X-Git-Url: https://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/6f2eff6f2c1badf27a0a32707a40d70c77c7b149..7bffa5c356b3a88331c400dd2668b393736081ce:/blog/index.html?ds=inline diff --git a/blog/index.html b/blog/index.html index 33b50e52e1..339807d5b7 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,30 +20,203 @@
-
Mangler du en skrue, eller har du en skrue løs?
-
4th October 2017
-
Når jeg holder på med ulike prosjekter, så trenger jeg stadig ulike -skruer. Det siste prosjektet jeg holder på med er å lage -en boks til en -HDMI-touch-skjerm som skal brukes med Raspberry Pi. Boksen settes -sammen med skruer og bolter, og jeg har vært i tvil om hvor jeg kan -få tak i de riktige skruene. Clas Ohlson og Jernia i nærheten har -sjelden hatt det jeg trenger. Men her om dagen fikk jeg et fantastisk -tips for oss som bor i Oslo. -Zachariassen Jernvare AS i -Hegermannsgate -23A på Torshov har et fantastisk utvalg, og åpent mellom 09:00 og -17:00. De selger skruer, muttere, bolter, skiver etc i løs vekt, og -så langt har jeg fått alt jeg har lett etter. De har i tillegg det -meste av annen jernvare, som verktøy, lamper, ledninger, etc. Jeg -håper de har nok kunder til å holde det gående lenge, da dette er en -butikk jeg kommer til å besøke ofte. Butikken er et funn å ha i -nabolaget for oss som liker å bygge litt selv. :)

+
Nikita version 0.6 released - free software archive API server
+
10th June 2021
+

I am very pleased to be able to share with you +the +announcement of a new version of the archiving system Nikita +published by its lead developer Thomas Sødring:

+ +

+ +

It is with great pleasure that we can announce a new release of +nikita. Version 0.6 +(https://gitlab.com/OsloMet-ABI/nikita-noark5-core). This +release makes new record keeping functionality available. This really +is a maturity release. Both in terms of functionality but also code. +Considerable effort has gone into refactoring the codebase and +simplifying the code. Notable changes for this release include:

+ +
    + +
  • Significantly improved OData parsing
    • +
  • Support for business specific metadata and national identifiers
    • +
  • Continued implementation of domain model and endpoints
    • +
  • Improved testing
    • +
  • Ability to export and import from arkivstruktur.xml
    • + +
+ +

We are currently in the process of reaching an agreement with an +archive institution to publish their picture archive using nikita with +business specific metadata and we hope that we can share this with you +soon. This is an interesting project as it allows the organisation to +bring an older picture archive back to life while using the original +metadata values stored as business specific metadata. Combined with +OData means the scope and use of the archive is significantly +increased and will showcase both the flexibility and power of +Noark.

+ +

I really think we are approaching a version 1.0 of nikita, even +though there is still a lot of work to be done. The notable work at +the moment is to implement access-control and full text indexing of +documents.

+ +

My sincere thanks to everyone who has contributed to this +release!

+ +

- Thomas

+ +

Release 0.6 2021-06-10 (d1ba5fc7e8bad0cfdce45ac20354b19d10ebbc7b)

+ +
    + +
  • Refactor metadata entity search
    • +
  • Remove redundant security configuration
    • +
  • Make OpenAPI documentation work
    • +
  • Change database structure / inheritance model to a more sensible approach
    • +
  • Make it possible to move entities around the fonds structure
    • +
  • Implemented a number of missing endpoints
    • +
  • Make sure yml files are in sync
    • +
  • Implemented/finalised storing and use of +
      +    
    • Business Specific Metadata
      • +    
    • Norwegian National Identifiers
      • +    
    • Cross Reference
      • +    
    • Keyword
      • +    
    • StorageLocation
      • +    
    • Author
      • +    
    • Screening for relevant objects
      • +    
    • ChangeLog
      • +    
    • EventLog
      • +
    • +
  • Make generation of updated docker image part of successful CI pipeline
    • +
  • Implement pagination for all list requests +
      +    
    • Refactor code to support lists
      • +    
    • Refactor code for readability
      • +    
    • Standardise the controller/service code
      • +
    • +
  • Finalise File->CaseFile expansion and Record->registryEntry/recordNote +expansion
    • +
  • Improved Continuous Integration (CI) approach via gitlab
    • +
  • Changed conversion approach to generate tagged PDF documents
    • +
  • Updated dependencies +
      +    
    • For security reasons
      • +    
    • Brought codebase to spring-boot version 2.5.0
      • +    
    • Remove import of necessary dependencies
      • +    
    • Remove non-used metrics classes
      • +
    • +
  • Added new analysis to CI including
    • +
  • Implemented storing of Keyword
    • +
  • Implemented storing of Screening and ScreeningMetadata
    • +
  • Improved OData support +
      +    
    • Better support for inheritance in queries where applicable
      • +    
    • Brought in more OData tests
      • +    
    • Improved OData/hibernate understanding of queries
      • +    
    • Implement $count, $orderby
      • +    
    • Finalise $top and $skip
      • +    
    • Make sure & is used between query parameters
      • +
    • +
  • Improved Testing in codebase +
      +    
    • A new approach for integration tests to make test more readable
      • +    
    • Introduce tests in parallel with code development for TDD approach
      • +    
    • Remove test that required particular access to storage
      • +
    • +
  • Implement case-handling process from received email to case-handler +
      +    
    • Develop required GUI elements (digital postroom from email)
      • +    
    • Introduced leader, quality control and postroom roles
      • +
    • +
  • Make PUT requests return 200 OK not 201 CREATED
    • +
  • Make DELETE requests return 204 NO CONTENT not 200 OK
    • +
  • Replaced 'oppdatert*' with 'endret*' everywhere to match latest spec
    • +
  • Upgrade Gitlab CI to use python > 3 for CI scripts
    • +
  • Bug fixes +
      +    
    • Fix missing ALLOW
      • +    
    • Fix reading of objects from jar file during start-up
      • +    
    • Reduce the number of warnings in the codebase
      • +    
    • Fix delete problems
      • +    
    • Make better use of cascade for "leaf" objects
      • +    
    • Add missing annotations where relevant
      • +    
    • Remove the use of ETAG for delete
      • +    
    • Fix missing/wrong/broken rels discovered by runtest
      • +    
    • Drop unofficial convertFil (konverterFil) end point
      • +    
    • Fix regex problem for dateTime
      • +    
    • Fix multiple static analysis issues discovered by coverity
      • +    
    • Fix proxy problem when looking for object class names
      • +    
    • Add many missing translated Norwegian to English (internal) +attribute/entity names
      • +    
    • Change UUID generation approach to allow code also set a value
      • +    
    • Fix problem with Part/PartParson
      • +    
    • Fix problem with empty OData search results
      • +    
    • Fix metadata entity domain problem
      • +
    • +
  • General Improvements +
      +    
    • Makes future refactoring easier as coupling is reduced
      • +    
    • Allow some constant variables to be set from property file
      • +    
    • Refactor code to make reflection work better across codebase
      • +    
    • Reduce the number of @Service layer classes used in @Controller +classes
      • +    
    • Be more consistent on naming of similar variable types
      • +    
    • Start printing rels/href if they are applicable
      • +    
    • Cleaner / standardised approach to deleting objects
      • +    
    • Avoid concatenation when using StringBuilder
      • +    
    • Consolidate code to avoid duplication
      • +    
    • Tidy formatting for a more consistent reading style across +similar class files
      • +    
    • Make throw a log.error message not an log.info message
      • +    
    • Make throw print the log value rather than printing in multiple +places
      • +    
    • Add some missing pronom codes
      • +    
    • Fix time formatting issue in Gitlab CI
      • +    
    • Remove stale / unused code
      • +    
    • Use only UUID datatype rather than combination String/UUID for systemID
      • +    
    • Mark variables final and @NotNull where relevant to indicate +intention
      • +
    • +
  • Change Date values to DateTime to maintain compliance with Noark 5 +standard
    • +
  • Domain model improvements using Hypersistence Optimizer +
      +    
    • Move @Transactional from class to methods to avoid borrowing the JDBC Connection unnecessarily
      • +    
    • Fix OneToOne performance issues
      • +    
    • Fix ManyToMany performance issues
      • +    
    • Add missing bidirectional synchronization support
      • +    
    • Fix ManyToMany performance issue
      • +
    • +
  • Make List<> and Set<> use final-keyword to avoid potential problems +during update operations
    • +
  • Changed internal URLs, replaced "hateoas-api" with "api".
    • +
  • Implemented storing of Precedence.
    • +
  • Corrected handling of screening.
    • +
  • Corrected _links collection returned for list of mixed entity types +to match the specific entity.
    • +
  • Improved several internal structures.
    • +
+ +

