1st March 2017

A few days ago I ordered a small batch of -the ChaosKey, a small -USB dongle for generating entropy created by Bdale Garbee and Keith -Packard. Yesterday it arrived, and I am very happy to report that it -work great! According to its designers, to get it to work out of the -box, you need the Linux kernel version 4.1 or later. I tested on a -Debian Stretch machine (kernel version 4.9), and there it worked just -fine, increasing the available entropy very quickly. I wrote a small -test oneliner to test. It first print the current entropy level, -drain /dev/random, and then print the entropy level for five seconds. -Here is the situation without the ChaosKey inserted:

- -

-% cat /proc/sys/kernel/random/entropy_avail; \
-  dd bs=1M if=/dev/random of=/dev/null count=1; \
-  for n in $(seq 1 5); do \
-     cat /proc/sys/kernel/random/entropy_avail; \
-     sleep 1; \
-  done
-300
-0+1 oppfÃ¸ringer inn
-0+1 oppfÃ¸ringer ut
-28 byte kopiert, 0,000264565 s, 106 kB/s
-4
-8
-12
-17
-21
-%
-

- -

The entropy level increases by 3-4 every second. In such case any -application requiring random bits (like a HTTPS enabled web server) -will halt and wait for more entrpy. And here is the situation with -the ChaosKey inserted:

- -

-% cat /proc/sys/kernel/random/entropy_avail; \
-  dd bs=1M if=/dev/random of=/dev/null count=1; \
-  for n in $(seq 1 5); do \
-     cat /proc/sys/kernel/random/entropy_avail; \
-     sleep 1; \
-  done
-1079
-0+1 oppfÃ¸ringer inn
-0+1 oppfÃ¸ringer ut
-104 byte kopiert, 0,000487647 s, 213 kB/s
-433
-1028
-1031
-1035
-1038
-%
-

- -

Quite the difference. :) I bought a few more than I need, in case -someone want to buy one here in Norway. :)

- -

Update: The dongle was presented at Debconf last year. You might -find the talk -recording illuminating. It explains exactly what the source of -randomness is, if you are unable to spot it from the schema drawing -available from the ChaosKey web site linked at the start of this blog -post.

Time for an official MIME type for patches?

1st November 2018

As part of my involvement in +the Nikita +archive API project, I've been importing a fairly large lump of +emails into a test instance of the archive to see how well this would +go. I picked a subset of my +notmuch email database, all public emails sent to me via +@lists.debian.org, giving me a set of around 216 000 emails to import. +In the process, I had a look at the various attachments included in +these emails, to figure out what to do with attachments, and noticed +that one of the most common attachment formats do not have +an +official MIME type registered with IANA/IETF. The output from +diff, ie the input for patch, is on the top 10 list of formats +included in these emails. At the moment people seem to use either +text/x-patch or text/x-diff, but neither is officially registered. It +would be better if one official MIME type were registered and used +everywhere.

+ +

To try to get one official MIME type for these files, I've brought +up the topic on +the +media-types mailing list. If you are interested in discussion +which MIME type to use as the official for patch files, or involved in +making software using a MIME type for patches, perhaps you would like +to join the discussion?

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english. + Tags: debian, english, standard.

@@ -98,34 +63,79 @@ post.

Detect OOXML files with undefined behaviour?

21st February 2017

I just noticed -the -new Norwegian proposal for archiving rules in the goverment list -ECMA-376 -/ ISO/IEC 29500 (aka OOXML) as valid formats to put in long term -storage. Luckily such files will only be accepted based on -pre-approval from the National Archive. Allowing OOXML files to be -used for long term storage might seem like a good idea as long as we -forget that there are plenty of ways for a "valid" OOXML document to -have content with no defined interpretation in the standard, which -lead to a question and an idea.

- -

Is there any tool to detect if a OOXML document depend on such -undefined behaviour? It would be useful for the National Archive (and -anyone else interested in verifying that a document is well defined) -to have such tool available when considering to approve the use of -OOXML. I'm aware of the -officeotron OOXML -validator, but do not know how complete it is nor if it will -report use of undefined behaviour. Are there other similar tools -available? Please send me an email if you know of any such tool.

Measuring the speaker frequency response using the AUDMES free software GUI - nice free software

22nd October 2018

+ +

My current home stereo is a patchwork of various pieces I got on +flee markeds over the years. It is amazing what kind of equipment +show up there. I've been wondering for a while if it was possible to +measure how well this equipment is working together, and decided to +see how far I could get using free software. After trawling the web I +came across an article from DIY Audio and Video on +Speaker +Testing and Analysis describing how to test speakers, and it listing +several software options, among them +AUDio MEasurement +System (AUDMES). It is the only free software system I could find +focusing on measuring speakers and audio frequency response. In the +process I also found an interesting article from NOVO on +Understanding +Speaker Specifications and Frequency Response and an article from +ecoustics on +Understanding +Speaker Frequency Response, with a lot of information on what to +look for and how to interpret the graphs. Armed with this knowledge, +I set out to measure the state of my speakers.

+ +

The first hurdle was that AUDMES hadn't seen a commit for 10 years +and did not build with current compilers and libraries. I got in +touch with its author, who no longer was spending time on the program +but gave me write access to the subversion repository on Sourceforge. +The end result is that now the code build on Linux and is capable of +saving and loading the collected frequency response data in CSV +format. The application is quite nice and flexible, and I was able to +select the input and output audio interfaces independently. This made +it possible to use a USB mixer as the input source, while sending +output via my laptop headphone connection. I lacked the hardware and +cabling to figure out a different way to get independent cabling to +speakers and microphone.

+ +

Using this setup I could see how a large range of high frequencies +apparently were not making it out of my speakers. The picture show +the frequency response measurement of one of the speakers. Note the +frequency lines seem to be slightly misaligned, compared to the CSV +output from the program. I can not hear several of these are high +frequencies, according to measurement from +Free Hearing Test +Software, an freeware system to measure your hearing (still +looking for a free software alternative), so I do not know if they are +coming out out the speakers. I thus do not quite know how to figure +out if the missing frequencies is a problem with the microphone, the +amplifier or the speakers, but I managed to rule out the audio card in my +PC by measuring my Bose noise canceling headset using its own +microphone. This setup was able to see the high frequency tones, so +the problem with my stereo had to be in the amplifier or speakers.

+ +

Anyway, to try to role out one factor I ended up picking up a new +set of speakers at a flee marked, and these work a lot better than the +old speakers, so I guess the microphone and amplifier is OK. If you +need to measure your own speakers, check out AUDMES. If more people +get involved, perhaps the project could become good enough to +include in Debian? And if +you know of some other free software to measure speakers and amplifier +performance, please let me know. I am aware of the freeware option +REW, but I want something +that can be developed also when the vendor looses interest.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: english, nuug, standard. + Tags: english, nice free software.

