Generated.

[homepage.git] / blog / index.rss

diff --git a/blog/index.rss b/blog/index.rss
index 1b85066ac221a81fdcc2e9a4043ecb64ba94c445..e4875233fed0cd2a0b35b6a48e7fe8600c3f3d3a 100644 (file)
--- a/blog/index.rss
+++ b/blog/index.rss
@@ -7,743 +7,1049 @@
                 <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>
                 <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>

-               <title>syslog-trusted-timestamp - chain of trusted timestamps for your syslog</title>
-               <link>http://people.skolelinux.org/pere/blog/syslog_trusted_timestamp___chain_of_trusted_timestamps_for_your_syslog.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/syslog_trusted_timestamp___chain_of_trusted_timestamps_for_your_syslog.html</guid>
-                <pubDate>Fri, 1 Apr 2016 09:50:00 +0200</pubDate>
-               <description>&lt;p&gt;Two years ago, I had
-&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html&quot;&gt;a
-look at trusted timestamping options available&lt;/a&gt;, and among
-other things noted a still open
-&lt;a href=&quot;https://bugs.debian.org/742553&quot;&gt;bug in the tsget script&lt;/a&gt;
-included in openssl that made it harder than necessary to use openssl
-as a trusted timestamping client.  A few days ago I was told
-&lt;a href=&quot;https::/www.difi.no/&quot;&gt;the Norwegian government office DIFI&lt;/a&gt; is
-close to releasing their own trusted timestamp service, and in the
-process I was happy to learn about a replacement for the tsget script
-using only curl:&lt;/p&gt;
-
-&lt;p&gt;&lt;pre&gt;
-openssl ts -query -data &quot;/etc/shells&quot; -cert -sha256 -no_nonce \
-  | curl -s -H &quot;Content-Type: application/timestamp-query&quot; \
-         --data-binary &quot;@-&quot; http://zeitstempel.dfn.de &gt; etc-shells.tsr
-openssl ts -reply -text -in etc-shells.tsr
-&lt;/pre&gt;&lt;/p&gt;
-
-&lt;p&gt;This produces a binary timestamp file (etc-shells.tsr) which can be
-used to verify that the content of the file /etc/shell with the
-calculated sha256 hash existed at the point in time when the request
-was made.  The last command extract the content of the etc-shells.tsr
-in human readable form.  The idea behind such timestamp is to be able
-to prove using cryptography that the content of a file have not
-changed since the file was stamped.&lt;/p&gt;
-
-&lt;p&gt;To verify that the file on disk match the public key signature in
-the timestamp file, run the following commands.  It make sure you have
-the required certificate for the trusted timestamp service available
-and use it to compare the file content with the timestamp.  In
-production, one should of course use a better method to verify the
-service certificate.&lt;/p&gt;
-
-&lt;p&gt;&lt;pre&gt;
-wget -O ca-cert.txt https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
-openssl ts -verify -data /etc/shells -in etc-shells.tsr -CAfile ca-cert.txt -text
-&lt;/pre&gt;&lt;/p&gt;
-
-&lt;p&gt;Wikipedia have a lot more information about
-&lt;a href=&quot;https://en.wikipedia.org/wiki/Trusted_timestamping&quot;&gt;trusted
-Timestamping&lt;/a&gt; and
-&lt;a href=&quot;https://en.wikipedia.org/wiki/Linked_timestamping&quot;&gt;linked
-timestamping&lt;/a&gt;, and there are several trusted timestamping services
-around, both as commercial services and as free and public services.
-Among the latter is
-&lt;a href=&quot;https://www.pki.dfn.de/zeitstempeldienst/&quot;&gt;the
-zeitstempel.dfn.de service&lt;/a&gt; mentioned above and
-&lt;a href=&quot;https://freetsa.org/&quot;&gt;freetsa.org service&lt;/a&gt; linked to from the
-wikipedia web site.  I believe the DIFI service should show up on
-https://tsa.difi.no, but it is not available to the public at the
-moment.  I hope this will change when it is into production.  The
-&lt;a href=&quot;https://tools.ietf.org/html/rfc3161&quot;&gt;RFC 3161&lt;/a&gt; trusted
-timestamping protocol standard is even implemented in LibreOffice,
-Microsoft Office and Adobe Acrobat, making it possible to verify when
-a document was created.&lt;/p&gt;
-
-&lt;p&gt;I would find it useful to be able to use such trusted timestamp
-service to make it possible to verify that my stored syslog files have
-not been tampered with.  This is not a new idea.  I found one example
-implemented on the Endian network appliances where
-&lt;a href=&quot;http://help.endian.com/entries/21518508-Enabling-Timestamping-on-log-files-&quot;&gt;the
-configuration of such feature was described in 2012&lt;/a&gt;.&lt;/p&gt;
-
-&lt;p&gt;But I could not find any free implementation of such feature when I
-searched, so I decided to try to
-&lt;a href=&quot;https://github.com/petterreinholdtsen/syslog-trusted-timestamp&quot;&gt;build
-a prototype named syslog-trusted-timestamp&lt;/a&gt;.  My idea is to
-generate a timestamp of the old log files after they are rotated, and
-store the timestamp in the new log file just after rotation.  This
-will form a chain that would make it possible to see if any old log
-files are tampered with.  But syslog is bad at handling kilobytes of
-binary data, so I decided to base64 encode the timestamp and add an ID
-and line sequence numbers to the base64 data to make it possible to
-reassemble the timestamp file again.  To use it, simply run it like
-this:
-
-&lt;p&gt;&lt;pre&gt;
-syslog-trusted-timestamp /path/to/list-of-log-files
-&lt;/pre&gt;&lt;/p&gt;
-
-&lt;p&gt;This will send a timestamp from one or more timestamp services (not
-yet decided nor implemented) for each listed file to the syslog using
-logger(1).  To verify the timestamp, the same program is used with the
---verify option:&lt;/p&gt;
-
-&lt;p&gt;&lt;pre&gt;
-syslog-trusted-timestamp --verify /path/to/log-file /path/to/log-with-timestamp
-&lt;/pre&gt;&lt;/p&gt;
-
-&lt;p&gt;The verification step is not yet well designed.  The current
-implementation depend on the file path being unique and unchanging,
-and this is not a solid assumption.  It also uses process number as
-timestamp ID, and this is bound to create ID collisions.  I hope to
-have time to come up with a better way to handle timestamp IDs and
-verification later.&lt;/p&gt;
-
-&lt;p&gt;Please check out
-&lt;a href=&quot;https://github.com/petterreinholdtsen/syslog-trusted-timestamp&quot;&gt;the
-prototype for syslog-trusted-timestamp on github&lt;/a&gt; and send
-suggestions and improvement, or let me know if there already exist a
-similar system for timestamping logs already to allow me to join
-forces with others with the same interest.&lt;/p&gt;
-
-&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
-</description>
-       </item>
-       
-       <item>
-               <title>Full battery stats collector is now available in Debian</title>
-               <link>http://people.skolelinux.org/pere/blog/Full_battery_stats_collector_is_now_available_in_Debian.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Full_battery_stats_collector_is_now_available_in_Debian.html</guid>
-                <pubDate>Wed, 23 Mar 2016 22:10:00 +0100</pubDate>
-               <description>&lt;p&gt;Since this morning, the battery-stats package in Debian include an
-extended collector that will collect the complete battery history for
-later processing and graphing.  The original collector store the
-battery level as percentage of last full level, while the new
-collector also record battery vendor, model, serial number, design
-full level, last full level and current battery level.  This make it
-possible to predict the lifetime of the battery as well as visualise
-the energy flow when the battery is charging or discharging.&lt;/p&gt;
-
-&lt;p&gt;The new tools are available in &lt;tt&gt;/usr/share/battery-stats/&lt;/tt&gt;
-in the version 0.5.1 package in unstable.  Get the new battery level graph
-and lifetime prediction by running:
-
-&lt;p&gt;&lt;pre&gt;
-/usr/share/battery-stats/battery-stats-graph /var/log/battery-stats.csv
-&lt;/pre&gt;&lt;/p&gt;
-
-&lt;p&gt;Or select the &#39;Battery Level Graph&#39; from your application menu.&lt;/p&gt;
-
-&lt;p&gt;The flow in/out of the battery can be seen by running (no menu
-entry yet):&lt;/p&gt;
-
-&lt;p&gt;&lt;pre&gt;
-/usr/share/battery-stats/battery-stats-graph-flow
-&lt;/pre&gt;&lt;/p&gt;
-
-&lt;p&gt;I&#39;m not quite happy with the way the data is visualised, at least
-when there are few data points.  The graphs look a bit better with a
-few years of data.&lt;/p&gt;
-
-&lt;p&gt;A while back one important feature I use in the battery stats
-collector broke in Debian.  The scripts in
-&lt;tt&gt;/usr/lib/pm-utils/power.d/&lt;/tt&gt; were no longer executed.  I
-suspect it happened when Jessie started using systemd, but I do not
-know.  The issue is reported as
-&lt;a href=&quot;https://bugs.debian.org/818649&quot;&gt;bug #818649&lt;/a&gt; against
-pm-utils.  I managed to work around it by adding an udev rule to call
-the collector script every time the power connector is connected and
-disconnected.  With this fix in place it was finally time to make a
-new release of the package, and get it into Debian.&lt;/p&gt;
-
-&lt;p&gt;If you are interested in how your laptop battery is doing, please
-check out the
-&lt;a href=&quot;https://tracker.debian.org/pkg/battery-stats&quot;&gt;battery-stats&lt;/a&gt;
-in Debian unstable, or rebuild it on Jessie to get it working on
-Debian stable. :) The upstream source is available from
-&lt;a href=&quot;https://github.com/petterreinholdtsen/battery-stats&quot;&gt;github&lt;/a&gt;.
-As always, patches are very welcome.&lt;/p&gt;
+               <title>Hyperions magasin Pegasus går for Creative Commons</title>
+               <link>http://people.skolelinux.org/pere/blog/Hyperions_magasin_Pegasus_g_r_for_Creative_Commons.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Hyperions_magasin_Pegasus_g_r_for_Creative_Commons.html</guid>
+                <pubDate>Tue, 22 Nov 2016 13:00:00 +0100</pubDate>
+               <description>&lt;p&gt;For noen dager siden ble jeg tipset av min venn Andreas
+Aanerud om at &lt;a href=&quot;http://magasinetpegasus.no&quot;&gt;magasinet
+Pegasus&lt;/a&gt; skulle ta i bruk
+&lt;a href=&quot;https://creativecommons.org/&quot;&gt;Creative
+Commons&lt;/a&gt;-lisensiering på sine artikler.  Han fortalte at den
+direkte årsaken var at han hadde blitt inspirert av å lese
+&lt;a href=&quot;https://github.com/petterreinholdtsen/free-culture-lessig&quot;&gt;boken
+Fri kultur&lt;/a&gt; og foreslått endringen.  Jeg ble veldig glad for å høre
+dette, da det er det første konkrete tilfellet jeg har hørt om der den
+norske oversettelsen av &lt;a href=&quot;http://www.free-culture.cc/&quot;&gt;
+Lawrence Lessigs bok Free Culture&lt;/a&gt; som jeg ga ut i fjor høst hadde
+fått noen til å ta i bruk Creative Commons.&lt;/p&gt;
+
+&lt;p&gt;Andreas fikk boken av meg som takk for at han inviterte meg til
+&lt;a href=&quot;http://www.gathering.org/&quot;&gt;The Gathering&lt;/a&gt;, og jeg er veldig
+glad for at den falt i smak.  Jeg ble nysgjerrig på hva som var
+bakgrunnen for denne policy-endringen hos Hyperion og han sa seg
+villig til å la seg intervjue til bloggen min. &lt;/p&gt;
+
+&lt;blockquote&gt;
+
+&lt;p&gt;&lt;strong&gt;Hvilke tanker gjorde du deg da boken lå i hånden første
+gang?&lt;/strong&gt;&lt;/p&gt;
+
+&lt;p&gt;Jeg husker da jeg fikk boken, etter en omvisning på The Gathering i
+2016, der jeg var Core Organizer.  The Gathering er jo et sted hvor en
+fremmer delingskultur, i alt fra kode, til løsninger og «hacks», så en
+kan vel si at boken er veldig relevant!&lt;/p&gt;
+
+&lt;p&gt;Mine første tanker om boken, var at den trengte et grafisk løft.
+Selv har jeg dysleksi og er ikke verdens beste i å lese, men for meg
+så skal ikke det bety at jeg ikke klarer å lese.  Jeg har jo også mine
+egne tanker om «Fri kultur», ettersom jeg har jobbet med noen norske
+filmer via NRK og TV2 og nå sitter som en teknisk leder i
+filmavdelingen til Schjærven Reklamebyrå.&lt;/p&gt;
+
+&lt;p&gt;&lt;strong&gt;Har du lest boken, og hva tenker du om den nå?&lt;/strong&gt;&lt;/p&gt;
+
+&lt;p&gt;Jeg har lest boken, og for meg er det jo veldig moro å kunne si at
+Disney var en pirat og nå ha bevisene.  Men det å gå fra Disney via
+RIAA, og så igjennom en jungel av teknikk og programmering og ende opp
+med spørsmålet om vi alle piratkopierer litt, er enda bedre.  For ja,
+boken klarer å få frem en diskusjon om åndsverk på en god måte
+gjennom en samling historier, men den viste meg også et bilde, hvor
+teknologi blir kneblet, og ikke får lov til å utvikle seg, ettersom
+«opphavsrettsinnehaverne» bryr seg mer om sin industri enn om verden
+går fremover.  Ta f.eks. internettradio!  Hvorfor tuller vi med DAB+
+og alt det der, når radio kan være en app på alle telefoner i dag.
