X-Git-Url: https://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/a3b8e7e9516fff5033605ecd8e806629ab2007e9..dab433fb0808144159d85b05b298c7a1e549ee20:/blog/index.html diff --git a/blog/index.html b/blog/index.html index d65ede4eb7..de9f6e58b0 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,129 +20,42 @@
-
NRKs kildevern når NRK-epost deles med utenlands etterretning?
-
8th October 2016
-

NRK -lanserte -for noen uker siden en ny -varslerportal som bruker -SecureDrop til å ta imot tips der det er vesentlig at ingen -utenforstående får vite at NRK er tipset. Det er et langt steg -fremover for NRK, og når en leser bloggposten om hva de har tenkt på -og hvordan løsningen er satt opp virker det som om de har gjort en -grundig jobb der. Men det er ganske mye ekstra jobb å motta tips via -SecureDrop, så varslersiden skriver "Nyhetstips som ikke krever denne -typen ekstra vern vil vi gjerne ha på nrk.no/03030", og 03030-siden -foreslår i tillegg til et webskjema å bruke epost, SMS, telefon, -personlig oppmøte og brevpost. Denne artikkelen handler disse andre -metodene.

- -

Når en sender epost til en @nrk.no-adresse så vil eposten sendes ut -av landet til datamaskiner kontrollert av Microsoft. En kan sjekke -dette selv ved å slå opp epostleveringsadresse (MX) i DNS. For NRK er -dette i dag "nrk-no.mail.protection.outlook.com". NRK har som en ser -valgt å sette bort epostmottaket sitt til de som står bak outlook.com, -dvs. Microsoft. En kan sjekke hvor nettverkstrafikken tar veien -gjennom Internett til epostmottaket vha. programmet -traceroute, og finne ut hvem som eier en Internett-adresse -vha. whois-systemet. Når en gjør dette for epost-trafikk til @nrk.no -ser en at trafikken fra Norge mot nrk-no.mail.protection.outlook.com -går via Sverige mot enten Irland eller Tyskland (det varierer fra gang -til gang og kan endre seg over tid).

- -

Vi vet fra -introduksjonen av -FRA-loven at IP-trafikk som passerer grensen til Sverige avlyttes -av Försvarets radioanstalt (FRA). Vi vet videre takket være -Snowden-bekreftelsene at trafikk som passerer grensen til -Storbritannia avlyttes av Government Communications Headquarters -(GCHQ). I tillegg er er det nettopp lansert et forslag i Norge om at -forsvarets E-tjeneste skal få avlytte trafikk som krysser grensen til -Norge. Jeg er ikke kjent med dokumentasjon på at Irland og Tyskland -gjør det samme. Poenget er uansett at utenlandsk etterretning har -mulighet til å snappe opp trafikken når en sender epost til @nrk.no. -I tillegg er det selvsagt tilgjengelig for Microsoft som er underlagt USAs -jurisdiksjon og -samarbeider -med USAs etterretning på flere områder. De som tipser NRK om -nyheter via epost kan dermed gå ut fra at det blir kjent for mange -andre enn NRK at det er gjort.

- -

Bruk av SMS og telefon registreres av blant annet telefonselskapene -og er tilgjengelig i følge lov og forskrift for blant annet Politi, -NAV og Finanstilsynet, i tillegg til IT-folkene hos telefonselskapene -og deres overordnede. Hvis innringer eller mottaker bruker -smarttelefon vil slik kontakt også gjøres tilgjengelig for ulike -app-leverandører og de som lytter på trafikken mellom telefon og -app-leverandør, alt etter hva som er installert på telefonene som -brukes.

- -

Brevpost kan virke trygt, og jeg vet ikke hvor mye som registreres -og lagres av postens datastyrte postsorteringssentraler. Det vil ikke -overraske meg om det lagres hvor i landet hver konvolutt kommer fra og -hvor den er adressert, i hvert fall for en kortere periode. Jeg vet -heller ikke hvem slik informasjon gjøres tilgjengelig for. Det kan -være nok til å ringe inn potensielle kilder når det krysses med hvem -som kjente til aktuell informasjon og hvor de befant seg (tilgjengelig -f.eks. hvis de bærer mobiltelefon eller bor i nærheten).

- -

Personlig oppmøte hos en NRK-journalist er antagelig det tryggeste, -men en bør passe seg for å bruke NRK-kantina. Der bryter de nemlig -Sentralbanklovens -paragraf 14 og nekter folk å betale med kontanter. I stedet -krever de at en varsle sin bankkortutsteder om hvor en befinner seg -ved å bruke bankkort. Banktransaksjoner er tilgjengelig for -bankkortutsteder (det være seg VISA, Mastercard, Nets og/eller en -bank) i tillegg til politiet og i hvert fall tidligere med Se & Hør -(via utro tjenere, slik det ble avslørt etter utgivelsen av boken -«Livet, det forbannede» av Ken B. Rasmussen). Men hvor mange kjenner -en NRK-journalist personlig? Besøk på NRK på Marienlyst krever at en -registrerer sin ankost elektronisk i besøkssystemet. Jeg vet ikke hva -som skjer med det datasettet, men har grunn til å tro at det sendes ut -SMS til den en skal besøke med navnet som er oppgitt. Kanskje greit å -oppgi falskt navn.

- -

Når så tipset er kommet frem til NRK skal det behandles -redaksjonelt i NRK. Der vet jeg via ulike kilder at de fleste -journalistene bruker lokalt installert programvare, men noen bruker -Google Docs og andre skytjenester i strid med interne retningslinjer -når de skriver. Hvordan vet en hvem det gjelder? Ikke vet jeg, men -det kan være greit å spørre for å sjekke at journalisten har tenkt på -problemstillingen, før en gir et tips. Og hvis tipset omtales internt -på epost, er det jo grunn til å tro at også intern eposten vil deles -med Microsoft og utenlands etterretning, slik tidligere nevnt, men det -kan hende at det holdes internt i NRKs interne MS Exchange-løsning. -Men Microsoft ønsker å få alle Exchange-kunder over "i skyen" (eller -andre folks datamaskiner, som det jo innebærer), så jeg vet ikke hvor -lenge det i så fall vil vare.

- -

I tillegg vet en jo at -NRK -har valgt å gi nasjonal sikkerhetsmyndighet (NSM) tilgang til å se på -intern og ekstern Internett-trafikk hos NRK ved oppsett av såkalte -VDI-noder, på tross av -protester -fra NRKs journalistlag. Jeg vet ikke om den vil kunne snappe opp -dokumenter som lagres på interne filtjenere eller dokumenter som lages -i de interne webbaserte publiseringssystemene, men vet at hva noden -ser etter på nettet kontrolleres av NSM og oppdateres automatisk, slik -at det ikke gir så mye mening å sjekke hva noden ser etter i dag når -det kan endres automatisk i morgen.

