<div class="entry">
<div class="title">
- <a href="http://people.skolelinux.org/pere/blog/s3ql__a_locally_mounted_cloud_file_system___nice_free_software.html">s3ql, a locally mounted cloud file system - nice free software</a>
+ <a href="http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html">How to talk with your loved ones in private</a>
+ </div>
+ <div class="date">
+ 7th November 2016
+ </div>
+ <div class="body">
+ <p>A few days ago I ran a very biased and informal survey to get an
+idea about what options are being used to communicate with end to end
+encryption with friends and family. I explicitly asked people not to
+list options only used in a work setting. The background is the
+uneasy feeling I get when using Signal, a feeling shared by others as
+a blog post from Sander Venima about
+<a href="https://sandervenema.ch/2016/11/why-i-wont-recommend-signal-anymore/">why
+he do not recommend Signal anymore</a> (with
+<a href="https://news.ycombinator.com/item?id=12883410">feedback from
+the Signal author available from ycombinator</a>). I wanted an
+overview of the options being used, and hope to include those options
+in a less biased survey later on. So far I have not taken the time to
+look into the individual proposed systems. They range from text
+sharing web pages, via file sharing and email to instant messaging,
+VOIP and video conferencing. For those considering which system to
+use, it is also useful to have a look at
+<a href="https://www.eff.org/secure-messaging-scorecard">the EFF Secure
+messaging scorecard</a> which is slightly out of date but still
+provide valuable information.</p>
+
+<p>So, on to the list. There were some used by many, some used by a
+few, some rarely used ones and a few mentioned but without anyone
+claiming to use them. Notice the grouping is in reality quite random
+given the biased self selected set of participants. First the ones
+used by many:</p>
+
+<ul>
+
+<li><a href="https://whispersystems.org/">Signal</a></li>
+<li>Email w/<a href="http://openpgp.org/">OpenPGP</a> (Enigmail, GPGSuite,etc)</li>
+<li><a href="https://www.whatsapp.com/">Whatsapp</a></li>
+<li>IRC w/<a href="https://otr.cypherpunks.ca/">OTR</a></li>
+<li>XMPP w/<a href="https://otr.cypherpunks.ca/">OTR</a></li>
+
+</ul>
+
+<p>Then the ones used by a few.</p>
+
+<ul>
+
+<li><a href="https://wiki.mumble.info/wiki/Main_Page">Mumble</a></li>
+<li>iMessage (included in iOS from Apple)</li>
+<li><a href="https://telegram.org/">Telegram</a></li>
+<li><a href="https://jitsi.org/">Jitsi</a></li>
+<li><a href="https://keybase.io/download">Keybase file</a></li>
+
+</ul>
+
+<p>Then the ones used by even fewer people</p>
+
+<ul>
+
+<li><a href="https://ring.cx/">Ring</a></li>
+<li><a href="https://bitmessage.org/">Bitmessage</a></li>
+<li><a href="https://wire.com/">Wire</a></li>
+<li>VoIP w/<a href="https://en.wikipedia.org/wiki/ZRTP">ZRTP</a> or controlled <a href="https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol">SRTP</a> (e.g using <a href="https://en.wikipedia.org/wiki/CSipSimple">CSipSimple</a>, <a href="https://en.wikipedia.org/wiki/Linphone">Linphone</a>)</li>
+<li><a href="https://matrix.org/">Matrix</a></li>
+<li><a href="https://kontalk.org/">Kontalk</a></li>
+<li><a href="https://0bin.net/">0bin</a> (encrypted pastebin)</li>
+<li><a href="https://appear.in">Appear.in</a></li>
+<li><a href="https://riot.im/">riot</a></li>
+<li><a href="https://www.wickr.com/">Wickr Me</a></li>
+
+</ul>
+
+<p>And finally the ones mentioned by not marked as used by
+anyone. This might be a mistake, perhaps the person adding the entry
+forgot to flag it as used?</p>
+
+<ul>
+
+<li>Email w/Certificates <a href="https://en.wikipedia.org/wiki/S/MIME">S/MIME</a></li>
+<li><a href="https://www.crypho.com/">Crypho</a></li>
+<li><a href="https://cryptpad.fr/">CryptPad</a></li>
+<li><a href="https://github.com/ricochet-im/ricochet">ricochet</a></li>
+
+</ul>
+
+<p>Given the network effect it seem obvious to me that we as a society
+have been divided and conquered by those interested in keeping
+encrypted and secure communication away from the masses. The
+finishing remarks <a href="https://vimeo.com/97505679">from Aral Balkan
+in his talk "Free is a lie"</a> about the usability of free software
+really come into effect when you want to communicate in private with
+your friends and family. We can not expect them to allow the
+usability of communication tool to block their ability to talk to
+their loved ones.</p>
+
+<p>Note for example the option IRC w/OTR. Most IRC clients do not
+have OTR support, so in most cases OTR would not be an option, even if
+you wanted to. In my personal experience, about 1 in 20 I talk to
+have a IRC client with OTR. For private communication to really be
+available, most people to talk to must have the option in their
+currently used client. I can not simply ask my family to install an
+IRC client. I need to guide them through a technical multi-step
+process of adding extensions to the client to get them going. This is
+a non-starter for most.</p>
+
+<p>I would like to be able to do video phone calls, audio phone calls,
+exchange instant messages and share files with my loved ones, without
+being forced to share with people I do not know. I do not want to
+share the content of the conversations, and I do not want to share who
+I communicate with or the fact that I communicate with someone.
+Without all these factors in place, my private life is being more or
+less invaded.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Aktivitetsb_nd_som_beskytter_privatsf_ren.html">Aktivitetsbånd som beskytter privatsfæren</a>
+ </div>
+ <div class="date">
+ 3rd November 2016
+ </div>
+ <div class="body">
+ <p>Jeg ble så imponert over
+<a href="https://www.nrk.no/norge/forbrukerradet-mener-aktivitetsarmband-strider-mot-norsk-lov-1.13209079">dagens
+gladnyhet på NRK</a>, om at Forbrukerrådet klager inn vilkårene for
+bruk av aktivitetsbånd fra Fitbit, Garmin, Jawbone og Mio til
+Datatilsynet og forbrukerombudet, at jeg sendte følgende brev til
+forbrukerrådet for å uttrykke min støtte:
+
+<blockquote>
+
+<p>Jeg ble veldig glad over å lese at Forbrukerrådet
+<a href="http://www.forbrukerradet.no/siste-nytt/klager-inn-aktivitetsarmband-for-brudd-pa-norsk-lov/">klager
+inn flere aktivitetsbånd til Datatilsynet for dårlige vilkår</a>. Jeg
+har ønsket meg et aktivitetsbånd som kan måle puls, bevegelse og
+gjerne også andre helserelaterte indikatorer en stund nå. De eneste
+jeg har funnet i salg gjør, som dere også har oppdaget, graverende
+inngrep i privatsfæren og sender informasjonen ut av huset til folk og
+organisasjoner jeg ikke ønsker å dele aktivitets- og helseinformasjon
+med. Jeg ønsker et alternativ som <em>ikke</em> sender informasjon til
+skyen, men derimot bruker
+<a href="http://people.skolelinux.org/pere/blog/Fri_og__pen_standard__slik_Digistan_ser_det.html">en
+fritt og åpent standardisert</a> protokoll (eller i det minste en
+dokumentert protokoll uten patent- og opphavsrettslige
+bruksbegrensinger) til å kommunisere med datautstyr jeg kontrollerer.