+Men den største tanken som jeg satt igjen med, er at vi må få færre
+advokater og flere tenkere som kan dra oss vekk fra de feilene vi er i
+ferd med å ende opp i.&lt;/p&gt;
+
+&lt;p&gt;&lt;strong&gt;Har budskapet i boken påvirker deg og det du holder på
+med?&lt;/strong&gt;&lt;/p&gt;
+
+&lt;p&gt;The Gathering sin moderforening er
+&lt;a href=&quot;http://www.kandu.no/&quot;&gt;KANDU&lt;/a&gt;, som er et stolt medlem av &lt;a
+href=&quot;http://n4f.no/&quot;&gt;Hyperion&lt;/a&gt;.  Hyperion har et mandat igjennom
+sitt interne magasin Pegasus å fremme Hyperion sine
+medlemsarrangementer og kultur. Dette tror jeg er veldig viktig, og en
+av de viktigste virkemidlene det magasinet nå har fått, er pålegget om
+å publisere alt under de forskjellige Creative Commons
+retningslinjer. Grunnen til at Pegasus kan velge fritt blant lisensene
+til Creative Commons er deres bruk av freelancere m.m. som også må få
+sine rettigheter dekket.&lt;/p&gt;
+
+&lt;p&gt;Det er et steg i riktig retning som jeg håper, vil gi lokalaviser,
+nasjonale aviser, bloggere m.m. muligheten til å referere til Pegasus
+sitt innhold uten å måtte be om tillatelse først, som i bunnen vil
+hjelpe oss å spre vår kultur i Hyperion.&lt;/p&gt;
+
+&lt;p&gt;&lt;strong&gt;Hva fikk Pegasus til å vedta retninglinjer om bruk av
+Creative Commons, og hvordan kom dere frem til en slik
+policy?&lt;/strong&gt;&lt;/p&gt;
+
+&lt;p&gt;Dette skjedde på Hyperion sitt landsting, hvor jeg ønsket å fremme
+Creative Commons som en retning som flere mener magasinet burde ta,
+hvordan Pegasus tar det i bruk er mer opp til redaksjonen. Det som var
+trist er at en del har misforstått hva Creative Commons er.  Vi fikk
+en veldig het «debatt» på facebook i etterkant hvor noen blant annet
+mener at dette vedtaket har drept Pegasus.&lt;/p&gt;
+
+&lt;p&gt;Personlig syntes jeg disse reaksjonene er rare, ettersom Pegasus er
+et medlemsmagasin og magasinet sitt mål er å spre vår fantastiske
+kultur.  Jeg mener at Ceative Commons-bruksvilkår på artikler skaper
+en veldig god mulighet til å spre denne kulturen.  Det gjør at større
+og mindre aviser kan låne artikler fra medlemsmagasinet og publisere
+det hos seg, slik at effekten nettopp er fremme vår kultur.&lt;/p&gt;
+
+&lt;p&gt;Jeg gleder meg til å se hvordan redaksjonen håndhever bruken av
+Creative Commons.&lt;/p&gt;
+
+&lt;p&gt;&lt;strong&gt;Hvem tror du kunne ha mest nytte av å lese Fri
+kultur?&lt;/strong&gt;&lt;/p&gt;
+
+&lt;p&gt;Jeg tror at boken Fri kultur bør leses av de som ønsker en debatt
+om nye medier, samt de som jobber med medier og føler seg «truet» av
+utviklingen. Kanskje det kan være et lysglimt om at vi må heller være
+med å utvikle oss, enn å stoppe opp og «beskytte» våre eier-, penge-
+og materielle interesser.&lt;/p&gt;
+
+&lt;p&gt;Spørsmålet for redaksjoner vil vel være om de «tjener» på klikk og
+sine artikler via annonser, i så fall ville jeg tenkt litt rundt
+spredningen.  Nettavisen Digi.no gjorde en analyse i 2015 som var
+veldig fin. Hvor de måtte konkludere med at de fikk ut budskapet
+bedre, men de mistet inntekter på annonsevisning.&lt;/p&gt;
+
+&lt;p&gt;Derfor for et magasin som skal «spre» kultur, så burde Creative
+Commons være en no-brainer, en kunne også kanskje argumentere med at
+NRK også burde gjøre dette, ettersom de ikke lever av reklame, og vi
+betaler for innholdet deres.&lt;/p&gt;
+
+&lt;p&gt;&lt;strong&gt;Kommer du til å anbefale boken til noen du
+kjenner?&lt;/strong&gt;&lt;/p&gt;
+
+&lt;p&gt;Absolutt!  Jeg har faktisk tenkt å gi den videre som en vandrebok,
+til redaksjonen i Pegasus slik at de kan lese den og få noen ider og
+tanker om fri kultur.&lt;/p&gt;
+
+&lt;p&gt;&lt;strong&gt;Du sier at boken klarer å få frem viktig en diskusjon om
+  vern av åndsverk.  Boken er jo skrevet med bakgrunn i USAs
+  Copyright-lovgiving og ikke den norske åndsverksloven.  Hva gjør at
+  du mener boken er relevant for den norske debatten?&lt;/strong&gt;&lt;/p&gt;
+
+&lt;p&gt;En av tingene boken pekte på var tanken om hvor opphavsretten skal
+ligge.  Skal den ligge hos den som skriver sangen, den som fremfører
+eller den som tar opp sangen.  Og når spørsmålet kom tilbake i en
+software-utgave, «hvordan kan Adobe styre opphavsretten i sin eBook
+Publisher» så føler jeg at vi kommer inn på spennende tanker som jeg
+mener vi glemmer i norsk åndsverksdebatt.  USA har rett å slett et
+«større bilde» som kanskje vi kan ta lærdom av.&lt;/p&gt;
+
+&lt;/blockquote&gt;
+
+&lt;p&gt;Jeg er veldig spent på hvordan redaksjonen i Pegasus kommer til å
+ta i bruk Creative Commons, og gleder meg til neste tegn på at
+bokutgivelsen har fått noen til å tenke mer på problemene med dagens
+åndsverksvern.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>UsingQR - &quot;Electronic&quot; paper invoices using JSON and QR codes</title>
-               <link>http://people.skolelinux.org/pere/blog/UsingQR____Electronic__paper_invoices_using_JSON_and_QR_codes.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/UsingQR____Electronic__paper_invoices_using_JSON_and_QR_codes.html</guid>
-                <pubDate>Sat, 19 Mar 2016 09:40:00 +0100</pubDate>
-               <description>&lt;p&gt;Back in 2013 I proposed
-&lt;a href=&quot;http://people.skolelinux.org/pere/blog/_Electronic__paper_invoices___using_vCard_in_a_QR_code.html&quot;&gt;a
-way to make paper and PDF invoices easier to process electronically by
-adding a QR code with the key information about the invoice&lt;/a&gt;.  I
-suggested using vCard field definition, to get some standard format
-for name and address, but any format would work.  I did not do
-anything about the proposal, but hoped someone one day would make
-something like it.  It would make it possible to efficiently send
-machine readable invoices directly between seller and buyer.&lt;/p&gt;
-
-&lt;p&gt;This was the background when I came across a proposal and
-specification from the web based accounting and invoicing supplier
-&lt;a href=&quot;http://www.visma.com/&quot;&gt;Visma&lt;/a&gt; in Sweden called
-&lt;a href=&quot;http://usingqr.com/&quot;&gt;UsingQR&lt;/a&gt;.  Their PDF invoices contain
-a QR code with the key information of the invoice in JSON format.
-This is the typical content of a QR code following the UsingQR
-specification (based on a real world example, some numbers replaced to
-get a more bogus entry).  I&#39;ve reformatted the JSON to make it easier
-to read.  Normally this is all on one long line:&lt;/p&gt;
-
-&lt;p&gt;&lt;img src=&quot;http://people.skolelinux.org/pere/blog/images/2016-03-19-qr-invoice.png&quot; align=&quot;right&quot;&gt;&lt;pre&gt;
-{
- &quot;vh&quot;:500.00,
- &quot;vm&quot;:0,
- &quot;vl&quot;:0,
- &quot;uqr&quot;:1,
- &quot;tp&quot;:1,
- &quot;nme&quot;:&quot;Din Leverandør&quot;,
- &quot;cc&quot;:&quot;NO&quot;,
- &quot;cid&quot;:&quot;997912345 MVA&quot;,
- &quot;iref&quot;:&quot;12300001&quot;,
- &quot;idt&quot;:&quot;20151022&quot;,
- &quot;ddt&quot;:&quot;20151105&quot;,
- &quot;due&quot;:2500.0000,
- &quot;cur&quot;:&quot;NOK&quot;,
- &quot;pt&quot;:&quot;BBAN&quot;,
- &quot;acc&quot;:&quot;17202612345&quot;,
- &quot;bc&quot;:&quot;BIENNOK1&quot;,
- &quot;adr&quot;:&quot;0313 OSLO&quot;
-}
-&lt;/pre&gt;&lt;/p&gt;
-
-&lt;/p&gt;The interpretation of the fields can be found in the
-&lt;a href=&quot;http://usingqr.com/wp-content/uploads/2014/06/UsingQR_specification1.pdf&quot;&gt;format
-specification&lt;/a&gt; (revision 2 from june 2014).  The format seem to
-have most of the information needed to handle accounting and payment
-of invoices, at least the fields I have needed so far here in
-Norway.&lt;/p&gt;
-
-&lt;p&gt;Unfortunately, the site and document do not mention anything about
-the patent, trademark and copyright status of the format and the
-specification.  Because of this, I asked the people behind it back in
-November to clarify.  Ann-Christine Savlid (ann-christine.savlid (at)
-visma.com) replied that Visma had not applied for patent or trademark
-protection for this format, and that there were no copyright based
-usage limitations for the format.  I urged her to make sure this was
-explicitly written on the web pages and in the specification, but
-unfortunately this has not happened yet.  So I guess if there is
-submarine patents, hidden trademarks or a will to sue for copyright
-infringements, those starting to use the UsingQR format might be at
-risk, but if this happen there is some legal defense in the fact that
-the people behind the format claimed it was safe to do so.  At least
-with patents, there is always
-&lt;a href=&quot;http://www.paperspecs.com/paper-news/beware-the-qr-code-patent-trap/&quot;&gt;a
-chance of getting sued...&lt;/a&gt;&lt;/p&gt;
-
-&lt;p&gt;I also asked if they planned to maintain the format in an
-independent standard organization to give others more confidence that
-they would participate in the standardization process on equal terms
-with Visma, but they had no immediate plans for this.  Their plan was
-to work with banks to try to get more users of the format, and
-evaluate the way forward if the format proved to be popular.  I hope
-they conclude that using an open standard organisation like
-&lt;a href=&quot;http://www.ietf.org/&quot;&gt;IETF&lt;/a&gt; is the correct place to
-maintain such specification.&lt;/p&gt;
-
-&lt;p&gt;&lt;strong&gt;Update 2016-03-20&lt;/strong&gt;: Via Twitter I became aware of
-&lt;a href=&quot;https://news.ycombinator.com/item?id=11319492&quot;&gt;some comments
-about this blog post&lt;/a&gt; that had several useful links and references to
-similar systems.  In the Czech republic, the Czech Banking Association
-standard #26, with short name SPAYD, uses QR codes with payment
-information.  More information is available from the Wikipedia page on
-&lt;a href=&quot;https://en.wikipedia.org/wiki/Short_Payment_Descriptor&quot;&gt;Short
-Payment Descriptor&lt;/a&gt;.  And in Germany, there is a system named
-&lt;a href=&quot;http://www.bezahlcode.de/&quot;&gt;BezahlCode&lt;/a&gt;,
-(&lt;a href=&quot;http://www.bezahlcode.de/wp-content/uploads/BezahlCode_TechDok.pdf&quot;&gt;specification
-v1.8 2013-12-05 available as PDF&lt;/a&gt;), which uses QR codes with
-URL-like formatting using &quot;bank:&quot; as the URI schema/protocol to
-provide the payment information.  There is also the
-&lt;a href=&quot;http://www.ferd-net.de/front_content.php?idcat=231&quot;&gt;ZUGFeRD&lt;/a&gt;
-file format that perhaps could be transfered using QR codes, but I am
-not sure if it is done already.  Last, in Bolivia there are reports
-that tax information since november 2014 need to be printed in QR
-format on invoices.  I have not been able to track down a
-specification for this format, because of my limited language skill
-sets.&lt;/p&gt;
+               <title>Coz profiler for multi-threaded software is now in Debian</title>
+               <link>http://people.skolelinux.org/pere/blog/Coz_profiler_for_multi_threaded_software_is_now_in_Debian.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Coz_profiler_for_multi_threaded_software_is_now_in_Debian.html</guid>
+                <pubDate>Sun, 13 Nov 2016 12:30:00 +0100</pubDate>
+               <description>&lt;p&gt;&lt;a href=&quot;http://coz-profiler.org/&quot;&gt;The Coz profiler&lt;/a&gt;, a nice
+profiler able to run benchmarking experiments on the instrumented
+multi-threaded program, finally
+&lt;a href=&quot;https://tracker.debian.org/pkg/coz-profiler&quot;&gt;made it into
+Debian unstable yesterday&lt;/A&gt;.  Lluís Vilanova and I have spent many
+months since
+&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Coz_can_help_you_find_bottlenecks_in_multi_threaded_software___nice_free_software.html&quot;&gt;I
+blogged about the coz tool&lt;/a&gt; in August working with upstream to make
+it suitable for Debian.  There are still issues with clang
+compatibility, inline assembly only working x86 and minimized
+JavaScript libraries.&lt;/p&gt;
+
+&lt;p&gt;To test it, install &#39;coz-profiler&#39; using apt and run it like this:&lt;/p&gt;
+
+&lt;p&gt;&lt;blockquote&gt;
+&lt;tt&gt;coz run --- /path/to/binary-with-debug-info&lt;/tt&gt;
+&lt;/blockquote&gt;&lt;/p&gt;
+
+&lt;p&gt;This will produce a profile.coz file in the current working
+directory with the profiling information.  This is then given to a
+JavaScript application provided in the package and available from
+&lt;a href=&quot;http://plasma-umass.github.io/coz/&quot;&gt;a project web page&lt;/a&gt;.
