EU Data Retention Directive Declared Invalid

The Court of Justice of the European Union today declared the Data Retention Directive invalid in a joint case brought by Digital Rights Ireland and an Austrian group. This is a great win by privacy advocates against a law that was over reaching, uncontained and unsafe. The courts own press release is a short three page read but some of the key elements include (all emphasis theirs):

  • the data “may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented”;
  • the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data
  • “the directive covers, in a generalised manner, all individuals, all means of electronic communication and all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime”
  • “the directive fails to lay down any objective criterion which would ensure that the competent national authorities have access to the data and can use them only for the purposes of prevention, detection or criminal prosecutions concerning offences that … may be considered to be sufficiently serious to justify such an interference” and “the directive does not lay down substantive and procedural conditions under which the competent national authorities may have access to the data and subsequently use them”
  • “the directive does not provide for sufficient safeguards to ensure effective protection of the data against the risk of abuse and against any unlawful access and use of the data.”
  • and, shockingly (if none of the above was shocking enought), “the directive does not require that the data be retained within the EU“.

This is indeed a good day for digital rights, privacy rights and common sense. We all owe a debt of gratitude to the volunteers at Digital Rights Ireland.

Apple OS X as an NFS Server (with Linux Clients)

For a customer, I had to set up a Linux-based virtualised environment on a MacBook Pro using VirtualBox. This environment included making a couple of 8TB external hard drives available under NFS to the Linux hosts.

In all fairness, what better use can one put OS X to than to virtualise Linux?!?  Just kidding fanboys… well, sort of 😉

Let’s begin with a quick description of the environment:

  • A MacBook Pro (MBP) with OS X 10.8.2
  • VirtualBox with it’s own network (MBP: 192.168.56.1/24) for NFS as well as bridged adapters for general Internet access;
  • Multiple external HDDs – for simplicity, let’s just do one here which is mounted under /Volumes/DATA-1.

We want to export the DATA-1 volume to the Linux clients. That bit’s actually not too hard (see below), the main issue is we needed to match what on Linux is call no_root_squash – i.e. so the root user on the Linux clients would have root access to the NFS shares. That bit was harder.

I’ll assume root access / sudo use in the following commands.

To configure NFS, we edit / create /etc/exports (e.g. nano /etc/exports) such as:

/Volumes/DATA-1 -maproot=root:wheel -network 192.168.56.0 -mask 255.255.255.0

In other words:

  • export /Volumes/DATA-1
  • map the clients root user to local root user and the clients root group to local group wheel (gid = 0)
  • allow the export to be accessed by any host on the private VirtualBox network.

With that entry, NFS can be enabled at boot and started via:

nfsd enable
nfsd start

On a Linux client, this can then be mounted at boot with an /etc/fstab entry:

192.168.56.1:/Volumes/DATA-1 /mnt/data-1 nfs defaults 0 0

The problem was that no matter what variation of options I used, I could not get root access from the Linux clients.

The answer came by chance when I glanced an odd mount option on the external HDD:

/dev/disk2s2 on /Volumes/DATA-1 (hfs, NFS exported, local, nodev, nosuid, journaled, noowners)

noowners? What pray-tell is this? The internet provided some insight:

In Leopard, due to an unfortunate design decision by Apple, “admin” authentication is now required to make this change (no noowners) and non-admin users are no longer able to use “Get Info” to change this setting, even on devices they own and have mounted themselves.

An unfortunate design decision indeed. The temporary solutions is to execute:

mount -u -o owners /Volumes/DATA-1

Thereafter, I now have root access / effective UID from the Linux clients. This of course needs to be entered each time – if someone has a more permanent solution, I’m all ears (see below for a cron script I have implemented for this).