+Er jo ikke interessert i å betale noen for å tilrøve seg
+personopplysninger fra meg. Desverre har jeg ikke funnet noe
+alternativ så langt.</p>
+
+<p>Det holder ikke å endre på bruksvilkårene for enhetene, slik
+Datatilsynet ofte legger opp til i sin behandling, når de gjør slik
+f.eks. Fitbit (den jeg har sett mest på). Fitbit krypterer
+informasjonen på enheten og sender den kryptert til leverandøren. Det
+gjør det i praksis umulig både å sjekke hva slags informasjon som
+sendes over, og umulig å ta imot informasjonen selv i stedet for
+Fitbit. Uansett hva slags historie som forteller i bruksvilkårene er
+en jo både prisgitt leverandørens godvilje og at de ikke tvinges av
+sitt lands myndigheter til å lyve til sine kunder om hvorvidt
+personopplysninger spres ut over det bruksvilkårene sier. Det er
+veldokumentert hvordan f.eks. USA tvinger selskaper vha. såkalte
+National security letters til å utlevere personopplysninger samtidig
+som de ikke får lov til å fortelle dette til kundene sine.</p>
+
+<p>Stå på, jeg er veldig glade for at dere har sett på saken. Vet
+dere om aktivitetsbånd i salg i dag som ikke tvinger en til å utlevere
+aktivitets- og helseopplysninger med leverandøren?</p>
+
+</blockquote>
+
+<p>Jeg håper en konkurrent som respekterer kundenes privatliv klarer å
+nå opp i markedet, slik at det finnes et reelt alternativ for oss som
+har full tillit til at skyleverandører vil prioritere egen inntjening
+og myndighetspålegg langt foran kundenes rett til privatliv. Jeg har
+ingen tiltro til at Datatilsynet vil kreve noe mer enn at vilkårene
+endres slik at de forklarer eksplisitt i hvor stor grad bruk av
+produktene utraderer privatsfæren til kundene. Det vil nok gjøre de
+innklagede armbåndene «lovlige», men fortsatt tvinge kundene til å
+dele sine personopplysninger med leverandøren.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Experience_and_updated_recipe_for_using_the_Signal_app_without_a_mobile_phone.html">Experience and updated recipe for using the Signal app without a mobile phone</a>
+ </div>
+ <div class="date">
+ 10th October 2016
+ </div>
+ <div class="body">
+ <p>In July
+<a href="http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html">I
+wrote how to get the Signal Chrome/Chromium app working</a> without
+the ability to receive SMS messages (aka without a cell phone). It is
+time to share some experiences and provide an updated setup.</p>
+
+<p>The Signal app have worked fine for several months now, and I use
+it regularly to chat with my loved ones. I had a major snag at the
+end of my summer vacation, when the the app completely forgot my
+setup, identity and keys. The reason behind this major mess was
+running out of disk space. To avoid that ever happening again I have
+started storing everything in <tt>userdata/</tt> in git, to be able to
+roll back to an earlier version if the files are wiped by mistake. I
+had to use it once after introducing the git backup. When rolling
+back to an earlier version, one need to use the 'reset session' option
+in Signal to get going, and notify the people you talk with about the
+problem. I assume there is some sequence number tracking in the
+protocol to detect rollback attacks. The git repository is rather big
+(674 MiB so far), but I have not tried to figure out if some of the
+content can be added to a .gitignore file due to lack of spare
+time.</p>
+
+<p>I've also hit the 90 days timeout blocking, and noticed that this
+make it impossible to send messages using Signal. I could still
+receive them, but had to patch the code with a new timestamp to send.
+I believe the timeout is added by the developers to force people to
+upgrade to the latest version of the app, even when there is no
+protocol changes, to reduce the version skew among the user base and
+thus try to keep the number of support requests down.</p>
+
+<p>Since my original recipe, the Signal source code changed slightly,
+making the old patch fail to apply cleanly. Below is an updated
+patch, including the shell wrapper I use to start Signal. The
+original version required a new user to locate the JavaScript console
+and call a function from there. I got help from a friend with more
+JavaScript knowledge than me to modify the code to provide a GUI
+button instead. This mean that to get started you just need to run
+the wrapper and click the 'Register without mobile phone' to get going
+now. I've also modified the timeout code to always set it to 90 days
+in the future, to avoid having to patch the code regularly.</p>
+
+<p>So, the updated recipe for Debian Jessie:</p>
+
+<ol>
+
+<li>First, install required packages to get the source code and the
+browser you need. Signal only work with Chrome/Chromium, as far as I
+know, so you need to install it.
+
+<pre>
+apt install git tor chromium
+git clone https://github.com/WhisperSystems/Signal-Desktop.git
+</pre></li>
+
+<li>Modify the source code using command listed in the the patch
+block below.</li>
+
+<li>Start Signal using the run-signal-app wrapper (for example using
+<tt>`pwd`/run-signal-app</tt>).
+
+<li>Click on the 'Register without mobile phone', will in a phone
+number you can receive calls to the next minute, receive the
+verification code and enter it into the form field and press
+'Register'. Note, the phone number you use will be user Signal
+username, ie the way others can find you on Signal.</li>
+
+<li>You can now use Signal to contact others. Note, new contacts do
+not show up in the contact list until you restart Signal, and there is
+no way to assign names to Contacts. There is also no way to create or
+update chat groups. I suspect this is because the web app do not have
+a associated contact database.</li>
+
+</ol>
+
+<p>I am still a bit uneasy about using Signal, because of the way its
+main author moxie0 reject federation and accept dependencies to major
+corporations like Google (part of the code is fetched from Google) and
+Amazon (the central coordination point is owned by Amazon). See for
+example
+<a href="https://github.com/LibreSignal/LibreSignal/issues/37">the
+LibreSignal issue tracker</a> for a thread documenting the authors
+view on these issues. But the network effect is strong in this case,
+and several of the people I want to communicate with already use
+Signal. Perhaps we can all move to <a href="https://ring.cx/">Ring</a>
+once it <a href="https://bugs.debian.org/830265">work on my
+laptop</a>? It already work on Windows and Android, and is included
+in <a href="https://tracker.debian.org/pkg/ring">Debian</a> and
+<a href="https://launchpad.net/ubuntu/+source/ring">Ubuntu</a>, but not
+working on Debian Stable.</p>
+
+<p>Anyway, this is the patch I apply to the Signal code to get it
+working. It switch to the production servers, disable to timeout,
+make registration easier and add the shell wrapper:</p>
+
+<pre>
+cd Signal-Desktop; cat <<EOF | patch -p1
+diff --git a/js/background.js b/js/background.js
+index 24b4c1d..579345f 100644
+--- a/js/background.js
++++ b/js/background.js
+@@ -33,9 +33,9 @@
+ });
+ });
+
+- var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
++ var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org';
+ var SERVER_PORTS = [80, 4433, 8443];
+- var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
++ var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com';
+ var messageReceiver;
+ window.getSocketStatus = function() {
+ if (messageReceiver) {
+diff --git a/js/expire.js b/js/expire.js
