From sysoleg at yandex.ru Mon Aug 1 14:47:16 2011 From: sysoleg at yandex.ru (Oleg A. Arkhangelsky) Date: Mon, 01 Aug 2011 17:47:16 +0400 Subject: [Box Backup] Unable to restore (old version) of a file Message-ID: <160541312206436@web40.yandex.ru> Hello, > Box Backup (bbstored)[3807]: ERROR: Error in child process, > terminating connection: Common OSFileOpenError (Can't open a file -- attempted > to load a non-existant config file or bad file referenced within?) (1/2) I had exactly the same problem and the reason was because bbstored has no write permissions for the top level of backup storage location (that's specified in raidfile.conf). During the restoration of some files bbstored wants to write directly to this directory (need to store some tmp data?) and not to the "backup" subdirectory as it usually does. Hope this helps someone sometimes. :) -- wbr, Oleg. From chris at qwirx.com Mon Aug 1 21:42:16 2011 From: chris at qwirx.com (Chris Wilson) Date: Mon, 1 Aug 2011 21:42:16 +0100 (BST) Subject: [Box Backup] [Boxbackup-dev] Connection statistics NET_IN patch? In-Reply-To: References: Message-ID: Hi all, Pete Jalajas made the following request for a change to the "Connection statistics" logged by the server at the end of each client connection: On Mon, 1 Aug 2011, Peter Jalajas, GigaLock Backup Services wrote: > In: http://www.boxbackup.com/trac/browser/box/chris/general/bin/bbstored/BackupStoreDaemon.cpp?rev=1855 > 355 BOX_INFO("Connection statistics for " << commonName << ":" > 356 " IN=" << s.GetBytesRead() << > 357 " OUT=" << s.GetBytesWritten() << > +++ " NET_IN=" << (s.GetBytesRead() - s.GetBytesWritten()) << > 358 " TOTAL=" << (s.GetBytesRead() + s.GetBytesWritten())); Any objections before I commit this? (e.g. anyone parsing the statistics line who wouldn't easily be able to patch their scripts to cope with this) Cheers, Chris. -- _____ __ _ \ __/ / ,__(_)_ | Chris Wilson Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \__/_/_/_//_/___/ | We are GNU : free your mind & your software | From chris at qwirx.com Tue Aug 2 00:37:57 2011 From: chris at qwirx.com (Chris Wilson) Date: Tue, 2 Aug 2011 00:37:57 +0100 (BST) Subject: [Box Backup] Certificate problems In-Reply-To: <807E78569CAA9B409EA32DC1F2CAEBFB206EA968CF@STOEXMBXC03.domain01.net> References: <807E78569CAA9B409EA32DC1F2CAEBFB206EA968CF@STOEXMBXC03.domain01.net> Message-ID: Hi Tomas, Sorry for the delay in replying, and for your certificate problems. Please could you send me the On Wed, 13 Jul 2011, Tomas Nilsson wrote: > Installation and having the client find/connect to the server works > fine, but when it comes to the certificates something goes wrong. I'm > mailing the list now since I just can?t figure out what is wrong. I've > tried the script to create the certificates, created them myself and > tried everything else I could come up with, without success. I still get > an error saying "SSL error while accepting connection: > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca" ? Sorry for the delay in replying, and for your certificate problems. Please could you send me the actual certificates, but NOT the private keys as that could compromise your system's security, by private email so that I can analyse them and try to work out what's going wrong? > It can?t be so that bkSrv needs a real certificate from VeriSign or a > company like that, right? No, it creates a new CA (well two actually, one for client certificates and one for server certificates) so it doesn't use any existing CA such as Verisign. Cheers, Chris. -- _____ __ _ \ __/ / ,__(_)_ | Chris Wilson Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer | \__/_/_/_//_/___/ | We are GNU : free your mind & your software | From achim+box at qustodium.net Tue Aug 9 23:37:48 2011 From: achim+box at qustodium.net (Achim) Date: Wed, 10 Aug 2011 00:37:48 +0200 Subject: [Box Backup] =?utf-8?q?Connection_statistics_NET=5FIN_patch=3F?