On Telstra tracking NextG HTTP requests

http://lists.ausnog.net/pipermail/ausnog/2012-June/013833.html and http://www.scmagazine.com.au/News/305928,telstra-says-its-not-spying-on-users.aspx were recently published saying that Telstra NextG users were seeing some interesting things. (Yes, there’s a Whirlpool post too, but since they block requests from Tor I’m not going to link to them)

Basically, on their servers they were seeing HTTP requests to the same URL as they had just visited with their phone, but from an IP address that certainly wasn’t their phone.

I started to investigate.

I put up a simple HTML page on a standard HTTP server and then got a NextG device to query it. I saw a log that came from a TELSTRA owned block of IPs. I didn’t see any suspicious second request though. Sadness.

Turns out you have to request the URL twice to get this other request. It is after this second request that you get a query from a Rackspace/Slicehost IP (cloud provider, so it is unlikely Rackspace itself is involved any more than as a Cloud provider) with the same URL (although via HTTP/1.0 instead of 1.1). On a subsequent request, I didn’t see a corresponding one from this IP. Also, when accessing this URL from a different NextG device, I did not see a request from the Rackspace/Slicehost IP block.

If I change the content of the file and try to fetch again, it doesn’t download it anew. This suggests that there is not inspection of the content of what’s coming back from the HTTP server.

The User Agent pretends to be Firefox running on Windows. I have not yet found out anything specific about it.

What can we learn from this?

  1. If you think that putting a URL up and only telling 1 person about it is private you are very, very, very much mistaken
  2. Telstra is quite possibly spying on you, from servers in the USA, which is under a different set of laws than if it was done in Australia.
  3. Telstra is sending what websites you visit on your NextG connection to the USA. If you are at all involved in anything that may make the US government unhappy (e.g. disagreeing with it) this may have interesting implications. Further research is needed as to what exactly
  4. Telstra keeps a record of all URLs as otherwise it could not implement “on the second request”
  5. The iPhone needs Tor more than ever and it needs it on a system level.

Update: I have been pointed to http://v3.mike.tig.as/onionbrowser/ which is an Open Source Web Browser that uses Tor on iOS.

Update: http://www.flamingspork.com/blog/2012/06/26/an-update-on-telstras-surveillance-of-what-you-do-online/

Loveday’s Ginger Beer

In my search for the best alcoholic ginger beer I’ve been mostly disappointed. I’m pretty sure Bundaberg takes the cake for non-alcoholic ginger beer and is unlikely to ever be beaten in both quality and availability. I had Loveday’s Ginger beer a couple of weeks ago and it was okay, but I think the Matso‘s still takes the cake for alcoholic ginger beer.

image

My first Perry

I’m pretty sure this was the first time I’ve ever had Perry. I’ve had plenty of beer and cider over the years, but never Perry. I’d like to try more of them, I can’t really relate this to anything else, except to say that it’s nice ,not overwhelming and not too sweet. At 7.3% it packs a decent amount of alcohol content too.

This one is a light yellow colour and in front of the bottle you see the little plush dolphin that we got around the time Sun acquired MySQL. Typically, you’d see photos of it next to Salmiakki and not something as low alcohol content as this.

image

Innis and Gunn Canada Day 2011

Although Innis and Gunn is from Scotland, they’ve made a Canada Day beer. Rather unusual for a clear bottle, it’s bottled conditioned – and 8%. On her first taste, Leah described it as “mmm buttery”. You can taste the rum cask (as with other Innis & Gunn that I’ve had) and this one is rather nice. It may be hard to get any more of this as, it, well, Canada Day in 2011 happens once.

image

Brasserie Dieu due Ciel! Peche Mortel

It’s from Canada, not France. Although it’s certainly from a more French part of Canada. This was a nice imperial coffee stout. The coffee flavour was not overwhelming in any way, it was this nice pervasive hint . At 9.5% it’s strong in alcohol and the flavour is also nice and strong, although not overwhelming. I’d certainly have this one again.

image

St Peter’s Ruby Red Ale

A Ruby Red Ale from Suffolk from across the world: the United Kingdom. This bottle is marvellous. Looks like a medicine bottle and the beer in it is lovely – if medicine tasted like this, it’d be way easier to get people to take it.

A lovely red colour, a lovely spicy hop red ale aroma and it even tastes good. There’s a lovely malty undertone to it all that isn’t overpowering, just what you want from a red ale.

I kinda want to have more of it just to get more of these bottles…

image

St. Bernardus Apt 12

This is one of my favourites. Look at any list on BeerAdvocate.com and it scores rather highly. It’s dark and delicious. Yes, it’s Belgian and it’s 10% and it comes in large bottles if you like. If you’re really lucky you can find somewhere with a tap of this stuff – If anyone knows somewhere in Melbourne with one, I *MUST* know.

image

Contributor Agreements kill Contributions

A good while ago now, there was a bit of activity from others discussing the impact that contributor agreements have on contributions. Most notably, from Simon Phipps and Michael Meeks:

I’ve been around this Free and Open Source Software thing for a while now and I’ve noticed a pattern. People who hack on free software seldom have a desire to spend time speaking to the company lawyers instead of doing their jobs.

If you require a contributor agreement signed, it doesn’t involve an individual. It involves a legal department. Being a free software developer is a different mindset than working on proprietary software. No longer are you just working on one bit of software, you can work on any bit of software. Find a bug in your compiler? Well, you can fix that. Find a bug in a library you’re using? You can both work around it and submit a patch that fixes it.

