The Court of Justice of the European Union today declared the Data Retention Directive invalid in a joint case brought by Digital Rights Ireland and an Austrian group. This is a great win by privacy advocates against a law that was over reaching, uncontained and unsafe. The courts own press release is a short three page read but some of the key elements include (all emphasis theirs):
- the data ”may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented”;
- “the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data“
- “the directive covers, in a generalised manner, all individuals, all means of electronic communication and all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime”
- “the directive fails to lay down any objective criterion which would ensure that the competent national authorities have access to the data and can use them only for the purposes of prevention, detection or criminal prosecutions concerning offences that … may be considered to be sufficiently serious to justify such an interference” and “the directive does not lay down substantive and procedural conditions under which the competent national authorities may have access to the data and subsequently use them”
- “the directive does not provide for sufficient safeguards to ensure effective protection of the data against the risk of abuse and against any unlawful access and use of the data.”
- and, shockingly (if none of the above was shocking enought), “the directive does not require that the data be retained within the EU“.
This is indeed a good day for digital rights, privacy rights and common sense. We all owe a debt of gratitude to the volunteers at Digital Rights Ireland.
I spent the first few days of St Patrick’s week last month in Leeds at the first of the two annual Euro-IX conferences on behalf of INEX. Trefor Davies, of trefor.net, organised a series of articles called Peering Week on his blog to coincide with it:
During Peering Week we have had 18 excellent contributions from some of the people who run the internet in Europe. This might sound dramatic especially considering that the internet is made up of sixty or seventy thousand Autonomous Networks. The contributors this week run Internet Exchanges where a greats many of these networks connect to each other.
My contribution was about our IXP management system called IXP Manager – co-written by myself and Nick Hilliard for INEX. This tool is now being used to manage two IXPs in the UK, at least five more across Europe, a couple that we know about in the US and it is now the de facto choice for IXPs in Africa and Asia – where we are working with ISOC.
You can read the full article on Tref’s blog here: INEX’s IXP Manager – tools to help manage an Internet Exchange.
I’m glad to say that the good folks at Euro-IX helped ensure I wasn’t too homesick on St. Patricks’s Day – as the days proceedings wrapped up, we were greeted by:
I arrived to work this morning to find that the Heartbleed Bug happened.
This is one of the biggest security issues to crop up in a long time – allowing the data normally protected by TLS/SSL to be compromised. This is the kind of data that normally passes securely between clients and protected websites, email services, instant messaging, etc.
Upgrade all your systems now. This is where my well planned day went.
Be sure to restart all services that use OpenSSL (or reboot your servers). A useful command [source] for this post-upgrade is:
grep -l 'libssl.*deleted' /proc/*/maps | tr -cd 0-9\\n | xargs -r ps u
A useful Python script for testing your web servers can be found in this Gist. NB: it’s not just web servers affected – any services with SSL/TLS may be affected.
As part of pushing our new release of ViMbAdmin, I wrote up a mini how-to for setting up a virtual email system on Ubuntu where the components are:
- Postfix as the SMTP engine;
- Dovecot for IMAP. POP3, Sieve and LMTP;
- ViMbAdmin as the domain / mailbox / alias management system via web interface.
It supports a number of features including mailbox archival and deletion, quota support and display of mailbox sizes (as well as per domain totals).
Find the how-to at:
Posted in How-tos, Linux, OSS, Software, ViMbAdmin, Work
Tagged doctrine, doctrine orm, dovecot, email, linux, mysql, php, postfix, postfix admin, postfixadmin, vimbadmin
I’ve just added to the Doctrine2 service provider for Laravel by adding a UserProvider allowing Doctrine2Bridge to provide a driver for Laravel’s authentication system.
Simply put – this allows a Doctrine2 database table stroing users’ usernames and passwords to be used as the backend for Laravel 4 authentication.
Full documentation and examples can be found here. Available on Packagist and forkable on GitHub.
I’ve just released a Laravel 4 package which contains a service provider to the Doctine2 entity manager and the Doctrine2 cache. These are made available via facades named D2EM and D2Cache respectively.
Currently it uses the XML schema method for defining entities but this can easily be augmented with the other methods. Also, ArrayCache and MemcacheCache are fully supported caching interfaces. Any other cache that requires no configuration is also supported but some trivial coding will be required for caching backends required configuration.
Combining this with TwigBridge, we have an excellent framework with Laravel 4!
OSS_SNMP is a PHP SNMP library written by myself for people who hate SNMP. After a customer migration from PVST to MST (Multiple Spanning Tree), I have added a number of MST functions / MIBs to OSS_SNMP:
During a fairly significant network migration involving breaking / connecting a number of links, I wanted to be able to monitor the MST port role of significant ports at a glance. For this purpose, I wrote the mst-port-roles.php script and have committed it as an example to OSS_SNMP. First, here is what it looks like when run on the command line (with hostnames obfuscated):
From a very simple array of port details at the top of the script, it will poll all switches and for each port print:
- device and port name;
- port state and speed;
- port role for each applicable MST instance.
I run it on bash and use bash colouring. The script is well documented and can easily be repurposed for other networks. You’ll find the source here.