= In-Reply-To: References: Message-ID: <2dd12889cb657f40aed844dab67e4108@localhost> Hello Chris: On Mon, 1 Aug 2011 21:42:16 +0100 (BST), Chris Wilson wrote: > Hi all, > > Pete Jalajas made the following request for a change to the > "Connection statistics" logged by the server at the end of each client > connection: > > On Mon, 1 Aug 2011, Peter Jalajas, GigaLock Backup Services wrote: > >> In: http://www.boxbackup.com/trac/browser/box/chris/general/bin/bbstored/BackupStoreDaemon.cpp?rev=1855 >> 355 BOX_INFO("Connection statistics for " << commonName << ":" >> 356 " IN=" << s.GetBytesRead() << >> 357 " OUT=" << s.GetBytesWritten() << >> +++ " NET_IN=" << (s.GetBytesRead() - s.GetBytesWritten()) << >> 358 " TOTAL=" << (s.GetBytesRead() + s.GetBytesWritten())); > > Any objections before I commit this? (e.g. anyone parsing the > statistics line who wouldn't easily be able to patch their scripts to > cope with this) If we are touching that area, any chance on including my request "Log the number of uploaded files in addition to total file size uploaded" [1]? Rationale: Empty folders and files are not reflected by "total file size", but would show up with "total number of files". Best regards, Achim [1] From achim+box at qustodium.net Sun Aug 14 19:16:18 2011 From: achim+box at qustodium.net (Achim) Date: Sun, 14 Aug 2011 20:16:18 +0200 Subject: [Box Backup] Boxi loses settings from bbackupd.conf Message-ID: Hello list: Boxi loses the following settings from an existig bbackupd.conf configuration file when overwriting it with an updated version (edited throught the GUI itself): StorePort = LogAllFileAccess = LogFileLevel = LogFile = NotifyAlways = ExtendedLogFile = MaxUploadRate = DeleteRedundantLocationsAfter = Some of those settings are somewhat more recent (MaxUploadRate and DeleteRedundantLocationsAfter). How could Boxi preserve the above settings, even though we might not expose them in the GUI for now? All those settings seem important enough not to be overlooked, especially the logging and store-related ones. Chris, any pointer as to where to locate/fix this in the code, and I will have a go at it. And what was the reason in the first place to have Boxi re-create a completely new bbackupd.conf (overwriting the old one and losing all comments at the same time), instead of just updating the values in place (or, alternatively, make a new copy of existing bbackupd.conf, update values, overwrite existing bbackupd.conf with new copy in an atomic operation)? Best regards, Achim From achim+box at qustodium.net Wed Aug 24 01:20:49 2011 From: achim+box at qustodium.net (Achim J. Latz) Date: Wed, 24 Aug 2011 02:20:49 +0200 Subject: [Box Backup] Private key, web access, sharing and delegation Message-ID: <4E5443E1.6090406@qustodium.net> Hello list, a slightly longer message for your contemplation during holiday season: Several online backup services offer the possibility to browse through and restore from the existing backups via a web interface. In case the backup is encrypted (as it is with Box Backup), this functionality means that the private encryption key (or password) has to be available to the backup server to decrypt the backups on the fly, as probably explained in better terms here: Would it be possible to emulate such a behaviour (current as-is BB, plus optional password-based web search&restore)? Couls Box Backup Explorer [1, 2] be used for this *on the server*, as opposed to on the (unixy) client? Would adding a password to the 1024 bit private key be useful? The private key alone could be stored on the server, and only in combination with the user's password, the backups become "browsable" [3]? At the same time, can somebody guesstimate how e.g. Spideroak enable sharing documents with other users via password protection without re-encrypting the shared documents to the other user's keys/passwords: In the same line, how are people handling the delegation of private keys? In case you need to access the backup of an employee in your department, would there be a way to "share" access between to keys with two independent passwords? Same goes for removing access to certain backups, in case of