Just as an aside, we have a lot of NFS activity which required some tuning. First, additional NFS threads by adding nfs.server.nfsd_threads=16 to /etc/nfs.conf (execute nfsd restart after that). I’ve also added the following line to /etc/rc.local:

sysctl -w kern.aiomax=64 kern.aioprocmax=32 kern.aiothreads=4

Cron Script for Automatically Removing noowners

As mentioned above, removing this mount option every time you connect these HDDs is damn annoying at best and error prone at worst. I have a script for this now which I locate in /var/root/bin/mount-check.sh which is:

#! /bin/bash

NOOWNERS=`/sbin/mount | grep "/Volumes/DATA-1" | grep noowners | wc -l`

if [[ "X${NOOWNERS//[[:space:]]/}X" = "X1X" ]]; then
    /sbin/mount -u -o owners /Volumes/DATA-1;
fi

This is then executed via a new line in /etc/crontab:

* * * * *    root    /var/root/bin/mount-check.sh

 

Amazon Web Service’s ec2-bundle-image on Ubuntu

This is really a post for Google’s crawlers on getting AWS’s EC2 AMI tools working under Ubuntu (I’m currently on Gutsy 7.10). Despite any bitching I may do below, EC2 and S3 are cool services.

The first problem is that AWS only distribute the tools as an RPM (really guys? I mean FFS). Convert and install with alien.

# apt-get install alien
# alien -k ec2-ami-tools.noarch.rpm
# dpkg -i ec2-ami-tools_1.3-15283_all.deb

Make sure you also install libopenssl-ruby.

Set your Ruby path as the RPM places them where RedHat expects to find them:

# export RUBYLIB="/usr/lib/site_ruby"

Now when you run the utility, you’ll probably get:

$ ec2-bundle-image -r ... -i ... -k ... -c ... -u ...
sh: Syntax error: Bad substitution

Aparently Ubuntu switched from invoking bash to dash for sh somewhere along the line. Just relink it (temporarily or permanently as suits):

# rm /bin/sh
# ln -s /bin/bash /bin/sh

And you should be good to go.

One other issue I encountered was that the permissions of the directories were for root only (i.e. /usr/local/aes, /usr/lib/site_ruby/ and /etc/aes). A very sloppy chmod a+rX on each of these will resolve that. Although I suspect it’s more to do with the fact that I used rpm2cpio and cpio rather than alien the first time around.

Make room PLEASE!

I had to get the Dart last Wednesday as I was going to the Irish match in Croker. It was rush hour and I experienced what I face the very odd time I get the Luas when I don’t cycle to the office: assholes clogging the door.

It seems to be an Irish mentality to congregate around the doors in case you get trapped. I’ve used public transport in New York for months a few years ago and believe me, they’d go through you for a shortcut if you were blocking the doors. I wouldn’t mind if the bloody Dart/Luas was full, but there’s plenty of room mid-carriage.

I was once on the Luas at rush hour (having squashed my way through these same assholes to centre-carriage) when a man tried to get on a couple of stops later. There was plenty of room around me but the area around the doors was wedged. He shouted for people to move into the carriage… no one moved. In fact, they made faces at each other to indicate that this guy was a nutter.

He was nothing of the sort. He was dead fucking right. Next time I’ll go through you assholes for a shortcut. Make room PLEASE!

Is It Anyone’s Business Whether or Not I Read Their E-mail?

I got an e-mail today from a third-party on behalf of a mutual customer. This person wanted to remind me that his e-mail to me the day before “was opened 22 mins 7 seconds after [he] sent it to [me]” and he was wondering if I had made any progress.

How did he know that? There was no message box advising me that the sender had requested a read receipt and asking if I wanted to send it. There was however a warning from my e-mail client (KMail) advising me that there were external references embedded in the HTML e-mail message. Like a fool, I disregarded this warning and clicked to display these references the first time around.

When I got his reminder I went back and examined the HTML content. At the end of the message was a link to an image on http://img.msgtag.com/. When this image is loaded, it notifies the sender that their mail has been opened along with the time elapsed from sending the mail to when it was eventually opened. MSGTAG is the company that provides this service in this instance.

