From trac at boxbackup.org Sat Oct 6 12:00:01 2012 From: trac at boxbackup.org (trac at boxbackup.org) Date: Sat, 6 Oct 2012 12:00:01 +0100 (BST) Subject: [Boxbackup-dev] Current open tickets Message-ID: <20121006110001.A61EF198B2D@www.boxbackup.org> Note: to view an indiviual ticket, use: https://www.boxbackup.org/trac/ticket/(number) The following is a listing of current problems submitted by Box Backup users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Ticket Owner Component Summary - ------ ------ ------------- ------------------------------------------------------------ n 4 martin box libraries Port Box Backup to AIX n 6 box libraries Contribute code: SMTP client, HTTP server, Database drivers, n 7 box libraries Improve restore speed on local repositories n 8 chris box libraries Improve handling of directories with many files n 13 chris bbackupd Fix file locking on Windows n 14 chris bbackupd Fix large file issues on Windows n 16 chris bbackupquery Restore deleted directories may fail a 17 chris bbackupquery List files using wildcards a 20 chris bbackupctl bbackupctl reload reports prior settings n 45 ben bbackupd File diff performance patch (reduced disk IO and wall time n 46 chris bbackupd bbackupd only ever saves reverse diffs, corrupted files on s n 47 chris bbackupd Account numbers greater than 2^31 (0x7fffffff) do not work c n 48 chris bbackupd Locations that don't exist on first run are never tried agai n 49 chris bbackupd ID map (rename tracking) broken since [288] n 50 chris bbackupquery No way to capture stderr under Windows n 51 chris bbackupd No way to force bbackupd to re-upload files under Windows n 52 chris bbackupd Unable to control the maintenance of old vs. deleted files n 53 chris bbackupd Comparing root directory locations does not work under Windo n 54 chris bbackupd Locations not found on disk (e.g. unmounted filesystems) can n 55 chris bbackupd Should store and preserve directory timestamps n 56 bbackupquery Windows: User can polute restore directory by adding a trail n 57 ben bbackupd Create boxbackupresume and other files in DataDirectory n 58 ben bbackupd bbackupquery connection timeout results in error message, sh n 59 ben bbackupd Inconsistent treatment of NotifyScript between Box Backup an n 60 ben bbstored Case sensitivity between bbstored-certs and Boxi n 62 ben bbackupd Backups of deleted files may be removed very quickly by hous a 63 chris bbackupd Support hard links in directories n 65 ben bbackupd Some file attributes under Windows are not backed up n 66 ben bbackupd Windows ACL support a 67 chris bbackupd Add mutexes for Win32 (client) to enable detection of runnin n 68 ben bbackupd More details when ReadError occurs n 69 bbackupquery CRTL+C closes bbackupquery console window under Windows n 70 ben bbackupd Non-ascii character cause error for notifyscript path n 71 ben bbackupd bbackupd.log gets randomly deleted n 72 test suite Patch intercept.h and intercept.c for NetBSD 4 and 5 n 74 bbackupquery Reconnect bbackupquery automatically, or at least have a "co n 75 ben bbackupd Restore times wrong, times on store correct n 77 ben bbackupd Min verbosity switch broken for bbackupquery a 78 chris bbackupd Error level for "bbackupquery.exe -u" 39 tickets total. From trac at boxbackup.org Sat Oct 13 12:00:01 2012 From: trac at boxbackup.org (trac at boxbackup.org) Date: Sat, 13 Oct 2012 12:00:01 +0100 (BST) Subject: [Boxbackup-dev] Current open tickets Message-ID: <20121013110001.CD41B1983B8@www.boxbackup.org> Note: to view an indiviual ticket, use: https://www.boxbackup.org/trac/ticket/(number) The following is a listing of current problems submitted by Box Backup users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Ticket Owner Component Summary - ------ ------ ------------- ------------------------------------------------------------ n 4 martin box libraries Port Box Backup to AIX n 6 box libraries Contribute code: SMTP client, HTTP server, Database drivers, n 7 box libraries Improve restore speed on local repositories n 8 chris box libraries Improve handling of directories with many files n 13 chris bbackupd Fix file locking on Windows n 14 chris bbackupd Fix large file issues on Windows n 16 chris bbackupquery Restore deleted directories may fail a 17 chris bbackupquery List files using wildcards a 20 chris bbackupctl bbackupctl reload reports prior settings n 45 ben bbackupd File diff performance patch (reduced disk IO and wall time n 46 chris bbackupd bbackupd only ever saves reverse diffs, corrupted files on s n 47 chris bbackupd Account numbers greater than 2^31 (0x7fffffff) do not work c n 48 chris bbackupd Locations that don't exist on first run are never tried agai n 49 chris bbackupd ID map (rename tracking) broken since [288] n 50 chris bbackupquery No way to capture stderr under Windows n 51 chris bbackupd No way to force bbackupd to re-upload files under Windows n 52 chris bbackupd Unable to control the maintenance of old vs. deleted files n 53 chris bbackupd Comparing root directory locations does not work under Windo n 54 chris bbackupd Locations not found on disk (e.g. unmounted filesystems) can n 55 chris bbackupd Should store and preserve