Thank you all for dropping by in 2013! For those who care, here are the blog stats that wordpress sent me for 2013: http://jetpack.me/annual-report/16165614/2013/
I wish you and your loved ones all the best for 2014 and enjoy today’s party!
Tag Archives: Online
The Making of me.chschmid.com, Part 6: Connection to the World
So far the server was in a protected environment, but it’s time to let it see the world! This involves three things:
- Setting up the server firewall
- Configuring the dyndns stuff
- Setting up the router
Server Firewall
You only want those ports to be open that you really need. I’d recommend using ufw for configuring your firewall. In my case
sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw deny proto udp to any port 137 from 192.168.22.1 sudo ufw deny proto udp to any port 138 from 192.168.22.1 sudo ufw deny proto tcp to any port 139 from 192.168.22.1 sudo ufw deny proto tcp to any port 445 from 192.168.22.1 sudo ufw deny proto tcp to any port 9000 from 192.168.22.1 sudo ufw deny proto tcp to any port 5901 from 192.168.22.1 sudo ufw deny to any port 3483 from 192.168.22.1 sudo ufw allow proto udp to any port 137 from 192.168.22.0/24 sudo ufw allow proto udp to any port 138 from 192.168.22.0/24 sudo ufw allow proto tcp to any port 139 from 192.168.22.0/24 sudo ufw allow proto tcp to any port 445 from 192.168.22.0/24 sudo ufw allow proto tcp to any port 9000 from 192.168.22.0/24 sudo ufw allow proto tcp to any port 5901 from 192.168.22.0/24 sudo ufw allow to any port 3483 from 192.168.22.0/24
which means allowing access to SSH, HTTP and HTTPS from anywhere in the world and to the squeezebox server and the Samba server only from the local network but not from the router. Finally you need to enable the firewall:
sudo ufw enable
Dyndns Stuff
My provider gives my router a new IP (= unique address on the web) from time to time. To be able to find my router/computer from the outside world, I have to report my IP to someone who can help me find it any time.
Here is how it works: me.chschmid.com points to chschmid.mooo.com and chschmid.mooo.com I have tell what my current IP is when it has changed. It’s less complicated than it sounds
- Get an account at http://freedns.afraid.org/
- Download the latest IPdetect from http://ipdetect.sourceforge.net/
- and set it up as described in the readme file ;)
By the way if your router is running on a modified firmware such as DD-WRT, this task can also be handled by your router and configured via its web interface. Just search for Dynamic Domain Name Service (DDNS). Sadly DD-WRT is not an option for me as the 5 GHz support is broken for my router :(
The Router
First I had to tell my router that my server should always get the same local IP 192.168.1.200 based on its MAC address.
And secondly ports 22, 80 and 443 have to be forwarded to that local IP. Here’s a screenshot what this looks like in my case.
Now this calls for some champaign! The server is set up and online! You can take a look at some server stats at https://me.chschmid.com.
The Making of me.chschmid.com, Part 5: Server Configuration
With the base OS up and running it’s time to install and configure all the services. By the way it is important that the server is not connected to the Internet directly yet. – Working behind a router is ok. You just don’t want that out your server can be accessed via the web already.
SSH
SSH is a secure way of accessing your machine from anywhere. You can transfer files, run commands, tunnel services and probably much more using SSH in an easy and encrypted way. After the server installation SSH is running already. But I did some modifications to the config file “/etc/ssh/sshd_config” to make it even more secure. Basically I added one line
AllowUsers christian cs-git
to only allow incoming connections for those two users. Restarting the ssh daemon can be done via
sudo service ssh restart
Apache
I don’t want my machine to be accessible via HTTP, but only through the more secure HTTPS. So I configured port 80 to redirect to 443 and enabled https. I also added the following lines to my https config file
SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS SSLCompression Off
to make the encryption more robust. – You can check how robust your encryption is via https://sslcheck.globalsign.com.The apache server can be restarted again via
sudo service apache2 restart
Owncloud
… can be installed easily via an opensuse repository at http://software.opensuse.org/download/package?project=isv:ownCloud:community&package=owncloud. The configuration works via the web interface https://localhost/owncloud.
