Fix corrupt MailStore Home Database

If you get errors about data corruption when starting up MailStore Home, here's how you can fix it.

MailStore uses a Firebird Database for storage. Luckyily Firebird includes tools to repair databases. Lets get them here:

https://firebirdsql.org/en/server-packages/

Version 2.5 worked for me for Mailstore 11.2. On newer versions of MailStore you might want to try a later version.

This guide was perfect for the repair run
https://www.ibphoenix.com/resources/documents/how_to/doc_5

Notice: You'll need to add the switches to access and to restore the databases.
 -u SYSDBA and -p masterkey

Before you start, backup your corrupted database MailStoreFileGroup.fdb.
This is what I ended up doing:

(1) Fix the errors

gfix.exe -m -f -i -user SYSDBA -password masterkey MailStoreFileGroup.fdb

(2) Backup the database
gbak -b -v -i -user SYSDBA -password masterkey MailStoreFileGroup.fdb backup.fbk

(3) Restore the database
gbak -create -v -user SYSDBA -password masterkey backup.fbk MailStoreFileGroup_reborn.fdb

Finally, replace the MailStoreFileGroup.fdb by MailStoreFileGroup_reborn.fdb

Replacing a drive by a bigger one on 2-bay Synology NAS

I have a Synology NAS 216play with two drives (2TB, 4TB) as individual drives.
I recently wanted to replace my 4TB HDD by a 8TB HDD. I wanted to keep my data in order to omit re-indexing all media. To my surprise I really couldn't find any decent tutorials or videos on how to do it excep for "back up the data, setup the NAS from scratch and restore it".

Well, I found a more elegant solution.
Notice: This tutorial only works if you have your volume setup as "Basic".

Here's the plan:

Prepare

• Most importantly: Do a backup of your data. In case something goes wrong!
• Remove all drives BUT the one you'd like to replace by a bigger one. Don't worry about the Operating system, it's mirrored to all drives. You station will boot up no matter which drive you remove. 
• Add the bigger (empty) drive in the slot
• Boot up the NAS 

Clone the drive

In order to clone the drive we'll just setup a RAID1 (mirroring)

• open the storage manager
• Open the Volume Manager Assistant by clicking "Manage"
• Change the RAID type to RAID1
• Select your empty drive to be added

This process can take a couple of hours

Remove the smaller drive

It's not as easy as it sounds as we need to tell Synology that this drive is no longer part of the RAID. If you just remove it, it will complain that the drive is missing.

Login via SSH as admin

sudo su 

fdisk -l

Now you need to identify the smaller drive, in my case it's /dev/sda
In order to remove the device from the RAID Array issue the following commands if /dev/sda is the smaller drive:

mdadm --fail /dev/md0 /dev/sda1 --remove /dev/sda1
mdadm --fail /dev/md1 /dev/sda2 --remove /dev/sda2
mdadm --fail /dev/md2 /dev/sda3 --remove /dev/sda3

or these if /dev/sdb is the smaller drive

mdadm --fail /dev/md0 /dev/sdb1 --remove /dev/sdb1
mdadm --fail /dev/md1 /dev/sdb2 --remove /dev/sdb2

mdadm --fail /dev/md2 /dev/sdb3 --remove /dev/sdb3

Three times because it needs to be done for every partion on the drive. There are two system partitions and one data partition. Now the disk station will start an alarm beep because it's missing the drive. Continue to tell synology that only one drive is expected:

mdadm --grow --force /dev/md0 -n 1
mdadm --grow --force /dev/md1 -n 1
mdadm --grow --force /dev/md2 -n 1

You can now shutdown and remove the smaller drive. It should boot up perfectly fine on the new drive. 

Expand the volume

• open the storage manager
• Open the Volume Manager Assistant by clicking "Manage"
• Expand the volume with unallocated disk space

This will grow the volume to take all available disk space. It only takes a couple of minutes. 

Shutdown the disk station and put the other drive back in. 

Done!

Installing MQTT Server

sudo apt-get install mosquitto

Modify the config file at /etc/mosquitto/mosquitto.conf

# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
#include_dir /etc/mosquitto/conf.d
allow_anonymous false
password_file /etc/mosquitto/pwfile
listener 51883

sudo mosquitto_passwd -c /etc/mosquitto/pwfile <username>

Download Speed test as cron

To download a file regularly and log the speed in a file, add the following to a script and run the script with cron

wget -O /dev/null http://url.to/file.avi 2>&1 | grep --only-matching '\([0-9.]\+ [KM]B/s\)' | awk '{ print strftime("%Y-%m-%d %H:%M:%S"), $0; fflush(); }'  >> /home/user/download.log

check_mk monitoring SMART values on debian

I was recently setting up check_mk as monitoring solution for my linux servers. It's a very conventient solution and installed in minutes. Now I wanted to go further and monitor the HDD S.M.A.R.T values of the HDD such as temperature.

