1 <?xml version=
"1.0" encoding=
"ISO-8859-1"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries from January
2016</title>
5 <description>Entries from January
2016</description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
10 <title>Always download Debian packages using Tor - the simple recipe
</title>
11 <link>http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html
</guid>
13 <pubDate>Fri,
15 Jan
2016 00:
30:
00 +
0100</pubDate>
14 <description><p
>During his DebConf15 keynote, Jacob Appelbaum
15 <a href=
"https://summit.debconf.org/debconf15/meeting/
331/what-is-to-be-done/
">observed
16 that those listening on the Internet lines would have good reason to
17 believe a computer have a given security hole
</a
> if it download a
18 security fix from a Debian mirror. This is a good reason to always
19 use encrypted connections to the Debian mirror, to make sure those
20 listening do not know which IP address to attack. In August, Richard
21 Hartmann observed that encryption was not enough, when it was possible
22 to interfere download size to security patches or the fact that
23 download took place shortly after a security fix was released, and
24 <a href=
"http://richardhartmann.de/blog/posts/
2015/
08/
24-Tor-enabled_Debian_mirror/
">proposed
25 to always use Tor to download packages from the Debian mirror
</a
>. He
26 was not the first to propose this, as the
27 <tt
><a href=
"https://tracker.debian.org/pkg/apt-transport-tor
">apt-transport-tor
</a
></tt
>
28 package by Tim Retout already existed to make it easy to convince apt
29 to use
<a href=
"https://www.torproject.org/
">Tor
</a
>, but I was not
30 aware of that package when I read the blog post from Richard.
</p
>
32 <p
>Richard discussed the idea with Peter Palfrader, one of the Debian
33 sysadmins, and he set up a Tor hidden service on one of the central
34 Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
35 it possible to download packages directly between two tor nodes,
36 making sure the network traffic always were encrypted.
</p
>
38 <p
>Here is a short recipe for enabling this on your machine, by
39 installing
<tt
>apt-transport-tor
</tt
> and replacing http and https
40 urls with tor+http and tor+https, and using the hidden service instead
41 of the official Debian mirror site. I recommend installing
42 <tt
>etckeeper
</tt
> before you start to have a history of the changes
43 done in /etc/.
</p
>
45 <blockquote
><pre
>
46 apt install apt-transport-tor
47 sed -i
's% http://ftp.debian.org/%tor+http://vwakviie2ienjx6t.onion/%
' /etc/apt/sources.list
48 sed -i
's% http% tor+http%
' /etc/apt/sources.list
49 </pre
></blockquote
>
51 <p
>If you have more sources listed in /etc/apt/sources.list.d/, run
52 the sed commands for these too. The sed command is assuming your are
53 using the ftp.debian.org Debian mirror. Adjust the command (or just
54 edit the file manually) to match your mirror.
</p
>
56 <p
>This work in Debian Jessie and later. Note that tools like
57 <tt
>apt-file
</tt
> only recently started using the apt transport
58 system, and do not work with these tor+http URLs. For
59 <tt
>apt-file
</tt
> you need the version currently in experimental,
60 which need a recent apt version currently only in unstable. So if you
61 need a working
<tt
>apt-file
</tt
>, this is not for you.
</p
>
63 <p
>Another advantage from this change is that your machine will start
64 using Tor regularly and at fairly random intervals (every time you
65 update the package lists or upgrade or install a new package), thus
66 masking other Tor traffic done from the same machine. Using Tor will
67 become normal for the machine in question.
</p
>
69 <p
>On
<a href=
"https://wiki.debian.org/FreedomBox
">Freedombox
</a
>, APT
70 is set up by default to use
<tt
>apt-transport-tor
</tt
> when Tor is
71 enabled. It would be great if it was the default on any Debian
77 <title>Nedlasting fra NRK, som Matroska med undertekster
</title>
78 <link>http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html
</link>
79 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html
</guid>
80 <pubDate>Sat,
2 Jan
2016 13:
50:
00 +
0100</pubDate>
81 <description><p
>Det kommer stadig nye løsninger for å ta lagre unna innslag fra NRK
82 for å se på det senere. For en stund tilbake kom jeg over et script
83 nrkopptak laget av Ingvar Hagelund. Han fjernet riktignok sitt script
84 etter forespørsel fra Erik Bolstad i NRK, men noen tok heldigvis og
85 gjorde det
<a href=
"https://github.com/liangqi/nrkopptak
">tilgjengelig
86 via github
</a
>.
</p
>
88 <p
>Scriptet kan lagre som MPEG4 eller Matroska, og bake inn
89 undertekster i fila på et vis som blant annet VLC forstår. For å
90 bruke scriptet, kopier ned git-arkivet og kjør
</p
>
93 nrkopptak/bin/nrk-opptak k
<ahref=
"https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-
1/episode-
1">https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-
1/episode-
1</a
>
94 </pre
></p
>
96 <p
>URL-eksemplet er dagens toppsak på tv.nrk.no. Argument
'k
' ber
97 scriptet laste ned og lagre som Matroska. Det finnes en rekke andre
98 muligheter for valg av kvalitet og format.
</p
>
100 <p
>Jeg foretrekker dette scriptet fremfor youtube-dl, som
101 <a href=
"http://people.skolelinux.org/pere/blog/Hvordan_enkelt_laste_ned_filmer_fra_NRK_med_den__nye__l_sningen.html
">
102 nevnt i
2014 støtter NRK
</a
> og en rekke andre videokilder, på grunn
103 av at nrkopptak samler undertekster og video i en enkelt fil, hvilket
104 gjør håndtering enklere på disk.
</p
>
projects / homepage.git / blob