Categories
Uncategorized

Nextcloud via Proxy on unRAID

The above are two of my favorite software packages at the moment.  So powerful and I’m very content to run it on my own hardware, in house!  In order to get it to work though, I needed one more great piece to the puzzle, NginxProxyManager.

There is a great video by spaceinvader one describing setting this up with his preferred proxy package letsencrypt, but I couldn’t get the mental energy to figure it out.  And even if I did, what happens when I need to maintain it and I’ve forgotten all of it?  So I decided to go with the much clearer NginxProxyManager (I’ll call it NPM despite another project having that name).

First thing I did was create a dynamic DNS address, pointing to my home IP address.  I use afraid.org but there are a bunch of others that work just as well.  Then I created a subdomain CNAME pointing to that dynamic DNS name and it worked!  The outside stuff is almost done!

Install the Nextcloud app from the App store.  Give it a HTTPS port that won’t conflict with unRAID itself and configure it on localhost as you need.

Next, install the unRAID app for the proxy manager from the app store.  Create the proxy host pointing to your unique HTTPS port for Nextcloud.  Click off HSTS support and “Force HTTPS” and don’t forget “Block common exploits” because who really wants common exploits?  Theoretically you are done – but the one thing that is missing is a certificate!  Thankfully NPM has letsencrypt support built right in.

As an aside here, make sure you have port 80 on your router open and forwarded to NPM’s HTTP port.  You should of course have a HTTPS port open because you need to access Nextcloud from outside!  Port 80 is required to respond to the challenges from letsencrypt!  I found this out when my setup worked fine for three months and then failed because the certificate expired.  Sadface.

You should be able to easily get a certificate in NPM if the above is set up.

Installing the certificate is more challenging though!  You need to copy it over from one docker app to another.  Go into /mnt/user/appdata/NginxProxyManager/archive/npm-? and copy the cert and privkey PEM into /mnt/user/appdata/nextcloud/keys and rename them cert.crt and cert.key respectively.  Sounds tricky, let’s break that down a bit

There is a question mark above – the reason is that NPM will create a bunch of sites and certificates and take care of them for you… but unless you only have 1 site, you need to figure out what certificate is for where!  So, let’s assume you have 3 different certificates.  You *think* npm-2 is the right directory, so let’s find out.  cd into it and run:

openssl x509 -in cert1.pem -text -noout

A ton of stuff should be printed but notice the CN line – if it points to your correct domain, you’re good!  Remember that number. (2 in our imaginary scenario.  I can’t believe you already forgot).

cd back to /mnt/user/appdata/nextcloud/keys and copy cert1.pem and privkey1.pem over.  Rename them to cert.crt and cert.key respectively.  Chown them to nobody:users so that NPM can read them and I would restart NPM to make sure it does.

That’s it!  Really.  But the problem is, as above, our busy minds are like sieves, and YES we will forget how to do this even though we stuck it on our OWN BLOG FOR EXACTLY THAT REASON.  How about a script to make it go down easier?

#!/bin/sh
# Make sure npm-x is pointing to the correct (NextCloud) proxy path - here it's 2 but it may not be on yours!
certDir="/mnt/user/appdata/NginxProxyManager/letsencrypt/archive/npm-2";

# Get the latest files
certFile=$(ls -tr $certDir/cert*.pem | tail -1)
keyFile=$(ls -tr $certDir/privkey*.pem | tail -1)

echo "Copying $certFile";
cp $certFile ./cert.crt
chown nobody:users cert.crt

echo "Copying $keyFile";
cp $keyFile ./cert.key
chown nobody:users cert.key

Put that script file in the keys directory, along with a README.txt file pointing to this page so you know what in the world it’s for, and make it executable.  It will take care of the rest.  You could run this from cron if you like, but if so I would make some sort of backup archive of the old certificate files just to make sure you don’t overwrite a good one and not be able to get it back.

See you in 3 months!

Categories
Security Wordpress

Hacked Again

My site was hacked again the other day – this is common enough for WordPress sites.  If you’re not on top of it you could have it hacked, pretty much automatically.

