-tallet-7410467.html&quot;&gt;-
Vi ble presset til å svekke mobilsikkerheten på 80-tallet&lt;/a&gt; -
aftenposten.no&lt;/li&gt;

&lt;li&gt;2014-02-12
&lt;a href=&quot;http://tv.nrk.no/program/koid20005814/et-moete-med-edward-snowden&quot;&gt;Et
møte med Edward Snowden&lt;/a&gt; - intervju sendt av nrk, tilgjengelig til
2015-01-31&lt;/li&gt;

&lt;li&gt;2014-02-17
&lt;a href=&quot;http://politiken.dk/debat/profiler/jessteinpedersen/ECE2210356/litteraturredaktoeren-helle-thornings-tavshed-om-snowden-er-en-skandale/&quot;&gt;Litteraturredaktøren:
Helle Thornings tavshed om Snowden er en skandale&lt;/a&gt; -
politiken.dk&lt;/li&gt;

&lt;li&gt;2014-02-21
&lt;a href=&quot;http://www.aftenposten.no/meninger/kronikker/Bra-a-ha-en-Storebror-7476734.html&quot;&gt;Bra å ha en «Storebror»&lt;/a&gt; - aftenposten.no&lt;/li&gt;

&lt;li&gt;2014-02-28
&lt;a href=&quot;http://johnchristianelden.blogg.no/1393536806_narkotikasiktet_stort.html&quot;&gt;&quot;Narkotikasiktet
Stortingsmann&quot; - Spillet bak kulissene&lt;/a&gt; - John Christian Eldens
blogg&lt;/li&gt;

&lt;li&gt;2014-02-28
&lt;a href=&quot;http://www.aftenposten.no/meninger/Heksejakt-pa-hasjbrukere-7486283.html&quot;&gt;Heksejakt
på hasjbrukere&lt;/a&gt; - aftenposten.no&lt;/li&gt;

&lt;/ul&gt;
</description>
        </item>
        
        <item>
                <title>New home and release 1.0 for netgroup and innetgr (aka ng-utils)</title>
                <link>http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html</guid>
                <pubDate>Sat, 22 Feb 2014 21:45:00 +0100</pubDate>
                <description>&lt;p&gt;Many years ago, I wrote a GPL licensed version of the netgroup and
innetgr tools, because I needed them in
&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Skolelinux&lt;/a&gt;.  I called the project
ng-utils, and it has served me well.  I placed the project under the
&lt;a href=&quot;http://www.hungry.com/&quot;&gt;Hungry Programmer&lt;/a&gt; umbrella, and it was maintained in our CVS
repository.  But many years ago, the CVS repository was dropped (lost,
not migrated to new hardware, not sure), and the project have lacked a
proper home since then.&lt;/p&gt;

&lt;p&gt;Last summer, I had a look at the package and made a new release
fixing a irritating crash bug, but was unable to store the changes in
a proper source control system.  I applied for a project on
&lt;a href=&quot;https://alioth.debian.org/&quot;&gt;Alioth&lt;/a&gt;, but did not have time
to follow up on it.  Until today. :)&lt;/p&gt;

&lt;p&gt;After many hours of cleaning and migration, the ng-utils project
now have a new home, and a git repository with the highlight of the
history of the project.  I published all release tarballs and imported
them into the git repository.  As the project is really stable and not
expected to gain new features any time soon, I decided to make a new
release and call it 1.0.  Visit the new project home on
&lt;a href=&quot;https://alioth.debian.org/projects/ng-utils/&quot;&gt;https://alioth.debian.org/projects/ng-utils/&lt;/a&gt;
if you want to check it out.  The new version is also uploaded into
&lt;a href=&quot;http://packages.qa.debian.org/n/ng-utils.html&quot;&gt;Debian Unstable&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Testing sysvinit from experimental in Debian Hurd</title>
                <link>http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html</guid>
                <pubDate>Mon, 3 Feb 2014 13:40:00 +0100</pubDate>
                <description>&lt;p&gt;A few days ago I decided to try to help the Hurd people to get
their changes into sysvinit, to allow them to use the normal sysvinit
boot system instead of their old one.  This follow up on the
&lt;a href=&quot;https://teythoon.cryptobitch.de//categories/gsoc.html&quot;&gt;great
Google Summer of Code work&lt;/a&gt; done last summer by Justus Winter to
get Debian on Hurd working more like Debian on Linux.  To get started,
I downloaded a prebuilt hard disk image from
&lt;a href=&quot;http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz&quot;&gt;http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz&lt;/a&gt;,
and started it using virt-manager.&lt;/p&gt;