+ +

If free and open standardized archiving API sound interesting to +you, please contact us on IRC +(#nikita on +irc.oftc.net) or email +(nikita-noark +mailing list).

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: norsk. + Tags: english, noark5, nuug, offentlig innsyn, standard.
@@ -51,64 +224,60 @@ nabolaget for oss som liker å bygge litt selv. :)

-
Visualizing GSM radio chatter using gr-gsm and Hopglass
-
29th September 2017
-

Every mobile phone announce its existence over radio to the nearby -mobile cell towers. And this radio chatter is available for anyone -with a radio receiver capable of receiving them. Details about the -mobile phones with very good accuracy is of course collected by the -phone companies, but this is not the topic of this blog post. The -mobile phone radio chatter make it possible to figure out when a cell -phone is nearby, as it include the SIM card ID (IMSI). By paying -attention over time, one can see when a phone arrive and when it leave -an area. I believe it would be nice to make this information more -available to the general public, to make more people aware of how -their phones are announcing their whereabouts to anyone that care to -listen.

- -

I am very happy to report that we managed to get something -visualizing this information up and running for -Oslo Skaperfestival 2017 -(Oslo Makers Festival) taking place today and tomorrow at Deichmanske -library. The solution is based on the -simple -recipe for listening to GSM chatter I posted a few days ago, and -will show up at the stand of Åpen -Sone from the Computer Science department of the University of -Oslo. The presentation will show the nearby mobile phones (aka -IMSIs) as dots in a web browser graph, with lines to the dot -representing mobile base station it is talking to. It was working in -the lab yesterday, and was moved into place this morning.

- -

We set up a fairly powerful desktop machine using Debian -Buster/Testing with several (five, I believe) RTL2838 DVB-T receivers -connected and visualize the visible cell phone towers using an -English version of -Hopglass. A fairly powerfull machine is needed as the -grgsm_livemon_headless processes from -gr-gsm converting -the radio signal to data packages is quite CPU intensive.

- -

The frequencies to listen to, are identified using a slightly -patched scan-and-livemon (to set the --args values for each receiver), -and the Hopglass data is generated using the -patches -in my meshviewer-output branch. For some reason we could not get -more than four SDRs working. There is also a geographical map trying -to show the location of the base stations, but I believe their -coordinates are hardcoded to some random location in Germany, I -believe. The code should be replaced with code to look up location in -a text file, a sqlite database or one of the online databases -mentioned in -the github -issue for the topic. - -

If this sound interesting, visit the stand at the festival!

+
VLC bittorrent plugin in Bullseye, saved by the bell?
+
1st May 2021
+

Yesterday morning I got a warning call from the Debian quality +control system that +the VLC +bittorrent plugin was due to be removed because of a release +critical bug in one of its dependencies. As you might remember, this +plugin make VLC able to stream videos directly from a bittorrent +source using both torrent files and magnet links, similar to using a +HTTP source. I believe such protocol support is a vital feature in +VLC, allowing efficient streaming from sources such at the almost 7 +million movies in the Internet +Archive.

+ +

The dependency was the unmaintained +libtorrent-rasterbar +package, and the bug in +question blocked its python library from working properly. As I +did not want Bullseye to release without bittorrent support in VLC, I +set out to check out the status, and track down a fix for the problem. +Luckily the issue had already been identified and fixed upstream, +providing everything needed. All I needed to do was to fetch the +Debian git repository, extract and trim the patch from upstream and +apply it to the Debian package for upload.