+To start the local copy, invoke it in a browser like this:&lt;/p&gt;
+
+&lt;p&gt;&lt;blockquote&gt;
+&lt;tt&gt;sensible-browser /usr/share/coz-profiler/viewer/index.htm&lt;/tt&gt;
+&lt;/blockquote&gt;&lt;/p&gt;
+
+&lt;p&gt;See the project home page and the
+&lt;a href=&quot;https://www.usenix.org/publications/login/summer2016/curtsinger&quot;&gt;USENIX
+;login: article on Coz&lt;/a&gt; for more information on how it is
+working.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Making battery measurements a little easier in Debian</title>
-               <link>http://people.skolelinux.org/pere/blog/Making_battery_measurements_a_little_easier_in_Debian.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Making_battery_measurements_a_little_easier_in_Debian.html</guid>
-                <pubDate>Tue, 15 Mar 2016 15:00:00 +0100</pubDate>
-               <description>&lt;p&gt;Back in September, I blogged about
-&lt;a href=&quot;http://people.skolelinux.org/pere/blog/The_life_and_death_of_a_laptop_battery.html&quot;&gt;the
-system I wrote to collect statistics about my laptop battery&lt;/a&gt;, and
-how it showed the decay and death of this battery (now replaced).  I
-created a simple deb package to handle the collection and graphing,
-but did not want to upload it to Debian as there were already
-&lt;a href=&quot;https://tracker.debian.org/pkg/battery-stats&quot;&gt;a battery-stats
-package in Debian&lt;/a&gt; that should do the same thing, and I did not see
-a point of uploading a competing package when battery-stats could be
-fixed instead.  I reported a few bugs about its non-function, and
-hoped someone would step in and fix it.  But no-one did.&lt;/p&gt;
-
-&lt;p&gt;I got tired of waiting a few days ago, and took matters in my own
-hands.  The end result is that I am now the new upstream developer of
-battery stats (&lt;a href=&quot;https://github.com/petterreinholdtsen/battery-stats&quot;&gt;available from github&lt;/a&gt;) and part of the team maintaining
-battery-stats in Debian, and the package in Debian unstable is finally
-able to collect battery status using the &lt;tt&gt;/sys/class/power_supply/&lt;/tt&gt;
-information provided by the Linux kernel.  If you install the
-battery-stats package from unstable now, you will be able to get a
-graph of the current battery fill level, to get some idea about the
-status of the battery.  The source package build and work just fine in
-Debian testing and stable (and probably oldstable too, but I have not
-tested).  The default graph you get for that system look like this:&lt;/p&gt;
-
-&lt;p align=&quot;center&quot;&gt;&lt;img src=&quot;http://people.skolelinux.org/pere/blog/images/2016-03-15-battery-stats-graph-example.png&quot; width=&quot;70%&quot; align=&quot;center&quot;&gt;&lt;/p&gt;
-
-&lt;p&gt;My plans for the future is to merge my old scripts into the
-battery-stats package, as my old scripts collected a lot more details
-about the battery.  The scripts are merged into the upstream
-battery-stats git repository already, but I am not convinced they work
-yet, as I changed a lot of paths along the way.  Will have to test a
-bit more before I make a new release.&lt;/p&gt;
-
-&lt;p&gt;I will also consider changing the file format slightly, as I
-suspect the way I combine several values into one field might make it
-impossible to know the type of the value when using it for processing
-and graphing.&lt;/p&gt;
-
-&lt;p&gt;If you would like I would like to keep an close eye on your laptop
-battery, check out the battery-stats package in
-&lt;a href=&quot;https://tracker.debian.org/pkg/battery-stats&quot;&gt;Debian&lt;/a&gt; and
-on
-&lt;a href=&quot;https://github.com/petterreinholdtsen/battery-stats&quot;&gt;github&lt;/a&gt;.
-I would love some help to improve the system further.&lt;/p&gt;
+               <title>How to talk with your loved ones in private</title>
+               <link>http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html</guid>
+                <pubDate>Mon, 7 Nov 2016 10:25:00 +0100</pubDate>
+               <description>&lt;p&gt;A few days ago I ran a very biased and informal survey to get an
+idea about what options are being used to communicate with end to end
+encryption with friends and family.  I explicitly asked people not to
+list options only used in a work setting.  The background is the
+uneasy feeling I get when using Signal, a feeling shared by others as
+a blog post from Sander Venima about
+&lt;a href=&quot;https://sandervenema.ch/2016/11/why-i-wont-recommend-signal-anymore/&quot;&gt;why
+he do not recommend Signal anymore&lt;/a&gt; (with
+&lt;a href=&quot;https://news.ycombinator.com/item?id=12883410&quot;&gt;feedback from
+the Signal author available from ycombinator&lt;/a&gt;).  I wanted an
+overview of the options being used, and hope to include those options
+in a less biased survey later on.  So far I have not taken the time to
+look into the individual proposed systems.  They range from text
+sharing web pages, via file sharing and email to instant messaging,
+VOIP and video conferencing.  For those considering which system to
+use, it is also useful to have a look at
+&lt;a href=&quot;https://www.eff.org/secure-messaging-scorecard&quot;&gt;the EFF Secure
+messaging scorecard&lt;/a&gt; which is slightly out of date but still
+provide valuable information.&lt;/p&gt;
+
+&lt;p&gt;So, on to the list.  There were some used by many, some used by a
+few, some rarely used ones and a few mentioned but without anyone
+claiming to use them.  Notice the grouping is in reality quite random
+given the biased self selected set of participants.  First the ones
+used by many:&lt;/p&gt;
+
+&lt;ul&gt;
+
+&lt;li&gt;&lt;a href=&quot;https://whispersystems.org/&quot;&gt;Signal&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;Email w/&lt;a href=&quot;http://openpgp.org/&quot;&gt;OpenPGP&lt;/a&gt; (Enigmail, GPGSuite,etc)&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://www.whatsapp.com/&quot;&gt;Whatsapp&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;IRC w/&lt;a href=&quot;https://otr.cypherpunks.ca/&quot;&gt;OTR&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;XMPP w/&lt;a href=&quot;https://otr.cypherpunks.ca/&quot;&gt;OTR&lt;/a&gt;&lt;/li&gt;
+
+&lt;/ul&gt;
+
+&lt;p&gt;Then the ones used by a few.&lt;/p&gt;
+
+&lt;ul&gt;
+
+&lt;li&gt;&lt;a href=&quot;https://wiki.mumble.info/wiki/Main_Page&quot;&gt;Mumble&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;iMessage (included in iOS from Apple)&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://telegram.org/&quot;&gt;Telegram&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://jitsi.org/&quot;&gt;Jitsi&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://keybase.io/download&quot;&gt;Keybase file&lt;/a&gt;&lt;/li&gt;
+
+&lt;/ul&gt;
+
+&lt;p&gt;Then the ones used by even fewer people&lt;/p&gt;
+
+&lt;ul&gt;
+
+&lt;li&gt;&lt;a href=&quot;https://ring.cx/&quot;&gt;Ring&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://bitmessage.org/&quot;&gt;Bitmessage&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://wire.com/&quot;&gt;Wire&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;VoIP w/&lt;a href=&quot;https://en.wikipedia.org/wiki/ZRTP&quot;&gt;ZRTP&lt;/a&gt; or controlled &lt;a href=&quot;https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol&quot;&gt;SRTP&lt;/a&gt; (e.g using &lt;a href=&quot;https://en.wikipedia.org/wiki/CSipSimple&quot;&gt;CSipSimple&lt;/a&gt;, &lt;a href=&quot;https://en.wikipedia.org/wiki/Linphone&quot;&gt;Linphone&lt;/a&gt;)&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://matrix.org/&quot;&gt;Matrix&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://kontalk.org/&quot;&gt;Kontalk&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://0bin.net/&quot;&gt;0bin&lt;/a&gt; (encrypted pastebin)&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://appear.in&quot;&gt;Appear.in&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://riot.im/&quot;&gt;riot&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://www.wickr.com/&quot;&gt;Wickr Me&lt;/a&gt;&lt;/li&gt;
+
+&lt;/ul&gt;
+
+&lt;p&gt;And finally the ones mentioned by not marked as used by
+anyone. This might be a mistake, perhaps the person adding the entry
+forgot to flag it as used?&lt;/p&gt;
+
+&lt;ul&gt;
+
+&lt;li&gt;Email w/Certificates &lt;a href=&quot;https://en.wikipedia.org/wiki/S/MIME&quot;&gt;S/MIME&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://www.crypho.com/&quot;&gt;Crypho&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://cryptpad.fr/&quot;&gt;CryptPad&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;https://github.com/ricochet-im/ricochet&quot;&gt;ricochet&lt;/a&gt;&lt;/li&gt;
+
+&lt;/ul&gt;
+
+&lt;p&gt;Given the network effect it seem obvious to me that we as a society
+have been divided and conquered by those interested in keeping
+encrypted and secure communication away from the masses.  The
+finishing remarks &lt;a href=&quot;https://vimeo.com/97505679&quot;&gt;from Aral Balkan
+in his talk &quot;Free is a lie&quot;&lt;/a&gt; about the usability of free software
+really come into effect when you want to communicate in private with
+your friends and family.  We can not expect them to allow the
+usability of communication tool to block their ability to talk to
+their loved ones.&lt;/p&gt;
+
+&lt;p&gt;Note for example the option IRC w/OTR.  Most IRC clients do not
+have OTR support, so in most cases OTR would not be an option, even if
+you wanted to.  In my personal experience, about 1 in 20 I talk to
+have a IRC client with OTR.  For private communication to really be
+available, most people to talk to must have the option in their
+currently used client.  I can not simply ask my family to install an
+IRC client.  I need to guide them through a technical multi-step
+process of adding extensions to the client to get them going.  This is
+a non-starter for most.&lt;/p&gt;
+
+&lt;p&gt;I would like to be able to do video phone calls, audio phone calls,
+exchange instant messages and share files with my loved ones, without
+being forced to share with people I do not know.  I do not want to
+share the content of the conversations, and I do not want to share who
+I communicate with or the fact that I communicate with someone.
+Without all these factors in place, my private life is being more or
+less invaded.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Creating, updating and checking debian/copyright semi-automatically</title>
-               <link>http://people.skolelinux.org/pere/blog/Creating__updating_and_checking_debian_copyright_semi_automatically.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Creating__updating_and_checking_debian_copyright_semi_automatically.html</guid>
-                <pubDate>Fri, 19 Feb 2016 15:00:00 +0100</pubDate>
-               <description>&lt;p&gt;Making packages for Debian requires quite a lot of attention to
-details.  And one of the details is the content of the
-debian/copyright file, which should list all relevant licenses used by
-the code in the package in question, preferably in
-&lt;a href=&quot;https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/&quot;&gt;machine
-readable DEP5 format&lt;/a&gt;.&lt;/p&gt;
-
-&lt;p&gt;For large packages with lots of contributors it is hard to write
-and update this file manually, and if you get some detail wrong, the
-package is normally rejected by the ftpmasters.  So getting it right
-the first time around get the package into Debian faster, and save
-both you and the ftpmasters some work..  Today, while trying to figure
-out what was wrong with
-&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686447&quot;&gt;the
-zfsonlinux copyright file&lt;/a&gt;, I decided to spend some time on
-figuring out the options for doing this job automatically, or at least
-semi-automatically.&lt;/p&gt;
-
-&lt;p&gt;Lucikly, there are at least two tools available for generating the
-file based on the code in the source package,
-&lt;tt&gt;&lt;a href=&quot;https://tracker.debian.org/pkg/debmake&quot;&gt;debmake&lt;/a&gt;&lt;/tt&gt;
-and &lt;tt&gt;&lt;a href=&quot;https://tracker.debian.org/pkg/cme&quot;&gt;cme&lt;/a&gt;&lt;/tt&gt;.  I&#39;m
-not sure which one of them came first, but both seem to be able to
-create a sensible draft file.  As far as I can tell, none of them can
-be trusted to get the result just right, so the content need to be
-polished a bit before the file is OK to upload.  I found the debmake
-option in
-&lt;a href=&quot;http://goofying-with-debian.blogspot.com/2014/07/debmake-checking-source-against-dep-5.html&quot;&gt;a
-blog posts from 2014&lt;/a&gt;.
-
-&lt;p&gt;To generate using debmake, use the -cc option:
-
-&lt;p&gt;&lt;pre&gt;
-debmake -cc &gt; debian/copyright
-&lt;/pre&gt;&lt;/p&gt;
-
-&lt;p&gt;Note there are some problems with python and non-ASCII names, so
-this might not be the best option.&lt;/p&gt;
-
-&lt;p&gt;The cme option is based on a config parsing library, and I found
-this approach in
-&lt;a href=&quot;https://ddumont.wordpress.com/2015/04/05/improving-creation-of-debian-copyright-file/&quot;&gt;a
-blog post from 2015&lt;/a&gt;.  To generate using cme, use the &#39;update
-dpkg-copyright&#39; option:
-
-&lt;p&gt;&lt;pre&gt;
-cme update dpkg-copyright
-&lt;/pre&gt;&lt;/p&gt;
-
-&lt;p&gt;This will create or update debian/copyright.  The cme tool seem to
-handle UTF-8 names better than debmake.&lt;/p&gt;
-
-&lt;p&gt;When the copyright file is created, I would also like some help to
-check if the file is correct.  For this I found two good options,
-&lt;tt&gt;debmake -k&lt;/tt&gt; and &lt;tt&gt;license-reconcile&lt;/tt&gt;.  The former seem
-to focus on license types and file matching, and is able to detect
-ineffective blocks in the copyright file.  The latter reports missing
-copyright holders and years, but was confused by inconsistent license
-names (like CDDL vs. CDDL-1.0).  I suspect it is good to use both and
-fix all issues reported by them before uploading.  But I do not know
-if the tools and the ftpmasters agree on what is important to fix in a
-copyright file, so the package might still be rejected.&lt;/p&gt;
-
-&lt;p&gt;The devscripts tool &lt;tt&gt;licensecheck&lt;/tt&gt; deserve mentioning.  It
-will read through the source and try to find all copyright statements.