@@ -133,33 +143,67 @@ available? Please send me an email if you know of any such tool.

Ruling ignored our objections to the seizure of popcorn-time.no (#domstolkontroll)

13th February 2017

A few days ago, we received the ruling from -my -day in court. The case in question is a challenge of the seizure -of the DNS domain popcorn-time.no. The ruling simply did not mention -most of our arguments, and seemed to take everything ÃKOKRIM said at -face value, ignoring our demonstration and explanations. But it is -hard to tell for sure, as we still have not seen most of the documents -in the case and thus were unprepared and unable to contradict several -of the claims made in court by the opposition. We are considering an -appeal, but it is partly a question of funding, as it is costing us -quite a bit to pay for our lawyer. If you want to help, please -donate to the -NUUG defense fund.

- -

The details of the case, as far as we know it, is available in -Norwegian from -the NUUG -blog. This also include -the -ruling itself.

Web browser integration of VLC with Bittorrent support

21st October 2018

Bittorrent is as far as I know, currently the most efficient way to +distribute content on the Internet. It is used all by all sorts of +content providers, from national TV stations like +NRK, Linux distributors like +Debian and +Ubuntu, and of course the +Internet archive. + +

Almost a month ago +a new +package adding Bittorrent support to VLC became available in +Debian testing and unstable. To test it, simply install it like +this:

+ +

+apt install vlc-plugin-bittorrent
+

+ +

Since the plugin was made available for the first time in Debian, +several improvements have been made to it. In version 2.2-4, now +available in both testing and unstable, a desktop file is provided to +teach browsers to start VLC when the user click on torrent files or +magnet links. The last part is thanks to me finally understanding +what the strange x-scheme-handler style MIME types in desktop files +are used for. By adding x-scheme-handler/magnet to the MimeType entry +in the desktop file, at least the browsers Firefox and Chromium will +suggest to start VLC when selecting a magnet URI on a web page. The +end result is that now, with the plugin installed in Buster and Sid, +one can visit any +Internet +Archive page with movies using a web browser and click on the +torrent link to start streaming the movie.

+ +

Note, there is still some misfeatures in the plugin. One is the +fact that it will hang and +block VLC +from exiting until the torrent streaming starts. Another is the +fact that it +will pick +and play a random file in a multi file torrent. This is not +always the video file you want. Combined with the first it can be a +bit hard to get the video streaming going. But when it work, it seem +to do a good job.

+ +

For the Debian packaging, I would love to find a good way to test +if the plugin work with VLC using autopkgtest. I tried, but do not +know enough of the inner workings of VLC to get it working. For now +the autopkgtest script is only checking if the .so file was +successfully loaded by VLC. If you have any suggestions, please +submit a patch to the Debian bug tracking system.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: english, nuug, offentlig innsyn, opphavsrett. + Tags: english, verkidetfri, video.

@@ -167,86 +211,80 @@ ruling itself.

A day in court challenging seizure of popcorn-time.no for #domstolkontroll

3rd February 2017

- -

On Wednesday, I spent the entire day in court in Follo Tingrett -representing the member association -NUUG, alongside the member -association EFN and the DNS registrar -IMC, challenging the seizure of the DNS name popcorn-time.no. It -was interesting to sit in a court of law for the first time in my -life. Our team can be seen in the picture above: attorney Ola -TellesbÃ¸, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil -Eriksen and NUUG board member Petter Reinholdtsen.

- -

The -case at hand is that the Norwegian National Authority for -Investigation and Prosecution of Economic and Environmental Crime (aka -Ãkokrim) decided on their own, to seize a DNS domain early last -year, without following -the -official policy of the Norwegian DNS authority which require a -court decision. The web site in question was a site covering Popcorn -Time. And Popcorn Time is the name of a technology with both legal -and illegal applications. Popcorn Time is a client combining -searching a Bittorrent directory available on the Internet with -downloading/distribute content via Bittorrent and playing the -downloaded content on screen. It can be used illegally if it is used -to distribute content against the will of the right holder, but it can -also be used legally to play a lot of content, for example the -millions of movies -available from the -Internet Archive or the collection -available from Vodo. We created -a -video demonstrating legally use of Popcorn Time and played it in -Court. It can of course be downloaded using Bittorrent.

- -

I did not quite know what to expect from a day in court. The -government held on to their version of the story and we held on to -ours, and I hope the judge is able to make sense of it all. We will -know in two weeks time. Unfortunately I do not have high hopes, as -the Government have the upper hand here with more knowledge about the -case, better training in handling criminal law and in general higher -standing in the courts than fairly unknown DNS registrar and member -associations. It is expensive to be right also in Norway. So far the -case have cost more than NOK 70 000,-. To help fund the case, NUUG -and EFN have asked for donations, and managed to collect around NOK 25 -000,- so far. Given the presentation from the Government, I expect -the government to appeal if the case go our way. And if the case do -not go our way, I hope we have enough funding to appeal.

- -

From the other side came two people from Ãkokrim. On the benches, -appearing to be part of the group from the government were two people -from the Simonsen Vogt Wiik lawyer office, and three others I am not -quite sure who was. Ãkokrim had proposed to present two witnesses -from The Motion Picture Association, but this was rejected because -they did not speak Norwegian and it was a bit late to bring in a -translator, but perhaps the two from MPA were present anyway. All -seven appeared to know each other. Good to see the case is take -seriously.

- -

If you, like me, believe the courts should be involved before a DNS -domain is hijacked by the government, or you believe the Popcorn Time -technology have a lot of useful and legal applications, I suggest you -too donate to -the NUUG defense fund. Both Bitcoin and bank transfer are -available. If NUUG get more than we need for the legal action (very -unlikely), the rest will be spend promoting free software, open -standards and unix-like operating systems in Norway, so no matter what -happens the money will be put to good use.

- -

If you want to lean more about the case, I recommend you check out -the blog -posts from NUUG covering the case. They cover the legal arguments -on both sides.