- -

Personlig vet jeg ikke om jeg hadde turt tipse NRK hvis jeg satt på -noe som kunne være en trussel mot den bestående makten i Norge eller -verden. Til det virker det å være for mange åpninger for -utenforstående med andre prioriteter enn NRKs journalistiske fokus. -Og den største truslen for en varsler er jo om metainformasjon kommer -på avveie, dvs. informasjon om at en har vært i kontakt med en -journalist. Det kan være nok til at en kommer i myndighetenes -søkelys, og de færreste har nok operasjonell sikkerhet til at vil tåle -slik flombelysning på sitt privatliv.

+
Time for an official MIME type for patches?
+
1st November 2018
+

As part of my involvement in +the Nikita +archive API project, I've been importing a fairly large lump of +emails into a test instance of the archive to see how well this would +go. I picked a subset of my +notmuch email database, all public emails sent to me via +@lists.debian.org, giving me a set of around 216 000 emails to import. +In the process, I had a look at the various attachments included in +these emails, to figure out what to do with attachments, and noticed +that one of the most common attachment formats do not have +an +official MIME type registered with IANA/IETF. The output from +diff, ie the input for patch, is on the top 10 list of formats +included in these emails. At the moment people seem to use either +text/x-patch or text/x-diff, but neither is officially registered. It +would be better if one official MIME type were registered and used +everywhere.

+ +

To try to get one official MIME type for these files, I've brought +up the topic on +the +media-types mailing list. If you are interested in discussion +which MIME type to use as the official for patch files, or involved in +making software using a MIME type for patches, perhaps you would like +to join the discussion?

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: dld, norsk, personvern, sikkerhet, surveillance. + Tags: debian, english, standard.
@@ -150,125 +63,79 @@ slik flombelysning på sitt privatliv.

-
Isenkram, Appstream and udev make life as a LEGO builder easier
-
7th October 2016
-

The Isenkram -system provide a practical and easy way to figure out which -packages support the hardware in a given machine. The command line -tool isenkram-lookup and the tasksel options provide a -convenient way to list and install packages relevant for the current -hardware during system installation, both user space packages and -firmware packages. The GUI background daemon on the other hand provide -a pop-up proposing to install packages when a new dongle is inserted -while using the computer. For example, if you plug in a smart card -reader, the system will ask if you want to install pcscd if -that package isn't already installed, and if you plug in a USB video -camera the system will ask if you want to install cheese if -cheese is currently missing. This already work just fine.

- -

But Isenkram depend on a database mapping from hardware IDs to -package names. When I started no such database existed in Debian, so -I made my own data set and included it with the isenkram package and -made isenkram fetch the latest version of this database from git using -http. This way the isenkram users would get updated package proposals -as soon as I learned more about hardware related packages.

- -

The hardware is identified using modalias strings. The modalias -design is from the Linux kernel where most hardware descriptors are -made available as a strings that can be matched using filename style -globbing. It handle USB, PCI, DMI and a lot of other hardware related -identifiers.

- -

The downside to the Isenkram specific database is that there is no -information about relevant distribution / Debian version, making -isenkram propose obsolete packages too. But along came AppStream, a -cross distribution mechanism to store and collect metadata about -software packages. When I heard about the proposal, I contacted the -people involved and suggested to add a hardware matching rule using -modalias strings in the specification, to be able to use AppStream for -mapping hardware to packages. This idea was accepted and AppStream is -now a great way for a package to announce the hardware it support in a -distribution neutral way. I wrote -a -recipe on how to add such meta-information in a blog post last -December. If you have a hardware related package in Debian, please -announce the relevant hardware IDs using AppStream.

- -

In Debian, almost all packages that can talk to a LEGO Mindestorms -RCX or NXT unit, announce this support using AppStream. The effect is -that when you insert such LEGO robot controller into your Debian -machine, Isenkram will propose to install the packages needed to get -it working. The intention is that this should allow the local user to -start programming his robot controller right away without having to -guess what packages to use or which permissions to fix.

- -

But when I sat down with my son the other day to program our NXT -unit using his Debian Stretch computer, I discovered something -annoying. The local console user (ie my son) did not get access to -the USB device for programming the unit. This used to work, but no -longer in Jessie and Stretch. After some investigation and asking -around on #debian-devel, I discovered that this was because udev had -changed the mechanism used to grant access to local devices. The -ConsoleKit mechanism from /lib/udev/rules.d/70-udev-acl.rules -no longer applied, because LDAP users no longer was added to the -plugdev group during login. Michael Biebl told me that this method -was obsolete and the new method used ACLs instead. This was good -news, as the plugdev mechanism is a mess when using a remote user -directory like LDAP. Using ACLs would make sure a user lost device -access when she logged out, even if the user left behind a background -process which would retain the plugdev membership with the ConsoleKit -setup. Armed with this knowledge I moved on to fix the access problem -for the LEGO Mindstorms related packages.

- -

The new system uses a udev tag, 'uaccess'. It can either be -applied directly for a device, or is applied in -/lib/udev/rules.d/70-uaccess.rules for classes of devices. As the -LEGO Mindstorms udev rules did not have a class, I decided to add the -tag directly in the udev rules files included in the packages. Here -is one example. For the nqc C compiler for the RCX, the -/lib/udev/rules.d/60-nqc.rules file now look like this: - -

-SUBSYSTEM=="usb", ACTION=="add", ATTR{idVendor}=="0694", ATTR{idProduct}=="0001", \
-    SYMLINK+="rcx-%k", TAG+="uaccess"
-

- -

The key part is the 'TAG+="uaccess"' at the end. I suspect all -packages using plugdev in their /lib/udev/rules.d/ files should be -changed to use this tag (either directly or indirectly via -70-uaccess.rules). Perhaps a lintian check should be created -to detect this?

- -

I've been unable to find good documentation on the uaccess feature. -It is unclear to me if the uaccess tag is an internal implementation -detail like the udev-acl tag used by -/lib/udev/rules.d/70-udev-acl.rules. If it is, I guess the -indirect method is the preferred way. Michael -asked for more -documentation from the systemd project and I hope it will make -this clearer. For now I use the generic classes when they exist and -is already handled by 70-uaccess.rules, and add the tag -directly if no such class exist.

- -

To learn more about the isenkram system, please check out -my -blog posts tagged isenkram.

