1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>Epost inn som arkivformat i Riksarkivarens forskrift?
</title>
11 <link>http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html
</guid>
13 <pubDate>Thu,
27 Apr
2017 11:
30:
00 +
0200</pubDate>
14 <description><p
>I disse dager, med frist
1. mai, har Riksarkivaren ute en høring på
15 sin forskrift. Som en kan se er det ikke mye tid igjen før fristen
16 som går ut på søndag. Denne forskriften er det som lister opp hvilke
17 formater det er greit å arkivere i
18 <a href=
"http://www.arkivverket.no/arkivverket/Offentleg-forvalting/Noark/Noark-
5">Noark
19 5-løsninger
</a
> i Norge.
</p
>
21 <p
>Jeg fant høringsdokumentene hos
22 <a href=
"https://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing
">Norsk
23 Arkivråd
</a
> etter å ha blitt tipset på epostlisten til
24 <a href=
"https://github.com/hiOA-ABI/nikita-noark5-core
">fri
25 programvareprosjektet Nikita Noark5-Core
</a
>, som lager et Noark
5
26 Tjenestegresesnitt. Jeg er involvert i Nikita-prosjektet og takket
27 være min interesse for tjenestegrensesnittsprosjektet har jeg lest en
28 god del Noark
5-relaterte dokumenter, og til min overraskelse oppdaget
29 at standard epost ikke er på listen over godkjente formater som kan
30 arkiveres. Høringen med frist søndag er en glimrende mulighet til å
31 forsøke å gjøre noe med det. Jeg holder på med
32 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/hoering-arkivforskrift.tex
">egen
33 høringsuttalelse
</a
>, og lurer på om andre er interessert i å støtte
34 forslaget om å tillate arkivering av epost som epost i arkivet.
</p
>
36 <p
>Er du igang med å skrive egen høringsuttalelse allerede? I så fall
37 kan du jo vurdere å ta med en formulering om epost-lagring. Jeg tror
38 ikke det trengs så mye. Her et kort forslag til tekst:
</p
>
40 <p
><blockquote
>
42 <p
>Viser til høring sendt ut
2017-
02-
17 (Riksarkivarens referanse
43 2016/
9840 HELHJO), og tillater oss å sende inn noen innspill om
44 revisjon av Forskrift om utfyllende tekniske og arkivfaglige
45 bestemmelser om behandling av offentlige arkiver (Riksarkivarens
48 <p
>Svært mye av vår kommuikasjon foregår i dag på e-post. Vi
49 foreslår derfor at Internett-e-post, slik det er beskrevet i IETF
51 <a href=
"https://tools.ietf.org/html/rfc5322
">https://tools.ietf.org/html/rfc5322
</a
>. bør
52 inn som godkjent dokumentformat. Vi foreslår at forskriftens
53 oversikt over godkjente dokumentformater ved innlevering i §
5-
16
54 endres til å ta med Internett-e-post.
</p
>
56 </blockquote
></p
>
58 <p
>Som del av arbeidet med tjenestegrensesnitt har vi testet hvordan
59 epost kan lagres i en Noark
5-struktur, og holder på å skrive et
60 forslag om hvordan dette kan gjøres som vil bli sendt over til
61 arkivverket så snart det er ferdig. De som er interesserte kan
62 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/epostlagring.md
">følge
63 fremdriften på web
</a
>.
</p
>
65 <p
>Oppdatering
2017-
04-
28: I dag ble høringuttalelsen jeg skrev
66 <a href=
"https://www.nuug.no/news/NUUGs_h_ringuttalelse_til_Riksarkivarens_forskrift.shtml
">sendt
67 inn av foreningen NUUG
</a
>.