Release 0.2 of free software archive system Nikita announced

18th October 2018

This morning, the new release of the +Nikita +Noark 5 core project was +announced +on the project mailing list. The free software solution is an +implementation of the Norwegian archive standard Noark 5 used by +government offices in Norway. These were the changes in version 0.2 +since version 0.1.1 (from NEWS.md): + +

Fix typos in REL names
Tidy up error message reporting
Fix issue where we used Integer.valueOf(), not Integer.getInteger()
Change some String handling to StringBuffer
Fix error reporting
Code tidy-up
Fix issue using static non-synchronized SimpleDateFormat to avoid + race conditions
Fix problem where deserialisers were treating integers as strings
Update methods to make them null-safe
Fix many issues reported by coverity
Improve equals(), compareTo() and hash() in domain model
Improvements to the domain model for metadata classes
Fix CORS issues when downloading document
Implementation of case-handling with registryEntry and document upload
Better support in Javascript for OPTIONS
Adding concept description of mail integration
Improve setting of default values for GET on ny-journalpost
Better handling of required values during deserialisation
Changed tilknyttetDato (M620) from date to dateTime
Corrected some opprettetDato (M600) (de)serialisation errors.
Improve parse error reporting.
Started on OData search and filtering.
Added Contributor Covenant Code of Conduct to project.
Moved repository and project from Github to Gitlab.
Restructured repository, moved code into src/ and web/.
Updated code to use Spring Boot version 2.
Added support for OAuth2 authentication.
Fixed several bugs discovered by Coverity.
Corrected handling of date/datetime fields.
Improved error reporting when rejecting during deserializatoin.
Adjusted default values provided for ny-arkivdel, ny-mappe, + ny-saksmappe, ny-journalpost and ny-dokumentbeskrivelse.
Several fixes for korrespondansepart*.
Updated web GUI: +
- Now handle both file upload and download.
- Uses new OAuth2 authentication for login.
- Forms now fetches default values from API using GET.
- Added RFC 822 (email), TIFF and JPEG to list of possible file formats.

+ +

The changes and improvements are extensive. Running diffstat on +the changes between git tab 0.1.1 and 0.2 show 1098 files changed, +108666 insertions(+), 54066 deletions(-).

+ +

If free and open standardized archiving API sound interesting to +you, please contact us on IRC +(#nikita on +irc.freenode.net) or email +(nikita-noark +mailing list).

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: english, nuug, offentlig innsyn, opphavsrett. + Tags: english, nuug, offentlig innsyn, standard.

@@ -254,41 +292,111 @@ on both sides.

Nasjonalbiblioteket avslutter sin ulovlige bruk av Google Skjemaer

12th January 2017

I dag fikk jeg en skikkelig gladmelding. Bakgrunnen er at fÃ¸r jul -arrangerte Nasjonalbiblioteket -et -seminar om sitt knakende gode tiltak Â«verksregisterÂ». Eneste -mÃ¥ten Ã¥ melde seg pÃ¥ dette seminaret var Ã¥ sende personopplysninger -til Google via Google Skjemaer. Dette syntes jeg var tvilsom praksis, -da det bÃ¸r vÃ¦re mulig Ã¥ delta pÃ¥ seminarer arrangert av det offentlige -uten Ã¥ mÃ¥tte dele sine interesser, posisjon og andre -personopplysninger med Google. Jeg ba derfor om innsyn via -Mimes brÃ¸nn i -avtaler -og vurderinger Nasjonalbiblioteket hadde rundt dette. -Personopplysningsloven legger klare rammer for hva som mÃ¥ vÃ¦re pÃ¥ -plass fÃ¸r en kan be tredjeparter, spesielt i utlandet, behandle -personopplysninger pÃ¥ sine vegne, sÃ¥ det burde eksistere grundig -dokumentasjon fÃ¸r noe slikt kan bli lovlig. To jurister hos -Nasjonalbiblioteket mente fÃ¸rst dette var helt i orden, og at Googles -standardavtale kunne brukes som databehandlingsavtale. Det syntes jeg -var merkelig, men har ikke hatt kapasitet til Ã¥ fÃ¸lge opp saken fÃ¸r -for to dager siden.

- -

Gladnyheten i dag, som kom etter at jeg tipset Nasjonalbiblioteket -om at Datatilsynet underkjente Googles standardavtaler som -databehandleravtaler i 2011, er at Nasjonalbiblioteket har bestemt seg -for Ã¥ avslutte bruken av Googles Skjemaer/Apps og gÃ¥ i dialog med DIFI -for Ã¥ finne bedre mÃ¥ter Ã¥ hÃ¥ndtere pÃ¥meldinger i trÃ¥d med -personopplysningsloven. Det er fantastisk Ã¥ se at av og til hjelper -det Ã¥ spÃ¸rre hva i alle dager det offentlige holder pÃ¥ med.

Fetching trusted timestamps using the rfc3161ng python module

8th October 2018

I have earlier covered the basics of trusted timestamping using the +'openssl ts' client. See blog post for +2014, +2016 +and +2017 +for those stories. But some times I want to integrate the timestamping +in other code, and recently I needed to integrate it into Python. +After searching a bit, I found +the +rfc3161 library which seemed like a good fit, but I soon +discovered it only worked for python version 2, and I needed something +that work with python version 3. Luckily I next came across +the rfc3161ng library, +a fork of the original rfc3161 library. Not only is it working with +python 3, it have fixed a few of the bugs in the original library, and +it has an active maintainer. I decided to wrap it up and make it +available in +Debian, and a few days ago it entered Debian unstable and testing.

+ +

Using the library is fairly straight forward. The only slightly +problematic step is to fetch the required certificates to verify the +timestamp. For some services it is straight forward, while for others +I have not yet figured out how to do it. Here is a small standalone +code example based on of the integration tests in the library code:

+ +

+#!/usr/bin/python3
+
+"""
+
+Python 3 script demonstrating how to use the rfc3161ng module to
+get trusted timestamps.
+
+The license of this code is the same as the license of the rfc3161ng
+library, ie MIT/BSD.
+
+"""
+
+import os
+import pyasn1.codec.der
+import rfc3161ng
+import subprocess
+import tempfile
+import urllib.request
+
+def store(f, data):
+    f.write(data)
+    f.flush()
+    f.seek(0)
+
+def fetch(url, f=None):
+    response = urllib.request.urlopen(url)
+    data = response.read()
+    if f:
+        store(f, data)
+    return data
+
+def main():
+    with tempfile.NamedTemporaryFile() as cert_f,\
+    	 tempfile.NamedTemporaryFile() as ca_f,\
+    	 tempfile.NamedTemporaryFile() as msg_f,\
+    	 tempfile.NamedTemporaryFile() as tsr_f:
+
+        # First fetch certificates used by service
+        certificate_data = fetch('https://freetsa.org/files/tsa.crt', cert_f)
+        ca_data_data = fetch('https://freetsa.org/files/cacert.pem', ca_f)
+
+        # Then timestamp the message
+        timestamper = \
+            rfc3161ng.RemoteTimestamper('http://freetsa.org/tsr',
+                                        certificate=certificate_data)
+        data = b"Python forever!\n"
+        tsr = timestamper(data=data, return_tsr=True)
+
+        # Finally, convert message and response to something 'openssl ts' can verify
+        store(msg_f, data)
+        store(tsr_f, pyasn1.codec.der.encoder.encode(tsr))
+        args = ["openssl", "ts", "-verify",
+                "-data", msg_f.name,
+	        "-in", tsr_f.name,
+		"-CAfile", ca_f.name,
+                "-untrusted", cert_f.name]
+        subprocess.check_call(args)
+
+if '__main__' == __name__:
+   main()
+

+ +

The code fetches the required certificates, store them as temporary +files, timestamp a simple message, store the message and timestamp to +disk and ask 'openssl ts' to verify the timestamp. A timestamp is +around 1.5 kiB in size, and should be fairly easy to store for future +use.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: norsk, personvern, surveillance, web. + Tags: english, sikkerhet.

