Configure SMS Backup + for use with FastMail

I like to keep a backup of all my received/sendt texts and all info regarding my calls.
I do this by using SMS Backup + ( https://f-droid.org/repository/browse/?fdid=com.zegoggles.smssync ), but I don’t use Google – I use FastMail.
At the time of this writing (2015-07-14) there is an issue with the package in F-droid, so you have to use an APK from another source.
So the following is needed to use SMS Backup + with FastMail.

First login to FastMail, go to Advanced Settings, and select Alternative Logins. (You need to NOT use an alternative login when viewing this.)

Create a new login, type a friendly name, select Regular as “Login Type”, input a good and complex password (20+ plus) in “Base password”, select “Full access”, and input the Master password, press “Create alternative login”
If you’d like, (and you should) create a new folder in FastMail and name it something that “fits” with the backup. I created a folder named “Log” which I’ll put both call log and SMS in, but seperate folders also works.

Now open the app on your phone, and press “Advanced Settings”, then press “IMAP Server Settings”.
Press “Authentication”, and switch to “Plain Text” (no, it won’t be Plain Text.)

Several settings were now revealed to you, use the settings from this page ( https://www.fastmail.com/help/technical/servernamesandports.html ) to get the correct ones.
At the time of writing ( 2015-07-14 ) this was:
Server address: mail.messagingengine.com:993
Security: SSL
Username: <fastmail login>
Password: <password you created above>

When all done, go back and select “Backup Settings”, mark the settings you want to backup (exclude WhatsApp, which was discontinued).
Configure this as per your liking, but under “Call log settings” and “SMS” you set “GMail labels”, this corresponds to IMAP-folders, and you should input the folder-name you created above there.

I would also recommend that you enter “Restore settings” and select a max number of messages restored, so as to not restore several thousand messages later on.

Enable “Auto backup” on main screen, and tweak “Auto backup settings” to your liking.
All done.

Advertisements

Android 4.3.1 does not import vCard 3, but imports and exports vCard 2.1

I had an issue after switching dav-syncprovider in Android (CM 12.1 nightly) from dmfs ( https://play.google.com/store/apps/developer?id=Marten+Gajda ) to DAVdroid ( https://f-droid.org/repository/browse/?fdid=at.bitfire.davdroid ).

Some of the contacts did not show up on my Android-device.
Apparently this was a known bug with some incorrectly formated contacts which DMFS supports/handles, but DAVdroid does not.

The solution was to export the contacts, and then re-import them via the wizard in Contacts-app in Android.
This gave me back all my contacts, but…

Pictures were gone.

After a bunch of searching, testing and anxiety I stumpled upon this:
https://github.com/bitfireAT/davdroid/issues/53#issuecomment-39617581
So, Android in version 4.3.1 only support importing vCard 2.1, but my .vcf-file was a vCard 3-file.
I’m guessing Android 5.1.1 is not much better.

I tried alot of things, but after reading these three issues I gave up for now. Back to DMFS untill either DAVdroid implements workaround, or owncloud starts working as it should do (because it was apparently OwnCloud’s fault.)

https://github.com/owncloud/contacts/issues/979
https://github.com/bitfireAT/davdroid/issues/578
https://github.com/bitfireAT/davdroid/issues/508

Nginx, Jessie, StartSSL, and the quest for A+

CURRENTLY THIS ONLY GIVES A, NOT A+.
I don’t have time at the moment to fix it.

 

I like to keep things as secure as I can, and I also have my own webserver running at home.
I’m too cheap to actually pay for my SSL-certificate, so therefore I use StartSSL which offers one for free.
The signup-process is well documented elsewhere, note that they do require a phone number, but I have yet to be called or otherwise contacted by them.

So, without further intro:
:~# mkdir -p /etc/nginx/ssl/csr && cd /etc/nginx/ssl/csr

:~# openssl genrsa -out private.key 4096

Remember that common name, CN, needs to be hostname of website you will use it for.
:~# openssl req -new -key private.key -out request.csr

Go to startssl.com, select the control panel, select authenticate, verify certificate if needed.
If you have verified your domain, go straight to “Certificates Wizard”, otherwise choose “Validations Wizard”, select “Domain Name Validation” and follow the wizard. When done, go back here and select “Certificates Wizard”.

Choose “Web Server SSL/TLS Certificate”, click Continue.

Under “Generate Private Key”, choose Skip, we are going to use the certificate we already created.

:/etc/nginx/ssl/csr# editor request.csr

Mark all the text, from the line containing BEGIN CERTIFICATE REQUEST to the line containing END CERTIFICATE REQUEST.
Paste the output into the field on Startssl-page, and press Continue.

Under “Certificate Request Received”, press Continue.

Under “Add Domains”, select the top domain you want to use with your ssl-certificate.
Note that you can only select domains validated the last 30 days, and that you select the top-domain even if you are going to use a sub-domain, press continue.
On the next screen you input the desired subdomain, you have to enter something.
You can for example input www here, the top-domain will be in the Alternate name anyway, so they will both validate. Press Continue.

Under “Ready Processing Certificate”, verify your settings and press Continue.

If you get an “Additional Check Required!”, it’s just a matter of waiting for an email.

When you get an email, go to your control panel on StartSSL, select “Tool Box” and press “Retrieve Certificate”.
Select the correct Certificate, and double check the expiry date, then press Continue.
Copy everything in the box.

:/etc/nginx/ssl/csr# editor signed.crt

Paste the contents from the box, and save the file.