+index 639aeae..beb91c3 100644
+--- a/js/expire.js
++++ b/js/expire.js
+@@ -1,6 +1,6 @@
+ ;(function() {
+ 'use strict';
+- var BUILD_EXPIRATION = 0;
++ var BUILD_EXPIRATION = Date.now() + (90 * 24 * 60 * 60 * 1000);
+
+ window.extension = window.extension || {};
+
+diff --git a/js/views/install_view.js b/js/views/install_view.js
+index 7816f4f..1d6233b 100644
+--- a/js/views/install_view.js
++++ b/js/views/install_view.js
+@@ -38,7 +38,8 @@
+ return {
+ 'click .step1': this.selectStep.bind(this, 1),
+ 'click .step2': this.selectStep.bind(this, 2),
+- 'click .step3': this.selectStep.bind(this, 3)
++ 'click .step3': this.selectStep.bind(this, 3),
++ 'click .callreg': function() { extension.install('standalone') },
+ };
+ },
+ clearQR: function() {
+diff --git a/options.html b/options.html
+index dc0f28e..8d709f6 100644
+--- a/options.html
++++ b/options.html
+@@ -14,7 +14,10 @@
+ <div class='nav'>
+ <h1>{{ installWelcome }}</h1>
+ <p>{{ installTagline }}</p>
+- <div> <a class='button step2'>{{ installGetStartedButton }}</a> </div>
++ <div> <a class='button step2'>{{ installGetStartedButton }}</a>
++ <br> <a class="button callreg">Register without mobile phone</a>
++
++ </div>
+ <span class='dot step1 selected'></span>
+ <span class='dot step2'></span>
+ <span class='dot step3'></span>
+--- /dev/null 2016-10-07 09:55:13.730181472 +0200
++++ b/run-signal-app 2016-10-10 08:54:09.434172391 +0200
+@@ -0,0 +1,12 @@
++#!/bin/sh
++set -e
++cd $(dirname $0)
++mkdir -p userdata
++userdata="`pwd`/userdata"
++if [ -d "$userdata" ] && [ ! -d "$userdata/.git" ] ; then
++ (cd $userdata && git init)
++fi
++(cd $userdata && git add . && git commit -m "Current status." || true)
++exec chromium \
++ --proxy-server="socks://localhost:9050" \
++ --user-data-dir=$userdata --load-and-launch-app=`pwd`
+EOF
+chmod a+rx run-signal-app
+</pre>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/NRKs_kildevern_n_r_NRK_epost_deles_med_utenlands_etterretning_.html">NRKs kildevern når NRK-epost deles med utenlands etterretning?</a>
+ </div>
+ <div class="date">
+ 8th October 2016
+ </div>
+ <div class="body">
+ <p>NRK
+<a href="https://nrkbeta.no/2016/09/02/securing-whistleblowers/">lanserte
+for noen uker siden</a> en ny
+<a href="https://www.nrk.no/varsle/">varslerportal som bruker
+SecureDrop til å ta imot tips</a> der det er vesentlig at ingen
+utenforstående får vite at NRK er tipset. Det er et langt steg
+fremover for NRK, og når en leser bloggposten om hva de har tenkt på
+og hvordan løsningen er satt opp virker det som om de har gjort en
+grundig jobb der. Men det er ganske mye ekstra jobb å motta tips via
+SecureDrop, så varslersiden skriver "Nyhetstips som ikke krever denne
+typen ekstra vern vil vi gjerne ha på nrk.no/03030", og 03030-siden
+foreslår i tillegg til et webskjema å bruke epost, SMS, telefon,
+personlig oppmøte og brevpost. Denne artikkelen handler disse andre
+metodene.</p>
+
+<p>Når en sender epost til en @nrk.no-adresse så vil eposten sendes ut
+av landet til datamaskiner kontrollert av Microsoft. En kan sjekke
+dette selv ved å slå opp epostleveringsadresse (MX) i DNS. For NRK er
+dette i dag "nrk-no.mail.protection.outlook.com". NRK har som en ser
+valgt å sette bort epostmottaket sitt til de som står bak outlook.com,
+dvs. Microsoft. En kan sjekke hvor nettverkstrafikken tar veien
+gjennom Internett til epostmottaket vha. programmet
+<tt>traceroute</tt>, og finne ut hvem som eier en Internett-adresse
+vha. whois-systemet. Når en gjør dette for epost-trafikk til @nrk.no
+ser en at trafikken fra Norge mot nrk-no.mail.protection.outlook.com
+går via Sverige mot enten Irland eller Tyskland (det varierer fra gang
+til gang og kan endre seg over tid).</p>
+
+<p>Vi vet fra
+<a href="https://no.wikipedia.org/wiki/FRA-loven">introduksjonen av
+FRA-loven</a> at IP-trafikk som passerer grensen til Sverige avlyttes
+av Försvarets radioanstalt (FRA). Vi vet videre takket være
+Snowden-bekreftelsene at trafikk som passerer grensen til
+Storbritannia avlyttes av Government Communications Headquarters
+(GCHQ). I tillegg er er det nettopp lansert et forslag i Norge om at
+forsvarets E-tjeneste skal få avlytte trafikk som krysser grensen til
+Norge. Jeg er ikke kjent med dokumentasjon på at Irland og Tyskland
+gjør det samme. Poenget er uansett at utenlandsk etterretning har
+mulighet til å snappe opp trafikken når en sender epost til @nrk.no.
+I tillegg er det selvsagt tilgjengelig for Microsoft som er underlagt USAs
+jurisdiksjon og
+<a href="https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data">samarbeider
+med USAs etterretning på flere områder</a>. De som tipser NRK om
+nyheter via epost kan dermed gå ut fra at det blir kjent for mange
+andre enn NRK at det er gjort.</p>
+
+<p>Bruk av SMS og telefon registreres av blant annet telefonselskapene
+og er tilgjengelig i følge lov og forskrift for blant annet Politi,
+NAV og Finanstilsynet, i tillegg til IT-folkene hos telefonselskapene
+og deres overordnede. Hvis innringer eller mottaker bruker
+smarttelefon vil slik kontakt også gjøres tilgjengelig for ulike
+app-leverandører og de som lytter på trafikken mellom telefon og
+app-leverandør, alt etter hva som er installert på telefonene som
+brukes.</p>
+
+<p>Brevpost kan virke trygt, og jeg vet ikke hvor mye som registreres
+og lagres av postens datastyrte postsorteringssentraler. Det vil ikke
+overraske meg om det lagres hvor i landet hver konvolutt kommer fra og
+hvor den er adressert, i hvert fall for en kortere periode. Jeg vet
+heller ikke hvem slik informasjon gjøres tilgjengelig for. Det kan
+være nok til å ringe inn potensielle kilder når det krysses med hvem
+som kjente til aktuell informasjon og hvor de befant seg (tilgjengelig
+f.eks. hvis de bærer mobiltelefon eller bor i nærheten).</p>
+
+<p>Personlig oppmøte hos en NRK-journalist er antagelig det tryggeste,
+men en bør passe seg for å bruke NRK-kantina. Der bryter de nemlig
+<a href="http://www.lovdata.no/all/hl-19850524-028.html#14">Sentralbanklovens
+paragraf 14</a> og nekter folk å betale med kontanter. I stedet
+krever de at en varsle sin bankkortutsteder om hvor en befinner seg
+ved å bruke bankkort. Banktransaksjoner er tilgjengelig for
+bankkortutsteder (det være seg VISA, Mastercard, Nets og/eller en
+bank) i tillegg til politiet og i hvert fall tidligere med Se & Hør
+(via utro tjenere, slik det ble avslørt etter utgivelsen av boken
+«Livet, det forbannede» av Ken B. Rasmussen). Men hvor mange kjenner
+en NRK-journalist personlig? Besøk på NRK på Marienlyst krever at en
+registrerer sin ankost elektronisk i besøkssystemet. Jeg vet ikke hva
+som skjer med det datasettet, men har grunn til å tro at det sendes ut
+SMS til den en skal besøke med navnet som er oppgitt. Kanskje greit å
+oppgi falskt navn.</p>
+
+<p>Når så tipset er kommet frem til NRK skal det behandles
+redaksjonelt i NRK. Der vet jeg via ulike kilder at de fleste
+journalistene bruker lokalt installert programvare, men noen bruker
+Google Docs og andre skytjenester i strid med interne retningslinjer
+når de skriver. Hvordan vet en hvem det gjelder? Ikke vet jeg, men
+det kan være greit å spørre for å sjekke at journalisten har tenkt på
+problemstillingen, før en gir et tips. Og hvis tipset omtales internt
+på epost, er det jo grunn til å tro at også intern eposten vil deles
+med Microsoft og utenlands etterretning, slik tidligere nevnt, men det
+kan hende at det holdes internt i NRKs interne MS Exchange-løsning.