@@ -296,86 +404,68 @@ det Ã¥ spÃ¸rre hva i alle dager det offentlige holder pÃ¥ med.

Bryter NAV sin egen personvernerklÃ¦ring?

11th January 2017

Jeg leste med interesse en nyhetssak hos -digi.no -og -NRK -om at det ikke bare er meg, men at ogsÃ¥ NAV bedriver geolokalisering -av IP-adresser, og at det gjÃ¸res analyse av IP-adressene til de som -sendes inn meldekort for Ã¥ se om meldekortet sendes inn fra -utenlandske IP-adresser. Politiadvokat i Drammen, Hans Lyder Haare, -er sitert i NRK pÃ¥ at Â«De to er jo blant annet avslÃ¸rt av -IP-adresser. At man ser at meldekortet kommer fra utlandet.Â»

- -

Jeg synes det er fint at det blir bedre kjent at IP-adresser -knyttes til enkeltpersoner og at innsamlet informasjon brukes til Ã¥ -stedsbestemme personer ogsÃ¥ av aktÃ¸rer her i Norge. Jeg ser det som -nok et argument for Ã¥ bruke -Tor sÃ¥ mye som mulig for Ã¥ -gjÃ¸re gjÃ¸re IP-lokalisering vanskeligere, slik at en kan beskytte sin -privatsfÃ¦re og unngÃ¥ Ã¥ dele sin fysiske plassering med -uvedkommede.

- -

Men det er en ting som bekymrer meg rundt denne nyheten. Jeg ble -tipset (takk #nuug) om -NAVs -personvernerklÃ¦ring, som under punktet Â«Personvern og statistikkÂ» -lyder:

- -

- -
Â«NÃ¥r du besÃ¸ker nav.no, etterlater du deg elektroniske spor. Sporene -dannes fordi din nettleser automatisk sender en rekke opplysninger til -NAVs tjener (server-maskin) hver gang du ber om Ã¥ fÃ¥ vist en side. Det -er eksempelvis opplysninger om hvilken nettleser og -versjon du -bruker, og din internettadresse (ip-adresse). For hver side som vises, -lagres fÃ¸lgende opplysninger:
+
Automatic Google Drive sync using grive in Debian
+
4th October 2018
+
A few days, I rescued a Windows victim over to Debian. To try to +rescue the remains, I helped set up automatic sync with Google Drive. +I did not find any sensible Debian package handling this +automatically, so I rebuild the grive2 source from +the Ubuntu UPD8 PPA to do the +task and added a autostart desktop entry and a small shell script to +run in the background while the user is logged in to do the sync. +Here is a sketch of the setup for future reference.
+ +
I first created ~/googledrive, entered the directory and +ran 'grive -a' to authenticate the machine/user. Next, I +created a autostart hook in ~/.config/autostart/grive.desktop +to start the sync when the user log in:
+ +
+[Desktop Entry]
+Name=Google drive autosync
+Type=Application
+Exec=/home/user/bin/grive-sync
+
+ +
Finally, I wrote the ~/bin/grive-sync script to sync +~/googledrive/ with the files in Google Drive.
+ +
+#!/bin/sh
+set -e
+cd ~/
+cleanup() {
+    if [ "$syncpid" ] ; then
+        kill $syncpid
+    fi
+}
+trap cleanup EXIT INT QUIT
+/usr/lib/grive/grive-sync.sh listen googledrive 2>&1 | sed "s%^%$0:%" &
+syncpdi=$!
+while true; do
+    if ! xhost >/dev/null 2>&1 ; then
+        echo "no DISPLAY, exiting as the user probably logged out"
+        exit 1
+    fi
+    if [ ! -e /run/user/1000/grive-sync.sh_googledrive ] ; then
+        /usr/lib/grive/grive-sync.sh sync googledrive
+    fi
+    sleep 300
+done 2>&1 | sed "s%^%$0:%"
+
+ +
Feel free to use the setup if you want. It can be assumed to be +GNU GPL v2 licensed (or any later version, at your leisure), but I +doubt this code is possible to claim copyright on.
-
-
hvilken side du ser pÃ¥
-
dato og tid
-
hvilken nettleser du bruker
-
din ip-adresse
-
- -
Ingen av opplysningene vil bli brukt til Ã¥ identifisere -enkeltpersoner. NAV bruker disse opplysningene til Ã¥ generere en -samlet statistikk som blant annet viser hvilke sider som er mest -populÃ¦re. Statistikken er et redskap til Ã¥ forbedre vÃ¥re -tjenester.Â»
- -

- -

Jeg klarer ikke helt Ã¥ se hvordan analyse av de besÃ¸kendes -IP-adresser for Ã¥ se hvem som sender inn meldekort via web fra en -IP-adresse i utlandet kan gjÃ¸res uten Ã¥ komme i strid med pÃ¥standen om -at Â«ingen av opplysningene vil bli brukt til Ã¥ identifisere -enkeltpersonerÂ». Det virker dermed for meg som at NAV bryter sine -egen personvernerklÃ¦ring, hvilket -Datatilsynet -fortalte meg i starten av desember antagelig er brudd pÃ¥ -personopplysningsloven. - -

I tillegg er personvernerklÃ¦ringen ganske misvisende i og med at -NAVs nettsider ikke bare forsyner NAV med personopplysninger, men i -tillegg ber brukernes nettleser kontakte fem andre nettjenere -(script.hotjar.com, static.hotjar.com, vars.hotjar.com, -www.google-analytics.com og www.googletagmanager.com), slik at -personopplysninger blir gjort tilgjengelig for selskapene Hotjar og -Google , og alle som kan lytte pÃ¥ trafikken pÃ¥ veien (som FRA, GCHQ og -NSA). Jeg klarer heller ikke se hvordan slikt spredning av -personopplysninger kan vÃ¦re i trÃ¥d med kravene i -personopplysningloven, eller i trÃ¥d med NAVs personvernerklÃ¦ring.