-It is not comparing the result to the content of debian/copyright, but
-can be useful when verifying the content of the copyright file.&lt;/p&gt;
-
-&lt;p&gt;Are you aware of better tools in Debian to create and update
-debian/copyright file.  Please let me know, or blog about it on
-planet.debian.org.&lt;/p&gt;
-
-&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
-
-&lt;p&gt;&lt;strong&gt;Update 2016-02-20&lt;/strong&gt;: I got a tip from Mike Gabriel
-on how to use licensecheck and cdbs to create a draft copyright file
-
-&lt;p&gt;&lt;pre&gt;
-licensecheck --copyright -r `find * -type f` | \
-  /usr/lib/cdbs/licensecheck2dep5 &gt; debian/copyright.auto
-&lt;/pre&gt;&lt;/p&gt;
-
-&lt;p&gt;He mentioned that he normally check the generated file into the
-version control system to make it easier to discover license and
-copyright changes in the upstream source.  I will try to do the same
-with my packages in the future.&lt;/p&gt;
-
-&lt;p&gt;&lt;strong&gt;Update 2016-02-21&lt;/strong&gt;: The cme author recommended
-against using -quiet for new users, so I removed it from the proposed
-command line.&lt;/p&gt;
+               <title>My own self balancing Lego Segway</title>
+               <link>http://people.skolelinux.org/pere/blog/My_own_self_balancing_Lego_Segway.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/My_own_self_balancing_Lego_Segway.html</guid>
+                <pubDate>Fri, 4 Nov 2016 10:15:00 +0100</pubDate>
+               <description>&lt;p&gt;A while back I received a Gyro sensor for the NXT
+&lt;a href=&quot;mindstorms.lego.com&quot;&gt;Mindstorms&lt;/a&gt; controller as a birthday
+present.  It had been on my wishlist for a while, because I wanted to
+build a Segway like balancing lego robot.  I had already built
+&lt;a href=&quot;http://www.nxtprograms.com/NXT2/segway/&quot;&gt;a simple balancing
+robot&lt;/a&gt; with the kids, using the light/color sensor included in the
+NXT kit as the balance sensor, but it was not working very well.  It
+could balance for a while, but was very sensitive to the light
+condition in the room and the reflective properties of the surface and
+would fall over after a short while.  I wanted something more robust,
+and had
+&lt;a href=&quot;https://www.hitechnic.com/cgi-bin/commerce.cgi?preadd=action&amp;key=NGY1044&quot;&gt;the
+gyro sensor from HiTechnic&lt;/a&gt; I believed would solve it on my
+wishlist for some years before it suddenly showed up as a gift from my
+loved ones. :)&lt;/p&gt;
+
+&lt;p&gt;Unfortunately I have not had time to sit down and play with it
+since then.  But that changed some days ago, when I was searching for
+lego segway information and came across a recipe from HiTechnic for
+building
+&lt;a href=&quot;http://www.hitechnic.com/blog/gyro-sensor/htway/&quot;&gt;the
+HTWay&lt;/a&gt;, a segway like balancing robot.  Build instructions and
+&lt;a href=&quot;https://www.hitechnic.com/upload/786-HTWayC.nxc&quot;&gt;source
+code&lt;/a&gt; was included, so it was just a question of putting it all
+together.  And thanks to the great work of many Debian developers, the
+compiler needed to build the source for the NXT is already included in
+Debian, so I was read to go in less than an hour.  The resulting robot
+do not look very impressive in its simplicity:&lt;/p&gt;
+
+&lt;p align=&quot;center&quot;&gt;&lt;img width=&quot;70%&quot; src=&quot;http://people.skolelinux.org/pere/blog/images/2016-11-04-lego-htway-robot.jpeg&quot;&gt;&lt;/p&gt;
+
+&lt;p&gt;Because I lack the infrared sensor used to control the robot in the
+design from HiTechnic, I had to comment out the last task
+(taskControl).  I simply placed /* and */ around it get the program
+working without that sensor present.  Now it balances just fine until
+the battery status run low:&lt;/p&gt;
+
+&lt;p align=&quot;center&quot;&gt;&lt;video width=&quot;70%&quot; controls=&quot;true&quot;&gt;
+   &lt;source src=&quot;http://people.skolelinux.org/pere/blog/images/2016-11-04-lego-htway-balancing.ogv&quot; type=&quot;video/ogg&quot;&gt;
+&lt;/video&gt;&lt;/p&gt;
+
+&lt;p&gt;Now we would like to teach it how to follow a line and take remote
+control instructions using the included Bluetooth receiver in the NXT.&lt;/p&gt;
+
+&lt;p&gt;If you, like me, love LEGO and want to make sure we find the tools
+they need to work with LEGO in Debian and all our derivative
+distributions like Ubuntu, check out
+&lt;a href=&quot;http://wiki.debian.org/LegoDesigners&quot;&gt;the LEGO designers
+project page&lt;/a&gt; and join the Debian LEGO team.  Personally I own a
+RCX and NXT controller (no EV3), and would like to make sure the
+Debian tools needed to program the systems I own work as they
+should.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Using appstream in Debian to locate packages with firmware and mime type support</title>
-               <link>http://people.skolelinux.org/pere/blog/Using_appstream_in_Debian_to_locate_packages_with_firmware_and_mime_type_support.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Using_appstream_in_Debian_to_locate_packages_with_firmware_and_mime_type_support.html</guid>
-                <pubDate>Thu, 4 Feb 2016 16:40:00 +0100</pubDate>
-               <description>&lt;p&gt;The &lt;a href=&quot;https://wiki.debian.org/DEP-11&quot;&gt;appstream system&lt;/a&gt;
-is taking shape in Debian, and one provided feature is a very
-convenient way to tell you which package to install to make a given
-firmware file available when the kernel is looking for it.  This can
-be done using apt-file too, but that is for someone else to blog
-about. :)&lt;/p&gt;
-
-&lt;p&gt;Here is a small recipe to find the package with a given firmware
-file, in this example I am looking for ctfw-3.2.3.0.bin, randomly
-picked from the set of firmware announced using appstream in Debian
-unstable.  In general you would be looking for the firmware requested
-by the kernel during kernel module loading.  To find the package
-providing the example file, do like this:&lt;/p&gt;
-
-&lt;blockquote&gt;&lt;pre&gt;
-% apt install appstream
-[...]
-% apt update
-[...]
-% appstreamcli what-provides firmware:runtime ctfw-3.2.3.0.bin | \
-  awk &#39;/Package:/ {print $2}&#39;
-firmware-qlogic
-%
-&lt;/pre&gt;&lt;/blockquote&gt;
-
-&lt;p&gt;See &lt;a href=&quot;https://wiki.debian.org/AppStream/Guidelines&quot;&gt;the
-appstream wiki&lt;/a&gt; page to learn how to embed the package metadata in
-a way appstream can use.&lt;/p&gt;
-
-&lt;p&gt;This same approach can be used to find any package supporting a
-given MIME type.  This is very useful when you get a file you do not
-know how to handle.  First find the mime type using &lt;tt&gt;file
---mime-type&lt;/tt&gt;, and next look up the package providing support for
-it.  Lets say you got an SVG file.  Its MIME type is image/svg+xml,
-and you can find all packages handling this type like this:&lt;/p&gt;
-
-&lt;blockquote&gt;&lt;pre&gt;
-% apt install appstream
-[...]
-% apt update
-[...]
-% appstreamcli what-provides mimetype image/svg+xml | \
-  awk &#39;/Package:/ {print $2}&#39;
-bkchem
-phototonic
-inkscape
-shutter
-tetzle
-geeqie
-xia
-pinta
-gthumb
-karbon
-comix
-mirage
-viewnior
-postr
-ristretto
-kolourpaint4
-eog
-eom
-gimagereader
-midori
-%
-&lt;/pre&gt;&lt;/blockquote&gt;
-
-&lt;p&gt;I believe the MIME types are fetched from the desktop file for
-packages providing appstream metadata.&lt;/p&gt;
+               <title>Aktivitetsbånd som beskytter privatsfæren</title>
+               <link>http://people.skolelinux.org/pere/blog/Aktivitetsb_nd_som_beskytter_privatsf_ren.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Aktivitetsb_nd_som_beskytter_privatsf_ren.html</guid>
+                <pubDate>Thu, 3 Nov 2016 09:55:00 +0100</pubDate>
+               <description>&lt;p&gt;Jeg ble så imponert over
+&lt;a href=&quot;https://www.nrk.no/norge/forbrukerradet-mener-aktivitetsarmband-strider-mot-norsk-lov-1.13209079&quot;&gt;dagens
+gladnyhet på NRK&lt;/a&gt;, om at Forbrukerrådet klager inn vilkårene for
+bruk av aktivitetsbånd fra Fitbit, Garmin, Jawbone og Mio til
+Datatilsynet og forbrukerombudet, at jeg sendte følgende brev til
+forbrukerrådet for å uttrykke min støtte:
+
+&lt;blockquote&gt;
+
+&lt;p&gt;Jeg ble veldig glad over å lese at Forbrukerrådet
+&lt;a href=&quot;http://www.forbrukerradet.no/siste-nytt/klager-inn-aktivitetsarmband-for-brudd-pa-norsk-lov/&quot;&gt;klager
+inn flere aktivitetsbånd til Datatilsynet for dårlige vilkår&lt;/a&gt;.  Jeg
+har ønsket meg et aktivitetsbånd som kan måle puls, bevegelse og
+gjerne også andre helserelaterte indikatorer en stund nå.  De eneste
+jeg har funnet i salg gjør, som dere også har oppdaget, graverende
+inngrep i privatsfæren og sender informasjonen ut av huset til folk og
+organisasjoner jeg ikke ønsker å dele aktivitets- og helseinformasjon
+med.  Jeg ønsker et alternativ som &lt;em&gt;ikke&lt;/em&gt; sender informasjon til
+skyen, men derimot bruker
+&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Fri_og__pen_standard__slik_Digistan_ser_det.html&quot;&gt;en
+fritt og åpent standardisert&lt;/a&gt; protokoll (eller i det minste en
+dokumentert protokoll uten patent- og opphavsrettslige
+bruksbegrensinger) til å kommunisere med datautstyr jeg kontrollerer.
+Er jo ikke interessert i å betale noen for å tilrøve seg
+personopplysninger fra meg.  Desverre har jeg ikke funnet noe
+alternativ så langt.&lt;/p&gt;
+
+&lt;p&gt;Det holder ikke å endre på bruksvilkårene for enhetene, slik
+Datatilsynet ofte legger opp til i sin behandling, når de gjør slik
+f.eks. Fitbit (den jeg har sett mest på).  Fitbit krypterer
+informasjonen på enheten og sender den kryptert til leverandøren.  Det
+gjør det i praksis umulig både å sjekke hva slags informasjon som
+sendes over, og umulig å ta imot informasjonen selv i stedet for
+Fitbit.  Uansett hva slags historie som forteller i bruksvilkårene er
+en jo både prisgitt leverandørens godvilje og at de ikke tvinges av
+sitt lands myndigheter til å lyve til sine kunder om hvorvidt
+personopplysninger spres ut over det bruksvilkårene sier.  Det er
+veldokumentert hvordan f.eks. USA tvinger selskaper vha. såkalte
+National security letters til å utlevere personopplysninger samtidig
+som de ikke får lov til å fortelle dette til kundene sine.&lt;/p&gt;
+
+&lt;p&gt;Stå på, jeg er veldig glade for at dere har sett på saken.  Vet
+dere om aktivitetsbånd i salg i dag som ikke tvinger en til å utlevere
+aktivitets- og helseopplysninger med leverandøren?&lt;/p&gt;
+
+&lt;/blockquote&gt;
+
+&lt;p&gt;Jeg håper en konkurrent som respekterer kundenes privatliv klarer å
+nå opp i markedet, slik at det finnes et reelt alternativ for oss som
+har full tillit til at skyleverandører vil prioritere egen inntjening
+og myndighetspålegg langt foran kundenes rett til privatliv.  Jeg har
+ingen tiltro til at Datatilsynet vil kreve noe mer enn at vilkårene
+endres slik at de forklarer eksplisitt i hvor stor grad bruk av
+produktene utraderer privatsfæren til kundene.  Det vil nok gjøre de
+innklagede armbåndene «lovlige», men fortsatt tvinge kundene til å
+dele sine personopplysninger med leverandøren.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Creepy, visualise geotagged social media information - nice free software</title>
-               <link>http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html</guid>
-                <pubDate>Sun, 24 Jan 2016 10:50:00 +0100</pubDate>
-               <description>&lt;p&gt;Most people seem not to realise that every time they walk around
-with the computerised radio beacon known as a mobile phone their
-position is tracked by the phone company and often stored for a long
-time (like every time a SMS is received or sent).  And if their
-computerised radio beacon is capable of running programs (often called
-mobile apps) downloaded from the Internet, these programs are often
-also capable of tracking their location (if the app requested access
-during installation).  And when these programs send out information to
-central collection points, the location is often included, unless
-extra care is taken to not send the location.  The provided
-information is used by several entities, for good and bad (what is
-good and bad, depend on your point of view).  What is certain, is that
-the private sphere and the right to free movement is challenged and
-perhaps even eradicated for those announcing their location this way,
-when they share their whereabouts with private and public
-entities.&lt;/p&gt;
-
-&lt;p align=&quot;center&quot;&gt;&lt;img width=&quot;70%&quot; src=&quot;http://people.skolelinux.org/pere/blog/images/2016-01-24-nice-creepy-desktop-window.png&quot;&gt;&lt;/p&gt;
-
-&lt;p&gt;The phone company logs provide a register of locations to check out
-when one want to figure out what the tracked person was doing.  It is
-unavailable for most of us, but provided to selected government
-officials, company staff, those illegally buying information from
-unfaithful servants and crackers stealing the information.  But the
-public information can be collected and analysed, and a free software
-tool to do so is called
-&lt;a href=&quot;http://www.geocreepy.com/&quot;&gt;Creepy or Cree.py&lt;/a&gt;.  I
-discovered it when I read
-&lt;a href=&quot;http://www.aftenposten.no/kultur/Slik-kan-du-bli-overvaket-pa-Twitter-og-Instagram-uten-a-ane-det-7787884.html&quot;&gt;an
-article about Creepy&lt;/a&gt; in the Norwegian newspaper Aftenposten i
-November 2014, and decided to check if it was available in Debian.