+Men Microsoft ønsker å få alle Exchange-kunder over "i skyen" (eller
+andre folks datamaskiner, som det jo innebærer), så jeg vet ikke hvor
+lenge det i så fall vil vare.</p>
+
+<p>I tillegg vet en jo at
+<a href="https://www.nrk.no/ytring/elektronisk-kildevern-i-nrk-1.11941196">NRK
+har valgt å gi nasjonal sikkerhetsmyndighet (NSM) tilgang til å se på
+intern og ekstern Internett-trafikk</a> hos NRK ved oppsett av såkalte
+VDI-noder, på tross av
+<a href="https://www.nrk.no/ytring/bekymring-for-nrks-kildevern-1.11941584">protester
+fra NRKs journalistlag</a>. Jeg vet ikke om den vil kunne snappe opp
+dokumenter som lagres på interne filtjenere eller dokumenter som lages
+i de interne webbaserte publiseringssystemene, men vet at hva noden
+ser etter på nettet kontrolleres av NSM og oppdateres automatisk, slik
+at det ikke gir så mye mening å sjekke hva noden ser etter i dag når
+det kan endres automatisk i morgen.</p>
+
+<p>Personlig vet jeg ikke om jeg hadde turt tipse NRK hvis jeg satt på
+noe som kunne være en trussel mot den bestående makten i Norge eller
+verden. Til det virker det å være for mange åpninger for
+utenforstående med andre prioriteter enn NRKs journalistiske fokus.
+Og den største truslen for en varsler er jo om metainformasjon kommer
+på avveie, dvs. informasjon om at en har vært i kontakt med en
+journalist. Det kan være nok til at en kommer i myndighetenes
+søkelys, og de færreste har nok operasjonell sikkerhet til at vil tåle
+slik flombelysning på sitt privatliv.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/dld">dld</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Unlocking_HTC_Desire_HD_on_Linux_using_unruu_and_fastboot.html">Unlocking HTC Desire HD on Linux using unruu and fastboot</a>
+ </div>
+ <div class="date">
+ 7th July 2016
+ </div>
+ <div class="body">
+ <p>Yesterday, I tried to unlock a HTC Desire HD phone, and it proved
+to be a slight challenge. Here is the recipe if I ever need to do it
+again. It all started by me wanting to try the recipe to set up
+<a href="https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy">an
+hardened Android installation</a> from the Tor project blog on a
+device I had access to. It is a old mobile phone with a broken
+microphone The initial idea had been to just
+<a href="http://wiki.cyanogenmod.org/w/Install_CM_for_ace">install
+CyanogenMod on it</a>, but did not quite find time to start on it
+until a few days ago.</p>
+
+<p>The unlock process is supposed to be simple: (1) Boot into the boot
+loader (press volume down and power at the same time), (2) select
+'fastboot' before (3) connecting the device via USB to a Linux
+machine, (4) request the device identifier token by running 'fastboot
+oem get_identifier_token', (5) request the device unlocking key using
+the <a href="http://www.htcdev.com/bootloader/">HTC developer web
+site</a> and unlock the phone using the key file emailed to you.</p>
+
+<p>Unfortunately, this only work fi you have hboot version 2.00.0029
+or newer, and the device I was working on had 2.00.0027. This
+apparently can be easily fixed by downloading a Windows program and
+running it on your Windows machine, if you accept the terms Microsoft
+require you to accept to use Windows - which I do not. So I had to
+come up with a different approach. I got a lot of help from AndyCap
+on #nuug, and would not have been able to get this working without
+him.</p>
+
+<p>First I needed to extract the hboot firmware from
+<a href="http://www.htcdev.com/ruu/PD9810000_Ace_Sense30_S_hboot_2.00.0029.exe">the
+windows binary for HTC Desire HD</a> downloaded as 'the RUU' from HTC.
+For this there is is <a href="https://github.com/kmdm/unruu/">a github
+project named unruu</a> using libunshield. The unshield tool did not
+recognise the file format, but unruu worked and extracted rom.zip,
+containing the new hboot firmware and a text file describing which
+devices it would work for.</p>
+
+<p>Next, I needed to get the new firmware into the device. For this I
+followed some instructions
+<a href="http://www.htc1guru.com/2013/09/new-ruu-zips-posted/">available
+from HTC1Guru.com</a>, and ran these commands as root on a Linux
+machine with Debian testing:</p>
+
+<p><pre>
+adb reboot-bootloader
+fastboot oem rebootRUU
+fastboot flash zip rom.zip
+fastboot flash zip rom.zip
+fastboot reboot
+</pre></p>
+
+<p>The flash command apparently need to be done twice to take effect,
+as the first is just preparations and the second one do the flashing.
+The adb command is just to get to the boot loader menu, so turning the
+device on while holding volume down and the power button should work
+too.</p>
+
+<p>With the new hboot version in place I could start following the
+instructions on the HTC developer web site. I got the device token
+like this:</p>
+
+<p><pre>
+fastboot oem get_identifier_token 2>&1 | sed 's/(bootloader) //'
+</pre>
+
+<p>And once I got the unlock code via email, I could use it like
+this:</p>
+
+<p><pre>
+fastboot flash unlocktoken Unlock_code.bin
+</pre></p>
+
+<p>And with that final step in place, the phone was unlocked and I
+could start stuffing the software of my own choosing into the device.
+So far I only inserted a replacement recovery image to wipe the phone
+before I start. We will see what happen next. Perhaps I should
+install <a href="https://www.debian.org/">Debian</a> on it. :)</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html">How to use the Signal app if you only have a land line (ie no mobile phone)</a>
+ </div>
+ <div class="date">
+ 3rd July 2016
+ </div>
+ <div class="body">
+ <p>For a while now, I have wanted to test
+<a href="https://whispersystems.org/">the Signal app</a>, as it is
+said to provide end to end encrypted communication and several of my
+friends and family are already using it. As I by choice do not own a
+mobile phone, this proved to be harder than expected. And I wanted to
+have the source of the client and know that it was the code used on my
+machine. But yesterday I managed to get it working. I used the
+Github source, compared it to the source in
+<a href="https://chrome.google.com/webstore/detail/signal-private-messenger/bikioccmkafdpakkkcpdbppfkghcmihk?hl=en-US">the
+Signal Chrome app</a> available from the Chrome web store, applied
+patches to use the production Signal servers, started the app and
+asked for the hidden "register without a smart phone" form. Here is
+the recipe how I did it.</p>
+
+<p>First, I fetched the Signal desktop source from Github, using
+
+<pre>
+git clone https://github.com/WhisperSystems/Signal-Desktop.git
+</pre>
+
+<p>Next, I patched the source to use the production servers, to be
+able to talk to other Signal users:</p>
+
+<pre>
+cat <<EOF | patch -p0
+diff -ur ./js/background.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js
+--- ./js/background.js 2016-06-29 13:43:15.630344628 +0200
++++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js 2016-06-29 14:06:29.530300934 +0200
+@@ -47,8 +47,8 @@
+ });
+ });
+
+- var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
+- var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
++ var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org:4433';
++ var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com';
+ var messageReceiver;
+ window.getSocketStatus = function() {
+ if (messageReceiver) {
+diff -ur ./js/expire.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js
+--- ./js/expire.js 2016-06-29 13:43:15.630344628 +0200
++++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js2016-06-29 14:06:29.530300934 +0200
+@@ -1,6 +1,6 @@
+ ;(function() {
+ 'use strict';
+- var BUILD_EXPIRATION = 0;
++ var BUILD_EXPIRATION = 1474492690000;
+
+ window.extension = window.extension || {};
+
+EOF
+</pre>
+
+<p>The first part is changing the servers, and the second is updating
+an expiration timestamp. This timestamp need to be updated regularly.