Adding the plugin

For the additional check, a plugin is required. The plugin comes with the check_mk installation. Since I installed the OMD (Open Monitoring Distribution), the plugins can be found here:

/omd/versions/default/share/check_mk/agents/plugins/

Just copy the plugin called "smart" to the server you're monitoring into the agent plugins folder. I installed the agent using apt, my plugins folder is here
/usr/lib/check_mk_agent/plugins

Installing smartmontools

Since check_mk uses smartmontools, you'll need this package:

apt-get install smartmontools

Check the output

Run
/usr/bin/check_mk_agent | grep smart
and it should give you a line <<<smart>>> as output.

Reinventorize

Reinventorize your host and you'll see the new SMART values.
That's it. 

Creating a secure user for home banking

People (like me) tend to use more and more useful applications like skype, dropbox and others that run as a service in the back. Additionally, a couple of addons are installed in the browser. Everytime I enter enter my homebanking account in my browser, my gut says: Do you really trust all of the sofware? It could easily log your banking PIN and forward it to some criminals.
To make my gut feel better, I created a separate windows user just for home banking. To be clear: If you're infected by a virus, this doesn't help. Always keep your antivirus updated! Benefits of this solution

• No apps running in the back that could be nosey about my PIN
• No addons in firefox that could grab inputs or modify outputs
• Separate user data that can be secured

Step 1: Normal Accounts
First of all, your regular user account should not be an administrator. If you accidently download malware, it's very helpful if your account does not have admin permissions.

Step 2: Create new user
Create a new user account named "Homebanking". Make the accound a regular account, not administrator and set a password.

Step 3: Disable autostart
Login with the new user and run "msconfig" from the commandline. In the startup tab, you can see all autostart applications and the location they are configured to be started. Most of them are located in the windows registry in HKCU or HKLM. To disable the startup only for the homebanking user, there's a simple trick. Open startup the registry editor "regedit" as administrator. Navigate to the paths listed in the location column. In total, there are only 3 or 4 locations that should get you covered. All of them have a "run" folder. Right-Click the run folder in the regestry editor and change the permissions. Disable access for the "homebanking" user. This way, this user won't have any autostart.


Step 4: Encrypt the data
Logout the homebanking user. Login with an administrator account and navigate to C:\Users
Open the properties of the "homebanking" folder and enable encryption.

Step 5: Setup Browser
I prefer firefox. Install it (if not done, yet) and run it. You should have an empty profile now with no addons. If there are any addons, please carefully check, if you want them there or not. I'm okay with a addon from my antivirus software. Everything else will be uninstalled. Setup the bookmarks to your bank accounts or just set the default start page.

That's it!

I recommend not to use the homebanking account for anything else but home baning. I typically even don't visit any websites but my bank site.

Installing Android on HP Touchpad

 

Cyanogen Mod 7.1 is released in an alpha version which you can install on the HP Touchpad. It’s a ported version of android gingerbread. The procedure will take you about 15-20 minutes overall. There are some issues with the alpha such as instable wifi, but I already like it much better than the WebOS.

 

What you need

• Cyanogen Files
• Installer
• CM7
• Clockwork Recovery
• Moboot
• Novacom
• Download the SDK/PDK only
• Google Apps
• Download gapps-gb-full…

 

Install Novacom

Run the setup of the SDK/PDK you downloaded. Select only the commandline interface tools

 

Copy the files to the Touchpad

1. Connect the touchpad via USB. Tap the device notification on the touchpad to mount a drive in windows.
2. Create a new folder called “cminstall” in the root directory of the tochpad.
3. Copy the moboot, update-cm… and update-cwm_tenderloin… zipfiles into the folder
4. Unmount the drive and unplug the USB for the touchpad to go back to normal operation mode

 

 

Start the installer

1. Replug the USB cable, don’t connect as drive this time
2. Reset the touchpad throuch Settings > Device Info > Reset
3. When the screen turns dark, hold the volume-up key until the USB-Symbol appears
4. After a few seconds, the PC should recognize the touchpad device
5. Open a commandline window and navigate to the Novacom installatin location. In windows this is C:\Program Files (x86)\Palm\SDK\bin
6. Unzip the acmeinstaller.zip and copy the ACMEInstaller file to the novacom location
7. Run novacom boot mem:// < ACMEInstaller
8. After a few seconds, the touchpad shows a linux terminal and executes the installatin procedure
9. When done, it’ll boot into Android

 

Install the google applications

Cyanogen Mod 7.1 comes without any google applications such as Market, GMail, Maps, etc. Here’s how to install them.

