JARVYS, Set It and Forget It Linux Backups

JARVYS_ad_125x125_3

Wouldn’t it be great if there was a cloud based file backup system that put Linux FIRST?  One that made it so we didn’t have to use FUSE?  One that didn’t put out a Windows client first and the Linux client was an afterthought?  One that you could get installed and configured quickly and easily which would allow you to ‘set it and forget it’?  Me too!

Until a few weeks ago…I wasn’t sure something like that existed.  Then I was approached by the founders of JARVYS, a backup software solution that does just that.  I had a chance to interview Cade Proulx and Matt Connor of JARVYS to understand a bit more about how it works, where it is headed, and why its perfect for those of us who develop on Linux.  I’d like to disclose that JARVYS is a sponsor of this blog.

Q:  Tell us a little bit about yourselves?

A:  Matt has been using and developing with Linux for around 15 years and I’m (Cade) a gamer at heart (MOD creation, Rig building, etc).  We met at Chapman University and began to take our start-up ideas into reality with SSD Nodes, JARVYS and Xerq.io.  We’re active in the venture capital and start-up scene; not only for ourselves, but also helping others to get started.

Q: Where did the idea of JARVYS come from?

A: We have a company named SSD Nodes that provides on-demand datacenter services, specializing in reliable, high performance cloud computing. We provide a massive dynamic platform that allows you to quickly innovate and deploy your applications on a global scale.  With that being said, our customers had a need to do small file level backups with a way to easily restore.

Q:  So is JARVYS only for people who need datacenter level services?

A:  Not at all.  The idea for JARVYS is to provide a quick (you can get installed and backing up in 60 seconds) and easy way for end users to get started with backups.  We wanted to provide a very low barrier for entry on these types of backups and restores…to make it so that people can get to working with what matters to them instead of worrying about backups.  JARVYS will work on servers or desktops…it doesn’t matter.  What matters is that JARVYS gets out of the way and lets you do your work while it continues to back your important stuff up.

Q:  When was JARVYS founded?

A:  We’ve been using the idea and backup solution with most of our customers at SSD Nodes for a long time…but JARVYS as a company and product only came to be in August or September of this year.  It was at that time we really made the code modular and cleaned it up enough to make it presentable.  We’re still in beta right now as we’re introducing some great features like zero-knowledge encryption.

Q:  How did you come up with the name “JARVYS”?

A:  JARVYS is a very popular name in the French language and we thought of JARVYS as a butler of sorts.  It seemed fitting that our software just took care of the backups for you…much in the way a butler would if you had one.

Q:  How many people work on JARVYS at the moment?

A:  We currently have 7 employees and growing.

Q: So what programming language do you use for JARVYS?

A:  Golang mostly.

Q:  Is there an API for end users to build on or a plugin system?

A:  Not yet, but in the future we plan on having a very robust API and plugin framework.  We really want people to build things on top of JARVYS.

Q:  What are your ultimate goals for JARVYS?

A:  We want JARVYS  to make dataloss a thing of the past.  We’ve seen so many customers mess up backups and lose data. There are so many holes with data preservation. There are so many moving parts to a backup such as  the restore, notifications for success and loss.  And of course, a backup system isn’t complete until you’re able to restore your data.  It is our hope that JARVYS takes the difficulty out of the backup for Linux users.

Q:  Let’s say I’m a customer and I install and get started today.  What happens to my data/backup?  Is it encrypted?  

A:  The JARVYS client uses an encrypted SSH tunnel to transmit your data to our servers here.  We’re still in beta right now but ultimately we’re looking at an encrypted storage place for everyone’s data.  We want this to be YOUR data…we want to make it so that you hold the keys to the kingdom and not even JARVYS can see your files or decrypt them.  We’re not there yet but we are currently developing and testing this ‘zero knowledge’ storage system right now.

Q:  Do you have a free plan?  If so, will it always be free?

A:  Yes, we have a free plan.  We feel that with developers and the  Linux community that there should always be a free plan.  It’s important that we contribute and give back because we’re standing on the shoulders of giants.  It just makes sense that if we take, we should give.  So we’ll always have a free plan that can get you started with hassle free backups within 60 seconds.

