<h3>Entries tagged "sikkerhet".</h3>
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html">How to talk with your loved ones in private</a>
+ </div>
+ <div class="date">
+ 7th November 2016
+ </div>
+ <div class="body">
+ <p>A few days ago I ran a very biased and informal survey to get an
+idea about what options are being used to communicate with end to end
+encryption with friends and family. I explicitly asked people not to
+list options only used in a work setting. The background is the
+uneasy feeling I get when using Signal, a feeling shared by others as
+a blog post from Sander Venima about
+<a href="https://sandervenema.ch/2016/11/why-i-wont-recommend-signal-anymore/">why
+he do not recommend Signal anymore</a> (with
+<a href="https://news.ycombinator.com/item?id=12883410">feedback from
+the Signal author available from ycombinator</a>). I wanted an
+overview of the options being used, and hope to include those options
+in a less biased survey later on. So far I have not taken the time to
+look into the individual proposed systems. They range from text
+sharing web pages, via file sharing and email to instant messaging,
+VOIP and video conferencing. For those considering which system to
+use, it is also useful to have a look at
+<a href="https://www.eff.org/secure-messaging-scorecard">the EFF Secure
+messaging scorecard</a> which is slightly out of date but still
+provide valuable information.</p>
+
+<p>So, on to the list. There were some used by many, some used by a
+few, some rarely used ones and a few mentioned but without anyone
+claiming to use them. Notice the grouping is in reality quite random
+given the biased self selected set of participants. First the ones
+used by many:</p>
+
+<ul>
+
+<li><a href="https://whispersystems.org/">Signal</a></li>
+<li>Email w/<a href="http://openpgp.org/">OpenPGP</a> (Enigmail, GPGSuite,etc)</li>
+<li><a href="https://www.whatsapp.com/">Whatsapp</a></li>
+<li>IRC w/<a href="https://otr.cypherpunks.ca/">OTR</a></li>
+<li>XMPP w/<a href="https://otr.cypherpunks.ca/">OTR</a></li>
+
+</ul>
+
+<p>Then the ones used by a few.</p>
+
+<ul>
+
+<li><a href="https://wiki.mumble.info/wiki/Main_Page">Mumble</a></li>
+<li>iMessage (included in iOS from Apple)</li>
+<li><a href="https://telegram.org/">Telegram</a></li>
+<li><a href="https://jitsi.org/">Jitsi</a></li>
+<li><a href="https://keybase.io/download">Keybase file</a></li>
+
+</ul>
+
+<p>Then the ones used by even fewer people</p>
+
+<ul>
+
+<li><a href="https://ring.cx/">Ring</a></li>
+<li><a href="https://bitmessage.org/">Bitmessage</a></li>
+<li><a href="https://wire.com/">Wire</a></li>
+<li>VoIP w/<a href="https://en.wikipedia.org/wiki/ZRTP">ZRTP</a> or controlled <a href="https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol">SRTP</a> (e.g using <a href="https://en.wikipedia.org/wiki/CSipSimple">CSipSimple</a>, <a href="https://en.wikipedia.org/wiki/Linphone">Linphone</a>)</li>
+<li><a href="https://matrix.org/">Matrix</a></li>
+<li><a href="https://kontalk.org/">Kontalk</a></li>
+<li><a href="https://0bin.net/">0bin</a> (encrypted pastebin)</li>
+<li><a href="https://appear.in">Appear.in</a></li>
+<li><a href="https://riot.im/">riot</a></li>
+<li><a href="https://www.wickr.com/">Wickr Me</a></li>
+
+</ul>
+
+<p>And finally the ones mentioned by not marked as used by
+anyone. This might be a mistake, perhaps the person adding the entry
+forgot to flag it as used?</p>
+
+<ul>
+
+<li>Email w/Certificates <a href="https://en.wikipedia.org/wiki/S/MIME">S/MIME</a></li>
+<li><a href="https://www.crypho.com/">Crypho</a></li>
+<li><a href="https://cryptpad.fr/">CryptPad</a></li>
+<li><a href="https://github.com/ricochet-im/ricochet">ricochet</a></li>
+
+</ul>
+
+<p>Given the network effect it seem obvious to me that we as a society
+have been divided and conquered by those interested in keeping
+encrypted and secure communication away from the masses. The
+finishing remarks <a href="https://vimeo.com/97505679">from Aral Balkan
+in his talk "Free is a lie"</a> about the usability of free software
+really come into effect when you want to communicate in private with
+your friends and family. We can not expect them to allow the
+usability of communication tool to block their ability to talk to
+their loved ones.</p>
+
+<p>Note for example the option IRC w/OTR. Most IRC clients do not
+have OTR support, so in most cases OTR would not be an option, even if
+you wanted to. In my personal experience, about 1 in 20 I talk to
+have a IRC client with OTR. For private communication to really be
+available, most people to talk to must have the option in their
+currently used client. I can not simply ask my family to install an
+IRC client. I need to guide them through a technical multi-step
+process of adding extensions to the client to get them going. This is
+a non-starter for most.</p>
+
+<p>I would like to be able to do video phone calls, audio phone calls,
+exchange instant messages and share files with my loved ones, without
+being forced to share with people I do not know. I do not want to
+share the content of the conversations, and I do not want to share who
+I communicate with or the fact that I communicate with someone.
+Without all these factors in place, my private life is being more or
+less invaded.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Aktivitetsb_nd_som_beskytter_privatsf_ren.html">Aktivitetsbånd som beskytter privatsfæren</a>
+ </div>
+ <div class="date">
+ 3rd November 2016
+ </div>
+ <div class="body">
+ <p>Jeg ble så imponert over
+<a href="https://www.nrk.no/norge/forbrukerradet-mener-aktivitetsarmband-strider-mot-norsk-lov-1.13209079">dagens
+gladnyhet på NRK</a>, om at Forbrukerrådet klager inn vilkårene for
+bruk av aktivitetsbånd fra Fitbit, Garmin, Jawbone og Mio til
+Datatilsynet og forbrukerombudet, at jeg sendte følgende brev til
+forbrukerrådet for å uttrykke min støtte:
+
+<blockquote>
+
+<p>Jeg ble veldig glad over å lese at Forbrukerrådet
+<a href="http://www.forbrukerradet.no/siste-nytt/klager-inn-aktivitetsarmband-for-brudd-pa-norsk-lov/">klager
+inn flere aktivitetsbånd til Datatilsynet for dårlige vilkår</a>. Jeg
+har ønsket meg et aktivitetsbånd som kan måle puls, bevegelse og
+gjerne også andre helserelaterte indikatorer en stund nå. De eneste
+jeg har funnet i salg gjør, som dere også har oppdaget, graverende
+inngrep i privatsfæren og sender informasjonen ut av huset til folk og
+organisasjoner jeg ikke ønsker å dele aktivitets- og helseinformasjon
+med. Jeg ønsker et alternativ som <em>ikke</em> sender informasjon til
+skyen, men derimot bruker
+<a href="http://people.skolelinux.org/pere/blog/Fri_og__pen_standard__slik_Digistan_ser_det.html">en
+fritt og åpent standardisert</a> protokoll (eller i det minste en
+dokumentert protokoll uten patent- og opphavsrettslige
+bruksbegrensinger) til å kommunisere med datautstyr jeg kontrollerer.
