Pictures from my business trip to Florence in October

November 22, 2014

In the beginning of October I have participated the ICT-Proposers’ Day in Florence, a H2020 networking event of the European commison.

Even though I spend only one night in Florence, I was able to get around the old town in the center of the city and made some valuable shots.

This was my first time in the Toskana area and it is defnitly worth going there again at some time for an extended stay.

Comments blocked for unregistred users because of SPAM

September 29, 2014

I am having a huge problem with SPAM comments in the last weeks. Because of that my site was already disabled by my hoster because my database and traffic exceeded the limits. For this reason I have disabled commenting without user account. If you would like to get in contact with me, please use the contact form. Will see how I can solve the problem…

Enable full (Internet) VPN tunneling in Linux Network-Manager

September 12, 2014

I have successfully configured a VPN connection to my home router, thus, I was able to access machines in my private LAN. Moreover, I wanted to tunnel my whole Internet traffic over this connection. Even a google search could not answer, how to solve this with the network-manager which is used in most Linux desktops.

Finally, I figured it out. You need to go into the configuration of the particular VPN, further into the tab IPv4-Configuration, click on button routes and there you have to remove the tick from box which is probably named in English something like “Use this connection only for resources of current network”. German screenshots are attached below.

Building ROS hydro from source on Ubuntu 13.10 Saucy Salamander

February 25, 2014

This post will cover the steps I made to build ROS hydro successfully from source on my Ubuntu 13.10 amd64 with German localization settings.

1. Add repositories

http://wiki.ros.org/hydro/Installation/Ubuntu

sudo sh -c
'echo "deb http://packages.ros.org/ros/ubuntu raring main" >
/etc/apt/sources.list.d/ros-latest.list'


wget http://packages.ros.org/ros.key -O - | sudo apt-key add -

sudo apt-get update

2. The basic building procedure is covered in the article below, but I will list all commands/steps I have used from this tutorial as well, together with links to resources which helped me solving problems and how I solved them. If you want to have an explanation of the steps, please refer to the provided links.

http://wiki.ros.org/hydro/Installation/Source

sudo apt-get install python-rosdep python-rosinstall-generator
python-wstool python-rosinstall build-essential

sudo rosdep init
rosdep update

mkdir ~/ros_catkin_ws
cd ~/ros_catkin_ws

rosinstall_generator desktop --rosdistro hydro --deps --wet-only
--tar > hydro-desktop-wet.rosinstall

wstool init -j8 src hydro-desktop-wet.rosinstall

rosdep install --from-paths src --ignore-src --rosdistro hydro -y

3. In order to prevent language problems on a non English system, I used following hint.

http://answers.ros.org/question/124081/unicodeencodeerror-while-installing-ros-on-debian/

export LANG=en_US.UTF-8

4. Resolving another build error:

http://answers.ros.org/question/114386/ros-hydro-from-source-on-ubuntu-1310-make-error-in-qt_gui_cpp/

sudo apt-get purge libshiboken-dev shiboken

5. Finish the build process and install ROS to a custom location.

sudo src/catkin/bin/catkin_make_isolated --install

--force-cmake
--install-space /opt/ros/hydro_custom

6. This command needs to be run every time before you are using ROS. For simplification just add it to your .bashrc

source /opt/ros/hydro_custom/setup.bash

7. Check if the installation was successful by running:

roscore

8. Enjoy…!

Truecrypt performance test on Netgear ReadyNAS 102

January 1, 2014

Happy New Year everybody!

This follow up post to my last article about using Truecrypt on my ReadyNAS 102 (with  two Seagate Pipeline HD ST2000VM003 – 2 TB – 5900 rpm RAID 1) (http://www.ceh-photo.de/blog/?p=809 ) will examine the transfer performance while using Truecrypt.

Test setup:

For comparison I have tested as well on my desktop PC:

  • Intel Core i3 2,98GHZ (Clarkdale)
  • 12GB RAM
  • WD Blue 1TB hard disk

My computer and the NAS are connected by a 100mbit Router only, unfortunately not by Gigabit-Ethernet. If someone could provide some test results using a 1Gbit router, I would be glad to get them.

The test container had a size of  2GB formatted with FAT32 and I used the default encryption settings with AES and RIPEMD-160 hashing. The test script first wrote 1GB of random data and read it afterwards.

See the test script below:

echo "Write"
dd if=/dev/zero of=testfile bs=1048576 count=1024
echo "Read"
dd if=testfile of=/dev/null bs=1048576
rm testfile

Results:

PC Truecrypt Performance

The Truecrypt performance results on my desktop computer are not very surprising. I am only wondering why the write performance with encryption is better than without. Maybe because the additional encryption layer from Truecrypt includes additional buffers or caches…

ReadyNAS Truecrypt Performance

The performance tested directly on my ReadyNAS is not surprising at all. I have expected that the performance will suffer that much, because of the low performance CPU.