This part I knew.  It still got hacked, and I learned a few more things.

1 Back up your site!  This could mean a DB and files backup (plugins, themes & uploads folder) but it really should be more thorough.  Use something like UpdraftPlus to create scheduled backups.  If you’re running VestaCP, you may have daily backups of your whole user setup.  All of this is a good start!

Don’t Panic

Now at this point if something happens, there is no need to panic when something goes south!  You can definitely recover from bad stuff, even if you need to get help.  You’ve done good already and are ahead of the game.

2 Upload those backups to an offsite location – Google Drive, OneDrive, S3, a local drive on your personal system through SFTP or whatever.  It should be set-and-forget.  This is not something you want to have to remember to do.  You will have to either only backup once a week or use some technique to thin backups.  If you need daily backups, you probably don’t need daily backups going back several months!  Figure out what makes sense for your storage capacity and security.  Check it occasionally to make sure it’s working.

3 Know how to restore your backups – and know how to do it in a worst case scenario – i.e. you can’t run WordPress because it’s still hacked.  Learn how to do it from the command line or from uploading a known good set through SFTP.  VestaCP has a fantastic web-based restore tool but if you are using older backups, you might need to understand how to do it on the command line.  It’s not easy, but it’s in your hands.  Remember, don’t panic.  You’re in charge.

4 Install a security plugin.  Sucuri and Wordfence are two highly recommended ones, and they will help you get set up and harden your site against attacks.  They can help you recover after attacks as well, by restoring plugins and themes from known good sources.  The basic (and very comprehensive) plugin features are free.  Just install it and set it up.

5 Monitor.  If you have something like Jetpack (you should) it will tell you about your site being offline.  Something like Sucuri can let you know if your site has changed (e.g. if it’s been hijacked to forward to a malware/scamware site).  If you get alerts quickly, restoring to the previous day’s backup is MUCH easier and quicker than having to go back to find out exactly when the hack happened, in case you don’t see your site for weeks at a time – like me.

6 When you have a success story, write down what you did and what you wish you did.  Publish it just like I’m doing now.  Help others, especially your future self to recover from what could otherwise be disasters.

Update 1: Reinfected today – but I was instantly notified by email.  I restored via my control panel, which took about 3 minutes.  I also firewall banned the IP address I got in the security report, so it wouldn’t happen again.

Lessons:

  • #5 above is amazing.  I didn’t lose anything because I acted quickly. I was able to restore from a backup that was a few hours old because Sucuri emailed me immediately.
  • Sucuri didn’t harden my upload directory like they said it would.  It was still infected from a zip file upload and php file in that directory.  I added the following .htaccess file to my uploads directory:
<Files *.php>
Deny from all
</Files>
  • Apparently there is a decent free web app firewall called BulletProof.  It will do the next step and block attackers and brute force.  Although I haven’t had these types of attacks, (probably because I have host access and I can use fail2ban and handle my own firewall) I am investigating it.  It’s definitely ugly but maybe with some research it will be worthwhile to install.
  • Sucuri’s site scanner works pretty good, it showed a dropped infected file that hung around after cleanup.  You can click all of the files that show up and delete them (or ignore them) en masse.
  • When you do a restore, such as with VestaCP, it does not remove additional files, this is good but note that it will leave infected files in place.
Categories
Apple Apps Other

TuneFab Support

I wrote about TuneFab m4v converter a while back, mostly to get a discount.  Bottom line, it worked quite well, though the UI was a bit janky.

Well, I’ve been using it a bit since then, and yup the UI is still a bit janky.  No change there.  However, I have had a few occasions to use their support, as updates of iTunes and the app came along and broke things.

I gotta say, they have fantastic support.  It’s clearly a small team, but every one of my queries was responded to, and they stuck with the bug report for many weeks to get it going again.  In that time I got a few debug versions of the app to test, and new releases that solved my problems.