+Er jo ikke interessert i å betale noen for å tilrøve seg
+personopplysninger fra meg. Desverre har jeg ikke funnet noe
+alternativ så langt.</p>
+
+<p>Det holder ikke å endre på bruksvilkårene for enhetene, slik
+Datatilsynet ofte legger opp til i sin behandling, når de gjør slik
+f.eks. Fitbit (den jeg har sett mest på). Fitbit krypterer
+informasjonen på enheten og sender den kryptert til leverandøren. Det
+gjør det i praksis umulig både å sjekke hva slags informasjon som
+sendes over, og umulig å ta imot informasjonen selv i stedet for
+Fitbit. Uansett hva slags historie som forteller i bruksvilkårene er
+en jo både prisgitt leverandørens godvilje og at de ikke tvinges av
+sitt lands myndigheter til å lyve til sine kunder om hvorvidt
+personopplysninger spres ut over det bruksvilkårene sier. Det er
+veldokumentert hvordan f.eks. USA tvinger selskaper vha. såkalte
+National security letters til å utlevere personopplysninger samtidig
+som de ikke får lov til å fortelle dette til kundene sine.</p>
+
+<p>Stå på, jeg er veldig glade for at dere har sett på saken. Vet
+dere om aktivitetsbånd i salg i dag som ikke tvinger en til å utlevere
+aktivitets- og helseopplysninger med leverandøren?</p>
+
+</blockquote>
+
+<p>Jeg håper en konkurrent som respekterer kundenes privatliv klarer å
+nå opp i markedet, slik at det finnes et reelt alternativ for oss som
+har full tillit til at skyleverandører vil prioritere egen inntjening
+og myndighetspålegg langt foran kundenes rett til privatliv. Jeg har
+ingen tiltro til at Datatilsynet vil kreve noe mer enn at vilkårene
+endres slik at de forklarer eksplisitt i hvor stor grad bruk av
+produktene utraderer privatsfæren til kundene. Det vil nok gjøre de
+innklagede armbåndene «lovlige», men fortsatt tvinge kundene til å
+dele sine personopplysninger med leverandøren.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Experience_and_updated_recipe_for_using_the_Signal_app_without_a_mobile_phone.html">Experience and updated recipe for using the Signal app without a mobile phone</a>
+ </div>
+ <div class="date">
+ 10th October 2016
+ </div>
+ <div class="body">
+ <p>In July
+<a href="http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html">I
+wrote how to get the Signal Chrome/Chromium app working</a> without
+the ability to receive SMS messages (aka without a cell phone). It is
+time to share some experiences and provide an updated setup.</p>
+
+<p>The Signal app have worked fine for several months now, and I use
+it regularly to chat with my loved ones. I had a major snag at the
+end of my summer vacation, when the the app completely forgot my
+setup, identity and keys. The reason behind this major mess was
+running out of disk space. To avoid that ever happening again I have
+started storing everything in <tt>userdata/</tt> in git, to be able to
+roll back to an earlier version if the files are wiped by mistake. I
+had to use it once after introducing the git backup. When rolling
+back to an earlier version, one need to use the 'reset session' option
+in Signal to get going, and notify the people you talk with about the
+problem. I assume there is some sequence number tracking in the
+protocol to detect rollback attacks. The git repository is rather big
+(674 MiB so far), but I have not tried to figure out if some of the
+content can be added to a .gitignore file due to lack of spare
+time.</p>
+
+<p>I've also hit the 90 days timeout blocking, and noticed that this
+make it impossible to send messages using Signal. I could still
+receive them, but had to patch the code with a new timestamp to send.
+I believe the timeout is added by the developers to force people to
+upgrade to the latest version of the app, even when there is no
+protocol changes, to reduce the version skew among the user base and
+thus try to keep the number of support requests down.</p>
+
+<p>Since my original recipe, the Signal source code changed slightly,
+making the old patch fail to apply cleanly. Below is an updated
+patch, including the shell wrapper I use to start Signal. The
+original version required a new user to locate the JavaScript console
+and call a function from there. I got help from a friend with more
+JavaScript knowledge than me to modify the code to provide a GUI
+button instead. This mean that to get started you just need to run
+the wrapper and click the 'Register without mobile phone' to get going
+now. I've also modified the timeout code to always set it to 90 days
+in the future, to avoid having to patch the code regularly.</p>
+
+<p>So, the updated recipe for Debian Jessie:</p>
+
+<ol>
+
+<li>First, install required packages to get the source code and the
+browser you need. Signal only work with Chrome/Chromium, as far as I
+know, so you need to install it.
+
+<pre>
+apt install git tor chromium
+git clone https://github.com/WhisperSystems/Signal-Desktop.git
+</pre></li>
+
+<li>Modify the source code using command listed in the the patch
+block below.</li>
+
+<li>Start Signal using the run-signal-app wrapper (for example using
+<tt>`pwd`/run-signal-app</tt>).
