Part #2 of the Data Liberation series

Mozilla, the organisation behind the ubiquitous Firefox web browser, kindly publishes its source code powering a key service which it provides – Firefox Sync.  Because of this, we are able to run our own password sync servers securely and not necessarily be the target of a large-scale data-mining break-in, such as might be performed by a malicious cracker, or the NSA.  Sorry, of course they are the same thing.

FFirefox logoirefox Sync is a neat service which allows you to, quite literally, sync your settings in Firefox across multiple devices.  These settings can include bookmarks, web browsing history, cookies, form-filling data and passwords.  Anyway, I too was keen to run my own password sync server, so I set about doing just that.

I host quite a bit of stuff using Virtualmin, another superbly produced piece of software which facilitates the set-up of multiple domains on a single box. Setting up Firefox Sync on your own server under virtualmin is actually very straightforward.

The main task at hand is to follow the detailed instructions published by Mozilla.

As per the instructions, I had to run the following, in order to install required software:

# apt-get install python-dev mercurial sqlite3 python-virtualenv libssl-dev

In addition, I also needed to install and enable the WSGI Apache module, which wasn’t present on my system (drawing in dependencies as needed):

# apt-get install libapache2-mod-wsgi

I decided to install the Mozilla sync software in the home directory of my newly created domain, which in Virtualmin is either “/home/domain” or “/home/domain/domains/subdomain”, depending on whether you have created a subdomain for this specific purpose or not.  In the subdomain situation, the folder path would end up being: /home/domain/domains/subdomain/server-full.

Once installed, I inspected the Apache config file. A key change I had to make was to the WSGI configuration within this file. On my Debian box, the Apache config files are located in the standard place: /etc/apache2/sites-available – the same would be true for Ubuntu (on CentOS and other RHEL/Fedora derivatives, you’ll probably find them in /etc/httpd/conf.d/). Once you have created your domain in Virtualmin, your domain’s config file should be within this folder, appropriately named “domain.com.conf”.

In the “domain.com.conf”, there are a few lines to add and one to edit:

Firstly, find the DocumentRoot declaration:

DocumentRoot /home/mydomain/domains/subdomain/public_html

and change it to:
DocumentRoot /home/mydomain/domains/subdomain/server-full

Next, you’ll need to insert the following lines, within the same stanza as DocumentRoot (the best thing is to adjust and paste these lines directly after DocumentRoot:

WSGIProcessGroup sync-http
WSGIDaemonProcess sync-http user=<your-virtualmin-domain's-user> group=<your-virtualmin-domain's-group> processes=2 threads=25
WSGIPassAuthorization On
WSGIScriptAlias / /home/mydomain/domains/
subdomain/server-full/sync.wsgi

The above example assumes that you are working within the :80> stanza. If you have enabled SSL on your virtual server, within Virtualmin, then you’ll also have a :443> stanza to add these lines to, with one or two exceptions!

A WSGIDaemonProcess is assigned to each virtual server in Apache. In doing so, it creates a system process which requires a name. According to the WSGI docs, this name must be unique:

“[…] note that the name of the daemon process group must be unique for the whole server. That is, it is not possible to use the same daemon process group name in different virtual hosts.

When you come to pasting in the additional lines in your :443 stanza, you are dealing with a separate virtual server in Apache.  So, within your Apache config file, be sure to rename your WSGIDaemonProcess process name. E.g.:

WSGIProcessGroup sync-https
WSGIDaemonProcess sync-https user=<your-virtualmin-domain's-user> group=<your-virtualmin-domain's-group> processes=2 threads=25

This configuration should now be valid. You can test this with:

service apache2 reload

This won’t stop the current Apache process, but it will attempt to load the new configuration file. If it fails to load the config, it will tell you without stopping Apache.

Once this works, simply issue:

service apache2 restart

Syncing on mobile

If you intend to use Firefox on Android, or any other mobile Firefox (or clone) that supports the same syncing protocol, there is one caveat.  If you are using an unsigned or self-signed SSL certificate on your sync server, you should visit the site first in your mobile Firefox and add a permanent exception.  Once done, set up firefox sync in the normal way, by typing the characters into your desktop browser’s sync dialog, and the two browsers will shortly be synced up nicely!

[ This is a retrospective publication ]

It takes heroes like Edward Snowden to reveal how malicious governments can become. The Snowden revelations during the summer of 2013 showed that not only does everyone have to be wary of internet-based “threats”, but that those threats could be in the form of legally-appointed agencies seeking to catch out anyone who accidentally clicks something they shouldn’t.

Worryingly, despite the big players’ assurances of high levels of security, a post on Ars Technica discusses (and links to) slides created by the NSA, and leaked by Snowden, showing how Google’s international internet traffic was intercepted, analysed and understood – for a variety of its services. Thankfully, more heroes have recently stepped forwards with updates of their own.

