How to mount your backups with Obnam using FUSE

With the latest version 1.5 Obnam introduced a pretty cool new feature: You now can mount your backup as if it would be a "virtual hard drive". That is, you don't need to extract / restore your backup using Obnam's command line anymore if you only are interested in certain files or directories to restore.

Since this feature is pretty new I had to bring myself up-to-date on how to exactly use the mount option. Since this is FUSE (Filesystem in Userspace) you don't need to be root to mount the actual backup. Still, it took my a while until I figured out the right parameters to make it all work.


This is how to make it happen (tested on Ubuntu / Mint / Debian):

First, you have to create a new directory in your home directory where to actually let Obnam mount the backup into. I chose

/home/<your-user-name>/tmp/obnam

for that.

Second, your user needs to be part of the group "fuse". This already should be the case, and if not: 

 sudo usermod -a -G fuse <your-user-name>

Now comes the fun part: Mounting your backup! For me, my backups are located on my NAS, which in turn are mounted (read-only, for saftey!) into

/media/ds212/backup/<your-hostname>/backup_YYMM

To mount the this backup repository, do a

obnam mount --repository /media/ds212/backup/<your-hostname>/backup_1310/ --client-name <your-hostname> --viewmode=multiple / --to=/home/<your-user-name>/tmp/obnam

Note: Execute the command above as your regular user, not as root! The backup will be mounted as ready-only -- makes sense with a backup, does it?

Now you should be able to access your backup within

/home/<your-user-name>/tmp/obnam

The cool thing is: With the option --viewmode=multiple just supplied above you can access all backup generations so far created at once. The latest folder contains a link to the, well, latest backup made.

To unmount the backup you need to be root however: sudo umount obnam

Have fun with this cool feature!

Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010

Whoa, what an article! If you consider IT security your thing you have to read the following blog post over at:

http://op-co.de/blog/posts/android_ssl_downgrade/

The author essentially found out that since Android 2.3.4 Google has changed the default cipher suite list to favor the (unsecure) RC4-MD5 first instead of RSA-SHA256.

How to debug SSH path problems on Synology NASes

Recently I wanted to add just another backup job to my beloved DS212+ Synology NAS box. This job essentially does a bit of shell stuff via SSH on that box, also requiring to have some of the optware binaries in $PATH.

Well, first it didn't work out because apparently the optware binaries (more precisely /opt/bin and /opt/sbin) weren't in SSH's $PATH. However, I was pretty sure (and of course double checked!) that $PATH was tweaked correctly in the .ssh/environment file and that sshd was restarted after that.

To debug the issue further I just started another SSH instance on the Synology, using a different port + in foreground debug mode: 

/usr/syno/sbin/sshd -d -D -p 2222

On my client I then did this:

ssh -v root@<IP-to-my-NAS> echo \$PATH

Ah ha! The "Environment:" on the client side now told me that it indeed was picking up the wrong $PATH. But wait: Where did this come from?

Quick answer: Synology's start/stop script located at

/usr/syno/etc/rc.d/S95sshd.sh

kind of messes it up. For the sake of speed I believe it doesn't really terminate the old sshd instance and instead just drops existing connections. This is why changes to .ssh/environment do not get applied correctly after restarting the service.

Solution to all this now sounds pretty simple: Log in to DSM (DiskStation Manager) via web interface, go to system settings / terminal and (again) activate "SSH". This will (re-)start sshd the right way with the new environment settings picked up. Crappy, but works!


 

How to re-root your devices after Android 4.3 OTA

Yay, so you finally got your hands on the just released Android 4.3 on-the-air (OTA) update? Great! But wait ...after upgrading your lovely root permissions are gone and even Super-SU does not work anymore?

This happened to me as well on my beloved Nexus 4, so to quickly remember how to gain root after such an update, do the following:

1. Make sure you got the latest Android SDK (namely, adb + fastboot) installed 
2. If wanted: Get the latest ClockworkMod (CWM) recovery for flashing here
3. Download the latest SuperSU flashable .zip from here
4. Place the SuperSU flashable .zip onto your device's SD-card / -partition
5. Connect your device via USB cable to your PC
6. Do a adb devices to check if your device is being recognized
7. Do a adb reboot bootloader to reboot your device into the bootloader
8. Now, do a fastboot flash recovery <path to the CWM recovery .img file> to flash the latest CWM recovery to your device
9. Time to reboot the device into CWM by choosing "Recovery" directly on the device's bootloader screen (via the volume +/- buttons, power button to confirm)
10. CWM now should boot up. Here you now have to select the SuperSU .zip downloaded and up on the SD-card / -partition from step 4 and flash it.