-The python program was in Debian, but
-&lt;a href=&quot;https://tracker.debian.org/pkg/creepy&quot;&gt;the version in
-Debian&lt;/a&gt; was completely broken and practically unmaintained.  I
-uploaded a new version which did not work quite right, but did not
-have time to fix it then.  This Christmas I decided to finally try to
-get Creepy operational in Debian.  Now a fixed version is available in
-Debian unstable and testing, and almost all Debian specific patches
-are now included
-&lt;a href=&quot;https://github.com/jkakavas/creepy&quot;&gt;upstream&lt;/a&gt;.&lt;/p&gt;
-
-&lt;p&gt;The Creepy program visualises geolocation information fetched from
-Twitter, Instagram, Flickr and Google+, and allow one to get a
-complete picture of every social media message posted recently in a
-given area, or track the movement of a given individual across all
-these services.  Earlier it was possible to use the search API of at
-least some of these services without identifying oneself, but these
-days it is impossible.  This mean that to use Creepy, you need to
-configure it to log in as yourself on these services, and provide
-information to them about your search interests.  This should be taken
-into account when using Creepy, as it will also share information
-about yourself with the services.&lt;/p&gt;
-
-&lt;p&gt;The picture above show the twitter messages sent from (or at least
-geotagged with a position from) the city centre of Oslo, the capital
-of Norway.  One useful way to use Creepy is to first look at
-information tagged with an area of interest, and next look at all the
-information provided by one or more individuals who was in the area.
-I tested it by checking out which celebrity provide their location in
-twitter messages by checkout out who sent twitter messages near a
-Norwegian TV station, and next could track their position over time,
-making it possible to locate their home and work place, among other
-things.  A similar technique have been
-&lt;a href=&quot;http://www.buzzfeed.com/maxseddon/does-this-soldiers-instagram-account-prove-russia-is-covertl&quot;&gt;used
-to locate Russian soldiers in Ukraine&lt;/a&gt;, and it is both a powerful
-tool to discover lying governments, and a useful tool to help people
-understand the value of the private information they provide to the
-public.&lt;/p&gt;
-
-&lt;p&gt;The package is not trivial to backport to Debian Stable/Jessie, as
-it depend on several python modules currently missing in Jessie (at
-least python-instagram, python-flickrapi and
-python-requests-toolbelt).&lt;/p&gt;
-
-&lt;p&gt;(I have uploaded
-&lt;a href=&quot;https://screenshots.debian.net/package/creepy&quot;&gt;the image to
-screenshots.debian.net&lt;/a&gt; and licensed it under the same terms as the
-Creepy program in Debian.)&lt;/p&gt;
+               <title>Experience and updated recipe for using the Signal app without a mobile phone</title>
+               <link>http://people.skolelinux.org/pere/blog/Experience_and_updated_recipe_for_using_the_Signal_app_without_a_mobile_phone.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Experience_and_updated_recipe_for_using_the_Signal_app_without_a_mobile_phone.html</guid>
+                <pubDate>Mon, 10 Oct 2016 11:30:00 +0200</pubDate>
+               <description>&lt;p&gt;In July
+&lt;a href=&quot;http://people.skolelinux.org/pere/blog/How_to_use_the_Signal_app_if_you_only_have_a_land_line__ie_no_mobile_phone_.html&quot;&gt;I
+wrote how to get the Signal Chrome/Chromium app working&lt;/a&gt; without
+the ability to receive SMS messages (aka without a cell phone).  It is
+time to share some experiences and provide an updated setup.&lt;/p&gt;
+
+&lt;p&gt;The Signal app have worked fine for several months now, and I use
+it regularly to chat with my loved ones.  I had a major snag at the
+end of my summer vacation, when the the app completely forgot my
+setup, identity and keys.  The reason behind this major mess was
+running out of disk space.  To avoid that ever happening again I have
+started storing everything in &lt;tt&gt;userdata/&lt;/tt&gt; in git, to be able to
+roll back to an earlier version if the files are wiped by mistake.  I
+had to use it once after introducing the git backup.  When rolling
+back to an earlier version, one need to use the &#39;reset session&#39; option
+in Signal to get going, and notify the people you talk with about the
+problem.  I assume there is some sequence number tracking in the
+protocol to detect rollback attacks.  The git repository is rather big
+(674 MiB so far), but I have not tried to figure out if some of the
+content can be added to a .gitignore file due to lack of spare
+time.&lt;/p&gt;
+
+&lt;p&gt;I&#39;ve also hit the 90 days timeout blocking, and noticed that this
+make it impossible to send messages using Signal.  I could still
+receive them, but had to patch the code with a new timestamp to send.
+I believe the timeout is added by the developers to force people to
+upgrade to the latest version of the app, even when there is no
+protocol changes, to reduce the version skew among the user base and
+thus try to keep the number of support requests down.&lt;/p&gt;
+
+&lt;p&gt;Since my original recipe, the Signal source code changed slightly,
+making the old patch fail to apply cleanly.  Below is an updated
+patch, including the shell wrapper I use to start Signal.  The
+original version required a new user to locate the JavaScript console
+and call a function from there.  I got help from a friend with more
+JavaScript knowledge than me to modify the code to provide a GUI
+button instead.  This mean that to get started you just need to run
+the wrapper and click the &#39;Register without mobile phone&#39; to get going
+now.  I&#39;ve also modified the timeout code to always set it to 90 days
+in the future, to avoid having to patch the code regularly.&lt;/p&gt;
+
+&lt;p&gt;So, the updated recipe for Debian Jessie:&lt;/p&gt;
+
+&lt;ol&gt;
+
+&lt;li&gt;First, install required packages to get the source code and the
+browser you need.  Signal only work with Chrome/Chromium, as far as I
+know, so you need to install it.
+
+&lt;pre&gt;
+apt install git tor chromium
+git clone https://github.com/WhisperSystems/Signal-Desktop.git
+&lt;/pre&gt;&lt;/li&gt;
+
+&lt;li&gt;Modify the source code using command listed in the the patch
+block below.&lt;/li&gt;
+
+&lt;li&gt;Start Signal using the run-signal-app wrapper (for example using
+&lt;tt&gt;`pwd`/run-signal-app&lt;/tt&gt;).
+
+&lt;li&gt;Click on the &#39;Register without mobile phone&#39;, will in a phone
+number you can receive calls to the next minute, receive the
+verification code and enter it into the form field and press
+&#39;Register&#39;.  Note, the phone number you use will be user Signal
+username, ie the way others can find you on Signal.&lt;/li&gt;
+
+&lt;li&gt;You can now use Signal to contact others.  Note, new contacts do
+not show up in the contact list until you restart Signal, and there is
+no way to assign names to Contacts.  There is also no way to create or
+update chat groups.  I suspect this is because the web app do not have
+a associated contact database.&lt;/li&gt;
+
+&lt;/ol&gt;
+
+&lt;p&gt;I am still a bit uneasy about using Signal, because of the way its
+main author moxie0 reject federation and accept dependencies to major
+corporations like Google (part of the code is fetched from Google) and
+Amazon (the central coordination point is owned by Amazon).  See for
+example
+&lt;a href=&quot;https://github.com/LibreSignal/LibreSignal/issues/37&quot;&gt;the
+LibreSignal issue tracker&lt;/a&gt; for a thread documenting the authors
+view on these issues.  But the network effect is strong in this case,
+and several of the people I want to communicate with already use
+Signal.  Perhaps we can all move to &lt;a href=&quot;https://ring.cx/&quot;&gt;Ring&lt;/a&gt;
+once it &lt;a href=&quot;https://bugs.debian.org/830265&quot;&gt;work on my
+laptop&lt;/a&gt;?  It already work on Windows and Android, and is included
+in &lt;a href=&quot;https://tracker.debian.org/pkg/ring&quot;&gt;Debian&lt;/a&gt; and
+&lt;a href=&quot;https://launchpad.net/ubuntu/+source/ring&quot;&gt;Ubuntu&lt;/a&gt;, but not
+working on Debian Stable.&lt;/p&gt;
+
+&lt;p&gt;Anyway, this is the patch I apply to the Signal code to get it
+working.  It switch to the production servers, disable to timeout,
+make registration easier and add the shell wrapper:&lt;/p&gt;
+
+&lt;pre&gt;
+cd Signal-Desktop; cat &amp;lt;&amp;lt;EOF | patch -p1
+diff --git a/js/background.js b/js/background.js
+index 24b4c1d..579345f 100644
+--- a/js/background.js
++++ b/js/background.js
+@@ -33,9 +33,9 @@
+         });
+     });
+ 
+-    var SERVER_URL = &#39;https://textsecure-service-staging.whispersystems.org&#39;;
++    var SERVER_URL = &#39;https://textsecure-service-ca.whispersystems.org&#39;;
+     var SERVER_PORTS = [80, 4433, 8443];
+-    var ATTACHMENT_SERVER_URL = &#39;https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com&#39;;
++    var ATTACHMENT_SERVER_URL = &#39;https://whispersystems-textsecure-attachments.s3.amazonaws.com&#39;;
+     var messageReceiver;
+     window.getSocketStatus = function() {
+         if (messageReceiver) {
+diff --git a/js/expire.js b/js/expire.js
+index 639aeae..beb91c3 100644
+--- a/js/expire.js
++++ b/js/expire.js
+@@ -1,6 +1,6 @@
+ ;(function() {
+     &#39;use strict&#39;;
+-    var BUILD_EXPIRATION = 0;
++    var BUILD_EXPIRATION = Date.now() + (90 * 24 * 60 * 60 * 1000);
+ 
+     window.extension = window.extension || {};
+ 
+diff --git a/js/views/install_view.js b/js/views/install_view.js
+index 7816f4f..1d6233b 100644
+--- a/js/views/install_view.js
++++ b/js/views/install_view.js
+@@ -38,7 +38,8 @@
+             return {
+                 &#39;click .step1&#39;: this.selectStep.bind(this, 1),
+                 &#39;click .step2&#39;: this.selectStep.bind(this, 2),
+-                &#39;click .step3&#39;: this.selectStep.bind(this, 3)
++                &#39;click .step3&#39;: this.selectStep.bind(this, 3),
++                &#39;click .callreg&#39;: function() { extension.install(&#39;standalone&#39;) },
+             };
+         },
+         clearQR: function() {
+diff --git a/options.html b/options.html
+index dc0f28e..8d709f6 100644
+--- a/options.html
++++ b/options.html
+@@ -14,7 +14,10 @@
+         &amp;lt;div class=&#39;nav&#39;&gt;
+           &amp;lt;h1&gt;{{ installWelcome }}&amp;lt;/h1&gt;
+           &amp;lt;p&gt;{{ installTagline }}&amp;lt;/p&gt;
+-          &amp;lt;div&gt; &amp;lt;a class=&#39;button step2&#39;&gt;{{ installGetStartedButton }}&amp;lt;/a&gt; &amp;lt;/div&gt;
++          &amp;lt;div&gt; &amp;lt;a class=&#39;button step2&#39;&gt;{{ installGetStartedButton }}&amp;lt;/a&gt;
++          &amp;lt;br&gt; &amp;lt;a class=&quot;button callreg&quot;&gt;Register without mobile phone&amp;lt;/a&gt;
++
++        &amp;lt;/div&gt;
+           &amp;lt;span class=&#39;dot step1 selected&#39;&gt;&amp;lt;/span&gt;
+           &amp;lt;span class=&#39;dot step2&#39;&gt;&amp;lt;/span&gt;
+           &amp;lt;span class=&#39;dot step3&#39;&gt;&amp;lt;/span&gt;
+--- /dev/null   2016-10-07 09:55:13.730181472 +0200
++++ b/run-signal-app   2016-10-10 08:54:09.434172391 +0200
+@@ -0,0 +1,12 @@
++#!/bin/sh
++set -e
++cd $(dirname $0)
++mkdir -p userdata
++userdata=&quot;`pwd`/userdata&quot;
++if [ -d &quot;$userdata&quot; ] &amp;&amp; [ ! -d &quot;$userdata/.git&quot; ] ; then
++    (cd $userdata &amp;&amp; git init)
++fi