An app of this nature always has you wondering, will Apple mess things up so it won’t work anymore?  Is it safe to invest in iTunes media?  Well, that’s still a thing, because Apple.  But the TuneFab support has made me quite content in the meantime.

Thanks folks, you rock.

Categories
Apple Games iPad iPhone

iOS 13 + Regular Game Controllers

I have hated the MFi program for game controllers for a long time now.  Cheap and expensive controllers for a handful of games.  There was no valid tech reason for Apple to restrict their OS to their own protocol for this!  It was a blatant cash grab.

Thankfully, that has changed in iOS 13.  Now iPads and iPhones can officially use PS4 and (newer) XBox One controllers, which are MUCH easier to find and of considerably higher quality, especially for the price.

I just discovered yesterday, thanks to this reddit post that there is a way to pair and use my 8bitdo controller with iOS.  In short: start the controller in pairing mode, then go to Settings – Accessibility – Switch Control – Switches – Bluetooth devices and add the controller.  Then it shows up as a regular Bluetooth device.

I tested it with Minecraft and Crashlands, and it works perfectly.

Note that it works in Xinput and Mac mode so I don’t see any reason you couldn’t pair other Xinput compatible controllers with the same technique.

What a ridiculous place to put what should be a pretty standard HID controller.  Still, very glad there is now SOME kind of iOS support for devices the rest of the tech world is willing to support.

Categories
Apps Browser Desktop Security

Password Keeper

I’ve been a huge fan of 1Password since the beginning. I bought several versions and upgrades for multiple machines and never regretted it.

Something happened with version 7 though, and I haven’t been as happy with the change.

What happened was subscriptions.  Now, I have a number of software subscriptions, very very few make me content.  If I stop, do I lose my stuff?  Can I stop and start again at the same price?  Do I have an option to pay up front and own my license – and more importantly, my data?

1Password makes it as hard as possible to answer those questions. They want you over a barrel.

Since I wanted a Windows version, there I was, over that barrel.  A purchase was too expensive and gave me fewer features, so I paid for a year ($35 USD) but yes, it was definitely worth it.  Fantastic integrations with everything (all browsers and mobile), online storage with browser access, and solid security.  But now something else showed up. 

That something is BitWarden.

BitWarden offers almost the same features, and is open source.  The 100% free version includes online storage, binaries for every platform (including Linux), a good browser-based interface, and amazing integration with everything.  You can even host the “online” portion yourself so you can use it in-house if you prefer, and never store your secrets on the cloud.

Some features are limited – like file attachments, one-time passwords and some other stuff require a subscription, but it’s only $10 USD a year.

File attachments I don’t really need.  One-time passwords (two factor authentication) is really important these days, and integration is… well, it’s nice.

It has undergone an independent security audit.  It’s reassuringly secure.  There is no warrant canary clause that I can see, though.

What’s missing, since you are paying less than a third of the price – if you choose to pay at all?

Vaults

1Password’s vaults are simple.  Create a bunch of them and share them as you like. 

BitWarden has a very convoluted and confusing version of this called “Organizations”.  The free version allows (just) 2 users to share access to one organization. Once you share it though, it blends all of the shared entries in with yours, with no way to filter it.  So if you have an entry called “Gmail” in both your home vault and the organization, have fun.  There is a small share icon next to the Organization one by that’s it.  It would be nice to have a search filter (to steal the VS Code syntax, something like @shared) or a smart list.

You can have “Collections” which are pretty much a security subgroup of Organizations and this allows you to… ok, no seriously… It sounds like it was designed for big companies, not family groups.  Even the terminology is frightening.

If you pay ($1/month) you can get up to 5 users.  Personally I would bump those up by 1 each level, 3 for free and 6 for personal.

1Password lets you move stuff between vaults with a right-click.  BitWarden, I have no clue.

Software Licenses

You can store license information in a secure note record, with all the details except icons, but they aren’t differentiated in any way.

Tags

There are none.  No extra filtering or grouping, one folder for each entry and that’s it.  You can mess around with an extra text field for each entry but this is all manual, nothing automatic here.