</p
>
72 <title>Offentlig elektronisk postjournal blokkerer tilgang for utvalgte webklienter
</title>
73 <link>http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html
</link>
74 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html
</guid>
75 <pubDate>Thu,
20 Apr
2017 13:
00:
00 +
0200</pubDate>
76 <description><p
>Jeg oppdaget i dag at
<a href=
"https://www.oep.no/
">nettstedet som
77 publiserer offentlige postjournaler fra statlige etater
</a
>, OEP, har
78 begynt å blokkerer enkelte typer webklienter fra å få tilgang. Vet
79 ikke hvor mange det gjelder, men det gjelder i hvert fall libwww-perl
80 og curl. For å teste selv, kjør følgende:
</p
>
82 <blockquote
><pre
>
83 % curl -v -s https://www.oep.no/pub/report.xhtml?reportId=
3 2>&1 |grep
'< HTTP
'
84 < HTTP/
1.1 404 Not Found
85 % curl -v -s --header
'User-Agent:Opera/
12.0' https://www.oep.no/pub/report.xhtml?reportId=
3 2>&1 |grep
'< HTTP
'
88 </pre
></blockquote
>
90 <p
>Her kan en se at tjenesten gir «
404 Not Found» for curl i
91 standardoppsettet, mens den gir «
200 OK» hvis curl hevder å være Opera
92 versjon
12.0. Offentlig elektronisk postjournal startet blokkeringen
95 <p
>Blokkeringen vil gjøre det litt vanskeligere å maskinelt hente
96 informasjon fra oep.no. Kan blokkeringen være gjort for å hindre
97 automatisert innsamling av informasjon fra OEP, slik Pressens
98 Offentlighetsutvalg gjorde for å dokumentere hvordan departementene
100 <a href=
"http://presse.no/dette-mener-np/undergraver-offentlighetsloven/
">rapporten
101 «Slik hindrer departementer innsyn» som ble publiserte i januar
102 2017</a
>. Det virker usannsynlig, da det jo er trivielt å bytte
103 User-Agent til noe nytt.
</p
>
105 <p
>Finnes det juridisk grunnlag for det offentlige å diskriminere
106 webklienter slik det gjøres her? Der tilgang gis eller ikke alt etter
107 hva klienten sier at den heter? Da OEP eies av DIFI og driftes av
108 Basefarm, finnes det kanskje noen dokumenter sendt mellom disse to
109 aktørene man kan be om innsyn i for å forstå hva som har skjedd. Men
110 <a href=
"https://www.oep.no/search/result.html?period=dateRange
&fromDate=
01.01.2016&toDate=
01.04.2017&dateType=documentDate
&caseDescription=
&descType=both
&caseNumber=
&documentNumber=
&sender=basefarm
&senderType=both
&documentType=all
&legalAuthority=
&archiveCode=
&list2=
196&searchType=advanced
&Search=Search+in+records
">postjournalen
111 til DIFI viser kun to dokumenter
</a
> det siste året mellom DIFI og
113 <a href=
"https://www.mimesbronn.no/request/blokkering_av_tilgang_til_oep_fo
">Mimes brønn neste
</a
>,
114 tenker jeg.
</p
>
119 <title>Free software archive system Nikita now able to store documents
</title>
120 <link>http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html
</link>
121 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html
</guid>
122 <pubDate>Sun,
19 Mar
2017 08:
00:
00 +
0100</pubDate>
123 <description><p
>The
<a href=
"https://github.com/hiOA-ABI/nikita-noark5-core
">Nikita
124 Noark
5 core project
</a
> is implementing the Norwegian standard for
125 keeping an electronic archive of government documents.
126 <a href=
"http://www.arkivverket.no/arkivverket/Offentlig-forvaltning/Noark/Noark-
5/English-version
">The
127 Noark
5 standard
</a
> document the requirement for data systems used by
128 the archives in the Norwegian government, and the Noark
5 web interface
129 specification document a REST web service for storing, searching and
130 retrieving documents and metadata in such archive. I
've been involved
131 in the project since a few weeks before Christmas, when the Norwegian
133 <a href=
"https://www.nuug.no/news/NOARK5_kjerne_som_fri_programvare_f_r_epostliste_hos_NUUG.shtml
">announced
134 it supported the project
</a
>. I believe this is an important project,
135 and hope it can make it possible for the government archives in the
136 future to use free software to keep the archives we citizens depend
137 on. But as I do not hold such archive myself, personally my first use
138 case is to store and analyse public mail journal metadata published
139 from the government. I find it useful to have a clear use case in
140 mind when developing, to make sure the system scratches one of my
143 <p
>If you would like to help make sure there is a free software
144 alternatives for the archives, please join our IRC channel
145 (
<a href=
"irc://irc.freenode.net/%
23nikita
"">#nikita on
146 irc.freenode.net
</a
>) and
147 <a href=
"https://lists.nuug.no/mailman/listinfo/nikita-noark
">the
148 project mailing list
</a
>.