In my case I just transfered the complete database from my old machine to the new server.
Samba Server
The Samba Server is used to share files locally, so that I can download the music files stored on the server from my tablet whenever I am in my local network and stuff. – Again Samba should be installed already and only needs to be configured. I added
[media]
comment = Media
path = /home/media
browsable = yes
guest ok = yes
writeable = no
write list = media
force group = media
create mask = 0775
to my “/etc/samba/smb.conf” to share what is in the /home/media folder and allowed following symlinks
follow symlinks = yes
I forgot of course I also created a user media using “sudo adduser media”. I again restarted smbd and nbmd
sudo service smbd restart sudo service nmbd restart
Squeezebox Server
I use this system to stream my audio across multiple devices (including my Raspberry Pi). To install the server run
sudo add-apt-repository "deb http://debian.slimdevices.com stable main" sudo apt-get update sudo apt-get install logitechmediaserver
Misc
I also installed and configured the following things
- A vncserver (x11vnc)
- The Plex Media Server (can be found in Ubuntu’s repositories)
Im glad you made it to the end of this rather boring post, but that is what servers are all about: Running boring stuff in the background that makes our lives easier and more connected.
Use Keepass or Get Screwed AGAIN
I did blog about some website’s admins using their privileges to steal login data two days ago. But I guess that is not enough for a week. Today I was informed by Evernote (a service I don’t really use, but gave a trial run at some point) that Adobe (I have to have an Adobe ID to get and read those DRM protected e-books I buy from Thalia) has leaked my data. You’ve heard right: In a world like this company A starts mining on data leaked by company B and in case your e-mail pops up they inform you that company B has leaked data of 150 million users. – Just in case you use the same passwords for both companies, WHICH YOU SHOULD NOT.
So again a kind word of warning
- Use different passwords for the different online services you use.
- Use strong passwords, meaning passwords that are long, contain numbers and special characters, are not too obvious and can not be found in a dictionary. E.g., “christian83” or “hellokitty” are bad passwords, while “M9TSdc_R)OGyKNszL[wM” is a good one.
Of course you can either memorize those passwords, or use a safe place to store them such as keepass, which is what I do.
Use Keepass or Get Screwed
Today I received an e-mail from a website admin, informing me that two of their admins had misconducted. They had stolen the database + all user e-mails and passwords and of course used that information to log into other web services.
Using keepass and different passwords for every website totally makes sense!!! What do you do to protect yourself against something like this?
The Making of me.chschmid.com, Part 4: The Operating System
With all components where they should be and the machine booting, installing an operating system (OS) was the next step. GNU/Linux was the obvious choice and all of my machines run on Ubuntu, so Ubuntu it is.
As the machine is intended to act as server, Ubuntu 12.04LTS would make sense, however as my Xeon Haswell CPU (E3-V1245V3) is relatively new, the Linux Kernel and drivers that come with 12.04 are not a perfect fit for the hardware. – So Ubuntu 13.10 it is.
It was as simple as this: Download the 13.10 server image from http://www.ubuntu.com/, put it on an USB drive using http://www.pendrivelinux.com/ (Windows) or the Startup Disk Creator (Linux). Restart the machine, enter the boot menu by pressing F12 and boot from the USB drive. The setup is quit intuitive. As I started with an empty SSD, all I had to do is select automatic installation using LVM on the empty hard drive. To start with I selected LAMP, OpenSSH and Samba as server roles.
The computer rebooted after the installation leaving me with a login prompt.