And finally: Reboot the device and enjoy having root access again!

"I Contribute to the Windows Kernel. We Are Slower Than Other Operating Systems. Here Is Why."

Just found a very nice post over at HackerNews which apparently is from an engineer working at Microsoft, comparing the innovation speed of Linux and MS kernels. A must-read for techies: http://blog.zorinaq.com/?e=74

Tiny Tiny RSS and Synology NASes

Today I spent a bit of time to evaluate Tiny Tiny RSS, an Open-Source and web-based RSS client with API support and much, much more.

I simply wasn't too happy with my last Feedly experiments, namely: No plugins, no filtering / tagging / scoring support and, well, it's closed-source. So I decided to give Tiny Tiny RSS a try. Why? Maybe you've heard about Google Reader closing soon.

Luckily, Syno Community is offering a (beta) package for Synology NASes, like for my DS212+. To get this package you have to add Syno Community's package repository with a special parameter:

http://packages.synocommunity.com/?beta=1

(Note the ?beta=1 at the end)

After adding, installation should go pretty smooth. Oh, and did I mention you have to enable MySQL and Web Station before doing that? Otherwise it won't work. Really.

In case you're wondering what's your admin user default password (in case you didn't change it yet) for the MySQL server: it's empty, nothing, nada.

If Tiny Tiny RSS' update daemon is not running correctly, that is, your feeds don't get updated, see the next steps:

Stop the package in the Synology package manger.

Check what's going on by manually running

su -m nobody -c "php /var/services/web/tt-rss/update.php --daemon"

on the SSH command line.

If there's an error like "sh: /usr/syno/bin/php: not found" you have to link the existing PHP binary via

ln -s /usr/bin/php /usr/syno/bin/php

After that the regular "--daemon" should work and also update the feeds. Now you can start the package again in the package manager.

Hope this helps.

Pictures from a developer’s life

Just a small one for the weekend you shouldn't miss: Pictures from a developer’s life

Replacing OpenJDK with Oracle/Sun Java on Ubuntu and Mint

Ever wanted "the real thing" on your lovely Ubuntu or Mint installation when it comes to Java? Search no more, here's the solution: Duinsoft developed a very nice script / installer which does all the installation of the most recent Java Runtime from Oracle (formerly Sun) for you:

http://www.duinsoft.nl/packages.php?t=en

So in order to replace the pre-installed OpenJDK on your box you essentially need to follow the quick instructions ("Repository") on the site mentioned above plus purging the OpenJDK stuff afterwards with:

sudo apt-get purge openjdk-\* icedtea-\* icedtea6-\*

After all the voodoo is over you should get the following prompt when doing a

java -version

Java(TM) SE Runtime Environment (build 1.7.0_06-b24)
Java HotSpot(TM) 64-Bit Server VM (build 23.2-b09, mixed mode)

(Note: Exact build numbers may vary, depending on when you installed the stuff.)

Best thing is: You don't need to all that installation mess again, the script from Duinsoft will take care of it in the future from now on.

Rethinking the shell pipeline

Nice article about rethinking the (ancient) shell pipeline by Alexander
Larsson:

http://blogs.gnome.org/alexl/2012/08/10/rethinking-the-shell-pipeline/

For which who don't like the Windows Powershell (me, for example) this
seems to be nice approach! Give this a read.

Create an API for a webpage that doesn't have one

Ever wondered why your favourite website doesn't have a nice API to
retrieve some JSON data out of it? Then you probably want to build your
own API for free using APIfy: http://apify.heroku.com/resources
This basically is a playground for hacking up a (simple) API to extract
information out of some website. Works pretty well, even if it's still a
bit simple-minded. Let's see what time will tell ...

Nice comparison of responsive JS frameworks

Just stumbled over a nice site which has a pretty nice and deep
comparison of the latest and most popular responsive JS frameworks:

http://blog.stevensanderson.com/2012/08/01/rich-javascript-applications-the-seven-frameworks-throne-of-js-2012/

So if you're into Javascript, be sure to check this out!