+ +

The fixed library was uploaded yesterday evening. But that is not +enough to get it into Bullseye, as Debian is currently in package +freeze to prepare for a new next stable release. Only non-critical +packages with +autopkgtest +setup included, in other words able to validate automatically that +the package is working, are allowed to migrate automatically into the +next release at this stage. And the unmaintained libtorrent-rasterbar +lack such testing, and thus needed a manual override. I am happy to +report that such manual override was approved a few minutes ago, thus +increasing significantly the chance of VLC bittorrent streaming being +available out of the box also for Debian/Buster users. A bit too +close shave for my liking, as the Bullseye release is most likely just +a few days away, and this did feel like the package was saved by the +bell. I am so glad the warning email showed up in time for me to +handle the issue, and a big thanks go to the Debian Release team for +the quick feedback on +#debian-release +and their swift +unblocking.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english, personvern, surveillance. + Tags: english, verkidetfri, video.
@@ -116,83 +285,64 @@ issue for the topic.
-
Easier recipe to observe the cell phones around you
-
24th September 2017
-

A little more than a month ago I wrote -how -to observe the SIM card ID (aka IMSI number) of mobile phones talking -to nearby mobile phone base stations using Debian GNU/Linux and a -cheap USB software defined radio, and thus being able to pinpoint -the location of people and equipment (like cars and trains) with an -accuracy of a few kilometer. Since then we have worked to make the -procedure even simpler, and it is now possible to do this without any -manual frequency tuning and without building your own packages.

- -

The gr-gsm -package is now included in Debian testing and unstable, and the -IMSI-catcher code no longer require root access to fetch and decode -the GSM data collected using gr-gsm.

- -

Here is an updated recipe, using packages built by Debian and a git -clone of two python scripts:

- -
    - -
  1. Start with a Debian machine running the Buster version (aka - testing).
    2. - -
  2. Run 'apt install gr-gsm python-numpy python-scipy - python-scapy' as root to install required packages.
    3. - -
  3. Fetch the code decoding GSM packages using 'git clone - github.com/Oros42/IMSI-catcher.git'.
    4. - -
  4. Insert USB software defined radio supported by GNU Radio.
    5. - -
  5. Enter the IMSI-catcher directory and run 'python - scan-and-livemon' to locate the frequency of nearby base - stations and start listening for GSM packages on one of them.
    6. - -
  6. Enter the IMSI-catcher directory and run 'python - simple_IMSI-catcher.py' to display the collected information.
    7. - -
- -

Note, due to a bug somewhere the scan-and-livemon program (actually -its underlying -program grgsm_scanner) do not work with the HackRF radio. It does -work with RTL 8232 and other similar USB radio receivers you can get -very cheaply -(for example -from ebay), so for now the solution is to scan using the RTL radio -and only use HackRF for fetching GSM data.

- -

As far as I can tell, a cell phone only show up on one of the -frequencies at the time, so if you are going to track and count every -cell phone around you, you need to listen to all the frequencies used. -To listen to several frequencies, use the --numrecv argument to -scan-and-livemon to use several receivers. Further, I am not sure if -phones using 3G or 4G will show as talking GSM to base stations, so -this approach might not see all phones around you. I typically see -0-400 IMSI numbers an hour when looking around where I live.

- -

I've tried to run the scanner on a -Raspberry Pi 2 and 3 -running Debian Buster, but the grgsm_livemon_headless process seem -to be too CPU intensive to keep up. When GNU Radio print 'O' to -stdout, I am told there it is caused by a buffer overflow between the -radio and GNU Radio, caused by the program being unable to read the -GSM data fast enough. If you see a stream of 'O's from the terminal -where you started scan-and-livemon, you need a give the process more -CPU power. Perhaps someone are able to optimize the code to a point -where it become possible to set up RPi3 based GSM sniffers? I tried -using Raspbian instead of Debian, but there seem to be something wrong -with GNU Radio on raspbian, causing glibc to abort().

+
Updated Valutakrambod, now also with information from NBX
+
27th February 2021
+

I have neglected the Valutakrambod library for a while, but decided +this weekend to give it a face lift. I fixed a few minor glitches in +several of the service drivers, where the API had changed since I last +looked at the code. I also added support for fetching the order book +from the newcomer Norwegian Bitcoin Exchange.

+ +

I also decided to migrate the project from github to gitlab in the +process. If you want a python library for talking to various currency +exchanges, check out +code for +valutakrambod.

+ +

This is what the output from 'bin/btc-rates-curses -c' +looked like a few minutes ago:

+ +

+           Name Pair           Bid         Ask Spread Ftcd    Age   Freq
+       Bitfinex BTCEUR  39229.0000  39246.0000   0.0%   44     44    nan
+        Bitmynt BTCEUR  39071.0000  41048.9000   4.8%   43     74    nan
+         Bitpay BTCEUR  39326.7000         nan   nan%   39    nan    nan
+       Bitstamp BTCEUR  39398.7900  39417.3200   0.0%    0      0      1
+           Bl3p BTCEUR  39158.7800  39581.9000   1.1%    0    nan      3
+       Coinbase BTCEUR  39197.3100  39621.9300   1.1%   38    nan    nan
+         Kraken+BTCEUR  39432.9000  39433.0000   0.0%    0      0      0
+        Paymium BTCEUR  39437.2100  39499.9300   0.2%    0   2264    nan
+        Bitmynt BTCNOK 409750.9600 420516.8500   2.6%   43     74    nan
+         Bitpay BTCNOK 410332.4000         nan   nan%   39    nan    nan
+       Coinbase BTCNOK 408675.7300 412813.7900   1.0%   38    nan    nan
+        MiraiEx BTCNOK 412174.1800 418396.1500   1.5%   34    nan    nan
+            NBX BTCNOK 405835.9000 408921.4300   0.8%   33    nan    nan
+       Bitfinex BTCUSD  47341.0000  47355.0000   0.0%   44     53    nan
+         Bitpay BTCUSD  47388.5100         nan   nan%   39    nan    nan
+       Coinbase BTCUSD  47153.6500  47651.3700   1.0%   37    nan    nan
+         Gemini BTCUSD  47416.0900  47439.0500   0.0%   36    336    nan
+         Hitbtc BTCUSD  47429.9900  47386.7400  -0.1%    0      0      0
+         Kraken+BTCUSD  47401.7000  47401.8000   0.0%    0      0      0
+  Exchangerates EURNOK     10.4012     10.4012   0.0%   38  76236    nan
+     Norgesbank EURNOK     10.4012     10.4012   0.0%   31  76236    nan
+       Bitstamp EURUSD      1.2030      1.2045   0.1%    2      2      1
+  Exchangerates EURUSD      1.2121      1.2121   0.0%   38  76236    nan
+     Norgesbank USDNOK      8.5811      8.5811   0.0%   31  76236    nan
+

+ +

Yes, I notice the negative spread on Hitbtc. Either I fail to +understand their Websocket API or they are sending bogus data. I've +seen the same with Kraken, and suspect there is something wrong with +the data they send.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english, personvern, surveillance. + Tags: bitcoin, english.
@@ -200,54 +350,124 @@ with GNU Radio on raspbian, causing glibc to abort().