+
+<li>Click on the 'Register without mobile phone', will in a phone
+number you can receive calls to the next minute, receive the
+verification code and enter it into the form field and press
+'Register'. Note, the phone number you use will be user Signal
+username, ie the way others can find you on Signal.</li>
+
+<li>You can now use Signal to contact others. Note, new contacts do
+not show up in the contact list until you restart Signal, and there is
+no way to assign names to Contacts. There is also no way to create or
+update chat groups. I suspect this is because the web app do not have
+a associated contact database.</li>
+
+</ol>
+
+<p>I am still a bit uneasy about using Signal, because of the way its
+main author moxie0 reject federation and accept dependencies to major
+corporations like Google (part of the code is fetched from Google) and
+Amazon (the central coordination point is owned by Amazon). See for
+example
+<a href="https://github.com/LibreSignal/LibreSignal/issues/37">the
+LibreSignal issue tracker</a> for a thread documenting the authors
+view on these issues. But the network effect is strong in this case,
+and several of the people I want to communicate with already use
+Signal. Perhaps we can all move to <a href="https://ring.cx/">Ring</a>
+once it <a href="https://bugs.debian.org/830265">work on my
+laptop</a>? It already work on Windows and Android, and is included
+in <a href="https://tracker.debian.org/pkg/ring">Debian</a> and
+<a href="https://launchpad.net/ubuntu/+source/ring">Ubuntu</a>, but not
+working on Debian Stable.</p>
+
+<p>Anyway, this is the patch I apply to the Signal code to get it
+working. It switch to the production servers, disable to timeout,
+make registration easier and add the shell wrapper:</p>
+
+<pre>
+cd Signal-Desktop; cat <<EOF | patch -p1
+diff --git a/js/background.js b/js/background.js
+index 24b4c1d..579345f 100644
+--- a/js/background.js
++++ b/js/background.js
+@@ -33,9 +33,9 @@
+ });
+ });
+
+- var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
++ var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org';
+ var SERVER_PORTS = [80, 4433, 8443];
+- var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
++ var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com';
+ var messageReceiver;
+ window.getSocketStatus = function() {
+ if (messageReceiver) {
+diff --git a/js/expire.js b/js/expire.js
+index 639aeae..beb91c3 100644
+--- a/js/expire.js
++++ b/js/expire.js
+@@ -1,6 +1,6 @@
+ ;(function() {
+ 'use strict';
+- var BUILD_EXPIRATION = 0;
++ var BUILD_EXPIRATION = Date.now() + (90 * 24 * 60 * 60 * 1000);
+
+ window.extension = window.extension || {};
+
+diff --git a/js/views/install_view.js b/js/views/install_view.js
+index 7816f4f..1d6233b 100644
+--- a/js/views/install_view.js
++++ b/js/views/install_view.js
+@@ -38,7 +38,8 @@
+ return {
+ 'click .step1': this.selectStep.bind(this, 1),
+ 'click .step2': this.selectStep.bind(this, 2),
+- 'click .step3': this.selectStep.bind(this, 3)
++ 'click .step3': this.selectStep.bind(this, 3),
++ 'click .callreg': function() { extension.install('standalone') },
+ };
+ },
+ clearQR: function() {
+diff --git a/options.html b/options.html
+index dc0f28e..8d709f6 100644
+--- a/options.html
++++ b/options.html
+@@ -14,7 +14,10 @@
+ <div class='nav'>
+ <h1>{{ installWelcome }}</h1>
+ <p>{{ installTagline }}</p>
+- <div> <a class='button step2'>{{ installGetStartedButton }}</a> </div>
++ <div> <a class='button step2'>{{ installGetStartedButton }}</a>
++ <br> <a class="button callreg">Register without mobile phone</a>
++
++ </div>
+ <span class='dot step1 selected'></span>
+ <span class='dot step2'></span>
+ <span class='dot step3'></span>
+--- /dev/null 2016-10-07 09:55:13.730181472 +0200
++++ b/run-signal-app 2016-10-10 08:54:09.434172391 +0200
+@@ -0,0 +1,12 @@
++#!/bin/sh
++set -e
++cd $(dirname $0)
++mkdir -p userdata
++userdata="`pwd`/userdata"
++if [ -d "$userdata" ] && [ ! -d "$userdata/.git" ] ; then
++ (cd $userdata && git init)
++fi
++(cd $userdata && git add . && git commit -m "Current status." || true)
++exec chromium \
++ --proxy-server="socks://localhost:9050" \
++ --user-data-dir=$userdata --load-and-launch-app=`pwd`
+EOF
+chmod a+rx run-signal-app
+</pre>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/NRKs_kildevern_n_r_NRK_epost_deles_med_utenlands_etterretning_.html">NRKs kildevern når NRK-epost deles med utenlands etterretning?</a>
+ </div>
+ <div class="date">
+ 8th October 2016
+ </div>
+ <div class="body">
+ <p>NRK
+<a href="https://nrkbeta.no/2016/09/02/securing-whistleblowers/">lanserte
+for noen uker siden</a> en ny
+<a href="https://www.nrk.no/varsle/">varslerportal som bruker
+SecureDrop til å ta imot tips</a> der det er vesentlig at ingen
+utenforstående får vite at NRK er tipset. Det er et langt steg
+fremover for NRK, og når en leser bloggposten om hva de har tenkt på
+og hvordan løsningen er satt opp virker det som om de har gjort en
+grundig jobb der. Men det er ganske mye ekstra jobb å motta tips via
+SecureDrop, så varslersiden skriver "Nyhetstips som ikke krever denne
+typen ekstra vern vil vi gjerne ha på nrk.no/03030", og 03030-siden
+foreslår i tillegg til et webskjema å bruke epost, SMS, telefon,
+personlig oppmøte og brevpost. Denne artikkelen handler disse andre
+metodene.</p>
+
+<p>Når en sender epost til en @nrk.no-adresse så vil eposten sendes ut
+av landet til datamaskiner kontrollert av Microsoft. En kan sjekke
+dette selv ved å slå opp epostleveringsadresse (MX) i DNS. For NRK er
+dette i dag "nrk-no.mail.protection.outlook.com". NRK har som en ser
+valgt å sette bort epostmottaket sitt til de som står bak outlook.com,
+dvs. Microsoft. En kan sjekke hvor nettverkstrafikken tar veien
+gjennom Internett til epostmottaket vha. programmet
+<tt>traceroute</tt>, og finne ut hvem som eier en Internett-adresse
+vha. whois-systemet. Når en gjør dette for epost-trafikk til @nrk.no
+ser en at trafikken fra Norge mot nrk-no.mail.protection.outlook.com
+går via Sverige mot enten Irland eller Tyskland (det varierer fra gang
+til gang og kan endre seg over tid).</p>
+
+<p>Vi vet fra
+<a href="https://no.wikipedia.org/wiki/FRA-loven">introduksjonen av
+FRA-loven</a> at IP-trafikk som passerer grensen til Sverige avlyttes
+av Försvarets radioanstalt (FRA). Vi vet videre takket være
+Snowden-bekreftelsene at trafikk som passerer grensen til
+Storbritannia avlyttes av Government Communications Headquarters
+(GCHQ). I tillegg er er det nettopp lansert et forslag i Norge om at
+forsvarets E-tjeneste skal få avlytte trafikk som krysser grensen til
+Norge. Jeg er ikke kjent med dokumentasjon på at Irland og Tyskland
+gjør det samme. Poenget er uansett at utenlandsk etterretning har
+mulighet til å snappe opp trafikken når en sender epost til @nrk.no.