</p
>
150 <p
>When I got involved, the web service could store metadata about
151 documents. But a few weeks ago, a new milestone was reached when it
152 became possible to store full text documents too. Yesterday, I
153 completed an implementation of a command line tool
154 <tt
>archive-pdf
</tt
> to upload a PDF file to the archive using this
155 API. The tool is very simple at the moment, and find existing
156 <a href=
"https://en.wikipedia.org/wiki/Fonds
">fonds
</a
>, series and
157 files while asking the user to select which one to use if more than
158 one exist. Once a file is identified, the PDF is associated with the
159 file and uploaded, using the title extracted from the PDF itself. The
160 process is fairly similar to visiting the archive, opening a cabinet,
161 locating a file and storing a piece of paper in the archive. Here is
162 a test run directly after populating the database with test data using
163 our API tester:
</p
>
165 <p
><blockquote
><pre
>
166 ~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf
167 using arkiv: Title of the test fonds created
2017-
03-
18T23:
49:
32.103446
168 using arkivdel: Title of the test series created
2017-
03-
18T23:
49:
32.103446
170 0 - Title of the test case file created
2017-
03-
18T23:
49:
32.103446
171 1 - Title of the test file created
2017-
03-
18T23:
49:
32.103446
172 Select which mappe you want (or search term):
0
173 Uploading mangelmelding/mangler.pdf
174 PDF title: Mangler i spesifikasjonsdokumentet for NOARK
5 Tjenestegrensesnitt
175 File
2017/
1: Title of the test case file created
2017-
03-
18T23:
49:
32.103446
176 ~/src//noark5-tester$
177 </pre
></blockquote
></p
>
179 <p
>You can see here how the fonds (arkiv) and serie (arkivdel) only had
180 one option, while the user need to choose which file (mappe) to use
181 among the two created by the API tester. The
<tt
>archive-pdf
</tt
>
182 tool can be found in the git repository for the API tester.
</p
>
184 <p
>In the project, I have been mostly working on
185 <a href=
"https://github.com/petterreinholdtsen/noark5-tester
">the API
186 tester
</a
> so far, while getting to know the code base. The API
188 <a href=
"https://en.wikipedia.org/wiki/HATEOAS
">the HATEOAS links
</a
>
189 to traverse the entire exposed service API and verify that the exposed
190 operations and objects match the specification, as well as trying to
191 create objects holding metadata and uploading a simple XML file to
192 store. The tester has proved very useful for finding flaws in our
193 implementation, as well as flaws in the reference site and the
194 specification.
</p
>
196 <p
>The test document I uploaded is a summary of all the specification
197 defects we have collected so far while implementing the web service.
198 There are several unclear and conflicting parts of the specification,
200 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/tree/master/mangelmelding
">started
201 writing down
</a
> the questions we get from implementing it. We use a
202 format inspired by how
<a href=
"http://www.opengroup.org/austin/
">The
203 Austin Group
</a
> collect defect reports for the POSIX standard with
204 <a href=
"http://www.opengroup.org/austin/mantis.html
">their
205 instructions for the MANTIS defect tracker system
</a
>, in lack of an official way to structure defect reports for Noark
5 (our first submitted defect report was a
<a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/mangelmelding/sendt/
2017-
03-
15-mangel-prosess.md
">request for a procedure for submitting defect reports
</a
> :).
207 <p
>The Nikita project is implemented using Java and Spring, and is
208 fairly easy to get up and running using Docker containers for those
209 that want to test the current code base. The API tester is
210 implemented in Python.
</p
>
215 <title>Detecting NFS hangs on Linux without hanging yourself...
