1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>Epost inn som arkivformat i Riksarkivarens forskrift?
</title>
11 <link>http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Epost_inn_som_arkivformat_i_Riksarkivarens_forskrift_.html
</guid>
13 <pubDate>Thu,
27 Apr
2017 11:
30:
00 +
0200</pubDate>
14 <description><p
>I disse dager, med frist
1. mai, har Riksarkivaren ute en høring på
15 sin forskrift. Som en kan se er det ikke mye tid igjen før fristen
16 som går ut på søndag. Denne forskriften er det som lister opp hvilke
17 formater det er greit å arkivere i
18 <a href=
"http://www.arkivverket.no/arkivverket/Offentleg-forvalting/Noark/Noark-
5">Noark
19 5-løsninger
</a
> i Norge.
</p
>
21 <p
>Jeg fant høringsdokumentene hos
22 <a href=
"https://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing
">Norsk
23 Arkivråd
</a
> etter å ha blitt tipset på epostlisten til
24 <a href=
"https://github.com/hiOA-ABI/nikita-noark5-core
">fri
25 programvareprosjektet Nikita Noark5-Core
</a
>, som lager et Noark
5
26 Tjenestegresesnitt. Jeg er involvert i Nikita-prosjektet og takket
27 være min interesse for tjenestegrensesnittsprosjektet har jeg lest en
28 god del Noark
5-relaterte dokumenter, og til min overraskelse oppdaget
29 at standard epost ikke er på listen over godkjente formater som kan
30 arkiveres. Høringen med frist søndag er en glimrende mulighet til å
31 forsøke å gjøre noe med det. Jeg holder på med
32 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/hoering-arkivforskrift.md
">egen
33 høringsuttalelse
</a
>, og lurer på om andre er interessert i å støtte
34 forslaget om å tillate arkivering av epost som epost i arkivet.
</p
>
36 <p
>Er du igang med å skrive egen høringsuttalelse allerede? I så fall
37 kan du jo vurdere å ta med en formulering om epost-lagring. Jeg tror
38 ikke det trengs så mye. Her et kort forslag til tekst:
</p
>
40 <p
><blockquote
>
42 <p
>Viser til høring sendt ut
2017-
02-
17 (Riksarkivarens referanse
43 2016/
9840 HELHJO), og tillater oss å sende inn noen innspill om
44 revisjon av Forskrift om utfyllende tekniske og arkivfaglige
45 bestemmelser om behandling av offentlige arkiver (Riksarkivarens
48 <p
>Svært mye av vår kommuikasjon foregår i dag på e-post. Vi
49 foreslår derfor at Internett-e-post, slik det er beskrevet i IETF
51 <a href=
"https://tools.ietf.org/html/rfc5322
">https://tools.ietf.org/html/rfc5322
</a
>. bør
52 inn som godkjent dokumentformat. Vi foreslår at forskriftens
53 oversikt over godkjente dokumentformater ved innlevering i §
5-
16
54 endres til å ta med Internett-e-post.
</p
>
56 </blockquote
></p
>
58 <p
>Som del av arbeidet med tjenestegrensesnitt har vi testet hvordan
59 epost kan lagres i en Noark
5-struktur, og holder på å skrive et
60 forslag om hvordan dette kan gjøres som vil bli sendt over til
61 arkivverket så snart det er ferdig. De som er interesserte kan
62 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/docs/epostlagring.md
">følge
63 fremdriften på web
</a
>.