directory timestamps n 56 bbackupquery Windows: User can polute restore directory by adding a trail n 57 ben bbackupd Create boxbackupresume and other files in DataDirectory n 58 ben bbackupd bbackupquery connection timeout results in error message, sh n 59 ben bbackupd Inconsistent treatment of NotifyScript between Box Backup an n 60 ben bbstored Case sensitivity between bbstored-certs and Boxi n 62 ben bbackupd Backups of deleted files may be removed very quickly by hous a 63 chris bbackupd Support hard links in directories n 65 ben bbackupd Some file attributes under Windows are not backed up n 66 ben bbackupd Windows ACL support a 67 chris bbackupd Add mutexes for Win32 (client) to enable detection of runnin n 68 ben bbackupd More details when ReadError occurs n 69 bbackupquery CRTL+C closes bbackupquery console window under Windows n 70 ben bbackupd Non-ascii character cause error for notifyscript path n 71 ben bbackupd bbackupd.log gets randomly deleted n 72 test suite Patch intercept.h and intercept.c for NetBSD 4 and 5 n 74 bbackupquery Reconnect bbackupquery automatically, or at least have a "co n 75 ben bbackupd Restore times wrong, times on store correct n 77 ben bbackupd Min verbosity switch broken for bbackupquery a 78 chris bbackupd Error level for "bbackupquery.exe -u" 39 tickets total. From pjalajas at gigalock.com Fri Oct 19 19:24:20 2012 From: pjalajas at gigalock.com (Peter Jalajas, GigaLock Backup Services) Date: Fri, 19 Oct 2012 14:24:20 -0400 Subject: [Boxbackup-dev] Need server-side kill-switch Message-ID: Hi all, Sorry, I've been distracted with other things in recent months. I have a few boxbackup clients that were set up by my friend on his clients' servers. Sadly, my friend passed away last year, and the 5 server owners have moved on to other backup solutions. I've been able to work with 3 of the server owners to disable boxbackup, but I've sent dozens of emails to the remaining 2 server owners to have them disable the boxbackup service on their server, but they cannot or will not do so, not sure why. Not a big deal, just a few wasted electrons, but it's just not right. One of the main (awesome) tenets of boxbackup is that the server is trusted only to return the backed up files when requested by the client. A reasonable corollary to that would be that the server should be permitted to explicitly say "no mas" to a connecting client. I envision that the server admin would use bbstoreaccounts to turn on the "StopConnecting" flag for client: bbstoreaccounts StopConnecting 0x99999999 and then when the client next connects to that server, the server would tell the client "StopConnecting", and then the client would, perhaps do something like Stop and Disable (in Windows-speak) the boxbackup service. What do you think? Thanks, Pete From trac at boxbackup.org Sat Oct 20 12:00:01 2012 From: trac at boxbackup.org (trac at boxbackup.org) Date: Sat, 20 Oct 2012 12:00:01 +0100 (BST) Subject: [Boxbackup-dev] Current open tickets Message-ID: <20121020110001.40244198D27@www.boxbackup.org> Note: to view an indiviual ticket, use: https://www.boxbackup.org/trac/ticket/(number) The following is a listing of current problems submitted by Box Backup users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Ticket Owner Component Summary - ------ ------ ------------- ------------------------------------------------------------ n 4 martin box libraries Port Box Backup to AIX n 6 box libraries Contribute code: SMTP client, HTTP server, Database drivers, n 7 box libraries Improve restore speed on local repositories n 8 chris box libraries Improve handling of directories with many files n 13 chris bbackupd Fix file locking on Windows n 14 chris bbackupd Fix large file issues on Windows n 16 chris bbackupquery Restore deleted directories may fail a 17 chris bbackupquery List files using wildcards a 20 chris bbackupctl bbackupctl reload reports prior settings n 45 ben bbackupd File diff performance patch (reduced disk IO and wall time n 46 chris bbackupd bbackupd only ever saves reverse diffs, corrupted files on s n 47 chris bbackupd Account numbers greater than 2^31 (0x7fffffff) do not work c n 48 chris bbackupd Locations that don't exist on first run are never tried agai n 49 chris bbackupd ID map (rename tracking) broken since [288] n 50 chris bbackupquery No way to capture stderr under Windows n 51 chris bbackupd No way to force bbackupd to re-upload files under Windows n 52 chris bbackupd Unable to control the maintenance of old vs. deleted files n 53 chris bbackupd Comparing root directory locations does not work under Windo n 54 chris bbackupd Locations not found on disk (e.g. unmounted filesystems) can n 55 chris bbackupd Should store and preserve directory timestamps n 56 bbackupquery Windows: User can polute restore directory by adding a trail n 57 ben bbackupd Create boxbackupresume and other files in DataDirectory n 58 ben bbackupd bbackupquery connection timeout results in error message, sh n 59 ben bbackupd Inconsistent treatment of NotifyScript between Box Backup an n 60 ben bbstored Case sensitivity between bbstored-certs and Boxi n 62 ben bbackupd Backups of deleted files may be removed very