...making an encrypted fileserver
(...and with a BitTorrent-webinterface! )
Well, I’ve been busy with a encrypted fileserver before and it runs for quite a while in my closet now, but it wasn’t perfect yet. I wanted it to download .torrents automatically, so I don’t have to keep my workstation powered on, just for that. Since my fileserver runs OpenBSD and the first idea was to have an interface to it by VNC and have Azureus run inside X-windows on it, I needed to get Java 2 SDK on OpenBSD...
Anyway, I think I was almost there… but then I came across TorrentFlux and actually, it’s much more ideal in my situation than the solution I was working on :-) So I decided to stop working on the Java+VNC+Azureus-solution and get this Apache/PHP/MySQL/Python/BitTorrent (all available in the OpenBSD-packagecollection!)-thing going.
So, what is it?
This is a fully-encrypted (samba)fileserver, which means that all the data that’s on there, actually can’t be found physically on the server :-) To be more precise, the data you copy to the server gets encrypted and the data you read from it gets decrypted, all on-the-fly…
And the sugar-on-top on this one is that it’s now got a webinterface for uploading torrent-files to it (or parse the URL’s) and it starts downloading ( & encrypting) them.
Well, it looks the business, doesn’t it? (oh, it’s called scramjet BTW ;-))
(actually, I should’ve called it Tonino...)
It’s a shame I’ve got this beauty hidden away…
The Webinterface to this piece of bad-ass magic:
(and that’s a legal torrent)
It downloads directly onto the pseudo-device, so the data gets encrypted while it’s being stored :-)
The encrypted volumes can be shared through Samba and on my Media Center, it looks like this:
To make things quick… I decided to write a rough HOWTO for getting an OpenBSD-encrypted fileserver, additionally with a webbased BitTorrent-interface. You can find the Howto here
Use?
Actually, I’m not sure… I started thinking about something like this since here in Holland the local anti-piracy group are starting to think they’re God…
Anyway, the only P2P I use is BitTorrent and maybe I should decide to switch to antsp2p but then I should look into Java on OpenBSD again and actually I like the beauty of the current Apache/PHP/MySQL-solution.
I’m not a lawyer and imho there’s too little legal history around to be sure of what is allowed and what is not… My logic only tells me it’s impossible to get a proof of the whereabouts of someone online just by looking at some logs… You at least need to proof the person actually possesses the data and in my case… good luck proofing that! In some countries downloading is legal and uploading is not? (probably Einstein who thought that one up)
I’m very curious how upcoming lawsuits will turn out in this country. In the meantime, I’ll polish my solution (if it is one) further…
Don’t get me wrong here, I do not consider myself a pirate in a long way (and do not like to be considered that way either), I just built it…
because it’s possible :-)
DIY trackback
slashdot.org (!!!)
undeadly.org
I keep updating the machine through time, here’s a peek at the current hardware this machine now utilizes
Message from Mark's family this site has been made static. This means that it will be no longer possible to comment on his ideas and projects, but that we all can continue to cherish his creativity.you can find all of my projects overhere
omfg “eyes wide shut” is “movie of the moment”??
you haven’t downloaded a movie in 6 years??
p.s: first post!
Gotta love that strapped on 120mm huh? ahahah. lovely.
Looks like you got slashdotted, Mark :-D
It’s definitely cool, but I really don’t see much use for it besides a personal encrypted file server for the paranoid (or to show off your 1337 skillz)
This article is so lame, go back to school kid, you’re a loser.
when I first read this article I was trying to guess the age of the writter, I sincerely believe that this kid is under 9 and shouldn’t be allowed on the internet, moreover this article stinks, so is everything from your shitty site.
“which means that all the data that’s on there, actually can’t be found physically on the server”.. the data remain on the server and can be found there.. encrypted. :-) It’s still there, even if it’s not actually readable.
Looks like the only “child” in here is you, slashdotter ….
“This article is so lame, go back to school kid, you’re a loser.”
lame? what’s lame is actually having the time to bother to insult this guy.. don’t you have something better to do? or did you drop out of high school?
i was wondering whether it was slashdot or the slashdotters that have degraded in quality recently – now i know the answer. if you don’t have anything polite to say DON’T SAY IT.
everyone is a tough guy, when they are behind a keyboard and monitor…. you guys need to grow the fuck up, and be and let be.
yes ‘slashdotter’(arent we all), we should regulate people who are allowed to use the internet, including people who might be younger than you.
how about the low-lifes who post mean mesages on peoples sites with nothing constructive to say. I say these tards should be banned from using the internet(because thats possible—apearantly somebody ownes the internet).
lucreoz, I agree. Tards should be banned from using the net!
If the law downloads from your IP using bittorrent that might be all they need. Very nice setup though, I have to admit a pang of nerd envy. Oh and sorry for the slashdot troll, they just want attention.
Looks good.