I was annoyed about this. Damned annoyed. Someone e-mailing me had surreptitiously embedded an external image in an e-mail to for the express purpose of identifying when I opened his mail _without_ my permission and in violation of my privacy. It’s nobody’s damned business when or even if I have read their e-mails.

That information should be requested via the long established mechanism of requesting read receipts allowing the recipient to decide whether or not to notify the sender that their message has been read. In my case it’s not that hugh an issue – generally speaking I would not load external references. But what about the 90% or more of less informed users who would or whose clients wouldn’t even ask first?

With my somewhat limited knowledge of the Data Protection Act I am quite convinced that this is in breach of it. I’m not a lawyer and would love the opinion of one on this.

What will your good deed be today?

The Irish Blood Transfusion Service (IBTS) is the statutory body of the Irish State that is charged with all aspects of the collection, processing and distribution of blood supplies and related products. Unlike some other countries, all blood donated in Ireland is purely voluntary with the only reward being a sense of altruism.

Last Friday they made a special request as the national blood stock was low and all elective surgeries throughout the country had to be cancelled. The response from the public was immense and stocks are quickly returning to normal.

They still need more – this week and every week. If you are looking to tick off your good deed for today then consider dropping into a local donation clinic.

I gave my eleventh donation in just under four years yesterday. And I won’t lie to you. It’s not fun. But it’s also not torture. The best description would be “not pleasent”. And the feeling of having done something good for nothing cannot be bought. If you hate needles as much as I do then you’d be allowed tick off a full week’s worth of good deeds!

In the words of the IBTS’s Thank You card:

A blood donation costs nothing but gives much,
it enriches those who receive
without making poor those who give.

It happens in a flash
but the memory of that gift will last forever.

None is so rich and mighty that it can get along without it
and none is so poor
that it cannot be made rich by it.

It cannot be bought, begged borrowed or stolen
for a blood donation is of no earthly good to anyone
until it is given away.

1 out of every 4 of us reading this will need a blood transfusion at some point in our lives. It could be you.

Reactions to my Meteor Post

There were a couple of blog posts following up on my question regarding the apathy of Irish mobile users. In particular, there were pro-Meteor comments from David O’Neill who switched himself recently and, almost as a proof of my assertions, some mis-conceptions from Niall Sheridan (or this guy as he referred to me).

Niall made two points:

Cheap is relative. As with all mobile services it depends on who you’re calling. If you primarily ring Vodafone subscribers I guarantee that it won’t be that cheap.

Well let’s look at the facts. Taking the comparison of changes I made in my post for the similar evening time pre-pay plans, it is cheaper to ring all three networks from Meteor; i.e. it is more expensive to call from O2 to O2 or to call from Vodafone to Vodafone than it is to call from Meteor to O2 or Vodafone. In all cases at all times. Mind you, this is just one billing package but, from what I have seen, it is the trend.

Meteor’s current network is only as good as it is because portions of it aren’t Meteors’ at all – they’re O2’s and Vodafone’s. I’d love to know what level of coverage they would have if Both O2 and Vodafone stopped the service.

Another mis-conception. Firstly, Meteor does not use any part of Vodafone’s network. And, to my knowledge, never has. In September 2004 it did sign a coverage deal with O2 in parts of counties Kerry, Donegal, Mayo, Cavan, Sligo, Leitrim, Limerick, Galway, Cork, Roscommon, Longford & Clare. That’s in parts of twelve of the twenty-six counties. And it’s a temporary arrangement while Meteor continue to expand their coverage.

So what? All this does is ensure that Meteor’s own customers get full coverage around Ireland. What do I care if it means I use O2’s network in some remote parts of Ireland? I don’t care – especially as it means Meteor’s customers get to use O2’s network at prices that are cheaper than O2’s own customers.

