The advent of “The Cloud” has meant that there are now services available on the internet for many of the tasks which traditionally would have been tackled by systems within your company or home.
One of the most basic is the storage of files on the internet which synchronise with a folder on your computer. Although there are many examples, I am going to use a free 5Gb Ubuntu One (U1) account to keep my secret files backed up offsite.
When it comes to backups, there are a couple of issues that need to be addressed.
- If you backup to an external hard-drive, what happens if someone steals it? Do they get access to your personal information?
- What if the house burns down? Do you lose both the original store of that information on the PC as well as the “safe” backup on the external hard drive in the same room?
I suspect that for most people the answer to both of those questions is yes. It does not need to be and GNU/Linux allows you to fix these issues relatively easily. I don’t know whether it can be done on Microsoft Windows or Mac OSX, you’re on your own there.🙂
I have a PC with Ubuntu 11.10 “Oneiric Ocelot” installed. As usual, I have a “home” folder for my own account but because there is no encryption on those files by default, anyone who gets their hands on my PC or external hard drive can read my files.
So this is what I did…
Install the package ecryptfs-utils with support for encfs to add an encrypted folder under your home folder called “Private”.
Open up a terminal window and execute the following command
sudo apt-get install ecryptfs-utils encfs
Then run the following command to create the Private folder
This will ask you for your login password/passphrase and will then create for you a mount passphrase which you should record somewhere as it is the key to decrypting your secure data in future.
(Hint, don’t just stick it in a text file in the same folder. Nature has a way to stop this sort of behaviour a.k.a. “Natural Selection”. You could backup the folder ~/.ecryptfs as it contains the mount passphrase wrapped up by your login password.)
At this point there is a folder called “Private” in your home folder which looks much like all the other folders. The difference however, is that every file or folder you place in there becomes encrypted and stored in a hidden folder called “.Private” (note the initial fullstop/period in that name).
In fact, the data is ONLY stored in that .Private folder and it is your mount passphrase that decrypts it and allows you to interact with the files through the Private folder. The .Private folder is what you can safely store out on the internet because nobody can decrypt it without your mount passphrase. What we will do next is synchronise this folder to be stored out on a cloud file storage service. I’ve chosen UbuntuOne but you could just as easily use Dropbox
Now this is where the fun starts…
Sign-up for an UbuntuOne account
Ubuntu One software is already included with Ubuntu, for other services you will need to install some software e.g. Dropbox client software.
Launch the Ubuntu One software from the Unity launchbar on the left of your screen in Oneiric. Once you have logged in, you will see that the “Ubuntu One” folder in your Home folder is automatically synchronised. Now I am sure that the nice people at Canonical would not sift through your files or that they’d make a technical error that allowed your files to be seen by all and sundry on the internet. But with this approach, we don’t have to worry.
In the Ubuntu One software, you need to add the .Private folder (the one starting with the period, remember?) which contains encrypted gobbledygook so that it gets synchronised from your PC to your 5Gb Ubuntu One (U1) account. To accomplish this, right click on the folder in Nautilus (the normal file explorer in Ubuntu) and choose the menu option for Ubuntu One to “Synchronise This Folder”.
If you like, you can login to the U1 website to check the progress of the upload.
Once that is completed synchronising, you will have your files safe and secure on the cloud in case you lose your primary source of those files. Every time you edit one of those files or add another, they will immediately be encrypted and synchronised with that U1 account.
The mount passphrase is essential in getting access to that data so DO NOT SHARE OR LOSE IT.
If you want to retrieve that data on another Ubuntu machine, then merely setup U1 as before using the same account details. You will probably need to click the checkbox in the U1 software, “Cloud Folders” tab for the .Private folder to be downloaded to this new machine. (CAUTION: It is not necessary to perform the step earlier to create the Private folder on this second machine using ecryptfs-setup-private. In fact, if the Private folder already exists on this second machine, don’t do this because encryption is already setup and you’re probably overwriting some other encrypted data.)
Give it some time to synchronise and run the following command in a terminal
sudo mount -t ecryptfs ~/.Private ~/Private
Enter your mount passphrase and you should be able to see your data in the Private folder.
Some additional things to note.
If you need more than the free 5Gb, you can pay for more storage.
Software clients exist for many operating systems (Windows, Android smartphones etc) but you will need a means to decrypt the data when you want to read or edit it. This guide assumes that we are only using Ubuntu 11.10. Hint: For Android check out the boxcryptor application with a Dropbox account as it has encfs support and is well integrated with Dropbox. I prefer to use free software and will keep an eye out to promote an Android solution in future.
I hope this helps explain how to protect yourself from data theft or loss by using readily available cloud services. If you require further explanation, please let me know and I will try to clarify.
I’ve had some issues with graphics in Oneiric Ocelot since the Alpha pre-releases.
There were issues with the AMD proprietary driver (“fglrx”) for both my 5770 and 5870 graphics cards and, since I would always prefer to use free software, I decided to revert to the free Radeon driver that does have some 3D support now.
