With more generic offerings from cloud storage providers – up to 50GB free, cloud storage is tempting alternative to store some of our data. I have some data, which I really do not want to loose. I already have them stored on several devices, however additional copy in cloud could help. But how much I can trust cloud providers to keep my data private, even from their own employees. Not that I have something super secret, but somehow I do not like idea, that some bored sysadmin, will be browsing my family photos. Or provider use my photos for some machine learning algorithms.
Main providers like Dropbox, Google do use some encryption, however they control encryption keys, so they can theoretically access your data any time and in worst case provide them to third parties – like government agencies. From what I have been looking around only few providers like Mega or SpiderOak offer privacy by design – which means all encryption is done on client and they should not have any access to your keys (zero knowledge). However how much we can trust that their implementation is flawless or that there are not intentional back-doors left? There has been some concerns about Mega security couple years ago, but no major issues appeared since then.
So rather then trusting those guys fully, why not to take additional step and also encrypt our data, before sending them to cloud? Additional encryption will not cost us much CPU time on current hardware (from tests – 11% of one core of old AMD CPU) and will not slow down transfers, because they are rather limited by Internet connection bandwidth. And on Linux we have quite few quality encryption tools like gpg or openssl, which can be relatively easily integrated into our backup/restore chains. In the rest of this article I’ll describe my PoC shell script, that backs up/ restores whole directory to MEGA, while providing additional encryption / decryption on client side. Continue reading Do We Trust Cloud Storage For Privacy?
Having updated my mobile recently (but still staying on Android) to 4G device, I thought that it would be about time to make my audio collection available outside of home network. At home I use samba share, which is quite fine for most of uses, however enabling access from internet required bit more effort. In following article I’d like to describe options, I’ve been looking at, and the final solution. Continue reading Media Server For Music And Audio-Books
Git is not only great version control tool, but can be easily used for web application deployment to testing or production environmenst. For more complex projects some continuous integration (CI), tools/services can be more appropriate (like Jenkins), but for smaller project we can do just fine with Git , SSH and simple script installed as git hook. Below is the scenario I’m using for one Python Flask web application. Continue reading Simple Web Applications Deployment via Git
PaaS is happily buzzing in the Cloud and it seems to be hottest topic in the infrastructure services today, so I decided to test Openshift – PaaS offering from Red Hat. Couple of reasons make this platform interesting – firstly it’s open source solution, so we can use it to build your own private solution, secondly on public service we get 3 gears ( linux containers with predefined configuration) for free forever, so it’s easy to experiment with this platform. As a sample project we will create very simple Python Flask web application with MongoDb. Continue reading OpenShift Experiencies
Most modern SOHO routers (like my Asus) support UPnP IGDP or NAT-PMP protocols to enable hosts on local network to open and map incomming (from WAN) port on router. While these two are different protocols with different origins, they both serve same purpose, so often they are enabled by a single option in your router configuration ( like in my Asus – there is only one option ‘Enable UPnP’, but in fact it enables both protocols).
This automatic incomming port port management is very convenient, however it can cause some security problems in your local network. Because normaly neither UPnP nor NAT-PMP is authenticated, all local subnet is basically trusted, it means that any program can open incomming port, as it needs (including malware programs). More detailed description about potential UPnP issues is for instance here. Continue reading Check UPnP port mapping on you router
In one of past articles I’ve described how to use HTTP CONNECT method to tunnel other protocols through a proxy. It worked for me for various protocols ( mainly email access IMAP, SMTP), but recently it stopped working for SSH protocol. After some investigation I’ve found that proxy is checking what protocol it is tunnelling through and expects it to be SSL/TLS. If it is anything else, proxy closes connection with an error. It still worked for mail protocols, because they were already wrapped in SSL. But to be still able to use SSH through proxy some more sophisticated setup was needed – tunnelling SSH through SSL protocol, which is then tunnelled via HTTPS proxy ( HTTP CONNECT method). Below I describe a setup, which works for me. Continue reading Tunneling SSH through Restrictive HTTS Proxy
As many may know Oracle VM Server is based on Xen hypervisor so it’s possible to run VMs prepared for Oracle VM on other Xen based solutions like XenServer or OCP. Main difference is management of VMs – Oracle VM is using xm, while recent XenServer is using newer xapi stack. But paravirtualized Linux kernels can run easily on both.
Oracle is providing VM templates with many of it’s key products – like for instance new Oracle 12c database. In this article we will show how to run Oracle 12c Database VM template on XenServer 6.2. Continue reading Running Oracle VM Template for DB 12c in XenServer
It’s not obvious to set it right, so I’m putting some notes here:
Installation is described here.
- ORACLE_HOME is needed just for installation
- If you add client library path to
/etc/ld.so.conf.d/oracle.conf and update
ldconfig, you don’t need to export modified LD_LIBRARY_PATH
- when you install Oracle client library and set environment, you can install cx_oracle also via
pip install cx_Oracle
The crucial step not mentioned in the installation guide is to set NLS_LANG environment variable – this should be in the environment of your python program using cx_oracle. So for instance for Flask+SQLAlchemy you can have:
Without this variable oracle client is using 7bits ASCII! So any unicode character will raise “UnicodeEncodeError: ‘ascii’ codec can’t encode character” error.
It’s surprising how much incorrect informations are available on web for this topic. I was struggling to get correct configuration for simpleSAMLphp package (on Ubuntu 14.04). This is finally correct config (inside server section): Continue reading Correct nginx config for PHP5 fastCGI
I required some simple statistics (selected page visits per day) from web-server logs. I looked at some web log analyzer packages like AWStats, but it looked to me like as an overkill in my case – I’d probably spent more time to trying make it work then putting together some small script. So here it is – a simple bash script that will take all available access logs (by default on Debian nginx is using logrotate to rotate logs daily and keeps 52 daily logs, old logs are gzipped) and calculate page visits for certain request pattern: Continue reading Simple statistics from nginx access logs