- -

To help out making life for LEGO constructors in Debian easier, -please join us on our IRC channel -#debian-lego and join -the Debian -LEGO team in the Alioth project we created yesterday. A mailing -list is not yet created, but we are working on it. :)

+
Measuring the speaker frequency response using the AUDMES free software GUI - nice free software
+
22nd October 2018
+

+ +

My current home stereo is a patchwork of various pieces I got on +flee markeds over the years. It is amazing what kind of equipment +show up there. I've been wondering for a while if it was possible to +measure how well this equipment is working together, and decided to +see how far I could get using free software. After trawling the web I +came across an article from DIY Audio and Video on +Speaker +Testing and Analysis describing how to test speakers, and it listing +several software options, among them +AUDio MEasurement +System (AUDMES). It is the only free software system I could find +focusing on measuring speakers and audio frequency response. In the +process I also found an interesting article from NOVO on +Understanding +Speaker Specifications and Frequency Response and an article from +ecoustics on +Understanding +Speaker Frequency Response, with a lot of information on what to +look for and how to interpret the graphs. Armed with this knowledge, +I set out to measure the state of my speakers.

+ +

The first hurdle was that AUDMES hadn't seen a commit for 10 years +and did not build with current compilers and libraries. I got in +touch with its author, who no longer was spending time on the program +but gave me write access to the subversion repository on Sourceforge. +The end result is that now the code build on Linux and is capable of +saving and loading the collected frequency response data in CSV +format. The application is quite nice and flexible, and I was able to +select the input and output audio interfaces independently. This made +it possible to use a USB mixer as the input source, while sending +output via my laptop headphone connection. I lacked the hardware and +cabling to figure out a different way to get independent cabling to +speakers and microphone.

+ +

Using this setup I could see how a large range of high frequencies +apparently were not making it out of my speakers. The picture show +the frequency response measurement of one of the speakers. Note the +frequency lines seem to be slightly misaligned, compared to the CSV +output from the program. I can not hear several of these are high +frequencies, according to measurement from +Free Hearing Test +Software, an freeware system to measure your hearing (still +looking for a free software alternative), so I do not know if they are +coming out out the speakers. I thus do not quite know how to figure +out if the missing frequencies is a problem with the microphone, the +amplifier or the speakers, but I managed to rule out the audio card in my +PC by measuring my Bose noise canceling headset using its own +microphone. This setup was able to see the high frequency tones, so +the problem with my stereo had to be in the amplifier or speakers.

+ +

Anyway, to try to role out one factor I ended up picking up a new +set of speakers at a flee marked, and these work a lot better than the +old speakers, so I guess the microphone and amplifier is OK. If you +need to measure your own speakers, check out AUDMES. If more people +get involved, perhaps the project could become good enough to +include in Debian? And if +you know of some other free software to measure speakers and amplifier +performance, please let me know. I am aware of the freeware option +REW, but I want something +that can be developed also when the vendor looses interest.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address -15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english, isenkram. + Tags: english, nice free software.
@@ -276,47 +143,67 @@ activities, please send Bitcoin donations to my address
-
Aftenposten-redaktøren med lua i hånda
-
9th September 2016
-

En av dagens nyheter er at Aftenpostens redaktør Espen Egil Hansen -bruker -forsiden -av papiravisen på et åpent brev til Facebooks sjef Mark Zuckerberg om -Facebooks fjerning av bilder, tekster og sider de ikke liker. Det -må være uvant for redaktøren i avisen Aftenposten å stå med lua i -handa og håpe på å bli hørt. Spesielt siden Aftenposten har vært med -på å gi Facebook makten de nå demonstrerer at de har. Ved å melde seg -inn i Facebook-samfunnet har de sagt ja til bruksvilkårene og inngått -en antagelig bindende avtale. Kanskje de skulle lest og vurdert -vilkårene litt nærmere før de sa ja, i stedet for å klage over at -reglende de har valgt å akseptere blir fulgt? Personlig synes jeg -vilkårene er uakseptable og det ville ikke falle meg inn å gå inn på -en avtale med slike vilkår. I tillegg til uakseptable vilkår er det -mange andre grunner til å unngå Facebook. Du kan finne en solid -gjennomgang av flere slike argumenter hos -Richard Stallmans side om -Facebook. - -

Jeg håper flere norske redaktører på samme vis må stå med lua i -hånden inntil de forstår at de selv er med på å føre samfunnet på -ville veier ved å omfavne Facebook slik de gjør når de omtaler og -løfter frem saker fra Facebook, og tar i bruk Facebook som -distribusjonskanal for sine nyheter. De bidrar til -overvåkningssamfunnet og raderer ut lesernes privatsfære når de lenker -til Facebook på sine sider, og låser seg selv inne i en omgivelse der -det er Facebook, og ikke redaktøren, som sitter med makta.

- -

Men det vil nok ta tid, i et Norge der de fleste nettredaktører -deler -sine leseres personopplysinger med utenlands etterretning.

- -

For øvrig burde varsleren Edward Snowden få politisk asyl i -Norge.

+
Web browser integration of VLC with Bittorrent support
+
21st October 2018
+

Bittorrent is as far as I know, currently the most efficient way to +distribute content on the Internet. It is used all by all sorts of +content providers, from national TV stations like +NRK, Linux distributors like +Debian and +Ubuntu, and of course the +Internet archive. + +

Almost a month ago +a new +package adding Bittorrent support to VLC became available in +Debian testing and unstable. To test it, simply install it like +this:

+ +

+apt install vlc-plugin-bittorrent
+

+ +

Since the plugin was made available for the first time in Debian, +several improvements have been made to it. In version 2.2-4, now +available in both testing and unstable, a desktop file is provided to +teach browsers to start VLC when the user click on torrent files or +magnet links. The last part is thanks to me finally understanding +what the strange x-scheme-handler style MIME types in desktop files +are used for. By adding x-scheme-handler/magnet to the MimeType entry +in the desktop file, at least the browsers Firefox and Chromium will +suggest to start VLC when selecting a magnet URI on a web page. The +end result is that now, with the plugin installed in Buster and Sid, +one can visit any +Internet +Archive page with movies using a web browser and click on the +torrent link to start streaming the movie.

+ +

Note, there is still some misfeatures in the plugin. One is the +fact that it will hang and +block VLC +from exiting until the torrent streaming starts. Another is the +fact that it +will pick +and play a random file in a multi file torrent. This is not +always the video file you want. Combined with the first it can be a +bit hard to get the video streaming going. But when it work, it seem +to do a good job.