UI

There is no drag and drop! Want to put something in a folder? Open the record, edit the record, choose a folder, save. Do it again.

And those folders.  You’d think folders should be in a sidebar, kinda since that’s the default UI for folders in everything since, well, ever… nope.  They’re almost at the bottom of a list when you exit out of everything.

Favorites are at the top of that same big old list.

Super linear and clumsy, especially when you have a large screen like a tablet or desktop to work with.

Premium

Sharing and extra features are split between two different subscriptions.  It’s even split between annual and monthly payments.  When you get one you don’t get the other, you need both!

This does mean that you don’t pay for what you don’t need.  But you can end up with people in an organization some with premium some without.

Confusing.

Conclusion

Even with its many shortcomings, I can’t help but be excited about this product.  It’s more than a little confusing and lacked a little foresight but when you want to fill a password, boom it’s there. 

It’s about 80 cents a month for the full meal deal, and if you don’t want to pay that, you really don’t have to.  Security researchers even recommend that you use a separate app like Authy to maintain your passwords and 2FA information in different apps.

Maybe what I like most is that it answers those disturbing questions about subscription software.  If I stop, I don’t lose my stuff (file attachments, maybe?).  If I stop, I can restart at the same price.  I can own the license (for the basic features at least).  I can even host my own server if I want.

It’s free and it’s fantastic.  Spend some time (an hour, tops) and learn it, that will pay off many times over.

Categories
Apple Apps Desktop Other Shopping Windows

iTunes Without the iTunes Part

I have been archiving all of my purchased media for quite some time now, I like the flexibility of a digital copy, but also flexibility to view it how and where I choose (i.e. Plex).  That usually means a lot of disc ripping, and I have set up a decent system and workflow to do it.

Most of my movies come with a digital copy, usually on iTunes.  This is handy and useful, since I can stream to most of my devices that way.  Movies on iTunes sometimes have really good deals, and it’s tempting to grab something that way.  And once in a while, my physical media is damaged – sometimes incredibly slightly – and I am just unable to rip it.

Files contained in Apple’s digital library aren’t perfect though, since if I want to watch a movie at someone else’s place, it either means bringing my precious physical media (if I have it) or bringing a device to their place to watch it!  I can’t make a more highly compressed and smaller versions for those odd times I want lots of movie in little space.  It’s the inconvenience of DRM.

After a bunch of Google searches TuneFab M4V converter caught my attention.  They claim to be able to remove the DRM from my iTunes library and give me a high quality version I can use in more ways, including the above.  I thought I’d give it a try.  They offered either a free license (for high-volume bloggers) or a 30% off coupon for a review.  I’d probably review it anyway, so I’ll try for the coupon!

They offer the product on two plaftorms, Mac and Windows – separately licensed.  The first thing I tried was to download and install a version on my Mac.  When I ran it it came up with a message stating that High Sierra was not supported.  Since Mac OS has well moved on to Mojave as of this writing, I wonder if there’s a future in the Mac version of the app?  If you only have a Mac, be careful before purchasing this.  Apparently they’re looking into it, but for now… I hope you have Windows.

I downloaded and installed the Windows version.  The first thing I discovered when launching it was a big white screen like this:

Blank-ish screen
Yep, that’s most of it

You can’t see from the screenshot but the window is slightly larger than the available screen space, was not resizable and has its own non-standard window controls (close, minimize etc).  These window controls are glitchy and vanished after moving the window around a bit… the only way to exit the app was to Alt+F4 or right-click on the taskbar icon.

Their intention was to look cool and clean but honestly it causes some major issues.  (I have 3 monitors, so likely that was the problem.  I think they could fix it quickly by not centering the window across all monitors but only the active monitor).  TuneFab is not alone in falling into that trap, most Windows apps these days seem to want to blaze their own trail and make things look unique.

The options screen is very sparse as well – though it does have standard window decorations yay!  It’s not resizeable either.

2 options, it’s very roomy though.

Wait!  Don’t give up!

