JDPFu.com 2025

Has anyone checked out OwnCloud?

Did an install a few days ago. Of course, used MariaDB instead of MySQL. Haven’t had a chance to try everything or even the synchronization across more than 1 machine, but I did try the photo gallery, music files and fought to get contacts into the system – LDIF is not a supported contact file type?

Anyway, any tips?

10 Reasons You Should build your own cloud

There is a petition to repeal the US Patriot Act (used for wholesale government invasion of privacy):
https://petitions.whitehouse.gov/petition/repeal-whole-or-part-usa-patriot-act-order-stop-secret-warrantless-collection-data/pmTnXNw8

Certainly getting 100,000 signatures in the next month shouldn’t be THAT hard.

Have you signed it yet?

The Checklist

1. Stable / Works Every Time
2. Automatic
3. Different Storage Media
4. Fast
5. Efficient
6. Secure
7. Versioned
8. Offsite / Remote
9. Restore Tested

When you are looking for a total backup solution, those are the things you want from it.

My old backup method was a little cumbersome. To ensure a good backup set, I’d take down the virtual machine, mount the VM storage on the host (Xen), then perform an rdiff-backup of the entire file system, before bringing the VM back up again. This happened daily, automatically, around 3:30am. It has been working for over 3 years with very few hiccups. I’ve had to restore entire VMs and that has worked too. One day I needed to restore the Zimbra system ASAP. From the time I decided to do the restore until end-users could make use of the system was 20 minutes. That’s pretty sweet in my book.

There are some issues with the current setup.

• Backups are performed locally, to a different physical disk before being rsync’ed to the backup server. This is necessary because the backup tool versions are different and incompatible between Ubuntu 8.04 and 10.04 LTS servers.
• Each system is completely shutdown for some period of time during the backup process. It is usually 1-4 minutes, but still that is downtime.
• Most of the systems are still using 8.04 paravirtual machines under Xen. A migration of some type is needed to a newer OSes. I should use this opportunity to make things better.
• Some of the systems are running old versions of software which are not up to current patch levels. I guess this happens in all IT shops. None of that is available outside the VPN, so the risks are pretty low.

think I can do better.

Since this is a technology blog, I figure some of you may be interested in a major change that happened out of necessity here today.

This is the very first blog article on our new physical server, running in a completely different virtual machine. For the next week, everything here is a test.

Due to some sort of outage issue earlier today, I was forced to upgrade everything involved with this blog. I had attempted to perform this upgrade previously and failed. As you can see, this time, there was success. Nobody was shocked more than I.

Updated 10/2015 – just the minimal length suggestion, not the speed or GPU costs.

The ladies have always known that size matters. We need to apply that knowledge to passwords. Password security experts know that

1. a longer password is better
2. a password with as many different types of characters is important – call it a large alphabet
3. a password that cannot be found through a dictionary attack
4. a password that hasn’t been cracked before

These rules seem to be conflicting with the most important things from a user’s perspective. A user wants:

1. a memorable password
2. an easy to type / enter password

So what’s the solution? A long, but easy to type and easy to remember password. Below is how to get all 6 of these requirements, easily.

It seems that all the software developers are using git DVCS these days. I haven’t done serious software development in many years, so I’ve been using RCS all this time for my system admin scripting needs. With my new development work, I need to upgrade my toolset to a DVCS – Distributed Version Control System. There are many reasons to do this even if you don’t want to publish all your code on the internet. Below I’ll show how to setup an internal git server that can be shared inside a company or just between friends on the internet.

I’ll assume:

• Your git server will be on a Linux/Unix system someplace where
• all the developers will have ssh connection access.
• You have git installed on the server and the clients already.
  Those server connections may allow full shell access or be limited to support just git. Regardless, setting up ssh-keys – Ssh Config Setup – is a good idea between the client(s) and the server computers.

Keep reading to learn about Git setup.

Updated 10/2019

Use ed25519 keys, if you can:

ssh-keygen -t ed25519
ssh-copy-id -i ~/.ssh/id_ed25519.pub userid@remote

Updated 10/2015

If you have an ssh server running on your network that is accessible to the outside world, on the internet, chances are your systems are being attacked. If you aren’t aware of this, just take a look at your ssh logs in /var/log/auth.

$ egrep -i Failed /var/log/auth.log*

This article is for Linux/UNIX users, but the ideas should apply to any OS running an ssh daemon.

Ssh Setup For Higher Security

The order below based on how easy it is to accomplish or setup. None of these configuration changes are hard. All of them can be accomplished in under 5 minutes if you know what you’re doing or 15 minutes if you need to read up a little.

• Listen on a non-standard port
• Use ssh-key-based connections
• No remote root logins with a password – without-password
• Allow only key-based logins from non-LAN IPs (basically any remote ssh connection cannot use a password)
• Lock account after X failed attempts – Fail2Ban
• Automatically block IPs with login failures – Fail2Ban
• Monitor hack attempts – Fail2Ban

I was going through the blog server logs today looking for odd, unexpected requests. Attended a Linux Security Meeting last evening that has me thinking … I see all the normal myphpadmin / dbadmin requests and other hack attempts for tools that we don’t use here. All the index.php requests are worthless / harmless. In the 404 list were lots of random strings requested at the top level of the blog. To me, these strings look like passwords from some password management tool. Hummm.

Below is the 6th of 6 questions from a reader. I definitely don’t have all the answers, but I’m not short on opinions. ;)

Previous articles:
Part 1 – LVM+JFS+RAID | Part 2 – Service Virtualization |
Part 3 – Virtualizing Media Storage | Part 4 – Hosting Email |
Part 5 – Reverse Proxies

duijf asks:

Q6: It seems desirable to be able to VPN in to my network at any time, if I decide to set up said service, does any device in my internal network need to connect before it is discoverable?

Sorry, but I don’t understand the question entirely. Discoverable? That confuses me. This isn’t a game console. Your VPN client and server will need to know about each other explicitly. Not to worry, that isn’t very difficult to setup. There are just a few details.