Q:  What would you say if someone asked “Isn’t this just another Dropbox?”

A:  We’d say that it really isn’t like Dropbox at all.  For example, with Dropbox restores aren’t going to be seamless with a single command like they are with JARVYS.  Dropbox also has a daemon that runs and it uses FUSE on Linux.  JARVYS is cron enabled and only runs when the backup happens.  It’s designed to have a very small footprint.  Restores with JARVYS take less than a few seconds while restoring files with Dropbox will take quite a bit longer.

Q:  How do I keep up to date with JARVYS releases and news?

A:  You can find us on Twitter, Facebook, and Google+.  You can also keep up with JARVYS on our Blog.

Q:  Where can I check out JARVYS?

A:  You can get started using the free plan we mentioned above.  As we said, it’s free and will always be free.  Alternatively, we’re offering a special for Yet Another Linux Blog readers:  20% off, any tier plan for the lifetime of the plan.  It’s a great deal!  To take advantage, simply use the code “linux-blog” at checkout.  Head over to our pricing page to get started.  We hope JARVYS takes the hassle out of your backups and thanks for checking us out!

How To Patch The Debian 6 Squeeze Shellshock Bug

debian-wallpaper-3

Debian I run a few webservers at work that are internal facing only (intranet) that run Debian 6 Squeeze.  I’ve been monitoring the Shellshock exploit since it was discovered a few weeks ago and have been looking for a way to get those few systems patched…despite them existing only internally.  Patches for Squeeze-lts (long term release) were released quickly and then just a last week, another patch was put into play as well.  I decided to go ahead and patch these internal systems and since I couldn’t find much out there for blog posts on how to do it…I decided to share how I did it.

Difference Between Squeeze and Squeeze-lts

The difference between Squeeze general and Squeeze-lts is that the LTS (long term support) repositories will continue to receive backported patches from the current release tree (which is version 7 for Debian).  I didn’t originally install/setup these two internal servers so the first thing I have to do is get the version of Debian these servers are running and then check to see if they are using the LTS repositories.

Finding Your Version of Debian

lsb_release -a

This command returns a vanilla squeeze install for me.

Changing Repositories to LTS

Now to see which repositories are enabled.

nano /etc/apt/sources.list

You should open your sources list with your favorite text editor.  If you just have vanilla sources like the two servers I have you can just comment out the sources listed there and paste the following:


deb http://http.debian.net/debian/ squeeze main contrib non-free
deb-src http://http.debian.net/debian/ squeeze main contrib non-free

deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

deb http://http.debian.net/debian squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian squeeze-lts main contrib non-free

Now that your sources have changed, update and patch your system:

 apt-get update && apt-get upgrade && apt-get dist-upgrade

Checking To See if You still Vulnerable

You can use bash itself to see if you’re vulnerable to the bug.  Execute the following command:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

This should return the following if you are patched:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

If you’re not patched…the word ‘vulnerable’ will appear in your results.

Further Reading on Shellshock

You can read further about how to switch to LTS repositories here:  https://wiki.debian.org/LTS/Using

For more reading on the Shellshock bug, how it is being exploited and the history/timeline, see here:  http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

Netrunner – The Best Distro You’ve Barely Heard Of

Netrunner

Netrunner

In my quest to find a professional and polished distribution of Linux that used KDE as the default desktop…I tried out quite a few flavors:  Kubuntu, Salix, Manjaro, PCLinuxOS and even OpenSuse.  All done in the past few weeks.

Each time I installed these distributions on this Dell Latitude D630 I pretended I had no idea how Linux was supposed to work.  I’d step through like a less than technical person would do.  How do I connect to wireless?  Is it easy?  Can I stream Youtube videos?  Will my mp3 collection play?  How do I manage that mp3 collection?  Will DVD’s play?  Do things ‘just work’ out of the gate?

