Tag: hack

Posted on

Who owns your phone number & Details? Directory Services?

Recently a court ruling went through in Australia which , by itself, wasn’t a massive major, but it was enough to make the news. A website called ‘Local Directories‘ was taken to court by  a company called Sensis which is a subsidiary of Telstra Clear because they copied the data from the Yellow and White pages of their directory services and then put it on their website.

The court ruled that whilst the databases on both sites was identical, it wasn’t owned by Sensis, and they did not create it (ie it was not an original works) and so they could not copyright it. The Judgement was “None of the Works were original. None of the people said to be authors of the Works exercised “independent intellectual effort” or “sufficient effort of a literary nature” in creating the Works.”

This made me curious and brought me back 10 years ago when a databases did the rounds in NZ containing a CSV rip of the NZ phone book. It was incomplete and only contained Auckland phone numbers, and more than one person (off the record) laid claim to doing the original scrape/rip.

I’m guessing most people are thinking ‘this is all very benign’ and ‘what’s the big deal’ about now, hang on, i’m getting there. What if somebody now took the data from the phone book, and let you search by street name, suburb, or even phone number (reverse phone book anyone?). According to this new ruling, not a heck of a lot!

So to try a proof of concept i hunted about and found that old Auckland rip from 10 years ago, imported it into the database, munged the data so no names/addresses/phone numbers matched up correctly and put it on the web.  You can see that here http://velofille.com/phbook/ .  I see that http://www.whitepages.com/ provides a reverse phone number lookup already (search the number, find the address), which is a little dodgy, however this is only for USA by the looks.

Now, are you beginning to see the problem with the court ruling? Whilst its great to finally track down who owns that number who calls you at 3am and hangs up or does deep breathing, or even ringing all your neighbours on the street when the music is too loud. What happens when salesmen decide to cold call an entire suburb? or the creepy guy next door rings you to tell you he can see you through the gap in the curtain? What happens when this information is used for something not so nice?

Whilst this originally was an Australian ruling, and Australian problem, much like internet filtering and a lot of other things, these things have a way of happening in NZ. Already Yellow Pages are taking Auckland company Image Marketing Group (IMG) to court saying it obtained details of over 300,000 businesses from the Yellow Pages and re-sold the information via its own products.

Now, in my mind, and in a perfect world, surely *i* own the right to my own personal data, in which case surely they have to pay *me* to use it on their website in the first place? There is no one major company any more doing only phone and yellow/white pages any more, I can have my phone provided from one place, and white/yellow pages is now an independent company.  So this led me to wonder ‘who is paying for this information?’ .

Whilst their Privacy Policy page says they promise to not sell your data to third parties without disclosure, they do say they retain the right to use it in any “Yellow Pages Group companies”. So does this mean if they decide to start up a Marketing company they will use that data? or any other company they decide to start up? Its no secret they are not making much money at the moment, and their Terms of Service page also does state “If you require a comprehensive list of New Zealand businesses for commercial or marketing purposes, we have other services which will better meet your needs.”

Also, I see that in their Terms of service page they state “You are allowed to manually access the Directory, to make a copy of the results of any searches made in the Directory, and to use those results, provided that none of such access, copying and use is for the purpose and in the course of any business, or for the creation of your own commercial database”. So going by these guidelines am I allowed to copy the entire database, and put it on my own PERSONAL website without making profit or being a business? And if somebody copies the data of my personal website for commercial use, well … that’s a whole new can of worms isn’t it?

Now factor in that Brendon Battles is the director and shareholder of IMG. This guys is really fairly famous for making millions via spamming, and was once reported to have once sent 50 million spam emails per day.

So, where do you stand in the scheme of this? Is it time they started paying *us* for information they are sharing and making money off? Let me know your opinions!

Posted on

Chrome OS install, hints and tips & my first experience

Horay! Chrome OS is out at http://www.chromium.org/
You can preview it a bit here http://www.engadget.com/2009/11/19/googles-chrome-os-revealed/

First you need to go to install all the pre-requisites to compile it on your Linux system listed here http://code.google.com/p/chromium/wiki/LinuxBuildInstructionsPrerequisites – OR
If you run ubuntu just do this
wget http://src.chromium.org/svn/trunk/src/build/install-build-deps.sh
sh install-build-deps.sh (hit Y near the end when it wants to install binutils-gold ok?)

Download the tar.gz from here http://build.chromium.org/buildbot/archives/chromiumos-0.4.22.8.tar.gz
Or grab the git repo

sudo apt-get install git-core
mkdir [chromiumos]
cd [chromiumos]
gclient config http://src.chromium.org/git/chromiumos.git
gclient sync

Note: This process may appear to hang while downloading the kernel source. It may take anywhere up to 10-20 minutes before you get more feedback

Follow the build instructions here http://sites.google.com/a/chromium.org/dev/chromium-os/building-chromium-os/build-instructions.

Once its booted up and running, you will realize very quickly its just a bootable web browser. There’s nothing else installed or to install. No logout button, no shutdown, no nothing.
If you are cunning like me and want to play then nothing like a ctl+alt+t to bring up a terminal then use your sudo to get root access. (no tutorials on this, if you dont know the power of sudo you shouldn’t be messing with things!)