+ +

For the Debian packaging, I would love to find a good way to test +if the plugin work with VLC using autopkgtest. I tried, but do not +know enough of the inner workings of VLC to get it working. For now +the autopkgtest script is only checking if the .so file was +successfully loaded by VLC. If you have any suggestions, please +submit a patch to the Debian bug tracking system.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: norsk, surveillance. + Tags: english, verkidetfri, video.
@@ -324,159 +211,80 @@ Norge.

-
E-tjenesten ber om innsyn i eposten til partiene på Stortinget
-
6th September 2016
-

I helga kom det et hårreisende forslag fra Lysne II-utvalget satt -ned av Forsvarsdepartementet. Lysne II-utvalget var bedt om å vurdere -ønskelista til Forsvarets etterretningstjeneste (e-tjenesten), og har -kommet med -forslag -om at e-tjenesten skal få lov til a avlytte all Internett-trafikk -som passerer Norges grenser. Få er klar over at dette innebærer at -e-tjenesten får tilgang til epost sendt til de fleste politiske -partiene på Stortinget. Regjeringspartiet Høyre (@hoyre.no), -støttepartiene Venstre (@venstre.no) og Kristelig Folkeparti (@krf.no) -samt Sosialistisk Ventreparti (@sv.no) og Miljøpartiet de grønne -(@mdg.no) har nemlig alle valgt å ta imot eposten sin via utenlandske -tjenester. Det betyr at hvis noen sender epost til noen med en slik -adresse vil innholdet i eposten, om dette forslaget blir vedtatt, gjøres -tilgjengelig for e-tjenesten. Venstre, Sosialistisk Ventreparti og -Miljøpartiet De Grønne har valgt å motta sin epost hos Google, -Kristelig Folkeparti har valgt å motta sin epost hos Microsoft, og -Høyre har valgt å motta sin epost hos Comendo med mottak i Danmark og -Irland. Kun Arbeiderpartiet og Fremskrittspartiet har valgt å motta -eposten sin i Norge, hos henholdsvis Intility AS og Telecomputing -AS.

- -

Konsekvensen er at epost inn og ut av de politiske organisasjonene, -til og fra partimedlemmer og partiets tillitsvalgte vil gjøres -tilgjengelig for e-tjenesten for analyse og sortering. Jeg mistenker -at kunnskapen som slik blir tilgjengelig vil være nyttig hvis en -ønsker å vite hvilke argumenter som treffer publikum når en ønsker å -påvirke Stortingets representanter.

Ved hjelp av MX-oppslag i DNS for epost-domene, tilhørende -whois-oppslag av IP-adressene og traceroute for å se hvorvidt -trafikken går via utlandet kan enhver få bekreftet at epost sendt til -de omtalte partiene vil gjøres tilgjengelig for forsvarets -etterretningstjeneste hvis forslaget blir vedtatt. En kan også bruke -den kjekke nett-tjenesten ipinfo.io -for å få en ide om hvor i verden en IP-adresse hører til.

- -

På den positive siden vil forslaget gjøre at enda flere blir -motivert til å ta grep for å bruke -Tor og krypterte -kommunikasjonsløsninger for å kommunisere med sine kjære, for å sikre -at privatsfæren vernes. Selv bruker jeg blant annet -FreedomBox og -Signal til slikt. Ingen av -dem er optimale, men de fungerer ganske bra allerede og øker kostnaden -for dem som ønsker å invadere mitt privatliv.

- -

For øvrig burde varsleren Edward Snowden få politisk asyl i -Norge.

- - +
Release 0.2 of free software archive system Nikita announced
+
18th October 2018
+

This morning, the new release of the +Nikita +Noark 5 core project was +announced +on the project mailing list. The free software solution is an +implementation of the Norwegian archive standard Noark 5 used by +government offices in Norway. These were the changes in version 0.2 +since version 0.1.1 (from NEWS.md): + +

    +
  • Fix typos in REL names
    • +
  • Tidy up error message reporting
    • +
  • Fix issue where we used Integer.valueOf(), not Integer.getInteger()
    • +
  • Change some String handling to StringBuffer
    • +
  • Fix error reporting
    • +
  • Code tidy-up
    • +
  • Fix issue using static non-synchronized SimpleDateFormat to avoid + race conditions
    • +
  • Fix problem where deserialisers were treating integers as strings
    • +
  • Update methods to make them null-safe
    • +
  • Fix many issues reported by coverity
    • +
  • Improve equals(), compareTo() and hash() in domain model
    • +
  • Improvements to the domain model for metadata classes
    • +
  • Fix CORS issues when downloading document
    • +
  • Implementation of case-handling with registryEntry and document upload
    • +
  • Better support in Javascript for OPTIONS
    • +
  • Adding concept description of mail integration
    • +
  • Improve setting of default values for GET on ny-journalpost
    • +
  • Better handling of required values during deserialisation
    • +
  • Changed tilknyttetDato (M620) from date to dateTime
    • +
  • Corrected some opprettetDato (M600) (de)serialisation errors.
    • +
  • Improve parse error reporting.
    • +
  • Started on OData search and filtering.
    • +
  • Added Contributor Covenant Code of Conduct to project.
    • +
  • Moved repository and project from Github to Gitlab.
    • +
  • Restructured repository, moved code into src/ and web/.
    • +
  • Updated code to use Spring Boot version 2.
    • +
  • Added support for OAuth2 authentication.
    • +
  • Fixed several bugs discovered by Coverity.
    • +
  • Corrected handling of date/datetime fields.
    • +
  • Improved error reporting when rejecting during deserializatoin.
    • +
  • Adjusted default values provided for ny-arkivdel, ny-mappe, + ny-saksmappe, ny-journalpost and ny-dokumentbeskrivelse.
    • +
  • Several fixes for korrespondansepart*.
    • +
  • Updated web GUI: +
      +
    • Now handle both file upload and download.
      • +
    • Uses new OAuth2 authentication for login.
      • +
    • Forms now fetches default values from API using GET.
      • +
    • Added RFC 822 (email), TIFF and JPEG to list of possible file formats.
      • +
    • +
+ +

The changes and improvements are extensive. Running diffstat on +the changes between git tab 0.1.1 and 0.2 show 1098 files changed, +108666 insertions(+), 54066 deletions(-).

+ +

If free and open standardized archiving API sound interesting to +you, please contact us on IRC +(#nikita on +irc.freenode.net) or email +(nikita-noark +mailing list).