</title>
216 <link>http://people.skolelinux.org/pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html
</link>
217 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html
</guid>
218 <pubDate>Thu,
9 Mar
2017 15:
20:
00 +
0100</pubDate>
219 <description><p
>Over the years, administrating thousand of NFS mounting linux
220 computers at the time, I often needed a way to detect if the machine
221 was experiencing NFS hang. If you try to use
<tt
>df
</tt
> or look at a
222 file or directory affected by the hang, the process (and possibly the
223 shell) will hang too. So you want to be able to detect this without
224 risking the detection process getting stuck too. It has not been
225 obvious how to do this. When the hang has lasted a while, it is
226 possible to find messages like these in dmesg:
</p
>
228 <p
><blockquote
>
229 nfs: server nfsserver not responding, still trying
230 <br
>nfs: server nfsserver OK
231 </blockquote
></p
>
233 <p
>It is hard to know if the hang is still going on, and it is hard to
234 be sure looking in dmesg is going to work. If there are lots of other
235 messages in dmesg the lines might have rotated out of site before they
236 are noticed.
</p
>
238 <p
>While reading through the nfs client implementation in linux kernel
239 code, I came across some statistics that seem to give a way to detect
240 it. The om_timeouts sunrpc value in the kernel will increase every
241 time the above log entry is inserted into dmesg. And after digging a
242 bit further, I discovered that this value show up in
243 /proc/self/mountstats on Linux.
</p
>
245 <p
>The mountstats content seem to be shared between files using the
246 same file system context, so it is enough to check one of the
247 mountstats files to get the state of the mount point for the machine.
248 I assume this will not show lazy umounted NFS points, nor NFS mount
249 points in a different process context (ie with a different filesystem
250 view), but that does not worry me.
</p
>
252 <p
>The content for a NFS mount point look similar to this:
</p
>
254 <p
><blockquote
><pre
>
256 device /dev/mapper/Debian-var mounted on /var with fstype ext3
257 device nfsserver:/mnt/nfsserver/home0 mounted on /mnt/nfsserver/home0 with fstype nfs statvers=
1.1
258 opts: rw,vers=
3,rsize=
65536,wsize=
65536,namlen=
255,acregmin=
3,acregmax=
60,acdirmin=
30,acdirmax=
60,soft,nolock,proto=tcp,timeo=
600,retrans=
2,sec=sys,mountaddr=
129.240.3.145,mountvers=
3,mountport=
4048,mountproto=udp,local_lock=all
260 caps: caps=
0x3fe7,wtmult=
4096,dtsize=
8192,bsize=
0,namlen=
255
261 sec: flavor=
1,pseudoflavor=
1
262 events:
61063112 732346265 1028140 35486205 16220064 8162542 761447191 71714012 37189 3891185 45561809 110486139 4850138 420353 15449177 296502 52736725 13523379 0 52182 9016896 1231 0 0 0 0 0
263 bytes:
166253035039 219519120027 0 0 40783504807 185466229638 11677877 45561809
264 RPC iostats version:
1.0 p/v:
100003/
3 (nfs)
265 xprt: tcp
925 1 6810 0 0 111505412 111480497 109 2672418560317 0 248 53869103 22481820
267 NULL:
0 0 0 0 0 0 0 0
268 GETATTR:
61063106 61063108 0 9621383060 6839064400 453650 77291321 78926132
269 SETATTR:
463469 463470 0 92005440 66739536 63787 603235 687943
270 LOOKUP:
17021657 17021657 0 3354097764 4013442928 57216 35125459 35566511
271 ACCESS:
14281703 14290009 5 2318400592 1713803640 1709282 4865144 7130140
272 READLINK:
125 125 0 20472 18620 0 1112 1118
273 READ:
4214236 4214237 0 715608524 41328653212 89884 22622768 22806693
274 WRITE:
8479010 8494376 22 187695798568 1356087148 178264904 51506907 231671771
275 CREATE:
171708 171708 0 38084748 46702272 873 1041833 1050398
276 MKDIR:
3680 3680 0 773980 993920 26 23990 24245
277 SYMLINK:
903 903 0 233428 245488 6 5865 5917
278 MKNOD:
80 80 0 20148 21760 0 299 304
279 REMOVE:
429921 429921 0 79796004 61908192 3313 2710416 2741636
280 RMDIR:
3367 3367 0 645112 484848 22 5782 6002
281 RENAME:
466201 466201 0 130026184 121212260 7075 5935207 5961288
282 LINK:
289155 289155 0 72775556 67083960 2199 2565060 2585579
283 READDIR:
2933237 2933237 0 516506204 13973833412 10385 3190199 3297917
284 READDIRPLUS:
1652839 1652839 0 298640972 6895997744 84735 14307895 14448937
285 FSSTAT:
6144 6144 0 1010516 1032192 51 9654 10022
286 FSINFO:
2 2 0 232 328 0 1 1
287 PATHCONF:
1 1 0 116 140 0 0 0
288 COMMIT:
0 0 0 0 0 0 0 0
290 device binfmt_misc mounted on /proc/sys/fs/binfmt_misc with fstype binfmt_misc
292 </pre
></blockquote
></p
>
294 <p
>The key number to look at is the third number in the per-op list.