</p
>
68 <title>Offentlig elektronisk postjournal blokkerer tilgang for utvalgte webklienter
</title>
69 <link>http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html
</link>
70 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Offentlig_elektronisk_postjournal_blokkerer_tilgang_for_utvalgte_webklienter.html
</guid>
71 <pubDate>Thu,
20 Apr
2017 13:
00:
00 +
0200</pubDate>
72 <description><p
>Jeg oppdaget i dag at
<a href=
"https://www.oep.no/
">nettstedet som
73 publiserer offentlige postjournaler fra statlige etater
</a
>, OEP, har
74 begynt å blokkerer enkelte typer webklienter fra å få tilgang. Vet
75 ikke hvor mange det gjelder, men det gjelder i hvert fall libwww-perl
76 og curl. For å teste selv, kjør følgende:
</p
>
78 <blockquote
><pre
>
79 % curl -v -s https://www.oep.no/pub/report.xhtml?reportId=
3 2>&1 |grep
'< HTTP
'
80 < HTTP/
1.1 404 Not Found
81 % curl -v -s --header
'User-Agent:Opera/
12.0' https://www.oep.no/pub/report.xhtml?reportId=
3 2>&1 |grep
'< HTTP
'
84 </pre
></blockquote
>
86 <p
>Her kan en se at tjenesten gir «
404 Not Found» for curl i
87 standardoppsettet, mens den gir «
200 OK» hvis curl hevder å være Opera
88 versjon
12.0. Offentlig elektronisk postjournal startet blokkeringen
91 <p
>Blokkeringen vil gjøre det litt vanskeligere å maskinelt hente
92 informasjon fra oep.no. Kan blokkeringen være gjort for å hindre
93 automatisert innsamling av informasjon fra OEP, slik Pressens
94 Offentlighetsutvalg gjorde for å dokumentere hvordan departementene
96 <a href=
"http://presse.no/dette-mener-np/undergraver-offentlighetsloven/
">rapporten
97 «Slik hindrer departementer innsyn» som ble publiserte i januar
98 2017</a
>. Det virker usannsynlig, da det jo er trivielt å bytte
99 User-Agent til noe nytt.
</p
>
101 <p
>Finnes det juridisk grunnlag for det offentlige å diskriminere
102 webklienter slik det gjøres her? Der tilgang gis eller ikke alt etter
103 hva klienten sier at den heter? Da OEP eies av DIFI og driftes av
104 Basefarm, finnes det kanskje noen dokumenter sendt mellom disse to
105 aktørene man kan be om innsyn i for å forstå hva som har skjedd. Men
106 <a href=
"https://www.oep.no/search/result.html?period=dateRange
&fromDate=
01.01.2016&toDate=
01.04.2017&dateType=documentDate
&caseDescription=
&descType=both
&caseNumber=
&documentNumber=
&sender=basefarm
&senderType=both
&documentType=all
&legalAuthority=
&archiveCode=
&list2=
196&searchType=advanced
&Search=Search+in+records
">postjournalen
107 til DIFI viser kun to dokumenter
</a
> det siste året mellom DIFI og
109 <a href=
"https://www.mimesbronn.no/request/blokkering_av_tilgang_til_oep_fo
">Mimes brønn neste
</a
>,
110 tenker jeg.
</p
>
115 <title>Free software archive system Nikita now able to store documents
</title>
116 <link>http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html
</link>
117 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html
</guid>
118 <pubDate>Sun,
19 Mar
2017 08:
00:
00 +
0100</pubDate>
119 <description><p
>The
<a href=
"https://github.com/hiOA-ABI/nikita-noark5-core
">Nikita
120 Noark
5 core project
</a
> is implementing the Norwegian standard for
121 keeping an electronic archive of government documents.
122 <a href=
"http://www.arkivverket.no/arkivverket/Offentlig-forvaltning/Noark/Noark-
5/English-version
">The
123 Noark
5 standard
</a
> document the requirement for data systems used by
124 the archives in the Norwegian government, and the Noark
5 web interface
125 specification document a REST web service for storing, searching and
126 retrieving documents and metadata in such archive. I
've been involved
127 in the project since a few weeks before Christmas, when the Norwegian
129 <a href=
"https://www.nuug.no/news/NOARK5_kjerne_som_fri_programvare_f_r_epostliste_hos_NUUG.shtml
">announced
130 it supported the project
</a
>. I believe this is an important project,
131 and hope it can make it possible for the government archives in the
132 future to use free software to keep the archives we citizens depend
133 on. But as I do not hold such archive myself, personally my first use
134 case is to store and analyse public mail journal metadata published
135 from the government. I find it useful to have a clear use case in
136 mind when developing, to make sure the system scratches one of my
139 <p
>If you would like to help make sure there is a free software
140 alternatives for the archives, please join our IRC channel
141 (
<a href=
"irc://irc.freenode.net/%
23nikita
"">#nikita on
142 irc.freenode.net
</a
>) and
143 <a href=
"https://lists.nuug.no/mailman/listinfo/nikita-noark
">the
144 project mailing list
</a
>.