My heroes today are +Brandon Downey and +Mike Hearn, who have voiced their contempt for the authoritarian misuse of power with, as we like to call it, the two-fingered salute (this would be one finger in the US…).

Google, too, has a data-collection objective

Let us not forget who Google is and what it does.  Yes, while its employees might be upset that their systems’ security has been brought into question, their employer’s mission “is to organize the world’s information and make it universally accessible and useful”.  So Google, too, has a data-collection objective.

The good thing about the Snowden revelations, if indeed any of them can be “good”, is that it has revealed how much work still needs to be done and how much we assume our data won’t be intercepted and inspected. It’s no longer safe to think like that, and the use of encryption should be mandatory between two end-points.

But now that the larger players are catching up with better security implementations, who is there to help the smaller players? Running a hosting outfit myself, I know how much time is required to stay informed with regards to common exploits and vulnerabilities, as well as implementing working solutions when certain zero-day exploits are revealed. Every internet service provider, hosting company and other entity transacting business via the internet has a responsibility towards safeguarding confidential data. How many take it seriously enough?

It’s time the larger players stepped up and started working collectively in a security community designed to help the smaller players in the market, rather than try to pwn the market itself; if that were to happen, the purpose of the internet would be destroyed and the argument moot.

When making my morning brew, I started pondering how to make it more interesting.  Sure, you can add flavour (and waistline) “enhancements” like cream, sugar, maybe some vanilla…  But such unimaginativeness doesn’t last long.

Image courtesy of oddee.com. You can
also buy coffee from the dark side.

What’s needed is a whole new coffee experience. 

Scouring the web for new things to do often turns up very interesting results.  For instance, there’s a whole web site dedicated to Putting Weird Things in Coffee.   Some of those weird things include cheese, meat (!) and even black pudding.  The fascination with meat is prevalent elsewhere, too. Hmm.

But you don’t need to go so far to enhance the flavour of coffee.  One simple food-enhacing staple – salt – has also been used extensively and blogged about for some time.  Clearly, it might be worth trying.

Spices, of course, have provided that added “something” to a good coffee for many years. Adding spice instead of sugar is also a neat dietary trick for those careful watching calorie consumption.

Taking it up a level

What you put into coffee is only half of the story though.  How much caffeine you ingest daily is another thing.  Curiously, at the time of writing, 66 people “Like” this Facebook page entitled “Extreme Coffee Drinking“, which has no content and not even a picture.  As one quote says, “Coffee: do stupid things more quickly and with more energy“.

Extreme coffee drinking seems to be a sport amongst some.  It’s not merely a question of having multiple cups per day.  Whether the evidence is conclusive that lots of coffee each day can kill you, is certainly still to be debated.

Things can get a bit extreme, though. Death Wish Coffee, as reported here, promotes extreme levels of caffeine as its USP.  A step too far?  Maybe.  But, it can hardly be contested that we love coffee, and our interest in all things joe-related, together with its growth in the West, continues unabated.  Coffee is recognised as a personal experience, so the growth of single cup products may indicate that social coffee drinking is diminishing in favour of a more insular, smart-phone focused experience.

Taking it too far?

While at university, I recall many a lovely coffee in what is now claimed to be the world’s oldest internet cafe – CB1 (Google Maps link).  I’m not sure about the validity of this claim, but there’s no disputing the charm of a good coffee shop.

But these days, though it’s not all academia, with bustling coffee shops populated by artisans, guarded closely by the intelligentsia. Caffeine addiction and dependency/withdrawal symptoms are a real problem for some people.  Luckily, the web has many suggestions to combat this.  I suppose one could make a visit to an internet cafe and research this on his or her own…

Perhaps indulging in a caffeine kick is not the best long term policy, but it certainly starts the day well.


Spot the difference!
Given fair test conditions, everyone knows wired network connections are faster than wireless, right?  How about when your wired connection crawls along at 1/5 of the speed of your wireless connection?  What’s happening?Below are two CAT 5e Ethernet cables, of the type you’d typically use to connect a router to a modem, or perhaps your PC directly into your router instead of using WiFi.  You might connect up other network-capable devices in your home too, such as a PVR/HDR, Blu-ray player and even your TV.  In doing so, you may pick up an old Cat 5 cable “you had spare” to do the job.

Beware, that not all Cat5e is the same!
If you look closely below, you’ll see that the lower, grey cable is type 568A, whereas the upper, black cable is568B.  Ethernet cables come as UTP or STP (Unshielded or Shielded Twisted Pair), meaning that each pair of conductors (wires) inside the outer sheathing are twisted together.  This helps cancel noise and improve transmission.