:/etc/nginx/ssl/csr# wget https://www.startssl.com/certs/ca-sha2.pem
:/etc/nginx/ssl/csr# wget https://www.startssl.com/certs/sub.class1.server.ca.pem
:/etc/nginx/ssl/csr# cat sub.class1.server.ca.pem >> ca-sha2.pem
:/etc/nginx/ssl/csr# cat signed.crt ca-sha2.pem > hostname.crt
:/etc/nginx/ssl/csr# cp hostname.crt ../
:/etc/nginx/ssl/csr# cp private.key ../
:/etc/nginx/ssl/csr# cd ..
:/etc/nginx/ssl/csr# chmod -R 400 csr/
:/etc/nginx/ssl/csr# chmod 400 private.key
:/etc/nginx/ssl# openssl dhparam -out dhparams.pem 4096

Now this takes care of your certificate, and protects against logjam-attack.
But configuration is still needed, so here that is:

:/etc/nginx/ssl# editor /etc/nginx/sites-available/default

Make sure the following is configured:
listen 443 ssl spdy;  # Spdy is not mandatory, but it speeds up clients who support it.
server_name hostname;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/hostname.crt;
resolver 208.67.222.222 208.67.220.220 valid=300s; #OpenDNS DNS-IP’s, substitute with the servers local DNS-servers, or simply comment it out to let the server handle it itself. (It’s the server that does the requests, not the client.)
resolver_timeout 10s;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_certificate /etc/nginx/ssl/hostname.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 24h;
ssl_buffer_size 1400;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ‘AES256+EECDH:AES256+EDH:!aNULL’; #This will sacrifice some old clients, I don’t mind.
add_header Strict-Transport-Security max-age=15768000;
add_header X-Content-Type-Options nosniff;

Save the file, test config with:
:/etc/nginx/ssl# nginx -t
And if all is well, restart with:
:/etc/nginx/ssl# service nginx restart (I’m guessing a reload would also do though…)

Now go here and test:
https://www.ssllabs.com/ssltest/

As of 2015-07-08 this gave me A+.

Sources:
https://www.linode.com/docs/websites/nginx/startssl-wth-latest-nginx-debian-7
https://sethvargo.com/getting-an-a-plus-on-qualys-ssl-labs-tester/
https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/

MotionPie and custom filenames

I wanted to setup a tiny timelapse-rig using raspberry pi and the official addon-camera.

A quick search returned MotionPie ( https://github.com/ccrisan/motionPie ), and after setting it up using the supplied wiki-pages and some initial configuration I had a feed to watch.

I plugged in a USB-drive (make sure it has a partition and a filesystem MotinoPie can read (ext4 f.ex.)) and under the admin-menu, and “File Storage” you should be able to select the external storage.

In order to create a timelapse you have to save snapshots at regular intervals, this is done under “Still Images”, select “Interval Snapshots” under “Capture Mode” and insert a interval.
Remember 30 pictures per second for a movie equalls 1800 pictures per minute of video.
Dont exagerate your interval, or you will have a very long (and boring?) timelapse.

15s interval over 3 days is 10 minutes of video and 18 000 pictures.

Now the tricky part was that I wanted to create the timelapse outside of MotionPie, and therefore I needed the pictures in sequence, and not using the default file naming.
There was no real legend with variables that I wanted (I wanted to use unix time) – so some quick googling led me to this handy site ( http://www.cyberciti.biz/faq/linux-unix-formatting-dates-for-display/ ) – and that site had this handy table:

%FORMAT String Description
%% a literal %
%a locale’s abbreviated weekday name (e.g., Sun)
%A locale’s full weekday name (e.g., Sunday)
%b locale’s abbreviated month name (e.g., Jan)
%B locale’s full month name (e.g., January)
%c locale’s date and time (e.g., Thu Mar 3 23:05:25 2005)
%C century; like %Y, except omit last two digits (e.g., 21)
%d day of month (e.g, 01)
%D date; same as %m/%d/%y
%e day of month, space padded; same as %_d
%F full date; same as %Y-%m-%d
%g last two digits of year of ISO week number (see %G)
%G year of ISO week number (see %V); normally useful only with %V
%h same as %b
%H hour (00..23)
%I hour (01..12)
%j day of year (001..366)
%k hour ( 0..23)
%l hour ( 1..12)
%m month (01..12)
%M minute (00..59)
%n a newline
%N nanoseconds (000000000..999999999)
%p locale’s equivalent of either AM or PM; blank if not known
%P like %p, but lower case
%r locale’s 12-hour clock time (e.g., 11:11:04 PM)
%R 24-hour hour and minute; same as %H:%M
%s seconds since 1970-01-01 00:00:00 UTC
%S second (00..60)
%t a tab
%T time; same as %H:%M:%S
%u day of week (1..7); 1 is Monday
%U week number of year, with Sunday as first day of week (00..53)
%V ISO week number, with Monday as first day of week (01..53)
%w day of week (0..6); 0 is Sunday
%W week number of year, with Monday as first day of week (00..53)
%x locale’s date representation (e.g., 12/31/99)
%X locale’s time representation (e.g., 23:13:48)
%y last two digits of year (00..99)
%Y year
%z +hhmm numeric timezone (e.g., -0400)
%:z +hh:mm numeric timezone (e.g., -04:00)
%::z +hh:mm:ss numeric time zone (e.g., -04:00:00)
%:::z numeric time zone with : to necessary precision (e.g., -04, +05:30)
%Z alphabetic time zone abbreviation (e.g., EDT)

So then it was just a matter of replacing anything under “Image File Name” with “pics/%s” – and everything will be jolly good.