+It is set 90 days in the future by the build process (Gruntfile.js).
+The value is seconds since 1970 times 1000, as far as I can tell.</p>
+
+<p>Based on a tip and good help from the #nuug IRC channel, I wrote a
+script to launch Signal in Chromium.</p>
+
+<pre>
+#!/bin/sh
+cd $(dirname $0)
+mkdir -p userdata
+exec chromium \
+ --proxy-server="socks://localhost:9050" \
+ --user-data-dir=`pwd`/userdata --load-and-launch-app=`pwd`
+</pre>
+
+<p> The script start the app and configure Chromium to use the Tor
+SOCKS5 proxy to make sure those controlling the Signal servers (today
+Amazon and Whisper Systems) as well as those listening on the lines
+will have a harder time location my laptop based on the Signal
+connections if they use source IP address.</p>
+
+<p>When the script starts, one need to follow the instructions under
+"Standalone Registration" in the CONTRIBUTING.md file in the git
+repository. I right clicked on the Signal window to get up the
+Chromium debugging tool, visited the 'Console' tab and wrote
+'extension.install("standalone")' on the console prompt to get the
+registration form. Then I entered by land line phone number and
+pressed 'Call'. 5 seconds later the phone rang and a robot voice
+repeated the verification code three times. After entering the number
+into the verification code field in the form, I could start using
+Signal from my laptop.
+
+<p>As far as I can tell, The Signal app will leak who is talking to
+whom and thus who know who to those controlling the central server,
+but such leakage is hard to avoid with a centrally controlled server
+setup. It is something to keep in mind when using Signal - the
+content of your chats are harder to intercept, but the meta data
+exposing your contact network is available to people you do not know.
+So better than many options, but not great. And sadly the usage is
+connected to my land line, thus allowing those controlling the server
+to associate it to my home and person. I would prefer it if only
+those I knew could tell who I was on Signal. There are options
+avoiding such information leakage, but most of my friends are not
+using them, so I am stuck with Signal for now.</p>
+
+<p><strong>Update 2017-01-10</strong>: There is an updated blog post
+on this topic in
+<a href="http://people.skolelinux.org/pere/blog/Experience_and_updated_recipe_for_using_the_Signal_app_without_a_mobile_phone.html">Experience
+and updated recipe for using the Signal app without a mobile
+phone</a>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/syslog_trusted_timestamp___chain_of_trusted_timestamps_for_your_syslog.html">syslog-trusted-timestamp - chain of trusted timestamps for your syslog</a>
+ </div>
+ <div class="date">
+ 2nd April 2016
+ </div>
+ <div class="body">
+ <p>Two years ago, I had
+<a href="http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html">a
+look at trusted timestamping options available</a>, and among
+other things noted a still open
+<a href="https://bugs.debian.org/742553">bug in the tsget script</a>
+included in openssl that made it harder than necessary to use openssl
+as a trusted timestamping client. A few days ago I was told
+<a href="https:/www.difi.no/">the Norwegian government office DIFI</a> is
+close to releasing their own trusted timestamp service, and in the
+process I was happy to learn about a replacement for the tsget script
+using only curl:</p>
+
+<p><pre>
+openssl ts -query -data "/etc/shells" -cert -sha256 -no_nonce \
+ | curl -s -H "Content-Type: application/timestamp-query" \
+ --data-binary "@-" http://zeitstempel.dfn.de > etc-shells.tsr
+openssl ts -reply -text -in etc-shells.tsr
+</pre></p>
+
+<p>This produces a binary timestamp file (etc-shells.tsr) which can be
+used to verify that the content of the file /etc/shell with the
+calculated sha256 hash existed at the point in time when the request
+was made. The last command extract the content of the etc-shells.tsr
+in human readable form. The idea behind such timestamp is to be able
+to prove using cryptography that the content of a file have not
+changed since the file was stamped.</p>
+
+<p>To verify that the file on disk match the public key signature in
+the timestamp file, run the following commands. It make sure you have
+the required certificate for the trusted timestamp service available
+and use it to compare the file content with the timestamp. In
+production, one should of course use a better method to verify the
+service certificate.</p>
+
+<p><pre>
+wget -O ca-cert.txt https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
+openssl ts -verify -data /etc/shells -in etc-shells.tsr -CAfile ca-cert.txt -text
+</pre></p>
+
+<p>Wikipedia have a lot more information about
+<a href="https://en.wikipedia.org/wiki/Trusted_timestamping">trusted
+Timestamping</a> and
+<a href="https://en.wikipedia.org/wiki/Linked_timestamping">linked
+timestamping</a>, and there are several trusted timestamping services
+around, both as commercial services and as free and public services.