But I won’t be looking at this app all that often. I have a number of extremely valuable apps that are sadly pretty ugly.  So I’ll let the UI issues slide for now.  The TuneFab team is welcome to contact me to test some fixes for this.  The more important question is… does it work?

I click the very apparent “Add Files” button.  Ah, tells me I need to download a file through iTunes first before encoding.  Fair enough, it can’t work with what it doesn’t have.  I wonder if it would be possible through the iTunes scripting interface to get a list of movies in the library and trigger a download?  Still, another compromise I can understand and am willing to make.

So I downloaded a movie and clicked on “Add Files” again.  It tells me I need to have downloaded a movie.  But I just did?  Could they add a “Refresh list” button?  Eh whatever.  I restart the app and there it is, it shows up, along with other iTunes playlists listed in the sidebar.  At the bottom have appeared three buttons labeled “Add”, “Add All” and “Cancel”…

And… just as I was noticing this, my machine threw a BSOD.  Yikes.  Windows kinda makes it hard to cast the blame.  Is it a video driver?  Is it iTunes?  Is it this app?  All three together?  If it was Mac, it would almost certainly be the app, but I can’t exactly find out.

But BSODs happen.  We’re all friends and not looking to point fingers here, but try out an app.  I reboot and relaunch, select the movie and hit “Add”.  Nice, it comes up with video and codec information. 

Codec information
Looking good so far!

Off to the right (not shown) is a gear that gives you audio and subtitle information.  I had 4 tracks (AAC and AC3 in English and French) and all of the subtitles available.

Once I did all of that, I clicked “Convert”.  Since this is the trial version I only get the first 5 minutes, so let’s see.  It’s very quick on this machine (considerably faster than real time).  I’d guess it took about 20 seconds to run through 5 minutes of movie…  and boom the movie appears in the output folder!  Quality looks great and includes multiple audio tracks. 

I was able to take that file and run it through Handbrake for another resolution so yup the DRM is definitely gone!

The only option given in the Windows media player is to open a separate subtitle file (e.g. srt).  I ran CCExtractorGUI and the subtitles are definitely there.  I don’t use subtitles, but I know some of you really need them.

Value

Listed price is $49 USD, with a (temporary?) $5 discount, so $44 USD.  Is it worth this cost?

The polish on the app UI honestly isn’t great.  I expect more for an app this cost.  Maybe this is only an issue with the Windows version?  It appears they seem to be using Qt, and cross-platform toolkits tend to have these kind of issues.  I couldn’t test the Mac one so who knows?

But value for its functionality?  Let’s figure that out.

Well, if you figure a flexible backup of your existing iTunes movies is worth $11 each, it would pay for itself in 4 movies.  Or to look at it another way, if you can save $11 per movie by buying on iTunes instead of on disc, you’d break even in 4 movies.

Or, if you rip your movies, then maybe you can calculate the time it takes and average it out that way.  For me it takes almost 3 hours to rip and encode a Blu-Ray.  I don’t mind that much but this is much easier and faster – with the consideration that you still have to take the time to download a HD movie in advance.

So, it depends on your use and value of your time.  Personally, if it was $29 I wouldn’t even bother to calculate the time, it would be worth it.  Add another 10-20 bucks and it makes me stop and figure out things like this.

Wait.  If I get the 30% off coupon… (quick mental math).  DUDE.

Bottom line:

Once I got it installed and running, it was really impressive.  Very fast with excellent results.  The UI is very buggy but the engine works great.  If you want a DRM-free copy of your iTunes movies, this may be the way to get them.

Categories
Electronics Music

M-Audio StudioPro 3 repair

First of all, let me say “hi there, Googlers!”

I owned the M-Audio StudioPro 3 speakers for quite a few years before they started to fail on me.  They were not too bad, gave decent sound at reasonable desktop volume.  In the last year or so, the right speaker conked out.  Well, it played, but was really really quiet.  I replaced the cable a few times, and tested with an oscilloscope that yes, it was actually receiving signal, but very weak.