+I tillegg er det selvsagt tilgjengelig for Microsoft som er underlagt USAs
+jurisdiksjon og
+<a href="https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data">samarbeider
+med USAs etterretning på flere områder</a>. De som tipser NRK om
+nyheter via epost kan dermed gå ut fra at det blir kjent for mange
+andre enn NRK at det er gjort.</p>
+
+<p>Bruk av SMS og telefon registreres av blant annet telefonselskapene
+og er tilgjengelig i følge lov og forskrift for blant annet Politi,
+NAV og Finanstilsynet, i tillegg til IT-folkene hos telefonselskapene
+og deres overordnede. Hvis innringer eller mottaker bruker
+smarttelefon vil slik kontakt også gjøres tilgjengelig for ulike
+app-leverandører og de som lytter på trafikken mellom telefon og
+app-leverandør, alt etter hva som er installert på telefonene som
+brukes.</p>
+
+<p>Brevpost kan virke trygt, og jeg vet ikke hvor mye som registreres
+og lagres av postens datastyrte postsorteringssentraler. Det vil ikke
+overraske meg om det lagres hvor i landet hver konvolutt kommer fra og
+hvor den er adressert, i hvert fall for en kortere periode. Jeg vet
+heller ikke hvem slik informasjon gjøres tilgjengelig for. Det kan
+være nok til å ringe inn potensielle kilder når det krysses med hvem
+som kjente til aktuell informasjon og hvor de befant seg (tilgjengelig
+f.eks. hvis de bærer mobiltelefon eller bor i nærheten).</p>
+
+<p>Personlig oppmøte hos en NRK-journalist er antagelig det tryggeste,
+men en bør passe seg for å bruke NRK-kantina. Der bryter de nemlig
+<a href="http://www.lovdata.no/all/hl-19850524-028.html#14">Sentralbanklovens
+paragraf 14</a> og nekter folk å betale med kontanter. I stedet
+krever de at en varsle sin bankkortutsteder om hvor en befinner seg
+ved å bruke bankkort. Banktransaksjoner er tilgjengelig for
+bankkortutsteder (det være seg VISA, Mastercard, Nets og/eller en
+bank) i tillegg til politiet og i hvert fall tidligere med Se & Hør
+(via utro tjenere, slik det ble avslørt etter utgivelsen av boken
+«Livet, det forbannede» av Ken B. Rasmussen). Men hvor mange kjenner
+en NRK-journalist personlig? Besøk på NRK på Marienlyst krever at en
+registrerer sin ankost elektronisk i besøkssystemet. Jeg vet ikke hva
+som skjer med det datasettet, men har grunn til å tro at det sendes ut
+SMS til den en skal besøke med navnet som er oppgitt. Kanskje greit å
+oppgi falskt navn.</p>
+
+<p>Når så tipset er kommet frem til NRK skal det behandles
+redaksjonelt i NRK. Der vet jeg via ulike kilder at de fleste
+journalistene bruker lokalt installert programvare, men noen bruker
+Google Docs og andre skytjenester i strid med interne retningslinjer
+når de skriver. Hvordan vet en hvem det gjelder? Ikke vet jeg, men
+det kan være greit å spørre for å sjekke at journalisten har tenkt på
+problemstillingen, før en gir et tips. Og hvis tipset omtales internt
+på epost, er det jo grunn til å tro at også intern eposten vil deles
+med Microsoft og utenlands etterretning, slik tidligere nevnt, men det
+kan hende at det holdes internt i NRKs interne MS Exchange-løsning.
+Men Microsoft ønsker å få alle Exchange-kunder over "i skyen" (eller
+andre folks datamaskiner, som det jo innebærer), så jeg vet ikke hvor
+lenge det i så fall vil vare.</p>
+
+<p>I tillegg vet en jo at
+<a href="https://www.nrk.no/ytring/elektronisk-kildevern-i-nrk-1.11941196">NRK
+har valgt å gi nasjonal sikkerhetsmyndighet (NSM) tilgang til å se på
+intern og ekstern Internett-trafikk</a> hos NRK ved oppsett av såkalte
+VDI-noder, på tross av
+<a href="https://www.nrk.no/ytring/bekymring-for-nrks-kildevern-1.11941584">protester
+fra NRKs journalistlag</a>. Jeg vet ikke om den vil kunne snappe opp
+dokumenter som lagres på interne filtjenere eller dokumenter som lages
+i de interne webbaserte publiseringssystemene, men vet at hva noden
+ser etter på nettet kontrolleres av NSM og oppdateres automatisk, slik
+at det ikke gir så mye mening å sjekke hva noden ser etter i dag når
+det kan endres automatisk i morgen.</p>
+
+<p>Personlig vet jeg ikke om jeg hadde turt tipse NRK hvis jeg satt på
+noe som kunne være en trussel mot den bestående makten i Norge eller
+verden. Til det virker det å være for mange åpninger for
+utenforstående med andre prioriteter enn NRKs journalistiske fokus.
+Og den største truslen for en varsler er jo om metainformasjon kommer
+på avveie, dvs. informasjon om at en har vært i kontakt med en
+journalist. Det kan være nok til at en kommer i myndighetenes
+søkelys, og de færreste har nok operasjonell sikkerhet til at vil tåle
+slik flombelysning på sitt privatliv.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/dld">dld</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Unlocking_HTC_Desire_HD_on_Linux_using_unruu_and_fastboot.html">Unlocking HTC Desire HD on Linux using unruu and fastboot</a>
+ </div>
+ <div class="date">
+ 7th July 2016
+ </div>
+ <div class="body">
+ <p>Yesterday, I tried to unlock a HTC Desire HD phone, and it proved
+to be a slight challenge. Here is the recipe if I ever need to do it
+again. It all started by me wanting to try the recipe to set up
+<a href="https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy">an
+hardened Android installation</a> from the Tor project blog on a
+device I had access to. It is a old mobile phone with a broken
+microphone The initial idea had been to just
+<a href="http://wiki.cyanogenmod.org/w/Install_CM_for_ace">install
+CyanogenMod on it</a>, but did not quite find time to start on it
+until a few days ago.</p>
+
+<p>The unlock process is supposed to be simple: (1) Boot into the boot
+loader (press volume down and power at the same time), (2) select
+'fastboot' before (3) connecting the device via USB to a Linux
+machine, (4) request the device identifier token by running 'fastboot
+oem get_identifier_token', (5) request the device unlocking key using
+the <a href="http://www.htcdev.com/bootloader/">HTC developer web
+site</a> and unlock the phone using the key file emailed to you.</p>
+
+<p>Unfortunately, this only work fi you have hboot version 2.00.0029
+or newer, and the device I was working on had 2.00.0027. This
+apparently can be easily fixed by downloading a Windows program and
+running it on your Windows machine, if you accept the terms Microsoft
+require you to accept to use Windows - which I do not. So I had to
+come up with a different approach. I got a lot of help from AndyCap
+on #nuug, and would not have been able to get this working without
+him.</p>
+
+<p>First I needed to extract the hboot firmware from
+<a href="http://www.htcdev.com/ruu/PD9810000_Ace_Sense30_S_hboot_2.00.0029.exe">the
+windows binary for HTC Desire HD</a> downloaded as 'the RUU' from HTC.
