Use Raspberry Pi to Print From Your iPad or iPhone

Posted on by

Yesterday, I described how you can use your Raspberry Pi to download and access torrents. Today my parents asked me to help them set up printing via their iPads. They have a rather old HP Deskjet 5940 printer with a simple USB interface.

First you need to install CUPS (common unix printing system) for printer access. In my case the required printer drivers were installed automatically (hplip). If you are using a different printer you might have to check which packages you need.

After cups is installed (took about 20 min here), enable remote access to it by editing the file /etc/cups/cupsd.conf in 3 places. Add those lines in the relevant places:

1
2
3
4
5
Listen *:631
Order allow,deny
Allow 10.0.0.*
Order allow,deny
Allow 10.0.0.*

After editing the file and restarting cups with service cups restart you can login to your print server on http://raspberry-pi.local:631. Simply click Administration > Add Printer and follow the steps. If the correct driver package is installed, and the printer is turned on, it should show up on the top of the list.

If your printer installed correctly, it show up in your list of nearby printers, as well as on your iPad and iPhone. It’s not necessary to produce a special avahi-script any more, as with older iOS versions.

Raspberry Pi as Budget BitTorrent Server

Posted on by

The raspberry pi is a surprisingly powerful and cost-efficient computing device. Yesterday I put together this simple setup script to turn your new raspberry into a mean green downloading machine. The only requirement is an existing internet router and a working raspberry with SD-card.

The guys on the official raspberry site have some nice images for downloading, but since we won’t be using the graphical UI, we can use a the slim image put together by darkbasic on his site linuxsystems.it. Just follow his instructions to download, extract and install the image to a compatible SD-card. A list of tested and compatible SD-cards is available from the official site.

While installing make sure to enable SSH-access by renaming the boot-enable-ssh.rc boot.rc

Once your raspberry has booted, you need to find out its IP by looking at the router’s DHCP table. Just look for a device name raspberry-pi.

Next just create a new text file by typing vi setup.sh in your terminal window while logged into the RP. Then just copy the script provided with this blog post to your clipboard. Press “i” to go into editing mode and paste the script with Ctrl/Cmd+v. Then save it with ESC, : x. Execute the script by issuing sh setup.sh. As opposed to the default Debian image, the darkbasic image gives you root access by default. When using another image, execute the script with sudo sh setup.sh.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/usr/bin/env bash

# Installs all components needed for a nice seedbox on your new raspberry pi.
# Base image: http://www.linuxsystems.it/2012/06/debian-wheezy-raspberry-pi-minimal-image/
# Prepared by manu (at) snapdragon.cc

echo "[+] Updating packages"
apt-get update ; apt-get -y upgrade

echo "[+] Installing Samba and Transmission packages"
apt-get -y install transmission-daemon samba avahi-daemon

echo "[+] Configuring Transmission"
service transmission-daemon stop
sed -i -re 's/(rpc-authentication-required\":\ )([a-z]+)*/\1false/g' /etc/transmission-daemon/settings.json
sed -i -re 's/(rpc-whitelist-enabled\":\ )([a-z]+)*/\1false/g' /etc/transmission-daemon/settings.json
sed -i -re 's/(download-dir\":\ )([a-z]+)*(.*)/\1\"\/srv\/media\",/g' /etc/transmission-daemon/settings.json
service transmission-daemon start

echo "[+] Setting up public Samba share"
mkdir /srv/media
chown debian-transmission /srv/media

echo "[public]
comment = Public Shares
browsable = yes
path = /srv/media
public = yes
writable = yes
guest ok = yes" >> /etc/samba/smb.conf
service samba restart

Now just sit back and wait for all components to install. Depending on the speed of your SD-card, this can take up to an hour. The script will first update your package manager, then install the required applications and dependencies and settings. If you’re using a different image, you might need to adapt some package names.

If all went well, you should be able to access the transmission web interface via your Mac on the following URL: http://raspberry-pi.local:9091. On Microsoft Windows, you can try http://raspberry-pi:9091. In case neither name resolution should work, just use the IP address, you found out via your router before. The inteface should always be available on http://<raspberry pi IP>:9091.

