blog.kgbvax.net

Tuesday, September 23, 2014

Zeitgeist Datenschutz for English Speakers

Kindergarten, Fahrvergüngen, Doppelgänger, Zeitgeist.
These are some of the terms that made it from the German language into English. I'd like to tell you about another one which is ever-present in today's German, more relevant than ever and has no direct translation into English.

Datenschutz. The dictionary says it's "data privacy" but from my understanding this does not really cut it. Like Angst which is not straight fear but is more specific, Datenschutz is the subject of "data privacy" but it also includes an underlying idea:

Datenschutz (noun).
Literally it means "data protection".
Initially it was also defined (by law in 1970) as such.  The protection of data from manipulation, loss or theft.  Over time that has changed (I won't go into detail about this process) but now it's something rather different.
Not the data is protected but the individuals which are represented by that data.  Which brings us close to "data privacy".

Wikipedia (DE) defines Datenschutz as:
The protection from abusive information processing, protection of the right to informational self-determination. Protection of personality rights in the context of information processing or protection of privacy. Datenschutz stands for the idea that every human can decide for themselves to whom he/she makes what personal information available.

Although it is not stated in Germany's constitution, the constitutional court elevated a derived "right to informational self determination" to a fundamental right.

Datenschutz - as federal law - asserted 1986 that any processing of personal information is illegal unless permitted by law.  The same law also calls for Datensparsamkeit (another good one) which literally means "data frugality" which goes hand in hand with Datenvermeidung (data avoidance).

Of course there are lot of exceptions and loopholes (hooray for bonus cards!) but the important bit seems to be that we had a public discussion over several years in Germany on Datenschutz in the context of a general census (which finally happened in 1987) and since this time the idea that "my data is my property" is prevalent.

Based on this discussion there is a deep distrust on anybody who is collecting data: Once data has been obtained, people (who have for example a large commercial incentive) will find creative and unexpected ways to use or combine it in interesting and abusive ways.  This is difficult to fix once it happened and more difficult to prevent by regulation - unless you do not obtain the data in the first place.

Datenschutz is opinionated. It has this underlying assumption: We own and control our data. And unless you seek permission it's not ok to use it as you please.

But maybe I got "data privacy" wrong, if this is the case please enlighten me.

@ingomar

Thursday, June 5, 2014

Flatrate Saufen a la Telekom

Willkommen zum Flatrate Fest, powered by Telekom Hier gibt es zu nervötenem Gejingle Bier vom Faß soviel du willst für nur einmalig 15€ (*1) Das Fest beginnt um 18 Uhr. (*1)
Glas Bier

Faire Nutzungsklausel: Nach 750 Minuten (um halb eins) wird die Bierzufuhr gedrosselt. Statt 0,5l pro Glas gibt es dann noch 4ml Gläser. Du kannst natürlich weiterhin beliebig oft zur Theke gehen und dir ein neues Bier holen.

Monday, December 24, 2012

DIY Fusion Drive in a 2012 27" iMac

I've just converted my brand-spanking new 27" iMac to a DIY Fusion Drive. It works, but is not for the faint of heart:

Opening up the 27" iMac involves some major surgery. I used a 0.6mm plectrum to squeeze away the glue after a little warm up with a regular hair-dryer and two suction cups. The latter are not required.
Be warned that after you removed the adhesive tape (which is what it is) you won't be able to close the iMac properly unless you replace it. I had the display involuntarily come off once and was lucky to catch it. I recommend to wait until the iFixits of the world provide a replacement. Unfortunately I can not identify the sticky tape type.

Despite what I read elsewhere, the internal disk may not be 2.5". My iMac (1G disk) came with a 3.5" Seagate Barracuda. You thus may require a 2.5" -> 3.5" adapter.

