cloud encryption: cryptomator

Here is a great solution for anyone who wants to encrypt their data before putting it onto the cloud.

https://cryptomator.org/

It's an open-source encryption software for PC, MAC, Linux, Android, and iOS. So every common plattform is supported.

How is it encrypted?

In short:
You get a realtime de-/encrypted container.

the password: scrypt
the files: AES-GCM (256 Bit)
(the filenames are also encrypted beforehand)

See the full documentation on that here: https://docs.cryptomator.org/en/latest/security/architecture/

pc windows example

Note

There are multiple files generated. good for cloud sync.
The structure looks for similar to the files and folders created with ENC DataVault by ENC Security
You get a "light" Version (which enables AES 256 bit) of that software with buying a Sandisk Cruzer USB Stick. I've bought the pro version allowing multiple, military-grade AES 512 and also AES 1024 bit containers.
=> cryptomator has a better usability

Use cases

In my case, I use it to safely share and access data between my windows pc, linux (ubuntu) and android smartphone.

On mobile, you get the option to sync your taken pictures encrypted into one container. for convenience, there is the option of entering your credentials to encrypted containers via fingerprint.

It would be possible to share cloud storage with other family members and keep private data protected.

You could also just encrypt your files locally on an external disk.

About the company: Skymatic GmbH

It's born as a german startup with the idea: there are a few cloud encryption tools available... but no one has made their code open source to be transparent and also more secure.

They also provide company licenses for implementing their technology into your own software or you can get an enterprise solution for encrypted file storing and sharing: cryptomator server https://server.cryptomator.org/

Pricing

Nov 2019:
PC / Linux / Mac: Pay what you want

0 EUR, 9 EUR, 15 EUR, 25 EUR or what you want

Android and iOS:

iOS 5,99 EUR - 4,99 USD
Android 9,99 EUR
right now there is a discount for 5,99 EUR

Terminator won’t start

I ran into a stupid error.

My terminal client Terminator wouldn't start on ubuntu and I didn't get any no error either.

I started it via terminal. Here I got the following error:

/usr/bin/terminator
except (KeyError,ValueError), ex

I found the problem and solution
python3 was changed to my default system python

=> changed it back to 2.7, everything works again

I use update-alternatives

you can set up things easily. eg. python

check if it's maybe already set up for python

# CHECK if setup for python
update-alternatives --list python

otherwise set up the alternatives

# SETUP ALTERNATIVE 1
update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1

# SETUP ALTERNATIVE 2
update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2

and configure the version you want to be used by default

# CONFIGURE
update-alternatives --config python

There are 2 choices for the alternative python (providing /usr/bin/python).
Selection Path Priority Status
0 /usr/bin/python3.6 2 auto mode
1 /usr/bin/python2.7 1 manual mode
2 /usr/bin/python3.6 2 manual mode
Press to keep the current choice[*], or type selection number:

cryptojacked apache server: high load in /tmp

coin mining abuse software is all around...
you hear it nowadays in the media

and I found an apache server who got cryptojacked ..
webserver code placed in / tmp and executed is mining

How does it look like if you find it? Lots of load

lets find where it is located by simply

ps aux | grep php

and maybe you want to stop it

kill -9 <process_ids>

looking in the (config) file

cat /tmp/phpKRGiDE.c

you can see it's a monero mining pool
which it contributes the server cpu power to

How to clean up the mess?

mount -o remount,noexec /tmp

and to make the server safe for future edit

vi /etc/fstab

change the mounting of tmp to noexec and remount it

/dev/sda3       /tmp              ext3  noexec,nosuid           0       2
mount -o remount /tmp

Digital Ocean Tutorials, Thomas-Krenn Wiki

When installing a server or an application onto a server, good Tutorials help progressing fast to get to the point.

The best Tutorials related to Server/-Software installation I know are:

freebsd pkg_add failed: no solution yet

I was trying to install sqlite3 on a really old freebsd 🙁
I'm got the following error

[root@fbd01 ]# pkg_add -r -v databases/sqlite3

scheme:   [ftp]
user:     []
password: []
host:     [ftp.freebsd.org]
port:     [0]
document: [/pub/FreeBSD/ports/i386/packages-6.3-release/Latest/databases/sqlite3.tbz]
---> ftp.freebsd.org:21
looking up ftp.freebsd.org
connecting to ftp.freebsd.org:21
<<< 220 This is ftp0.bme.freebsd.org - hosted at Bytemark.co.uk
>>> USER anonymous
<<< 331 Please specify the password.
>>> PASS degnetnoc@mail05.viruscheckservice.de
<<< 230-
<<< 230-This is ftp0.bme.FreeBSD.org, graciously hosted by Bytemark.
<<< 230-
<<< 230-FreeBSD files can be found in the /pub/FreeBSD directory.
<<< 230-
<<< 230 Login successful.
>>> PWD
<<< 257 "/" is the current directory
>>> CWD pub
<<< 250 Directory successfully changed.
>>> CWD FreeBSD
<<< 250-ISO images of FreeBSD releases may be found in the releases/ISO-IMAGES
<<< 250-directory.  For independent files and tarballs, see individual
<<< 250-releases/${machine}/${machine_arch} directories.  For example,
<<< 250-releases/amd64/amd64 and releases/powerpc/powerpc64.
<<< 250 Directory successfully changed.
>>> CWD ports
<<< 250 Directory successfully changed.
>>> CWD i386
<<< 550 Failed to change directory.
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.3-release/Latest/databases/sqlite3.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.3-release/Latest/databases/sqlite3.tbz' by URL
pkg_add: 1 package addition(s) failed