</p
>
146 <p
>When I got involved, the web service could store metadata about
147 documents. But a few weeks ago, a new milestone was reached when it
148 became possible to store full text documents too. Yesterday, I
149 completed an implementation of a command line tool
150 <tt
>archive-pdf
</tt
> to upload a PDF file to the archive using this
151 API. The tool is very simple at the moment, and find existing
152 <a href=
"https://en.wikipedia.org/wiki/Fonds
">fonds
</a
>, series and
153 files while asking the user to select which one to use if more than
154 one exist. Once a file is identified, the PDF is associated with the
155 file and uploaded, using the title extracted from the PDF itself. The
156 process is fairly similar to visiting the archive, opening a cabinet,
157 locating a file and storing a piece of paper in the archive. Here is
158 a test run directly after populating the database with test data using
159 our API tester:
</p
>
161 <p
><blockquote
><pre
>
162 ~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf
163 using arkiv: Title of the test fonds created
2017-
03-
18T23:
49:
32.103446
164 using arkivdel: Title of the test series created
2017-
03-
18T23:
49:
32.103446
166 0 - Title of the test case file created
2017-
03-
18T23:
49:
32.103446
167 1 - Title of the test file created
2017-
03-
18T23:
49:
32.103446
168 Select which mappe you want (or search term):
0
169 Uploading mangelmelding/mangler.pdf
170 PDF title: Mangler i spesifikasjonsdokumentet for NOARK
5 Tjenestegrensesnitt
171 File
2017/
1: Title of the test case file created
2017-
03-
18T23:
49:
32.103446
172 ~/src//noark5-tester$
173 </pre
></blockquote
></p
>
175 <p
>You can see here how the fonds (arkiv) and serie (arkivdel) only had
176 one option, while the user need to choose which file (mappe) to use
177 among the two created by the API tester. The
<tt
>archive-pdf
</tt
>
178 tool can be found in the git repository for the API tester.
</p
>
180 <p
>In the project, I have been mostly working on
181 <a href=
"https://github.com/petterreinholdtsen/noark5-tester
">the API
182 tester
</a
> so far, while getting to know the code base. The API
184 <a href=
"https://en.wikipedia.org/wiki/HATEOAS
">the HATEOAS links
</a
>
185 to traverse the entire exposed service API and verify that the exposed
186 operations and objects match the specification, as well as trying to
187 create objects holding metadata and uploading a simple XML file to
188 store. The tester has proved very useful for finding flaws in our
189 implementation, as well as flaws in the reference site and the
190 specification.
</p
>
192 <p
>The test document I uploaded is a summary of all the specification
193 defects we have collected so far while implementing the web service.
194 There are several unclear and conflicting parts of the specification,
196 <a href=
"https://github.com/petterreinholdtsen/noark5-tester/tree/master/mangelmelding
">started
197 writing down
</a
> the questions we get from implementing it. We use a
198 format inspired by how
<a href=
"http://www.opengroup.org/austin/
">The
199 Austin Group
</a
> collect defect reports for the POSIX standard with
200 <a href=
"http://www.opengroup.org/austin/mantis.html
">their
201 instructions for the MANTIS defect tracker system
</a
>, in lack of an official way to structure defect reports for Noark
5 (our first submitted defect report was a
<a href=
"https://github.com/petterreinholdtsen/noark5-tester/blob/master/mangelmelding/sendt/
2017-
03-
15-mangel-prosess.md
">request for a procedure for submitting defect reports
</a
> :).
203 <p
>The Nikita project is implemented using Java and Spring, and is
204 fairly easy to get up and running using Docker containers for those
205 that want to test the current code base. The API tester is
206 implemented in Python.
</p
>
211 <title>Detecting NFS hangs on Linux without hanging yourself...