++(cd $userdata &amp;&amp; git add . &amp;&amp; git commit -m &quot;Current status.&quot; || true)
++exec chromium \
++  --proxy-server=&quot;socks://localhost:9050&quot; \
++  --user-data-dir=$userdata --load-and-launch-app=`pwd`
+EOF
+chmod a+rx run-signal-app
+&lt;/pre&gt;
+
+&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&amp;label=PetterReinholdtsenBlog&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Always download Debian packages using Tor - the simple recipe</title>
-               <link>http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</guid>
-                <pubDate>Fri, 15 Jan 2016 00:30:00 +0100</pubDate>
-               <description>&lt;p&gt;During his DebConf15 keynote, Jacob Appelbaum
-&lt;a href=&quot;https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/&quot;&gt;observed
-that those listening on the Internet lines would have good reason to
-believe a computer have a given security hole&lt;/a&gt; if it download a
-security fix from a Debian mirror.  This is a good reason to always
-use encrypted connections to the Debian mirror, to make sure those
-listening do not know which IP address to attack.  In August, Richard
-Hartmann observed that encryption was not enough, when it was possible
-to interfere download size to security patches or the fact that
-download took place shortly after a security fix was released, and
-&lt;a href=&quot;http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/&quot;&gt;proposed
-to always use Tor to download packages from the Debian mirror&lt;/a&gt;.  He
-was not the first to propose this, as the
-&lt;tt&gt;&lt;a href=&quot;https://tracker.debian.org/pkg/apt-transport-tor&quot;&gt;apt-transport-tor&lt;/a&gt;&lt;/tt&gt;
-package by Tim Retout already existed to make it easy to convince apt
-to use &lt;a href=&quot;https://www.torproject.org/&quot;&gt;Tor&lt;/a&gt;, but I was not
-aware of that package when I read the blog post from Richard.&lt;/p&gt;
-
-&lt;p&gt;Richard discussed the idea with Peter Palfrader, one of the Debian
-sysadmins, and he set up a Tor hidden service on one of the central
-Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
-it possible to download packages directly between two tor nodes,
-making sure the network traffic always were encrypted.&lt;/p&gt;
-
-&lt;p&gt;Here is a short recipe for enabling this on your machine, by
-installing &lt;tt&gt;apt-transport-tor&lt;/tt&gt; and replacing http and https
-urls with tor+http and tor+https, and using the hidden service instead
-of the official Debian mirror site.  I recommend installing
-&lt;tt&gt;etckeeper&lt;/tt&gt; before you start to have a history of the changes
-done in /etc/.&lt;/p&gt;
-
-&lt;blockquote&gt;&lt;pre&gt;
-apt install apt-transport-tor
-sed -i &#39;s% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%&#39; /etc/apt/sources.list
-sed -i &#39;s% http% tor+http%&#39; /etc/apt/sources.list
-&lt;/pre&gt;&lt;/blockquote&gt;
-
-&lt;p&gt;If you have more sources listed in /etc/apt/sources.list.d/, run
-the sed commands for these too.  The sed command is assuming your are
-using the ftp.debian.org Debian mirror.  Adjust the command (or just
-edit the file manually) to match your mirror.&lt;/p&gt;
-
-&lt;p&gt;This work in Debian Jessie and later.  Note that tools like
-&lt;tt&gt;apt-file&lt;/tt&gt; only recently started using the apt transport
-system, and do not work with these tor+http URLs.  For
-&lt;tt&gt;apt-file&lt;/tt&gt; you need the version currently in experimental,
-which need a recent apt version currently only in unstable.  So if you
-need a working &lt;tt&gt;apt-file&lt;/tt&gt;, this is not for you.&lt;/p&gt;
-
-&lt;p&gt;Another advantage from this change is that your machine will start
-using Tor regularly and at fairly random intervals (every time you
-update the package lists or upgrade or install a new package), thus
-masking other Tor traffic done from the same machine.  Using Tor will
-become normal for the machine in question.&lt;/p&gt;
-
-&lt;p&gt;On &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox&lt;/a&gt;, APT
-is set up by default to use &lt;tt&gt;apt-transport-tor&lt;/tt&gt; when Tor is
-enabled.  It would be great if it was the default on any Debian
-system.&lt;/p&gt;
+               <title>NRKs kildevern når NRK-epost deles med utenlands etterretning?</title>
+               <link>http://people.skolelinux.org/pere/blog/NRKs_kildevern_n_r_NRK_epost_deles_med_utenlands_etterretning_.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/NRKs_kildevern_n_r_NRK_epost_deles_med_utenlands_etterretning_.html</guid>
+                <pubDate>Sat, 8 Oct 2016 08:15:00 +0200</pubDate>
+               <description>&lt;p&gt;NRK
+&lt;a href=&quot;https://nrkbeta.no/2016/09/02/securing-whistleblowers/&quot;&gt;lanserte
+for noen uker siden&lt;/a&gt; en ny
+&lt;a href=&quot;https://www.nrk.no/varsle/&quot;&gt;varslerportal som bruker
+SecureDrop til å ta imot tips&lt;/a&gt; der det er vesentlig at ingen
+utenforstående får vite at NRK er tipset.  Det er et langt steg
+fremover for NRK, og når en leser bloggposten om hva de har tenkt på
+og hvordan løsningen er satt opp virker det som om de har gjort en
+grundig jobb der.  Men det er ganske mye ekstra jobb å motta tips via
+SecureDrop, så varslersiden skriver &quot;Nyhetstips som ikke krever denne
+typen ekstra vern vil vi gjerne ha på nrk.no/03030&quot;, og 03030-siden
+foreslår i tillegg til et webskjema å bruke epost, SMS, telefon,
+personlig oppmøte og brevpost.  Denne artikkelen handler disse andre
+metodene.&lt;/p&gt;
+
+&lt;p&gt;Når en sender epost til en @nrk.no-adresse så vil eposten sendes ut
+av landet til datamaskiner kontrollert av Microsoft.  En kan sjekke
+dette selv ved å slå opp epostleveringsadresse (MX) i DNS.  For NRK er
+dette i dag &quot;nrk-no.mail.protection.outlook.com&quot;.  NRK har som en ser
+valgt å sette bort epostmottaket sitt til de som står bak outlook.com,
+dvs. Microsoft.  En kan sjekke hvor nettverkstrafikken tar veien
+gjennom Internett til epostmottaket vha. programmet
+&lt;tt&gt;traceroute&lt;/tt&gt;, og finne ut hvem som eier en Internett-adresse
+vha. whois-systemet.  Når en gjør dette for epost-trafikk til @nrk.no
+ser en at trafikken fra Norge mot nrk-no.mail.protection.outlook.com
+går via Sverige mot enten Irland eller Tyskland (det varierer fra gang
+til gang og kan endre seg over tid).&lt;/p&gt;
+
+&lt;p&gt;Vi vet fra
+&lt;a href=&quot;https://no.wikipedia.org/wiki/FRA-loven&quot;&gt;introduksjonen av
+FRA-loven&lt;/a&gt; at IP-trafikk som passerer grensen til Sverige avlyttes
+av Försvarets radioanstalt (FRA).  Vi vet videre takket være
+Snowden-bekreftelsene at trafikk som passerer grensen til
+Storbritannia avlyttes av Government Communications Headquarters
+(GCHQ).  I tillegg er er det nettopp lansert et forslag i Norge om at
+forsvarets E-tjeneste skal få avlytte trafikk som krysser grensen til
+Norge. Jeg er ikke kjent med dokumentasjon på at Irland og Tyskland
+gjør det samme.  Poenget er uansett at utenlandsk etterretning har
+mulighet til å snappe opp trafikken når en sender epost til @nrk.no.
+I tillegg er det selvsagt tilgjengelig for Microsoft som er underlagt USAs
+jurisdiksjon og
+&lt;a href=&quot;https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data&quot;&gt;samarbeider
+med USAs etterretning på flere områder&lt;/a&gt;.  De som tipser NRK om
+nyheter via epost kan dermed gå ut fra at det blir kjent for mange
+andre enn NRK at det er gjort.&lt;/p&gt;
+
+&lt;p&gt;Bruk av SMS og telefon registreres av blant annet telefonselskapene
+og er tilgjengelig i følge lov og forskrift for blant annet Politi,
+NAV og Finanstilsynet, i tillegg til IT-folkene hos telefonselskapene
+og deres overordnede.  Hvis innringer eller mottaker bruker
+smarttelefon vil slik kontakt også gjøres tilgjengelig for ulike
+app-leverandører og de som lytter på trafikken mellom telefon og
+app-leverandør, alt etter hva som er installert på telefonene som
+brukes.&lt;/p&gt;
+
+&lt;p&gt;Brevpost kan virke trygt, og jeg vet ikke hvor mye som registreres
+og lagres av postens datastyrte postsorteringssentraler.  Det vil ikke
+overraske meg om det lagres hvor i landet hver konvolutt kommer fra og
+hvor den er adressert, i hvert fall for en kortere periode.  Jeg vet
+heller ikke hvem slik informasjon gjøres tilgjengelig for.  Det kan
+være nok til å ringe inn potensielle kilder når det krysses med hvem
+som kjente til aktuell informasjon og hvor de befant seg (tilgjengelig
+f.eks.  hvis de bærer mobiltelefon eller bor i nærheten).&lt;/p&gt;
+
+&lt;p&gt;Personlig oppmøte hos en NRK-journalist er antagelig det tryggeste,
+men en bør passe seg for å bruke NRK-kantina.  Der bryter de nemlig
+&lt;a href=&quot;http://www.lovdata.no/all/hl-19850524-028.html#14&quot;&gt;Sentralbanklovens
+paragraf 14&lt;/a&gt; og nekter folk å betale med kontanter.  I stedet
+krever de at en varsle sin bankkortutsteder om hvor en befinner seg
+ved å bruke bankkort.  Banktransaksjoner er tilgjengelig for
+bankkortutsteder (det være seg VISA, Mastercard, Nets og/eller en
+bank) i tillegg til politiet og i hvert fall tidligere med Se &amp; Hør
+(via utro tjenere, slik det ble avslørt etter utgivelsen av boken
+«Livet, det forbannede» av Ken B. Rasmussen).  Men hvor mange kjenner
+en NRK-journalist personlig?  Besøk på NRK på Marienlyst krever at en
+registrerer sin ankost elektronisk i besøkssystemet.  Jeg vet ikke hva
+som skjer med det datasettet, men har grunn til å tro at det sendes ut
+SMS til den en skal besøke med navnet som er oppgitt.  Kanskje greit å
+oppgi falskt navn.&lt;/p&gt;
+
+&lt;p&gt;Når så tipset er kommet frem til NRK skal det behandles
+redaksjonelt i NRK.  Der vet jeg via ulike kilder at de fleste
+journalistene bruker lokalt installert programvare, men noen bruker
+Google Docs og andre skytjenester i strid med interne retningslinjer
+når de skriver.  Hvordan vet en hvem det gjelder?  Ikke vet jeg, men
+det kan være greit å spørre for å sjekke at journalisten har tenkt på
+problemstillingen, før en gir et tips.  Og hvis tipset omtales internt
+på epost, er det jo grunn til å tro at også intern eposten vil deles
+med Microsoft og utenlands etterretning, slik tidligere nevnt, men det
+kan hende at det holdes internt i NRKs interne MS Exchange-løsning.
+Men Microsoft ønsker å få alle Exchange-kunder over &quot;i skyen&quot; (eller
+andre folks datamaskiner, som det jo innebærer), så jeg vet ikke hvor
+lenge det i så fall vil vare.&lt;/p&gt;
+
+&lt;p&gt;I tillegg vet en jo at
+&lt;a href=&quot;https://www.nrk.no/ytring/elektronisk-kildevern-i-nrk-1.11941196&quot;&gt;NRK
+har valgt å gi nasjonal sikkerhetsmyndighet (NSM) tilgang til å se på
+intern og ekstern Internett-trafikk&lt;/a&gt; hos NRK ved oppsett av såkalte
+VDI-noder, på tross av
+&lt;a href=&quot;https://www.nrk.no/ytring/bekymring-for-nrks-kildevern-1.11941584&quot;&gt;protester
+fra NRKs journalistlag&lt;/a&gt;.  Jeg vet ikke om den vil kunne snappe opp
+dokumenter som lagres på interne filtjenere eller dokumenter som lages
+i de interne webbaserte publiseringssystemene, men vet at hva noden
+ser etter på nettet kontrolleres av NSM og oppdateres automatisk, slik
+at det ikke gir så mye mening å sjekke hva noden ser etter i dag når
+det kan endres automatisk i morgen.&lt;/p&gt;
+
+&lt;p&gt;Personlig vet jeg ikke om jeg hadde turt tipse NRK hvis jeg satt på
+noe som kunne være en trussel mot den bestående makten i Norge eller
+verden.  Til det virker det å være for mange åpninger for
+utenforstående med andre prioriteter enn NRKs journalistiske fokus.