+For this there is is <a href="https://github.com/kmdm/unruu/">a github
+project named unruu</a> using libunshield. The unshield tool did not
+recognise the file format, but unruu worked and extracted rom.zip,
+containing the new hboot firmware and a text file describing which
+devices it would work for.</p>
+
+<p>Next, I needed to get the new firmware into the device. For this I
+followed some instructions
+<a href="http://www.htc1guru.com/2013/09/new-ruu-zips-posted/">available
+from HTC1Guru.com</a>, and ran these commands as root on a Linux
+machine with Debian testing:</p>
+
+<p><pre>
+adb reboot-bootloader
+fastboot oem rebootRUU
+fastboot flash zip rom.zip
+fastboot flash zip rom.zip
+fastboot reboot
+</pre></p>
+
+<p>The flash command apparently need to be done twice to take effect,
+as the first is just preparations and the second one do the flashing.
+The adb command is just to get to the boot loader menu, so turning the
+device on while holding volume down and the power button should work
+too.</p>
+
+<p>With the new hboot version in place I could start following the
+instructions on the HTC developer web site. I got the device token
+like this:</p>
+
+<p><pre>
+fastboot oem get_identifier_token 2>&1 | sed 's/(bootloader) //'
+</pre>
+
+<p>And once I got the unlock code via email, I could use it like
+this:</p>
+
+<p><pre>
+fastboot flash unlocktoken Unlock_code.bin
+</pre></p>
+
+<p>And with that final step in place, the phone was unlocked and I
+could start stuffing the software of my own choosing into the device.
+So far I only inserted a replacement recovery image to wipe the phone
+before I start. We will see what happen next. Perhaps I should
+install <a href="https://www.debian.org/">Debian</a> on it. :)</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html">How to use the Signal app if you only have a land line (ie no mobile phone)</a>
+ </div>
+ <div class="date">
+ 3rd July 2016
+ </div>
+ <div class="body">
+ <p>For a while now, I have wanted to test
+<a href="https://whispersystems.org/">the Signal app</a>, as it is
+said to provide end to end encrypted communication and several of my
+friends and family are already using it. As I by choice do not own a
+mobile phone, this proved to be harder than expected. And I wanted to
+have the source of the client and know that it was the code used on my
+machine. But yesterday I managed to get it working. I used the
+Github source, compared it to the source in
+<a href="https://chrome.google.com/webstore/detail/signal-private-messenger/bikioccmkafdpakkkcpdbppfkghcmihk?hl=en-US">the
+Signal Chrome app</a> available from the Chrome web store, applied
+patches to use the production Signal servers, started the app and
+asked for the hidden "register without a smart phone" form. Here is
+the recipe how I did it.</p>
+
+<p>First, I fetched the Signal desktop source from Github, using
+
+<pre>
+git clone https://github.com/WhisperSystems/Signal-Desktop.git
+</pre>
+
+<p>Next, I patched the source to use the production servers, to be
+able to talk to other Signal users:</p>
+
+<pre>
+cat <<EOF | patch -p0
+diff -ur ./js/background.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js
+--- ./js/background.js 2016-06-29 13:43:15.630344628 +0200
++++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js 2016-06-29 14:06:29.530300934 +0200
+@@ -47,8 +47,8 @@
+ });
+ });
+
+- var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
+- var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
++ var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org:4433';
++ var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com';
+ var messageReceiver;
+ window.getSocketStatus = function() {
+ if (messageReceiver) {
+diff -ur ./js/expire.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js
+--- ./js/expire.js 2016-06-29 13:43:15.630344628 +0200
++++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js2016-06-29 14:06:29.530300934 +0200
+@@ -1,6 +1,6 @@
+ ;(function() {
+ 'use strict';
+- var BUILD_EXPIRATION = 0;
++ var BUILD_EXPIRATION = 1474492690000;
+
+ window.extension = window.extension || {};
+
+EOF
+</pre>
+
+<p>The first part is changing the servers, and the second is updating
+an expiration timestamp. This timestamp need to be updated regularly.
+It is set 90 days in the future by the build process (Gruntfile.js).
+The value is seconds since 1970 times 1000, as far as I can tell.</p>
+
+<p>Based on a tip and good help from the #nuug IRC channel, I wrote a
+script to launch Signal in Chromium.</p>
+
+<pre>
+#!/bin/sh
+cd $(dirname $0)
+mkdir -p userdata
+exec chromium \
+ --proxy-server="socks://localhost:9050" \
+ --user-data-dir=`pwd`/userdata --load-and-launch-app=`pwd`
+</pre>
+
+<p> The script start the app and configure Chromium to use the Tor
+SOCKS5 proxy to make sure those controlling the Signal servers (today
+Amazon and Whisper Systems) as well as those listening on the lines
+will have a harder time location my laptop based on the Signal
+connections if they use source IP address.</p>
+
+<p>When the script starts, one need to follow the instructions under
+"Standalone Registration" in the CONTRIBUTING.md file in the git
+repository. I right clicked on the Signal window to get up the
+Chromium debugging tool, visited the 'Console' tab and wrote
+'extension.install("standalone")' on the console prompt to get the
+registration form. Then I entered by land line phone number and
+pressed 'Call'. 5 seconds later the phone rang and a robot voice
+repeated the verification code three times. After entering the number
+into the verification code field in the form, I could start using
+Signal from my laptop.
+
+<p>As far as I can tell, The Signal app will leak who is talking to
+whom and thus who know who to those controlling the central server,
+but such leakage is hard to avoid with a centrally controlled server
+setup. It is something to keep in mind when using Signal - the
+content of your chats are harder to intercept, but the meta data
+exposing your contact network is available to people you do not know.
