A quick shoutout to Copy.com

A quick shoutout to Copy.com

Just a quick shout-out to a new cloud storage service I discovered: copy.com. Many of you will likely be familiar with DropBox well Copy takes the same principal of synched cloud storage but gives you more space on a free account. With DropBox you get 2GB of storage on a free account, Copy, on the other hand, will give you 15GB! You can also refer friends to gain even more space (5GB per referral). Copy is run by Barracuda Networks so it's not going away anytime soon and is a company you can trust your data to so why not give copy a look. Oh, and feel free to use my referral link: https://copy.com?r=jXeozK to get an extra 5GB of storage for you and me!

Installing Samba 4 on FreeBSD

Upgrading to Samba 4 on FreeBSD

Upgrading to Samba 4 is something I recently performed on my FreeBSD NAS. The main reason for upgrading was to fix some compatibility issues with Samba 3.6 and Windows 8.1. Those issues seem to be fixed in Samba 4. Unfortunately, there doesn't seem to be a lot of documentation about the procedure to upgrade from an existing Samba installation to Samba 4 on a FreeBSD system. I've created this guide to hopefully push some of you in the right direction.

Remove Old Samba

The first thing you will need to do is remove your existing installation of Samba. This is something I wasted a lot of time trying to avoid - in the end keeping the two installs caused too many issues for me to bother. You can check which version of Samba you have by issuing the command pkg_info | grep samba. This should produce an output similar to samba4-4.0.12_1. You can then remove the old version of Samba by typing the command pkg_delete samba4-4.0.12_1.

Install new Samba

Once you have removed the old version of Samba you can go ahead and install the new version by entering the following commands:

cd /usr/local/net/samba4
make install clean

It's likely that you will encounter some errors during your first attempt to install. These errors will likely relate to dependency checks. The best way I found to deal with these is to note the required package and manually upgrade it. Two packages that gave me grief were tdb (/usr/ports/databases/tdb) and talloc (/usr/ports/devel/talloc) Eventually, you will reach a point where Samba will finish installing.

Manually Create Init-scripts

In previous versions of Samba on FreeBSD you would simply enter the command "service samba start." Unfortunately, with Samba 4 you will likely be presented with the lovely error message "You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks." Unfortunately, it seems that FreeBSD doesn't have the needed scripts created to automatically start the smbd, nmbd and winbindd services at boot. Fortunately, we can create them. You will first need to login to an account that has root privileges then issue the command nano /usr/local/etc/rc.d/smbd and place the following data inside the file:

#!/bin/sh
# PROVIDE: smbd
# REQUIRE: NETWORKING SERVERS DAEMON ldconfig resolv ntpd
# BEFORE: LOGIN
# KEYWORD: shutdown
. /etc/rc.subr
name=smbd
rcvar=`set_rcvar`
command=/usr/local/sbin/smbd
start_cmd="/usr/local/sbin/smbd -D"
load_rc_config $name
run_rc_command "$1"

You will want to repeat this step for nmbd and winbindd; of course substituting the "command" and "start_command" parameters depending on the file you are editing. After you have created startup files for nmbd, smbd and winbindd you will need to make sure they are executable by entering the command chmod +x /usr/local/etc/rc.d/smbd - of course repeating this command for all three files.

Create a New Config File

Finally, you will need to copy your existing smb.conf file to /usr/local/etc/smb4.conf so that Samba 4 will run.

And that's it! You should now have a fully functional Samba4 installation

Seting up an Ubuntu Mail Server

Ubuntu Linux is quickly becoming one of the most popular Desktop Linux distributions. As Ubuntu gains in popularity in the desktop market it is also gaining in popularity as a server operating system as well. In this guide I will run though the basics needed to get an IMAP and SMTP mail server up an running on Ubuntu Linux.

Installing the needed Applications

Assuming you are starting from a fresh install of Ubuntu Server you will need to install the following packages:

• postfix
• sasl2-bin
• courier-imap
• courier-imap-ssl

You can install all the needed packages by running the following command:

sudo apt-get install postfix sasl2-bin courier-imap courier-imap-ssl

During the installation postfix will ask you for the general type of configuration, choose "Internet Site" and when the installer asks you for the hostname enter the fully qualified domain name (FQDN) that points to your server (i.e. server.example.com).