There is a different between an open source project and an open source product. An open source product is easy – you just publish your source/binary packages with an open source license and do all your development and discussion inside the company. Easy and simple for most places to execute.

What is harder is having an open source project. This is where your company participates in the project, and is a trickier thing to get going – especially within large organisations that have historically been proprietary software houses. There are very few companies that have gotten this right, and even fewer that have gotten this right across the board. I would probably have to say that Red Hat is the company that consistently does this the best.

A low barrier to entry is what has made the largest, most successful free software projects what they are today. If you’re wanting your project to be an open source project and not an open source product – then you too must set a low barrier to entry. Contributor Agreements significantly raise the barrier to entry. Suddenly my 10 line patch to fix a bug turns into a discussion with my company lawyers, your company lawyers and goes from taking an extra 5 minutes to send an email with a patch to a mailing list into something that takes hours and hours of my time.

Any time I spend speaking to lawyers is time not spent improving the world. By having a Contributor Agreement you turn a 5 minute task into a several hour one, a task involving lawyers. You know what tasks involving lawyers are? Expensive. You now have developers not contributing to your project not because a lawyer said no, but because they worked out that the time and money that would be spent on contributing to your project not to be worth it for their company.

The only people who enjoy talking business with lawyers is other lawyers and the mentally ill[1]. We’re developers, not lawyers – don’t make us talk to them for orders of magnitude more time than it takes to fix some bit of code.

 

[1] I have lawyer friends, and that’s social time, not work. I’ve also worked with great lawyers, but I do wish the world was more sane to begin with and I didn’t need to spend as much time doing so.

ZFS: could have been the future of UNIX Filesystems

There was a point a few years ago where Sun could have had the next generation UNIX filesystem. It was in Solaris (and people were excited), there was a port to MacOS X (that was quite exciting for people) and there was a couple of ways to run it on linux (and people were excited). So… instead of the fractured landscape of ext3, HFS+ and (the various variations of) UFS we could have had one file system that was common between all of the commonly used UNIX-like variants. Think of being able to use a file system on a removable drive that isn’t FAT and being able to take it from machine to machine (well… Windows would be a problem, but it always is).

There was some really great work done in OpenSolaris with integration between the file manager and ZFS snapshots (a slider bar to browse the history of a directory, an idea I’ve championed for over a decade now, although the Sun implementation was likely completely independently developed). The integration with the package manager was also completely awesome, crash safe upgrades!

However, all this is pretty much moot. Solaris is used by fewer people than ever, it’s out of OS X and BTRFS is going to take the place that ZFS could have held in the Linux world. So, unfortunately, ZFS is essentially dead. This is a shame…. it could have been something huge.

Hitachino Nest Real Ginger Ale

Ahhh Ginger. I had the Matso Ginger Beer the other day and quite raved about it (my search for a Ginger Beer with ginger in it is strewn with disappointments). This was a different kind of drink, while there was ginger in it, it was certainly a beer with ginger rather than *ginger* beer. Honestly, I prefer the Matso by a long way.

image

Harviestoun Old Dubh

I wrote about the Harviestoun Old Engine Oil a little while ago, and I really quite liked it. I liked it enough that when next at Acland cellars I decided to get more of their beers. Tonight, being another cold night, I decided to see if the “Old Dubh” (also on the label is the wonderful words “Special 12 Reserve”) lived up to the Old Engine Oil.

It does. Wow.

The little book attached to the bottle says the beer is so named because it’s “gloopy and viscous”. Well, it’s lovely and black, and the aroma is just lovely. I’d use words such as chocolatey, malty and that hint of scotch that warms the soul on a cold evening.

The Old Dubh is matured in Highland Park 12 Year Old Single Malt Scotch Whisky casks, which is what gives it that extra bits of flavour. I honestly don’t know why this great trick isn’t done by more breweries, as this beer is just lovely. I have another Harviestoun in the fridge, and I kind of can’t wait to try it.

image

There is a story….

I have a friend who is fond of telling a story from way back in November 2008 at the OpenSQL camp in Charlottesville, Virgina. This was relatively shortly after we had announced to the public that we’d started something called Drizzle (we did that at OSCON) and was even closer to the date I started working on Drizzle full time (which was November 1st). Compared to what it is now, the Drizzle code base was in its infancy. One of the things we hadn’t yet sorted out was the rewrite of the replication code.

So, I had my laptop plugged into a projector, and somebody suggested opening up some random source file… so I did. It was a bit of the replication code that we’d inherited from MySQL. Immediately we spotted a bug. In fact, between myself and Brian I think we worked out that none of the error handling in this code path ever even remotely worked.

Fast forward a bunch of years, and recently I had open part of the replication code in MySQL 5.5 and (again) instantly spotted a bug. Well.. the code is correct in 2 out of 3 situations…

It is rather impressive that the MySQL Replication team has managed to add the features they have in MySQL 5.6.

I’m also really happy with what we managed to do inside Drizzle for replication. Ripping out all the MySQL legacy code was a big step to take, and for a while it seemed like possibly the wrong one  – but ultimately, it was incredibly the right thing to do. I love going and looking at the Drizzle replication code. I simply love it.

Espresso

Many people may know that I’m a bit of a coffee fan. I do quite like a good espresso. These are, unfortunately, more rare than I would like. I know, I live in Melbourne, the average coffee quality is pretty damn high… but still, perhaps I’m just a bit of a coffee snob (oh wait, that’s where I buy my beans from).

This is a photo of the espresso I got at a place near Leah’s work the other week.

image