1. Boot the touchpad to android
2. Connect it via USB to the PC
3. in the android taskbar, enable the USB Storage
4. In windows, copy the gapps-gb-full… file (you downloaded in the beginning) onto the touchpad
5. Reboot the touchpad
6. In the boot menu, select “Clockwork Mod” using the volume keys. Confirm with the home button
7. select install zip from sdcard > choose zip from sdcard
8. Select the gapps-gb-full… zipfile for installation
9. Reboot
10. Setup your google account

That’s it. You now have a market and you can install any apps you want. You have about 1.3 GB for apps, so don’t worry about the space

 

My Wifi hangs

The only issue I had so far was the wifi. Sometimes it doesn’t connect anymore and if you open the Wifi settings, it hangs.

If that happens,

1. delete your wifi from the list (navigation in the settings is very slow, but it still works). If you don’t manage, reboot it and try then.
2. Turn the touchpad off (reboot is not enough!). When it reboots after you selected “shutdown” (happened to me) just select shutdown again from the boot menu.
3. Wait 30s, then startup the touchpad
4. Once booted, configure your wifi connection again

After those steps, it instantly connected.

Migrate Windows 7 to an SSD Drive

If you have the pleasure to own a brand new SSD drive: Congratiulations! It’s so much more fun than a disk drive. TO get you started quickly, here’s how you can migrate your existing windows 7 to the new drive. You’re going to perform the following steps:

1. Tidy up your system
2. Create a Backup
3. Restore the Backup to the SSD
4. Align the Partition
5. Recreate MBR
6. Tweak Windows Settings

Tidy up your system

SSD space is not only much faster, it’s also much more expensive. Typically, your SSD is much smaller than your previous drive. If so, you'll need to free some space before the migration.

1. Oursource the Data (Pictures, Videos…) to another partition. See this post how to do it.
2. Uninstall not needed software
3. Clean up using CCleaner

 

Create Backup

Before you start, make a backup. Not only for safty reasons, we’ll use the backup in the next step to get an exact copy of the partitions on your SSD. Make sure you do a partition backup of drive C. I recommend to use Easus Todo Backup for this task.

Select Disk and partition backup

 

Give it a meaningful name

 

Select partition C

 

Select the destination. Best on an external drive.

 

Restore Backup to the SSD

Restore the newly created backup to your SSD Drive

 

Align the Partition

Partition alignment is very important for the speed of the SSD. If a partition is misaligned, the partition clusters overlap with the hardware blocks of the SSD. Writing one cluster on the drive results in writing 2 blocks. This dramatically reduces performance.

1. Download the GParted Live CD
2. Create a bootable media (e.g. burn the ISO to a CD)
3. Boot the PC from the Media
4. Start GParted
5. Modify the Boot Partition, select exactly 2 MiB as offset at the beginning of the partition. Uncheck the “round to cylinder” option

Recreate MBR

We just broke your MBR. Didn’t notice? Try booting Windows… it doesn’t work.

This is fixed easily.

1. Insert the windows installation disc
2. Boot it
3. After the language selection, click “Repair”

It will automatically detect the broken MBR and fix it.

 

Tweak Windows Settings

Disable Defragmentation

Start Menu -> Right-Click Computer -> Manage -> Services and Applications -> Services - > Right-Click Disk Defragmenter -> Startup type: Disabled –> OK

Disable the Page file

If you have enough RAM, you should disable paging. If you don’t have, you should buy more

Start Menu -> Right-Click Computer -> Properties -> Advanced System Settings -> Settings (Performance) -> Advanced Tab -> Change -> Uncheck Automatically manage -> No paging file -> Set –> OK

Depending on your needs, you can try more tweaks listed here.

Done!

References:

http://www.mydellmini.com/forum/windows-7/2441-windows-7-ultimate-solid-state-drive-speed-tweaks.html

Separating Programs and Data

There’s the golden IT rule: Always seperate Programs and Data. Why? Because you need to backup only Data. Programs can be easily reinsalled after a crash. If it’s mixed, it’s hard to maintain.