I opened it up and couldn’t see any immediate issues, like loose connections or popped capacitors.  I tried making a better solder joint on the wire leading to the right speaker jack, but didn’t notice an improvement.

I would probably have been wise to obey this

Much of my research leads to the understanding that these units will eventually fail, even if I fixed it now.  I decided I might as well convert the speaker into a passive speaker, and bypass the amp entirely.  I first thought this was as easy as attaching the speaker terminals, then I realized I still need the crossover, of course.  I just needed to find it on the board.

With the help of this page (thank you Yashar), I found at the very bottom of the page a rough estimation of what the crossover will look like in this speaker.  It is slightly different from the AV40, but the general layout of the two inductors helped me locate the general area I was looking for.

Armed with that and a little function generator I was able to find the spot after the power amp and before the crossover.  Here it is, with the original output wire removed from its spot and soldered on to an existing joint.

I removed it shortly after and threaded the wire through the hole alongside the zip tie for a small amount of strain relief.  Now the 1/8″ jack, instead of sending amplified signal OUT to the right speaker, is an input for amplified signal.  In other words, it is now a passive speaker, just like the right side one.

I can leave it unplugged from AC and still use it, as long as I have a small amp, like the little LEPY amps on Amazon/AliExpress.  The speakers seem to be rated 10W and 4ohms so I certainly can’t drive them hard with that little amp, but I think I can easily get a lot more life out of them, especially with the right one being significantly less dead than before.

I can’t guarantee that I did this right, and maybe someone will correct me, but I think I found a simple solution to save these.

Here’s the full bottom side of the PCB
Categories
Apple iPhone

Clown Sized Phone

Despite my earlier misgivings, I got a biggie size phone – the iPhone 8 Plus.  After lots of research and analysis, I realized an error in my previous logic.  I said:

It loses the magic of convenience that is so important to me in the iPhone.

That seems now to be a matter of perspective.  Yes, you lose convenience of always having your phone in your skinny jeans.  And yes, you lose convenience of easily reaching every corner of the screen with one hand.  But is that all “convenience” is about?  I also said:

when I got my 5s, I immediately wished it was a tiny bit wider to make landscape use more viable.  Typing any document in landscape only left me with about half an inch of displayed space.

So with a smaller phone, I actually gave up the convenience of seeing more of my document/ssh session in order to keep single-thumb use… and with any context that requires a bigger display I probably wouldn’t use a single thumb anyway.

With a larger phone, it seems that I don’t strictly need to use landscape in order to benefit from this.  I just have more to work with.

And, in landscape mode, the phone absorbs some of the power of the iPad.  The OS presents extra columns of information, panels that weren’t visible before are now on-screen.  This is called a “regular size class” to iOS developers (vs a “compact size class”), and it’s amazing, and frustratingly obscure.  I had to actually own one of these to get why it’s so different.  Side note: the iPhone X does NOT have the regular size class in landscape.  It’s just as cramped as ever even though it has loads of extra pixels available.  For “horns”.

Even including the onscreen keyboard, I have at least 5 usable lines to enter text.  With an external keyboard I have way more.

So, bottom line.  Is it convenient?  No, definitely not.  But is it convenient?  Oh yeah, definitely.  Maybe I’m one version behind everyone else, but I really like this format.

Categories
Uncategorized

Mounting Cloud Drives

Cloud drives are everywhere. OneDrive, Google, Dropbox, Amazon, Box, and a dozen others I haven’t remembered.  You can create your own with OwnCloud or even just WebDAV if you need.

But the problem with having a half-dozen cloud drives (and we all do) is a half-dozen sync apps to interface with them.  That can go from annoying to crippling depending on the app.  Even when you have them working together well, do you always want a sync or do you sometimes want cloud storage instead, so you can free up local drive space?

Leaving the reminder that a cloud-only file is not backed up and should be considered a transient storage solution, what can you do?  Well if you’re on Windows, look for ExpanDrive, StableBit Cloud Drive or NetDrive.  I have no opinion of the Windows version of these, as I run a Mac.