- -

Kanskje NAV bÃ¸r ta en nÃ¸ye titt pÃ¥ sin personvernerklÃ¦ring? Eller -kanskje Datatilsynet bÃ¸r gjÃ¸re det?

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: norsk, nuug, personvern, surveillance. + Tags: debian, english.

@@ -383,164 +473,161 @@ kanskje Datatilsynet bÃ¸r gjÃ¸re det?

Where did that package go? — geolocated IP traceroute

9th January 2017

Did you ever wonder where the web trafic really flow to reach the -web servers, and who own the network equipment it is flowing through? -It is possible to get a glimpse of this from using traceroute, but it -is hard to find all the details. Many years ago, I wrote a system to -map the Norwegian Internet (trying to figure out if our plans for a -network game service would get low enough latency, and who we needed -to talk to about setting up game servers close to the users. Back -then I used traceroute output from many locations (I asked my friends -to run a script and send me their traceroute output) to create the -graph and the map. The output from traceroute typically look like -this: - -

-traceroute to www.stortinget.no (85.88.67.10), 30 hops max, 60 byte packets
- 1  uio-gw10.uio.no (129.240.202.1)  0.447 ms  0.486 ms  0.621 ms
- 2  uio-gw8.uio.no (129.240.24.229)  0.467 ms  0.578 ms  0.675 ms
- 3  oslo-gw1.uninett.no (128.39.65.17)  0.385 ms  0.373 ms  0.358 ms
- 4  te3-1-2.br1.fn3.as2116.net (193.156.90.3)  1.174 ms  1.172 ms  1.153 ms
- 5  he16-1-1.cr1.san110.as2116.net (195.0.244.234)  2.627 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48)  3.172 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234)  2.857 ms
- 6  ae1.ar8.oslosda310.as2116.net (195.0.242.39)  0.662 ms  0.637 ms ae0.ar8.oslosda310.as2116.net (195.0.242.23)  0.622 ms
- 7  89.191.10.146 (89.191.10.146)  0.931 ms  0.917 ms  0.955 ms
- 8  * * *
- 9  * * *
-[...]
-

- -

This show the DNS names and IP addresses of (at least some of the) -network equipment involved in getting the data traffic from me to the -www.stortinget.no server, and how long it took in milliseconds for a -package to reach the equipment and return to me. Three packages are -sent, and some times the packages do not follow the same path. This -is shown for hop 5, where three different IP addresses replied to the -traceroute request.

- -

There are many ways to measure trace routes. Other good traceroute -implementations I use are traceroute (using ICMP packages) mtr (can do -both ICMP, UDP and TCP) and scapy (python library with ICMP, UDP, TCP -traceroute and a lot of other capabilities). All of them are easily -available in Debian.

- -

This time around, I wanted to know the geographic location of -different route points, to visualize how visiting a web page spread -information about the visit to a lot of servers around the globe. The -background is that a web site today often will ask the browser to get -from many servers the parts (for example HTML, JSON, fonts, -JavaScript, CSS, video) required to display the content. This will -leak information about the visit to those controlling these servers -and anyone able to peek at the data traffic passing by (like your ISP, -the ISPs backbone provider, FRA, GCHQ, NSA and others).

- -

Lets pick an example, the Norwegian parliament web site -www.stortinget.no. It is read daily by all members of parliament and -their staff, as well as political journalists, activits and many other -citizens of Norway. A visit to the www.stortinget.no web site will -ask your browser to contact 8 other servers: ajax.googleapis.com, -insights.hotjar.com, script.hotjar.com, static.hotjar.com, -stats.g.doubleclick.net, www.google-analytics.com, -www.googletagmanager.com and www.netigate.se. I extracted this by -asking PhantomJS to visit the -Stortinget web page and tell me all the URLs PhantomJS downloaded to -render the page (in HAR format using -their -netsniff example. I am very grateful to Gorm for showing me how -to do this). My goal is to visualize network traces to all IP -addresses behind these DNS names, do show where visitors personal -information is spread when visiting the page.

- -

When I had a look around for options, I could not find any good -free software tools to do this, and decided I needed my own traceroute -wrapper outputting KML based on locations looked up using GeoIP. KML -is easy to work with and easy to generate, and understood by several -of the GIS tools I have available. I got good help from by NUUG -colleague Anders Einar with this, and the result can be seen in -my -kmltraceroute git repository. Unfortunately, the quality of the -free GeoIP databases I could find (and the for-pay databases my -friends had access to) is not up to the task. The IP addresses of -central Internet infrastructure would typically be placed near the -controlling companies main office, and not where the router is really -located, as you can see from the -KML file I created using the GeoLite City dataset from MaxMind. - -

- -

I also had a look at the visual traceroute graph created by -the scrapy project, -showing IP network ownership (aka AS owner) for the IP address in -question. -The -graph display a lot of useful information about the traceroute in SVG -format, and give a good indication on who control the network -equipment involved, but it do not include geolocation. This graph -make it possible to see the information is made available at least for -UNINETT, Catchcom, Stortinget, Nordunet, Google, Amazon, Telia, Level -3 Communications and NetDNA.

- -

In the process, I came across the -web service GeoTraceroute by -Salim Gasmi. Its methology of combining guesses based on DNS names, -various location databases and finally use latecy times to rule out -candidate locations seemed to do a very good job of guessing correct -geolocation. But it could only do one trace at the time, did not have -a sensor in Norway and did not make the geolocations easily available -for postprocessing. So I contacted the developer and asked if he -would be willing to share the code (he refused until he had time to -clean it up), but he was interested in providing the geolocations in a -machine readable format, and willing to set up a sensor in Norway. So -since yesterday, it is possible to run traces from Norway in this -service thanks to a sensor node set up by -the NUUG assosiation, and get the -trace in KML format for further processing.

- -

Here we can see a lot of trafic passes Sweden on its way to -Denmark, Germany, Holland and Ireland. Plenty of places where the -Snowden confirmations verified the traffic is read by various actors -without your best interest as their top priority.

- -

Combining KML files is trivial using a text editor, so I could loop -over all the hosts behind the urls imported by www.stortinget.no and -ask for the KML file from GeoTraceroute, and create a combined KML -file with all the traces (unfortunately only one of the IP addresses -behind the DNS name is traced this time. To get them all, one would -have to request traces using IP number instead of DNS names from -GeoTraceroute). That might be the next step in this project.