Initially I replaced the internal HDD with an SSD and planned to install OS X from an USB stick. However I could not get the iMac to boot from an external USB disk or SD card which I have prepared using my MacBook. I think there may be something special about the iMac that defies booting from "non iMac" media. I know this sounds strange.
Network Recovery also failed with an error -2003F so I got utterly stuck. Here is how I resolved this:
I mounted the original internal disk back in the iMac and attached the SSD using the Seagate Thunderbolt adapter and the HDD using an USB3 adapter.
I then booted into recovery mode and first installed OSX on the SSD only so that I have proper recovery partition. I then mounted the SSD in the iMac and validated that it would in fact boot. Next, I put the original internal disk back, booted recovery mode once more and created the Fusion Drive on the SSD/external HD as per Jollyjinx' description and installed OS X. Works :-). Last step was to mount the SSD in the iMac.

My current setup looks like this:

  • Internal 256G Samsung SSD (840 Pro)
  • External 4TB Seagate Backup Plus interfaced through Thunderbolt.
  • After some usage I have to say it really delivers. Most of what I do feels blazingly fast. With a 4T disk. Just awesome. :-)

    tl;dr When you want to convert your 2012 27" iMac to a DIY fusion drive

  • Be prepared to see the iMac Display in a loosely attached state unless you replace the adhesive tape. Make sure that the display does not fall off.
  • Install the FD from the internal drive before replacing the internal drive
  • If you have done a similar conversion, I would be intrested to hear about it. @ingomar

    Wednesday, November 7, 2012

    Seagate Backup Plus 4GB: USB3 vs Thunderbolt

    If you are considering to get a thunderbolt version of the Backup Plus disk or to retrofit the thunderbolt desktop adapter (STAE127) here are some measurements I took:

    Via USB 3:

    Via Thunderbolt, Seagate STAE127 desktop thunderbolt adapter:

    Disk is a Seagate Backup Plus 4GB. Host is a 2012 MBPr with 10.8.2

    Friday, October 5, 2012

    Warum heissen Griechische Restaurants wie sie heissen?

    Ich habe mal in Köln gewohnt, so 10 Jahre. Neustadt-Nord. 10 Jahre lang bin ich regelmäßig an einem griechischem Restaurant vorbeigekommen das fast immer zu hatte. "Athos" heiss das. Das lag zwischen dem "Dionisus" und dem "Diogenes". Echt.

    Komisch das mit den Namen. Die Süddeutsche Zeitung spekuliert recht verwegen darauf das dies etwas mit der Herkunft des Gründers zu tun hat. Das ist natürlich völliger Unfug. Wie wir wissen kommen alle Griechen aus Griechenland, dann müssten ja alle Restaurants "beim Griechen" heissen. Tatsächlich sind das aber nur weniger als 5%.

    An einem lauen Sommerabend konnte ich das Mysterium der Bezeichnung der Griechischen Restaurants durch Deduktion (φαντασία) lösen:
    Es gab in der Zeit der Gründung vieler dieser Restaurants beim Gewerbeamt eine Liste aus der sich der Jungunternehmer einen Namen auszuwählen hatte. Dies war durch eine Verwaltungsvorschrift im Kontext des Anwerbeabkommen vom 30. März 1960 geregelt. Dort hiess es:

    "Um eine Verwechselung von Speiselokalen vorzubeugen und insbesondere die Bürger der BRD vor unvermittelten Olivenölgenuss (der sich auf den ungeübten Magen der Werktätigen überraschend auswirken kann) zu schützen haben Lokale, die hauptsächlich Speisen der grichischen Küche feilbieten, eine entsprechend eindeutige Bezeichnung zu führen. Dies kann durch die Verwendung der im folgenden genannten Eigennamen oder durch das Voranstellen des regionalen Gattungsbegriffs "Taverna" geschehen."

    Und dann kommt die Liste.
    Krass. Aber so war das damals. Unter den Talaren....
    Die entsprechende Verwaltungsvorschrift wurde erst 1982 im Rahmen von EU (bzw EWG) Harmonisierungen verworfen. Das Ergebnis sehen wir heute.

