It’s pretty straightforward to (incrementally) backup all emails in a Gmail account to a QNAP NAS. There’s a QNAP NAS solution using Getmail but it comes with some limitations. I prefer to use Gmail-Backup. It doesn’t need any configuration files and it doesn’t have a 100 messages per session limit. It stores all mails in the .eml format, which not only works on Windows PCs but is compatible with Apple Mail as well. You can even restore deleted emails using Gmail-Backup from the NAS back to a Gmail account.

Here’s how I installed Gmail-Backup on my QNAP TS-439 PRO II+. This tutorial should work with all Intel-based QNAP TS-* models but obviously I only have the 439 to test with. I’m looking forward for your feedback if it works on your QNAP NAS model as well. Please make sure you enabled IMAP in your Gmail account settings. Gmail-Backup works for “Gmail for your domain” (it’s part of “Google Apps” now) accounts as well.

The tutorial is divided into three parts. The first part shows how to install the Optware QPKG on the NAS. This package installer is needed in order to (easily) install Python on the NAS. The 2nd part deals with the installation of Gmail-Backup and the third shows how to automate the backup using cron. It probably is helpful to have some command line skills. Read more »

When I compiled the how-to about using Duply to backup a Linux server to a FTP account I mentioned the possibility to backup all data to an IMAP account. So, all we need for our encrypted backup is a reliable IMAP account provider with a few GB of email space. In this post I’m using Gmail which provides up to 7 GB for emails for free, but instead of saving emails Duply will store encrypted backup files on that Gmail account. Read more »

My Linux root server’s hosting price plan includes a 50 GB backup storage option. The backup server can only be reached using FTP, unsecured. Even though the backup server is only visible from within my server provider’s local network, I still don’t want to expose all my server settings, accounts and databases in clear text to a man in the middle. Or, I don’t want an untrustworthy subject with access to the backup server’s file system to be able to read my backup. Also, I don’t want to send my entire site to the backup storage every day as this would eat up my 50 GB within days.

This is where Duply (formerly known as FTPlicity) comes in handy. Duply claims to make your incremental encrypted backups on non-trusted spaces a child’s play. It manages backup job settings in profiles and allows to batch execute commands. It supports symmetric and asymmetric encryption using GPG.

Duply is not limited to FTP, you can also send your backups to a IMAP, WebDAV or ssh destination (and even more!). I haven’t tried the IMAP method but in theory you could send your encrypted backup to a free Google mail account as long as you don’t exceed the 7 GB provided by Gmail. However, in this sample, I’m using a FTP scenario with asymmetric encryption.

Read more »

For “compatibility reasons” Swisscom decided to not let you choose the more secure WPA2-PSK wireless encryption mode over the now insecure WPA-TKIP mode in the Netopia 7347 VDSL router. Swisscom customer service says that there are still many customers with old wifi hardware and that’s why only WPA-TKIP is selectable and WPA2 (which uses the more secure AES algorithm) has been disabled in the router’s web interface even though the router is capable of using WPA2!
WTF?! Come on…forcing clients to use insecure wireless settings just to get rid of a few support phone calls? Read more »

Even though referer spam isn’t something new to black hat SEOs, WordPress blogs seem to get hit pretty hard with referrer spam these days.

Every time somebody clicks a link on a website, the browser sends the originating URL (the URL of the web page that hosts the link) to the target web server. This referer information can be parsed with web server log statistic software to show the webmaster where the web site’s visitors originated from. Read more »

You’re looking for a way to consume Web services in SAP NetWeaver 2004s (and SAP Composition Environment aka NetWeaver 7.1) from BEA WebLogic Server 8.1 (and newer versions) using Single Sign On (SSO)?

You may have figured out already that SAML is not an option here because the SAP side is just a SAML consumer and not a provider (as of today). The only way left is to use the proprietary SAP Logon Tickets. Proprietary authentication mechanisms always require some extra work. In this blog article I’ll fill you in on what you need to SSO-connect those two J2EE platforms. Read more »

It’s not a secret that these days most server hacking attempts originate from chinese IP addresses. A lot of attempts originate from other countries like South Korea and Indonesia as well. It seems that in those countries (cyber-)law-enforcement and technological advancement don’t correlate. I agree that a server has to be able to sustain non-flooding attacks just by using a proper and secure server configuration. But what if almost all traffic from those countries are automated vulnerability scans? Read more »

To validate/verify a SAP Logon Ticket in a non-SAP Java environment you have to call into native libraries. Fortunately there’s some Java sample code provided in the SAPSSOEXT library archive.

Go to service.sap.com (you need a valid user and download permissions) -> Download -> Support Packages and Patches -> Entry by Application Group -> Additional Components, follow the SAPSECULIB and SAPSSOEXT links and download the library versions for your operating system. You’ll also need SAPCAR to extract those .SAR files. Both libraries – sapsecu.dll and sapssoext.dll – are needed to validate a SAP Logon Ticket. Read more »

While the installation of the Linux binary for the Unreal Tournament 3 Server is dead simple, some very brave game server administrators apparently chose to run the server with root permissions because there’s no useful server start script. This usually is an exceptionally bad idea for everything that opens ports on an Internet server.

Here’s a very simple start script that starts the UT3 server with a different account which you have to create using the groupadd/useradd command. In my case I’m using user game in group game. The script will sudo to this less powerful account and then start a botless deathmatch UT3 server. The server will continue to run after you close your shell. Well, at least until the server crashes, which it does frequently. In its current form the script has to be put into the ut3-dedicated/Binaries directory. Read more »