+Og den største truslen for en varsler er jo om metainformasjon kommer
+på avveie, dvs. informasjon om at en har vært i kontakt med en
+journalist.  Det kan være nok til at en kommer i myndighetenes
+søkelys, og de færreste har nok operasjonell sikkerhet til at vil tåle
+slik flombelysning på sitt privatliv.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Nedlasting fra NRK, som Matroska med undertekster</title>
-               <link>http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Nedlasting_fra_NRK__som_Matroska_med_undertekster.html</guid>
-                <pubDate>Sat, 2 Jan 2016 13:50:00 +0100</pubDate>
-               <description>&lt;p&gt;Det kommer stadig nye løsninger for å ta lagre unna innslag fra NRK
-for å se på det senere.  For en stund tilbake kom jeg over et script
-nrkopptak laget av Ingvar Hagelund.  Han fjernet riktignok sitt script
-etter forespørsel fra Erik Bolstad i NRK, men noen tok heldigvis og
-gjorde det &lt;a href=&quot;https://github.com/liangqi/nrkopptak&quot;&gt;tilgjengelig
-via github&lt;/a&gt;.&lt;/p&gt;
-
-&lt;p&gt;Scriptet kan lagre som MPEG4 eller Matroska, og bake inn
-undertekster i fila på et vis som blant annet VLC forstår.  For å
-bruke scriptet, kopier ned git-arkivet og kjør&lt;/p&gt;
+               <title>Isenkram, Appstream and udev make life as a LEGO builder easier</title>
+               <link>http://people.skolelinux.org/pere/blog/Isenkram__Appstream_and_udev_make_life_as_a_LEGO_builder_easier.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Isenkram__Appstream_and_udev_make_life_as_a_LEGO_builder_easier.html</guid>
+                <pubDate>Fri, 7 Oct 2016 09:50:00 +0200</pubDate>
+               <description>&lt;p&gt;&lt;a href=&quot;http://packages.qa.debian.org/isenkram&quot;&gt;The Isenkram
+system&lt;/a&gt; provide a practical and easy way to figure out which
+packages support the hardware in a given machine.  The command line
+tool &lt;tt&gt;isenkram-lookup&lt;/tt&gt; and the tasksel options provide a
+convenient way to list and install packages relevant for the current
+hardware during system installation, both user space packages and
+firmware packages. The GUI background daemon on the other hand provide
+a pop-up proposing to install packages when a new dongle is inserted
+while using the computer.  For example, if you plug in a smart card
+reader, the system will ask if you want to install &lt;tt&gt;pcscd&lt;/tt&gt; if
+that package isn&#39;t already installed, and if you plug in a USB video
+camera the system will ask if you want to install &lt;tt&gt;cheese&lt;/tt&gt; if
+cheese is currently missing.  This already work just fine.&lt;/p&gt;
+
+&lt;p&gt;But Isenkram depend on a database mapping from hardware IDs to
+package names.  When I started no such database existed in Debian, so
+I made my own data set and included it with the isenkram package and
+made isenkram fetch the latest version of this database from git using
+http.  This way the isenkram users would get updated package proposals
+as soon as I learned more about hardware related packages.&lt;/p&gt;
+
+&lt;p&gt;The hardware is identified using modalias strings.  The modalias
+design is from the Linux kernel where most hardware descriptors are
+made available as a strings that can be matched using filename style
+globbing.  It handle USB, PCI, DMI and a lot of other hardware related
+identifiers.&lt;/p&gt;
+
+&lt;p&gt;The downside to the Isenkram specific database is that there is no
+information about relevant distribution / Debian version, making
+isenkram propose obsolete packages too.  But along came AppStream, a
+cross distribution mechanism to store and collect metadata about
+software packages.  When I heard about the proposal, I contacted the
+people involved and suggested to add a hardware matching rule using
+modalias strings in the specification, to be able to use AppStream for
+mapping hardware to packages.  This idea was accepted and AppStream is
+now a great way for a package to announce the hardware it support in a
+distribution neutral way.  I wrote
+&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Using_appstream_with_isenkram_to_install_hardware_related_packages_in_Debian.html&quot;&gt;a
+recipe on how to add such meta-information&lt;/a&gt; in a blog post last
+December.  If you have a hardware related package in Debian, please
+announce the relevant hardware IDs using AppStream.&lt;/p&gt;
+
+&lt;p&gt;In Debian, almost all packages that can talk to a LEGO Mindestorms
+RCX or NXT unit, announce this support using AppStream.  The effect is
+that when you insert such LEGO robot controller into your Debian
+machine, Isenkram will propose to install the packages needed to get
+it working.  The intention is that this should allow the local user to
+start programming his robot controller right away without having to
+guess what packages to use or which permissions to fix.&lt;/p&gt;
+
+&lt;p&gt;But when I sat down with my son the other day to program our NXT
+unit using his Debian Stretch computer, I discovered something
+annoying.  The local console user (ie my son) did not get access to
+the USB device for programming the unit.  This used to work, but no
+longer in Jessie and Stretch.  After some investigation and asking
+around on #debian-devel, I discovered that this was because udev had
+changed the mechanism used to grant access to local devices.  The
+ConsoleKit mechanism from &lt;tt&gt;/lib/udev/rules.d/70-udev-acl.rules&lt;/tt&gt;
+no longer applied, because LDAP users no longer was added to the
+plugdev group during login.  Michael Biebl told me that this method
+was obsolete and the new method used ACLs instead.  This was good
+news, as the plugdev mechanism is a mess when using a remote user
+directory like LDAP.  Using ACLs would make sure a user lost device
+access when she logged out, even if the user left behind a background
+process which would retain the plugdev membership with the ConsoleKit
+setup.  Armed with this knowledge I moved on to fix the access problem
+for the LEGO Mindstorms related packages.&lt;/p&gt;
+
+&lt;p&gt;The new system uses a udev tag, &#39;uaccess&#39;.  It can either be
+applied directly for a device, or is applied in
+/lib/udev/rules.d/70-uaccess.rules for classes of devices.  As the
+LEGO Mindstorms udev rules did not have a class, I decided to add the
+tag directly in the udev rules files included in the packages.  Here
+is one example.  For the nqc C compiler for the RCX, the
+&lt;tt&gt;/lib/udev/rules.d/60-nqc.rules&lt;/tt&gt; file now look like this:

 
 &lt;p&gt;&lt;pre&gt;
 
 &lt;p&gt;&lt;pre&gt;

-nrkopptak/bin/nrk-opptak k &lt;ahref=&quot;https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-1/episode-1&quot;&gt;https://tv.nrk.no/serie/bmi-turne/MUHH45000115/sesong-1/episode-1&lt;/a&gt;
+SUBSYSTEM==&quot;usb&quot;, ACTION==&quot;add&quot;, ATTR{idVendor}==&quot;0694&quot;, ATTR{idProduct}==&quot;0001&quot;, \
+    SYMLINK+=&quot;rcx-%k&quot;, TAG+=&quot;uaccess&quot;

 &lt;/pre&gt;&lt;/p&gt;
 
 &lt;/pre&gt;&lt;/p&gt;
 

-&lt;p&gt;URL-eksemplet er dagens toppsak på tv.nrk.no.  Argument &#39;k&#39; ber
-scriptet laste ned og lagre som Matroska.  Det finnes en rekke andre
-muligheter for valg av kvalitet og format.&lt;/p&gt;
+&lt;p&gt;The key part is the &#39;TAG+=&quot;uaccess&quot;&#39; at the end.  I suspect all
+packages using plugdev in their /lib/udev/rules.d/ files should be
+changed to use this tag (either directly or indirectly via
+&lt;tt&gt;70-uaccess.rules&lt;/tt&gt;).  Perhaps a lintian check should be created
+to detect this?&lt;/p&gt;
+
+&lt;p&gt;I&#39;ve been unable to find good documentation on the uaccess feature.
+It is unclear to me if the uaccess tag is an internal implementation
+detail like the udev-acl tag used by
+&lt;tt&gt;/lib/udev/rules.d/70-udev-acl.rules&lt;/tt&gt;.  If it is, I guess the
+indirect method is the preferred way.  Michael
+&lt;a href=&quot;https://github.com/systemd/systemd/issues/4288&quot;&gt;asked for more
+documentation from the systemd project&lt;/a&gt; and I hope it will make
+this clearer.  For now I use the generic classes when they exist and
+is already handled by &lt;tt&gt;70-uaccess.rules&lt;/tt&gt;, and add the tag
+directly if no such class exist.&lt;/p&gt;
+
+&lt;p&gt;To learn more about the isenkram system, please check out
+&lt;a href=&quot;http://people.skolelinux.org/pere/blog/tags/isenkram/&quot;&gt;my
+blog posts tagged isenkram&lt;/a&gt;.&lt;/p&gt;
+
+&lt;p&gt;To help out making life for LEGO constructors in Debian easier,
+please join us on our IRC channel
+&lt;a href=&quot;irc://irc.debian.org/%23debian-lego&quot;&gt;#debian-lego&lt;/a&gt; and join
+the &lt;a href=&quot;https://alioth.debian.org/projects/debian-lego/&quot;&gt;Debian
+LEGO team&lt;/a&gt; in the Alioth project we created yesterday.  A mailing
+list is not yet created, but we are working on it. :)&lt;/p&gt;

 
 

-&lt;p&gt;Jeg foretrekker dette scriptet fremfor youtube-dl, som
-&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Hvordan_enkelt_laste_ned_filmer_fra_NRK_med_den__nye__l_sningen.html&quot;&gt;
-nevnt i 2014 støtter NRK&lt;/a&gt; og en rekke andre videokilder, på grunn
-av at nrkopptak samler undertekster og video i en enkelt fil, hvilket
-gjør håndtering enklere på disk.&lt;/p&gt;
+&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&amp;label=PetterReinholdtsenBlog&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
+</description>
+       </item>
+       
+       <item>
+               <title>Aftenposten-redaktøren med lua i hånda</title>
+               <link>http://people.skolelinux.org/pere/blog/Aftenposten_redakt_ren_med_lua_i_h_nda.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Aftenposten_redakt_ren_med_lua_i_h_nda.html</guid>
+                <pubDate>Fri, 9 Sep 2016 11:30:00 +0200</pubDate>
+               <description>&lt;p&gt;En av dagens nyheter er at Aftenpostens redaktør Espen Egil Hansen
+bruker
+&lt;a href=&quot;https://www.nrk.no/kultur/aftenposten-brukar-heile-forsida-pa-facebook-kritikk-1.13126918&quot;&gt;forsiden
+av papiravisen på et åpent brev til Facebooks sjef Mark Zuckerberg om
+Facebooks fjerning av bilder, tekster og sider de ikke liker&lt;/a&gt;.  Det
+må være uvant for redaktøren i avisen Aftenposten å stå med lua i
+handa og håpe på å bli hørt.  Spesielt siden Aftenposten har vært med
+på å gi Facebook makten de nå demonstrerer at de har.  Ved å melde seg
+inn i Facebook-samfunnet har de sagt ja til bruksvilkårene og inngått
+en antagelig bindende avtale.  Kanskje de skulle lest og vurdert
+vilkårene litt nærmere før de sa ja, i stedet for å klage over at
+reglende de har valgt å akseptere blir fulgt?  Personlig synes jeg
+vilkårene er uakseptable og det ville ikke falle meg inn å gå inn på
+en avtale med slike vilkår.  I tillegg til uakseptable vilkår er det
+mange andre grunner til å unngå Facebook.  Du kan finne en solid
+gjennomgang av flere slike argumenter hos
+&lt;a href=&quot;https://stallman.org/facebook.html&quot;&gt;Richard Stallmans side om
+Facebook&lt;/a&gt;.