I blogged about the beginning step in Manjaro Linux…it wasn’t as polished as I’d like.  I jumped next to Salix and found that Wicd, the default network manager…makes you jump through 9 different hoops to connect to a hidden network.  PCLinuxOS came next but it was so slow on this laptop that it lasted less than a day.  OpenSuse repeated the PCLinuxOS slowness.  Kubuntu was last and it was fine and polished…but once again, slow…random hangups when doing things like file browsing/web browsing.  Kubuntu was the closest I came to a great KDE flavored distribution…it stayed on the laptop for a couple of days.  So the question remained:  Can the distribution I am running be considered professional and polished while getting out of the way

The majority answer for most of these distributions is a resounding “NO”.

One distribution however, stood above the rest of them.  Instead of stopping on one of the above questions…I found myself having to create new and more intricate ones.  This distribution wasn’t holding me up…it was pressing me forward.  THAT is what a distribution of Linux should do.  It should be out of the way and allow you to get on with your business.  The distribution that does this the best out of that handful mentioned above is Netrunner.

The Hardware

I have an old Dell D630 Laptop which was a standard business line laptop from Dell circa 2007 or so.  It’s got an Intel Centrino and I loaded it up with 4 GB of RAM.  It has a 40 GB Hard drive in it and an Nvidia Quadro graphics card.  Overall, nothing special.  It’s very Linux friendly overall and I’ve used numerous distributions on this laptop since I picked it up at a liquidation sale.

Installation

netrunner2Netrunner uses the Manjaro installer.  Manjaro is based on Arch Linux.  Normally when people think of Arch Linux, they think of a very technical distribution that is only for the Linux elite.  The installer for Netrunner shuns the idea that you need to speak binary to install it.  Simple choices are laid out for you…I was able to encrypt my hard drive and didn’t need to know how to partition anything to get it moving.  The wizard was, simply put, phenomenal.  It was a well put together and excellent installer.

 

Day to Day Use

I’ve found Netrunner to really and truly be out of my way.  I don’t have to think to use it.  I open up music and play it.  I watch movies with no issues.  I browse Youtube videos without a thought.  Flash video just works.  When I pop in a USB Drive, it detects and mounts like I’d expect it to.  Overall, the operating system gets out of my way.  I normally use Openbox for my Linux laptop and I’ve actually gotten used to using KDE because of how polished Netrunner rolling is.

One of my favorite things about Netrunner rolling was Octopi, the graphical front end for pacman.  This tool allows you to manage all the packages on your system and to search out new ones.  It also allows you to manage AUR packages as well.  While this might not be something the average user would dive into right away…having been an Arch and Manjaro user before…I found it fantastic to have a “one stop shopping” experience via Octopi.

The overall speed of the distribution is fantastic.  I found none of the slowness that plagued the laptop during the testing of other distributions.  Things were quick and crisp when opening.  The only time I experienced slowness was when I had about 15 browser tabs open and was trying to open GIMP (I also had KDE Telepathy, Konversation, and dolphin open in the background).  Overall, I’ve found the speed quite acceptable.

Conclusion

My overall conclusion with Netrunner Rolling is that there is no better Arch platformed Linux distro with KDE as the default environment out there.  It just works.  It gets out of the way and it gives the end user a clean, crisp and efficient desktop right out of the gate.  You don’t have to know binary to get it installed, updated, and running.  You don’t have to sacrifice a goat to Cthulhu (I’ve heard that comes later?) to have a pleasing KDE experience for your desktop.  I keep saying this, but it just works.

I found it really odd that I hadn’t heard very much about Netrunner in the past but I readily admit that I hadn’t kept up with KDE based distributions in the past few years due to my fascination with Openbox.  Netrunner has won me over though…I will definitely be paying attention to this fine distribution in the future as it has taken its place as the top KDE distribution I’ve ever tried.  I hope you’ll give it a try in the future (if you haven’t already) and kudos the developers and community of Netrunner!

 

Open Source Software and New Users

Community

Open Source Software CommunityFree/Libre and Open Source software versus closed and proprietary software doesn’t matter.  It’s not the answer to solve all our problems.  It’s not the question we need to ask anyone and everyone either.  It simply doesn’t matter.  Well, it might matter to you and I…but it doesn’t matter to most people out there.