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: norsk, surveillance. + Tags: english, nuug, offentlig innsyn, standard.
@@ -484,33 +292,111 @@ traceroute to mx03.telecomputing.no (95.128.105.102), 30 hops max, 60 byte packe
-
First draft Norwegian Bokmål edition of The Debian Administrator's Handbook now public
-
30th August 2016
-

In April we -started -to work on a Norwegian Bokmål edition of the "open access" book on -how to set up and administrate a Debian system. Today I am happy to -report that the first draft is now publicly available. You can find -it on get the Debian -Administrator's Handbook page (under Other languages). The first -eight chapters have a first draft translation, and we are working on -proofreading the content. If you want to help out, please start -contributing using -the -hosted weblate project page, and get in touch using -the -translators mailing list. Please also check out -the instructions for -contributors. A good way to contribute is to proofread the text -and update weblate if you find errors.

- -

Our goal is still to make the Norwegian book available on paper as well as -electronic form.

+
Fetching trusted timestamps using the rfc3161ng python module
+
8th October 2018
+

I have earlier covered the basics of trusted timestamping using the +'openssl ts' client. See blog post for +2014, +2016 +and +2017 +for those stories. But some times I want to integrate the timestamping +in other code, and recently I needed to integrate it into Python. +After searching a bit, I found +the +rfc3161 library which seemed like a good fit, but I soon +discovered it only worked for python version 2, and I needed something +that work with python version 3. Luckily I next came across +the rfc3161ng library, +a fork of the original rfc3161 library. Not only is it working with +python 3, it have fixed a few of the bugs in the original library, and +it has an active maintainer. I decided to wrap it up and make it +available in +Debian, and a few days ago it entered Debian unstable and testing.

+ +

Using the library is fairly straight forward. The only slightly +problematic step is to fetch the required certificates to verify the +timestamp. For some services it is straight forward, while for others +I have not yet figured out how to do it. Here is a small standalone +code example based on of the integration tests in the library code:

+ +
+#!/usr/bin/python3
+
+"""
+
+Python 3 script demonstrating how to use the rfc3161ng module to
+get trusted timestamps.
+
+The license of this code is the same as the license of the rfc3161ng
+library, ie MIT/BSD.
+
+"""
+
+import os
+import pyasn1.codec.der
+import rfc3161ng
+import subprocess
+import tempfile
+import urllib.request
+
+def store(f, data):
+    f.write(data)
+    f.flush()
+    f.seek(0)
+
+def fetch(url, f=None):
+    response = urllib.request.urlopen(url)
+    data = response.read()
+    if f:
+        store(f, data)
+    return data
+
+def main():
+    with tempfile.NamedTemporaryFile() as cert_f,\
+    	 tempfile.NamedTemporaryFile() as ca_f,\
+    	 tempfile.NamedTemporaryFile() as msg_f,\
+    	 tempfile.NamedTemporaryFile() as tsr_f:
+
+        # First fetch certificates used by service
+        certificate_data = fetch('https://freetsa.org/files/tsa.crt', cert_f)
+        ca_data_data = fetch('https://freetsa.org/files/cacert.pem', ca_f)
+
+        # Then timestamp the message
+        timestamper = \
+            rfc3161ng.RemoteTimestamper('http://freetsa.org/tsr',
+                                        certificate=certificate_data)
+        data = b"Python forever!\n"
+        tsr = timestamper(data=data, return_tsr=True)
+
+        # Finally, convert message and response to something 'openssl ts' can verify
+        store(msg_f, data)
+        store(tsr_f, pyasn1.codec.der.encoder.encode(tsr))
+        args = ["openssl", "ts", "-verify",
+                "-data", msg_f.name,
+	        "-in", tsr_f.name,
+		"-CAfile", ca_f.name,
+                "-untrusted", cert_f.name]
+        subprocess.check_call(args)
+
+if '__main__' == __name__:
+   main()
+
+ +

The code fetches the required certificates, store them as temporary +files, timestamp a simple message, store the message and timestamp to +disk and ask 'openssl ts' to verify the timestamp. A timestamp is +around 1.5 kiB in size, and should be fairly easy to store for future +use.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english. + Tags: english, sikkerhet.
@@ -518,75 +404,68 @@ electronic form.

-
Coz can help you find bottlenecks in multi-threaded software - nice free software
-
11th August 2016
-

This summer, I read a great article -"coz: -This Is the Profiler You're Looking For" in USENIX ;login: about -how to profile multi-threaded programs. It presented a system for -profiling software by running experiences in the running program, -testing how run time performance is affected by "speeding up" parts of -the code to various degrees compared to a normal run. It does this by -slowing down parallel threads while the "faster up" code is running -and measure how this affect processing time. The processing time is -measured using probes inserted into the code, either using progress -counters (COZ_PROGRESS) or as latency meters (COZ_BEGIN/COZ_END). It -can also measure unmodified code by measuring complete the program -runtime and running the program several times instead.

- -

The project and presentation was so inspiring that I would like to -get the system into Debian. I -created -a WNPP request for it and contacted upstream to try to make the -system ready for Debian by sending patches. The build process need to -be changed a bit to avoid running 'git clone' to get dependencies, and -to include the JavaScript web page used to visualize the collected -profiling information included in the source package. -But I expect that should work out fairly soon.

- -

The way the system work is fairly simple. To run an coz experiment -on a binary with debug symbols available, start the program like this: +

Automatic Google Drive sync using grive in Debian
+
4th October 2018
+

A few days, I rescued a Windows victim over to Debian. To try to +rescue the remains, I helped set up automatic sync with Google Drive. +I did not find any sensible Debian package handling this +automatically, so I rebuild the grive2 source from +the Ubuntu UPD8 PPA to do the +task and added a autostart desktop entry and a small shell script to +run in the background while the user is logged in to do the sync. +Here is a sketch of the setup for future reference.

+ +

I first created ~/googledrive, entered the directory and +ran 'grive -a' to authenticate the machine/user. Next, I +created a autostart hook in ~/.config/autostart/grive.desktop +to start the sync when the user log in:

-coz run --- program-to-run
+[Desktop Entry]
+Name=Google drive autosync
+Type=Application
+Exec=/home/user/bin/grive-sync

-

This will create a text file profile.coz with the instrumentation -information. To show what part of the code affect the performance -most, use a web browser and either point it to -http://plasma-umass.github.io/coz/ -or use the copy from git (in the gh-pages branch). Check out this web -site to have a look at several example profiling runs and get an idea what the end result from the profile runs look like. To make the -profiling more useful you include <coz.h> and insert the -COZ_PROGRESS or COZ_BEGIN and COZ_END at appropriate places in the -code, rebuild and run the profiler. This allow coz to do more -targeted experiments.