+So better than many options, but not great. And sadly the usage is
+connected to my land line, thus allowing those controlling the server
+to associate it to my home and person. I would prefer it if only
+those I knew could tell who I was on Signal. There are options
+avoiding such information leakage, but most of my friends are not
+using them, so I am stuck with Signal for now.</p>
+
+<p><strong>Update 2017-01-10</strong>: There is an updated blog post
+on this topic in
+<a href="http://people.skolelinux.org/pere/blog/Experience_and_updated_recipe_for_using_the_Signal_app_without_a_mobile_phone.html">Experience
+and updated recipe for using the Signal app without a mobile
+phone</a>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/syslog_trusted_timestamp___chain_of_trusted_timestamps_for_your_syslog.html">syslog-trusted-timestamp - chain of trusted timestamps for your syslog</a>
+ </div>
+ <div class="date">
+ 2nd April 2016
+ </div>
+ <div class="body">
+ <p>Two years ago, I had
+<a href="http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html">a
+look at trusted timestamping options available</a>, and among
+other things noted a still open
+<a href="https://bugs.debian.org/742553">bug in the tsget script</a>
+included in openssl that made it harder than necessary to use openssl
+as a trusted timestamping client. A few days ago I was told
+<a href="https:/www.difi.no/">the Norwegian government office DIFI</a> is
+close to releasing their own trusted timestamp service, and in the
+process I was happy to learn about a replacement for the tsget script
+using only curl:</p>
+
+<p><pre>
+openssl ts -query -data "/etc/shells" -cert -sha256 -no_nonce \
+ | curl -s -H "Content-Type: application/timestamp-query" \
+ --data-binary "@-" http://zeitstempel.dfn.de > etc-shells.tsr
+openssl ts -reply -text -in etc-shells.tsr
+</pre></p>
+
+<p>This produces a binary timestamp file (etc-shells.tsr) which can be
+used to verify that the content of the file /etc/shell with the
+calculated sha256 hash existed at the point in time when the request
+was made. The last command extract the content of the etc-shells.tsr
+in human readable form. The idea behind such timestamp is to be able
+to prove using cryptography that the content of a file have not
+changed since the file was stamped.</p>
+
+<p>To verify that the file on disk match the public key signature in
+the timestamp file, run the following commands. It make sure you have
+the required certificate for the trusted timestamp service available
+and use it to compare the file content with the timestamp. In
+production, one should of course use a better method to verify the
+service certificate.</p>
+
+<p><pre>
+wget -O ca-cert.txt https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
+openssl ts -verify -data /etc/shells -in etc-shells.tsr -CAfile ca-cert.txt -text
+</pre></p>
+
+<p>Wikipedia have a lot more information about
+<a href="https://en.wikipedia.org/wiki/Trusted_timestamping">trusted
+Timestamping</a> and
+<a href="https://en.wikipedia.org/wiki/Linked_timestamping">linked
+timestamping</a>, and there are several trusted timestamping services
+around, both as commercial services and as free and public services.
+Among the latter is
+<a href="https://www.pki.dfn.de/zeitstempeldienst/">the
+zeitstempel.dfn.de service</a> mentioned above and
+<a href="https://freetsa.org/">freetsa.org service</a> linked to from the
+wikipedia web site. I believe the DIFI service should show up on
+https://tsa.difi.no, but it is not available to the public at the
+moment. I hope this will change when it is into production. The
+<a href="https://tools.ietf.org/html/rfc3161">RFC 3161</a> trusted
+timestamping protocol standard is even implemented in LibreOffice,
+Microsoft Office and Adobe Acrobat, making it possible to verify when
+a document was created.</p>
+
+<p>I would find it useful to be able to use such trusted timestamp
+service to make it possible to verify that my stored syslog files have
+not been tampered with. This is not a new idea. I found one example
+implemented on the Endian network appliances where
+<a href="http://help.endian.com/entries/21518508-Enabling-Timestamping-on-log-files-">the
+configuration of such feature was described in 2012</a>.</p>
+
+<p>But I could not find any free implementation of such feature when I
+searched, so I decided to try to
+<a href="https://github.com/petterreinholdtsen/syslog-trusted-timestamp">build
+a prototype named syslog-trusted-timestamp</a>. My idea is to
+generate a timestamp of the old log files after they are rotated, and
+store the timestamp in the new log file just after rotation. This
+will form a chain that would make it possible to see if any old log
+files are tampered with. But syslog is bad at handling kilobytes of
+binary data, so I decided to base64 encode the timestamp and add an ID
+and line sequence numbers to the base64 data to make it possible to
+reassemble the timestamp file again. To use it, simply run it like
+this:
+
+<p><pre>
+syslog-trusted-timestamp /path/to/list-of-log-files
+</pre></p>
+
+<p>This will send a timestamp from one or more timestamp services (not
+yet decided nor implemented) for each listed file to the syslog using
+logger(1). To verify the timestamp, the same program is used with the
+--verify option:</p>
+
+<p><pre>
+syslog-trusted-timestamp --verify /path/to/log-file /path/to/log-with-timestamp
+</pre></p>
+
+<p>The verification step is not yet well designed. The current
+implementation depend on the file path being unique and unchanging,
+and this is not a solid assumption. It also uses process number as
+timestamp ID, and this is bound to create ID collisions. I hope to
+have time to come up with a better way to handle timestamp IDs and
+verification later.</p>
+
+<p>Please check out
+<a href="https://github.com/petterreinholdtsen/syslog-trusted-timestamp">the
+prototype for syslog-trusted-timestamp on github</a> and send
+suggestions and improvement, or let me know if there already exist a
+similar system for timestamping logs already to allow me to join
+forces with others with the same interest.</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html">Always download Debian packages using Tor - the simple recipe</a>
+ </div>
+ <div class="date">
+ 15th January 2016
+ </div>
+ <div class="body">
+ <p>During his DebConf15 keynote, Jacob Appelbaum
+<a href="https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/">observed
+that those listening on the Internet lines would have good reason to
+believe a computer have a given security hole</a> if it download a
+security fix from a Debian mirror. This is a good reason to always
+use encrypted connections to the Debian mirror, to make sure those
+listening do not know which IP address to attack. In August, Richard
+Hartmann observed that encryption was not enough, when it was possible
+to interfere download size to security patches or the fact that
+download took place shortly after a security fix was released, and
+<a href="http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/">proposed
+to always use Tor to download packages from the Debian mirror</a>. He
+was not the first to propose this, as the
+<tt><a href="https://tracker.debian.org/pkg/apt-transport-tor">apt-transport-tor</a></tt>
+package by Tim Retout already existed to make it easy to convince apt
+to use <a href="https://www.torproject.org/">Tor</a>, but I was not
+aware of that package when I read the blog post from Richard.</p>
+
+<p>Richard discussed the idea with Peter Palfrader, one of the Debian
+sysadmins, and he set up a Tor hidden service on one of the central
+Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
+it possible to download packages directly between two tor nodes,
+making sure the network traffic always were encrypted.</p>
+
+<p>Here is a short recipe for enabling this on your machine, by