295 It is the number of NFS timeouts experiences per file system
296 operation. Here
22 write timeouts and
5 access timeouts. If these
297 numbers are increasing, I believe the machine is experiencing NFS
298 hang. Unfortunately the timeout value do not start to increase right
299 away. The NFS operations need to time out first, and this can take a
300 while. The exact timeout value depend on the setup. For example the
301 defaults for TCP and UDP mount points are quite different, and the
302 timeout value is affected by the soft, hard, timeo and retrans NFS
303 mount options.
</p
>
305 <p
>The only way I have been able to get working on Debian and RedHat
306 Enterprise Linux for getting the timeout count is to peek in /proc/.
308 <ahref=
"http://docs.oracle.com/cd/E19253-
01/
816-
4555/netmonitor-
12/index.html
">Solaris
309 10 System Administration Guide: Network Services
</a
>, the
'nfsstat -c
'
310 command can be used to get these timeout values. But this do not work
311 on Linux, as far as I can tell. I
312 <ahref=
"http://bugs.debian.org/
857043">asked Debian about this
</a
>,
313 but have not seen any replies yet.
</p
>
315 <p
>Is there a better way to figure out if a Linux NFS client is
316 experiencing NFS hangs? Is there a way to detect which processes are
317 affected? Is there a way to get the NFS mount going quickly once the
318 network problem causing the NFS hang has been cleared? I would very
319 much welcome some clues, as we regularly run into NFS hangs.
</p
>
324 <title>How does it feel to be wiretapped, when you should be doing the wiretapping...
</title>
325 <link>http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html
</link>
326 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html
</guid>
327 <pubDate>Wed,
8 Mar
2017 11:
50:
00 +
0100</pubDate>
328 <description><p
>So the new president in the United States of America claim to be
329 surprised to discover that he was wiretapped during the election
330 before he was elected president. He even claim this must be illegal.
331 Well, doh, if it is one thing the confirmations from Snowden
332 documented, it is that the entire population in USA is wiretapped, one
333 way or another. Of course the president candidates were wiretapped,
334 alongside the senators, judges and the rest of the people in USA.
</p
>
336 <p
>Next, the Federal Bureau of Investigation ask the Department of
337 Justice to go public rejecting the claims that Donald Trump was
338 wiretapped illegally. I fail to see the relevance, given that I am
339 sure the surveillance industry in USA believe they have all the legal
340 backing they need to conduct mass surveillance on the entire
343 <p
>There is even the director of the FBI stating that he never saw an
344 order requesting wiretapping of Donald Trump. That is not very
345 surprising, given how the FISA court work, with all its activity being
346 secret. Perhaps he only heard about it?
</p
>
348 <p
>What I find most sad in this story is how Norwegian journalists
349 present it. In a news reports the other day in the radio from the
350 Norwegian National broadcasting Company (NRK), I heard the journalist
351 claim that
'the FBI denies any wiretapping
', while the reality is that
352 'the FBI denies any illegal wiretapping
'. There is a fundamental and
353 important difference, and it make me sad that the journalists are
354 unable to grasp it.