+Among the latter is
+<a href="https://www.pki.dfn.de/zeitstempeldienst/">the
+zeitstempel.dfn.de service</a> mentioned above and
+<a href="https://freetsa.org/">freetsa.org service</a> linked to from the
+wikipedia web site. I believe the DIFI service should show up on
+https://tsa.difi.no, but it is not available to the public at the
+moment. I hope this will change when it is into production. The
+<a href="https://tools.ietf.org/html/rfc3161">RFC 3161</a> trusted
+timestamping protocol standard is even implemented in LibreOffice,
+Microsoft Office and Adobe Acrobat, making it possible to verify when
+a document was created.</p>
+
+<p>I would find it useful to be able to use such trusted timestamp
+service to make it possible to verify that my stored syslog files have
+not been tampered with. This is not a new idea. I found one example
+implemented on the Endian network appliances where
+<a href="http://help.endian.com/entries/21518508-Enabling-Timestamping-on-log-files-">the
+configuration of such feature was described in 2012</a>.</p>
+
+<p>But I could not find any free implementation of such feature when I
+searched, so I decided to try to
+<a href="https://github.com/petterreinholdtsen/syslog-trusted-timestamp">build
+a prototype named syslog-trusted-timestamp</a>. My idea is to
+generate a timestamp of the old log files after they are rotated, and
+store the timestamp in the new log file just after rotation. This
+will form a chain that would make it possible to see if any old log
+files are tampered with. But syslog is bad at handling kilobytes of
+binary data, so I decided to base64 encode the timestamp and add an ID
+and line sequence numbers to the base64 data to make it possible to
+reassemble the timestamp file again. To use it, simply run it like
+this:
+
+<p><pre>
+syslog-trusted-timestamp /path/to/list-of-log-files
+</pre></p>
+
+<p>This will send a timestamp from one or more timestamp services (not
+yet decided nor implemented) for each listed file to the syslog using
+logger(1). To verify the timestamp, the same program is used with the
+--verify option:</p>
+
+<p><pre>
+syslog-trusted-timestamp --verify /path/to/log-file /path/to/log-with-timestamp
+</pre></p>
+
+<p>The verification step is not yet well designed. The current
+implementation depend on the file path being unique and unchanging,
+and this is not a solid assumption. It also uses process number as
+timestamp ID, and this is bound to create ID collisions. I hope to
+have time to come up with a better way to handle timestamp IDs and
+verification later.</p>
+
+<p>Please check out
+<a href="https://github.com/petterreinholdtsen/syslog-trusted-timestamp">the
+prototype for syslog-trusted-timestamp on github</a> and send
+suggestions and improvement, or let me know if there already exist a
+similar system for timestamping logs already to allow me to join
+forces with others with the same interest.</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html">Always download Debian packages using Tor - the simple recipe</a>
+ </div>
+ <div class="date">
+ 15th January 2016
+ </div>
+ <div class="body">
+ <p>During his DebConf15 keynote, Jacob Appelbaum
+<a href="https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/">observed
+that those listening on the Internet lines would have good reason to
+believe a computer have a given security hole</a> if it download a
+security fix from a Debian mirror. This is a good reason to always
+use encrypted connections to the Debian mirror, to make sure those
+listening do not know which IP address to attack. In August, Richard
+Hartmann observed that encryption was not enough, when it was possible
+to interfere download size to security patches or the fact that
+download took place shortly after a security fix was released, and
+<a href="http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/">proposed
+to always use Tor to download packages from the Debian mirror</a>. He
+was not the first to propose this, as the
+<tt><a href="https://tracker.debian.org/pkg/apt-transport-tor">apt-transport-tor</a></tt>
+package by Tim Retout already existed to make it easy to convince apt
+to use <a href="https://www.torproject.org/">Tor</a>, but I was not
+aware of that package when I read the blog post from Richard.</p>
+
+<p>Richard discussed the idea with Peter Palfrader, one of the Debian
+sysadmins, and he set up a Tor hidden service on one of the central
+Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
+it possible to download packages directly between two tor nodes,
+making sure the network traffic always were encrypted.</p>
+
+<p>Here is a short recipe for enabling this on your machine, by
+installing <tt>apt-transport-tor</tt> and replacing http and https
+urls with tor+http and tor+https, and using the hidden service instead
+of the official Debian mirror site. I recommend installing
+<tt>etckeeper</tt> before you start to have a history of the changes
+done in /etc/.</p>
+
+<blockquote><pre>
+apt install apt-transport-tor
+sed -i 's% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%' /etc/apt/sources.list
+sed -i 's% http% tor+http%' /etc/apt/sources.list
+</pre></blockquote>
+
+<p>If you have more sources listed in /etc/apt/sources.list.d/, run
+the sed commands for these too. The sed command is assuming your are
+using the ftp.debian.org Debian mirror. Adjust the command (or just
+edit the file manually) to match your mirror.</p>
+
+<p>This work in Debian Jessie and later. Note that tools like
+<tt>apt-file</tt> only recently started using the apt transport
+system, and do not work with these tor+http URLs. For
+<tt>apt-file</tt> you need the version currently in experimental,
+which need a recent apt version currently only in unstable. So if you
+need a working <tt>apt-file</tt>, this is not for you.</p>
+
+<p>Another advantage from this change is that your machine will start
+using Tor regularly and at fairly random intervals (every time you
+update the package lists or upgrade or install a new package), thus
+masking other Tor traffic done from the same machine. Using Tor will
+become normal for the machine in question.</p>
+
+<p>On <a href="https://wiki.debian.org/FreedomBox">Freedombox</a>, APT
+is set up by default to use <tt>apt-transport-tor</tt> when Tor is
+enabled. It would be great if it was the default on any Debian
+system.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/PGP_key_transition_statement_for_key_EE4E02F9.html">PGP key transition statement for key EE4E02F9</a>
+ </div>
+ <div class="date">
+ 17th November 2015
+ </div>
+ <div class="body">
+ <p>I've needed a new OpenPGP key for a while, but have not had time to
+set it up properly. I wanted to generate it offline and have it
+available on <a href="http://shop.kernelconcepts.de/#openpgp">a OpenPGP
+smart card</a> for daily use, and learning how to do it and finding
+time to sit down with an offline machine almost took forever. But
+finally I've been able to complete the process, and have now moved
+from my old GPG key to a new GPG key. See
+<a href="http://people.skolelinux.org/pere/blog/images/2015-11-17-new-gpg-key-transition.txt">the
+full transition statement, signed with both my old and new key</a> for
+the details. This is my new key:</p>
+
+<pre>
+pub 3936R/<a href="http://pgp.cs.uu.nl/stats/111D6B29EE4E02F9.html">111D6B29EE4E02F9</a> 2015-11-03 [expires: 2019-11-14]
+ Key fingerprint = 3AC7 B2E3 ACA5 DF87 78F1 D827 111D 6B29 EE4E 02F9
+uid Petter Reinholdtsen <pere@hungry.com>
+uid Petter Reinholdtsen <pere@debian.org>
+sub 4096R/87BAFB0E 2015-11-03 [expires: 2019-11-02]
+sub 4096R/F91E6DE9 2015-11-03 [expires: 2019-11-02]
+sub 4096R/A0439BAB 2015-11-03 [expires: 2019-11-02]
+</pre>
+
+<p>The key can be downloaded from the OpenPGP key servers, signed by