-
Datalagringsdirektivet kaster skygger over Høyre og Arbeiderpartiet
-
7th September 2017
-

For noen dager siden publiserte Jon Wessel-Aas en bloggpost om -«Konklusjonen om datalagring som -EU-kommisjonen ikke ville at vi skulle få se». Det er en -interessant gjennomgang av EU-domstolens syn på snurpenotovervåkning -av befolkningen, som er klar på at det er i strid med -EU-lovgivingen.

- -

Valgkampen går for fullt i Norge, og om noen få dager er siste -frist for å avgi stemme. En ting er sikkert, Høyre og Arbeiderpartiet -får ikke min stemme -denne -gangen heller. Jeg har ikke glemt at de tvang igjennom loven som -skulle pålegge alle data- og teletjenesteleverandører å overvåke alle -sine kunder. En lov som er vedtatt, og aldri opphevet igjen.

- -

Det er tydelig fra diskusjonen rundt grenseløs digital overvåkning -(eller "Digital Grenseforsvar" som det kalles i Orvellisk nytale) at -hverken Høyre og Arbeiderpartiet har noen prinsipielle sperrer mot å -overvåke hele befolkningen, og diskusjonen så langt tyder på at flere -av de andre partiene heller ikke har det. Mange av -de som stemte -for Datalagringsdirektivet i Stortinget (64 fra Arbeiderpartiet, -25 fra Høyre) er fortsatt aktive og argumenterer fortsatt for å radere -vekk mer av innbyggernes privatsfære.

- -

Når myndighetene demonstrerer sin mistillit til folket, tror jeg -folket selv bør legge litt innsats i å verne sitt privatliv, ved å ta -i bruk ende-til-ende-kryptert kommunikasjon med sine kjente og kjære, -og begrense hvor mye privat informasjon som deles med uvedkommende. -Det er jo ingenting som tyder på at myndighetene kommer til å være vår -privatsfære. -Det -er mange muligheter. Selv har jeg litt sans for -Ring, som er basert på p2p-teknologi -uten sentral kontroll, er fri programvare, og støtter meldinger, tale -og video. Systemet er tilgjengelig ut av boksen fra -Debian og -Ubuntu, og det -finnes pakker for Android, MacOSX og Windows. Foreløpig er det få -brukere med Ring, slik at jeg også bruker -Signal som nettleserutvidelse.

+
Boken «Hvordan knuse overvåkningskapitalismen» lanseres på norsk
+
26th January 2021
+

Etter intenst arbeid over mange måneder er endelig den norske +utgaven av «Hvordan knuse overvåkningskapitalismen» av Cory Doctorow +ferdig og klar til å glede millioner av lesere over hele verden. +Følgende pressemelding ble nettopp sendt ut til norske redaksjoner: + +

+ +

Hva gjør stordata med oss, og hvordan gjør algoritmene +«fake news» til realiter?

+ +

Nå foreligger en viktig bok om temaet også på norsk. Boken klargjør +og foreslår hvordan vi selv som enkeltpersoner, men også nasjonalt og +internasjonalt kan bekjempe stordatakonsentrasjonene; +«overvåkingskapitalismen». Boken er «Hvordan knuse +overvåkingskapitalismen» av dr. Cory Doctorow. Den engelske +bokutgivelsen kom for noen dager siden og lanseres med et Webinar +torsdag 2021-01-28. Doctorow besøkte Norge og NUUG i desember med sin +presentasjon Monopoly, Not Mind Control: What's Really Happening With +"Surveillance Capitalism".

+ +

I funn etter funn, eksempel etter eksempel, gjennomgår og +analyserer dr. Doctorow de utfordringer vi møter i større og større +omfang. Ikke bare i USA, men også her hjemme.

+ +

Cory Doctorow er en britisk-kanadisk forfatter, journalist og +aktivist, kjent for sine science fiction-romaner, for arbeidet for +Creative Commons-bevegelsen, og for sine bidrag til reform av +opphavsretten. Han er både æresdoktor og gjesteforeleser i +datavitenskap ved Open University i UK, konsulent for Electronic +Frontier Foundation, og godt kjent for innsiktsfullt å kommentere og +skrive om digital utvikling.

+ +

Boken lanseres nå på norsk, både som ebok og på papir, oversatt av +en dugnadsgjeng ledet av Petter Reinholdtsen.

+ +

Boken reiser noen helt grunnleggende og samfunnskritiske spørsmål: +Hva fører det til når store deler av Internettet domineres av få store +aktører og deres styringsverktøy og algoritmer?

+ +

Som individer bør vi være opptatt at grenser blir satt og håndhevet +- grenser for overvåkning av individet, for utøvelse av kommersiell +og politisk påvirkning, og for monopoldannelser i +dataverdenen. Slik grensesetting styrker personvernet.

+ +

Konkurransetilsynet har ansvaret for at konkurranselovens § 11 skal +forby «et dominerende foretak for utilbørlig å utnytte og misbruke +sin dominerende stilling». Et tilsvarende forbud omfattes også av +EØS-avtalens artikkel 54. Boken går i detalj om serien av +innskrenkninger vi møter i valgfriheten, innskrenkninger som denne +lovgivningen nettopp skal forhindre. Håndhevelse av en slik lovgivning +er også til fordel for mindre næringsdrivende som uten dette får +begrenset sine faktiske eller potensielle muligheter for vekst og +etablering. «Slik atferd kan utgjøre et misbruk og kan ta ulike +former», skriver Konkurransetilsynet.

+ +

Cory Doctorow går i sin bok lengre enn det med sine mange eksempler +på forhold det burde vært grepet inn mot.

+ +

«Boken bør bidra til et sterkere engasjemen fra voktere av +Inter­nettet nasjonalt og internasjonalt - EU medregnet» sier +oversetter Ole-Erik Yrvin og fortsetter: «Vi har derfor +allerede +tatt opp bokens forslag direkte med Distrikts- og +digitaliseringsminister Linda Hofstad Helleland (H) og +Konkurransetilsynet slik at de kan følges opp.»