</p
>
356 <p
><strong
>Update
2017-
03-
13:
</strong
> Look like
357 <a href=
"https://theintercept.com/
2017/
03/
13/rand-paul-is-right-nsa-routinely-monitors-americans-communications-without-warrants/
">The
358 Intercept report that US Senator Rand Paul confirm what I state above
</a
>.
</p
>
363 <title>Norwegian Bokmål translation of The Debian Administrator
's Handbook complete, proofreading in progress
</title>
364 <link>http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html
</link>
365 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html
</guid>
366 <pubDate>Fri,
3 Mar
2017 14:
50:
00 +
0100</pubDate>
367 <description><p
>For almost a year now, we have been working on making a Norwegian
368 Bokmål edition of
<a href=
"https://debian-handbook.info/
">The Debian
369 Administrator
's Handbook
</a
>. Now, thanks to the tireless effort of
370 Ole-Erik, Ingrid and Andreas, the initial translation is complete, and
371 we are working on the proof reading to ensure consistent language and
372 use of correct computer science terms. The plan is to make the book
373 available on paper, as well as in electronic form. For that to
374 happen, the proof reading must be completed and all the figures need
375 to be translated. If you want to help out, get in touch.
</p
>
377 <p
><a href=
"http://people.skolelinux.org/pere/debian-handbook/debian-handbook-nb-NO.pdf
">A
379 fresh PDF edition
</a
> in A4 format (the final book will have smaller
380 pages) of the book created every morning is available for
381 proofreading. If you find any errors, please
382 <a href=
"https://hosted.weblate.org/projects/debian-handbook/
">visit
383 Weblate and correct the error
</a
>. The
384 <a href=
"http://l.github.io/debian-handbook/stat/nb-NO/index.html
">state
385 of the translation including figures
</a
> is a useful source for those
386 provide Norwegian bokmål screen shots and figures.
</p
>
391 <title>Unlimited randomness with the ChaosKey?
</title>
392 <link>http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html
</link>
393 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html
</guid>
394 <pubDate>Wed,
1 Mar
2017 20:
50:
00 +
0100</pubDate>
395 <description><p
>A few days ago I ordered a small batch of
396 <a href=
"http://altusmetrum.org/ChaosKey/
">the ChaosKey
</a
>, a small
397 USB dongle for generating entropy created by Bdale Garbee and Keith
398 Packard. Yesterday it arrived, and I am very happy to report that it
399 work great! According to its designers, to get it to work out of the
400 box, you need the Linux kernel version
4.1 or later. I tested on a
401 Debian Stretch machine (kernel version
4.9), and there it worked just
402 fine, increasing the available entropy very quickly. I wrote a small
403 test oneliner to test. It first print the current entropy level,
404 drain /dev/random, and then print the entropy level for five seconds.
405 Here is the situation without the ChaosKey inserted:
</p
>
407 <blockquote
><pre
>
408 % cat /proc/sys/kernel/random/entropy_avail; \
409 dd bs=
1M if=/dev/random of=/dev/null count=
1; \
410 for n in $(seq
1 5); do \
411 cat /proc/sys/kernel/random/entropy_avail; \
417 28 byte kopiert,
0,
000264565 s,
106 kB/s
424 </pre
></blockquote
>
426 <p
>The entropy level increases by
3-
4 every second. In such case any
427 application requiring random bits (like a HTTPS enabled web server)
428 will halt and wait for more entrpy. And here is the situation with
429 the ChaosKey inserted:
</p
>
431 <blockquote
><pre
>
432 % cat /proc/sys/kernel/random/entropy_avail; \
433 dd bs=
1M if=/dev/random of=/dev/null count=
1; \
434 for n in $(seq
1 5); do \
435 cat /proc/sys/kernel/random/entropy_avail; \
441 104 byte kopiert,
0,
000487647 s,
213 kB/s
448 </pre
></blockquote
>
450 <p
>Quite the difference. :) I bought a few more than I need, in case
451 someone want to buy one here in Norway. :)
</p
>
453 <p
>Update: The dongle was presented at Debconf last year. You might
454 find
<a href=
"https://debconf16.debconf.org/talks/
94/
">the talk
455 recording illuminating
</a
>. It explains exactly what the source of
456 randomness is, if you are unable to spot it from the schema drawing
457 available from the ChaosKey web site linked at the start of this blog
463 <title>Detect OOXML files with undefined behaviour?