quickly by hous a 63 chris bbackupd Support hard links in directories n 65 ben bbackupd Some file attributes under Windows are not backed up n 66 ben bbackupd Windows ACL support a 67 chris bbackupd Add mutexes for Win32 (client) to enable detection of runnin n 68 ben bbackupd More details when ReadError occurs n 69 bbackupquery CRTL+C closes bbackupquery console window under Windows n 70 ben bbackupd Non-ascii character cause error for notifyscript path n 71 ben bbackupd bbackupd.log gets randomly deleted n 72 test suite Patch intercept.h and intercept.c for NetBSD 4 and 5 n 74 bbackupquery Reconnect bbackupquery automatically, or at least have a "co n 75 ben bbackupd Restore times wrong, times on store correct n 77 ben bbackupd Min verbosity switch broken for bbackupquery a 78 chris bbackupd Error level for "bbackupquery.exe -u" 39 tickets total. From chris at qwirx.com Mon Oct 22 09:30:18 2012 From: chris at qwirx.com (Chris Wilson) Date: Mon, 22 Oct 2012 09:30:18 +0100 (BST) Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: Message-ID: Hi Pete, On Fri, 19 Oct 2012, Peter Jalajas, GigaLock Backup Services wrote: > One of the main (awesome) tenets of boxbackup is that the server is > trusted only to return the backed up files when requested by the client. > A reasonable corollary to that would be that the server should be > permitted to explicitly say "no mas" to a connecting client. I envision > that the server admin would use bbstoreaccounts to turn on the > "StopConnecting" flag for client: > bbstoreaccounts StopConnecting 0x99999999 > and then when the client next connects to that server, the server > would tell the client "StopConnecting", and then the client would, > perhaps do something like Stop and Disable (in Windows-speak) the > boxbackup service. > > What do you think? I agree. I'm about half-way through implementing it, I should have a new version for you to test in the next few days. Cheers, Chris. -- _____ __ _ \ __/ / ,__(_)_ | Chris Wilson Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \__/_/_/_//_/___/ | We are GNU : free your mind & your software | From chris at qwirx.com Mon Oct 22 21:58:25 2012 From: chris at qwirx.com (Chris Wilson) Date: Mon, 22 Oct 2012 21:58:25 +0100 (BST) Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: Message-ID: Hi Pete, > On Fri, 19 Oct 2012, Peter Jalajas, GigaLock Backup Services wrote: > >> One of the main (awesome) tenets of boxbackup is that the server is trusted >> only to return the backed up files when requested by the client. A >> reasonable corollary to that would be that the server should be permitted >> to explicitly say "no mas" to a connecting client. I envision that the >> server admin would use bbstoreaccounts to turn on the "StopConnecting" flag >> for client: >> bbstoreaccounts StopConnecting 0x99999999 >> and then when the client next connects to that server, the server >> would tell the client "StopConnecting", and then the client would, >> perhaps do something like Stop and Disable (in Windows-speak) the >> boxbackup service. >> >> What do you think? I've implemented this feature in trunk. The bbstoreaccounts command is called "enabled" instead of "StopConnecting". Please could you test it and let me know if it works for you? Once it's working I'll release it as 0.12. Cheers, Chris. -- _____ __ _ \ __/ / ,__(_)_ | Chris Wilson Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \__/_/_/_//_/___/ | We are GNU : free your mind & your software | From chris at qwirx.com Mon Oct 22 22:00:09 2012 From: chris at qwirx.com (Chris Wilson) Date: Mon, 22 Oct 2012 22:00:09 +0100 (BST) Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: Message-ID: Hi Pete, > On Fri, 19 Oct 2012, Peter Jalajas, GigaLock Backup Services wrote: > >> and then when the client next connects to that server, the server would >> tell the client "StopConnecting", and then the client would, perhaps do >> something like Stop and Disable (in Windows-speak) the boxbackup >> service. On second thoughts, I disagree with the server operator making modifications to the client side that could compromise their backups. I haven't implemented the automatic removal of the Windows service (yet), just disabling the account. Cheers, Chris. -- _____ __ _ \ __/ / ,__(_)_ | Chris Wilson Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \__/_/_/_//_/___/ | We are GNU : free your mind & your software | From pjalajas at gigalock.com Mon Oct 22 22:50:51 2012 From: pjalajas at gigalock.com (Peter Jalajas, GigaLock Backup Services) Date: Mon, 22 Oct 2012 17:50:51 -0400 Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: Message-ID: Hi Chris! On Mon, Oct 22, 2012 at 5:00 PM, Chris Wilson wrote: > Hi Pete, > >> On Fri, 19 Oct 2012, Peter Jalajas, GigaLock Backup Services wrote: >> >>> and then when the client next connects to that server, the server would >>> tell the client "StopConnecting", and then the client would, perhaps do >>> something like Stop and Disable (in Windows-speak) the boxbackup service. > > > On second thoughts, I disagree with the server operator making modifications > to the client side that could compromise their backups. I haven't > implemented the automatic removal