- -

A video published by ACM -presenting the -Coz profiler is available from Youtube. There is also a paper -from the 25th Symposium on Operating Systems Principles available -titled -Coz: -finding code that counts with causal profiling.

- -

The source code -for Coz is available from github. It will only build with clang -because it uses a -C++ -feature missing in GCC, but I've submitted -a patch to solve -it and hope it will be included in the upstream source soon.

- -

Please get in touch if you, like me, would like to see this piece -of software in Debian. I would very much like some help with the -packaging effort, as I lack the in depth knowledge on how to package -C++ libraries.

+

Finally, I wrote the ~/bin/grive-sync script to sync +~/googledrive/ with the files in Google Drive.

+ +

+#!/bin/sh
+set -e
+cd ~/
+cleanup() {
+    if [ "$syncpid" ] ; then
+        kill $syncpid
+    fi
+}
+trap cleanup EXIT INT QUIT
+/usr/lib/grive/grive-sync.sh listen googledrive 2>&1 | sed "s%^%$0:%" &
+syncpdi=$!
+while true; do
+    if ! xhost >/dev/null 2>&1 ; then
+        echo "no DISPLAY, exiting as the user probably logged out"
+        exit 1
+    fi
+    if [ ! -e /run/user/1000/grive-sync.sh_googledrive ] ; then
+        /usr/lib/grive/grive-sync.sh sync googledrive
+    fi
+    sleep 300
+done 2>&1 | sed "s%^%$0:%"
+

+ +

Feel free to use the setup if you want. It can be assumed to be +GNU GPL v2 licensed (or any later version, at your leisure), but I +doubt this code is possible to claim copyright on.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english, nice free software. + Tags: debian, english.
@@ -594,58 +473,161 @@ C++ libraries.

-
Sales number for the Free Culture translation, first half of 2016
-
5th August 2016
-

As my regular readers probably remember, the last year I published -a French and Norwegian translation of the classic -Free Culture book by the -founder of the Creative Commons movement, Lawrence Lessig. A bit less -known is the fact that due to the way I created the translations, -using docbook and po4a, I also recreated the English original. And -because I already had created a new the PDF edition, I published it -too. The revenue from the books are sent to the Creative Commons -Corporation. In other words, I do not earn any money from this -project, I just earn the warm fuzzy feeling that the text is available -for a wider audience and more people can learn why the Creative -Commons is needed.

- -

Today, just for fun, I had a look at the sales number over at -Lulu.com, which take care of payment, printing and shipping. Much to -my surprise, the English edition is selling better than both the -French and Norwegian edition, despite the fact that it has been -available in English since it was first published. In total, 24 paper -books was sold for USD $19.99 between 2016-01-01 and 2016-07-31:

- - - - - - -
Title / languageQuantity
Culture Libre / French3
Fri kultur / Norwegian7
Free Culture / English14
- -

The books are available both from Lulu.com and from large book -stores like Amazon and Barnes&Noble. Most revenue, around $10 per -book, is sent to the Creative Commons project when the book is sold -directly by Lulu.com. The other channels give less revenue. The -summary from Lulu tell me 10 books was sold via the Amazon channel, 10 -via Ingram (what is this?) and 4 directly by Lulu. And Lulu.com tells -me that the revenue sent so far this year is USD $101.42. No idea -what kind of sales numbers to expect, so I do not know if that is a -good amount of sales for a 10 year old book or not. But it make me -happy that the buyers find the book, and I hope they enjoy reading it -as much as I did.

- -

The ebook edition is available for free from -Github.

- -

If you would like to translate and publish the book in your native -language, I would be happy to help make it happen. Please get in -touch.

+
Valutakrambod - A python and bitcoin love story
+
29th September 2018
+

It would come as no surprise to anyone that I am interested in +bitcoins and virtual currencies. I've been keeping an eye on virtual +currencies for many years, and it is part of the reason a few months +ago, I started writing a python library for collecting currency +exchange rates and trade on virtual currency exchanges. I decided to +name the end result valutakrambod, which perhaps can be translated to +small currency shop.

+ +

The library uses the tornado python library to handle HTTP and +websocket connections, and provide a asynchronous system for +connecting to and tracking several services. The code is available +from +github.

+ +

There are two example clients of the library. One is very simple and +list every updated buy/sell price received from the various services. +This code is started by running bin/btc-rates and call the client code +in valutakrambod/client.py. The simple client look like this:

+ +

+import functools
+import tornado.ioloop
+import valutakrambod
+class SimpleClient(object):
+    def __init__(self):
+        self.services = []
+        self.streams = []
+        pass
+    def newdata(self, service, pair, changed):
+        print("%-15s %s-%s: %8.3f %8.3f" % (
+            service.servicename(),
+            pair[0],
+            pair[1],
+            service.rates[pair]['ask'],
+            service.rates[pair]['bid'])
+        )
+    async def refresh(self, service):
+        await service.fetchRates(service.wantedpairs)
+    def run(self):
+        self.ioloop = tornado.ioloop.IOLoop.current()
+        self.services = valutakrambod.service.knownServices()
+        for e in self.services:
+            service = e()
+            service.subscribe(self.newdata)
+            stream = service.websocket()
+            if stream:
+                self.streams.append(stream)
+            else:
+                # Fetch information from non-streaming services immediately
+                self.ioloop.call_later(len(self.services),
+                                       functools.partial(self.refresh, service))
+                # as well as regularly
+                service.periodicUpdate(60)
+        for stream in self.streams:
+            stream.connect()
+        try:
+            self.ioloop.start()
+        except KeyboardInterrupt:
+            print("Interrupted by keyboard, closing all connections.")
+            pass
+        for stream in self.streams:
+            stream.close()
+

+ +

The library client loops over all known "public" services, +initialises it, subscribes to any updates from the service, checks and +activates websocket streaming if the service provide it, and if no +streaming is supported, fetches information from the service and sets +up a periodic update every 60 seconds. The output from this client +can look like this:

+ +

+Bl3p            BTC-EUR: 5687.110 5653.690
+Bl3p            BTC-EUR: 5687.110 5653.690
+Bl3p            BTC-EUR: 5687.110 5653.690
+Hitbtc          BTC-USD: 6594.560 6593.690
+Hitbtc          BTC-USD: 6594.560 6593.690
+Bl3p            BTC-EUR: 5687.110 5653.690
+Hitbtc          BTC-USD: 6594.570 6593.690
+Bitstamp        EUR-USD:    1.159    1.154
+Hitbtc          BTC-USD: 6594.570 6593.690
+Hitbtc          BTC-USD: 6594.580 6593.690
+Hitbtc          BTC-USD: 6594.580 6593.690
+Hitbtc          BTC-USD: 6594.580 6593.690
+Bl3p            BTC-EUR: 5687.110 5653.690
+Paymium         BTC-EUR: 5680.000 5620.240
+

+ +

The exchange order book is tracked in addition to the best buy/sell +price, for those that need to know the details.