On the transmission web interace, you can add and manage all your (legal) torrent downloads. Depending on the size of your SD-card you might need to delete old downloads from time to time.

To access your downloads, you can mount it via CIFS/SMB. On your Mac go to the Finder and connect to a new network folder by pressing CMD+k. Then type smb://raspberry-pi.local, choose to connect as guest and you should see the right folder. On Windows you can enter \\YOUR RASPBERRY IP\public in Windows Explorer. If you are a heavy Windows user, you can also enable WINS address resolution in smb.conf

If everything went well, you should now have a basic BitTorrent server. In case something doesn’t work, just start over with a new image and do the steps found in the setup script one by one. If your downloads work OK, but you can’t access them there might be a permissions issue. This is easily correctable by logging in doing a chmod -R 777 /srv/media.

Please note that you can only use this setup in a trusted network, because all user authentication and security mechanisms are disabled. If you want to access your torrent server from the public internet, you need to proxy it via a proper webserver, enable HTTPS and password authentication.

Since the whole system is running on a standard Debian image, you could add all kinds of cool features like:

  • adding torrents automatically with Flexget
  • downloading from cyberlockers, like Rapidshare with PyLoad
  • share files via HTTP with Apache and h5ai

UPC Vienna Wifi-Passwords easily broken with GPUs

Posted on by

With a majority of households using wireless access points (AP) for internet, secure Wifi has become a key consideration in people’s digital lifes. The outdated encryption standard WEP, which is rarely used any more can be broken in less than 10 minutes. For the newer WPA no direct attack exists so far. The only way is to try a large number of passwords.

Recent advances in parallel computing and graphic cards (GPU) have drastically shifted the odds in favour of potential attackers. With an ordinary CPU, found in most desktop computers and laptops, about 500 Pairwise Master Key (PMK) can be evaluated each second. Modern GPUs can calculate up to 80 000 PMKs per second.

Such an increase in speed doesn’t mean that each and every wireless network is at risk, it only shifts the vulnerable keylength further up. Consider this: At 500 PMKs per second it would take approximately 3 years to break a 6-digit password that uses upper- and lower letters, as well as digits. When using a high-end GPU, 3 years become 5.5 days.

Since password complexity increases in an exponential fashion, slightly longer passwords offer a radically better protection. A 8-letter password from the same number space would take 50 years to crack, even on a high-end GPU.

As we can see, faster cracking techniques only affect password length at the margin, if done right. At UPC Vienna, in Austria this principle is not as well understood. The routers that come bundeld with their broadband connection use an 8-letter password that only seems to consist of capital letters. (I only have access to a limited sample at this time.)

When doing the same calculations as before, such a password took about 7 years to crack, when done on a standard CPU. This would be a huge effort, just to steal your neighbors internet. If we throm in GPUs, the story changes. 7 years become about 16 days on a single workstation. This timespan is quite doable. When performing the calculations in Amazon’s EC2 cloud each UPC-password can be cracked at the cost of about 180 EUR in 3-4 hours. This number is expeced to come down in the following months, due to an increased interest in the topic.

Since it’s not feasible for UPC to change hundreds of thousands of passwords in Vienna (and maybe the whole of Austria), consumers need to act for themselves and pick a more secure key for their AP.

 

Data Retention Coming to Austria

Posted on by

On Sunday all connection data for telephone and internet connections will be saved for 6 months. This might sound harmless and people will say that they don’t mind, because they have “nothing to hide”. No matter what, once this infrastructure is in place, it can be used for all kinds of things and should therefor be opposed from the start. Consider this: Before contacting someone, you need to think, whether you want this person to be associated with you or not (because this information will be saved). If your friend is a drug dealer or pimp (and you don’t know about it), you might be surveilled as well.

For doctors and lawyers this new measure brings another problem. They can’t guarantee the confidentiality of their client correspondence any more and will have to resort to sending letters again. A detailed explaination can be found here.

If you worry about government surveillance or want to protect sensible data, contact us for consulting and secure offshore hosting services.