So what do I use on the Mac?

I have both ExpanDrive and Eltima CloudMounter.  I bought the latter first, because it was on a ridiculous deal in the Mac App Store, but I always considered ExpanDrive appeared to be the premier app for this purpose.  I bought it for that reason, plus the fact that it supported Amazon Cloud Drive, which at the time of my purchase was unlimited*[1. Which they quickly throttled, then revoked.  Now you get 1TB for that price – which would be reasonable if it wasn’t so slow, unreliable and inaccessible]!

ExpanDrive

Pros:

Supports Amazon Cloud Drive

Available on Windows (and Linux in private beta)

Cons:

Amazon Cloud Drive is super slow, much slower than the native uploader.

Copying large amounts of files hangs up Finder.  It seems like it splits files into proprietary chunks with a database interface.

No per-file progress indicator.  One global menubar indicator, an if you drop down the menu you will see the file currently being transferred.

CloudMounter

Pros:

Nice Dropbox-style icons to show queued, encryption and uploading status.

Yeah, you saw it… client-side encryption!  This could be significant.  You can transparently encrypt your sensitive files and upload them.

Fast!  Caching seems to handle on a per-file basis.

Cheaper – including a competitive upgrade discount, and many bundle deals include it.

Cons:

No Amazon Cloud Drive

No information about encryption.  Based on a single password, so it’s probably crackable.  It would also be nice if there was an open source decryptor so you could retrieve your data if your Mac ever blows up, or at least you know that you won’t irretrievably lose your sensitive data.

Again, the encryption – apparently you can configure only specific directories to be encrypted but I can’t see any way to do it.

Conclusion

Each app has its own advantages that the other lacks.  I wonder the real advantage of the Amazon Cloud Drive interface, as nice as it might be.  The first-party app seems to do the same thing, if a little more clumsily.  The encryption for CloudMounter was just released today, so it may have some development and documentation coming soon.  As it stands now, I think I am most impressed with CloudMounter.  I expect development and improvement from both products soon.

The Open Solutions

You can get a couple of open source products like acd_cli (for Amazon Cloud Drive only), the speedster google-drive-ocamlfuse (for Google Drive) and a super cloud-storage toolkit rclone (for several cloud drives).  These can each be used with FUSE so you can mount the remote drives into your file system and use native tools, at least for reading.

The Update

Before I even got a chance to polish and publish this, ExpanDrive came out with a major update to v6.x.  They fixed the responsiveness and added amazing features to their product.  Namely:

It appears now that they are using at least 4 threads to upload, and you can monitor progress in the menubar dropdown (percentage complete).

You can browse the filesystem right from the menu, without opening Finder.  Search files also (which is extremely quick, at least on Google!)

Finder integration, Offline file sync support, file versioning, and probably a few other things.

All in all this is a fantastic upgrade, and reverses my preference from CloudMounter to ExpanDrive.  A solid, solid release.

Categories
Apps Linux Mac Networking Other

Rescuing Encrypted files on ACD

So Amazon is shutting out Linux users.  But what if I have a bunch of encrypted files there using old encfs and acd_cli scripts?

I can copy down the encrypted files using their client at any point, but how will I know which one is which?

I did the following.  First, create a temporary directory.  I did this in my $HOME on my Mac.  Find a way that still exists to mount the drive (I used ExpanDrive).  Once that is prepared, change to the mounted and encrypted ACD directory and run this command:

find . \( -type d -exec mkdir -p "$HOME/temp/{}" \; -o -type f -exec touch "$HOME/temp/{}" \; \)

Let it run for a while, it may take several minutes.  This will create in $HOME/temp the identical directory structure as on the remote drive, and the identical filenames – but they will all be zero bytes!  What good is this?

Thanks to the consistency of encfs, you can mount and decrypt this skeleton directory like this:

ENCFS6_CONFIG=/path/to/your/encfs6.xml encfs $HOME/temp $HOME/plain

Now, use some other tricks to find the matching filenames and you can manually download the specific encrypted files you want.