After all the packages have been installed you can move onto configuring them.

Configuration of Postfix

The first thing you need to do is configure postfix (our email server) to use SASL authentication. Using authentication will ensure that authorized users always have access to the mail server but will ensure that spammers and other malicious parties can't take use it to relay spam. Run the following lines of code to enable SASL authentication:

sudo postconf -e 'smtpd_sasl_local_domain ='

sudo postconf -e 'smtpd_sasl_auth_enable = yes'

sudo postconf -e 'smtpd_sasl_security_options = noanonymous'

sudo postconf -e 'broken_sasl_auth_clients = yes'

sudo postconf -e 'smtpd_recipient_restrictions =permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'

sudo postconf -e 'inet_interfaces = all'

sudo echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf

sudo echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

sudo adduser postfix sasl

Your Postfix installation is now configured to use authentication, however, logins will NOT be encrypted. This means that any username or password you send to the server will be sent in cleartext, which is extremely insecure. To encrypt the transmissions of usernames and passwords you will need to enable SSL encryption:

sudo postconf -e 'smtpd_tls_auth_only = no'

sudo postconf -e 'smtp_use_tls = yes'

sudo postconf -e 'smtpd_use_tls = yes'

sudo postconf -e 'smtp_tls_note_starttls_offer = yes'

sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'

sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'

sudo postconf -e 'smtpd_tls_CA_file = /etc/ssl/certs/cacert.pem'

sudo postconf -e 'smtpd_tls_loglevel = 1'

sudo postconf -e 'smtpd_tls_received_header = yes'

sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'

sudo postconf -e 'tls_random_source = dev:/dev/urandom'

sudo postconf -e 'myhostname = server.example.com'

Make sure you replace 'server.example.com' with the FQDN of your server. You may also replace the paths for the tls key, cert and CA file paths with the path to your custom certificates if you have one.

Next, you need to force postfix to use the maildir style of directory so that it will be compatible with the courier mail server.

sudo postconf -e 'home_mailbox = Maildir/'

sudo postconf -e 'mailbox_command ='

Configuration of Courier-imap

Next, you need to configure Courier as an IMAP server so that users can retrieve emails stored on the server:

sudo maildirmake /etc/skel/Maildir

sudo maildirmake /etc/skel/Maildir/.Drafts

sudo maildirmake /etc/skel/Maildir/.Sent

sudo maildirmake /etc/skel/Maildir/.Trash

sudo maildirmake /etc/skel/Maildir/.Templates

sudo cp -r /etc/skel/Maildir /home/myuser/

sudo chown -R myuser:usergroup /home/myuser/Maildir

sudo chmod -R 700 /home/myuser/Maildir **where myuser is the name of a user on the server (not root).

Note that every time you want to allow a new user email permissions you must copy the maildir folder into the user's home directory by issuing the command:

sudo cp -r /etc/skel/Maildir /home/user/

Finally, you should configure courier to use SSL encryption to increase security. Generate a self-signed SSL certificate using OpenSSL. Follow these instructions for more information about generating SSL certificates.

After you have generated your crt and key files you need to edit /etc/courier/imapd-ssl and provide the paths to your custom certificate files.

After following this guide you should hopefully have a functional email server based on the Ubuntu Linux operating system. Additional information about Ubuntu's email services can be found at ubuntu.com.

Creating a ZeroShell Virtual Router

What is ZeroShell?

Zeroshell is a linux-based operating system that is specifically designed to operate as a router. Zeroshell can be used to replace a hardware router or firewall in a home or small office or it can be used to provide NAT and IP routing for virtual machines in a virtualized network. Zeroshell seems to run great in Microsoft Hyper-V, Oracle Virtualbox and VMware ESXi virtualization environments. The name zeroshell comes from the fact that the operating system is designed so that little or no shell access is required for administration. All basic features such as port forwarding, interface configuration, DHCP and QoS are accessible within the web GUI. Zeroshell also comes with built in software for running VPN and DNS servers, also administrable from the WebUI. Unlink other router distributions the free edition of Zeroshell has no limitations and is a breeze to install and configure. I first came across Zeroshell when I was setting up a virtual network for the discovr.us gaming community and I have since moved on to using Zeroshell for personal networking projects. In this guide I’m going to walk through the installation and basic configuration steps needed to get a Zeroshell router up and running in Microsoft HyperV.