of the Windows service (yet), just > disabling the account. Wow, that was quick! Thanks! Yeah, no, this function should only Stop and Disable the Windows (or other OS) service. It should Stop it, so that it stops trying to connect to the server, and Disable it so that it doesn't try to connect again without human intervention. I agree 100% that it should _not_ remove anything. I see it as no worse than a malicious server just sending the incoming bits to /dev/null and not telling anyone. I'll install trunk this weekend if not sooner. I trust NotifyScript will handle this gracefully: http://www.boxbackup.org/wiki/NotifyScript When we're done, I'll edit the wiki docs to indicate that, if the BoxBackup situation warrants it, the NotifyScript might should be sent to both a server-side and a client-side admin (my sense is that BoxBackup has always contemplated the simpler configuration that the server-side admin is the one and only admin). Thanks again, Chris, you're amazing! Take care, Pete From pjalajas at gigalock.com Fri Oct 26 22:45:57 2012 From: pjalajas at gigalock.com (Peter Jalajas, GigaLock Backup Services) Date: Fri, 26 Oct 2012 17:45:57 -0400 Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: Message-ID: Hi Chris, I'm about to start compiling trunk on my Ubuntu Precise laptop to test the "enabled" flag. Any chance I could get you or someone to generate a new Windows client binary from trunk or similar?: http://www.boxbackup.org/browser/box/chris/win32/releases?order=date&desc=1 Thanks! Pete From trac at boxbackup.org Sat Oct 27 12:00:00 2012 From: trac at boxbackup.org (trac at boxbackup.org) Date: Sat, 27 Oct 2012 12:00:00 +0100 (BST) Subject: [Boxbackup-dev] Current open tickets Message-ID: <20121027110000.DE29119861D@www.boxbackup.org> Note: to view an indiviual ticket, use: https://www.boxbackup.org/trac/ticket/(number) The following is a listing of current problems submitted by Box Backup users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Ticket Owner Component Summary - ------ ------ ------------- ------------------------------------------------------------ n 4 martin box libraries Port Box Backup to AIX n 6 box libraries Contribute code: SMTP client, HTTP server, Database drivers, n 7 box libraries Improve restore speed on local repositories n 8 chris box libraries Improve handling of directories with many files n 13 chris bbackupd Fix file locking on Windows n 14 chris bbackupd Fix large file issues on Windows n 16 chris bbackupquery Restore deleted directories may fail a 17 chris bbackupquery List files using wildcards a 20 chris bbackupctl bbackupctl reload reports prior settings n 45 ben bbackupd File diff performance patch (reduced disk IO and wall time n 46 chris bbackupd bbackupd only ever saves reverse diffs, corrupted files on s n 47 chris bbackupd Account numbers greater than 2^31 (0x7fffffff) do not work c n 48 chris bbackupd Locations that don't exist on first run are never tried agai n 49 chris bbackupd ID map (rename tracking) broken since [288] n 50 chris bbackupquery No way to capture stderr under Windows n 51 chris bbackupd No way to force bbackupd to re-upload files under Windows n 52 chris bbackupd Unable to control the maintenance of old vs. deleted files n 53 chris bbackupd Comparing root directory locations does not work under Windo n 54 chris bbackupd Locations not found on disk (e.g. unmounted filesystems) can n 55 chris bbackupd Should store and preserve directory timestamps n 56 bbackupquery Windows: User can polute restore directory by adding a trail n 57 ben bbackupd Create boxbackupresume and other files in DataDirectory n 58 ben bbackupd bbackupquery connection timeout results in error message, sh n 59 ben bbackupd Inconsistent treatment of NotifyScript between Box Backup an n 60 ben bbstored Case sensitivity between bbstored-certs and Boxi n 62 ben bbackupd Backups of deleted files may be removed very quickly by hous a 63 chris bbackupd Support hard links in directories n 65 ben bbackupd Some file attributes under Windows are not backed up n 66 ben bbackupd Windows ACL support a 67 chris bbackupd Add mutexes for Win32 (client) to enable detection of runnin n 68 ben bbackupd More details when ReadError occurs n 69 bbackupquery CRTL+C closes bbackupquery console window under Windows n 70 ben bbackupd Non-ascii character cause error for notifyscript path n 71 ben bbackupd bbackupd.log gets randomly deleted n 72 test suite Patch intercept.h and intercept.c for NetBSD 4 and 5 n 74 bbackupquery Reconnect bbackupquery automatically, or at least have a "co n 75 ben bbackupd Restore times wrong, times on store correct n 77 ben bbackupd Min verbosity switch broken for bbackupquery a 78 chris bbackupd Error level for "bbackupquery.exe -u" 39 tickets total. From chris at qwirx.com Sun Oct 28 14:46:00 2012 From: chris at qwirx.com (Chris Wilson) Date: Sun, 28 Oct 2012 14:46:00 +0000 (GMT) Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: Message-ID: Hi Pete, On Fri, 26 Oct 2012, Peter Jalajas, GigaLock Backup Services wrote: > I'm about to start compiling trunk on my Ubuntu Precise laptop to test > the "enabled" flag. > > Any chance I could get you or someone