No matter what you say and do.  No matter what ideals you preach to people.  No matter what concepts about freedom you tout to them…it just won’t matter at all.  They want what they want and when they want it.  They turn a power button on and a device powers up giving them the functionality they need.  They open up a piece of software that gives them the features they want.  They don’t care whether they pay for it, if someone can alter it, if someone can distribute it, or if it was free.

It sucks that people don’t care about their own freedom with programs/code, but it’s true.

The Great Debate

The debate that rages on is usually one or two camps that support Free Software, Libre Software, or Open Source Software (or a combination of them) and those folks will lecture the end user who doesn’t care.  Have you ever been lectured about something you don’t care about?  Usually, you won’t remember anything about what is said to you when that happens.  The same is true for end users that couldn’t care less about what software they’re using…as long as it works.

Instead of lecturing these folks and talking down to them about the benefits of FOSS/FLOSS/OSS…I say we try a different approach.  I say we identify with them.  Establish a common ground.  Less like a bull in a ceramics shop.  A common proverb here in the US is that “you can catch more flies with honey than with vinegar”.  Being tactful and pleasant instead of overbearing a sharp is a good way to win people over to view things as you do.  Education is key…if you see someone using a locked in device, you could tactfully let them know of alternatives and why they might choose them.  I’ve seen the untactful approach and it does nothing but push the person farther away from free and open source software.  Less is more in these cases…no one wants to come off as a know it all…but that’s exactly what I’ve seen happen many times.

The Importance of Free and Open Source Software

I’m not trying to downplay the importance of Open Source software (Free software or Open Source software) but I am trying to downplay the importance/intensity of the debate between the various beliefs (FLOSS/FOSS/OSS).  I’ve seen people get very livid about the idea that all of their software should be completely open source or that it should be free AND open source or else they won’t use it.  I applaud these people for having a stance and sticking to it and I believe the world would be a much better place if we had more of this type of software that everyone could work on collaboratively.  I think it would spur innovation and bring people together.  But here’s the kicker…the end user DOESN’T CARE about your debate.  While it’s great that it means something to you, 9 times out of 10 it won’t mean anything to the end user.   If they’re completely new to these ideologies try easing them into understanding.  This isn’t sink or swim…everyone starts off in the shallow end first and when they’re ready they move into the deep end.  Don’t expect everyone to care right away.

If you have a user of software who will only use Open Source software…a person who staunchly supports this concept…and that person defends their stance any chance they can get, most people see it as a good thing.  In my opinion, rabid defense of ideology is sometimes not a good thing…because many times people lose the defensive stance and go on the offensive one.  The same is true for those who will only use Free and Open Source software…they become incensed at the idea that anyone would ever use anything else or would want to use.  Both of these camps tout altering the code, collaborative design, vendor lock-in, high prices of upgrades for proprietary software, and other ideological points of contention.  As I said, it’s great that these camps are so invested in their ideals…and there is a point where you do more harm than good.

The Perspective of the Uninformed New User

It’s hard for new users to understand the perspective and ideological camps behind  free and open source software because there is nothing else like it in the world.  Insisting that someone adapt immediately to the ideals put forth by FOSS is, in my opinion, an unrealistic expectation.  When someone is new to a group or community, demanding they adhere to a set of rules they don’t understand can be overwhelming.  In my opinion, a welcoming stance from the community members followed by a path of self discovery is what develops new users into the strongest supporters of free and open source software.

The attitudes and behavior new users face when initially embarking on their open source journey will stick with them and will shape their opinions for years to come.  A few years ago, I wrote an article titled “A New User Guide to Linux Communities“.  Despite being written in 2008, it is still applicable today.  New users need patience, tolerance, understanding, and empowerment when first trying FOSS.  If we can give them a positive and up-building experience, they’ll definitely come back for more and become more avid supporters.  Leave the politics and ideologies to the wayside.  Try helping the new user without trying to indoctrinate them.  Let them come to the discovery that FOSS is where they should be at.  Let them learn things on their own time and pace.  In the end, if they come to the same conclusions we have as FOSS users on their own, they’ll be more likely to stay that way and more productive community members in the future :)

Security 101 – Passwords for the Web

Advanced Options

In the past few weeks, I’ve come to realize 2 things.  First, the collegiate football (American) offseason is somewhat boring…bring on the SEASON!  Second, people’s Gmail accounts are getting hacked….a lot.  I’ve seen 2 of my friends have their accounts hacked in the past month and a half.