For more information about Zeroshell, or to download it visit zeroshell.org

Installing ZeroShell

This guide assumes you are running Windows 2008 or Windows 2008R2 with the HyperV roll installed and operational. For more information on HyperV check out this Blog post. The first thing to do is set-up a virtual machine and virtual network to run Zeroshell. Open the HyperV manager and create a new virtual machine.



Give the machine a hard drive of at least 2GB (I would recommend 3) and allocate it 512mb of RAM (you can reduce the allocated RAM later but we do need at least 512mb for the initial install). When asked what network to connect it to leave the option disconnected for now. After the virtual machine has been created, open up the HyperV virtual network manager. Create two new networks, one (which I will call VM-WAN) will be an external network, allowing Zeroshell to talk with the outside world. The second network will be an internal network (I will call it VM_LAN) and it will allow all the virtual machines to talk with each other directly. When creating an external network HyperV will ask you what physical interface to connect it to. Choose the Ethernet adaptor that you use to connect Windows 2008 to the Internet.

After the virtual networks have been set-up, apply the changes and close the network manager. Next comes the tricky part. To install Zeroshell to a hard disk you must download the appropriate image and extract it onto the target disk. The most efficient way of accomplishing this is to use an Ubuntu Live CD and a second, temporary, virtual hard disk. Hop on over to ubuntu.com and download the latest version of the 32-bit live CD. While Ubuntu is downloading hop back over to HyperV to configure the network and temporary hard disk. Open up the settings for the Zeroshell VM and remove the network adaptor that Windows has added. Then go to “add hardware” and add two new legacy network adaptors to the machine. Connect one adaptor to the WAN network and the other to your LAN network and apply the settings. Next add a new hard drive to Zeroshell by clicking on IDE controller 0 and selecting ‘hard disk.’



Opt to create a new hard disk of size 4GB and select the default options. After your copy of Ubuntu has finished downloading, navigate to the DVD Drive on IDE controller 1 and connect it to the Ubuntu iso you just downloaded.

Apply the settings and then start up the VM.

If everything has been configured correctly your VM should boot off the Ubuntu live CD. And eventually load an Ubuntu desktop. The first thing you’ll need to do upon loading Ubuntu is to format the temporary hard drive you created in the previous step. If you followed these instructions then it should be a 4GB hard disk. Start by launching ‘gparted’ from the home screen.



Once Gparted fires up you should note that there are two hard disks, one 3GB disk and one 4GB disk. Select the 4GB disk and create a new ext3 partition. You will probably want to give it a label, I called mine temp.


Gparted may ask you to initialize the disk with a partition table, you can set up a partition table under “device…. Create partition table”. Apply the changes.

Close Gparted and mount the new partition by selecting it from the sidebar in a file navigation window.


Next, you need to open up Firefox and navigate to the download page for Zeroshell. Make sure you download the 2GB image file by right clicking on it and selecting save as. Save the image to the newly formatted temp hard disk. After the Zeroshell image has finished downloading open up a terminal window and cd to the directory that you have downloaded the Zeroshell image to (in my case /media/temp/). After that extract the image by running

gunzip ZeroShell-2.0.RC1-Soekris-2GB.img.gz.

Finally, write the image to your unused hard drive using the command:

dd if= ZeroShell-2.0.RC1-Soekris-2GB.img of=/dev/sda

Where /dev/sda is the identifier of your first hard disk. (if you followed this guide to the letter then /dev/sda will be your OS drive, however, if you have deviated from these instructions then you may need to use a different drive). You should see something similar to the following output if the copy was successful:

After you see the confirmation message you may shut-down Ubuntu. Before turning the VM back on we need to edit a few settings. After the VM has been turned off, open up its settings in the HyperV manager and remove the 4GB hard drive as it is no longer needed. You should also make sure that the Ubuntu iso has been removed from the VM. Finally you may reduce the amount of allocated RAM to 128 or 256mb, depending on how much load you will be putting on the server. Apply the settings and turn the virtual machine on. If everything was successful you should be presented with the default ZeroShell console.