+ +

«Også Norge bør innta en pådriverrolle i denne utviklingen», sier +Petter Reinholdtsen. «Tiden er knapp, og tilsynsmyndighetene må få +de verktøy og de ressurser de trenger for at vi her hjemme skal oppnå +nødvendige resultater. Dette gjelder ikke bare vår egen generasjon; +det gjelder alle generasjoner fremover», avslutter Petter +Reinholdsen.

+ +

Kontaktinformasjon:

+ +
    + +
  • Ole-Erik Yrvin, oeyrvin (at) gmail.com, +47 46500450
    • + +
  • Petter Reinholdtsen, pere (at) hungry.com
    • + +
+ +

Relevante lenker:

+ +

+ +
+ +

Som vanlig, hvis du bruker Bitcoin og ønsker å vise din støtte til +det jeg driver med, setter jeg pris på om du sender Bitcoin-donasjoner +til min adresse +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b. +Merk, betaling med bitcoin er ikke anonymt. :)

- Tags: dld, norsk, personvern, stortinget, surveillance, valg. + Tags: docbook, norsk.
@@ -255,96 +475,119 @@ brukere med Ring, slik at jeg også bruker
-
Simpler recipe on how to make a simple $7 IMSI Catcher using Debian
-
9th August 2017
-

On friday, I came across an interesting article in the Norwegian -web based ICT news magazine digi.no on -how -to collect the IMSI numbers of nearby cell phones using the cheap -DVB-T software defined radios. The article refered to instructions -and a recipe by -Keld Norman on Youtube on how to make a simple $7 IMSI Catcher, and I decided to test them out.

- -

The instructions said to use Ubuntu, install pip using apt (to -bypass apt), use pip to install pybombs (to bypass both apt and pip), -and the ask pybombs to fetch and build everything you need from -scratch. I wanted to see if I could do the same on the most recent -Debian packages, but this did not work because pybombs tried to build -stuff that no longer build with the most recent openssl library or -some other version skew problem. While trying to get this recipe -working, I learned that the apt->pip->pybombs route was a long detour, -and the only piece of software dependency missing in Debian was the -gr-gsm package. I also found out that the lead upstream developer of -gr-gsm (the name stand for GNU Radio GSM) project already had a set of -Debian packages provided in an Ubuntu PPA repository. All I needed to -do was to dget the Debian source package and built it.

- -

The IMSI collector is a python script listening for packages on the -loopback network device and printing to the terminal some specific GSM -packages with IMSI numbers in them. The code is fairly short and easy -to understand. The reason this work is because gr-gsm include a tool -to read GSM data from a software defined radio like a DVB-T USB stick -and other software defined radios, decode them and inject them into a -network device on your Linux machine (using the loopback device by -default). This proved to work just fine, and I've been testing the -collector for a few days now.

- -

The updated and simpler recipe is thus to

- -
    - -
  1. start with a Debian machine running Stretch or newer,
    2. - -
  2. build and install the gr-gsm package available from -http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/,
    3. - -
  3. clone the git repostory from https://github.com/Oros42/IMSI-catcher,
    4. - -
  4. run grgsm_livemon and adjust the frequency until the terminal -where it was started is filled with a stream of text (meaning you -found a GSM station).
    5. - -
  5. go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.
    6. - -
- -

To make it even easier in the future to get this sniffer up and -running, I decided to package -the gr-gsm project -for Debian (WNPP -#871055), and the package was uploaded into the NEW queue today. -Luckily the gnuradio maintainer has promised to help me, as I do not -know much about gnuradio stuff yet.

- -

I doubt this "IMSI cacher" is anywhere near as powerfull as -commercial tools like -The -Spy Phone Portable IMSI / IMEI Catcher or the -Harris -Stingray, but I hope the existance of cheap alternatives can make -more people realise how their whereabouts when carrying a cell phone -is easily tracked. Seeing the data flow on the screen, realizing that -I live close to a police station and knowing that the police is also -wearing cell phones, I wonder how hard it would be for criminals to -track the position of the police officers to discover when there are -police near by, or for foreign military forces to track the location -of the Norwegian military forces, or for anyone to track the location -of government officials...

- -

It is worth noting that the data reported by the IMSI-catcher -script mentioned above is only a fraction of the data broadcasted on -the GSM network. It will only collect one frequency at the time, -while a typical phone will be using several frequencies, and not all -phones will be using the frequencies tracked by the grgsm_livemod -program. Also, there is a lot of radio chatter being ignored by the -simple_IMSI-catcher script, which would be collected by extending the -parser code. I wonder if gr-gsm can be set up to listen to more than -one frequency?

+
Latest Jami back in Debian Testing, and scriptable using dbus
+
12th January 2021
+

After a lot of hard work by its maintainer Alexandre Viau and +others, the decentralized communication platform +Jami +(earlier known as Ring), managed to get +its latest version +into Debian Testing. Several of its dependencies has caused build and +propagation problems, which all seem to be solved now.

+ +

In addition to the fact that Jami is decentralized, similar to how +bittorrent is decentralized, I first of all like how it is not +connected to external IDs like phone numbers. This allow me to set up +computers to send me notifications using Jami without having to find +get a phone number for each computer. Automatic notification via Jami +is also made trivial thanks to the provided client side API (as a DBus +service). Here is my bourne shell script demonstrating how to let any +system send a message to any Jami address. It will create a new +identity before sending the message, if no Jami identity exist +already:

+ +

+#!/bin/sh
+#
+# Usage: $0  
+#
+# Send  to , create local jami account if
+# missing.
+#
+# License: GPL v2 or later at your choice
+# Author: Petter Reinholdtsen
+
+
+if [ -z "$HOME" ] ; then
+    echo "error: missing \$HOME, required for dbus to work"
+    exit 1
+fi
+
+# First, get dbus running if not already running
+DBUSLAUNCH=/usr/bin/dbus-launch
+PIDFILE=/run/asterisk/dbus-session.pid
+if [ -e $PIDFILE ] ; then
+    . $PIDFILE
+    if ! kill -0 $DBUS_SESSION_BUS_PID 2>/dev/null ; then
+        unset DBUS_SESSION_BUS_ADDRESS
+    fi
+fi
+if [ -z "$DBUS_SESSION_BUS_ADDRESS" ] && [ -x "$DBUSLAUNCH" ]; then
+    DBUS_SESSION_BUS_ADDRESS="unix:path=$HOME/.dbus"
+    dbus-daemon --session --address="$DBUS_SESSION_BUS_ADDRESS" --nofork --nopidfile --syslog-only < /dev/null > /dev/null 2>&1 3>&1 &
+    DBUS_SESSION_BUS_PID=$!
+    (
+        echo DBUS_SESSION_BUS_PID=$DBUS_SESSION_BUS_PID
+        echo DBUS_SESSION_BUS_ADDRESS=\""$DBUS_SESSION_BUS_ADDRESS"\"
+        echo export DBUS_SESSION_BUS_ADDRESS
+    ) > $PIDFILE
+    . $PIDFILE
+fi &
+
+dringop() {
+    part="$1"; shift
+    op="$1"; shift
+    dbus-send --session \
+        --dest="cx.ring.Ring" /cx/ring/Ring/$part cx.ring.Ring.$part.$op $*
+}
+
+dringopreply() {
+    part="$1"; shift
+    op="$1"; shift
+    dbus-send --session --print-reply \
+        --dest="cx.ring.Ring" /cx/ring/Ring/$part cx.ring.Ring.$part.$op $*
+}
+
+firstaccount() {
+    dringopreply ConfigurationManager getAccountList | \
+      grep string | awk -F'"' '{print $2}' | head -n 1
+}
+
+account=$(firstaccount)
+
+if [ -z "$account" ] ; then
+    echo "Missing local account, trying to create it"
+    dringop ConfigurationManager addAccount \
+      dict:string:string:"Account.type","RING","Account.videoEnabled","false"
+    account=$(firstaccount)
+    if [ -z "$account" ] ; then
+        echo "unable to create local account"
+        exit 1
+    fi
+fi
+
+# Not using dringopreply to ensure $2 can contain spaces
+dbus-send --print-reply --session \
+  --dest=cx.ring.Ring \
+  /cx/ring/Ring/ConfigurationManager \
+  cx.ring.Ring.ConfigurationManager.sendTextMessage \
+  string:"$account" string:"$1" \
+  dict:string:string:"text/plain","$2" 
+

+ +

If you want to check it out yourself, visit the +the Jami system project page to learn +more, and install the latest Jami client from Debian Unstable or +Testing.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english, personvern, surveillance. + Tags: debian, english, sikkerhet, surveillance.
@@ -352,37 +595,82 @@ one frequency?

-
Norwegian Bokmål edition of Debian Administrator's Handbook is now available
-
25th July 2017
-

+
Boken «Made with Creative Commons» lanseres på norsk
+
15th November 2020
+

Endelig er den norske utgaven av «Made with Creative Commons» +ferdig og publisert. Følgende pressemelding ble nettopp sendt ut: + +

+ +

Boken «Made with Creative Commons» lanseres på norsk

+ +

«Gjort med Creative Commons» er en bok om gjenbruk, deling og den +digitale allmenningen. Boken omhandler å bygge en forretningsmodell på +åpne verdier, endringene i tankesett og filosofi, og fordelene og +praksisen som kommer med å være «åpen».

+ +

Forfatterne Paul Stacey og Sarah Hinchliff Pearson tar oss med inn +i samtaler med 24 mennesker, prosjekter og organisasjoner som på ulike +måter generere inntekter gjennom deling av sine verk. Som leser får +man innsikt i hvordan alt fra forskere, forfattere, kunstnere og +filmskapere tjener penger basert på åpne forretningsmodeller. En av +referansestudiene i denne boken viser hvordan Blender Animation Studio +lager vakre animasjonsfilmer som de publiserer under en fri lisens, +basert på en plattform som er fri programvare.

+ +

Utover praktiske eksempler på forskjellige forretningsmodeller berører +også boken forskjellen mellom tradisjonelle kommersielle virksomheter og +de som tar utgangspunkt i den globale delingskulturen.

+ +

«Hvis du ønsker å lære mer om digital delingskultur og Creative Commons +er dette en bok som både vil inspirere og gi grunnleggende innsikt» sier +leder av Creative Commons Norge, Christer Solheim Gundersen. «De siste +årene har denne globale bevegelsen sett en betydelig vekst med totalt +over 1,6 milliarder verk med CC-lisens tilgjengelig på nett.» + +Nå er den tilgjengelig på norsk takket være liten gruppe frivillige +entusiaster ledet av Petter Reinholdtsen. «På vegne av Creative Commons +Norge vil jeg takke hver enkelt bidragsyter. Dette prosjektet er i seg +selv et inspirerende eksempel på at delingskulturen også har godt +fotfeste her i Norge.», avslutter Gundersen.

+ +

Boken er selvsagt fritt tilgjengelig under en Creative Commons lisens, +og kan også kjøpes som ebok og papirutgave på blant annet Lulu.com og +Amazon.

+ +

Lenker og kontaktinformasjon

-

I finally received a copy of the Norwegian Bokmål edition of -"The Debian Administrator's -Handbook". This test copy arrived in the mail a few days ago, and -I am very happy to hold the result in my hand. We spent around one and a half year translating it. This paperbook edition -is available -from lulu.com. If you buy it quickly, you save 25% on the list -price. The book is also available for download in electronic form as -PDF, EPUB and Mobipocket, as can be -read online -as a web page.

- -

This is the second book I publish (the first was the book -"Free Culture" by Lawrence Lessig -in -English, -French -and -Norwegian -Bokmål), and I am very excited to finally wrap up this -project. I hope -"Håndbok -for Debian-administratoren" will be well received.

+ + +
+ +

Nå håper jeg bare den får mange lesere, og finner veien under mange +juletrær.

+ +

Som vanlig, hvis du bruker Bitcoin og ønsker å vise din støtte til +det jeg driver med, setter jeg pris på om du sender Bitcoin-donasjoner +til min adresse +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b. +Merk, betaling med bitcoin er ikke anonymt. :)

- Tags: debian, debian-handbook, english. + Tags: docbook, norsk.
@@ -390,50 +678,39 @@ for Debian-administratoren" will be well received.