&lt;p&gt;The first think I had to do after logging in (root without any
password) was to get the network operational.  I followed
&lt;a href=&quot;https://www.debian.org/ports/hurd/hurd-install&quot;&gt;the
instructions on the Debian GNU/Hurd ports page&lt;/a&gt; and ran these
commands as root to get the machine to accept a IP address from the
kvm internal DHCP server:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
settrans -fgap /dev/netdde /hurd/netdde
kill $(ps -ef|awk &#39;/[p]finet/ { print $2}&#39;)
kill $(ps -ef|awk &#39;/[d]evnode/ { print $2}&#39;)
dhclient /dev/eth0
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;After this, the machine had internet connectivity, and I could
upgrade it and install the sysvinit packages from experimental and
enable it as the default boot system in Hurd.&lt;/p&gt;

&lt;p&gt;But before I did that, I set a password on the root user, as ssh is
running on the machine it for ssh login to work a password need to be
set.  Also, note that a bug somewhere in openssh on Hurd block
compression from working.  Remember to turn that off on the client
side.&lt;/p&gt;

&lt;p&gt;Run these commands as root to upgrade and test the new sysvinit
stuff:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
cat &gt; /etc/apt/sources.list.d/experimental.list &amp;lt;&amp;lt;EOF
deb http://http.debian.net/debian/ experimental main
EOF
apt-get update
apt-get dist-upgrade
apt-get install -t experimental initscripts sysv-rc sysvinit \
    sysvinit-core sysvinit-utils
update-alternatives --config runsystem
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;To reboot after switching boot system, you have to use
&lt;tt&gt;reboot-hurd&lt;/tt&gt; instead of just &lt;tt&gt;reboot&lt;/tt&gt;, as there is not
yet a sysvinit process able to receive the signals from the normal
&#39;reboot&#39; command.  After switching to sysvinit as the boot system,
upgrading every package and rebooting, the network come up with DHCP
after boot as it should, and the settrans/pkill hack mentioned at the
start is no longer needed.  But for some strange reason, there are no
longer any login prompt in the virtual console, so I logged in using
ssh instead.

&lt;p&gt;Note that there are some race conditions in Hurd making the boot
fail some times.  No idea what the cause is, but hope the Hurd porters
figure it out.  At least Justus said on IRC (#debian-hurd on
irc.debian.org) that they are aware of the problem.  A way to reduce
the impact is to upgrade to the Hurd packages built by Justus by
adding this repository to the machine:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
cat &gt; /etc/apt/sources.list.d/hurd-ci.list &amp;lt;&amp;lt;EOF
deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main
EOF
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;At the moment the prebuilt virtual machine get some packages from
http://ftp.debian-ports.org/debian, because some of the packages in
unstable do not yet include the required patches that are lingering in
BTS.  This is the completely list of &quot;unofficial&quot; packages installed:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# aptitude search &#39;?narrow(?version(CURRENT),?origin(Debian Ports))&#39;
i   emacs                   - GNU Emacs editor (metapackage)
i   gdb                     - GNU Debugger
i   hurd-recommended        - Miscellaneous translators
i   isc-dhcp-client         - ISC DHCP client
i   isc-dhcp-common         - common files used by all the isc-dhcp* packages
i   libc-bin                - Embedded GNU C Library: Binaries
i   libc-dev-bin            - Embedded GNU C Library: Development binaries
i   libc0.3                 - Embedded GNU C Library: Shared libraries
i A libc0.3-dbg             - Embedded GNU C Library: detached debugging symbols
i   libc0.3-dev             - Embedded GNU C Library: Development Libraries and Hea
i   multiarch-support       - Transitional package to ensure multiarch compatibilit
i A x11-common              - X Window System (X.Org) infrastructure
i   xorg                    - X.Org X Window System
i A xserver-xorg            - X.Org X server
i A xserver-xorg-input-all  - X.Org X server -- input driver metapackage
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;All in all, testing hurd has been an interesting experience. :)
X.org did not work out of the box and I never took the time to follow
the porters instructions to fix it.  This time I was interested in the
command line stuff.&lt;p&gt;
</description>
        </item>
        