After login I installed all the stuff that I would need to also run the PC as desktop.
sudo apt-get update sudo apt-get dist-upgrade sudo apt-get install ubuntu-desktop vlc vainfo lm-sensors calibre texlive-full ipe audacity p7zip thunderbird eclipse wine git-core keepass2 gparted filezilla inkscape chromium-browser kile qjackctl virtualbox virtualbox-guest-additions-iso pavucontrol pulseaudio-module-jack joe rosegarden xdotool musescore dconf-tools openjdk-7-jdk libva-intel-vaapi-driver ufw gufw nautilus-open-terminal smartmontools gksu gimp build-essential devscripts debhelper javahelper
Finally reboot the machine and you should be greeted by a graphical user interface.
sudo shutdown -r now
The Making of me.chschmid.com, Part 1: The Problem
Privacy is a hot topic these days and part of virtually every coffee break discussion I know of. How much do they know? The Googles, Facebooks, Dropboxes, Wunderlists and above all the NSA.
Actually a lot of people who have no idea about the technology side of things have started asking me these questions lately. I can see that their not knowing about the hidden magic in the background that enables the services they use on a daily basis makes them feel really uneasy. The truth is, its simple.
Communication
First of all there is communication between computers, which, on a technical level, is the only thing the web itself allows us to do. When you ask google for search results, when you push your files to dropbox, when you have that Skype call with your mom – it’s all communication and exchange of information between two computers over the web.
Let’s take that Skype call for instance and lets picture the web as a city with you in your house (as a stand in for your computer) and the streets that connect all the houses as data highways. Lets also say there is one guy in every street who controls the street. What happens when you want to send a message to your mom is you tell the guy in your street (your provider) to dispatch the message – it’s wrapped in a nice envelope with your address and the destination on it so that he knows where it has to go. He will then walk to the next street, pass on your massage to the person controlling that street and this guy will do the same until the message arrives at your mom’s place.
There are two problems associated with this in terms of privacy
- Everyone who is part of the delivery chain might have opened the envelope and might have looked at message.
- Even if they have not read your message, they know that there was communication going on between you and your mom and they will also know how much data was exchanged.
Problem 1 can be solved by encrypting the message so that it does not make sense to anyone who might read it on its way. – There are still some issues here when it comes to technical implementations, but essentially, if you do it right, you can make your messages close to unreadable to the outsider. – This by the way is common practice in a lot of applications, which is good. E.g. always look for websites that come via “https” instead of “http”. The “s” really makes the difference!
Problem 2 is a little bit harder but still solvable. Say you transmit a secret message to your mom asking her to pass another message to someone else. If anyone wants to track your message to the final destination it will become really difficult as not knowing about the message to your mom asking her to dispatch something for you will make it unclear if any outgoing message from your moms was from you or from her or from anyone else. The more people you put between you and your final destination the harder it will be to track your messages. Essentially this is the idea that the Tor network is based on, however it is not widely used and not common practice.
Data
The second aspect apart from communication is data. You do not only exchange information when storing your files on Dropbox, but you ask them to hold on to that data for you as you ask Google to store your e-mails and Wunderlist to store your todos. They might even store data that you do not ask them to store, like your seach history. The problem here is that those companies sometimes leak data (e.g., PlayStation Network outage) and sometimes share your data with other organizations such as the NSA.
To use the analogy with the city and the streets: If there is someone at your mom’s place or at Dropbox’s place who watches over their shoulder while they decrypt your message, your data will be available to them, even when the data transmission through the streets of your city was safe due to encryption.
If all you want to do is storing your data at someone else’s place you can give it to them in an encrypted way. E.g. only store encrypted zip files on dropbox. Or you can opt out and don’t give any data to them in the first place.
Obviously this does not work for your search terms, that Google has to know about in order to give you results.
The Solution
There is not one size fits it all solution, but on central aspect is to be aware of what data you share online and how others may be able to use it. The analogy with the city and the streets will give you a pretty good idea of who can access what. I don’t think sharing stuff is bad per se, you just have to know about the implications. To give you some examples.