Tahoe-LAFS, a decentralized p2p file system in Python

While browsing through my "to-read" bookmarks I again stumbled upon Tahoe-LAFS, a decentralized peer-to-peer filesystem implemented in Python. This thing really looks promising, providing encrypted and (hopefully) secure storage of all your data across the web. Thaoe is not meant to be for the end-user (yet) really, but maybe there will be some nice addons to all the Dropbox clones out there which then finally could be used with end-to-end encryption. For non-geeks: This means that, if Thaoe is being used together with a service like Dropbox, nobody but you - not even by the Dropbox staff itself - can access your data anymore.

I'll have to play around with this a bit more in the next upcoming days. Let's see how it performs.

Oh, and here's the website in case you can't wait to get your hands on yourself: https://tahoe-lafs.org/trac/tahoe-lafs
 

A (Mostly) Gentle Introduction to Computer Security (by Todd Austin)

Just dug out a nice video recorded over at  LinuxConf.au 2012 from Todd Austin, which gives an introduction of (general) computer security concepts and some details behind it. Well done stuff, be sure to check it out:

Another crazy dubstep video (by Mike Tompkins)

Lead Breakfast ('Pulp Fiction' Remix)

Another very cool video remix, this time using flicks from Pulp Fiction:

What happened to Syncany? Not dead -- really?

I recently visited the Syncany page again to check what (finally) the status is: Apparently a news entry from April 2012 is there telling that the project is not dead. Well, at least something, but hopefully this won't end up being the next Duke Nukem Forever. Don't get me wrong: I'm really looking forward trying out Syncany as soon as it's ready, but competition (aka OwnCloud, CamliStore and such) is not sleeping. While I don't really believe in SparkleShare coming up with something really good anymore there must be a new alternative ...we will see (and hope).

ASCIIFlow - diagrams the 1337 style

Ever wondered how much time certain people spent creating cool-looking ASCII diagrams in all sorts of documentation and technical stuff? Well, wonder no more because there's now ASCIIFlow! Without any registration hassle and completely for free you finally can draw ASCII diagrams using a hip and responsive web 2.0 application.

Be sure to give it a try! http://www.asciiflow.com/

Yet another backup solution: Backshift

If you follow my blog a bit more closely you surely recognized my habit of always looking for the perfect backup solution.

Well, here's another (rather new) one: Backshift.
To quote the webpage:

• rsync can be used to copy a filesystem from one host to another, or for backups using rsync's --link-dest option plus a small wrapper script
• Backshift is only for backups, and works analogously to rsync --link-dest, but it deduplicates variable-lengthed blocks of the files both intra-host and inter-host, and compresses those blocks using xz.

Although it's pretty new it already claims a lot -- just have a look at the nice comparison table over here.

O Fortuna Misheard Lyrics (Animated)

Make RSSOwl work with Mint 13 (Maya)

Sigh, that took me a while to figure out. After re-installing my Linux base system (moved from an ancient but steadily upgraded Ubuntu to Mint 13 aka Maya because of their lovely Cinnamon desktop) I could not run RSSOwl anymore.

I'm using RSSOwl because of their nice Google Reader integration which enables me to keep track of all the news on different devices I'm using nowadays.

Anyhow, RSSOwl just failed to load on my brand new Mint with the error message "Failed to create the browser", aborting the whole thing afterwards.

For Mint (and maybe other Ubuntu-related distributions out there) you need to do the following in order to make RSSOwl start successfully again:

1. Go into your RSSOwl/xulrunner directory (e.g. /opt/rssowl/xulrunner) and execute:
   chmod 755 $(file * | grep executable | sed 's/:.*//')
2. Then, do a:
   sudo ln -s /usr/lib/x86_64-linux-gnu/libhunspell-1.3.so.0 /usr/lib/x86_64-linux-gnu/libhunspell-1.2.so.0
   
   on a 64-bit system, or for 32-bit, do a:
   
   sudo ln -s /usr/lib/x86_32-linux-gnu/libhunspell-1.3.so.0 /usr/lib/x86_32-linux-gnu/libhunspell-1.2.so.0

The first step makes sure that all file permissions for xulrunner (a component RSSOwl needs) are set correctly, the second step creates a symbolic link to point from libhunspell-1.2.so.0 to libhunspell-1.3.so.0. Xulrunner apparently is dynamically linked with the older libhunspell 1.2 but Mint already has version 1.3.
To manually figure out why xulrunner is unhappy a

./xulrunner --register-user

in the RSSOwl/xulrunner directory will tell you.

After the two steps above your RSSOwl installation should run without trouble again -- happy reading!