+my old key.</p>
+
+<p>If you signed my old key
+(<a href="http://pgp.cs.uu.nl/stats/DB4CCC4B2A30D729.html">DB4CCC4B2A30D729</a>),
+I'd very much appreciate a signature on my new key, details and
+instructions in the transition statement. I m happy to reciprocate if
+you have a similarly signed transition statement to present.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Lawrence_Lessig_interviewed_Edward_Snowden_a_year_ago.html">Lawrence Lessig interviewed Edward Snowden a year ago</a>
+ </div>
+ <div class="date">
+ 19th October 2015
+ </div>
+ <div class="body">
+ <p>Last year, <a href="https://lessig2016.us/">US president candidate
+in the Democratic Party</a> Lawrence interviewed Edward Snowden. The
+one hour interview was
+<a href="https://www.youtube.com/watch?v=o_Sr96TFQQE">published by
+Harvard Law School 2014-10-23 on Youtube</a>, and the meeting took
+place 2014-10-20.</p>
+
+<p>The questions are very good, and there is lots of useful
+information to be learned and very interesting issues to think about
+being raised. Please check it out.</p>
+
+<iframe width="560" height="315" src="https://www.youtube.com/embed/o_Sr96TFQQE" frameborder="0" allowfullscreen></iframe>
+
+<p>I find it especially interesting to hear again that Snowden did try
+to bring up his reservations through the official channels without any
+luck. It is in sharp contrast to the answers made 2013-11-06 by the
+Norwegian prime minister Erna Solberg to the Norwegian Parliament,
+<a href="https://tale.holderdeord.no/speeches/s131106/68">claiming
+Snowden is no Whistle-Blower</a> because he should have taken up his
+concerns internally and using official channels. It make me sad
+that this is the political leadership we have here in Norway.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Alle_Stortingets_mobiltelefoner_kontrolleres_fra_USA___.html">Alle Stortingets mobiltelefoner kontrolleres fra USA...</a>
+ </div>
+ <div class="date">
+ 7th October 2015
+ </div>
+ <div class="body">
+ <p>Jeg lot meg fascinere av
+<a href="http://www.aftenposten.no/nyheter/iriks/politikk/Stortinget-har-tilgang-til-a-fjernstyre-600-mobiler-8192692.html">en
+artikkel i Aftenposten</a> der det fortelles at «over 600 telefoner som
+benyttes av stortingsrepresentanter, rådgivere og ansatte på
+Stortinget, kan «fjernstyres» ved hjelp av
+<a href="https://play.google.com/store/apps/details?id=com.airwatch.androidagent">programvaren
+Airwatch</a>, et såkalte MDM-program (Mobile Device Managment)». Det
+hele bagatelliseres av Stortingets IT-stab, men det er i hovedsak på
+grunn av at journalisten ikke stiller de relevante spørsmålene. For
+meg er det relevante spørsmålet hvem som har lovlig tilgang (i henhold
+til lokal lovgiving, dvs. i hvert fall i Norge, Sverige, UK og USA)
+til informasjon om og på telefonene, og hvor enkelt det er å skaffe
+seg tilgang til hvor mobilene befinner seg og informasjon som befinner
+seg på telefonene ved hjelp av utro tjenere, trusler, innbrudd og
+andre ulovlige metoder.</p>
+
+<p>Bruken av AirWatch betyr i realiteten at USAs etteretning og
+politimyndigheter har full tilgang til stortingets mobiltelefoner,
+inkludert posisjon og innhold, takket være
+<a href="https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act_of_1978_Amendments_Act_of_2008">FISAAA-loven</a>
+og
+"<a href="https://en.wikipedia.org/wiki/National_security_letter">National
+Security Letters</a>" og det enkle faktum at selskapet
+<a href="http://www.airwatch.com/">AirWatch</a> er kontrollert av et
+selskap i USA. I tillegg er det kjent at flere lands
+etterretningstjenester kan lytte på trafikken når den passerer
+landegrensene.</p>
+
+<p>Jeg har bedt om mer informasjon
+<a href="https://www.mimesbronn.no/request/saksnummer_for_saker_anganede_br">fra
+Stortinget om bruken av AirWatch</a> via Mimes brønn så får vi se hva
+de har å fortelle om saken. Fant ingenting om 'airwatch' i
+postjournalen til Stortinget, så jeg trenger hjelp før jeg kan be om
+innsyn i konkrete dokumenter.</p>
+
+<p>Oppdatering 2015-10-07: Jeg er blitt spurt hvorfor jeg antar at
+AirWatch-agenten rapporterer til USA og ikke direkte til Stortingets
+egen infrastruktur. Det stemmer at det er teknisk mulig å sette
+opp mobiltelefonene til å rapportere til datamaskiner som eies av
+Stortinget. Jeg antar det rapporteres til AirWatch sine sentrale
+tjenester basert på det jeg leste fra beskrivelsen av
+<a href="http://www.airwatch.com/solutions/mobile-device-management/">Mobile
+Device Management</A> på AirWatch sine egne nettsider, koblet med at
+det brukes en standard app som kan hentes fra "app-butikkene" for å få
+tilgang. Enten må app-en settes opp individuelt hos Stortinget, eller
+så får den beskjed fra AirWatch i USA om hvor den skal koble seg opp.
+I det første tilfellet vil den ikke rapportere direkte til USA, men
+til programvare utviklet av AirWatch som kjører på en maskin under
+Stortingets kontroll. Det er litt bedre, men fortsatt vil det være
+umulig for Stortinget å være sikker på hva programvaren som tar imot
+forbindelser gjør. Jeg ser fra beskrivelsen av
+<a href="http://www.airwatch.com/differentiators/enterprise-integration/">Enterprice
+Integration</a> hos AirWatch at det er mulig å ha lokal installasjon,
+og håper innsynsforespørsler mot Stortinget kan fortelle mer om
+hvordan ting konkret fungerer der.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html">Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net</a>
+ </div>
+ <div class="date">
+ 10th September 2014
+ </div>
+ <div class="body">
+ <p>Yesterday, I had the pleasure of attending a talk with the
+<a href="http://www.nuug.no/">Norwegian Unix User Group</a> about
+<a href="http://www.nuug.no/aktiviteter/20140909-sks-keyservers/">the
+OpenPGP keyserver pool sks-keyservers.net</a>, and was very happy to
+learn that there is a large set of publicly available key servers to
+use when looking for peoples public key. So far I have used
+subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former
+were misbehaving, but those days are ended. The servers I have used
+up until yesterday have been slow and some times unavailable. I hope
+those problems are gone now.</p>
+
+<p>Behind the round robin DNS entry of the
+<a href="https://sks-keyservers.net/">sks-keyservers.net</a> service
+there is a pool of more than 100 keyservers which are checked every
+day to ensure they are well connected and up to date. It must be
+better than what I have used so far. :)</p>
+
+<p>Yesterdays speaker told me that the service is the default
+keyserver provided by the default configuration in GnuPG, but this do
+not seem to be used in Debian. Perhaps it should?</p>
+
+<p>Anyway, I've updated my ~/.gnupg/options file to now include this
+line:</p>
+
+<p><blockquote><pre>
+keyserver pool.sks-keyservers.net
+</pre></blockquote></p>
+
+<p>With GnuPG version 2 one can also locate the keyserver using SRV
+entries in DNS. Just for fun, I did just that at work, so now every
+user of GnuPG at the University of Oslo should find a OpenGPG
+keyserver automatically should their need it:</p>
+
+<p><blockquote><pre>
+% host -t srv _pgpkey-http._tcp.uio.no
+_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
+%
+</pre></blockquote></p>
+
+<p>Now if only
+<a href="http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/">the
+HKP lookup protocol</a> supported finding signature paths, I would be
+very happy. It can look up a given key or search for a user ID, but I
+normally do not want that, but to find a trust path from my key to
+another key. Given a user ID or key ID, I would like to find (and
+download) the keys representing a signature path from my key to the
+key in question, to be able to get a trust path between the two keys.