The problem is that, even after removing the proprietary AMD driver, some residual issues still persist that stop the radeon driver from working properly.
The trick is to reinstall a few components after removing all the fglrx packages. Then remove the xorg.conf file.
That was enough for me, I now have my dual monitor setup back in action with the compiz wobbly-windows effect that I like.
In a terminal, try these commands one-by-one and then reboot.
sudo apt-get remove --purge fglrx fglrx_* fglrx-amdcccle* fglrx-dev* xorg-driver-fglrx sudo apt-get remove --purge xserver-xorg-video-ati xserver-xorg-video-radeon sudo apt-get install xserver-xorg-video-ati sudo apt-get install --reinstall libgl1-mesa-glx libgl1-mesa-dri xserver-xorg-core sudo mv /etc/X11/xorg.conf /etc/X11/xorg.conf.backup
The free software radeon drivers wins over the proprietary AMD software.
For more help with getting AMD cards working try reading this excellent guide for Natty.
There does not appear to be a simple way to do this through the user interface but this terminal command will do it.
gsettings set org.gnome.desktop.sound event-sounds false
If you have installed Ubuntu recently you will find that ext4 is the standard format used for creating filesystems. However, if you upgraded from an older version of Ubuntu you may be still using ext3.
The following instructions show how to upgrade the filesystem format with the data still in place. I am presuming you have a backup of your data in case this goes completely pear-shaped.
First confirm that you are using ext3 by typing the following command in a terminal window (Go to Applications menu, Accessories, Terminal)
sudo df -Th
One of the lines that showed up for me was
/dev/sdb1 ext3 241263968 93827044 137632456 41% /media/mirror
Now download, create and boot from a Ubuntu live CD so that none of your hard drives are in use. Choose the 32-bit option of the latest version (ver 10.10 at time of writing) of Ubuntu.
Then restart the machine with this newly created CD and again confirm the name of the device you want to upgrade from ext3 to ext4.
sudo df -Th
Before making the change in format, let’s check the disk for any errors
sudo e2fsck -fDC0 /dev/sdb1
When that completed, we make the change from ext3 to ext4 with
sudo tune2fs -O extents,uninit_bg,dir_index /dev/sdb1
The only thing left to do is to edit the fstab file so that the filesystem loads with ext4
The fstab file will be on the drive that you use to boot the PC in the /etc directory. Although not in my example here, this may be the drive you just modified.
We need to mount the drive that is used for booting (I assume it is sda1 here)
sudo mkdir /mnt/sda1
sudo mount -t ext4 /dev/sda1 /mnt/sda1
Now edit the fstab file
sudo nano /mnt/sda1/etc/fstab
Look for the line which contains your recently changed drive (sdb1 for me) and alter the format from ext3 to ext4 and hit control-x to exit. Then hit the Y key to accept the changes and hit enter to replace the old fstab file.
Now it’s just a matter of restarting for the drive to be reloaded with ext4.
Well, here’s the plan.
I’ve just bought a Powercolor ATI Radeon HD 5770 for AUD$127 from msy.com.au in Ultimo, Sydney yesterday.
This is a good quality graphics card that is below the current 6000 series cards in terms of performance but cheap at the price.
What I plan to do is earn enough money from it to cover the cost within 2 months!
How is that to be achieved? By “GPU mining”.
With the advent of OpenCL support, the newer graphics cards can be instructed to use the onboard graphics chip (known as the “GPU”) to focus on intensive mathematical tasks and free up the main system CPU to do other things. The GPU is designed for this sort of work so it’s an ideal way to get the most out of the hardware you have purchased.
Ok, here’s where the money comes in. Bitcoin is a form of virtual currency that is managed by a network of connected computers on the internet that talk to each other at a peer level to manage the transfer of bitcoins from one party to another. The transfer is anonymous in that you know the identifier of the party you are dealing with but not who they are. There are businesses that are accepting bitcoins as a form of payment. The computers in the bitcoin network belong to any individual that is interested in partaking in the bitcoin economy.
My computer is now one of them.
Every now and again, one of the nodes (i.e. computers) in the network creates some new bitcoins (50 at a time to be precise). The more processing power you have, the more likely you are to create a block of 50. By adding this graphics card, I have increased my processing power for bitcoin generation by about 150 times and should create 50 within 8 days on average according to the bitcoin calculator. I am processing at 155 Mhash/sec now.
There are markets to swap bitcoins for USD through paypal transactions which at time of writing show that 1 bitcoin is near to USD$1. I will earn USD$50 per week on that basis which will pay for the card in under a month but I’m being conservative by aiming for 2 months. There has been a significant rise in the relative value of a bitcoin in the past 6 months which is a critical factor in this plan.
In order to get things running on Ubuntu 10.10 64-bit “Maverick Meerkat”, I had to download and install the proprietary version of the ATI driver (10.11 is the best for performance currently) for my card. It chose the radeon driver by default which does not provide the OpenCL support required. Also, I chose ATI since their performance for mining is far, far better than Nvidia’s.