Target

The target is to have two partitions:

1. Drive C with Windows and all Programs on it
2. Drive D with only Data on it

This way, you can easily delete and restore the complete C Drive from a drive image if anything goes wrong with Windows. Your data is still safe on D.

Backup Data

Before you start, backup your complete system to an external drive.

Splitting the Partition

If you have only one partition, you need to split it. If you have two, you still might want to resize them to your needs. For this tutorial, we’ll assume that you have only one partition.

You’ll first need some space. Delete all your data from the C drive. By data, I mean only

• Documents
• Pictures
• Videos
• Downloads
• etc.

No Programs! And don’t forget to backup first!

For the split, I recommend using Easus Partition Master Home

Start the software and select the Partition C. Select Resize/Move Partition

The new size should be between 50-100GB. You should have at least 20% free space on C after resizing. If you have enough space, you could give it 150GB, just to be safe. In this example, I gave it 90GB

Now create a 2nd partition on the unallocated space.

This partition should fill the rest of the disc.

Finally, Apply the changes. This might take a while and you might be asked to reboot.

Move your folders

Open your account folder from the desktop

Now, do the following steps for all folders in your account folder:

1. Right-Click –> Properties
2. Tab Path
3. Change the Path to point to a new folder on drive D
4. Confirm

Restore Data

Windows will locate your personal data on drive D. Now it’s time to grab the backup you made and restore all personal data into the new folders on drive D.

Backup Drive C

Now that everything is working, backup drive C as a drive image. You can restore this image anytime if needed without losing any data on D. For image backups, I recommend the free software Easus Todo Backup

Done!

Caschys High-End lottery

Caschys blog is one of my favourite german IT-News Blogs. Today it's his 6th birthday, so...

HAPPY BIRTHDAY

A birthday comes with presents, right? Great! In this post, there's a lottery with 22 high-end presents like a Laptop, iPad, Harddrive, Mobile Phone etc...
Don't miss it!

PS: It's in german, so you might want to use google translate

Get a free S/MIME certificate for email encryption

This post describes how to obtain your personal email certificate that can be used to receive encrypted mail and to sign outgoing emails. You should never send confidential informatin via email since it can be read by any ISP and mailserver administrator on its way.

There are several providers for free S/MIME certificates. We’ll be using Trustcenter “Internet ID”. The good thing about this certificate is, that it’s valid for 1 year and it contains your real name. Some others issue only generic certificates without names.

1. Sign up

Navigate to the trustcenter certificate wizard.

This wizard is also available in german.

Fill your personal details. Press next

 

Select “High Grade” for key length and press “Generate key pair”

 

The key generation takes a few seconds. After that, fill the additional fields. The revocation password can be used in case you lose your certificate in order to “delete” it. Choose a strong password. Prexx “Next”

 

You order is confirmed.

 

2. Confirm your email address

Now check your emails. You should receive the followigng email

Follow the instructions in the email and reply.

 

3. Install the certificate

A few minutes later you’ll receive another email. This one contains a summary and a link to install the certificate. Click the link. Note that the link must be opened in the very same browser that was used to generate the key

 

You’ll see the following page if everything went fine.

Click “Install certificate”

 

4. Backup the certificate

The certificate is now stored in your browser’s certificate manager. It’s a good idea to export it for backup purposes. You’ll need to import the file if you want to use the certificate for email applications.

Navigate to Tools –> Options –> Advanced

Click “View Certificates”
You should see your certificate in the tab “Your Certificates”

Press “Backup…”
The file you’re about to export is secret. You should protect it with a strong password.

Done! You exported a PKCS#12 file which can be used with your email clients. Check my other posts for instructions.

Creating a PKCS12 certificate for free

 

If you want to experiment a little with PKI (public key infrastructure), SmartCard technology and other securty-related topics, you can create a certificate for yourself for free. Here is how it works.

 

Installing XCA

XCA is a great software to manage everything related to certificates. Just download and install it.

It’s a good idea to install all modules.

 

Creating a Certificate Authority

We want to do things right, so the 1st thing we need is a certificate authority. The authority can issue and revoke certificates. As soon as it comes to advanced tasks, we’ll need it anyway. Creation is easy, so let’s go.

Start XCA

 

Create a new Database

 

This is going to store all your valuable certificates, so give it a good password. I recommend to store the database file on an external flash drive and to keep it in a safe place as long as you don’t use it.