At this point Zeroshell has been successfully installed and just needs to be configured for network access. If your Zeroshell WAN port is connected to a consumer-level ISP or another LAN then it will likely pull a DHCP address and no additional configuration is required. If, however you need to set a static IP on your WAN then you will need to enter option “I” for “edit interfaces” and enter your static IP. You will also likely need to enter a gateway. Secondly, you will want to set your LAN IP address. I would recommend using an address like ‘192.168.10.1’ rather than the most common ‘192.168.1.1.’ Further information on the configuration of Zeroshell is available at zeroshell.org.

Congratulations, you now have a virtualized router that can be used to provide a private network to all your HyperV virtual machines, and provide Internet access to a large number of VMs.

Bringing a Bricked WRT54GL back from the Dead

Recently, I found myself attempting to upgrade my network infrastructure in order to support IPv6 technology. I was using a WRT54GL running the Tomato Firmware as my primary router and I was delighted to discover that a modified build of the Tomato Firmware would support IPv6 without issue and the quest began to find some functional firmware. When selecting the correct firmware I learned the hard way that it is all too easy to load the incorrect firmware onto the router rendering it useless. In this guide I will outline the rather radical steps I followed to breathe new life into my bricked WRT54GL router.

After loading the new firmware onto my router it quickly became apparent that the router was inaccessible over the LAN and a quick trip to the server closet confirmed that the router was a brick. The easiest way to determine the state of your bricked router is to examine the power LED on the front panel. In my case the LED was constantly blinking quickly which indicated a corrupt bootloader, meaning it would not be possible to recover the router using traditional network methods. Faced with the prospect of a permanently bricked router, I began to search the Internet for a more "outside-the-box" solution and I found one over at the WRT54GL recovery guide.

First of all a little disclaimer: although this recovery method worked for me it may not work in your case. Use this method of restoration only as an absolute last resort, as the potential for permanently damaging your router is very high. It is also needless to say that following this procedure will void your router’s warranty.

In the next few steps I will explain how to remove the WRT54GL’s cover and expose the main circuit board. Next, I will explain how to short two pins on the flash memory chip in order to force the router to enter its “firmware recovery mode.” Finally, I will explain how to use a TFTP program to load the recovery firmware to the router using Telnet.

Start by popping the front cover off the router. The router simply “snaps” together so there are no screws to worry about removing. The easiest way to remove the front cover is to place the thumbs of your left and right hands below the rubber “feet” and push. You will need to press fairly hard to accomplish this. After you have removed the front panel, the plastic top should easily fall away, exposing the main motherboard. Locate the flash chip, on my router the chip is located near the LEDs, however, different revisions of the router may have the chip located in a different spot. The flash chip should be a 48-pin surface-mount component. In my router the chip was marked as MX 29LV320CTB. This guide only works for the 29LV320CTB. If your router has a different flash chip you should stop right now and investigate farther, likely this recovery method will not work and following this procedure will damage your router farther.

Using a magnifying glass, locate pins 16 and 17 and place a small piece of wire or other conductive material to them. This will short the two pins together causing the router to enter “firmware recovery mode” at boot. Be careful to ensure that ONLY pins 16 and 17 are connected as shorting additional pins together will likely cause serious damage to the flash chip. With pins 16 and 17 shorted, turn on the router by plugging it into the wall and wait 15 seconds. After the 15 second wait, remove the piece of wire and connect your computer to one of the LAN ports on the router. Set your computer to have a static IP of ‘192.168.1.2’ and a subnet mask of ‘255.255.255.0’ and try to ping ‘192.168.1.1,’ the IP address of the router. If the ping has been successful then you know you have entered “firmware recovery mode” and can proceed to the next step.