to generate a new Windows client > binary from trunk or similar?: > http://www.boxbackup.org/browser/box/chris/win32/releases?order=date&desc=1 There is no client-side change, so I don't think there is any need. The enabled flag just controls whether the client is allowed to log into the server or not. Cheers, Chris. -- _____ __ _ \ __/ / ,__(_)_ | Chris Wilson Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \__/_/_/_//_/___/ | We are GNU : free your mind & your software | From dave at bdisystems.co.uk Sun Oct 28 16:18:59 2012 From: dave at bdisystems.co.uk (dave bamford) Date: Sun, 28 Oct 2012 16:18:59 +0000 Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: Message-ID: <1351441139.4892.126.camel@crusty.backed-up.net> On Sun, 2012-10-28 at 14:46 +0000, Chris Wilson wrote: > Hi Pete, > > On Fri, 26 Oct 2012, Peter Jalajas, GigaLock Backup Services wrote: > > > I'm about to start compiling trunk on my Ubuntu Precise laptop to test > > the "enabled" flag. > > > > Any chance I could get you or someone to generate a new Windows client > > binary from trunk or similar?: > > http://www.boxbackup.org/browser/box/chris/win32/releases?order=date&desc=1 > > There is no client-side change, so I don't think there is any need. The > enabled flag just controls whether the client is allowed to log into the > server or not. > > Cheers, Chris. Hi Chris I have some old clients who no longer back up to our servers and I have removed their accounts, but they have not removed the client and it continues to try to log in to the server producing error messages in the log files every few minutes. The only way I have now of stopping it is to block the IP, but some of these clients are on a dynamic IP. I no longer have the clients contact details, so a remote way of disabling the client would be good. Cheers Dave From james at netinertia.co.uk Sun Oct 28 16:27:18 2012 From: james at netinertia.co.uk (James O'Gorman) Date: Sun, 28 Oct 2012 16:27:18 +0000 Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: <1351441139.4892.126.camel@crusty.backed-up.net> References: <1351441139.4892.126.camel@crusty.backed-up.net> Message-ID: <20121028162717.GN3707@netinertia.co.uk> On Sun, Oct 28, 2012 at 04:18:59PM +0000, dave bamford wrote: > On Sun, 2012-10-28 at 14:46 +0000, Chris Wilson wrote: > > There is no client-side change, so I don't think there is any need. The > > enabled flag just controls whether the client is allowed to log into the > > server or not. > > I have some old clients who no longer back up to our servers and I have > removed their accounts, but they have not removed the client and it > continues to try to log in to the server producing error messages in the > log files every few minutes. > The only way I have now of stopping it is to block the IP, but some of > these clients are on a dynamic IP. I no longer have the clients contact > details, so a remote way of disabling the client would be good. I agree with Chris, I don't think the server should be able to send a remote kill to a client. This sounds like a people/procedural problem, not a technical problem, IMO. James From pjalajas at gigalock.com Sun Oct 28 17:08:56 2012 From: pjalajas at gigalock.com (Peter Jalajas, GigaLock Backup Services) Date: Sun, 28 Oct 2012 13:08:56 -0400 Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: <20121028162717.GN3707@netinertia.co.uk> References: <1351441139.4892.126.camel@crusty.backed-up.net> <20121028162717.GN3707@netinertia.co.uk> Message-ID: Hi all, On Sun, Oct 28, 2012 at 12:27 PM, James O'Gorman wrote: > On Sun, Oct 28, 2012 at 04:18:59PM +0000, dave bamford wrote: >> On Sun, 2012-10-28 at 14:46 +0000, Chris Wilson wrote: >> > There is no client-side change, so I don't think there is any need. The >> > enabled flag just controls whether the client is allowed to log into the >> > server or not. >> >> I have some old clients who no longer back up to our servers and I have >> removed their accounts, but they have not removed the client and it >> continues to try to log in to the server producing error messages in the >> log files every few minutes. >> The only way I have now of stopping it is to block the IP, but some of >> these clients are on a dynamic IP. I no longer have the clients contact >> details, so a remote way of disabling the client would be good. > > I agree with Chris, I don't think the server should be able to send a > remote kill to a client. > > This sounds like a people/procedural problem, not a technical problem, > IMO. > > James As with Dave B., I have no access to the clients. A result of the foibles of the human condition; the death of the third-party admin and the complete dissolution of his business. I wish there was a human way around this problem, but there isn't. The client cannot or will not disable the boxbackup client service on their machine. I've offered to drive over to their office and do it for them, no response. Them connecting to my server every few minutes is good for neither of us (nor the web in general). This new Disable switch is the only way to prevent this in the future. BoxBackup was originally contemplated with the BoxBackup Admin having full control of both the Client