</title>
212 <link>http://people.skolelinux.org/pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html
</link>
213 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html
</guid>
214 <pubDate>Thu,
9 Mar
2017 15:
20:
00 +
0100</pubDate>
215 <description><p
>Over the years, administrating thousand of NFS mounting linux
216 computers at the time, I often needed a way to detect if the machine
217 was experiencing NFS hang. If you try to use
<tt
>df
</tt
> or look at a
218 file or directory affected by the hang, the process (and possibly the
219 shell) will hang too. So you want to be able to detect this without
220 risking the detection process getting stuck too. It has not been
221 obvious how to do this. When the hang has lasted a while, it is
222 possible to find messages like these in dmesg:
</p
>
224 <p
><blockquote
>
225 nfs: server nfsserver not responding, still trying
226 <br
>nfs: server nfsserver OK
227 </blockquote
></p
>
229 <p
>It is hard to know if the hang is still going on, and it is hard to
230 be sure looking in dmesg is going to work. If there are lots of other
231 messages in dmesg the lines might have rotated out of site before they
232 are noticed.
</p
>
234 <p
>While reading through the nfs client implementation in linux kernel
235 code, I came across some statistics that seem to give a way to detect
236 it. The om_timeouts sunrpc value in the kernel will increase every
237 time the above log entry is inserted into dmesg. And after digging a
238 bit further, I discovered that this value show up in
239 /proc/self/mountstats on Linux.
</p
>
241 <p
>The mountstats content seem to be shared between files using the
242 same file system context, so it is enough to check one of the
243 mountstats files to get the state of the mount point for the machine.
244 I assume this will not show lazy umounted NFS points, nor NFS mount
245 points in a different process context (ie with a different filesystem
246 view), but that does not worry me.
</p
>
248 <p
>The content for a NFS mount point look similar to this:
</p
>
250 <p
><blockquote
><pre
>
252 device /dev/mapper/Debian-var mounted on /var with fstype ext3
253 device nfsserver:/mnt/nfsserver/home0 mounted on /mnt/nfsserver/home0 with fstype nfs statvers=
1.1
254 opts: rw,vers=
3,rsize=
65536,wsize=
65536,namlen=
255,acregmin=
3,acregmax=
60,acdirmin=
30,acdirmax=
60,soft,nolock,proto=tcp,timeo=
600,retrans=
2,sec=sys,mountaddr=
129.240.3.145,mountvers=
3,mountport=
4048,mountproto=udp,local_lock=all
256 caps: caps=
0x3fe7,wtmult=
4096,dtsize=
8192,bsize=
0,namlen=
255
257 sec: flavor=
1,pseudoflavor=
1
258 events:
61063112 732346265 1028140 35486205 16220064 8162542 761447191 71714012 37189 3891185 45561809 110486139 4850138 420353 15449177 296502 52736725 13523379 0 52182 9016896 1231 0 0 0 0 0
259 bytes:
166253035039 219519120027 0 0 40783504807 185466229638 11677877 45561809
260 RPC iostats version:
1.0 p/v:
100003/
3 (nfs)
261 xprt: tcp
925 1 6810 0 0 111505412 111480497 109 2672418560317 0 248 53869103 22481820
263 NULL:
0 0 0 0 0 0 0 0
264 GETATTR:
61063106 61063108 0 9621383060 6839064400 453650 77291321 78926132
265 SETATTR:
463469 463470 0 92005440 66739536 63787 603235 687943
266 LOOKUP:
17021657 17021657 0 3354097764 4013442928 57216 35125459 35566511
267 ACCESS:
14281703 14290009 5 2318400592 1713803640 1709282 4865144 7130140
268 READLINK:
125 125 0 20472 18620 0 1112 1118
269 READ:
4214236 4214237 0 715608524 41328653212 89884 22622768 22806693
270 WRITE:
8479010 8494376 22 187695798568 1356087148 178264904 51506907 231671771
271 CREATE:
171708 171708 0 38084748 46702272 873 1041833 1050398
272 MKDIR:
3680 3680 0 773980 993920 26 23990 24245
273 SYMLINK:
903 903 0 233428 245488 6 5865 5917
274 MKNOD:
80 80 0 20148 21760 0 299 304
275 REMOVE:
429921 429921 0 79796004 61908192 3313 2710416 2741636
276 RMDIR:
3367 3367 0 645112 484848 22 5782 6002
277 RENAME:
466201 466201 0 130026184 121212260 7075 5935207 5961288
278 LINK:
289155 289155 0 72775556 67083960 2199 2565060 2585579
279 READDIR:
2933237 2933237 0 516506204 13973833412 10385 3190199 3297917
280 READDIRPLUS:
1652839 1652839 0 298640972 6895997744 84735 14307895 14448937
281 FSSTAT:
6144 6144 0 1010516 1032192 51 9654 10022
282 FSINFO:
2 2 0 232 328 0 1 1
283 PATHCONF:
1 1 0 116 140 0 0 0
284 COMMIT:
0 0 0 0 0 0 0 0
286 device binfmt_misc mounted on /proc/sys/fs/binfmt_misc with fstype binfmt_misc
288 </pre
></blockquote
></p
>
290 <p
>The key number to look at is the third number in the per-op list.
