<link>http://people.skolelinux.org/pere/blog/</link>
<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net</title>
+ <link>http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html</guid>
+ <pubDate>Wed, 10 Sep 2014 13:10:00 +0200</pubDate>
+ <description><p>Yesterday, I had the pleasure of attending a talk with the
+<a href="http://www.nuug.no/">Norwegian Unix User Group</a> about
+<a href="http://www.nuug.no/aktiviteter/20140909-sks-keyservers/">the
+OpenPGP keyserver pool sks-keyservers.net</a>, and was very happy to
+learn that there is a large set of publicly available key servers to
+use when looking for peoples public key. So far I have used
+subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former
+were misbehaving, but those days are ended. The servers I have used
+up until yesterday have been slow and some times unavailable. I hope
+those problems are gone now.</p>
+
+<p>Behind the round robin DNS entry of the
+<a href="https://sks-keyservers.net/">sks-keyservers.net</a> service
+there is a pool of more than 100 keyservers which are checked every
+day to ensure they are well connected and up to date. It must be
+better than what I have used so far. :)</p>
+
+<p>Yesterdays speaker told me that the service is the default
+keyserver provided by the default configuration in GnuPG, but this do
+not seem to be used in Debian. Perhaps it should?</p>
+
+<p>Anyway, I've updated my ~/.gnupg/options file to now include this
+line:</p>
+
+<p><blockquote><pre>
+keyserver pool.sks-keyservers.net
+</pre></blockquote></p>
+
+<p>With GnuPG version 2 one can also locate the keyserver using SRV
+entries in DNS. Just for fun, I did just that at work, so now every
+user of GnuPG at the University of Oslo should find a OpenGPG
+keyserver automatically should their need it:</p>
+
+<p><blockquote><pre>
+% host -t srv _pgpkey-http._tcp.uio.no
+_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
+%
+</pre></blockquote></p>
+
+<p>Now if only
+<a href="http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/">the
+HKP lookup protocol</a> supported finding signature paths, I would be
+very happy. It can look up a given key or search for a user ID, but I
+normally do not want that, but to find a trust path from my key to
+another key. Given a user ID or key ID, I would like to find (and
+download) the keys representing a signature path from my key to the
+key in question, to be able to get a trust path between the two keys.
+This is as far as I can tell not possible today. Perhaps something
+for a future version of the protocol?</p>
+</description>
+ </item>
+
<item>
<title>Do you need an agreement with MPEG-LA to publish and broadcast H.264 video in Norway?</title>
<link>http://people.skolelinux.org/pere/blog/Do_you_need_an_agreement_with_MPEG_LA_to_publish_and_broadcast_H_264_video_in_Norway_.html</link>
</description>
</item>
- <item>
- <title>FreedomBox milestone - all packages now in Debian Sid</title>
- <link>http://people.skolelinux.org/pere/blog/FreedomBox_milestone___all_packages_now_in_Debian_Sid.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/FreedomBox_milestone___all_packages_now_in_Debian_Sid.html</guid>
- <pubDate>Tue, 15 Apr 2014 22:10:00 +0200</pubDate>
- <description><p>The <a href="https://wiki.debian.org/FreedomBox">Freedombox
-project</a> is working on providing the software and hardware to make
-it easy for non-technical people to host their data and communication
-at home, and being able to communicate with their friends and family
-encrypted and away from prying eyes. It is still going strong, and
-today a major mile stone was reached.</p>
-
-<p>Today, the last of the packages currently used by the project to
-created the system images were accepted into Debian Unstable. It was
-the freedombox-setup package, which is used to configure the images
-during build and on the first boot. Now all one need to get going is
-the build code from the freedom-maker git repository and packages from
-Debian. And once the freedombox-setup package enter testing, we can
-build everything directly from Debian. :)</p>
-
-<p>Some key packages used by Freedombox are
-<a href="http://packages.qa.debian.org/freedombox-setup">freedombox-setup</a>,
-<a href="http://packages.qa.debian.org/plinth">plinth</a>,
-<a href="http://packages.qa.debian.org/pagekite">pagekite</a>,
-<a href="http://packages.qa.debian.org/tor">tor</a>,
-<a href="http://packages.qa.debian.org/privoxy">privoxy</a>,
-<a href="http://packages.qa.debian.org/owncloud">owncloud</a> and
-<a href="http://packages.qa.debian.org/dnsmasq">dnsmasq</a>. There
-are plans to integrate more packages into the setup. User
-documentation is maintained on the Debian wiki. Please
-<a href="https://wiki.debian.org/FreedomBox/Manual/Jessie">check out
-the manual</a> and help us improve it.</p>
-
-<p>To test for yourself and create boot images with the FreedomBox
-setup, run this on a Debian machine using a user with sudo rights to
-become root:</p>
-
-<p><pre>
-sudo apt-get install git vmdebootstrap mercurial python-docutils \
- mktorrent extlinux virtualbox qemu-user-static binfmt-support \
- u-boot-tools
-git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
- freedom-maker
-make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
-</pre></p>
-
-<p>Root access is needed to run debootstrap and mount loopback
-devices. See the README in the freedom-maker git repo for more
-details on the build. If you do not want all three images, trim the
-make line. Note that the virtualbox-image target is not really
-virtualbox specific. It create a x86 image usable in kvm, qemu,
-vmware and any other x86 virtual machine environment. You might need
-the version of vmdebootstrap in Jessie to get the build working, as it
-include fixes for a race condition with kpartx.</p>
-
-<p>If you instead want to install using a Debian CD and the preseed
-method, boot a Debian Wheezy ISO and use this boot argument to load
-the preseed values:</p>
-
-<p><pre>
-url=<a href="http://www.reinholdtsen.name/freedombox/preseed-jessie.dat">http://www.reinholdtsen.name/freedombox/preseed-jessie.dat</a>
-</pre></p>
-
-<p>I have not tested it myself the last few weeks, so I do not know if
-it still work.</p>
-
-<p>If you wonder how to help, one task you could look at is using
-systemd as the boot system. It will become the default for Linux in
-Jessie, so we need to make sure it is usable on the Freedombox. I did
-a simple test a few weeks ago, and noticed dnsmasq failed to start
-during boot when using systemd. I suspect there are other problems
-too. :) To detect problems, there is a test suite included, which can
-be run from the plinth web interface.</p>
-
-<p>Give it a go and let us know how it goes on the mailing list, and help
-us get the new release published. :) Please join us on
-<a href="irc://irc.debian.org:6667/%23freedombox">IRC (#freedombox on
-irc.debian.org)</a> and
-<a href="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">the
-mailing list</a> if you want to help make this vision come true.</p>
-</description>
- </item>
-
</channel>
</rss>
projects / homepage.git / blobdiff