-
«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet»
-
27th June 2017
-

Jeg kom over teksten -«Killing -car privacy by federal mandate» av Leonid Reyzin på Freedom to -Tinker i dag, og det gleder meg å se en god gjennomgang om hvorfor det -er et urimelig inngrep i privatsfæren å la alle biler kringkaste sin -posisjon og bevegelse via radio. Det omtalte forslaget basert på -Dedicated Short Range Communication (DSRC) kalles Basic Safety Message -(BSM) i USA og Cooperative Awareness Message (CAM) i Europa, og det -norske Vegvesenet er en av de som ser ut til å kunne tenke seg å -pålegge alle biler å fjerne nok en bit av innbyggernes privatsfære. -Anbefaler alle å lese det som står der. - -

Mens jeg tittet litt på DSRC på biler i Norge kom jeg over et sitat -jeg synes er illustrativt for hvordan det offentlige Norge håndterer -problemstillinger rundt innbyggernes privatsfære i SINTEF-rapporten -«Informasjonssikkerhet -i AutoPASS-brikker» av Trond Foss:

- -

-«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig - integritet.» -

- -

Så enkelt kan det tydeligvis gjøres når en vurderer -informasjonssikkerheten. Det holder vel at folkene på toppen kan si -at «Personvernet er ivaretatt», som jo er den populære intetsigende -frasen som gjør at mange tror enkeltindividers integritet tas vare på. -Sitatet fikk meg til å undres på hvor ofte samme tilnærming, å bare se -bort fra behovet for personlig itegritet, blir valgt når en velger å -legge til rette for nok et inngrep i privatsfæren til personer i -Norge. Det er jo sjelden det får reaksjoner. Historien om -reaksjonene på Helse Sør-Østs tjenesteutsetting er jo sørgelig nok et -unntak og toppen av isfjellet, desverre. Tror jeg fortsatt takker nei -til både AutoPASS og holder meg så langt unna det norske helsevesenet -som jeg kan, inntil de har demonstrert og dokumentert at de verdsetter -individets privatsfære og personlige integritet høyere enn kortsiktig -gevist og samfunnsnytte.

+
Buster based Bokmål edition of Debian Administrator's Handbook
+
20th October 2020
+

+ +

I am happy to report that we finally made it! Norwegian Bokmål +became the first translation published on paper of the new Buster +based edition of "The Debian +Administrator's Handbook". The print proof reading copy arrived +some days ago, and it looked good, so now the book is approved for +general distribution. This updated paperback edition is available from +lulu.com. The book is also available for download in electronic +form as PDF, EPUB and Mobipocket, and can also be +read online.

+ +

I am very happy to wrap up this Creative Common licensed project, +which concludes several months of work by several volunteers. The +number of Linux related books published in Norwegian are few, and I +really hope this one will gain many readers, as it is packed with deep +knowledge on Linux and the Debian ecosystem. The book will be +available for various Internet book stores like Amazon and Barnes & +Noble soon, but I recommend buying +"HÃ¥ndbok +for Debian-administratoren" directly from the source at Lulu. + +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: norsk, personvern, sikkerhet. + Tags: debian, debian-handbook, english.
@@ -441,66 +718,33 @@ gevist og samfunnsnytte.

-
Updated sales number for my Free Culture paper editions
-
12th June 2017
-

It is pleasing to see that the work we put down in publishing new -editions of the classic Free -Culture book by the founder of the Creative Commons movement, -Lawrence Lessig, is still being appreciated. I had a look at the -latest sales numbers for the paper edition today. Not too impressive, -but happy to see some buyers still exist. All the revenue from the -books is sent to the Creative -Commons Corporation, and they receive the largest cut if you buy -directly from Lulu. Most books are sold via Amazon, with Ingram -second and only a small fraction directly from Lulu. The ebook -edition is available for free from -Github.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Title / languageQuantity
2016 jan-jun2016 jul-dec2017 jan-may
Culture Libre / French3615
Fri kultur / Norwegian710
Free Culture / English142716
Total243431
- -

A bit sad to see the low sales number on the Norwegian edition, and -a bit surprising the English edition still selling so well.

- -

If you would like to translate and publish the book in your native -language, I would be happy to help make it happen. Please get in -touch.

+
Buster update of Norwegian Bokmål edition of Debian Administrator's Handbook almost done
+
11th September 2020
+

Thanks to the good work of several volunteers, the updated edition +of the Norwegian translation for +"The Debian Administrator's +Handbook" is now almost completed. After many months of proof +reading, I consider the proof reading complete enough for us to move +to the next step, and have asked for the print version to be prepared +and sent of to the print on demand service lulu.com. While it is +still not to late if you find any incorrect translations on +the +hosted Weblate service, but it will be soon. :) You can check out +the Buster +edition on the web until the print edition is ready.

+ +

The book will be for sale on lulu.com and various web book stores, +with links available from the web site for the book linked to above. +I hope a lot of readers find it useful.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: docbook, english, freeculture. + Tags: debian, debian-handbook, english.
@@ -508,59 +752,33 @@ touch.

-
Release 0.1.1 of free software archive system Nikita announced
-
10th June 2017
-

I am very happy to report that the -Nikita Noark 5 -core project tagged its second release today. The free software -solution is an implementation of the Norwegian archive standard Noark -5 used by government offices in Norway. These were the changes in -version 0.1.1 since version 0.1.0 (from NEWS.md): - -

    - -
  • Continued work on the angularjs GUI, including document upload.
    • -
  • Implemented correspondencepartPerson, correspondencepartUnit and - correspondencepartInternal
    • -
  • Applied for coverity coverage and started submitting code on - regualr basis.
    • -
  • Started fixing bugs reported by coverity
    • -
  • Corrected and completed HATEOAS links to make sure entire API is - available via URLs in _links.
    • -
  • Corrected all relation URLs to use trailing slash.
    • -
  • Add initial support for storing data in ElasticSearch.
    • -
  • Now able to receive and store uploaded files in the archive.
    • -
  • Changed JSON output for object lists to have relations in _links.
    • -
  • Improve JSON output for empty object lists.
    • -
  • Now uses correct MIME type application/vnd.noark5-v4+json.
    • -
  • Added support for docker container images.
    • -
  • Added simple API browser implemented in JavaScript/Angular.
    • -
  • Started on archive client implemented in JavaScript/Angular.
    • -
  • Started on prototype to show the public mail journal.
    • -
  • Improved performance by disabling Sprint FileWatcher.
    • -
  • Added support for 'arkivskaper', 'saksmappe' and 'journalpost'.
    • -
  • Added support for some metadata codelists.
    • -
  • Added support for Cross-origin resource sharing (CORS).
    • -
  • Changed login method from Basic Auth to JSON Web Token (RFC 7519) - style.
    • -
  • Added support for GET-ing ny-* URLs.
    • -
  • Added support for modifying entities using PUT and eTag.
    • -
  • Added support for returning XML output on request.
    • -
  • Removed support for English field and class names, limiting ourself - to the official names.
    • -
  • ...
    • - -
- -

If this sound interesting to you, please contact us on IRC (#nikita -on irc.freenode.net) or email -(nikita-noark -mailing list).