First thing i noticed was that the main root file system was mounted what seems to be read-only. This i can only presume is for speed (and it is blimmin fast!) amoung other things.

The home directory was mounted read-write however to allow for downloading etc.
Package management or editing system files is impossible without remounting the root filesystem as read-write
mount -o remount,rw /

It appears to be based on Ubuntu, and its so cut down nothing much is installed. However in saying this, its still 589MB on disk when installed, which considering the fact that its not actually running anything other than a web browser, that’s pretty shocking. I can get a full debian install with xwindows and basic apps in that size fairly easily. Perhaps they havn’t had time to strip more garbage from it yet?
I noticed when its running that its using 653MB of my 1GB RAM, and has no swap at all. I presume its entirely running in RAM which contributes to its speed.

Catch 22, ChromeOS uses your google user/pass to login, if you use this then it will automatically log you in to your google acct at the same time, however, Wireless networking doesn’t come up until you are logged in (WPA key) .

I decided I wanted to add another offline user, so i did. My default username/password was chronos/chronos and i didn’t want that (yes downloaded a precompiled image). I added myself a user, then added my user to the admin,video,etc groups identical to the main user. I was still not able to login using this user which sucked, so i copied the homedir over from the first user to the second.

Still no go, so i checked in /etc for hard coded user names and found a few
/etc/security/pam_mount.conf.xml had the homedir to be mounted hard coded into it
/etc/init.d/start_login.sh has export USER=firstusername
/etc/init.d/session_manager.sh has su firstusername -c “/etc/init.d/start_login.sh ${MCOOKIE}”
/etc/acpi/lid.sh has export HOME=/home/firstusername

I edited all these to point to the new username, also copied the firstusername to secondusername homedir, chown’d all the files and grep -r’d and changed all instances of username hard coding.

Whilst editing these files i noticed that the pam_mount.conf contained information for mounting the home directory as an encrypted area.
I rebooted and hoped like heck after editing it would all go well. I should mention here that I’m using my 701 EEE PC laptop here, its a great test bed for lots of things.

After reboot i was still unable to login as the new user, so i checked directories other than /etc and found /usr/lib/chomeos-cryptohome/common

At this point, im tired, its late on a sunday evening and i never quiet got it the other user going. Since i need that offline user account to login before my WPA key/WIFI works, i will pursue this one further, for now im heading to bed (may update post later)

Posted on

Removing iPhone or iPod Touch Calendar that wont disappear

I had a problem with my iPhone, i had previously added my google calendars to sync with iCal on the mac so they synced with my iPhone. THis was great except i couldn’t add things to them from the iPhone.

When Google allowed exchange access i just set that up and used it, problem was that I could no longer get rid of the old ones. I even set iTunes to sync NO calendars and deleted it all, and still i had a couple of these old calendars hanging about.
I figured since I had jail broken my iPhone i should be able to look around the filesystem and see what the problem was. Fairly quickly i found in the user ‘mobile’ home dir the files Library/Calendar/Calendar.sqlitedb (fullpath /private/var/mobile/Library/Calendar/Calendar.sqlitedb ) .
I grabbed an sqllite editor from http://sourceforge.net/projects/sqlitebrowser/ , copied the file over to my local Linux machine.
Opened the file in sqllite editor, went to Browse Data’ then changed the dropdown to ‘Calendar’. Deleted the offending Calendars, saved and re-uploaded.
Make sure you change the ownership so the mobile user can write to it!
Hermes:/User/Library/Calendar root# chown mobile.mobile Calendar.sqlitedb

Now before you get cocky, make a backup before you overwrite the original eh? Just in case you bugger things up!

Command history

wishes@tulip:~$ scp root@192.168.0.28:/User/Library/Calendar/Calendar.sqlitedb .
root@192.168.0.28’s password:
Calendar.sqlitedb 100% 716KB 716.0KB/s 00:01
wishes@tulip:~$ tar zvxf sqlitebrowser-1.3-i386.tar.gz
sqlitebrowser
wishes@tulip:~$ ./sqlitebrowser
wishes@tulip:~$ scp Calendar.sqlitedb root@192.168.0.28:/User/Library/Calendar/Calendar.sqlitedb-new
root@192.168.0.28’s password:
Calendar.sqlitedb 100% 552KB 552.0KB/s 00:00
wishes@tulip:~$ ssh root@192.168.0.28
root@192.168.0.28’s password:
Hermes:~ root# cd /User/Library/Calendar/
Hermes:/User/Library/Calendar root# ls
Calendar.sqlitedb Calendar.sqlitedb-new
Hermes:/User/Library/Calendar root# mv Calendar.sqlitedb Calendar.sqlitedb-old
Hermes:/User/Library/Calendar root# mv Calendar.sqlitedb-new Calendar.sqlitedb
Hermes:/User/Library/Calendar root# chown mobile.mobile Calendar.sqlitedb
Hermes:/User/Library/Calendar root# logout
Connection to 192.168.0.28 closed.