and the Server, but it has been extended in practice above and beyond that to offering an awesome secure backup service to essentially anonymous clients. I believe it is completely in-line with the fundamental security tenet of boxbackup--the server can only stop the client from connecting to that one server to which the client has just then tried to send all of it's secret information. This Disable switch is no worse than the server just going away and not responding at all; and worse, its no worse than the server silently sending all bits to /dev/null. BoxBackup only relies on the server to return the bits when requested; this is no different than that; in fact it's better, cuz the server is honest and up-front, saying I don't want your bits any more, stop connecting to me, I promise I will never return your bits to you. I beg of Chris, please implement the boxbackup-client-service Disable switch being able to be sent from the boxbackup server. Don't remove the client service; don't delete any client files; just send the instruction for the BoxBackup _client_ to stop trying to connect to the offering server. One possible implementation of that is for the client see the Disable flag, and then to Stop it's own service and then Disable it's own service, and optionally send an appropriate NotifyScript flag, possibly a new one, if deemed worthy, http://www.boxbackup.org/wiki/NotifyScript . Thanks! Pete PS: Go Patriots (at Wembly)! From james at netinertia.co.uk Sun Oct 28 17:25:53 2012 From: james at netinertia.co.uk (James O'Gorman) Date: Sun, 28 Oct 2012 17:25:53 +0000 Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: <1351441139.4892.126.camel@crusty.backed-up.net> <20121028162717.GN3707@netinertia.co.uk> Message-ID: <20121028172553.GQ3707@netinertia.co.uk> On Sun, Oct 28, 2012 at 01:08:56PM -0400, Peter Jalajas, GigaLock Backup Services wrote: > As with Dave B., I have no access to the clients. A result of the > foibles of the human condition; the death of the third-party admin and > the complete dissolution of his business. I wish there was a human > way around this problem, but there isn't. The client cannot or will > not disable the boxbackup client service on their machine. I've > offered to drive over to their office and do it for them, no response. Can understand your problem/frustration here, however... > Them connecting to my server every few minutes is good for neither of > us (nor the web in general). As a first solution, can you not just put a packet filter in front of your backup server (hopefully there's one anyway) that sends a TCP RST to the client? > This new Disable switch is the only way to prevent this in the future. [...] > I beg of Chris, please implement the boxbackup-client-service Disable > switch being able to be sent from the boxbackup server. Don't remove > the client service; don't delete any client files; just send the > instruction for the BoxBackup _client_ to stop trying to connect to > the offering server. This won't fix your immediate problem though, as it sounds like the customer isn't co-operating, therefore won't install the new version that supports this. I understand your point about the server being the general control of the account, however the client setup isn't managed by the server admin - the client is handed an encryption key by the server, but nothing about the client is actually _modified_ by the server. I really do believe Chris' implementation is the right solution, and if you have a problem with unhelpful customers not disabling their client, you should simply firewall them off (or control access to bbstored with tcpd). As an aside: > BoxBackup was originally contemplated with the BoxBackup Admin having > full control of both the Client and the Server Actually that's not the case. The idea is that the server admin need not be fully trusted, hence everything being encrypted both on the wire and on disk. Ben developed the system for a client of his, whose systems I doubt he had access to. James From pjalajas at gigalock.com Tue Oct 30 15:05:45 2012 From: pjalajas at gigalock.com (Peter Jalajas, GigaLock Backup Services) Date: Tue, 30 Oct 2012 11:05:45 -0400 Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: <20121028172553.GQ3707@netinertia.co.uk> References: <1351441139.4892.126.camel@crusty.backed-up.net> <20121028162717.GN3707@netinertia.co.uk> <20121028172553.GQ3707@netinertia.co.uk> Message-ID: Hi James, On Sun, Oct 28, 2012 at 1:25 PM, James O'Gorman wrote: > On Sun, Oct 28, 2012 at 01:08:56PM -0400, Peter Jalajas, GigaLock Backup Services wrote: > As a first solution, can you not just put a packet filter in front of > your backup server (hopefully there's one anyway) that sends a TCP RST > to the client? It just gives me the heebeegeebees (sp?) to have one of my "clients" out there desperately spinning away every 2 minutes. It just doesn't seem right. Maybe I'm wrong, but I feel somewhat responsible for shutting them down. And then there's dynamic IP address problems. Funny, I want to send a kind of "BOX RST" to the client. :^) > This won't fix your immediate problem though, as it sounds like the > customer isn't co-operating, therefore won't