+installing <tt>apt-transport-tor</tt> and replacing http and https
+urls with tor+http and tor+https, and using the hidden service instead
+of the official Debian mirror site. I recommend installing
+<tt>etckeeper</tt> before you start to have a history of the changes
+done in /etc/.</p>
+
+<blockquote><pre>
+apt install apt-transport-tor
+sed -i 's% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%' /etc/apt/sources.list
+sed -i 's% http% tor+http%' /etc/apt/sources.list
+</pre></blockquote>
+
+<p>If you have more sources listed in /etc/apt/sources.list.d/, run
+the sed commands for these too. The sed command is assuming your are
+using the ftp.debian.org Debian mirror. Adjust the command (or just
+edit the file manually) to match your mirror.</p>
+
+<p>This work in Debian Jessie and later. Note that tools like
+<tt>apt-file</tt> only recently started using the apt transport
+system, and do not work with these tor+http URLs. For
+<tt>apt-file</tt> you need the version currently in experimental,
+which need a recent apt version currently only in unstable. So if you
+need a working <tt>apt-file</tt>, this is not for you.</p>
+
+<p>Another advantage from this change is that your machine will start
+using Tor regularly and at fairly random intervals (every time you
+update the package lists or upgrade or install a new package), thus
+masking other Tor traffic done from the same machine. Using Tor will
+become normal for the machine in question.</p>
+
+<p>On <a href="https://wiki.debian.org/FreedomBox">Freedombox</a>, APT
+is set up by default to use <tt>apt-transport-tor</tt> when Tor is
+enabled. It would be great if it was the default on any Debian
+system.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/PGP_key_transition_statement_for_key_EE4E02F9.html">PGP key transition statement for key EE4E02F9</a>
+ </div>
+ <div class="date">
+ 17th November 2015
+ </div>
+ <div class="body">
+ <p>I've needed a new OpenPGP key for a while, but have not had time to
+set it up properly. I wanted to generate it offline and have it
+available on <a href="http://shop.kernelconcepts.de/#openpgp">a OpenPGP
+smart card</a> for daily use, and learning how to do it and finding
+time to sit down with an offline machine almost took forever. But
+finally I've been able to complete the process, and have now moved
+from my old GPG key to a new GPG key. See
+<a href="http://people.skolelinux.org/pere/blog/images/2015-11-17-new-gpg-key-transition.txt">the
+full transition statement, signed with both my old and new key</a> for
+the details. This is my new key:</p>
+
+<pre>
+pub 3936R/<a href="http://pgp.cs.uu.nl/stats/111D6B29EE4E02F9.html">111D6B29EE4E02F9</a> 2015-11-03 [expires: 2019-11-14]
+ Key fingerprint = 3AC7 B2E3 ACA5 DF87 78F1 D827 111D 6B29 EE4E 02F9
+uid Petter Reinholdtsen <pere@hungry.com>
+uid Petter Reinholdtsen <pere@debian.org>
+sub 4096R/87BAFB0E 2015-11-03 [expires: 2019-11-02]
+sub 4096R/F91E6DE9 2015-11-03 [expires: 2019-11-02]
+sub 4096R/A0439BAB 2015-11-03 [expires: 2019-11-02]
+</pre>
+
+<p>The key can be downloaded from the OpenPGP key servers, signed by
+my old key.</p>
+
+<p>If you signed my old key
+(<a href="http://pgp.cs.uu.nl/stats/DB4CCC4B2A30D729.html">DB4CCC4B2A30D729</a>),
+I'd very much appreciate a signature on my new key, details and
+instructions in the transition statement. I m happy to reciprocate if
+you have a similarly signed transition statement to present.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Lawrence_Lessig_interviewed_Edward_Snowden_a_year_ago.html">Lawrence Lessig interviewed Edward Snowden a year ago</a>
+ </div>
+ <div class="date">
+ 19th October 2015
+ </div>
+ <div class="body">
+ <p>Last year, <a href="https://lessig2016.us/">US president candidate
+in the Democratic Party</a> Lawrence interviewed Edward Snowden. The
+one hour interview was
+<a href="https://www.youtube.com/watch?v=o_Sr96TFQQE">published by
+Harvard Law School 2014-10-23 on Youtube</a>, and the meeting took
+place 2014-10-20.</p>
+
+<p>The questions are very good, and there is lots of useful
+information to be learned and very interesting issues to think about
+being raised. Please check it out.</p>
+
+<iframe width="560" height="315" src="https://www.youtube.com/embed/o_Sr96TFQQE" frameborder="0" allowfullscreen></iframe>
+
+<p>I find it especially interesting to hear again that Snowden did try
+to bring up his reservations through the official channels without any
+luck. It is in sharp contrast to the answers made 2013-11-06 by the
+Norwegian prime minister Erna Solberg to the Norwegian Parliament,
+<a href="https://tale.holderdeord.no/speeches/s131106/68">claiming
+Snowden is no Whistle-Blower</a> because he should have taken up his
+concerns internally and using official channels. It make me sad
+that this is the political leadership we have here in Norway.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Alle_Stortingets_mobiltelefoner_kontrolleres_fra_USA___.html">Alle Stortingets mobiltelefoner kontrolleres fra USA...</a>
+ </div>
+ <div class="date">
+ 7th October 2015
+ </div>
+ <div class="body">
+ <p>Jeg lot meg fascinere av
+<a href="http://www.aftenposten.no/nyheter/iriks/politikk/Stortinget-har-tilgang-til-a-fjernstyre-600-mobiler-8192692.html">en
+artikkel i Aftenposten</a> der det fortelles at «over 600 telefoner som
+benyttes av stortingsrepresentanter, rådgivere og ansatte på
+Stortinget, kan «fjernstyres» ved hjelp av
+<a href="https://play.google.com/store/apps/details?id=com.airwatch.androidagent">programvaren
+Airwatch</a>, et såkalte MDM-program (Mobile Device Managment)». Det
+hele bagatelliseres av Stortingets IT-stab, men det er i hovedsak på
+grunn av at journalisten ikke stiller de relevante spørsmålene. For
+meg er det relevante spørsmålet hvem som har lovlig tilgang (i henhold
+til lokal lovgiving, dvs. i hvert fall i Norge, Sverige, UK og USA)
+til informasjon om og på telefonene, og hvor enkelt det er å skaffe
+seg tilgang til hvor mobilene befinner seg og informasjon som befinner
+seg på telefonene ved hjelp av utro tjenere, trusler, innbrudd og
+andre ulovlige metoder.</p>
+
+<p>Bruken av AirWatch betyr i realiteten at USAs etteretning og
+politimyndigheter har full tilgang til stortingets mobiltelefoner,
+inkludert posisjon og innhold, takket være
+<a href="https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act_of_1978_Amendments_Act_of_2008">FISAAA-loven</a>
+og
+"<a href="https://en.wikipedia.org/wiki/National_security_letter">National
+Security Letters</a>" og det enkle faktum at selskapet
+<a href="http://www.airwatch.com/">AirWatch</a> er kontrollert av et
+selskap i USA. I tillegg er det kjent at flere lands
+etterretningstjenester kan lytte på trafikken når den passerer
+landegrensene.</p>
+
+<p>Jeg har bedt om mer informasjon
+<a href="https://www.mimesbronn.no/request/saksnummer_for_saker_anganede_br">fra
+Stortinget om bruken av AirWatch</a> via Mimes brønn så får vi se hva
+de har å fortelle om saken. Fant ingenting om 'airwatch' i
+postjournalen til Stortinget, så jeg trenger hjelp før jeg kan be om
+innsyn i konkrete dokumenter.</p>
+
+<p>Oppdatering 2015-10-07: Jeg er blitt spurt hvorfor jeg antar at
+AirWatch-agenten rapporterer til USA og ikke direkte til Stortingets
+egen infrastruktur. Det stemmer at det er teknisk mulig å sette
+opp mobiltelefonene til å rapportere til datamaskiner som eies av
+Stortinget. Jeg antar det rapporteres til AirWatch sine sentrale
+tjenester basert på det jeg leste fra beskrivelsen av
+<a href="http://www.airwatch.com/solutions/mobile-device-management/">Mobile
+Device Management</A> på AirWatch sine egne nettsider, koblet med at
+det brukes en standard app som kan hentes fra "app-butikkene" for å få
+tilgang. Enten må app-en settes opp individuelt hos Stortinget, eller
+så får den beskjed fra AirWatch i USA om hvor den skal koble seg opp.