+ +

The other example client is focusing on providing a curses view +with updated buy/sell prices as soon as they are received from the +services. This code is located in bin/btc-rates-curses and activated +by using the '-c' argument. Without the argument the "curses" output +is printed without using curses, which is useful for debugging. The +curses view look like this:

+ +

+           Name Pair   Bid         Ask         Spr    Ftcd    Age
+ BitcoinsNorway BTCEUR   5591.8400   5711.0800   2.1%   16    nan     60
+       Bitfinex BTCEUR   5671.0000   5671.2000   0.0%   16     22     59
+        Bitmynt BTCEUR   5580.8000   5807.5200   3.9%   16     41     60
+         Bitpay BTCEUR   5663.2700         nan   nan%   15    nan     60
+       Bitstamp BTCEUR   5664.8400   5676.5300   0.2%    0      1      1
+           Bl3p BTCEUR   5653.6900   5684.9400   0.5%    0    nan     19
+       Coinbase BTCEUR   5600.8200   5714.9000   2.0%   15    nan    nan
+         Kraken BTCEUR   5670.1000   5670.2000   0.0%   14     17     60
+        Paymium BTCEUR   5620.0600   5680.0000   1.1%    1   7515    nan
+ BitcoinsNorway BTCNOK  52898.9700  54034.6100   2.1%   16    nan     60
+        Bitmynt BTCNOK  52960.3200  54031.1900   2.0%   16     41     60
+         Bitpay BTCNOK  53477.7833         nan   nan%   16    nan     60
+       Coinbase BTCNOK  52990.3500  54063.0600   2.0%   15    nan    nan
+        MiraiEx BTCNOK  52856.5300  54100.6000   2.3%   16    nan    nan
+ BitcoinsNorway BTCUSD   6495.5300   6631.5400   2.1%   16    nan     60
+       Bitfinex BTCUSD   6590.6000   6590.7000   0.0%   16     23     57
+         Bitpay BTCUSD   6564.1300         nan   nan%   15    nan     60
+       Bitstamp BTCUSD   6561.1400   6565.6200   0.1%    0      2      1
+       Coinbase BTCUSD   6504.0600   6635.9700   2.0%   14    nan    117
+         Gemini BTCUSD   6567.1300   6573.0700   0.1%   16     89    nan
+         Hitbtc+BTCUSD   6592.6200   6594.2100   0.0%    0      0      0
+         Kraken BTCUSD   6565.2000   6570.9000   0.1%   15     17     58
+  Exchangerates EURNOK      9.4665      9.4665   0.0%   16 107789    nan
+     Norgesbank EURNOK      9.4665      9.4665   0.0%   16 107789    nan
+       Bitstamp EURUSD      1.1537      1.1593   0.5%    4      5      1
+  Exchangerates EURUSD      1.1576      1.1576   0.0%   16 107789    nan
+ BitcoinsNorway LTCEUR      1.0000     49.0000  98.0%   16    nan    nan
+ BitcoinsNorway LTCNOK    492.4800    503.7500   2.2%   16    nan     60
+ BitcoinsNorway LTCUSD      1.0221     49.0000  97.9%   15    nan    nan
+     Norgesbank USDNOK      8.1777      8.1777   0.0%   16 107789    nan
+

+ +

The code for this client is too complex for a simple blog post, so +you will have to check out the git repository to figure out how it +work. What I can tell is how the three last numbers on each line +should be interpreted. The first is how many seconds ago information +was received from the service. The second is how long ago, according +to the service, the provided information was updated. The last is an +estimate on how often the buy/sell values change.

+ +

If you find this library useful, or would like to improve it, I +would love to hear from you. Note that for some of the services I've +implemented a trading API. It might be the topic of a future blog +post.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: docbook, english, freeculture. + Tags: bitcoin, english.
@@ -653,40 +635,47 @@ touch.

-
Vitenskapen tar som vanlig feil igjen - relativt feil
-
1st August 2016
-

For mange år siden leste jeg en klassisk tekst som gjorde såpass -inntrykk på meg at jeg husker den fortsatt, flere år senere, og bruker -argumentene fra den stadig vekk. Teksten var «The Relativity of -Wrong» som Isaac Asimov publiserte i Skeptical Inquirer i 1989. Den -gir litt perspektiv rundt formidlingen av vitenskapelige resultater. -Jeg har hatt lyst til å kunne dele den også med folk som ikke -behersker engelsk så godt, som barn og noen av mine eldre slektninger, -og har savnet å ha den tilgjengelig på norsk. For to uker siden tok -jeg meg sammen og kontaktet Asbjørn Dyrendal i foreningen Skepsis om -de var interessert i å publisere en norsk utgave på bloggen sin, og da -han var positiv tok jeg kontakt med Skeptical Inquirer og spurte om -det var greit for dem. I løpet av noen dager fikk vi tilbakemelding -fra Barry Karr hos The Skeptical Inquirer som hadde sjekket og fått OK -fra Robyn Asimov som representerte arvingene i Asmiov-familien og gikk -igang med oversettingen.

- -

Resultatet, «Relativt -feil», ble publisert på skepsis-bloggen for noen minutter siden. -Jeg anbefaler deg på det varmeste å lese denne teksten og dele den med -dine venner.

- -

For å håndtere oversettelsen og sikre at original og oversettelse -var i sync brukte vi git, po4a, GNU make og Transifex. Det hele -fungerte utmerket og gjorde det enkelt å dele tekstene og jobbe sammen -om finpuss på formuleringene. Hadde hosted.weblate.org latt meg -opprette nye prosjekter selv i stedet for å måtte kontakte -administratoren der, så hadde jeg brukt weblate i stedet.

+
VLC in Debian now can do bittorrent streaming
+
24th September 2018
+

Back in February, I got curious to see +if +VLC now supported Bittorrent streaming. It did not, despite the +fact that the idea and code to handle such streaming had been floating +around for years. I did however find +a standalone plugin +for VLC to do it, and half a year later I decided to wrap up the +plugin and get it into Debian. I uploaded it to NEW a few days ago, +and am very happy to report that it +entered +Debian a few hours ago, and should be available in Debian/Unstable +tomorrow, and Debian/Testing in a few days.