    Aber wie heissen sie denn nun? Ich habe aus "OpenStreetMap" mal sämtliche als "griechische Restaurants" extrahiert, die Namen normalisiert und aus den rund 2000 kartographierten Restaurants folgende Verteilung erhalten:

    Aber es gibt Hoffnung in der Namenswüste.
    Auch wenn sich solche Restaurants über Jahrzehnte halten und ihren Namen nichts verändern gibt es doch Neugründungen die sich erfrischend abgrenzen. In Berlin, Prenzlauer Berg habe ich "Frau Galinou kocht" gefunden.
    Da werde ich mal hingehen.

    Friday, July 22, 2011

    HOWTO create an encrypted TimeMachine Backup on an Apple software RAID using Lion FileVault2

    My MacPro is filled with disks which implies that a single disk of the type "the biggest you can buy" is insufficient for my TimeMachine needs. So far I have been using an OSX software RAID for TimeMachine which worked rather well.
    As I want to use 10.7 / Lion full disk encryption, the whole encryption is moot if the same data is stored as clear-text in TimeMachine.
    Even before Lion it was possible to use encrypted sparse disk images (as TimeCapsule uses them) to encrypt TimeMachine but frankly I don't assume that a 4Gb disk image is adequate.

    Lion allows you to specify that you want your backups to be encrypted, but in my case this was refused with a simple "not supported on raid".
    Using diskutil I managed to get it work anyway.

    WARNING This worked for me. Once. I think.
    This procedure may trash your data or set your cat on fire. Proceed at your own risk.

    This procedure will delete all data on the raid volume. I didn't care too much as this was TimeMachine history only.

    In Terminal, dump the current disk layout for reference:
    "diskutil list". In my case this looks like this:
    /dev/disk0
    #:                       TYPE NAME                    SIZE       IDENTIFIER
    0:      GUID_partition_scheme                        *256.1 GB   disk0
    1:                        EFI                         209.7 MB   disk0s1
    2:                  Apple_HFS SSD                     255.2 GB   disk0s2
    3:                 Apple_Boot                         650.0 MB   disk0s5
    /dev/disk1
    #:                       TYPE NAME                    SIZE       IDENTIFIER
    0:      GUID_partition_scheme                        *2.0 TB     disk1
    1:                        EFI                         209.7 MB   disk1s1
    2:                 Apple_RAID                         2.0 TB     disk1s2
    3:                 Apple_Boot Boot OS X               134.2 MB   disk1s3
    /dev/disk2
    #:                       TYPE NAME                    SIZE       IDENTIFIER
    0:      GUID_partition_scheme                        *2.0 TB     disk2
    1:                        EFI                         209.7 MB   disk2s1
    2:                 Apple_RAID                         2.0 TB     disk2s2
    3:                 Apple_Boot Boot OS X               134.2 MB   disk2s3
    ....
    


    Note that the RAID volumes in my case were disk1s2 and disk2s2.

    What I did was to delete the RAID in DiskUtility and to re-create it. You may not have to do this. Note that even if you do not re-create the RAID, you will still loose all data on the RAID-set.


    Step 1: Create a RAID set:
    diskutil ar create stripe myNewRaidSet JHFS+  disk1s2 disk2s2

    Replace disk1s2, disk2s2 with the list of the partitions you want to use for this RAID-set.
    If you don't want a "stripe" RAID0 you can use other types:
    o   "stripe" - Striped Volume (RAID 0)
    o   "mirror" - Mirrored Volume (RAID 1)
    o   "concat" - Concatenated Volume (Spanning)

    All the usual Apple RAID options can be used, including stacked RAIDs like RAID 10, RAID 0+1 etc. "man diskutil" or DiskUtility is your friend.