ReadyNAS Remote Mouting Performance with Truecrypt

The last comparison shows different possible mounting situation to access the encrypted container on the ReadyNAS. Because for most of the test runs only the container file is used, all encryption/decryption is executed on my desktop computer. Some things are interesting. The performance with NFS and SMB without encryption is similar on my 100mbit network, but the write performance with NFS mount and encryption is much higher. As well as the read performance of the encrypted container with NFS and SMB. But like already mentioned, these results are not really trustable and a probably a result of caching. But anyway you will benefit from higher performance if you are importing or exporting mass data to an encrypted container on the NAS if you do the encryption/decryption computing on another machine. The performance you can get with encryption/decryption performed by the NAS itself is still enough for streaming data or similar tasks and do not suffer at all if you are using 100mbit only.

Let me know, if you consider this post interesting.

Truecrypt on Netgear ReadyNAS 100 series (Debian) with auto mount on attached keyfile thumb drive dongle

December 30, 2013

Since I own a Netgear ReadyNAS 102 I was wondering how I could use encryption for special content in a convenient way. Because the Netgear firmware does not provide an encryption feature inside its ReadyNAS OS wrapper on top of the underlying Debian Linux I decided to have a closer look on Truecrypt, which I already have in use on my other desktop and mobile computers.

Because Truecrypt binaries are not available for the used ARM architecture the first required step was building Truecrypt from source. During my research I came over a posting which explained the build process step by step.

http://www.readynas.com/forum/viewtopic.php?f=11&t=63214

If you really want to build it on your own, be aware of my comment inside the forum thread above. If you just want to go ahead, I have simplified the procedure for you with a prebuild binary available on my personal Debian-Dropbox-Repository:

1) Install some dependencies for https access

apt-get install apt-transport-https

2) Add my repo to your /etc/apt/sources.list

deb https://dl.dropboxusercontent.com/u/8916436/deb-packages ./

3) Install truecrypt

apt-get update
apt-get install truecrypt

Now you are able to use truecrypt. Some usage examples:

#basic mounting e.g. container  with EXT4 filesystem, you will need to adjust right privileges after mounting with chown/chmod
truecrypt -t -k "KEYFILE(S)" -p "PASSWORD" --mount-options=nokernelcrypto --protect-hidden=no --mount CONTAINER.tc /MOUNTPOINT/
#mounting with more useful right privileges
#owner will be user guest (ID=99) and the files will be accessible by all users due to umask=000
truecrypt -t -k "" -p "" --fs-options=rw,uid=99,gid=99,umask=000 --mount-options=nokernelcrypto --protect-hidden=no --mount testContrainer.tc crypt/

You can find the user and group id with the commands

id -u USERNAME
id -g GROUPNAME

Now we are able to use truecrypt on the ReadyNAS, but we will need to use SSH everytime we want to mount a volume. Of course this is not convenient, so my idea was to encrypt the container(s) with keyfile(s) instead of a password (you can also use a password and a keyfile) and mount the volume once my keyfile thumb drive is plugged into the NAS.

1) Create udev rules for automatic script execution once the keyfile thumb drive is attached or removed from the USB port

2) New udev rule:

touch /etc/udev/rules.d/99-truecrypt-auto.rules

3) With content below:

ACTION=="add",KERNEL=="sd?[0-9]",ATTRS{serial}=="13371337",SYMLINK+="truecryptkeys",RUN+="/data/Documents/automount.sh add"

ACTION=="remove",KERNEL=="sd?[0-9]",ENV{ID_SERIAL_SHORT}=="13371337",RUN+="/data/Documents/automount.sh remove"

The udev rules are executed once the specified variables are matched by a device. I figured out the variable values for the new attached device with following command after I had already attached the thumb drive.

# In my case sdg was my usb thumb drive. You can check the device node for your attached device with dmesg
udevadm info --name=/dev/sdg --attribute-walk

To gather the right environment variable to use I have used follwing command before I have unplugged my thumb drive.

udevadm monitor --environment --udev

Like you may have already mentioned, the udev rule is executing another script, which takes care of mounting and unmounting of the truecrypt container. Here comes the script, which I have stored on /data/Documents/automount.sh. Take a closer look onto the variables defined at the beginning, they specify the container, mountpoint, password(if you have one configured) and so on. The script uses all files from the thumb drive as key files for uncrypting the container. If you only want to use specific files, you will need to change the script accordingly. I just use “/media/USB_FLASH_1/” to access the thumb drive, because I do not have attached other devices usually. You may have to change this, if you have a more sophisticated environment.