The difference between A and B is in the way these twisted pairs are paired up.  If your router has N-Way negotiation on its network connections, it should be able to work around using the two different types of cable.  But on my router, with N-Way negotiation, this didn’t appear to be the case.

Testing this using speedtest.net with cable type A, I got a paltry 5Mb/s down and 4Mb/s up.  Over wireless, I got 20Mb/s down and 17Mb/up.  It turned out that my router can’t handle type A cables very well.  Using a type B, I got 44Mb/s down and 18Mb/s up.  More like it!

So the next time your network is running slowly, check your cabling.  Even if it’s a well-known brand (my type Acable is a Belkin Cat5e), it may be causing a drop in performance which is easily, and cheaply, corrected.
H/t +Bob Beattie 
#networking  #speedtest  #cat5e  

Show less

1

I recently came across the dreaded owncloud login loop. This surprised
me a little, as I hadn’t performed a software upgrade or otherwise
changed any configuration parameters for a while.

So why the change?

One lesson I have learned long and hard through developing web sites and
testing, is that there are two components which are equally
important: program code and data. Never assume there is
something wrong with your code; your live data (or test data) could be
equally at fault, causing your application to slip up.

In the case of ownCloud, I found that my hosting environment had reached
its quota. Although ownCloud could create session files in /tmp, it
couldn’t write data to them. Perhaps the code should have handled this
more gracefully, but it’s safe to assume that a cloud environment
has hard disk space in order to save its files. That’s what it’s
there for, after all.

So here’s a quick, work-in-progress checklist to ensure your ownCloud installation has the
best chance of working correctly:

  • PHP Sessions should be enabled
  • session.save_path in php.ini should point to a valid (writable)
    filesystem location
  • Storage space on hosting environment should be ample

More to follow when I have further issues..!

Let’s be clear:  I am a stubborn git.  I’m the first to admit it.  To the dismay or, perhaps, bemusement of my friends, I struggle with product concepts such as the iPhone, iTunes, Amazon Kindle, eBooks in general, Facebook and Skype.

My friends tell me it’s because I don’t like to conform with the “normal” things that everyone else does.  Things like broadcasting my whereabouts and the company I keep at all times in my life, wherever I am.  Apparently, disagreeing with the background, terms of service, patenting practices and Digital Restrictions Management (DRM) of various “social media” service providers is anti-social and rebellious.

It’s a curious thing to be a digital pariah.

What my friends don’t understand is that I don’t restrict my opinions to Apple, Facebook Inc., Microsoft and Amazon.  It’s just that they’re the companies my friends use, so to relate to them I cite them as examples.  I feel exactly the same way towards some of Google’s services and products, although I do have slightly more faith in Google than any of the above named alternatives.  They do more good, in my opinion.  And, with Google, at least you have confidence in being able to delete anything you create.

My main objections to these services & products, then, are:

  • privacy: I do not wish to be “guilty by association” on any social network.  Being tagged without my permission, and/or the attempt of tagging me (whether I disallow or permit the tag – or ignore the attempt to tag) is not acceptable.  It is especially unacceptable when I have no faith that the service provider will protect my interests as a private individual and law-abiding citizen.
  • security: anyone remember when the iPhone took pictures of its users without their knowledge?
  • product quality: I am not interested in any iDevice because of the standard of software engineering and product management.  I am also not interested due to the restrictive rules of the app store.
  • freedom and flexibility: smartphones are good if they are flexible.  If I buy any device with gigabytes of storage, I want to be able to use it for whatever purpose I choose.  And, I don’t want to use any device:
  • with a proprietary connector which requires an expensive proprietary cable to connect it to a computer;
  • which uses a proprietary, “secret” protocol that my chosen computer can’t connect to;
  • that virtually prohibits me from putting my own digital content on the device, rather than that obtained through the device vendor’s sales channel;
  • that supports in any way the obscuring of content I have a right to, or in some way supports an ecosystem where the alteration, deletion or other control of content is deemed “acceptable” through the EULA;
  • that limits me!
  • On this last point, it worries me that Google Inc are appearing to adopt the Apple way of doing things on their Nexus devices – and in their cloud software. Not being able to use additional data storage (no SD card in a phone, in this instance) means a greater reliance on the Google way of doing things.  Android software is becoming less flexible with regard to media storage (the camera app no longer lets you select the photo storage location, for example, although Android still supports external SD cards and will utilise media stored on it).
There is a greater trend also: that of the death of physical media and moving everything “into the cloud”.  There are a few fundamental problems with this:
  • Physical media can be shared and enjoyed by more than one person.  Sharing is not copying nor is it stealing.  If I am attending a family gathering – a party, say, then I am free to bring along a couple of CDs to play.  How can this simple act be replicated by cloud-only storage?  If we all use cloud-storage network devices at home, sharing a CD will become impossibly.
  • One solution to this, touted by a friend, was to “bring along your iPod“.  Disregarding that I wouldn’t have an iPod, introducing this as a solution means I would have to ensure that my portable music player is up to date with all my music.  A solution to that is, of course, a cloud-based music service – iTunes and Google Play Music are two obvious contenders.  But there’s a further problem: connectivity.  Is a 3.5mm headphone plug to amp/speakers standard equipment in most households?  Unlikely.  So there my music stays, locked inside my device unable to be shared.
  • Books.  I can pick up a physical book, read it, share it.  I will probably get my book back if the borrower is respectful, thus I haven’t been denied it in the process of lending.  Can the same be said of eBooks?  Can one “lend” an eBook to a friend? Perhaps.  More worryingly, though,, can it even be guaranteed that any digital eBook provider will not alter original material or remove any purchased books from my library?  Again, unlikely.
  • We begin to see, further and further, that DRM is abused by on-line content providers.  We are restricted in new ways that the old ways couldn’t (and shouldn’t) prevent.  It is troubling that access to information is price-controlled in this way; entire cultural values can and will be influenced by the (lack of) availability and slowly, surely, belief systems and perceptions of free thinking and free will may be curtailed, even ceasing to (legally) exist.   Hello, 2084.
    This is why I will not lock my photo, book or audio content in any on-line silo.  I will always have off-line access to my copies of digital media and I encourage others to do this also.
    Does this make me a stubborn git? Or does this make me someone who is not prepared to endure extortionate business practices with items as important as art, literature and music…?