Niall also went on to share a story of woe he had with Meteor regarding service withdrawl for non-payment and how long it took them to re-activate his account after he paid them. Well we all have tales of woe. I have a few of my own for O2. But as we all know, these are usually the exception and not the rule. I have rang Meteor customer care (for free – O2 and Vodafone charge you to do that) a few times and have found them comparable or better than my better conversations with O2.

Niall finishes with “[s]ure Meteor have some nice offers, like free voicemail and line rental…”. I would ask the average Irish mobile user whether they believe that this should be the norm or the exception?

Just How Apathetic Are Irish Mobile Users?

Meteor, one of Ireland’s three mobile operators, started a new promotion some months ago: 5c per minute Meteor to Meteor calls – 24 hours a day 7 days a week until 2006. It is available to all existing and new customers on a pre-pay plan.

It piqued my interest. I was paying O2 an average of €110 per month on a post-pay account with the biggest outlay being the evening calls to my significant other. I figured if we both switched to Meteor we could save a fortune. I played around with the idea for a while and I mentioned it in conversation to a few friends and colleagues. They mostly scoffed with such pre-conceptions as “Meteor’s only good for teenage girls”, “their network is crap – you’ll never get coverage at home in Galway”, “they have crap phones” and so forth. And I have to admit – I held most of these opinions myself.

Instead of jumping straight in we decided to try Meteor out. We got Meteor’s free SIM with €100 credit (over ten months) offer. After trying it out for a couple of weeks I found that the network is fine and that the coverage is fine.

One other thing I needed to check before we made the switch – their prices for other calls and services. I didn’t want to find myself in the position of having jumped to Meteor, taking my number with me, only to discover that although the 5c Meteor to Meteor calls sounds great, they make it up by fleecing you on the other charges.

I was surprised. In fact, I was shocked. Not only do Meteor have better rates and promotions than the “big two”, O2 and Vodafone, but in fact they have extraordinarily better rates than O2 and Vodafone. At least in comparison between the three.

I put together just such a comparison below for what seems like a comparable pre-pay package: Night Owl from O2, Social Life from Vodafone and Leisure Time Plus from Meteor. As with all such comparisons in the mobile industry, it is difficult to do it in an exact and fair manner as some operators will charge a “call connection cost”, have minimum call charges, cheaper second and subsequent minutes on directory enquiries, etc. Also errors and omissions are to be expected.

O2 Vodafone Meteor
Night Owl Social Life Leisure Time Plus
  Peak   Off Peak   Peak   Off Peak   Peak   Off Peak
Own network 55c 15c 50c 15c 40c 13c
Other network 63c 19c 65c 30c 40c 13c
Landline 55c 15c 50c 15c 40c 13c
Voicemail 15c 15c Free Free Free Free
SMS to own network 11c 11c 13c 13c 9c 9c
SMS to other network 13c 13c 13c 13c 9c 9c
International SMS 25c 25c 25c 25c 15c 15c
GPRS (per KB) 3c 3c 2c 2c 2c 2c
Customer Care 14c 14c 15c 15c Free Free
1850 30c 30c 31c 31c 30c 30c
1890 30c 23c 50c 15c 15c 15c
1891 23c 23c 50c 15c 12.5c 12.5c
UK 95c 95c €1.02 €1.02 50c 50c
USA €1.90 €1.90 €1.02 €1.02 50c 50c
Australia €1.90 €1.90 €1.92 €1.92 50c 50c

So in trying to ensure that I wouldn’t be fleeced by Meteor, I ended up discovering that O2 was already taking me to the cleaners. These kinds of price differences can be found across all comparable packages – both post-pay and pre-pay.

When it comes to our opinion of Meteor, it’s time we all grew up and wised up. O2 and Vodafone are making more money per customer in Ireland than they are in most other European countries. They are ripping us off. In fact they are ripping about 90% of us off – that’s their market share.

Go and get a free SIM only pack for Meteor and try it out. Their network is fine. Their phone offerings are as good as the others. And, if you’re anything like me, you’ll start saving at least 50% of your current bill per month.