+ +

With the vlc-plugin-bittorrent package installed you should be able +to stream videos using a simple call to

+ +

+vlc https://archive.org/download/TheGoat/TheGoat_archive.torrent
+

+ +

It can handle magnet links too. Now if only native vlc had +bittorrent support. Then a lot more would be helping each other to +share public domain and creative commons movies. The plugin need some +stability work with seeking and picking the right file in a torrent +with many files, but is already usable. Please note that the plugin +is not removing downloaded files when vlc is stopped, so it can fill +up your disk if you are not careful. Have fun. :)

+ +

I would love to get help maintaining this package. Get in touch if +you are interested.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: norsk, skepsis. + Tags: english, verkidetfri, video.
@@ -694,51 +683,35 @@ administratoren der, så hadde jeg brukt weblate i stedet.

-
Techno TV broadcasting live across Norway and the Internet (#debconf16, #nuug) on @frikanalen
-
1st August 2016
-

Did you know there is a TV channel broadcasting talks from DebConf -16 across an entire country? Or that there is a TV channel -broadcasting talks by or about -Linus Torvalds, -Tor, -OpenID, -Common Lisp, -Civic Tech, -EFF founder John Barlow, -how to make 3D -printer electronics and many more fascinating topics? It works -using only free software (all of it -available from Github), and -is administrated using a web browser and a web API.

- -

The TV channel is the Norwegian open channel -Frikanalen, and I am involved -via the NUUG member association in -running and developing the software for the channel. The channel is -organised as a member organisation where its members can upload and -broadcast what they want (think of it as Youtube for national -broadcasting television). Individuals can broadcast too. The time -slots are handled on a first come, first serve basis. Because the -channel have almost no viewers and very few active members, we can -experiment with TV technology without too much flack when we make -mistakes. And thanks to the few active members, most of the slots on -the schedule are free. I see this as an opportunity to spread -knowledge about technology and free software, and have a script I run -regularly to fill up all the open slots the next few days with -technology related video. The end result is a channel I like to -describe as Techno TV - filled with interesting talks and -presentations.

- -

It is available on channel 50 on the Norwegian national digital TV -network (RiksTV). It is also available as a multicast stream on -Uninett. And finally, it is available as -a WebM unicast stream from -Frikanalen and NUUG. Check it out. :)

+
Using the Kodi API to play Youtube videos
+
2nd September 2018
+

I continue to explore my Kodi installation, and today I wanted to +tell it to play a youtube URL I received in a chat, without having to +insert search terms using the on-screen keyboard. After searching the +web for API access to the Youtube plugin and testing a bit, I managed +to find a recipe that worked. If you got a kodi instance with its API +available from http://kodihost/jsonrpc, you can try the following to +have check out a nice cover band.

+ +

curl --silent --header 'Content-Type: application/json' \
+  --data-binary '{ "id": 1, "jsonrpc": "2.0", "method": "Player.Open",
+  "params": {"item": { "file":
+  "plugin://plugin.video.youtube/play/?video_id=LuRGVM9O0qg" } } }' \
+  http://projector.local/jsonrpc

+ +

I've extended kodi-stream program to take a video source as its +first argument. It can now handle direct video links, youtube links +and 'desktop' to stream my desktop to Kodi. It is almost like a +Chromecast. :)

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: english, frikanalen, nuug, video. + Tags: debian, english, kodi, video.
@@ -746,90 +719,19 @@ Frikanalen and NUUG. Check it out. :)

-
Unlocking HTC Desire HD on Linux using unruu and fastboot
-
7th July 2016
-

Yesterday, I tried to unlock a HTC Desire HD phone, and it proved -to be a slight challenge. Here is the recipe if I ever need to do it -again. It all started by me wanting to try the recipe to set up -an -hardened Android installation from the Tor project blog on a -device I had access to. It is a old mobile phone with a broken -microphone The initial idea had been to just -install -CyanogenMod on it, but did not quite find time to start on it -until a few days ago.

- -

The unlock process is supposed to be simple: (1) Boot into the boot -loader (press volume down and power at the same time), (2) select -'fastboot' before (3) connecting the device via USB to a Linux -machine, (4) request the device identifier token by running 'fastboot -oem get_identifier_token', (5) request the device unlocking key using -the HTC developer web -site and unlock the phone using the key file emailed to you.

- -

Unfortunately, this only work fi you have hboot version 2.00.0029 -or newer, and the device I was working on had 2.00.0027. This -apparently can be easily fixed by downloading a Windows program and -running it on your Windows machine, if you accept the terms Microsoft -require you to accept to use Windows - which I do not. So I had to -come up with a different approach. I got a lot of help from AndyCap -on #nuug, and would not have been able to get this working without -him.

- -

First I needed to extract the hboot firmware from -the -windows binary for HTC Desire HD downloaded as 'the RUU' from HTC. -For this there is is a github -project named unruu using libunshield. The unshield tool did not -recognise the file format, but unruu worked and extracted rom.zip, -containing the new hboot firmware and a text file describing which -devices it would work for.

- -

Next, I needed to get the new firmware into the device. For this I -followed some instructions -available -from HTC1Guru.com, and ran these commands as root on a Linux -machine with Debian testing:

- -

-adb reboot-bootloader
-fastboot oem rebootRUU
-fastboot flash zip rom.zip
-fastboot flash zip rom.zip
-fastboot reboot
-

- -

The flash command apparently need to be done twice to take effect, -as the first is just preparations and the second one do the flashing. -The adb command is just to get to the boot loader menu, so turning the -device on while holding volume down and the power button should work -too.

- -

With the new hboot version in place I could start following the -instructions on the HTC developer web site. I got the device token -like this:

- -

-fastboot oem get_identifier_token 2>&1 | sed 's/(bootloader) //'
-
- -

And once I got the unlock code via email, I could use it like -this:

- -

-fastboot flash unlocktoken Unlock_code.bin
-

- -

And with that final step in place, the phone was unlocked and I -could start stuffing the software of my own choosing into the device. -So far I only inserted a replacement recovery image to wipe the phone -before I start. We will see what happen next. Perhaps I should -install Debian on it. :)

+
Software created using taxpayers’ money should be Free Software
+
30th August 2018
+

It might seem obvious that software created using tax money should +be available for everyone to use and improve. Free Software +Foundation Europe recentlystarted a campaign to help get more people +to understand this, and I just signed the petition on +Public Money, Public Code to help +them. I hope you too will do the same.

- Tags: bootsystem, debian, english, opphavsrett, sikkerhet. + Tags: english, opphavsrett.
@@ -844,6 +746,58 @@ install Debian on it. :)

Archive