+
Working on updated Norwegian Bokmål edition of Debian Administrator's Handbook
+
4th July 2020
+

Three years ago, the first Norwegian Bokmål edition of +"The Debian Administrator's +Handbook" was published. This was based on Debian Jessie. Now a +new and updated version based on Buster is getting ready. Work on the +updated Norwegian Bokmål edition has been going on for a few months +now, and yesterday, we reached the first mile stone, with 100% of the +texts being translated. A lot of proof reading remains, of course, +but a major step towards a new edition has been taken.

+ +

The book is translated by volunteers, and we would love to get some +help with the proof reading. The translation uses +the +hosted Weblate service, and we welcome everyone to have a look and +submit improvements and suggestions. There is also a proof readers +PDF available on request, get in touch if you want to help out that +way.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: english, nuug, offentlig innsyn, standard. + Tags: debian, debian-handbook, english.
@@ -568,99 +786,73 @@ mailing list).

-
Idea for storing trusted timestamps in a Noark 5 archive
-
7th June 2017
-

This is a copy of -an -email I posted to the nikita-noark mailing list. Please follow up -there if you would like to discuss this topic. The background is that -we are making a free software archive system based on the Norwegian -Noark -5 standard for government archives.

- -

I've been wondering a bit lately how trusted timestamps could be -stored in Noark 5. -Trusted -timestamps can be used to verify that some information -(document/file/checksum/metadata) have not been changed since a -specific time in the past. This is useful to verify the integrity of -the documents in the archive.

- -

Then it occured to me, perhaps the trusted timestamps could be -stored as dokument variants (ie dokumentobjekt referered to from -dokumentbeskrivelse) with the filename set to the hash it is -stamping?

- -

Given a "dokumentbeskrivelse" with an associated "dokumentobjekt", -a new dokumentobjekt is associated with "dokumentbeskrivelse" with the -same attributes as the stamped dokumentobjekt except these -attributes:

- -
    - -
  • format -> "RFC3161" -
  • mimeType -> "application/timestamp-reply" -
  • formatDetaljer -> "<source URL for timestamp service>" -
  • filenavn -> "<sjekksum>.tsr" - -
- -

This assume a service following -IETF RFC 3161 is -used, which specifiy the given MIME type for replies and the .tsr file -ending for the content of such trusted timestamp. As far as I can -tell from the Noark 5 specifications, it is OK to have several -variants/renderings of a dokument attached to a given -dokumentbeskrivelse objekt. It might be stretching it a bit to make -some of these variants represent crypto-signatures useful for -verifying the document integrity instead of representing the dokument -itself.

- -

Using the source of the service in formatDetaljer allow several -timestamping services to be used. This is useful to spread the risk -of key compromise over several organisations. It would only be a -problem to trust the timestamps if all of the organisations are -compromised.

- -

The following oneliner on Linux can be used to generate the tsr -file. $input is the path to the file to checksum, and $sha256 is the -SHA-256 checksum of the file (ie the ".tsr" value mentioned -above).

+
Secure Socket API - a simple and powerful approach for TLS support in software
+
6th June 2020
+

As a member of the Norwegian Unix +User Group, I have the pleasure of receiving the +USENIX magazine +;login: +several times a year. I rarely have time to read all the articles, +but try to at least skim through them all as there is a lot of nice +knowledge passed on there. I even carry the latest issue with me most +of the time to try to get through all the articles when I have a few +spare minutes.

+ +

The other day I came across a nice article titled +"The +Secure Socket API: TLS as an Operating System Service" with a +marvellous idea I hope can make it all the way into the POSIX standard. +The idea is as simple as it is powerful. By introducing a new +socket() option IPPROTO_TLS to use TLS, and a system wide service to +handle setting up TLS connections, one both make it trivial to add TLS +support to any program currently using the POSIX socket API, and gain +system wide control over certificates, TLS versions and encryption +systems used. Instead of doing this:

-openssl ts -query -data "$inputfile" -cert -sha256 -no_nonce \
-  | curl -s -H "Content-Type: application/timestamp-query" \
-      --data-binary "@-" http://zeitstempel.dfn.de > $sha256.tsr
+int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);

-

To verify the timestamp, you first need to download the public key -of the trusted timestamp service, for example using this command:

+

the program code would be doing this:

-wget -O ca-cert.txt \
-  https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
+int socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TLS);

-

Note, the public key should be stored alongside the timestamps in -the archive to make sure it is also available 100 years from now. It -is probably a good idea to standardise how and were to store such -public keys, to make it easier to find for those trying to verify -documents 100 or 1000 years from now. :)

- -

The verification itself is a simple openssl command:

- -

-openssl ts -verify -data $inputfile -in $sha256.tsr \
-  -CAfile ca-cert.txt -text
-

- -

Is there any reason this approach would not work? Is it somehow against -the Noark 5 specification?

+

According to the ;login: article, converting a C program to use TLS +would normally modify only 5-10 lines in the code, which is amazing +when compared to using for example the OpenSSL API.

+ +

The project has set up the +https://securesocketapi.org/ +web site to spread the idea, and the code for a kernel module and the +associated system daemon is available from two github repositories: +ssa and +ssa-daemon. +Unfortunately there is no explicit license information with the code, +so its copyright status is unclear. A +request to solve +this about it has been unsolved since 2018-08-17.

+ +

I love the idea of extending socket() to gain TLS support, and +understand why it is an advantage to implement this as a kernel module +and system wide service daemon, but can not help to think that it +would be a lot easier to get projects to move to this way of setting +up TLS if it was done with a user space approach where programs +wanting to use this API approach could just link with a wrapper +library.

+ +

I recommend you check out this simple and powerful approach to more +secure network connections. :)

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: english, offentlig innsyn, standard. + Tags: debian, english, sikkerhet, sysadmin.
@@ -675,6 +867,94 @@ the Noark 5 specification?

Archive