I’ll order 100 units, when you get this setup onto that iPod I see. :P
(00|
I don’t get the point. You can use PGP disk for this too. It’s faster, easier, and works just as effectively for the use you’ve deployed.
If you want to use a hammer to kill a fly, you’ve done it.
I must say this is a great use of these technologies. I’ll be checking in to see how things progress.
I’m using GBDE encrypted partitions on FreeBSD boxes as well. That’s not really new.
What should have been discussed here, are two important things:
1. You need an encrypted bittorrent interface, but bittorrent lacks this for now (it’s not your fault, how about a new project?)
2. The cgd or gbde devices are fine, but they need further refinements: like e.g. multiple keys for multiple types of data. Say, the powers that be force you to disclose one of the passphrases, you could still tell one with an innocuous file system, hidding the one with the torrents.
A few other points:
a. Don’t keep logs at all. Log everything directly to /dev/null.
b. Apache/PHP/MySQL/... that’s WAY too heavyweight and overblown. Use thttpd and a nice little Python cgi script (persistence with ZODB) instead.
Dude, you’re alright. There is nothing wrong with enthusiasm over getting something to work. I understand that there are those who feel the need to put others down in order to feel better about themselves, but I wouldn’t worry about THOSE posts, as they just prove the insecurity of those who posted them. I may not have done what you did, (prolly more like the previous post) but it’s still cool nonetheless, and I’m sure there are PLENTY of people that would have never thought about it in the first place.
dood, everybody has to start somewhere. I guess that unlike other slashdotters we were not all born with 31337 h8×0r 5kI11z. Your doing a great job, keep it up. Because others are jelous/envious/insecure don’t let them discourage you. How many of them have been slashdotted? (READ: none)
this is very cool. good job.
One more hint:
If the torrents and other data can be recreated easily from scratch, AND if you have a reliable uninterruptible power supply, you could use data from /dev/random as a passphrase to init the partition.
Should someone yank the power cord while confiscating the box, they won’t be able to decrypt the partition at all (neither would you, if you reboot). And the beauty of it all? If a court asks you to hand over the passphrase, you can safely say that it’s being generated out of random bits, and that you don’t have a way to know or tell it. No contempt of court here! You can prove it by the init scripts that create that gcd partition upon boot time.
Just look at FreeBSD’s encrypted swap script /etc/rc.d/gbde_swap (there’s surely something similar with OpenBSD) for how it’s done.
Besides this, you’ve done some great work! Thumbs up!
Hey, great article! I’ve been thinking of switching to freebsd for a long time. I’m just waiting for my new laptop and a homework-free weekend. Your article has been a great inspiration, keep up the good work, and congrats for being slashdotted! /ilix
Markie, you ruled again, like always.. great job and congratulations with your new found slashdotted status ;)
Keep up the good work. Don’t worry about the trolls. Chances are they will be pumping gas when they grow up and you’ll be laughing all the way to the bank. I do.
Nice setup… any updates?
well, the only update being that it still runs like a dream! ;-)
Really, this fileserver is running smooth for around 9 months now… I do want to update it somewhere this year, adding RAID to it and while I’m at it, build it from scratch again, maybe on a faster machine, depending om my budget…
Anyhow, I guess by running for months without errors now it proves to be a pretty solid setup (luckily! and imho of course)
Keep on going Mark!
have you ever thought about using cgd..
http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html
instead of svnd?
also, if you still thinking of java on openbsd you could use azureus which now has a swing web interface which can use SSL
hey man, great job! this entire site is awesome. i just rediscovered it when i saw your wireless newton on hackaday. its a great alternative to macmod (it is down :() and has the best articles. this is a really nice setup for a server. i like the look and stability. thanks for being a great site!
Cool stuff. Keep up the great work and ignore the trolls.
keep up the greate work, forget about slashdotter
i just kind of find it ironic that that particular case is an encrypted system, the box is so ugly and could be easily opened. I understand that if you got at the hard drive you wouldn’t be able to do much, but it just seems ironic how insecure the case looks.
Do you know what i am trying to say?
Instead of torrentflux i would suggest you used torrentflux-b4rt which is an enhanced version. You can find at http://tf-b4rt.berlios.de/
The slashdotter are probably from openbsd-misc, the rudest list I’ve ever seen. Of course as anyone who has been on the list for a while, Theo sets the tone when it comes to four letter flames, good enough to embarrass sailors if you have not read all the web pages.
Have you considered using MLDonkey? It supports eDonkey, ( and its server less extensions Overnet and Kaedemlia), Gnutella 1 & 2, Bittorrent, HTTP and FTP download, others are available too. And the best, it’s fully controllable over a web interface.
More information can be found here:
http://mldonkey.sourceforge.net/
ffffff
Thanks you
GOOD TIPS FOR ME !
very good topic !
Grande. Merci
mains dans les matériaux, si vous estimez qu’il est