    Now you should have a new RAID-set. Let's check:
    diskutil list
    ...
    /dev/disk4
    #:                       TYPE NAME                    SIZE       IDENTIFIER
    0:                  Apple_HFS myNewRaidSet           *4.0 TB     disk4
    

    Good. disk4 is the name of the Raid-set

    We now have to create a CoreStorage Logical Volume Group.
    CoreStorage is the new volume manager in Lion which is the foundation for FileVault2).

    diskutil cs create myNewLvg disk4


    (Replace "disk4" with the name of your AppleRaid)


    We now should have a CoreStore Logical Volume Group.
    "diskutil cs list" will print it out:
    iomp:~ io$ diskutil cs list
    CoreStorage logical volume groups (1 found)
    |
    +-- Logical Volume Group 0CBCF265-CCC0-4564-90D2-30F5F3080FAB
    =========================================================
    Name:         myNewLvg
    Sequence:     1
    Free Space:   3999958884352 B (4.0 TB)
    |
    +-< Physical Volume 3C01045D-9391-4707-B0D8-5DC1551BF459
    ----------------------------------------------------
    Index:    0
    Disk:     disk4
    Status:   Online
    Size:     4000109887488 B (4.0 TB)
    
    Excellent. We still don't have a volume that we can use, this is created in the next step:
    diskutil cs createVolume 0CBCF265-CCC0-4564-90D2-30F5F3080FAB jhfs+ MyEncryptedRaid 100% -stdinpassphrase
    The parameters in details:
    • The lengthy hex string must be the UUID of the logical volume group you've created in the previous step. See above "myNewLvg"
    • JHFS+ tells disktuil that we want a journaled HFS+ volume (which should be fine)
    • 100% means - "use 100% of the logical volume group for this volume". You can create multiple smaller volumes if you fancy those.
    • -stdinpassphrase will cause diskutil to ask for an encryption pass phrase.
    Make sure this is a decent (long, non-dictionary and complex) password and *DO NOT LOOSE IT*. If you loose this, your volume becomes noise. I have not quite understood the whole key recovery deal but that key appears to be stored nowhere except with you. So play it safe. After a few seconds, you should see the new volume mounted. Check the details via "diskutil cs list":
    CoreStorage logical volume groups (1 found)
    |
    +-- Logical Volume Group 0CBCF265-CCC0-4564-90D2-30F5F3080FAB
    =========================================================
    Name:         myNewLvg
    Sequence:     2
    Free Space:   0 B (0 B)
    |
    +-< Physical Volume 3C01045D-9391-4707-B0D8-5DC1551BF459
    |   ----------------------------------------------------
    |   Index:    0
    |   Disk:     disk4
    |   Status:   Online
    |   Size:     4000109887488 B (4.0 TB)
    |
    +-> Logical Volume Family B290CE10-87A6-4D75-AE3A-EF3ECF401635
    ----------------------------------------------------------
    Sequence:               2
    Encryption Status:      Unlocked
    Encryption Type:        AES-XTS
    Encryption Context:     Present
    Conversion Status:      NoConversion
    Has Encrypted Extents:  Yes
    Conversion Direction:   -none-
    |
    +-> Logical Volume 948377BF-5F9B-47A1-A6D5-E98472F32072
    ---------------------------------------------------
    Disk:               disk5
    Status:             Online
    Sequence:           2
    Size (Total):       3999958884352 B (4.0 TB)
    Size (Converted):   -none-
    Revertible:         No
    LV Name:            tm4cc
    Volume Name:        tm4cc
    Content Hint:       Apple_HFS
    


    There your have it, an encrypted RAID-set.
    Point TimeMachine to the new location and that's it.

    I haven't yet looked into details of FileVault2 (details are also very hard to come by at this time) so the whole exercise may be plain idiotic. For example I haven't tried whether I can restore from this volume (as the backup of 1,4Tb is still ongoing). I will update the post once I have tried this. You may want to wait for this ;-)

    Wednesday, April 6, 2011

    Dieser grüne Hype..

    ist mir ja ein Rätsel.
    Die CDU hat 7 AKWs abgestellt.
    Die Grünen 0.

    Wer ist denn hier nun grün? ;-)