- -

Armed with these tools, I find it a lot easier to figure out where -the IP traffic moves and who control the boxes involved in moving it. -And every time the link crosses for example the Swedish border, we can -be sure Swedish Signal Intelligence (FRA) is listening, as GCHQ do in -Britain and NSA in USA and cables around the globe. (Hm, what should -we tell them? :) Keep that in mind if you ever send anything -unencrypted over the Internet.

- -

PS: KML files are drawn using -the KML viewer from Ivan -Rublev , as it was less cluttered than the local Linux application -Marble. There are heaps of other options too.

Valutakrambod - A python and bitcoin love story

29th September 2018

It would come as no surprise to anyone that I am interested in +bitcoins and virtual currencies. I've been keeping an eye on virtual +currencies for many years, and it is part of the reason a few months +ago, I started writing a python library for collecting currency +exchange rates and trade on virtual currency exchanges. I decided to +name the end result valutakrambod, which perhaps can be translated to +small currency shop.

+ +

The library uses the tornado python library to handle HTTP and +websocket connections, and provide a asynchronous system for +connecting to and tracking several services. The code is available +from +github.

+ +

There are two example clients of the library. One is very simple and +list every updated buy/sell price received from the various services. +This code is started by running bin/btc-rates and call the client code +in valutakrambod/client.py. The simple client look like this:

+ +

+import functools
+import tornado.ioloop
+import valutakrambod
+class SimpleClient(object):
+    def __init__(self):
+        self.services = []
+        self.streams = []
+        pass
+    def newdata(self, service, pair, changed):
+        print("%-15s %s-%s: %8.3f %8.3f" % (
+            service.servicename(),
+            pair[0],
+            pair[1],
+            service.rates[pair]['ask'],
+            service.rates[pair]['bid'])
+        )
+    async def refresh(self, service):
+        await service.fetchRates(service.wantedpairs)
+    def run(self):
+        self.ioloop = tornado.ioloop.IOLoop.current()
+        self.services = valutakrambod.service.knownServices()
+        for e in self.services:
+            service = e()
+            service.subscribe(self.newdata)
+            stream = service.websocket()
+            if stream:
+                self.streams.append(stream)
+            else:
+                # Fetch information from non-streaming services immediately
+                self.ioloop.call_later(len(self.services),
+                                       functools.partial(self.refresh, service))
+                # as well as regularly
+                service.periodicUpdate(60)
+        for stream in self.streams:
+            stream.connect()
+        try:
+            self.ioloop.start()
+        except KeyboardInterrupt:
+            print("Interrupted by keyboard, closing all connections.")
+            pass
+        for stream in self.streams:
+            stream.close()
+

+ +

The library client loops over all known "public" services, +initialises it, subscribes to any updates from the service, checks and +activates websocket streaming if the service provide it, and if no +streaming is supported, fetches information from the service and sets +up a periodic update every 60 seconds. The output from this client +can look like this:

+ +

+Bl3p            BTC-EUR: 5687.110 5653.690
+Bl3p            BTC-EUR: 5687.110 5653.690
+Bl3p            BTC-EUR: 5687.110 5653.690
+Hitbtc          BTC-USD: 6594.560 6593.690
+Hitbtc          BTC-USD: 6594.560 6593.690
+Bl3p            BTC-EUR: 5687.110 5653.690
+Hitbtc          BTC-USD: 6594.570 6593.690
+Bitstamp        EUR-USD:    1.159    1.154
+Hitbtc          BTC-USD: 6594.570 6593.690
+Hitbtc          BTC-USD: 6594.580 6593.690
+Hitbtc          BTC-USD: 6594.580 6593.690
+Hitbtc          BTC-USD: 6594.580 6593.690
+Bl3p            BTC-EUR: 5687.110 5653.690
+Paymium         BTC-EUR: 5680.000 5620.240
+

+ +

The exchange order book is tracked in addition to the best buy/sell +price, for those that need to know the details.

+ +

The other example client is focusing on providing a curses view +with updated buy/sell prices as soon as they are received from the +services. This code is located in bin/btc-rates-curses and activated +by using the '-c' argument. Without the argument the "curses" output +is printed without using curses, which is useful for debugging. The +curses view look like this:

+ +

+           Name Pair   Bid         Ask         Spr    Ftcd    Age
+ BitcoinsNorway BTCEUR   5591.8400   5711.0800   2.1%   16    nan     60
+       Bitfinex BTCEUR   5671.0000   5671.2000   0.0%   16     22     59
+        Bitmynt BTCEUR   5580.8000   5807.5200   3.9%   16     41     60
+         Bitpay BTCEUR   5663.2700         nan   nan%   15    nan     60
+       Bitstamp BTCEUR   5664.8400   5676.5300   0.2%    0      1      1
+           Bl3p BTCEUR   5653.6900   5684.9400   0.5%    0    nan     19
+       Coinbase BTCEUR   5600.8200   5714.9000   2.0%   15    nan    nan
+         Kraken BTCEUR   5670.1000   5670.2000   0.0%   14     17     60
+        Paymium BTCEUR   5620.0600   5680.0000   1.1%    1   7515    nan
+ BitcoinsNorway BTCNOK  52898.9700  54034.6100   2.1%   16    nan     60
+        Bitmynt BTCNOK  52960.3200  54031.1900   2.0%   16     41     60
+         Bitpay BTCNOK  53477.7833         nan   nan%   16    nan     60
+       Coinbase BTCNOK  52990.3500  54063.0600   2.0%   15    nan    nan
+        MiraiEx BTCNOK  52856.5300  54100.6000   2.3%   16    nan    nan
+ BitcoinsNorway BTCUSD   6495.5300   6631.5400   2.1%   16    nan     60
+       Bitfinex BTCUSD   6590.6000   6590.7000   0.0%   16     23     57
+         Bitpay BTCUSD   6564.1300         nan   nan%   15    nan     60
+       Bitstamp BTCUSD   6561.1400   6565.6200   0.1%    0      2      1
+       Coinbase BTCUSD   6504.0600   6635.9700   2.0%   14    nan    117
+         Gemini BTCUSD   6567.1300   6573.0700   0.1%   16     89    nan
+         Hitbtc+BTCUSD   6592.6200   6594.2100   0.0%    0      0      0
+         Kraken BTCUSD   6565.2000   6570.9000   0.1%   15     17     58
+  Exchangerates EURNOK      9.4665      9.4665   0.0%   16 107789    nan
+     Norgesbank EURNOK      9.4665      9.4665   0.0%   16 107789    nan
+       Bitstamp EURUSD      1.1537      1.1593   0.5%    4      5      1
+  Exchangerates EURUSD      1.1576      1.1576   0.0%   16 107789    nan
+ BitcoinsNorway LTCEUR      1.0000     49.0000  98.0%   16    nan    nan
+ BitcoinsNorway LTCNOK    492.4800    503.7500   2.2%   16    nan     60
+ BitcoinsNorway LTCUSD      1.0221     49.0000  97.9%   15    nan    nan
+     Norgesbank USDNOK      8.1777      8.1777   0.0%   16 107789    nan
+

+ +

The code for this client is too complex for a simple blog post, so +you will have to check out the git repository to figure out how it +work. What I can tell is how the three last numbers on each line +should be interpreted. The first is how many seconds ago information +was received from the service. The second is how long ago, according +to the service, the provided information was updated. The last is an +estimate on how often the buy/sell values change.