moving to another department or leaving the company? If an employee destroys his backup key, it would be attractive to have a master key for the organisation that can unlock all backups, right? Thanks for any insights, Achim [1] [2] [3] -- Achim J. Latz, Qustodium Internet Security achim.latz at qustodium.net ? http://www.qustodium.net Data Encryption ? Backup Automatisation ? E-Mail Protection From james at netinertia.co.uk Wed Aug 24 07:55:54 2011 From: james at netinertia.co.uk (James O'Gorman) Date: Wed, 24 Aug 2011 07:55:54 +0100 Subject: [Box Backup] Private key, web access, sharing and delegation In-Reply-To: <4E5443E1.6090406@qustodium.net> References: <4E5443E1.6090406@qustodium.net> Message-ID: <20110824065553.GB70806@netinertia.co.uk> Hi Achim, On Wed, Aug 24, 2011 at 02:20:49AM +0200, Achim J. Latz wrote: > Hello list, a slightly longer message for your contemplation during > holiday season: Has Christmas come early? :-) > Several online backup services offer the possibility to browse through > and restore from the existing backups via a web interface. > > In case the backup is encrypted (as it is with Box Backup), this > functionality means that the private encryption key (or password) has to > be available to the backup server to decrypt the backups on the fly, as > probably explained in better terms here: > > > > > Would it be possible to emulate such a behaviour (current as-is BB, plus > optional password-based web search&restore)? Couls Box Backup Explorer > [1, 2] be used for this *on the server*, as opposed to on the (unixy) > client? Would adding a password to the 1024 bit private key be useful? > The private key alone could be stored on the server, and only in > combination with the user's password, the backups become "browsable" [3]? The idea with Box Backup is that the server running bbstored doesn't have to be trusted at all. If you put the client's private key on the server, then it has access to all your data. It's a risk you have to be willing to accept yourself. Otherwise, it's better to run a local web interface on the client, or perhaps on another machine on the same network as the client. > At the same time, can somebody guesstimate how e.g. Spideroak enable > sharing documents with other users via password protection without > re-encrypting the shared documents to the other user's keys/passwords: > > It depends what method they're using. If it's something similar to PGP, then I believe it would be possible with that. > In the same line, how are people handling the delegation of private > keys? In case you need to access the backup of an employee in your > department, would there be a way to "share" access between to keys with > two independent passwords? Same goes for removing access to certain > backups, in case of moving to another department or leaving the company? > If an employee destroys his backup key, it would be attractive to have a > master key for the organisation that can unlock all backups, right? The keys are usually owned by root (as bbackupd usually runs as root), so you could "delegate" access through sudo or some other RBAC method. As for master keys, I'm not sure about that - Chris (or Ben) may have an answer, but it doesn't seem like it would be easy to implement. James From ell2 at live.se Wed Aug 24 20:44:32 2011 From: ell2 at live.se (Leif Linderstam) Date: Wed, 24 Aug 2011 21:44:32 +0200 Subject: [Box Backup] Private key, web access, sharing and delegation In-Reply-To: <4E5443E1.6090406@qustodium.net> References: <4E5443E1.6090406@qustodium.net> Message-ID: > At the same time, can somebody guesstimate how e.g. Spideroak enable > sharing documents with other users via password protection without > re-encrypting the shared documents to the other user's keys/passwords: I guess it can be done similar to how encrypting mail with a public key works, as far as I know at least. - Create a random key and encrypt the message/file with this key. - Encrypt the generated key with the public key of the recepient. ? This can be repeated for