While there is nothing I can do about the first one, there is something I can do about the second.

I figured it might be a good idea to share how I generate passwords for web resources like Gmail and any other web based service.  I can do this in ANY browser…Opera, Chromium, and Firefox…and any operating system; because I use a tool called LastPass.

LastPass is a password vault for your browser.  It can remember any password you type on the web and it can also fill out forms for you (if you’d like).  I’ve been using it for about years now but have only recently taken advantage of their handy tools to generate passwords.  I’m going to walk you through setting it up in Firefox and generating passwords.  Hopefully, this will inspire you to change your password to something a little more complex to thwart hackers.

First of course, install the add-on/extension.  This process will differ depending on your browser.  Once LastPass is installed, make sure you sign up for an account or sign in to your existing one.  Remember, LastPass allows you to use a master password to keep a lock on your entire array of of websites you visit.  It takes security a step further by way of password generation.

Password Generation

You already have passwords for email, Facebook, Twitter, and other places on the web.  Is your password complex enough to thwart hackers attempts to crack it?  Most likely the answer is no…and if that’s the case, it would be a great idea to change your passwords to randomly generated ones and use last pass to remember it.  Imagine your password being the following:

hank65yankees

With LastPass it can become

S&Wllj98oCDFZ*

Which one seems harder for hackers to figure out to you?  So let’s get started.  During the installation for LastPass it should have told you how to access the menu…either through a standard menu or perhaps a button.  Once you access the LastPass menu, look for ‘tools’ and then choose ‘Generate Secure Password’.

This should bring up the LastPass password generation tool.  It will look something like this:

LastPass Password GeneratorAs you can see, the generator is ready to randomly generate more passwords for you by clicking the ‘generate’ button and you can copy it to your clipboard with the ‘copy’ button.  However, 8 digit passwords (default setting) may not be good enough for you.  In that case, click the ‘Show Advanced Options’ toggle.  This will bring up the following options:

Advanced Options

As you can see, you can increase the number of digits for password length…I’ve increased mine to 14 characters…and you can increase the Minimum Digit Count.  I’ve done so and moved it up to 2 digits.  Customize it however you like and once you have it set the way you like it, you can click ‘close’.  The options will save for the next time you go to generate a password.

Changing the Password

Now it’s time for us to actually change a password.  How do we do this?  Well, if you already had a LastPass account, you can visit your password vault and search for the site you would like to change.  Once you find it, you can open up the password generator and generate a new password…then edit the site inside your password vault and paste the new password.  Your job isn’t over yet though as you need to go to the actual site and change the password there as well.

If you haven’t used LastPass before, just visit the site you would like to change the password at and login.  LastPass will detect that you’re logging in and will ask if you want to remember the site you just logged in to.  You should select ‘save site’.

After you’ve logged in, go to whatever password change link the site provides and go ahead and change the password using the LastPass password generation tool pictured above.  LastPass should detect that you’re changing the password and ask if you want to update the site.  Remember, you can always manually edit the password inside the LastPass Vault.

Why Generate Passwords

I’ve shown this process to people I work with in Information Technology and they scoff at this idea of having randomly generated passwords.  They often say ‘how will I remember the randomly generated password?’ and that’s the beauty of LastPass.  It remembers so you don’t have to.  Once I tell them this, they generally move onto the question ‘well, what do I do if LastPass isn’t installed on the computer I’m using?’ and once again, the solution is LastPass.  Just head over to www.lastpass.com and login using your account details.  You’ll be redirected to your online password vault.  You’ll be able to fully manage everything as if you were using the extension in your browser.  You’ll also be able to copy and paste passwords by clicking ‘edit’ on the sites and ‘show’ beside the password field.  Sure it’s a bit more work…but it’s also quite a bit more secure.

