Attack from below – Oracle vs the rest

Threats rarely come from above, but most of the time from below. Small and flexible companies start with niches and keep improving their performance, until they become a threat to the established player. In this case we see the S-curve model playing out against Oracle.

These migrations indicate that after years of development, many open source or low-cost databases have now attained performance that is either roughly equivalent to parts of Oracle, such as Postgres, or have developed capabilities that while irrelevant to much of the database market, are far in advance of any technology operated by the Red Borg, such as MongoDB or Riak or Cassandra.

via Hungry termites nibbling at Oracle's foundation

Personally I'm a fan of MongoDB and Redis. I also tried CouchDB, but didn't find it very active.

China GPS offset problem

Today I stumpled over a rather fascinating post on Sinosplice. It basically says that all maps in China are based on a different coordinate system than Western maps. As a result, 'Western' GPS-coordinates projected onto them will be off between 300 to 500m.

Real and projected GPS-position in China. Offset varies between 300 and 500m

I noticed this issue while playing Ingress in Shanghai. While walking along the Bund, I always ended up in the Pu-river. It seems that Google Maps has a correction-algorithm built in, while Ingress hasn't. This still doesn't help you while tagging photos or sharing your position with friends. Continue reading

Setting Postfix to encrypt all traffic when talking to other mailservers

Update Aug 9, 2013: The biggest German email providers are currently running a big marketing campaign and promise secure email. They are using the same technique described on this page. After checking my logs, I can confirm that GMX-emails were delivered unencrypted on Aug 5, but arrived encrypted on Aug 6.

Thanks to Mr. Snowden, we know two important facts about the world of security and email:

First, most governments in the world will eavesdrop and store your communication, if they get the chance. They don't have a specific reason and the benefits are highly disputed.

Second, your users can't/won't use PGP or S/MIME to encrypt their email.

The job is left to admins. We need to maximize usability and compatibility, while ensuring that user data stays confidential. If you are running Postfix, I'd like to draw your attention to some useful settings that will protect your user's email in transit. If emails stay on the same server or the other server is secured as well, there is little chance to intercept messages on a big scale. If your users are sending emails to Gmail or Hotmail, then interception is still possible at the receiving end.

Make Postfix encrypt messages at all stages of delivery.
Figure 1: Vulnerability of email-messages in transit.

Continue reading

M/Monit preparing new monitoring tool

Since my webserver broke down, while I was caught on a ship to Japan, I have relied on the excellent monit to have an eye on all my important services.

Currently their inventors, who give the client-version away for free are working on a remarkable evolution of their M/Monit-tool, a solution to keep track of multiple monit-instances. It only used to give you alarms and show events. Now it will record your system load and memory usage.

If you already have monit installed, this is a great complement. Find out about the beta-version here.

OwnCloud Update

OC has been updated to version 5. Some of the shared files are not compatible between major versions. If you are missing any shares, just recreate them.

Rest should be ok. If you have any issues, let me know.

Happy New Year 2013!

Good luck in 2013 to everyone. I hope that it will be quieter than 2012 and we get some time to consolidate some of the big trends that started in 2012. My favourite ones are the Raspberry Pi and ownCloud.

I also applied the latest 3.5 update to WordPress. This brought some changes in media management. So in case you miss some pictures, just check for the correct paths in your posts. Generally most stuff should still work.

OwnCloud 4.5 released

This morning version 4.5 of the excellent owncloud package was released. This is excellent competition to all those Apples and Googles who fight to take control of your personal data. Finally there is a decent solution to host all of this yourself.

Calendar, as well as sharing it works flawless without problems. For addressbooks, there seems to be a flaw in Mac OSX, which prevents the addressbook app to see more than one of them. It just picks the first it sees. If someone shares an addressbook with you, it can even cover up your own contacts. This is quite annoying and I recommend not using this feature for now. Hopefully a workaround is found soon.

Rest should work fine. You can install all settings via profiles as usually. Old installations will continue to work as well. In case you experience any problems, just reinstall your configuration profile and let it sync again.

Scan image via SSH

We have an ancient Brother scan+print combination in our apartment. Cheap and reliable. Printing works well over CUPS, also from iPads with Airprint. My only issue was scanning. It works well with SANE, which also works via your network. Only problem is that the packages provided by Mattias Ellert on his website are a bit outdated and don't always work with the latest Mac OSX. So here is a quick trick to scan on a remote machine without the trouble of moving the file later:

[cc lang="bash" width="100%" noborder="1" theme="dawn"] ssh cyrus@gaia.local "sudo scanimage --resolution 400 --format=tiff" | convert tiff:- -quality 90 -quiet `date "+%Y-%m-%d_%H-%M-%S"`.jpg  [/cc]

Basically this command pipes the image over SSH and hands it over to the local convert for compression. Neat and elegant. 🙂

XBian – Raspberry Pi-based distro for running XBMC

Here just some upaid advertising for a nice armhf-based XBMC distro, I discovered some time ago. If you just want to use your RPI for watching movies and TV-shows, this is definitely for you. It auto-starts XBMC, mounts USB-drives and lets you connect to NFS and SMB as well. They only thing you might want to do is keep your XMBC-user folder on a different drive, so you can easily switch versions and always have a backup.


Raspberry Pi for CCTV using motion

I wrote about doing CCTV with zoneminder before, but realized that this might be overkill for many people. If you use less than 4 cameras, you can use the motion package. It works nicely with the Logitech webcam, I connected to my Raspberry.

Raspberry Pi running motion over a web browser
Figure 1: Raspberry Pi running motion over a web browser.

The camera worked out of the box except that saturation, brightness, etc was way off. You can configure it with the v4l2-utils package. Once you have verified that the picture is OK by using uvccapture, you should be ready to install motion. For my USB webcam, motion worked out of the box. No settings needed at all. For finetuning, I changed the framerate in /etc/motion/motion.conf to 25. Even at that rate, load stayed at 0.00 with abotu 20% CPU usage. Maybe the GPU is doing the bulk of the image processing work.

Continue reading

Discontinued: DaviCal

The outdated and little-used calDAV and cardDAV service at has been discontinued in favor of the more modern ownCloud. Users are encouraged to move their data to the new platform. The OTA-profiles are already adapted to the new service. The service will probably be turned off on 1 Nov 2012 or after ownCloud gets better calendar sharing.

Using Raspberry Pi for CCTV with Zoneminder

Note: zoneminder might be overkill for many people. If you have less than 4 cameras, also read my article about doing CCTV with the motion package.

One of the first uses, for the Raspberry Pi, I thought of was qick-and-dirty CCTV. This could be useful for scenarios, like remote construction sites, senior citizens, holiday homes, etc.

The only gear needed is a Raspberry Pi, a USB webcam and internet access through a router. The webcam could also be a network camera or a network digitizer. That way you have more flexibility with your location. The router could be substituted for a 3G data stick. If you have a spare TV, you could also use it for viewing those cameras. Continue reading