+This is as far as I can tell not possible today. Perhaps something
+for a future version of the protocol?</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/FreedomBox_milestone___all_packages_now_in_Debian_Sid.html">FreedomBox milestone - all packages now in Debian Sid</a>
+ </div>
+ <div class="date">
+ 15th April 2014
+ </div>
+ <div class="body">
+ <p>The <a href="https://wiki.debian.org/FreedomBox">Freedombox
+project</a> is working on providing the software and hardware to make
+it easy for non-technical people to host their data and communication
+at home, and being able to communicate with their friends and family
+encrypted and away from prying eyes. It is still going strong, and
+today a major mile stone was reached.</p>
+
+<p>Today, the last of the packages currently used by the project to
+created the system images were accepted into Debian Unstable. It was
+the freedombox-setup package, which is used to configure the images
+during build and on the first boot. Now all one need to get going is
+the build code from the freedom-maker git repository and packages from
+Debian. And once the freedombox-setup package enter testing, we can
+build everything directly from Debian. :)</p>
+
+<p>Some key packages used by Freedombox are
+<a href="http://packages.qa.debian.org/freedombox-setup">freedombox-setup</a>,
+<a href="http://packages.qa.debian.org/plinth">plinth</a>,
+<a href="http://packages.qa.debian.org/pagekite">pagekite</a>,
+<a href="http://packages.qa.debian.org/tor">tor</a>,
+<a href="http://packages.qa.debian.org/privoxy">privoxy</a>,
+<a href="http://packages.qa.debian.org/owncloud">owncloud</a> and
+<a href="http://packages.qa.debian.org/dnsmasq">dnsmasq</a>. There
+are plans to integrate more packages into the setup. User
+documentation is maintained on the Debian wiki. Please
+<a href="https://wiki.debian.org/FreedomBox/Manual/Jessie">check out
+the manual</a> and help us improve it.</p>
+
+<p>To test for yourself and create boot images with the FreedomBox
+setup, run this on a Debian machine using a user with sudo rights to
+become root:</p>
+
+<p><pre>
+sudo apt-get install git vmdebootstrap mercurial python-docutils \
+ mktorrent extlinux virtualbox qemu-user-static binfmt-support \
+ u-boot-tools
+git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
+ freedom-maker
+make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
+</pre></p>
+
+<p>Root access is needed to run debootstrap and mount loopback
+devices. See the README in the freedom-maker git repo for more
+details on the build. If you do not want all three images, trim the
+make line. Note that the virtualbox-image target is not really
+virtualbox specific. It create a x86 image usable in kvm, qemu,
+vmware and any other x86 virtual machine environment. You might need
+the version of vmdebootstrap in Jessie to get the build working, as it
+include fixes for a race condition with kpartx.</p>
+
+<p>If you instead want to install using a Debian CD and the preseed
+method, boot a Debian Wheezy ISO and use this boot argument to load
+the preseed values:</p>
+
+<p><pre>
+url=<a href="http://www.reinholdtsen.name/freedombox/preseed-jessie.dat">http://www.reinholdtsen.name/freedombox/preseed-jessie.dat</a>
+</pre></p>
+
+<p>I have not tested it myself the last few weeks, so I do not know if
+it still work.</p>
+
+<p>If you wonder how to help, one task you could look at is using
+systemd as the boot system. It will become the default for Linux in
+Jessie, so we need to make sure it is usable on the Freedombox. I did
+a simple test a few weeks ago, and noticed dnsmasq failed to start
+during boot when using systemd. I suspect there are other problems
+too. :) To detect problems, there is a test suite included, which can
+be run from the plinth web interface.</p>
+
+<p>Give it a go and let us know how it goes on the mailing list, and help
+us get the new release published. :) Please join us on
+<a href="irc://irc.debian.org:6667/%23freedombox">IRC (#freedombox on
+irc.debian.org)</a> and
+<a href="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">the
+mailing list</a> if you want to help make this vision come true.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/S3QL__a_locally_mounted_cloud_file_system___nice_free_software.html">S3QL, a locally mounted cloud file system - nice free software</a>
</div>
<div class="date">
9th April 2014
solution for use at home. My requirements are simple, it must be
cheap and locally encrypted (in other words, I keep the encryption
keys, the storage provider do not have access to my private files).
-One idea me and my friends have had many years ago, before the cloud
-storage providers showed up, have been to use Google mail as storage,
+One idea me and my friends had many years ago, before the cloud
+storage providers showed up, was to use Google mail as storage,
writing a Linux block device storing blocks as emails in the mail
service provided by Google, and thus get heaps of free space. On top
of this one can add encryption, RAID and volume management to have
install s3ql</tt>. Next, pick a storage provider. I ended up picking
Greenqloud, after reading their nice recipe on
<a href="https://greenqloud.zendesk.com/entries/44611757-How-To-Use-S3QL-to-mount-a-StorageQloud-bucket-on-Debian-Wheezy">how
-to use s3ql with their Amazon S3 service</a>, because I trust the laws
+to use S3QL with their Amazon S3 service</a>, because I trust the laws
in Iceland more than those in USA when it come to keeping my personal
data safe and private, and thus would rather spend money on a company
in Iceland. Another nice recipe is available from the article
..contents..
..ext_attributes..
Mounting filesystem...
-# df -h /mnt
+# df -h /s3ql
Filesystem Size Used Avail Use% Mounted on
s3c://s.greenqloud.com:443/bucket-name 1.0T 0 1.0T 0% /s3ql
#
<p>The file content is uploaded when the cache is full, while the
metadata is uploaded once every 24 hour by default. To ensure the
file system content is flushed to the cloud, one can either umount the
-file system, or ask s3ql to flush the cache and metadata using
+file system, or ask S3QL to flush the cache and metadata using
s3qlctrl:
<p><blockquote><pre>
<a href="http://crowncloud.net/">Crowncloud</A>. The latter even
accept payment in Bitcoin. Pick one that suit your need. Some of
them provide several GiB of free storage, but the prize models are
-quire different and you will have to figure out what suit you
+quite different and you will have to figure out what suits you
best.</p>
<p>While researching this blog post, I had a look at research papers
a home directory (in other word, that it provided POSIX semantics when
it come to locking and umask handling etc). Running
<a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">my
-test code to check file system semantics, I was happy to discover that
+test code to check file system semantics</a>, I was happy to discover that
no error was found. So the file system can be used for home
directories, if one chooses to do so.</p>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/
nice free software">nice free software</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/
dld">dld</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox</a>, <a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/
dld">dld</a>, <a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox</a>, <a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/usenix">usenix</a>.
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/
dld">dld</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
</div>
etc) helt uten at jeg er involvert. Jeg takker derfor fortsatt nei
til BankID-modellen.</p>
+<p>Oppdatering 2015-11-17: Fant en
+<a href="http://1and1are2.blogspot.no/2014/05/bankid-elektronisk-sppel.html">bloggpost
+fra Britt Lysaa som belyser hvilke inngrep i privatsfæren bruken av
+BankID utgjør</a>, i tillegg til de sikkerhetsmessige vurderingene
+omtalt over. Anbefalt lesning.</p>
+
</div>
<div class="tags">
<h2>Archive</h2>
<ul>
+<li>2017
+<ul>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2017/01/">January (4)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2017/02/">February (3)</a></li>
+
+</ul></li>
+
+<li>2016
+<ul>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/01/">January (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/02/">February (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/03/">March (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/04/">April (8)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/05/">May (8)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/06/">June (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/07/">July (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/08/">August (5)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/09/">September (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/10/">October (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/11/">November (8)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/12/">December (5)</a></li>
+
+</ul></li>
+
+<li>2015
+<ul>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/01/">January (7)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/02/">February (6)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/03/">March (1)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/04/">April (4)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/05/">May (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/06/">June (4)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/07/">July (6)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/08/">August (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/09/">September (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/10/">October (9)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/11/">November (6)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/12/">December (3)</a></li>
+
+</ul></li>
+
<li>2014
<ul>
<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/03/">March (8)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/04/">April (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/04/">April (7)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/05/">May (1)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/06/">June (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/07/">July (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/08/">August (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/09/">September (5)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/10/">October (6)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/11/">November (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/12/">December (5)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/bankid">bankid (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (8)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (9)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (14)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (16)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (96)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (145)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (146)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (158)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/dld">dld (16)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (23)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (243)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (341)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (21)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (12)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (29)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (9)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (7)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (18)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/h264">h264 (20)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (42)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (7)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (15)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (18)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (20)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (9)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (7)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (8)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lsdvd">lsdvd (2)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (26)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (39)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software (9)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (244)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (287)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (162)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (187)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (28)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (46)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (64)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (72)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (99)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (2)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (3)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (9)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (10)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (5)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (39)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (52)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (4)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (5)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (51)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (44)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (5)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (3)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (9)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (47)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (24)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/usenix">usenix (2)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (59)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (29)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (40)</a></li>
</ul>
projects / homepage.git / blobdiff