Changing to a working repo

export PACKAGESITE="ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/Latest/"

make error

okay.. it had different errors.. thats another one .. the make is too old

[root@fbd01 /usr/ports/devel/bmake]# make

"/usr/ports/Mk/bsd.port.mk", line 1038: Need an operator
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'
Unknown modifier 't'

18 open conditionals:
                           at line 20 (skipped)
                          at line 20 (skipped)
                         at line 20 (skipped)
                        at line 20 (skipped)
                       at line 20 (skipped)
                      at line 20 (skipped)
                     at line 20 (skipped)
                    at line 20 (skipped)
                   at line 20 (skipped)
                  at line 20 (skipped)
                 at line 20 (skipped)
                at line 20 (skipped)
               at line 20 (skipped)
              at line 20 (skipped)
                          at line 20 (evaluated to false)
                         at line 13 (evaluated to true)
                        at line 1110 (evaluated to true)
                       at line 1094 (evaluated to true)
make: fatal errors encountered -- cannot continue

but the make was broken

So I tried to install a newer make

pkg_add -r bmake 

the harder way:

pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-9.0-release/devel/bmake-20111111.tbz
cp /usr/bin/make /usr/bin/make.old
rm /usr/bin/make
ln -sv /usr/local/bin/bmake /usr/bin/make

In case nothing worked like for me .. going the whole long way
I tried getting the lastest old ports

wget http://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz

Search inside a tar.gz for a file/folder

tar -tvf ports.tar.gz '*bmake*'

-rw-r--r--  0 archive archive   499 Jul 14  2016 ports/cad/linuxcnc-devel/files/patch-src_hal_components_Submakefile
drwxr-xr-x  0 archive archive     0 Dec  1 02:04 ports/devel/bmake/
-rw-r--r--  0 archive archive   140 Jan 23  2014 ports/devel/bmake/pkg-plist
-rw-r--r--  0 archive archive  1520 Dec  1 02:04 ports/devel/bmake/Makefile
-rw-r--r--  0 archive archive   288 Dec  1 02:04 ports/devel/bmake/distinfo
-rw-r--r--  0 archive archive   241 Jan 23  2014 ports/devel/bmake/pkg-descr
-rw-r--r--  0 archive archive   596 Jul 30  2014 ports/math/blocksolve95/files/patch-bmake__common
-rw-r--r--  0 archive archive  1209 Aug 24  2014 ports/math/blocksolve95/files/patch-bmake__freebsd__freebsd.site
-rw-r--r--  0 archive archive  1028 Aug 24  2014 ports/math/blocksolve95/files/patch-bmake__freebsd__freebsd
-rw-r--r--  0 archive archive   349 Jul 30  2014 ports/math/blocksolve95/files/patch-bmake__freebsd__freebsd.O

unpack only one folder/file from tar.gz

tar -xvf ports.tar.gz ports/devel/bmake/

unpack .txz files

xz -d < file.tar.xz | tar xvf -

No solution found yet.
If you have another idea that might work,
write in the comments or send me an email


If you want more FreeBSD info on Ports
I found a nice "Porter's Handbook"

https://www.freebsd.org/doc/en/books/porters-handbook/

Here are some links that helped me out:

https://rtfm.co.ua/usrportsmkbsd-sites-mk-line-958-malformed-conditional/
https://rtfm.co.ua/error-unable-to-get-ftpftp-freebsd-orgpubfreebsdportsi386packages-9-0-release/

lxc launch error

if you happen to get the following error while starting lxc

root:/var/lib/lxd# lxc launch ubuntu:16.04 first
Creating first
Starting first
error: Error calling 'lxd forkstart first /var/lib/lxd/containers /var/log/lxd/first/lxc.conf': err='Failed to run: /usr/bin/lxd forkstart first /var/lib/lxd/containers /var/log/lxd/first/lxc.conf: '
  lxc 20171124185309.591 ERROR lxc_conf - conf.c:setup_netdev:2389 - failed to rename vethMY6FSD->default : Invalid argument
  lxc 20171124185309.592 ERROR lxc_conf - conf.c:setup_network:2534 - failed to setup netdev
  lxc 20171124185309.592 ERROR lxc_conf - conf.c:lxc_setup:3993 - failed to setup the network for 'first'
  lxc 20171124185309.592 ERROR lxc_start - start.c:do_start:811 - Failed to setup container "first".
  lxc 20171124185309.592 ERROR lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 3)
  lxc 20171124185309.640 ERROR lxc_start - start.c:__lxc_start:1358 - Failed to spawn container "first".
  lxc 20171124185310.216 ERROR lxc_conf - conf.c:run_buffer:416 - Script exited with status 1.
  lxc 20171124185310.216 ERROR lxc_start - start.c:lxc_fini:546 - Failed to run lxc.hook.post-stop for container "first".

the solution to this is creating a new default profile

lxc profile delete default
lxc profile create default