+
+&lt;p&gt;Jeg håper flere norske redaktører på samme vis må stå med lua i
+hånden inntil de forstår at de selv er med på å føre samfunnet på
+ville veier ved å omfavne Facebook slik de gjør når de omtaler og
+løfter frem saker fra Facebook, og tar i bruk Facebook som
+distribusjonskanal for sine nyheter.  De bidrar til
+overvåkningssamfunnet og raderer ut lesernes privatsfære når de lenker
+til Facebook på sine sider, og låser seg selv inne i en omgivelse der
+det er Facebook, og ikke redaktøren, som sitter med makta.&lt;/p&gt;
+
+&lt;p&gt;Men det vil nok ta tid, i et Norge der de fleste nettredaktører
+&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Snurpenot_overv_kning_av_sensitiv_personinformasjon.html&quot;&gt;deler
+sine leseres personopplysinger med utenlands etterretning&lt;/a&gt;.&lt;/p&gt;
+
+&lt;p&gt;For øvrig burde varsleren Edward Snowden få politisk asyl i
+Norge.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>OpenALPR, find car license plates in video streams - nice free software</title>
-               <link>http://people.skolelinux.org/pere/blog/OpenALPR__find_car_license_plates_in_video_streams___nice_free_software.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/OpenALPR__find_car_license_plates_in_video_streams___nice_free_software.html</guid>
-                <pubDate>Wed, 23 Dec 2015 01:00:00 +0100</pubDate>
-               <description>&lt;p&gt;When I was a kid, we used to collect &quot;car numbers&quot;, as we used to
-call the car license plate numbers in those days.  I would write the
-numbers down in my little book and compare notes with the other kids
-to see how many region codes we had seen and if we had seen some
-exotic or special region codes and numbers.  It was a fun game to pass
-time, as we kids have plenty of it.&lt;/p&gt;
-
-&lt;p&gt;A few days I came across
-&lt;a href=&quot;https://github.com/openalpr/openalpr&quot;&gt;the OpenALPR
-project&lt;/a&gt;, a free software project to automatically discover and
-report license plates in images and video streams, and provide the
-&quot;car numbers&quot; in a machine readable format.  I&#39;ve been looking for
-such system for a while now, because I believe it is a bad idea that the
-&lt;a href=&quot;https://en.wikipedia.org/wiki/Automatic_number_plate_recognition&quot;&gt;automatic
-number plate recognition&lt;/a&gt; tool only is available in the hands of
-the powerful, and want it to be available also for the powerless to
-even the score when it comes to surveillance and sousveillance.  I
-discovered the developer
-&lt;a href=&quot;https://bugs.debian.org/747509&quot;&gt;wanted to get the tool into
-Debian&lt;/a&gt;, and as I too wanted it to be in Debian, I volunteered to
-help him get it into shape to get the package uploaded into the Debian
-archive.&lt;/p&gt;
-
-&lt;p&gt;Today we finally managed to get the package into shape and uploaded
-it into Debian, where it currently
-&lt;a href=&quot;https://ftp-master.debian.org//new/openalpr_2.2.1-1.html&quot;&gt;waits
-in the NEW queue&lt;/a&gt; for review by the Debian ftpmasters.&lt;/p&gt;
-
-&lt;p&gt;I guess you are wondering why on earth such tool would be useful
-for the common folks, ie those not running a large government
-surveillance system?  Well, I plan to put it in a computer on my bike
-and in my car, tracking the cars nearby and allowing me to be notified
-when number plates on my watch list are discovered.  Another use case
-was suggested by a friend of mine, who wanted to set it up at his home
-to open the car port automatically when it discovered the plate on his
-car.  When I mentioned it perhaps was a bit foolhardy to allow anyone
-capable of placing his license plate number of a piece of cardboard to
-open his car port, men replied that it was always unlocked anyway.  I
-guess for such use case it make sense.  I am sure there are other use
-cases too, for those with imagination and a vision.&lt;/p&gt;
-
-&lt;p&gt;If you want to build your own version of the Debian package, check
-out the upstream git source and symlink ./distros/debian to ./debian/
-before running &quot;debuild&quot; to build the source.  Or wait a bit until the
-package show up in unstable.&lt;/p&gt;
+               <title>E-tjenesten ber om innsyn i eposten til partiene på Stortinget</title>
+               <link>http://people.skolelinux.org/pere/blog/E_tjenesten_ber_om_innsyn_i_eposten_til_partiene_p__Stortinget.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/E_tjenesten_ber_om_innsyn_i_eposten_til_partiene_p__Stortinget.html</guid>
+                <pubDate>Tue, 6 Sep 2016 23:00:00 +0200</pubDate>
+               <description>&lt;p&gt;I helga kom det et hårreisende forslag fra Lysne II-utvalget satt
+ned av Forsvarsdepartementet.  Lysne II-utvalget var bedt om å vurdere
+ønskelista til Forsvarets etterretningstjeneste (e-tjenesten), og har
+kommet med
+&lt;a href=&quot;http://www.aftenposten.no/norge/Utvalg-sier-ja-til-at-E-tjenesten-far-overvake-innholdet-i-all-internett--og-telefontrafikk-som-krysser-riksgrensen-603232b.html&quot;&gt;forslag
+om at e-tjenesten skal få lov til a avlytte all Internett-trafikk&lt;/a&gt;
+som passerer Norges grenser.  Få er klar over at dette innebærer at
+e-tjenesten får tilgang til epost sendt til de fleste politiske
+partiene på Stortinget.  Regjeringspartiet Høyre (@hoyre.no),
+støttepartiene Venstre (@venstre.no) og Kristelig Folkeparti (@krf.no)
+samt Sosialistisk Ventreparti (@sv.no) og Miljøpartiet de grønne
+(@mdg.no) har nemlig alle valgt å ta imot eposten sin via utenlandske
+tjenester.  Det betyr at hvis noen sender epost til noen med en slik
+adresse vil innholdet i eposten, om dette forslaget blir vedtatt, gjøres
+tilgjengelig for e-tjenesten.  Venstre, Sosialistisk Ventreparti og
+Miljøpartiet De Grønne har valgt å motta sin epost hos Google,
+Kristelig Folkeparti har valgt å motta sin epost hos Microsoft, og
+Høyre har valgt å motta sin epost hos Comendo med mottak i Danmark og
+Irland.  Kun Arbeiderpartiet og Fremskrittspartiet har valgt å motta
+eposten sin i Norge, hos henholdsvis Intility AS og Telecomputing
+AS.&lt;/p&gt;
+
+&lt;p&gt;Konsekvensen er at epost inn og ut av de politiske organisasjonene,
+til og fra partimedlemmer og partiets tillitsvalgte vil gjøres
+tilgjengelig for e-tjenesten for analyse og sortering.  Jeg mistenker
+at kunnskapen som slik blir tilgjengelig vil være nyttig hvis en
+ønsker å vite hvilke argumenter som treffer publikum når en ønsker å
+påvirke Stortingets representanter.&lt;/p
+
+&lt;p&gt;Ved hjelp av MX-oppslag i DNS for epost-domene, tilhørende
+whois-oppslag av IP-adressene og traceroute for å se hvorvidt
+trafikken går via utlandet kan enhver få bekreftet at epost sendt til
+de omtalte partiene vil gjøres tilgjengelig for forsvarets
+etterretningstjeneste hvis forslaget blir vedtatt.  En kan også bruke
+den kjekke nett-tjenesten &lt;a href=&quot;http://ipinfo.io/&quot;&gt;ipinfo.io&lt;/a&gt;
+for å få en ide om hvor i verden en IP-adresse hører til.&lt;/p&gt;
+
+&lt;p&gt;På den positive siden vil forslaget gjøre at enda flere blir
+motivert til å ta grep for å bruke
+&lt;a href=&quot;https://www.torproject.org/&quot;&gt;Tor&lt;/a&gt; og krypterte
+kommunikasjonsløsninger for å kommunisere med sine kjære, for å sikre
+at privatsfæren vernes.  Selv bruker jeg blant annet
+&lt;a href=&quot;https://www.freedomboxfoundation.org/&quot;&gt;FreedomBox&lt;/a&gt; og
+&lt;a href=&quot;https://whispersystems.org/&quot;&gt;Signal&lt;/a&gt; til slikt.  Ingen av
+dem er optimale, men de fungerer ganske bra allerede og øker kostnaden
+for dem som ønsker å invadere mitt privatliv.&lt;/p&gt;
+
+&lt;p&gt;For øvrig burde varsleren Edward Snowden få politisk asyl i
+Norge.&lt;/p&gt;
+
+&lt;!--
+
+venstre.no
+  venstre.no mail is handled by 10 aspmx.l.google.com.
+  venstre.no mail is handled by 20 alt1.aspmx.l.google.com.
+  venstre.no mail is handled by 20 alt2.aspmx.l.google.com.
+  venstre.no mail is handled by 30 aspmx2.googlemail.com.
+  venstre.no mail is handled by 30 aspmx3.googlemail.com.
+
+traceroute to aspmx.l.google.com (173.194.222.27), 30 hops max, 60 byte packets
+ 1  uio-gw10.uio.no (129.240.6.1)  0.411 ms  0.438 ms  0.536 ms
+ 2  uio-gw8.uio.no (129.240.24.229)  0.375 ms  0.452 ms  0.548 ms
+ 3  oslo-gw1.uninett.no (128.39.65.17)  1.940 ms  1.950 ms  1.942 ms
+ 4  se-tug.nordu.net (109.105.102.108)  6.910 ms  6.949 ms  7.283 ms
+ 5  google-gw.nordu.net (109.105.98.6)  6.975 ms  6.967 ms  6.958 ms
+ 6  209.85.250.192 (209.85.250.192)  7.337 ms  7.286 ms  10.890 ms
+ 7  209.85.254.13 (209.85.254.13)  7.394 ms 209.85.254.31 (209.85.254.31)  7.586 ms 209.85.254.33 (209.85.254.33)  7.570 ms
+ 8  209.85.251.255 (209.85.251.255)  15.686 ms 209.85.249.229 (209.85.249.229)  16.118 ms 209.85.251.255 (209.85.251.255)  16.073 ms
+ 9  74.125.37.255 (74.125.37.255)  16.794 ms 216.239.40.248 (216.239.40.248)  16.113 ms 74.125.37.44 (74.125.37.44)  16.764 ms
+10  * * *
+
+mdg.no
+  mdg.no mail is handled by 1 aspmx.l.google.com.
+  mdg.no mail is handled by 5 alt2.aspmx.l.google.com.
+  mdg.no mail is handled by 5 alt1.aspmx.l.google.com.
+  mdg.no mail is handled by 10 aspmx2.googlemail.com.
+  mdg.no mail is handled by 10 aspmx3.googlemail.com.
+sv.no
+  sv.no mail is handled by 1 aspmx.l.google.com.
+  sv.no mail is handled by 5 alt1.aspmx.l.google.com.
+  sv.no mail is handled by 5 alt2.aspmx.l.google.com.
+  sv.no mail is handled by 10 aspmx3.googlemail.com.
+  sv.no mail is handled by 10 aspmx2.googlemail.com.
+hoyre.no
+  hoyre.no mail is handled by 10 hoyre-no.mx1.comendosystems.com.
+  hoyre.no mail is handled by 20 hoyre-no.mx2.comendosystems.net.
+
+traceroute to hoyre-no.mx1.comendosystems.com (89.104.206.4), 30 hops max, 60 byte packets
+ 1  uio-gw10.uio.no (129.240.6.1)  0.450 ms  0.510 ms  0.591 ms
+ 2  uio-gw8.uio.no (129.240.24.229)  0.383 ms  0.508 ms  0.596 ms
+ 3  oslo-gw1.uninett.no (128.39.65.17)  0.311 ms  0.315 ms  0.300 ms
+ 4  se-tug.nordu.net (109.105.102.108)  6.837 ms  6.842 ms  6.834 ms
+ 5  dk-uni.nordu.net (109.105.97.10)  26.073 ms  26.085 ms  26.076 ms
+ 6  dix.1000m.soeborg.ip.comendo.dk (192.38.7.22)  15.372 ms  15.046 ms  15.123 ms
+ 7  89.104.192.65 (89.104.192.65)  15.875 ms  15.990 ms  16.239 ms
+ 8  89.104.192.179 (89.104.192.179)  15.676 ms  15.674 ms  15.664 ms
+ 9  03dm-com.mx1.staysecuregroup.com (89.104.206.4)  15.637 ms * *
+
+krf.no
+  krf.no mail is handled by 10 krf-no.mail.protection.outlook.com.
+
+traceroute to krf-no.mail.protection.outlook.com (213.199.154.42), 30 hops max, 60 byte packets
+ 1  uio-gw10.uio.no (129.240.6.1)  0.401 ms  0.438 ms  0.536 ms
+ 2  uio-gw8.uio.no (129.240.24.229)  11.076 ms  11.120 ms  11.204 ms
+ 3  oslo-gw1.uninett.no (128.39.65.17)  0.232 ms  0.234 ms  0.271 ms
+ 4  se-tug.nordu.net (109.105.102.108)  6.811 ms  6.820 ms  6.815 ms
+ 5  netnod-ix-ge-a-sth-4470.microsoft.com (195.245.240.181)  7.074 ms  7.013 ms  7.061 ms
+ 6  ae1-0.sto-96cbe-1b.ntwk.msn.net (104.44.225.161)  7.227 ms  7.362 ms  7.293 ms
+ 7  be-8-0.ibr01.ams.ntwk.msn.net (104.44.5.7)  41.993 ms  43.334 ms  41.939 ms
+ 8  be-1-0.ibr02.ams.ntwk.msn.net (104.44.4.214)  43.153 ms  43.507 ms  43.404 ms
+ 9  ae3-0.fra-96cbe-1b.ntwk.msn.net (104.44.5.17)  29.897 ms  29.831 ms  29.794 ms
+10  ae10-0.vie-96cbe-1a.ntwk.msn.net (198.206.164.1)  42.309 ms  42.130 ms  41.808 ms
+11  * ae8-0.vie-96cbe-1b.ntwk.msn.net (104.44.227.29)  41.425 ms *
+12  * * *
+
+arbeiderpartiet.no
+  arbeiderpartiet.no mail is handled by 10 mail.intility.com.
+  arbeiderpartiet.no mail is handled by 20 mail2.intility.com.
+
+traceroute to mail.intility.com (188.95.245.87), 30 hops max, 60 byte packets
+ 1  uio-gw10.uio.no (129.240.6.1)  0.486 ms  0.508 ms  0.649 ms
+ 2  uio-gw8.uio.no (129.240.24.229)  0.416 ms  0.508 ms  0.620 ms
+ 3  oslo-gw1.uninett.no (128.39.65.17)  0.276 ms  0.278 ms  0.275 ms
+ 4  te3-1-2.br1.fn3.as2116.net (193.156.90.3)  0.374 ms  0.371 ms  0.416 ms
+ 5  he16-1-1.cr1.san110.as2116.net (195.0.244.234)  3.132 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48)  10.079 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234)  3.353 ms
+ 6  te1-2-0.ar2.ulv89.as2116.net (195.0.243.194)  0.569 ms te5-0-0.ar2.ulv89.as2116.net (195.0.243.192)  0.661 ms  0.653 ms
+ 7  cD2EC45C1.static.as2116.net (193.69.236.210)  0.654 ms  0.615 ms  0.590 ms
+ 8  185.7.132.38 (185.7.132.38)  1.661 ms  1.808 ms  1.695 ms
+ 9  185.7.132.100 (185.7.132.100)  1.793 ms  1.943 ms  1.546 ms
+10  * * *
+
+frp.no
+  frp.no mail is handled by 10 mx03.telecomputing.no.
+  frp.no mail is handled by 20 mx01.telecomputing.no.
+
+traceroute to mx03.telecomputing.no (95.128.105.102), 30 hops max, 60 byte packets
+ 1  uio-gw10.uio.no (129.240.6.1)  0.378 ms  0.402 ms  0.479 ms
+ 2  uio-gw8.uio.no (129.240.24.229)  0.361 ms  0.458 ms  0.548 ms
+ 3  oslo-gw1.uninett.no (128.39.65.17)  0.361 ms  0.352 ms  0.336 ms
+ 4  xe-2-2-0-0.san-peer2.osl.no.ip.tdc.net (193.156.90.16)  0.375 ms  0.366 ms  0.346 ms
+ 5  xe-2-0-2-0.ost-pe1.osl.no.ip.tdc.net (85.19.121.97)  0.780 ms xe-2-0-0-0.ost-pe1.osl.no.ip.tdc.net (85.19.121.101)  0.713 ms xe-2-0-2-0.ost-pe1.osl.no.ip.tdc.net (85.19.121.97)  0.759 ms
+ 6  cpe.xe-0-2-0-100.ost-pe1.osl.no.customer.tdc.net (85.19.26.46)  0.837 ms  0.755 ms  0.759 ms
+ 7  95.128.105.3 (95.128.105.3)  1.050 ms  1.288 ms  1.182 ms
+ 8  mx03.telecomputing.no (95.128.105.102)  0.717 ms  0.703 ms  0.692 ms
+
+--&gt;

 </description>
        </item>
        
 </description>
        </item>