- Stuff that you put on a website, e.g., your blog, can be seen by absolutely everyone.
- Stuff that you post to social networks may not be seen by anyone who happens to stand between you and the computers of that social network, but by whoever you allow it to see, by the social network itself and by anyone who they share this information with – willingly or by accident.
- Even when you are just looking at stuff online you let others know about what you are looking at. This means amazon will learn about what you like simply from you browsing their website. – But to be honest: the employees at your local grocery store also know what you buy on a daily basis.
To be better off in terms of communication
- Look for encryption so that at least your communication is secure. E.g., look for https instead of http, configurate your e-mail client so that it uses encrypted instead of unencrypted mail transfer.
- Don’t use things such as FTP to transfer files.
- …
- and finally:
Use Your Own Cloud Storage
About 1.5 years ago I set up my own Ubuntu GNU/Linux server, that hosts all my git repositories, files (webdav), calendars (caldav) and contact data (carddav) via owncloud and many other services that I use. The Server is currently running on an AMD E-350 APU, which is soon to be replaced by something better. And that’s the reason why this is just part 1. I’ll post information about my new server setup in the next couple of days, so stay tuned!
The Open Music Model
Recently I blogged about my Spotify experience and that I am premium user now. I was amazed by how many people contacted me online as well as in real life, voicing their concerns, which ranged from topics like intellectual property law, the problem that they don’t give you anything that you may keep after your membership ends to net neutrality. All of them do really have a point.
Apart from the interesting discussions I’ve had, this also triggered me to dig deeper and so I happened to stumble across something apparently known as the Open Music Model (OMM).
One of it’s major aspects is a shift from understanding the music business as product-based to a service-based understanding. If you are willing to accept this mode of thinking about music and given the benefits of the OMM, paid, online streaming makes total sense – at least from my perspective.
That being said, I do have to add that Spotify does not implement the OMM to its full extent and leaves out critical parts, which would silence a lot of critics (especially on the consumer side) right away. E.g., the OMM asserts open file formats, without DRM restriction, which may be freely shared by users as requirements. So we’re absolutely not their yet.
Spotify?!
I am really not exactly sure how it could happen, that I haven’t signed up to Spotify earlier. For 10 € per month they let me stream almost 90% of all the music I’ve ever wanted to hear + I can store music on my mobile for offline use for 30 days. – All of this in 320kbps vorbis quality (= very good)
This almost sounds too good to be true: I am aware that there might be problems such as bad compensation for musicians, the possibility that the service might stop some day and that there will be nothing tangible that I will be left with when that moment comes, but the great time I’ve had listening to awesome music.
We are all left to wonder what the future of the music business will bring. Still I believe that this kind of service is the future some way or other.
How do you access your music? CDs from your local store, CDs via amazon or ebay, an online service such as Spotify, sharing with friends, FM or internet radio or – heaven forbid – illegal downloads?
Whatever it is: the most important thing is to not forget to go to concerts and listen to whatever music gets you in the mood: LIVE!
A Personal WWW Story
From time to time I just can’t resist: My website / blog (whatever it is) has to change. The time has come again and the result is what you are looking at right now. This recent facelift triggered me to dig through my personal archives and old back-ups to take a look at the long way my website(s) has / have come. And truly a long way it is.
1999 – My First Lines of HTML
I found out that I wrote my first couple of HTML and JavaScript lines in 1999, a time when everybody was still using Netscape Navigator to browse the web and Altavista to google – obviously nobody called it “to google” at the time. I had no idea how to use computer graphics software, but paintbrush and my 56k modem – yep one of those that made the funny noises – was all I needed to upload my first piece of HTML art.
Well, lots of typos and not exactly art. Fun fact: I used Labview to generate the buttons. By the way this is the only thing that I’ve ever found Labview to be useful for.