+ +

If you find this library useful, or would like to improve it, I +would love to hear from you. Note that for some of the services I've +implemented a trading API. It might be the topic of a future blog +post.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address -15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english, kart, nuug, personvern, stortinget, surveillance, web. + Tags: bitcoin, english.

@@ -548,77 +635,47 @@ activities, please send Bitcoin donations to my address

Introducing ical-archiver to split out old iCalendar entries

4th January 2017

Do you have a large iCalendar -file with lots of old entries, and would like to archive them to save -space and resources? At least those of us using KOrganizer know that -turning on and off an event set become slower and slower the more -entries are in the set. While working on migrating our calendars to a -Radicale CalDAV server on our -Freedombox server, my -loved one wondered if I could find a way to split up the calendar file -she had in KOrganizer, and I set out to write a tool. I spent a few -days writing and polishing the system, and it is now ready for general -consumption. The -code for -ical-archiver is publicly available from a git repository on -github. The system is written in Python and depend on -the vobject Python -module.

- -

To use it, locate the iCalendar file you want to operate on and -give it as an argument to the ical-archiver script. This will -generate a set of new files, one file per component type per year for -all components expiring more than two years in the past. The vevent, -vtodo and vjournal entries are handled by the script. The remaining -entries are stored in a 'remaining' file.

- -

This is what a test run can look like: - -

-% ical-archiver t/2004-2016.ics 
-Found 3612 vevents
-Found 6 vtodos
-Found 2 vjournals
-Writing t/2004-2016.ics-subset-vevent-2004.ics
-Writing t/2004-2016.ics-subset-vevent-2005.ics
-Writing t/2004-2016.ics-subset-vevent-2006.ics
-Writing t/2004-2016.ics-subset-vevent-2007.ics
-Writing t/2004-2016.ics-subset-vevent-2008.ics
-Writing t/2004-2016.ics-subset-vevent-2009.ics
-Writing t/2004-2016.ics-subset-vevent-2010.ics
-Writing t/2004-2016.ics-subset-vevent-2011.ics
-Writing t/2004-2016.ics-subset-vevent-2012.ics
-Writing t/2004-2016.ics-subset-vevent-2013.ics
-Writing t/2004-2016.ics-subset-vevent-2014.ics
-Writing t/2004-2016.ics-subset-vjournal-2007.ics
-Writing t/2004-2016.ics-subset-vjournal-2011.ics
-Writing t/2004-2016.ics-subset-vtodo-2012.ics
-Writing t/2004-2016.ics-remaining.ics
-%
-

- -

As you can see, the original file is untouched and new files are -written with names derived from the original file. If you are happy -with their content, the *-remaining.ics file can replace the original -the the others can be archived or imported as historical calendar -collections.

- -

The script should probably be improved a bit. The error handling -when discovering broken entries is not good, and I am not sure yet if -it make sense to split different entry types into separate files or -not. The program is thus likely to change. If you find it -interesting, please get in touch. :)

VLC in Debian now can do bittorrent streaming

24th September 2018

Back in February, I got curious to see +if +VLC now supported Bittorrent streaming. It did not, despite the +fact that the idea and code to handle such streaming had been floating +around for years. I did however find +a standalone plugin +for VLC to do it, and half a year later I decided to wrap up the +plugin and get it into Debian. I uploaded it to NEW a few days ago, +and am very happy to report that it +entered +Debian a few hours ago, and should be available in Debian/Unstable +tomorrow, and Debian/Testing in a few days.

+ +

With the vlc-plugin-bittorrent package installed you should be able +to stream videos using a simple call to

+ +

+vlc https://archive.org/download/TheGoat/TheGoat_archive.torrent
+

+ +

It can handle magnet links too. Now if only native vlc had +bittorrent support. Then a lot more would be helping each other to +share public domain and creative commons movies. The plugin need some +stability work with seeking and picking the right file in a torrent +with many files, but is already usable. Please note that the plugin +is not removing downloaded files when vlc is stopped, so it can fill +up your disk if you are not careful. Have fun. :)

+ +

I would love to get help maintaining this package. Get in touch if +you are interested.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address -15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: english, standard. + Tags: english, verkidetfri, video.

@@ -626,96 +683,35 @@ activities, please send Bitcoin donations to my address

Appstream just learned how to map hardware to packages too!

23rd December 2016

I received a very nice Christmas present today. As my regular -readers probably know, I have been working on the -the Isenkram -system for many years. The goal of the Isenkram system is to make -it easier for users to figure out what to install to get a given piece -of hardware to work in Debian, and a key part of this system is a way -to map hardware to packages. Isenkram have its own mapping database, -and also uses data provided by each package using the AppStream -metadata format. And today, -AppStream in -Debian learned to look up hardware the same way Isenkram is doing it, -ie using fnmatch():

- -

-% appstreamcli what-provides modalias \
-  usb:v1130p0202d0100dc00dsc00dp00ic03isc00ip00in00
-Identifier: pymissile [generic]
-Name: pymissile
-Summary: Control original Striker USB Missile Launcher
-Package: pymissile
-% appstreamcli what-provides modalias usb:v0694p0002d0000
-Identifier: libnxt [generic]
-Name: libnxt
-Summary: utility library for talking to the LEGO Mindstorms NXT brick
-Package: libnxt
----
-Identifier: t2n [generic]
-Name: t2n
-Summary: Simple command-line tool for Lego NXT
-Package: t2n
----
-Identifier: python-nxt [generic]
-Name: python-nxt
-Summary: Python driver/interface/wrapper for the Lego Mindstorms NXT robot
-Package: python-nxt
----
-Identifier: nbc [generic]
-Name: nbc
-Summary: C compiler for LEGO Mindstorms NXT bricks
-Package: nbc
-%
-

- -

A similar query can be done using the combined AppStream and -Isenkram databases using the isenkram-lookup tool:

- -

-% isenkram-lookup usb:v1130p0202d0100dc00dsc00dp00ic03isc00ip00in00
-pymissile
-% isenkram-lookup usb:v0694p0002d0000
-libnxt
-nbc
-python-nxt
-t2n
-%
-

- -

You can find modalias values relevant for your machine using -cat $(find /sys/devices/ -name modalias). - -

If you want to make this system a success and help Debian users -make the most of the hardware they have, please -helpadd -AppStream metadata for your package following the guidelines -documented in the wiki. So far only 11 packages provide such -information, among the several hundred hardware specific packages in -Debian. The Isenkram database on the other hand contain 101 packages, -mostly related to USB dongles. Most of the packages with hardware -mapping in AppStream are LEGO Mindstorms related, because I have, as -part of my involvement in -the Debian LEGO -team given priority to making sure LEGO users get proposed the -complete set of packages in Debian for that particular hardware. The -team also got a nice Christmas present today. The -nxt-firmware -package made it into Debian. With this package in place, it is -now possible to use the LEGO Mindstorms NXT unit with only free -software, as the nxt-firmware package contain the source and firmware -binaries for the NXT brick.