install the new version > that supports this. Sadly, true, but I don't want to go through this again. > I understand your point about the server being the general control of > the account, however the client setup isn't managed by the server admin > - the client is handed an encryption key by the server, but nothing > about the client is actually _modified_ by the server. > > I really do believe Chris' implementation is the right solution I guess I'm not _exactly_ sure of what Chris' most recent implementation was, but I respectfully (I really do understand your position), but firmly, disagree. I think we need to be able to Stop the boxbackup client from that client's server, and that that function in no way breaks boxbackup's security/trust model ("I promise to never, ever, give you your data back (I've deleted all your data), so you might as well stop connecting to me."). I was proof-reading this email about to hit Send, when I think I came up with a clarifying point: you say above, "but nothing about the client is actually _modified_ by the server." I agree; I contemplate that the Server is only sending a Message to the Client "StopConnectingToMe". The Client sees and interprets that Message and does what it thinks is best. So, at the moment, it looks like Dave B and Pete J are FOR this Disable function, and James is AGAINST. But of course, all that really matters is what Chris thinks about it :^), but I wonder what others on the list think. Please feel free to reply with a simple: +1 : you APPROVE of adding a function by which, upon the Client connecting to the Server, the Server can reply to the Client with a message to stop connecting to that Server, and that the Client should a) be able to receive that message, b) stop itself from connecting to that Server and c) implement an appropriate NotifyScript function. -1 : you DISAPPROVE Very respectfully, James, Pete PS: I guess I could accept an exponential slowing of the connection attempts (2 mins, 4, 8, 16, 32mins, on so on), but that doesn't seem as clean to me as a formal StopConnectingToMe. I'm not gonna give you your data back, even after 2^128 minutes, promise. From chris at qwirx.com Tue Oct 30 15:40:23 2012 From: chris at qwirx.com (Chris Wilson) Date: Tue, 30 Oct 2012 15:40:23 +0000 (GMT) Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: <1351441139.4892.126.camel@crusty.backed-up.net> <20121028162717.GN3707@netinertia.co.uk> <20121028172553.GQ3707@netinertia.co.uk> Message-ID: On Tue, 30 Oct 2012, Peter Jalajas, GigaLock Backup Services wrote: > Hi James, > > On Sun, Oct 28, 2012 at 1:25 PM, James O'Gorman wrote: >> On Sun, Oct 28, 2012 at 01:08:56PM -0400, Peter Jalajas, GigaLock Backup Services wrote: >> As a first solution, can you not just put a packet filter in front of >> your backup server (hopefully there's one anyway) that sends a TCP RST >> to the client? > > It just gives me the heebeegeebees (sp?) to have one of my "clients" > out there desperately spinning away every 2 minutes. It just doesn't > seem right. Maybe I'm wrong, but I feel somewhat responsible for > shutting them down. And then there's dynamic IP address problems. > Funny, I want to send a kind of "BOX RST" to the client. :^) They're not your client any more, so you don't owe them anything. The waste of time on their side gives them a (small) incentive to uninstall the Box Backup client, which is what they should do anyway. The cost on your server is approximately zero. > I guess I'm not _exactly_ sure of what Chris' most recent > implementation was The ability to disable accounts (on the server) without deleting them. > PS: I guess I could accept an exponential slowing of the connection > attempts (2 mins, 4, 8, 16, 32mins, on so on), but that doesn't seem as > clean to me as a formal StopConnectingToMe. I'm not gonna give you your > data back, even after 2^128 minutes, promise. The client should already back off (not exponentially, but for a while) if the connection fails, e.g. because the account is disabled or doesn't exist. Cheers, Chris. -- _____ __ _ \ __/ / ,__(_)_ | Chris Wilson Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \__/_/_/_//_/___/ | We are GNU : free your mind & your software | From pjalajas at gigalock.com Tue Oct 30 16:25:47 2012 From: pjalajas at gigalock.com (Peter Jalajas, GigaLock Backup Services) Date: Tue, 30 Oct 2012 12:25:47 -0400 Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: <1351441139.4892.126.camel@crusty.backed-up.net> <20121028162717.GN3707@netinertia.co.uk> <20121028172553.GQ3707@netinertia.co.uk> Message-ID: Hi Chris, On Tue, Oct 30, 2012 at 11:40 AM, Chris Wilson wrote: > On Tue, 30 Oct 2012, Peter Jalajas, GigaLock Backup Services wrote: > >> Hi James, >> >> On Sun, Oct 28, 2012 at 1:25 PM, James O'Gorman wrote: >>> >>> On Sun, Oct 28, 2012 at 01:08:56PM -0400, Peter Jalajas, GigaLock Backup >>> Services wrote: >>> As a first solution, can you not just put a packet filter in front of >>> your backup server (hopefully there's one anyway) that sends a TCP RST >>> to the client? >> >> >> It just gives me the heebeegeebees (sp?) to have one of my "clients" >> out there desperately spinning away every 2 minutes. It