Don’t put your trust in things you think are difficult for hackers to guess…chances are, it isn’t that hard for them to do so…allow LastPass to randomly generate them for you.  That way, you’ll never have your email account hacked like my friends did these past few months…unless you really do want to support the sale of pharmaceuticals or would like to enhance certain appendages.  I hope this helps you to use secure passwords in the future!  If you have questions, please let me know in the comments and I’ll do my best to answer them!  Thanks for reading!

How-To Choose the Right Distribution of Linux

Linux Choices
so many choices
Courtesy of evelynishere

Which distribution is the RIGHT distribution?  Is there such a thing?  When you start your journey with Linux you might here something like this:

– Ubuntu is the best distribution for the desktop
– Linux Mint is the best distribution for a home user and the desktop
– Debian is the best way to go because of its stability and solid base
– Mandriva isn’t as good as Mageia
– Mageia isn’t as good as Mandriva
– Red Hat is for servers only
– Distribution X is better than distribution Y!

Here’s the thing…statements like these are all BLATANTLY FALSE.  Why?  Because they’re opinions..everyone has one and they are all just that…opinions.

When you start your journey with Linux, don’t let someone else tell you what you should or shouldn’t use.  Go out and find what fits you like a glove and use that.  It doesn’t matter how large of community the distribution has (unless that is what you’re specifically looking for) or how often it updates or how many hits it has on the Distrowatch tracker.  Use what is best FOR YOU.  Only you can decide what distribution scratches whatever itch you have.

If you choose the right one, chances are you’ll be a part of that distribution for a long time.  But don’t worry, it isn’t like Indiana Jones and the Last Crusade and if you pick the wrong distribution you won’t turn into a dusty exploding skeleton.  In this situation, the RIGHT distribution of Linux is ANY distribution of Linux.  As long as you’re making a conscious effort to choose free software and use Linux, you win.

I’ve been in, around and even leading Linux communities since the late 1990’s and there is one thing I’ve found it is this:  Every single distribution has a place in this world.  Every single distribution has it’s own niche users.  Every single distribution of Linux is important. I’m sure many of you have heard or have said that Linux just needs to simplify more and have only a handful of distributions so we can concentrate on just that handful and make it be fantastic.  Unfortunately, that wouldn’t work very well and would stifle creativity.  To prove my point…what if we didn’t have small distributions at all?  That wouldn’t have a large effect on Linux as a whole right? Let’s take a look at that hypothesis…

If Small Distributions Never Were…

As an example:  Symphony OS.  It used FVWM and Mezzo for the desktop experience and it REVOLUTIONIZED the way we see and interact with files.  If you use Gnome 3, Ubuntu Unity, or KDE 4.X, you’re using concepts that Symphony OS was the first to put onto a Linux desktop.  Symphony never had a huge user base.  It never shot up the charts at Distrowatch.  It did however, push the envelope of what a desktop distribution can and can’t do.  It did push the boundaries of design.  It did push simplicity and usability to a new level.  It also did web apps before webapps were cool.  Somehow it never caught on…but I it influenced people and challenged people to push the envelope of what was possible and impossible with desktop Linux.

Small, Niche Distributions Perform a Function

Often times I have found Linux users looking for a distribution that fills a specific function.  “I just want a file sharing distribution” they’ll say, or perhaps “I just want a nice and simple desktop”, or maybe even “I just want a tight firewall”.  The beauty of open source software and Linux is that you’ll find small, niche distributions that fit the bill for all of those needs and when you use these distributions, you’ll continue to learn about Linux…and perhaps you’ll push the envelope of what is possible and not possible just like Symphony OS did.

Regardless if you choose small or large distributions, you win.  The fact is you CHOSE and weren’t force fed something by system installers and companies who think they know what is best for you.

We CAN All Get Along

Many times when we pick the flavor of Linux we like, we identify with its goals…the direction its heading…maybe even the direction the community champions.  There isn’t anything wrong with this.  The next time you experience passionate supporters of Linux, keep in mind that neither you nor they are the enemy.  If you both use Linux and open source, you both win.  Small, large,  and niche distributions of Linux operate harmoniously together and build off one another…it’s one of the unseen benefits of Linux and open source.  Beauty and power in simplicity through collaboration.  Congratulate yourself every single day for choosing Linux!