Showing post in category: Work

01 Dec 2010

Storing encrypted data in Amazon S3

Posted by Jacob Emcken Comments (0)

I have a lot of digital photos which I would be very sad to loose. I was recommended Amazon S3 as a cheap storage solution and even though it is possible to use https to transfer your data to S3 in a secure way the data itself isn’t encryptet within Amazon. I’m looking for a solution where my photos of my son in the bathtub are secured from all prying eyes including the Amazon tech staff.

It is possible to implement encryption transparent on Linux with the following two modules:

  • s3fs – FUSE-based file system backed by Amazon S3
  • encfs – EncFS provides an encrypted filesystem in user-space

First you need to signup for Amazon S3 – remember you pay on for what you use.

Then create a bucket, I used the Getting Stated Guide that Amazon provides. The following example will use the bucket name: your.bucket

Get an “Access key” from the AWS Management Console, I just used the one which was created upon AWS account creation.

Then I installed s3fs following the instructions on the project website.

Put the “Access key” inside the file .passwd-s3fs in your home directory using the format accessKeyId:secretAccessKey. You can find more informaiton on the on s3fs wiki page.

Now mount your S3 storage using:

mkdir /media/s3
s3fs your.bucket /media/s3

Now try create a file within you storage in the cloud ie.:

touch /media/s3/test

After creation of the file check that you can see the file using the AWS Management Console. Permissions, timestamps etc. is stored in metadata in Amazon S3.

Now in order to apply a transparent encryption layer encfs needs to be installed. Using Ubuntu you do it like this:

sudo aptitude install encfs

Now apply transparent encryption by mounting /media/s3 thorugh encfs like this:

encfs /media/s3 /home/je/Pictures/Encrypted\ on\ S3

and follow the on screen setup. The setup process is only triggered the first time you mount a directory using encfs and it results in a XML filen with all your choices. Don’t delete the XML file (perhaps take a backup) and remember you encfs password.

Now try create a file within:

/home/je/Pictures/Encrypted on S3

And verify that is is unreadable through the AWS Management Console and the directory:

/media/s3

Thats it :)

To expose this to Windows clients then install Samba and share the directory:

/home/je/Pictures/Encrypted on S3

NO WARRENTY: I’m NOT an expert in encryption so I cannot guarantee that encfs is secure enough. Neither do I know how much overhead s3fs and encfs puts on top the actual data that you tranfer to S3.

Tags: , , ,

14 Jun 2010

jQuery Draggable/Droppable: Revert on drop

Posted by Jacob Emcken Comments (5)

Background:

At work we are currently in the process of creating a general data hub which is easily expendable and configurable. It’s already in use exchanging EDI messages (EDIFACT) for a supplier on the danish electricity market.

For the configuration we settled on a GUI where you could drag different kinds of data manipulations into the data flow and this is all implemented in HTML with jQuery.

The problem:

Upon drop I had to use Ajax to ask the server if it was ok to drop the draggable. Since Ajax is asynchronous the drop event would return before the Ajax actually had finished. I decided that I didn’t want to force the request to the server to be synchronous instead I wanted the ajax success callback to be able to do the reverting.

Upon searching the net, the closest thing I came to a solution was defining a callback function for revert on the draggable, and this functionality isn’t even documented by the time of this writing.

The solution:

After playing a bit around I found an acceptable solution. I’ve created a small example reverting a drop using a confirm where you can test it (and see the code).

Tags: , , ,

18 Feb 2010

Php-gtk deb packages for Ubuntu Karmic

Posted by Jacob Emcken Comments (4)

At work I was assigned to package some software to make it easier to distribute and update. One of those software packages was php-gtk which with one patch to the build/configure files now cleanly builds on Ubuntu. You will be able to find the package on my Ubuntu PPA. You will be able to find builds for both 32bit and 64bit platforms.

I’m also in the process of uploading packages for FriFinans which is an Open Source economy / accounting application. This should be easier… lets see how it goes :)

20 Jan 2009

Version control: From svn to git

Posted by Jacob Emcken Comments (0)

Yesterday I played around with git-svn because git will be the future version control tool we will be using at work and we still have some projects stored in svn. I wanted to try out git but we are not about to convert the old projects just yet.

First I needed to check out the current code from svn and get it into git. I searched the net for how this was done and found something that cloned the entire svn repository to git… not quite what I needed but nice to know:

git svn clone svn://192.168.1.5/htdocs git_htdocs

The above takes the project htdocs from my current svn repository and saves it locally into git repository in the folder git_htdocs.

I just wanted to start hacking so I found that the following fetched the code I wanted:

mkdir git_htdocs
cd git_htdocs
git svn init svn://192.168.1.5/htdocs

Now you are ready to actually fetch some code from svn with:

git svn fetch -r1519

I found the revision I needed (the newest) by issuing a svn info within my old svn checkout.

Make your changes and commit locally with:

git commit lib/class.csv_import.php

When ready to push changes back to the central svn repository use:

git svn dcommit

To keep your local git checkout in sync with the upstream svn repository you can run:

git svn rebase

This article was great reading for me: An introduction to git-svn for Subversion/SVK users and deserters

Happy hacking :D

30 Oct 2007

Migrate emails to Zimbra using imapsync

Posted by Jacob Emcken Comments (0)

I’ve installed Zimbra on SLES9 for a costumer because they wanted Zimbra on Suse. The costumer wanted the community maintained version and I felt it was too risky to install Zimbra 5 release candidate.

First a little Suse bashing (sorry but I just get irritated about this over and over again). Zimbra recommends using imapsync to migrate emails to Zimbra and it seems to be a fine piece of software.