+I det første tilfellet vil den ikke rapportere direkte til USA, men
+til programvare utviklet av AirWatch som kjører på en maskin under
+Stortingets kontroll. Det er litt bedre, men fortsatt vil det være
+umulig for Stortinget å være sikker på hva programvaren som tar imot
+forbindelser gjør. Jeg ser fra beskrivelsen av
+<a href="http://www.airwatch.com/differentiators/enterprise-integration/">Enterprice
+Integration</a> hos AirWatch at det er mulig å ha lokal installasjon,
+og håper innsynsforespørsler mot Stortinget kan fortelle mer om
+hvordan ting konkret fungerer der.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html">Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net</a>
+ </div>
+ <div class="date">
+ 10th September 2014
+ </div>
+ <div class="body">
+ <p>Yesterday, I had the pleasure of attending a talk with the
+<a href="http://www.nuug.no/">Norwegian Unix User Group</a> about
+<a href="http://www.nuug.no/aktiviteter/20140909-sks-keyservers/">the
+OpenPGP keyserver pool sks-keyservers.net</a>, and was very happy to
+learn that there is a large set of publicly available key servers to
+use when looking for peoples public key. So far I have used
+subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former
+were misbehaving, but those days are ended. The servers I have used
+up until yesterday have been slow and some times unavailable. I hope
+those problems are gone now.</p>
+
+<p>Behind the round robin DNS entry of the
+<a href="https://sks-keyservers.net/">sks-keyservers.net</a> service
+there is a pool of more than 100 keyservers which are checked every
+day to ensure they are well connected and up to date. It must be
+better than what I have used so far. :)</p>
+
+<p>Yesterdays speaker told me that the service is the default
+keyserver provided by the default configuration in GnuPG, but this do
+not seem to be used in Debian. Perhaps it should?</p>
+
+<p>Anyway, I've updated my ~/.gnupg/options file to now include this
+line:</p>
+
+<p><blockquote><pre>
+keyserver pool.sks-keyservers.net
+</pre></blockquote></p>
+
+<p>With GnuPG version 2 one can also locate the keyserver using SRV
+entries in DNS. Just for fun, I did just that at work, so now every
+user of GnuPG at the University of Oslo should find a OpenGPG
+keyserver automatically should their need it:</p>
+
+<p><blockquote><pre>
+% host -t srv _pgpkey-http._tcp.uio.no
+_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
+%
+</pre></blockquote></p>
+
+<p>Now if only
+<a href="http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/">the
+HKP lookup protocol</a> supported finding signature paths, I would be
+very happy. It can look up a given key or search for a user ID, but I
+normally do not want that, but to find a trust path from my key to
+another key. Given a user ID or key ID, I would like to find (and
+download) the keys representing a signature path from my key to the
+key in question, to be able to get a trust path between the two keys.
+This is as far as I can tell not possible today. Perhaps something
+for a future version of the protocol?</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
<div class="entry">
<div class="title">
<a href="http://people.skolelinux.org/pere/blog/FreedomBox_milestone___all_packages_now_in_Debian_Sid.html">FreedomBox milestone - all packages now in Debian Sid</a>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/
nice free software">nice free software</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/usenix">usenix</a>.
</div>
etc) helt uten at jeg er involvert. Jeg takker derfor fortsatt nei
til BankID-modellen.</p>
+<p>Oppdatering 2015-11-17: Fant en
+<a href="http://1and1are2.blogspot.no/2014/05/bankid-elektronisk-sppel.html">bloggpost
+fra Britt Lysaa som belyser hvilke inngrep i privatsfæren bruken av
+BankID utgjør</a>, i tillegg til de sikkerhetsmessige vurderingene
+omtalt over. Anbefalt lesning.</p>
+
</div>
<div class="tags">
<h2>Archive</h2>
<ul>
+<li>2017
+<ul>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2017/01/">January (4)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2017/02/">February (3)</a></li>
+
+</ul></li>
+
+<li>2016
+<ul>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/01/">January (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/02/">February (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/03/">March (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/04/">April (8)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/05/">May (8)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/06/">June (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/07/">July (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/08/">August (5)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/09/">September (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/10/">October (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/11/">November (8)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2016/12/">December (5)</a></li>
+
+</ul></li>
+
+<li>2015
+<ul>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/01/">January (7)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/02/">February (6)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/03/">March (1)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/04/">April (4)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/05/">May (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/06/">June (4)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/07/">July (6)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/08/">August (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/09/">September (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/10/">October (9)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/11/">November (6)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2015/12/">December (3)</a></li>
+
+</ul></li>
+
<li>2014
<ul>
<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/03/">March (8)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/04/">April (6)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/04/">April (7)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/05/">May (1)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/06/">June (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/07/">July (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/08/">August (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/09/">September (5)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/10/">October (6)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/11/">November (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/12/">December (5)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/bankid">bankid (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (8)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (9)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (14)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (16)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (98)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (145)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (146)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (158)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/dld">dld (15)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/dld">dld (16)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (23)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (245)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (341)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (21)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (12)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (29)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (9)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (8)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (18)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/h264">h264 (20)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (42)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (9)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (15)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (18)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (20)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (9)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (7)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (8)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lsdvd">lsdvd (2)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (26)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (39)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software (9)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (245)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (287)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (162)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (187)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (28)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (46)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (64)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (72)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (99)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (2)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (3)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (9)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (10)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (5)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (52)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (4)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (5)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (51)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (44)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (5)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (3)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (9)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (47)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (25)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/usenix">usenix (2)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (59)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (30)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (40)</a></li>
</ul>
projects / homepage.git / blobdiff