</title>
464 <link>http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html
</link>
465 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html
</guid>
466 <pubDate>Tue,
21 Feb
2017 00:
20:
00 +
0100</pubDate>
467 <description><p
>I just noticed
468 <a href=
"http://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing
">the
469 new Norwegian proposal for archiving rules in the goverment
</a
> list
470 <a href=
"http://www.ecma-international.org/publications/standards/Ecma-
376.htm
">ECMA-
376</a
>
471 / ISO/IEC
29500 (aka OOXML) as valid formats to put in long term
472 storage. Luckily such files will only be accepted based on
473 pre-approval from the National Archive. Allowing OOXML files to be
474 used for long term storage might seem like a good idea as long as we
475 forget that there are plenty of ways for a
"valid
" OOXML document to
476 have content with no defined interpretation in the standard, which
477 lead to a question and an idea.
</p
>
479 <p
>Is there any tool to detect if a OOXML document depend on such
480 undefined behaviour? It would be useful for the National Archive (and
481 anyone else interested in verifying that a document is well defined)
482 to have such tool available when considering to approve the use of
483 OOXML. I
'm aware of the
484 <a href=
"https://github.com/arlm/officeotron/
">officeotron OOXML
485 validator
</a
>, but do not know how complete it is nor if it will
486 report use of undefined behaviour. Are there other similar tools
487 available? Please send me an email if you know of any such tool.
</p
>
492 <title>Ruling ignored our objections to the seizure of popcorn-time.no (#domstolkontroll)
</title>
493 <link>http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html
</link>
494 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html
</guid>
495 <pubDate>Mon,
13 Feb
2017 21:
30:
00 +
0100</pubDate>
496 <description><p
>A few days ago, we received the ruling from
497 <a href=
"http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
">my
498 day in court
</a
>. The case in question is a challenge of the seizure
499 of the DNS domain popcorn-time.no. The ruling simply did not mention
500 most of our arguments, and seemed to take everything ØKOKRIM said at
501 face value, ignoring our demonstration and explanations. But it is
502 hard to tell for sure, as we still have not seen most of the documents
503 in the case and thus were unprepared and unable to contradict several
504 of the claims made in court by the opposition. We are considering an
505 appeal, but it is partly a question of funding, as it is costing us
506 quite a bit to pay for our lawyer. If you want to help, please
507 <a href=
"http://www.nuug.no/dns-beslag-donasjon.shtml
">donate to the
508 NUUG defense fund
</a
>.
</p
>
510 <p
>The details of the case, as far as we know it, is available in
512 <a href=
"https://www.nuug.no/news/tags/dns-domenebeslag/
">the NUUG
513 blog
</a
>. This also include
514 <a href=
"https://www.nuug.no/news/Avslag_etter_rettslig_h_ring_om_DNS_beslaget___vurderer_veien_videre.shtml
">the
515 ruling itself
</a
>.
</p
>
520 <title>A day in court challenging seizure of popcorn-time.no for #domstolkontroll
</title>
521 <link>http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
</link>
522 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
</guid>
523 <pubDate>Fri,
3 Feb
2017 11:
10:
00 +
0100</pubDate>
524 <description><p align=
"center
"><img width=
"70%
" src=
"http://people.skolelinux.org/pere/blog/images/
2017-
02-
01-popcorn-time-in-court.jpeg
"></p
>
526 <p
>On Wednesday, I spent the entire day in court in Follo Tingrett
527 representing
<a href=
"https://www.nuug.no/
">the member association
528 NUUG
</a
>, alongside
<a href=
"https://www.efn.no/
">the member
529 association EFN
</a
> and
<a href=
"http://www.imc.no
">the DNS registrar
530 IMC
</a
>, challenging the seizure of the DNS name popcorn-time.no. It
531 was interesting to sit in a court of law for the first time in my
532 life. Our team can be seen in the picture above: attorney Ola
533 Tellesbø, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil
534 Eriksen and NUUG board member Petter Reinholdtsen.
</p
>
536 <p
><a href=
"http://www.domstol.no/no/Enkelt-domstol/follo-tingrett/Nar-gar-rettssaken/Beramming/?cid=AAAA1701301512081262234UJFBVEZZZZZEJBAvtale
">The
537 case at hand
</a
> is that the Norwegian National Authority for
538 Investigation and Prosecution of Economic and Environmental Crime (aka
539 Økokrim) decided on their own, to seize a DNS domain early last
540 year, without following
541 <a href=
"https://www.norid.no/no/regelverk/navnepolitikk/#link12
">the
542 official policy of the Norwegian DNS authority
</a
> which require a
543 court decision. The web site in question was a site covering Popcorn
544 Time. And Popcorn Time is the name of a technology with both legal
545 and illegal applications. Popcorn Time is a client combining
546 searching a Bittorrent directory available on the Internet with
547 downloading/distribute content via Bittorrent and playing the
548 downloaded content on screen. It can be used illegally if it is used
549 to distribute content against the will of the right holder, but it can
550 also be used legally to play a lot of content, for example the
552 <a href=
"https://archive.org/details/movies
">available from the
553 Internet Archive
</a
> or the collection
554 <a href=
"http://vodo.net/films/
">available from Vodo
</a
>. We created
555 <a href=
"magnet:?xt=urn:btih:
86c1802af5a667ca56d3918aecb7d3c0f7173084
&dn=PresentasjonFolloTingrett.mov
&tr=udp%
3A%
2F%
2Fpublic.popcorn-tracker.org%
3A6969%
2Fannounce
">a
556 video demonstrating legally use of Popcorn Time
</a
> and played it in
557 Court. It can of course be downloaded using Bittorrent.
</p
>
559 <p
>I did not quite know what to expect from a day in court. The
560 government held on to their version of the story and we held on to
561 ours, and I hope the judge is able to make sense of it all. We will
562 know in two weeks time. Unfortunately I do not have high hopes, as
563 the Government have the upper hand here with more knowledge about the
564 case, better training in handling criminal law and in general higher
565 standing in the courts than fairly unknown DNS registrar and member
566 associations. It is expensive to be right also in Norway. So far the
567 case have cost more than NOK
70 000,-. To help fund the case, NUUG
568 and EFN have asked for donations, and managed to collect around NOK
25
569 000,- so far. Given the presentation from the Government, I expect
570 the government to appeal if the case go our way. And if the case do
571 not go our way, I hope we have enough funding to appeal.
</p
>
573 <p
>From the other side came two people from Økokrim. On the benches,
574 appearing to be part of the group from the government were two people
575 from the Simonsen Vogt Wiik lawyer office, and three others I am not
576 quite sure who was. Økokrim had proposed to present two witnesses
577 from The Motion Picture Association, but this was rejected because
578 they did not speak Norwegian and it was a bit late to bring in a
579 translator, but perhaps the two from MPA were present anyway. All
580 seven appeared to know each other. Good to see the case is take
583 <p
>If you, like me, believe the courts should be involved before a DNS
584 domain is hijacked by the government, or you believe the Popcorn Time
585 technology have a lot of useful and legal applications, I suggest you
586 too
<a href=
"http://www.nuug.no/dns-beslag-donasjon.shtml
">donate to
587 the NUUG defense fund
</a
>. Both Bitcoin and bank transfer are
588 available. If NUUG get more than we need for the legal action (very
589 unlikely), the rest will be spend promoting free software, open
590 standards and unix-like operating systems in Norway, so no matter what
591 happens the money will be put to good use.
</p
>
593 <p
>If you want to lean more about the case, I recommend you check out
594 <a href=
"https://www.nuug.no/news/tags/dns-domenebeslag/
">the blog
595 posts from NUUG covering the case
</a
>. They cover the legal arguments
596 on both sides.
</p
>
projects / homepage.git / blob