291 It is the number of NFS timeouts experiences per file system
292 operation. Here
22 write timeouts and
5 access timeouts. If these
293 numbers are increasing, I believe the machine is experiencing NFS
294 hang. Unfortunately the timeout value do not start to increase right
295 away. The NFS operations need to time out first, and this can take a
296 while. The exact timeout value depend on the setup. For example the
297 defaults for TCP and UDP mount points are quite different, and the
298 timeout value is affected by the soft, hard, timeo and retrans NFS
299 mount options.
</p
>
301 <p
>The only way I have been able to get working on Debian and RedHat
302 Enterprise Linux for getting the timeout count is to peek in /proc/.
304 <ahref=
"http://docs.oracle.com/cd/E19253-
01/
816-
4555/netmonitor-
12/index.html
">Solaris
305 10 System Administration Guide: Network Services
</a
>, the
'nfsstat -c
'
306 command can be used to get these timeout values. But this do not work
307 on Linux, as far as I can tell. I
308 <ahref=
"http://bugs.debian.org/
857043">asked Debian about this
</a
>,
309 but have not seen any replies yet.
</p
>
311 <p
>Is there a better way to figure out if a Linux NFS client is
312 experiencing NFS hangs? Is there a way to detect which processes are
313 affected? Is there a way to get the NFS mount going quickly once the
314 network problem causing the NFS hang has been cleared? I would very
315 much welcome some clues, as we regularly run into NFS hangs.
</p
>
320 <title>How does it feel to be wiretapped, when you should be doing the wiretapping...
</title>
321 <link>http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html
</link>
322 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html
</guid>
323 <pubDate>Wed,
8 Mar
2017 11:
50:
00 +
0100</pubDate>
324 <description><p
>So the new president in the United States of America claim to be
325 surprised to discover that he was wiretapped during the election
326 before he was elected president. He even claim this must be illegal.
327 Well, doh, if it is one thing the confirmations from Snowden
328 documented, it is that the entire population in USA is wiretapped, one
329 way or another. Of course the president candidates were wiretapped,
330 alongside the senators, judges and the rest of the people in USA.
</p
>
332 <p
>Next, the Federal Bureau of Investigation ask the Department of
333 Justice to go public rejecting the claims that Donald Trump was
334 wiretapped illegally. I fail to see the relevance, given that I am
335 sure the surveillance industry in USA believe they have all the legal
336 backing they need to conduct mass surveillance on the entire
339 <p
>There is even the director of the FBI stating that he never saw an
340 order requesting wiretapping of Donald Trump. That is not very
341 surprising, given how the FISA court work, with all its activity being
342 secret. Perhaps he only heard about it?
</p
>
344 <p
>What I find most sad in this story is how Norwegian journalists
345 present it. In a news reports the other day in the radio from the
346 Norwegian National broadcasting Company (NRK), I heard the journalist
347 claim that
'the FBI denies any wiretapping
', while the reality is that
348 'the FBI denies any illegal wiretapping
'. There is a fundamental and
349 important difference, and it make me sad that the journalists are
350 unable to grasp it.
</p
>
352 <p
><strong
>Update
2017-
03-
13:
</strong
> Look like
353 <a href=
"https://theintercept.com/
2017/
03/
13/rand-paul-is-right-nsa-routinely-monitors-americans-communications-without-warrants/
">The
354 Intercept report that US Senator Rand Paul confirm what I state above
</a
>.