I also downloaded this to get the correct ICD files installed under /etc/OpenCL/vendors
You should ensure that the bitcoin server is running rather than the actual user interface (see below).
In a terminal window, run the following
sudo gedit ~/.bitcoin/bitcoin.conf
and put in any values for rpcuser and rpcpassword
Then you need to run the bitcoin server with
Now finally you need to run the Diablo miner making sure that it knows where the ATI Stream SDK OpenCL library is. (find it with sudo find / -name libOpenCL.so) and using the path to where you downloaded the miner along with the username and password you put into the bitcoin.conf earlier.
./DiabloMiner-Linux.sh -u myself -p somethingsecret -w 64 -f 10
This should then show the current processing in terms of khash/sec. Mine is between 150,000 and 160,000.
Now to sit back and see if I improve on my free 0.05 bitcoins in the next 8 days (UPDATE: First 50 bitcoins arrived this morning, 27/02/11 4:14:49 AM, after about 15 days of processing)
Oh, and if you do manage to get some coins and fancy giving them away, my bitcoin wallet is 1Cfdc5DHMABv27eyQ9xcrnuynQmx9dRXTg
For those who have never done it, and those who are paying too much for it, there is an easy and inexpensive way to get your own registered domain name hosted for email so that you have an email address like email@example.com
The trick to this is to use Google Apps and a domain registrar (I use godaddy.com as registrar in this example as it’s cheap and they’re one of the biggest on the internet).
First things first. You need to decide on a domain name you want.
Go to godaddy.com, search for the domain name you want and follow the prompts to checkout and purchase. There should be sufficient instruction on their website on how to purchase.
Once that has been accomplished, you will be able to login and configure the domain so that email is hosted by Google Apps. This allows you to access your email from anywhere without any further concern for backups or uptime.
Sound good? Then let’s get started.
In the godaddy interface, you login so that you can see your account (link to “My Account” in top right of screen on their current website layout). This will show you your newly registered domain in a list. Click on the “Advanced details” next to your domain name e.g. yourcompany.com.
On this screen, it is the “Total DNS” section you need to change. Click on “Total DNS Control” to bring up the screen to edit these values.
There will be two settings shown under the MX section. These relate to email and need to be deleted by clicking on the red cross to the right. Then we add three new ones in this MX section to point us to Google Apps email.
Click on “Add New MX Record” and enter these values (Note there is a period/fullstop after each of the names below. TTL value is left at default of 1 hour)
Host Name – Goes to Address – Priority
@ – aspmx.l.google.com. – 10
@ – alt1.aspmx.l.google.com. – 20
@ – alt2.aspmx.l.google.com. – 30
@ – aspmx2.googlemail.com. – 40
@ – aspmx3.googlemail.com. – 50
Next we want to alter the CNAMES section so that mail.yourcompany.com points to the Google Apps email website. To do this we, delete the current CNAME Alias called “mail” and create a new one of the same name with these settings…
Alias Name – Points to Hostname
mail – ghs.google.com
This should be it for setting up the domain, now we need to configure the Google Apps side to accept these emails for us.
Click on http://www.google.com/a
Click on the “Apps Editions” and choose the “Standard” which is free and allows up to 50 email addresses to be created.
Click on the “Get Started” button.
Now you can enter an existing domain name (bought from godaddy above) e.g. “yourcompany.com”.
Choose Administrator, as you control the domain, and then “Get Started”.
Next complete the screens with your personal details to register with Google Apps and you will eventually get to a page that talks about how you can confirm to Google Apps that you really own the domain. You have 7 days to confirm this or this Google Apps account will be deleted.
To confirm ownership, login to Google Apps and it will prompt you to verify ownership.
Choose the first option “Add a DNS record to your domain’s configuration” and choose godaddy.com (assuming that’s who you registered with) from the drop down list .
Step-by-step instructions will be displayed on what is required. You will need to login to godaddy.com and go to the “Domain Manager” (from the left-hand menu) and create a TXT record for the domain by clicking on “Total DNS Control”.
There is a button half-way down the screen on the right hand side called “Add New TXT Record”. Click that and add the details that Google Apps indicated for the TXT Value and leave the TXT Name blank.
Finally, click on the “Verify” button at the bottom of the Google Apps page and you’re done!!!
There are options to create user email accounts but that is outside the scope of this little setup exercise and should hopefully be self-explanatory if you follow the on-screen instructions.
Also, it is worth noting that any editing of the domain settings through the godaddy.com site takes some time to be replicated around the internet. Don’t be dismayed immediately if you cannot see the fruits of your labour. If it is still not working a couple of days later, you have my permission to be dismayed.
NOTE: Once you are configuring your Google Apps account, you should enable the SSL checkbox under “Domain Settings”. This makes your email communications encrypted even if you use http://mail.yourcompany.com
Corporate firewalls commonly block port 11371 which launchpad PPA’s use for their keys.
It is possible though to get these through the normal port 80 for web traffic using the format below (replace the last reference to reflect the key you want to download)…