just doesn't >> seem right. Maybe I'm wrong, but I feel somewhat responsible for >> shutting them down. And then there's dynamic IP address problems. >> Funny, I want to send a kind of "BOX RST" to the client. :^) > > > They're not your client any more, so you don't owe them anything. > > The waste of time on their side gives them a (small) incentive to uninstall > the Box Backup client, which is what they should do anyway. > > The cost on your server is approximately zero. > > >> I guess I'm not _exactly_ sure of what Chris' most recent >> implementation was > > > The ability to disable accounts (on the server) without deleting them. > > >> PS: I guess I could accept an exponential slowing of the connection >> attempts (2 mins, 4, 8, 16, 32mins, on so on), but that doesn't seem as >> clean to me as a formal StopConnectingToMe. I'm not gonna give you your >> data back, even after 2^128 minutes, promise. > > > The client should already back off (not exponentially, but for a while) if > the connection fails, e.g. because the account is disabled or doesn't exist. I'll take as a -1 :^) And the only -1 that counts. Thanks even though, Pete PS: OK, last try: how about as a configurable client-side option? From dave at logical-progress.com Tue Oct 30 17:49:21 2012 From: dave at logical-progress.com (Dave Bamford) Date: Tue, 30 Oct 2012 17:49:21 +0000 Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: References: <1351441139.4892.126.camel@crusty.backed-up.net> <20121028162717.GN3707@netinertia.co.uk> <20121028172553.GQ3707@netinertia.co.uk> Message-ID: <1351619361.16336.15.camel@crusty.backed-up.net> On Tue, 2012-10-30 at 15:40 +0000, Chris Wilson wrote: > On Tue, 30 Oct 2012, Peter Jalajas, GigaLock Backup Services wrote: > > > Hi James, > > > > On Sun, Oct 28, 2012 at 1:25 PM, James O'Gorman wrote: > >> On Sun, Oct 28, 2012 at 01:08:56PM -0400, Peter Jalajas, GigaLock Backup Services wrote: > >> As a first solution, can you not just put a packet filter in front of > >> your backup server (hopefully there's one anyway) that sends a TCP RST > >> to the client? > > > > It just gives me the heebeegeebees (sp?) to have one of my "clients" > > out there desperately spinning away every 2 minutes. It just doesn't > > seem right. Maybe I'm wrong, but I feel somewhat responsible for > > shutting them down. And then there's dynamic IP address problems. > > Funny, I want to send a kind of "BOX RST" to the client. :^) > > They're not your client any more, so you don't owe them anything. > > The waste of time on their side gives them a (small) incentive to > uninstall the Box Backup client, which is what they should do anyway. > > The cost on your server is approximately zero. > > > I guess I'm not _exactly_ sure of what Chris' most recent > > implementation was > > The ability to disable accounts (on the server) without deleting them. > > > PS: I guess I could accept an exponential slowing of the connection > > attempts (2 mins, 4, 8, 16, 32mins, on so on), but that doesn't seem as > > clean to me as a formal StopConnectingToMe. I'm not gonna give you your > > data back, even after 2^128 minutes, promise. > > The client should already back off (not exponentially, but for a while) if > the connection fails, e.g. because the account is disabled or doesn't > exist. > > Cheers, Chris. Hi Chris Making the client back off after unsuccessful connection attempts is probably a good compromise. My gripe was scanning through the log files with all these connection attempts making it impossible to see the wood for the trees. Or perhaps the ability to not log connections from deleted accounts on the server side would work. Cheers Dave From james at netinertia.co.uk Tue Oct 30 18:27:21 2012 From: james at netinertia.co.uk (James O'Gorman) Date: Tue, 30 Oct 2012 18:27:21 +0000 Subject: [Boxbackup-dev] Need server-side kill-switch In-Reply-To: <1351619361.16336.15.camel@crusty.backed-up.net> References: <1351441139.4892.126.camel@crusty.backed-up.net> <20121028162717.GN3707@netinertia.co.uk> <20121028172553.GQ3707@netinertia.co.uk> <1351619361.16336.15.camel@crusty.backed-up.net> Message-ID: <20121030182720.GU3707@netinertia.co.uk> On Tue, Oct 30, 2012 at 05:49:21PM +0000, Dave Bamford wrote: > Making the client back off after unsuccessful connection attempts is > probably a good compromise. My gripe was scanning through the log files > with all these connection attempts making it impossible to see the wood > for the trees. This is where grep/awk are your friends, surely. Or, depending on your infrastructure, log everything into logstash/Kibana/Splunk/etc. and use their fancy filters. Again, this doesn't necessarily sound like an issue for Box. (I regularly have to deal with dozens of servers that log SNMP community errors due to HP Openview scanning the entire network using the community string used for the switches/routers.) > Or perhaps the ability to not log connections from deleted accounts on > the server side would work. Or perhaps log this event with a different syslog priority? It seems like a bad idea to disable the log altogether. What if the wrong account was disabled? You might not realise if the logging isn't there. James