Next, download the firmware for your WRT54GL, note that the firmware you choose MUST be 3MB or smaller in file size. I would recommend you download the DD-WRT Mini version. After you load the initial firmware onto the recovered router, you may upgrade to a larger image from the web-interface. Next, you will have to install the TFTP client in windows by navigating to control panel, add remove programs, turn windows features on or off. After the TFTP client has been installed, open up a command prompt window and cd to the directory where your firmware is located. Enter the following command to load the firmware onto the router:

tftp -i 192.168.1.1 PUT "name of firmware".bin

The command should take 15-30 seconds to execute, afterwards a success message will display. Once the firmware has been successfully TFTPed to the device wait 3 minutes WITHOUT rebooting the router or removing power. After about 3 minutes you should be able to bring up the DD-WRT web-interface by typing ‘192.168.1.1’ into a web browser. If you see the DD-WRT web-interface then you have successfully recovered your router and can re-assemble the chassis. Hopefully, after following this guide, you have managed to save your WRT54GL from a future as a paperweight. If this guide hasn’t worked for you or you would like some additional tips, have a look at the WRT54GL recovery guide.

Resurrecting those old 5.25" floppies

Those of you who are regular followers of this blog will know that I have a fondness for vintage storage mediums. In my last PC I had a 5.25” floppy as well as a zip drive all running on a core i7 motherboard under Windows 7. After the Intel Ivy Bridge processors were released I decided it was time for a motherboard and CPU upgrade, the only catch was that I still wanted to keep my legacy hardware which meant the search for a modern motherboard with onboard floppy and IDE began. Eventually I came across the Asrock Fatal1ty Z77 Ivy Bridge motherboard. Along with 10 SATA connectors, dual gigabit LAN and 6 USB 3.0 ports the motherboard sported both floppy and IDE controllers, something that is becoming increasingly rare in modern PCs. About a week after placing my order I received my new motherboard in the mail and began to assemble my PC.

2 hours and several 4 letter words later I came to the devastating realization that the motherboard’s on board floppy controller offered no configuration options, meaning it was hard-set for a 3.5” drive and wouldn’t support my 5.25” drive natively.

Enter the Kyroflux

Because I can be a little obsessive and never take no for an answer I began my search for either a PCI/PCI express floppy controller or a USB-floppy adaptor, and, after many hours of searching I came across the latter. The Kyroflux is a USB floppy controller built from an arm development board. Kyroflux is unique in that it reads floppies at an extremely low level meaning that the discs can no longer be accessed through Windows Explorer, but instead through the bundled Kyroflux software. Fortunately, using the Kyroflux software is fairly simple, although it is mainly command-line based. To read floppies one has to make an image of the inserted floppy and then use a third-party application to read it. After reading the instruction manual it wasn’t long before I was making .img files from my stacks of DOS-formatted 5.25” floppies.

Writing floppies is limited to only two image types at the moment although more image types will apparently be supported in future software releases. After building an Amiga disk file (*.adf) I was able to write the image to a spare 5.25” floppy disk. Days later I was able to create an image of the floppy and open it in Opus ADF to recover the files I originally wrote to it.

While the Kyroflux isn’t a perfect alternative to a 5.25” floppy drive running natively under Windows Explorer, it still allows data to be recovered from old floppies that you may have lying around. As more computer motherboards are being manufactured without any form of floppy support the Kyroflux is certainly a great way to add legacy support to a modern PC.

140+ Days of Uptime: A shout out to Linode!

The image really says it all; 141 days of uptime and counting. For myself, an amateur system administrator and website administrator, the VPS company Linode has been a fantastic fit. I first signed up for Linode’s Linode512 package in January of 2012. The package provides me with 512MB of RAM, 20GB of disk space, and my choice of Linux distribution. Linode also allows the use of a custom Linux Kernel but I haven’t yet tried my luck with one. Linode’s packages aren’t the cheapest in the world, the basic one (Linode512) starts at $20 per month and that goes up depending on how much disk space and RAM you need, but the reliability is worth the price. I installed Ubuntu Server edition (my favorite Linux Server operating system) in February of 2012 and haven’t needed to reboot it since, even after a full system upgrade. The server itself is responsible for hosting five websites, a web proxy server, a VPN server, a DNS server, and a file server and not once have I noticed it skip a beat. While my mere 141 days of uptime may not be hugely impressive how does 272 days sound or 365? I have friends with over a year of consecutive uptime on a Linode server. Linode also has an extremely simple user interface. Using their free Linode manager users can easily deploy different Linux Distributions, repartition their virtual hard disk, or reformat a misbehaving server. While reformatting is a drastic step, the fact that it can be done with the click of a button should set most folks minds at ease. For anyone looking for a user-friendly and reliable VPS Linode should be first on the shortlist.