    Enhanced by Zemanta

    facebook engancha
    facebook engancha (Photo credit: Wikipedia)

    Oh dear.

    Many bloggers and commentors have read Mark Cuban‘s recent blog about Facebook‘s edgerank story sorting algorithm.  One could argue that at the level of Cuban’s business, small problems become big problems quickly.  But, on Facebook as in most walks of life, being “large” does have some advantages.

    One advantage is Facebook’s Page Insights.  Let’s take the smallest business.  In Facebook terms, it’s this:

    • a one person profile with no friends
    • one page owned/managed by that person with several likes
    If you want to build up a following quickly, you need to build up some Likes.  Be Liked.  Or, at least, look like you’re liked.  You probably get the idea.  This is marketing, after all.
    So, how about running a competition?  Provide an incentive for someone to come and “Like” you.  How about asking current customers (those who, presumably, like you anyway) to submit a review and hit “Like”.  Great.
    Except it’s not great, really.  To use Facebook’s Page Insights, you need 30 Likes.  Yes, it’s not a tall ask, but why?  The problems with Facebook for small business start with this innocent enough little idiom.  No, there should not be a 30-Like threshold to see who Like’d you.  There should be 1.
    Facebook’s habit of making it hard to access and understand your own data, or data relating to you, stems from the misguided notion that building up more visible momentum in your brand’s page means you’re more like to find Facebook “sticky”, and consequently more important (vital, even) for the success of your on-line marketing.
    Does Google Analytics insist that you have over 30 visitors per month to your site before it can be bothered to report this back?
    Enhanced by Zemanta

    As a Debian user, you may choose to adopt the distro-managed rebuild of the world’s greatest web browser.  But, by doing so, you may not be able to use G+.  Don’t worry, the answer is at hand.

    Visit the Firefox add-on page for User Agent Switcher:

    https://addons.mozilla.org/en-US/firefox/addon/useragentswitcher/

    Install the add-on and restart your browser.

    Now, go to Tools > User Agent Switcher > User Agent Switcher > Options…

    Add a new User Agent, call it Firefox 11.

    Add the following text in the fields:

    • Description: Firefox 11
    • User Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20100101 Firefox/11.0
    • App Code Name: Mozilla
    • App Name: Netscape
    • App Version: 5.0 (X11
    • Platform: Linux i686

    If you’re running an amd64 build, plonk that in the Platform field instead (it’ll probably already be populated).

    Make sure there is no reference to Iceweasel in the User Agent field.

    Make sure this user agent is active, and then browse to Google+.

    Have fun! 🙂

    So, from time to time (read: most of the time) when I’m working I listen to music.  More often than not, it’s electronic in one form or another.

    The point of this post is simply to list a few stations I like listening to, to build up my collection.  If it grows over time, I’ll probably divide into genres or something.

    Here’s a few to get started with.

    Radio Schizoid : http://78.46.73.237:8000/schizoid

    PsyRadio.fm : http://streamer.psyradio.org:8010/

    Chromanova : http://85.25.86.69:8000/

    Digitally Imported Goa-Psy Trance :

    After Hours – Trance : http://fr3.ah.fm:9000

    PsyMusic UK : http://www.psymusic.co.uk:8010/

    Bassdrive :