Easily Resize PDF on Mac OSX and Linux

Posted on by

On many occasions, you might want to resize a PDF to send it by Email or put it on the web. There are many useless Share- and Bloatware-tools (like Adobe Acrobat) that might or might not help you with that.

If you happen to work on a Linux, BSD or Mac OSX machine, you can simply use ghostscript for the task. It’s much faster and gets better filesizes than the Optimize-function of Adobe Acrobat.

All you need to do is to make sure ghostscript is installed and then put the following shortcut in your .profile or .bashrc in your home-directory.

pdfResize() {
gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dNOPAUSE -dQUIET -dBATCH -dPDFSETTINGS=/$1  -sOutputFile=output.pdf $2
}

After that’s done, open a new Terminal-window and try the following command:

pdfResize screen MyDocument.pdf

You should now find the resized document in a file called output.pdf in the same directory.

The first argument sets the quality. Available options are screen, ebook and printer. While screen gives you the smalles file size, printer provides better quality at a reasonable filesize.

Secure backups in an untrusted cloud with duplicity

Posted on by

These days it’s quite easy to get incredible deals on shared hosting space. Mostly with dodgy providers in the US or former cyberlockers (like filesonic). They don’t give you SSH access, but only FTP. Rsync doesn’t work with FTP, but duplicity does. While not as robust and fast as rsync, it’s built to work with any service that can store files. Examples include any FTP-server, Amazon S3 and SFTP.

Many tutorials suggest using a GnuPG-key for asymetric encryption, but for only protecting your content from the hosting provider, a simple symetric password should work just as well and makes things easier. So a simple working example would be:

#!/usr/bin/env bash

export PASSPHRASE=xxx
export FTP_PASSWORD=xxx
export SOURCE=$HOME
export TARGET=ftp://foo@bar.com/backups/machine

duplicity -v8 \
--exclude $HOME/'Library/Logs' \
--exclude-regexp '\.DS_Store' \
--exclude-regexp '^~\$.*' \
$SOURCE $TARGET

This works well on both Linux and Mac OSX machines. Extended options can be found on the duplicity man pages.

Recent Updates

Posted on by

Webmail was updated to version 0.7 with a new skin. I also removed the last bits of MySQL-dependence of the email-system. This has the benefit that everything is simpler to administer and more stable.

Apple iOS 5

Posted on by

Apple’s latest operating system for mobile devices has been out for a few weeks now. The upgrade was mostly an evolutionary one and didn’t add too many new features. One thing apple has done tough was to tighten their grip on devices after they have been sold, by tighter integrating them into their iCloud service. If customers should wish, they can now upload their pictures, calendar, address book, bookmarks, notes, documents or location to Apple’s servers. Since the firm’s own data center in North Carolina isn’t finished yet, extra capacity was rented from Microsoft and Amazon. This is problematic, because now we don’t even know which company is handling our data.

This is one reason why I want to remind people that almost all of iCloud’s functionality can be realized by using a simple Unix-server as well. This includes email and notes by simply using IMAP. Contacts, calendars and reminders are based on CalDAV and CardDAV. For bookmarks, documents and photos one could use WebDAV.

When using the open version of iCloud, you don’t only keep your data under control, but can also use them from non-Apple Android, Windows and Linux systems.

New nameservers

Posted on by

About a year ago EditDNS was bought by Dyn Inc. They have in fact ruined the old site and tried to lure as many customers as possible to their site. They didn’t honor lifetime memberships at EditDNS and even charged money for migration. Their prices are absolutely unrealistic as well. Hosting your DNS with them costs more than hosting a whole server. Fortunately there are some alternatives left.

Currently the site’s nameservers are mirrored in four locations, which should provide plenty of redundancy.

Additionally the most popular nameservers run by ISP are monitored hourly to detect any anomalies.

Contacts and Calendar

Posted on by

Hosted calendar and contacts service is now available for all users of email. It’s base on Card/CalDAV and should work out-of-the-box with all newer Apple devices, as well as most open source clients. For Android there are apps available.