</p
>
359 <title>Norwegian Bokmål translation of The Debian Administrator
's Handbook complete, proofreading in progress
</title>
360 <link>http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html
</link>
361 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html
</guid>
362 <pubDate>Fri,
3 Mar
2017 14:
50:
00 +
0100</pubDate>
363 <description><p
>For almost a year now, we have been working on making a Norwegian
364 Bokmål edition of
<a href=
"https://debian-handbook.info/
">The Debian
365 Administrator
's Handbook
</a
>. Now, thanks to the tireless effort of
366 Ole-Erik, Ingrid and Andreas, the initial translation is complete, and
367 we are working on the proof reading to ensure consistent language and
368 use of correct computer science terms. The plan is to make the book
369 available on paper, as well as in electronic form. For that to
370 happen, the proof reading must be completed and all the figures need
371 to be translated. If you want to help out, get in touch.
</p
>
373 <p
><a href=
"http://people.skolelinux.org/pere/debian-handbook/debian-handbook-nb-NO.pdf
">A
375 fresh PDF edition
</a
> in A4 format (the final book will have smaller
376 pages) of the book created every morning is available for
377 proofreading. If you find any errors, please
378 <a href=
"https://hosted.weblate.org/projects/debian-handbook/
">visit
379 Weblate and correct the error
</a
>. The
380 <a href=
"http://l.github.io/debian-handbook/stat/nb-NO/index.html
">state
381 of the translation including figures
</a
> is a useful source for those
382 provide Norwegian bokmål screen shots and figures.
</p
>
387 <title>Unlimited randomness with the ChaosKey?
</title>
388 <link>http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html
</link>
389 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Unlimited_randomness_with_the_ChaosKey_.html
</guid>
390 <pubDate>Wed,
1 Mar
2017 20:
50:
00 +
0100</pubDate>
391 <description><p
>A few days ago I ordered a small batch of
392 <a href=
"http://altusmetrum.org/ChaosKey/
">the ChaosKey
</a
>, a small
393 USB dongle for generating entropy created by Bdale Garbee and Keith
394 Packard. Yesterday it arrived, and I am very happy to report that it
395 work great! According to its designers, to get it to work out of the
396 box, you need the Linux kernel version
4.1 or later. I tested on a
397 Debian Stretch machine (kernel version
4.9), and there it worked just
398 fine, increasing the available entropy very quickly. I wrote a small
399 test oneliner to test. It first print the current entropy level,
400 drain /dev/random, and then print the entropy level for five seconds.
401 Here is the situation without the ChaosKey inserted:
</p
>
403 <blockquote
><pre
>
404 % cat /proc/sys/kernel/random/entropy_avail; \
405 dd bs=
1M if=/dev/random of=/dev/null count=
1; \
406 for n in $(seq
1 5); do \
407 cat /proc/sys/kernel/random/entropy_avail; \
413 28 byte kopiert,
0,
000264565 s,
106 kB/s
420 </pre
></blockquote
>
422 <p
>The entropy level increases by
3-
4 every second. In such case any
423 application requiring random bits (like a HTTPS enabled web server)
424 will halt and wait for more entrpy. And here is the situation with
425 the ChaosKey inserted:
</p
>
427 <blockquote
><pre
>
428 % cat /proc/sys/kernel/random/entropy_avail; \
429 dd bs=
1M if=/dev/random of=/dev/null count=
1; \
430 for n in $(seq
1 5); do \
431 cat /proc/sys/kernel/random/entropy_avail; \
437 104 byte kopiert,
0,
000487647 s,
213 kB/s
444 </pre
></blockquote
>
446 <p
>Quite the difference. :) I bought a few more than I need, in case
447 someone want to buy one here in Norway. :)
</p
>
449 <p
>Update: The dongle was presented at Debconf last year. You might
450 find
<a href=
"https://debconf16.debconf.org/talks/
94/
">the talk
451 recording illuminating
</a
>. It explains exactly what the source of
452 randomness is, if you are unable to spot it from the schema drawing
453 available from the ChaosKey web site linked at the start of this blog
459 <title>Detect OOXML files with undefined behaviour?