 

Press “New Certificate”

 

Select “[default] CA” as template and press “apply all”. This will fill all the advanced fields to create a CA (certificate authority) certificate.

 

 

Enter a meaningful name for “internal name”. This name is used only within the XCA application, so it’s just for you.

You should definily fill the commonName. This is showen as the certificate name everywhere you’ll be using it. You can name it “yourdomainname.com CA” for example.

Every certificate needs a key pair, so please generate one pressing “Generate a new key”

 

Select “RSA” and 2048 bit as keysize. Those settings are recommended if you want to load your certificate to a SmartCard later on.

 

Done! Now we have the CA created as you can see.

 

Create Personal Certificate

Usually we’d now create a bunch of certificates. One for email encytion, one for VPN, one for Windows Logon, one for …

This is useful since they are independant and for example you can revoke them individually if something should go wrong. Anyway, we’ll do the bad practice and create just one “universal” certificate being capable of everything.

Press “New Certificate” again.

This time, we don’t apply a template but switch to the Subject Tab right away. Enter the internal name and common Name. This time, you should name it after your First and Lastname to indicate, that this is your personal certificate. Also, generate a new RSA, 2048bit key for this certificate.

 

In the “Extensions” Tab, you might want to extend the validity to 5 years. Expiration increases security in case you lose your key or it’s compromised. Then press OK

 

In the “key usage” tab, select all entries in both columns. This ensures that you’ll have no restriction. Again: this is bad practice. If you want to do it right, create one certificate per application and assign rescricted key usage permissions.

Press OK

Done! You can see in the certificate chain, that your personal certificate.

Exporting your personal certificate

Now select your personal certificate and press “Export”

 

The correct exort format is “PKCS #12 with Certificate chain”. This format includes

• your personal key pair (public and private)
• your personal certificate
• all parent certificates up until the root CA certificate

 

 

To protect your keys, the file is encrypted by a password. Whenever you want to use your certificate, you need to enter the password.

Keep the exported file in a safe place. Even if it’s password protected, make sure noone else but you can access it. The safest storage is on a SmartCard.

Exporting the CA certificate

For advanced applications, you’ll need to have the CA certificate. That’s why you should export it. Select it and press “Export”

 

It’s very important to understand that we don’t export the CA’s private key now. It remains within your XCA database only and can only be used for certificate creation. Our export contains the public key and the certificate only. This is enough for other applications to verify, that our personal key was signed by the CA. That’s all they need.

Select the export format PEM and press OK

 

Summary

You created

• a XDB Database that should be stored in a safe place, offline.
• a P12 Certificate file that contains your password-protected secret key
• a CA certificate file that does not contain any secrets

SmartCard Login in Windows 7

Logging in with a smartcard to windows is usually supported ony for enterprise installations based on a domain controller. If you want this feature at home, all you need is the open source software EIDAuthenticate, a SmartCard including the driver (middleware) and a certificate. I recommend the Gemalto .NET IM V2+ SmartCard and a Certificate from StartSSL.

Installing the Software

Just download and install the latest version of EIDAuthenticate. Walk through the installer

Setting up the certificate for logon

Reboot your PC. After boot up, enter the control panel and open “Smart Card Logon”

 

Select “Use Preconfigured Card”

 

The dialog lists your all certificates on the card. You might not have a certificate on the card, the certificate chain is not complete or the EKU (Extended Key Usage) is not okay. In those cases it would be better to genereate a new certificate which allows SmartCard Logon.

 

Once you have the certificate on the card, you must import the issuer CA certificate as trusted in the windows certificate store. This will make all certificates issued by that CA trusted by windows. To do that

• Start Menu, click Run… and type mmc
• In MMC, File->Add/Remove Snap-in… and click the Add button
• Select Certificates from the list of snap-ins and click Add.
• Choose the Computer Account radio button. Click Next and then Finish.
• Right click on the Trusted Root Certification Authorities folder and choose All Tasks -> Import… to bring up the Certificate Import Wizard.

The Certificate Import Wizard will walk you through the process of selecting a certificate file and adding it to the store.

Enter the Smart Card Logon settings again and your certificate will be showen as trusted.

Press Continue

 

Type your password and press finish. If you like the smartcard signon, you can later select to allow logon only with smartcard.

 

Finally, enter your SmartCard PIN.

 

Done! On next login, you can sign on with the smartcard.