  1. I started out by using yast to search for this tool but as I expected nothing.
  2. After downloading it from the website and trying to run it I got a message that I was missing Mail::IMAPClient lib.
  3. I tried to find SLES9 rpm packages (or just RPM packages) with the Mail::IMAPClientlib.
  4. I tried to install this with cpan:

    cpan
    cpan> install Mail::IMAPClient
    ....
    Writing Makefile for Mail::IMAPClient::MessageSet
    Warning: prerequisite Parse::RecDescent 1.94 not found. We have 1.80.
    

    I’m no cpan / perl expert so I couldn’t figure out why I couldn’t get Parse::RecDescent installed.

  5. Anyway what is the benefit of having a supported enterprise version of Suse if you trash it with all sorts of unsupported software.

You could argue that Zimbra should provide imapsync as some part of migration tools.

Anyway the solution was that I installed imapsync on my Ubuntu Gutsy laptop:

sudo apt-get install imapsync

I just gets so disappointed that things are so “hard” in a professional Linux compared to Debian or Ubuntu.

When I’m done I’ll just uninstall it and all its dependencies again:

imapsync libdigest-hmac-perl libdigest-sha1-perl libio-socket-ssl-perl libmail-imapclient-perl libnet-ssleay-perl libparse-recdescent-perl

Important note: I had imapsync on Ubuntu Gutsy hang when it connected to the Zimbra server. I found that passing --noauthmd5 with the example in User Migration in Zimbras wiki made imapsync not hang. An earlier version of Ubuntu (Edgy with an earlier version of imapsync) didn’t need this.

18 Oct 2007

Bash prompt pimping

Posted by Jacob Emcken Comments (0)

Today at work over lunch I read an article in Linux Magazine called Pimped Prompt.

It inspired me to try different stuff out. I often missed an indication on when I was doing different stuff in the terminal… this is what I ended up with:

export PS1='\[\e[0;34m\][\@\e[1D]\[33[0m\] \u@\h:\w\$ '

This is how it looks like.

To make it permanent put it in your .bashrc file in your home directory. Remember that this variable is propably already set so you either need to replace the line or instert closer to the bottom of the file.

15 May 2007

SCO with the freedom of Windows… wtf?!

Posted by Jacob Emcken Comments (0)

At work today I found an old SCO evaluation CD. A paragraph at the back of the CD cover made me laugh:

> SCO – a tightly integrated set of products which give you the best of both worlds – the power and reliability of UNIX and the freedom of Windows.

The “freedom” of Windows… what is that? :-O Click on the link below for full image.

10 May 2007

Now I’m a Novell Certified Linux Professional (CLP)

Posted by Jacob Emcken Comments (1)

This week I’ve been on a course to prepare for the Novell Certified Linux Engineer (CLE) which is required (and payed) by my employer. But to take the CLE certification test you need to be CLP certified first, so today I took the CLP certification. Now I’m ready to do the CLE tomorrow.

I’ve been working with Linux for some years now so the test wasn’t really that hard. Actually I was disappointed that I only got 718 points, I would have expected more. Anyways it is passed so who cares :D Don’t know what to expect from tomorrows test, I hope it is as easy as this one.

(Ubuntu is still my preferred Linux distro… but don’t tell Novell :P sssshhh)

20 Apr 2007

Danish translation of tsclient

Posted by Jacob Emcken Comments (0)

When I came home from work today I read Planet Gnome, I usually visit Planet Gnome several times a day so nothing new in that. But this time I found the post “tsclient 0.150 – call for translators” post by Jonh Wendell.

I thought why not… even tough I always use the English language when ever I can get away with it. I use tsclient a lot at work so I guess it was about time I payed something back to this great program.

I found an old Danish translation back from version 0.106 in the SVN repository, and started from there. I used a Danish translation guide translation guide since this is the first time I’ve ever translated software. This guide linked to a nice word list for Danish translations which helped me a few places where I was unsure about which Danish word I should choose. About 2 hours later I was finished and had submitted the translation in a bug report.

I hope someone will find this useful out there.

15 Feb 2007

XSLT: Search replace attribute values

Posted by Jacob Emcken Comments (3)

Yesterday I needed an xsl transformation which could replace a specific attribute value in a xml file and keep the rest intact. The following code is put together by pieces I found around the net (copy-paste FTW :) ):

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    <xsl:param name="attribute"/>
    <xsl:param name="oldvalue"/>
    <xsl:param name="newvalue"/>

    <xsl:template match="node()|@*">
    <xsl:copy>
        <xsl:apply-templates select="@*|node()"/>
    </xsl:copy>
    </xsl:template>

    <!-- This is a generic search replace of attribute values --> 
    <xsl:template match="@*" priority="10">
        <xsl:attribute name="{name()}">
            <xsl:choose>
                <xsl:when test="(name()=$attribute) and (. = $oldvalue)"><xsl:value-of select="$newvalue"/></xsl:when>
                <xsl:otherwise><xsl:value-of select="."/></xsl:otherwise>
            </xsl:choose>
        </xsl:attribute>
    </xsl:template>
</xsl:stylesheet>

Lets say that the above code is saved in a file called attribute_replace.xslt. Now with xsltproc you would be able to replace the vaule 5011 with 5015 in all attributes called port:

xsltproc --stringparam attribute port --stringparam oldvalue 5011 --stringparam newvalue 5015 attribute_replace.xslt server_config.xml > new_server_config.xml

I used this to manupulate with some JBoss configuration files.