2000 – Flash and HTML
The next thing I discovered was a soon-to-be-dead technology known as Flash, which I used to create Version 2.0 of my personal website in 2000.
Please note the cubes, which would stick with me for a couple of years. I did also get my own domain www.chschmid.com around that time. It was a free offer, all you had to accept was ads on your website, which I of course was able to hide via JavaScript. As not every computer supported Flash I also continued with HTML in parallel. The interesting aspect about HTML based websites is that you can always look at the source code. So what I did is I just copy-and-pasted an interesting design that I had found online and modified it to my needs. Yes this is stealing, but I just did not care at the time.
Until the time came that I did care and so I designed a new website in 2001.
2001 – HTML Design
This actually was the first time that I did really design something in HTML. I had learned how to use the Corel Graphics Suite by then and the design was centered around icons and styles that remind me very much of the icon design language of the 90s.
In the same year I did try to set up a website as joint project with a very good friend of mine. He’s doing a lot of photography these days.
2001/2002 – The Rise of PHP
In 2001/2002 I started using PHP and MySQL as server-side technologies to enhance my website. All of my PHP scripts were home-grown and for applications such as guestbooks and calendars. At the same time I also started to work for Fronius as web developer. Looking back it is funny to see how little I knew, and how much that was worth at a time, when it was common knowledge that the Internet is THE big thing yet virtually none of the 35+ knew much about the technologies behind it. So here’s my design from 2001/2002.
There are some note-worthy aspects about this screenshot. First it shows that I ran Windows XP, second I was using IE (Ah!!!), third and most importantly: From the URL and the taskbar one can see that I had Apache running on my local machine for developing PHP scripts.
2002-2006 – PHP Nuke
In 2002 I found out that there were online communities that developed PHP Content Management Systems. Looking back I made a very bad choice and started using php-nuke. I did also code some modules for the system.
I think some time in 2003 the free domain offer expired, and I began using www.chschmid.net.tf instead of www.chschmid.com. From then on I was also forced to be aware of CSS, which I had tried to avoid whenever possible. Interestingly this had worked quite well for a long time! In 2006 I did a minor facelift to account for the facts that screen resolutions were getting higher and that font rendering and anti-aliasing technologies had advanced. At the same time php-nuke had some serious security vulnerabilities and I found that the framework was more than I actually needed.
2006-2008 – HTML + PHP
So I did another redesign, again with almost static HTML and some home-brewed PHP + I did improve the design to be more photo-centric in 2007.
I didn’t change content regularly but uploaded all my music gigs.
2008+ – WordPress
When I went to UCLA in 2008 I needed a more flexible system for pushing information online regularly. With lots of exams and the bureaucracy of going to the US at hand I didn’t have too much time to set up the whole thing, so I went with a blog hosted at wordpress.com and minor default template modifications: chms.wordpress.com.
I did get back “my domain” in 2009 and set up a self-hosted wordpress blog in 2010. I again used a pre-defined wordpress template with some individual modifications. Actually I did come to the decision that I wanted a new blog while on a plane from Hawaii to LA and set the whole thing up during my first night in LA. – You gotta fight jet lag somehow, right. In 2012 I did read and play around a lot with fonts, and so some font changes became inevitable.
What is interesting to see in all screenshots from 2006-2013 is that fonts have become more important, more beautiful and that there were a lot of pseudo-realistic design elements: Textures, shadows, lots of boxes – something that more and more designers are avoiding these days, e.g., if you think about the iOS 7 resign, or the bold and beautiful move that Microsoft has made with Windows Phone 7 and Windows 8 a few years back.
2013 – The Time is Now
This brings me to what you have in front of you today: A novel, minimalistic, content-centered approach. It’s a new theme for the same self-hosted wordpress system, that I have been using since 2010 (with all the latest updates of course)
And so here come the most important questions: What do you think about it? What would you change? And maybe: What’s your personal Web story?
PS. My template can of course be downloaded from my github site.