</title>
460 <link>http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html
</link>
461 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Detect_OOXML_files_with_undefined_behaviour_.html
</guid>
462 <pubDate>Tue,
21 Feb
2017 00:
20:
00 +
0100</pubDate>
463 <description><p
>I just noticed
464 <a href=
"http://www.arkivrad.no/aktuelt/riksarkivarens-forskrift-pa-horing
">the
465 new Norwegian proposal for archiving rules in the goverment
</a
> list
466 <a href=
"http://www.ecma-international.org/publications/standards/Ecma-
376.htm
">ECMA-
376</a
>
467 / ISO/IEC
29500 (aka OOXML) as valid formats to put in long term
468 storage. Luckily such files will only be accepted based on
469 pre-approval from the National Archive. Allowing OOXML files to be
470 used for long term storage might seem like a good idea as long as we
471 forget that there are plenty of ways for a
"valid
" OOXML document to
472 have content with no defined interpretation in the standard, which
473 lead to a question and an idea.
</p
>
475 <p
>Is there any tool to detect if a OOXML document depend on such
476 undefined behaviour? It would be useful for the National Archive (and
477 anyone else interested in verifying that a document is well defined)
478 to have such tool available when considering to approve the use of
479 OOXML. I
'm aware of the
480 <a href=
"https://github.com/arlm/officeotron/
">officeotron OOXML
481 validator
</a
>, but do not know how complete it is nor if it will
482 report use of undefined behaviour. Are there other similar tools
483 available? Please send me an email if you know of any such tool.
</p
>
488 <title>Ruling ignored our objections to the seizure of popcorn-time.no (#domstolkontroll)
</title>
489 <link>http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html
</link>
490 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Ruling_ignored_our_objections_to_the_seizure_of_popcorn_time_no___domstolkontroll_.html
</guid>
491 <pubDate>Mon,
13 Feb
2017 21:
30:
00 +
0100</pubDate>
492 <description><p
>A few days ago, we received the ruling from
493 <a href=
"http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
">my
494 day in court
</a
>. The case in question is a challenge of the seizure
495 of the DNS domain popcorn-time.no. The ruling simply did not mention
496 most of our arguments, and seemed to take everything ØKOKRIM said at
497 face value, ignoring our demonstration and explanations. But it is
498 hard to tell for sure, as we still have not seen most of the documents
499 in the case and thus were unprepared and unable to contradict several
500 of the claims made in court by the opposition. We are considering an
501 appeal, but it is partly a question of funding, as it is costing us
502 quite a bit to pay for our lawyer. If you want to help, please
503 <a href=
"http://www.nuug.no/dns-beslag-donasjon.shtml
">donate to the
504 NUUG defense fund
</a
>.
</p
>
506 <p
>The details of the case, as far as we know it, is available in
508 <a href=
"https://www.nuug.no/news/tags/dns-domenebeslag/
">the NUUG
509 blog
</a
>. This also include
510 <a href=
"https://www.nuug.no/news/Avslag_etter_rettslig_h_ring_om_DNS_beslaget___vurderer_veien_videre.shtml
">the
511 ruling itself
</a
>.
</p
>
516 <title>A day in court challenging seizure of popcorn-time.no for #domstolkontroll
</title>
517 <link>http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
</link>
518 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/A_day_in_court_challenging_seizure_of_popcorn_time_no_for__domstolkontroll.html
</guid>
519 <pubDate>Fri,
3 Feb
2017 11:
10:
00 +
0100</pubDate>
520 <description><p align=
"center
"><img width=
"70%
" src=
"http://people.skolelinux.org/pere/blog/images/
2017-
02-
01-popcorn-time-in-court.jpeg
"></p
>
522 <p
>On Wednesday, I spent the entire day in court in Follo Tingrett
523 representing
<a href=
"https://www.nuug.no/
">the member association
524 NUUG
</a
>, alongside
<a href=
"https://www.efn.no/
">the member
525 association EFN
</a
> and
<a href=
"http://www.imc.no
">the DNS registrar
526 IMC
</a
>, challenging the seizure of the DNS name popcorn-time.no. It
527 was interesting to sit in a court of law for the first time in my
528 life. Our team can be seen in the picture above: attorney Ola
529 Tellesbø, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil
530 Eriksen and NUUG board member Petter Reinholdtsen.
</p
>
532 <p
><a href=
"http://www.domstol.no/no/Enkelt-domstol/follo-tingrett/Nar-gar-rettssaken/Beramming/?cid=AAAA1701301512081262234UJFBVEZZZZZEJBAvtale
">The
533 case at hand
</a
> is that the Norwegian National Authority for
534 Investigation and Prosecution of Economic and Environmental Crime (aka
535 Økokrim) decided on their own, to seize a DNS domain early last
536 year, without following
537 <a href=
"https://www.norid.no/no/regelverk/navnepolitikk/#link12
">the
538 official policy of the Norwegian DNS authority
</a
> which require a
539 court decision. The web site in question was a site covering Popcorn
540 Time. And Popcorn Time is the name of a technology with both legal
541 and illegal applications. Popcorn Time is a client combining
542 searching a Bittorrent directory available on the Internet with
543 downloading/distribute content via Bittorrent and playing the
544 downloaded content on screen. It can be used illegally if it is used
545 to distribute content against the will of the right holder, but it can
546 also be used legally to play a lot of content, for example the
548 <a href=
"https://archive.org/details/movies
">available from the
549 Internet Archive
</a
> or the collection
550 <a href=
"http://vodo.net/films/
">available from Vodo
</a
>. We created
551 <a href=
"magnet:?xt=urn:btih:
86c1802af5a667ca56d3918aecb7d3c0f7173084
&dn=PresentasjonFolloTingrett.mov
&tr=udp%
3A%
2F%
2Fpublic.popcorn-tracker.org%
3A6969%
2Fannounce
">a
552 video demonstrating legally use of Popcorn Time
</a
> and played it in
553 Court. It can of course be downloaded using Bittorrent.
</p
>
555 <p
>I did not quite know what to expect from a day in court. The
556 government held on to their version of the story and we held on to
557 ours, and I hope the judge is able to make sense of it all. We will
558 know in two weeks time. Unfortunately I do not have high hopes, as
559 the Government have the upper hand here with more knowledge about the
560 case, better training in handling criminal law and in general higher
561 standing in the courts than fairly unknown DNS registrar and member
562 associations. It is expensive to be right also in Norway. So far the
563 case have cost more than NOK
70 000,-. To help fund the case, NUUG
564 and EFN have asked for donations, and managed to collect around NOK
25
565 000,- so far. Given the presentation from the Government, I expect
566 the government to appeal if the case go our way. And if the case do
567 not go our way, I hope we have enough funding to appeal.
</p
>
569 <p
>From the other side came two people from Økokrim. On the benches,
570 appearing to be part of the group from the government were two people
571 from the Simonsen Vogt Wiik lawyer office, and three others I am not
572 quite sure who was. Økokrim had proposed to present two witnesses
573 from The Motion Picture Association, but this was rejected because
574 they did not speak Norwegian and it was a bit late to bring in a
575 translator, but perhaps the two from MPA were present anyway. All
576 seven appeared to know each other. Good to see the case is take
579 <p
>If you, like me, believe the courts should be involved before a DNS
580 domain is hijacked by the government, or you believe the Popcorn Time
581 technology have a lot of useful and legal applications, I suggest you
582 too
<a href=
"http://www.nuug.no/dns-beslag-donasjon.shtml
">donate to
583 the NUUG defense fund
</a
>. Both Bitcoin and bank transfer are
584 available. If NUUG get more than we need for the legal action (very
585 unlikely), the rest will be spend promoting free software, open
586 standards and unix-like operating systems in Norway, so no matter what
587 happens the money will be put to good use.
</p
>
589 <p
>If you want to lean more about the case, I recommend you check out
590 <a href=
"https://www.nuug.no/news/tags/dns-domenebeslag/
">the blog
591 posts from NUUG covering the case
</a
>. They cover the legal arguments
592 on both sides.
</p
>
projects / homepage.git / blob