Using the Kodi API to play Youtube videos

2nd September 2018

I continue to explore my Kodi installation, and today I wanted to +tell it to play a youtube URL I received in a chat, without having to +insert search terms using the on-screen keyboard. After searching the +web for API access to the Youtube plugin and testing a bit, I managed +to find a recipe that worked. If you got a kodi instance with its API +available from http://kodihost/jsonrpc, you can try the following to +have check out a nice cover band.

+ +

curl --silent --header 'Content-Type: application/json' \
+  --data-binary '{ "id": 1, "jsonrpc": "2.0", "method": "Player.Open",
+  "params": {"item": { "file":
+  "plugin://plugin.video.youtube/play/?video_id=LuRGVM9O0qg" } } }' \
+  http://projector.local/jsonrpc

+ +

I've extended kodi-stream program to take a video source as its +first argument. It can now handle direct video links, youtube links +and 'desktop' to stream my desktop to Kodi. It is almost like a +Chromecast. :)

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address -15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english, isenkram. + Tags: debian, english, kodi, video.

@@ -723,106 +719,19 @@ activities, please send Bitcoin donations to my address

Isenkram updated with a lot more hardware-package mappings

20th December 2016

The Isenkram -system I wrote two years ago to make it easier in Debian to find -and install packages to get your hardware dongles to work, is still -going strong. It is a system to look up the hardware present on or -connected to the current system, and map the hardware to Debian -packages. It can either be done using the tools in isenkram-cli or -using the user space daemon in the isenkram package. The latter will -notify you, when inserting new hardware, about what packages to -install to get the dongle working. It will even provide a button to -click on to ask packagekit to install the packages.

- -

Here is an command line example from my Thinkpad laptop:

- -

-% isenkram-lookup  
-bluez
-cheese
-ethtool
-fprintd
-fprintd-demo
-gkrellm-thinkbat
-hdapsd
-libpam-fprintd
-pidgin-blinklight
-thinkfan
-tlp
-tp-smapi-dkms
-tp-smapi-source
-tpb
-%
-

- -

It can also list the firware package providing firmware requested -by the load kernel modules, which in my case is an empty list because -I have all the firmware my machine need: - -

-% /usr/sbin/isenkram-autoinstall-firmware -l
-info: did not find any firmware files requested by loaded kernel modules.  exiting
-%
-

- -

The last few days I had a look at several of the around 250 -packages in Debian with udev rules. These seem like good candidates -to install when a given hardware dongle is inserted, and I found -several that should be proposed by isenkram. I have not had time to -check all of them, but am happy to report that now there are 97 -packages packages mapped to hardware by Isenkram. 11 of these -packages provide hardware mapping using AppStream, while the rest are -listed in the modaliases file provided in isenkram.

- -

These are the packages with hardware mappings at the moment. The -marked packages are also announcing their hardware -support using AppStream, for everyone to use:

- -

air-quality-sensor, alsa-firmware-loaders, argyll, -array-info, avarice, avrdude, b43-fwcutter, -bit-babbler, bluez, bluez-firmware, brltty, -broadcom-sta-dkms, calibre, cgminer, cheese, colord, -colorhug-client, dahdi-firmware-nonfree, dahdi-linux, -dfu-util, dolphin-emu, ekeyd, ethtool, firmware-ipw2x00, fprintd, -fprintd-demo, galileo, gkrellm-thinkbat, gphoto2, -gpsbabel, gpsbabel-gui, gpsman, gpstrans, gqrx-sdr, gr-fcdproplus, -gr-osmosdr, gtkpod, hackrf, hdapsd, hdmi2usb-udev, hpijs-ppds, hplip, -ipw3945-source, ipw3945d, kde-config-tablet, kinect-audio-setup, -libnxt, libpam-fprintd, lomoco, -madwimax, minidisc-utils, mkgmap, msi-keyboard, mtkbabel, -nbc, nqc, nut-hal-drivers, ola, -open-vm-toolbox, open-vm-tools, openambit, pcgminer, pcmciautils, -pcscd, pidgin-blinklight, printer-driver-splix, -pymissile, python-nxt, qlandkartegt, -qlandkartegt-garmin, rosegarden, rt2x00-source, sispmctl, -soapysdr-module-hackrf, solaar, squeak-plugins-scratch, sunxi-tools, -t2n, thinkfan, thinkfinger-tools, tlp, tp-smapi-dkms, -tp-smapi-source, tpb, tucnak, uhd-host, usbmuxd, viking, -virtualbox-ose-guest-x11, w1retap, xawtv, xserver-xorg-input-vmmouse, -xserver-xorg-input-wacom, xserver-xorg-video-qxl, -xserver-xorg-video-vmware, yubikey-personalization and -zd1211-firmware

- -

If you know of other packages, please let me know with a wishlist -bug report against the isenkram-cli package, and ask the package -maintainer to -add AppStream -metadata according to the guidelines to provide the information -for everyone. In time, I hope to get rid of the isenkram specific -hardware mapping and depend exclusively on AppStream.

- -

Note, the AppStream metadata for broadcom-sta-dkms is matching too -much hardware, and suggest that the package with with any ethernet -card. See bug #838735 for -the details. I hope the maintainer find time to address it soon. In -the mean time I provide an override in isenkram.

Software created using taxpayersâ money should be Free Software

30th August 2018

It might seem obvious that software created using tax money should +be available for everyone to use and improve. Free Software +Foundation Europe recentlystarted a campaign to help get more people +to understand this, and I just signed the petition on +Public Money, Public Code to help +them. I hope you too will do the same.

- Tags: debian, english, isenkram. + Tags: english, opphavsrett.

@@ -837,6 +746,31 @@ the mean time I provide an override in isenkram.