several recepients. - A recepient wanting to read the message/file decrypts the generated ? key, which then can be used to decrypt the message/file. Apart from making it possible for many recepients to read the message whithout having a common key, this scheme also is good for performance. The generated key is a symmetric key (same key is used both for encryption and decryption) which is much easier (i.e faster) to encrypt and decrypt than asymmetric (private/public) keys. In the above case with shared documents there is no need to re-encrypt the file itself to add access for another user, only encrypt the underlying symmetric key with the new user's public key. Cheers, Leif From james at netinertia.co.uk Thu Aug 25 20:27:24 2011 From: james at netinertia.co.uk (James O'Gorman) Date: Thu, 25 Aug 2011 20:27:24 +0100 Subject: [Box Backup] FreeBSD port sysutils/boxbackup updated to 0.11.1 Message-ID: <20110825192724.GE70806@netinertia.co.uk> Hi, Just a quick notification to those running FreeBSD, the sysutils/boxbackup port has now been updated to 0.11.1. It also includes a periodic(8) script for running a store compare. This is disabled by default. Please read the script before enabling it! I also created a sysutils/boxbackup-devel port and requested it to be updated to the latest SVN version. This should be done soon, hopefully. James From chris at qwirx.com Fri Aug 26 08:22:01 2011 From: chris at qwirx.com (Chris Wilson) Date: Fri, 26 Aug 2011 09:22:01 +0200 (CAT) Subject: [Box Backup] FreeBSD port sysutils/boxbackup updated to 0.11.1 In-Reply-To: <20110825192724.GE70806@netinertia.co.uk> References: <20110825192724.GE70806@netinertia.co.uk> Message-ID: Hi James, On Thu, 25 Aug 2011, James O'Gorman wrote: > Just a quick notification to those running FreeBSD, the > sysutils/boxbackup port has now been updated to 0.11.1. > > It also includes a periodic(8) script for running a store compare. This > is disabled by default. Please read the script before enabling it! > > I also created a sysutils/boxbackup-devel port and requested it to be > updated to the latest SVN version. This should be done soon, hopefully. Excellent, thanks! Cheers, Chris. From siretart at tauware.de Fri Aug 26 10:47:20 2011 From: siretart at tauware.de (Reinhard Tartler) Date: Fri, 26 Aug 2011 11:47:20 +0200 Subject: [Box Backup] FreeBSD port sysutils/boxbackup updated to 0.11.1 In-Reply-To: <20110825192724.GE70806@netinertia.co.uk> (James O'Gorman's message of "Thu, 25 Aug 2011 20:27:24 +0100") References: <20110825192724.GE70806@netinertia.co.uk> Message-ID: <87fwkocxnb.fsf@faui43f.informatik.uni-erlangen.de> On Thu, Aug 25, 2011 at 21:27:24 (CEST), James O'Gorman wrote: > Hi, > > Just a quick notification to those running FreeBSD, the > sysutils/boxbackup port has now been updated to 0.11.1. Cool. May I ask where to get the 0.11.1 tarball from? http://boxbackup.org/ still mentions that 0.11rc8 was the latest release. Cheers, Reinhard -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 From james at netinertia.co.uk Sat Aug 27 14:06:46 2011 From: james at netinertia.co.uk (James O'Gorman) Date: Sat, 27 Aug 2011 14:06:46 +0100 Subject: [Box Backup] FreeBSD port sysutils/boxbackup updated to 0.11.1 In-Reply-To: <87fwkocxnb.fsf@faui43f.informatik.uni-erlangen.de> References: <20110825192724.GE70806@netinertia.co.uk> <87fwkocxnb.fsf@faui43f.informatik.uni-erlangen.de> Message-ID: <20110827130645.GI70806@netinertia.co.uk> On Fri, Aug 26, 2011 at 11:47:20AM +0200, Reinhard Tartler wrote: > May I ask where to get the 0.11.1 tarball from? http://boxbackup.org/ > still mentions that 0.11rc8 was the latest release. I uploaded the 0.11 and 0.11.1 releases to Sourceforge: http://sourceforge.net/projects/boxbackup/files/boxbackup/ I'm not sure why the web site still says rc8. If Chris doesn't object then I'll update it. James From chris at qwirx.com Sat Aug 27 14:42:00 2011 From: chris at qwirx.com (Chris Wilson) Date: Sat, 27 Aug 2011 15:42:00 +0200 (CAT) Subject: [Box Backup] Connection statistics NET_IN patch? In-Reply-To: <2dd12889cb657f40aed844dab67e4108@localhost> References: <2dd12889cb657f40aed844dab67e4108@localhost> Message-ID: Hi Achim, On Wed, 10 Aug 2011, Achim wrote: > If we are touching that area, any chance on including my request "Log > the number of uploaded files in addition to total file size uploaded" > [1]? Rationale: Empty folders and files are not reflected by "total file > size", but would show up with "total number of files". > > Best regards, Achim > > [1] OK, done. Cheers, Chris. From chris at qwirx.com Sun Aug 28 17:06:29 2011 From: chris at qwirx.com (Chris Wilson) Date: Sun, 28 Aug 2011 18:06:29 +0200 (CAT) Subject: [Box Backup] FreeBSD port sysutils/boxbackup updated to 0.11.1 In-Reply-To: <20110827130645.GI70806@netinertia.co.uk> References: <20110825192724.GE70806@netinertia.co.uk> <87fwkocxnb.fsf@faui43f.informatik.uni-erlangen.de> <20110827130645.GI70806@netinertia.co.uk> Message-ID: Hi James, On Sat, 27 Aug 2011, James O'Gorman wrote: > On Fri, Aug 26, 2011 at 11:47:20AM +0200, Reinhard Tartler wrote: >> May I ask where to get the 0.11.1 tarball from? http://boxbackup.org/ >> still mentions that 0.11rc8 was the latest release. > > I uploaded the 0.11 and 0.11.1 releases to Sourceforge: > http://sourceforge.net/projects/boxbackup/files/boxbackup/ > > I'm not sure why the web site still says rc8. If Chris doesn't object > then I'll update it. I never properly announced 0.11 or 0.11.1. Feel free to update the website. Cheers, Chris. From james at netinertia.co.uk Mon Aug 29 12:14:32 2011 From: james at netinertia.co.uk (James O'Gorman) Date: Mon, 29 Aug 2011 12:14:32 +0100 Subject: [Box Backup] FreeBSD port sysutils/boxbackup updated to 0.11.1 In-Reply-To: References: <20110825192724.GE70806@netinertia.co.uk> <87fwkocxnb.fsf@faui43f.informatik.uni-erlangen.de> <20110827130645.GI70806@netinertia.co.uk> Message-ID: <20110829111431.GA2189@netinertia.co.uk> On Sun, Aug 28, 2011 at 06:06:29PM +0200, Chris Wilson wrote: > Hi James, > > On Sat, 27 Aug 2011, James O'Gorman wrote: > > > On Fri, Aug 26, 2011 at 11:47:20AM +0200, Reinhard Tartler wrote: > >> May I ask where to get the 0.11.1 tarball from? http://boxbackup.org/ > >> still mentions that 0.11rc8 was the latest release. > > > > I uploaded the 0.11 and 0.11.1 releases to Sourceforge: > > http://sourceforge.net/projects/boxbackup/files/boxbackup/ > > > > I'm not sure why the web site still says rc8. If Chris doesn't object > > then I'll update it. > > I never properly announced 0.11 or 0.11.1. Feel free to update the > website. This has been done. It'd be helpful if the "Changes" section could be filled in too. James From git at makubi.at Tue Aug 30 01:00:08 2011 From: git at makubi.at (Mathias Kub) Date: Tue, 30 Aug 2011 02:00:08 +0200 Subject: [Box Backup] Disable encryption Message-ID: <1314662408.24825.10.camel@i7.linet.lan> Dear Boxbackup-developers & -users, I would like to use boxbackup in a small LAN. I already have a full-crypted server where backups are stored now and (in the current situation) I don't see any sense in double-crypting (I know that boxbackup encrypts data on the client and not the server, but in the current scenario - imo - I don't need it). I really like the features boxbackup offers, e.g. that it automatically backups data when it notices changes. Is there any possibility to disable the usage of encryption completely? Thanks in advance, Sincerely, Mathias Kub From dave at bdisystems.co.uk Wed Aug 31 11:55:06 2011 From: dave at bdisystems.co.uk (dave bamford) Date: Wed, 31 Aug 2011 11:55:06 +0100 Subject: [Box Backup] Logging housekeeping activities Message-ID: <1314788106.19150.157.camel@millhouse.backed-up.net> Hi Is there any way of increasing the information given out by the housekeeping process? My housekeeping seems to take a long time and I think I should increase the time between housekeeping. I wonder if this is related to the fact the backup files are on an NFS store. there was an issue with speed of writing to the store which Chris fixed some time ago. Thanks Dave Bamford