        <item>
                <title>A fist full of non-anonymous Bitcoins</title>
                <link>http://people.skolelinux.org/pere/blog/A_fist_full_of_non_anonymous_Bitcoins.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_fist_full_of_non_anonymous_Bitcoins.html</guid>
                <pubDate>Wed, 29 Jan 2014 14:10:00 +0100</pubDate>
                <description>&lt;p&gt;Bitcoin is a incredible use of peer to peer communication and
encryption, allowing direct and immediate money transfer without any
central control.  It is sometimes claimed to be ideal for illegal
activity, which I believe is quite a long way from the truth.  At least
I would not conduct illegal money transfers using a system where the
details of every transaction are kept forever.  This point is
investigated in
&lt;a href=&quot;https://www.usenix.org/publications/login&quot;&gt;USENIX ;login:&lt;/a&gt;
from December 2013, in the article
&quot;&lt;a href=&quot;https://www.usenix.org/system/files/login/articles/03_meiklejohn-online.pdf&quot;&gt;A
Fistful of Bitcoins - Characterizing Payments Among Men with No
Names&lt;/a&gt;&quot; by Sarah Meiklejohn, Marjori Pomarole,Grant Jordan, Kirill
Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage.  They
analyse the transaction log in the Bitcoin system, using it to find
addresses belong to individuals and organisations and follow the flow
of money from both Bitcoin theft and trades on Silk Road to where the
money end up.  This is how they wrap up their article:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
&lt;p&gt;&quot;To demonstrate the usefulness of this type of analysis, we turned
our attention to criminal activity. In the Bitcoin economy, criminal
activity can appear in a number of forms, such as dealing drugs on
Silk Road or simply stealing someone else’s bitcoins. We followed the
flow of bitcoins out of Silk Road (in particular, from one notorious
address) and from a number of highly publicized thefts to see whether
we could track the bitcoins to known services. Although some of the
thieves attempted to use sophisticated mixing techniques (or possibly
mix services) to obscure the flow of bitcoins, for the most part
tracking the bitcoins was quite straightforward, and we ultimately saw
large quantities of bitcoins flow to a variety of exchanges directly
from the point of theft (or the withdrawal from Silk Road).&lt;/p&gt;

&lt;p&gt;As acknowledged above, following stolen bitcoins to the point at
which they are deposited into an exchange does not in itself identify
the thief; however, it does enable further de-anonymization in the
case in which certain agencies can determine (through, for example,
subpoena power) the real-world owner of the account into which the
stolen bitcoins were deposited.  Because such exchanges seem to serve
as chokepoints into and out of the Bitcoin economy (i.e., there are
few alternative ways to cash out), we conclude that using Bitcoin for
money laundering or other illicit purposes does not (at least at
present) seem to be particularly attractive.&quot;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;

&lt;p&gt;These researches are not the first to analyse the Bitcoin
transaction log.  The 2011 paper
&quot;&lt;a href=&quot;http://arxiv.org/abs/1107.4524&quot;&gt;An Analysis of Anonymity in
the Bitcoin System&lt;/A&gt;&quot; by Fergal Reid and Martin Harrigan is
summarized like this:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
&quot;Anonymity in Bitcoin, a peer-to-peer electronic currency system, is a
complicated issue. Within the system, users are identified by
public-keys only. An attacker wishing to de-anonymize its users will
attempt to construct the one-to-many mapping between users and
public-keys and associate information external to the system with the
users. Bitcoin tries to prevent this attack by storing the mapping of
a user to his or her public-keys on that user&#39;s node only and by
allowing each user to generate as many public-keys as required. In
this chapter we consider the topological structure of two networks
derived from Bitcoin&#39;s public transaction history. We show that the
two networks have a non-trivial topological structure, provide
complementary views of the Bitcoin system and have implications for
anonymity. We combine these structures with external information and
techniques such as context discovery and flow analysis to investigate
an alleged theft of Bitcoins, which, at the time of the theft, had a
market value of approximately half a million U.S. dollars.&quot;
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;I hope these references can help kill the urban myth that Bitcoin
is anonymous.  It isn&#39;t really a good fit for illegal activites.  Use
cash if you need to stay anonymous, at least until regular DNA
sampling of notes and coins become the norm. :)&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&amp;label=PetterReinholdtsenBlog&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>