Malte Spitz, a member of Germany’s Green Party, sued his mobile phone provider to reveal what records it kept about him. The records including tracking data based on rough triangulation from the nearest cell-phone towers. Spitz then sent this information to Zeit Online, who combined it with Spitz’ personal blog and Twitter entries to produce an incredible animated map that reveals a surprisingly detailed account of his movements over a six-month period.
To reiterate, this was done all without GPS services and without Spitz requesting his movements be tracked — it was automatically generated simply by his mobile phone communicating with cell phone towers. It very much goes to show the importance of regulations that limit retention periods for this kind of data, given how detailed a reconstruction can be made of an individual’s life.
TextBuddy was created to make it easy for people to actually utilize the
Webtext allowances providers gave them. In the last few weeks some providers
(namely O2 and Vodafone) have begun making changes to their webtext pages in order to
make it more difficult (but not impossible) for applications such as TextBuddy from operating.
Unfortunately it’s just not worth trying to integrate with providers who don’t want you
integrating with them.
If this move leaves you high and dry then perhaps something like Cabbage
Texter will work instead?
Okay, so this post will be brief but to the point. Today
I needed to lock down a machine I administer so the only inbound connections
which were allowed were SSH connections from trusted hosts.
I’m using Debian so this will obviously work for other Debian based distros such as Ubuntu, Linux Mint etc.
Assuming you’re running a current version of Debian or a derivative then iptables will already be present on your system. One of the first things to
take note is that iptables won’t hold its ruleset during a reboot so to start off this tutorial the first thing I ensured was
that the ruleset will be restored when the machine is rebooted. So, as root I edited /etc/rc.local and before the exit line i added /etc/iptables-init. Because this was a fresh install my rc.local ended up looking like this:
/etc/rc.local from Debian 6
#!/bin/sh -e## rc.local## This script is executed at the end of each multiuser runlevel.# Make sure that the script will "exit 0" on success or any other# value on error.## In order to enable or disable this script just change the execution# bits.## By default this script does nothing.# Setup iptables/etc/iptables-init
Next, I created the script which we’ve setup to be executed from rc.local:
#!/bin/sh# ----------------------------------------------------------------------# simple but secure iptables initialization script# DateCreated: Thu 12 Jan 2012 00:37:04 GMT# Author: Jerry Walsh# ----------------------------------------------------------------------# Put your trusted hosts/ranges here:TRUSTED_HOSTS="18.104.22.168 22.214.171.124/24 \ 126.96.36.199 188.8.131.52 184.108.40.206 "# flush rulesiptables -F
# Log dropped connections#iptables -N LOGDROP# allow localhost connections to the loopback interface iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
# allow connections which are already establishediptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# allow all outbound connectionsiptables -A OUTPUT -j ACCEPT
# allow tcp to port 22 (ssh daemon) from trusted hostsfor GOODIE in $TRUSTED_HOSTS; doiptables -A INPUT -p tcp -m state --state NEW -s $GOODIE --dport 22 -j ACCEPT
done# or you could just allow ssh access from all hosts# NOTE: if you're going to allow ssh access from all hosts then# it's always a good idea to put sshd on a non-standard port# - this keeps the majority of script kid trawlers out#iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT#other optional extras:# allow inbound http access#iptables -A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT# allow inbound https access#iptables -A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT# drop all other inbound traffic (including ICMP, UDP etc.)iptables -A INPUT -j DROP
# you could also just block tcp connections..#iptables -A INPUT -p tcp -j DROP
Finally, I set the script executable and executed the script now to load the new rules in to iptables:
finally, we mark the script executable and run it!
chmod 0700 /etc/iptables-init
And that’s it! Remember - it’s always good to
test your configuration from a remote host or
better still from a ‘bad’ remote host and a
‘good’ (whitelisted) host.
REMEMBER: The above script is just an example!
You should modify the script to meet YOUR needs
(as it stands this met mine) but it still serves
as a useful starting point. It should also be
noted that ICMP ping replies will be blocked
using the above setup - this may not be
desirable but in my case it was!
I’ll leave you with ‘Another Day’ from Album
There’s no doubt about it that John Cleese is a genius when it comes to comedy but
his genius-ness (is that even a word?) doesn’t stop there. What follows is one of my favourite videos
from him. The highlight of which is this enlightening little piece of wisdom:
To know how good you are at something requires the same skills as it does to be good at those things.
Which means if you’re absolutely hopeless at something, you lack exactly the skills that you need to know that you’re absolutely hopeless at it.
And this is a profound discovery - that most people who have absolutely no idea
what they’re doing, have absolutely no idea that they have no idea what they’re
It explains a great deal of life.
It also explains why so many people in charge of so many organisations have no idea what they’re doing, they have a terrible blind spot.
Watch the video here:
I’ve decided that it’ll now be customary to sign off each post with a bit of
music. In this case, given that it’s the weekend it’ll be some uplifting vocal trance from Andain, the Myon and Shane 54 remix of ‘Promises’. Enjoy! (and sorry if this doesn’t float your boat :P):
I know, I know.. it’s been long overdue and I’ve just been putting it off for far too long. A recent trip to Zell Am See, in Austria recently
gave me enough downtime to focus on revamping the site which is now complete. I think everything should be working OK but if you encounter problems then please let me know. I hope the new look will get me blogging more often and with higher quality!
I plan to post again soon, this time with something more substantial until then I’ll leave you with my “tune of the trip”, “Black Ash Veil” by Apparat:
Time’s currently not on my side so I’m going to make this one quick. A new version of TextBuddy has just been released. The major (and only) addition in this version is support for the Eircom eMobile network. Get it while it’s hot..
In my opinion, dropping it is one of the best damn things they have ever done because in this day and age, it’s no longer necessary. It just doesn’t matter anymore because the web is all about http:// now. It’s implicit and the UI should mirror this - people don’t need to know about it. I recall what my good friend anto once said…
This is just one of the things which makes Chrome stand out from all the others, Jeff Atwood recently wrote that
Chrome was a completely respectable browser in V1 and V2. The entire project has moved forward so fast that it now is, at least in my humble opinion, the best browser on the planet. Google went from nothing, no web browser at all, to best-of-breed in under two years.
#!/bin/sh# Download the PDFLib Lite Linux source from here first:# http://www.pdflib.com/download/pdflib-family/pdflib-lite-7/# put the download in the same location as this script# NOTE: you will be prompted by the pecl installation at the end# of the process for a path - you'll need to enter /usr/local/ here## Author: jbw# DateCreated: Mon, 22 Mar 2010# We need root privileges ..if["$USER" !="root"]; thenchmod +x "$0" gksudo "$0"exitfidpkg -l | grep -q build-essential ||\ apt-get install build-essential
tar zxvf PDFlib-Lite-7*.tar.gz &&\cd PDFlib-Lite-7*/ &&\ ./configure &&\ make &&\ make install
dpkg -l | grep -q php-pear ||\ apt-get install php-pear
dpkg -l | grep -q php5-dev ||\ apt-get install php5-dev
pecl install pdflib
If you don’t plan on using the dl() method to load this module dynamically then you may need to modify the php configuration so it autoloads the pdf.so extension.