#!/bin/bash

LOGFILE="/data/Documents/automount.log"

CONTAINER="PATHTOMYCONTAINER.tc"

MOUNTPOINT="MY_FORMER_CREATED/MOUNT_DIRECTORY/ON/DATA_XYZ"

DEVICESYMBOL="/dev/truecryptkeys"

DATUM=`date +"%d.%m.%y %H:%M:%S"`

PASSWORD=""

#Redirect outputs
# Open STDOUT as $LOGFILE file for read and write.
exec 1>>$LOGFILE
# Redirect STDERR to STDOUT
exec 2>&1

#check parameters
if [ $# = 0 ]; then
echo "$DATUM Missing parameters - Use 'add' or 'remove'"
exit
fi

#check parameters
if [ ! -L $DEVICESYMBOL ]; then
echo "$DATUM Key device symbolic link $DEVICESYMBOL is not available"
exit
fi

#plug in key dongle
if [ $1 = "add" ]; then

echo "$DATUM Truecrypt automount key add"

truecrypt -t -k "/media/USB_FLASH_1/" -p "$PASSWORD" --mount-options=nokernelcrypto --fs-options=locale=de_DE.utf8,umask=000 --protect-hidden=no --mount $CONTAINER $MOUNTPOINT

fi

#unplug key dongle
if [ $1 = "remove" ]; then

echo "$DATUM Truecrypt automount key removed"

#dismount container
truecrypt -d $MOUNTPOINT
#dismount all containers
#truecrypt -d

fi

In my case the container is formatted with NTFS (therefor the mounting options “–fs-options=locale=de_DE.utf8,umask=000″), this takes advantage of accessibility for direct mounting on Windows and Linux computers while being able to store files larger than 4GB. I have initialized and created my truecrypt container remotely from my PC. Another important thing to note is, I recommend to disable continous protection on the share where you store the truecrypt container, as long as you have a huge container of several GB.

You can check if the script is working proberly by manual execution with commands below

# mounting
/data/Documents/automount.sh add
#unmounting
/data/Documents/automount.sh remove

All outputs will be written to  “/data/Documents/automount.log”

A last thing is missing, the udev rules seems not beeing proberly executed during boot, so the container is not mounted on boot while the key file thumb drive is attached. To solve this issue I have used an rc-script.

1) Create a new executable script

touch /etc/init.d/truecryptmount
chmod +x /etc/init.d/truecryptmount

2) Here comes the script content:

#! /bin/sh

### BEGIN INIT INFO
# Provides: truecryptmount
# Required-Start: udev
# Required-Stop:
# Should-Start: $named
# Default-Start: 2 3 4 5
# Default-Stop:
# Short-Description: mount available truecrypt containers by key file
# Description: mount available truecrypt containers by key file if usb device is available
### END INIT INFO

set -e

# /etc/init.d/truecryptmount: tries to mount available truecrypt containers by key file

case "$1" in
start|reload|restart)

/data/Documents/automount.sh add
#udevadm trigger --verbose --action=add --property-match serial=44380c78721298
;;
stop)
;;
*)
echo "Usage: /etc/init.d/truecryptmount {start|stop|restart|reload}"
exit 1
esac

exit 0

3) Register the script with

update-rc.d truecryptmount defaults 19

Happy Crypting!

Adjust exif timestamp on command-line with exiftool

November 30, 2013

I just realized that I forgot to change the timezone/time settings in my camera since I am back from Asia (~6month). In order to fix the timestamp on all my photos I made during this time period I used exiftool for doing this on the command-line.

Move all timestamps minus 6 hours for all picture files (JPG and RAW) in current directory.

exiftool -AllDates-=6 .

Check if everything is like expected and delete the backup copies in current directory:

exiftool -delete_original .

Because I am working with Corel AfterShot (former Bibble) I had another problem. AfterShot is dumping the timestamps for all adjusted files into the xmp file and is also using these timestamps as first choice for displaying inside the application. But I figured out, that this information in not required and I just deleted it from the xmp file with sed.

Delete timestamp lines from mentioned files for all xmp files in current directory:

sed -i -E '/.*bopt:Date|DigitizedDateTime*/d' *.xmp

Actually a simple operation, but maybe helpful for someone else.

First Robotics Hackathon in Malaysia

April 30, 2013

It was a very, very awesome experience, even it was stressful for me to manage to give all the help the people needed.

But read more here:

http://news.mylaunchpad.com.my/lifestyle-entertainment/article/articleid/240547/youths-build-robots-to-protect-malaysian-shores

http://www.digitalnewsasia.com/digital-economy/makeweekend-kicks-off-2013-with-robotics-theme

I am proud to were part of this!