How to verify your Synology NAS hard disks

I upgraded my 2 HDD in my Synology NAS to bigger ones. The change and rebuild of the RAID mirror was seemless. But I wanted to verify the health of the filesystems before growing the volumes. Here is how to do it.

Note: I am making the following assumptions, you know what you are doing, you activated SSH on your box and know how to connect as root, you know and understand how your NAS HDD have been configured, you have a wokring backup of your HDD data, you are not afraid of losing your data.

First find out what is the drive name of your volume(s) and also what is the filesystem type:

# mount
/dev/root on / type ext4 (rw,relatime,barrier=0,journal_checksum,data=ordered)
(...)
/dev/mapper/vol1-origin on /volume1 type ext4 (usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,synoacl)
/dev/mapper/vol2-origin on /volume2 type ext4 (usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,synoacl)

In my case, I have created 2 volumes on top of my mirror. The device on which these volumes are stored are /dev/mapper/vol1-origin and vol2-origin, they are both ext4 filesystems. But you probably do not have such a setup and only have one volume on top of your RAID array and your device might simply be /dev/md[x].

The fact that my devices were in /dev/mapper hinted me that they might be a LVM layer somewhere. So I executed the following command (harmless):

# lvs
LV                    VG   Attr   LSize    Origin Snap%  Move Log Copy%  Convert
syno_vg_reserved_area vg1  -wi-a-   12.00M
volume_1              vg1  -wi-ao    1.00T
volume_2              vg1  -wi-ao    1.00T

So my 2 volumes are LVM logical volumes. Now that I have this information, I can do the following to verify the filesystems’ health. First of all, shutting down most services and unmounting the filesystems:

# syno_poweroff_task

Now if you did not have LVM but rather a /dev/md[x] device, you can simply do (if you have an ext2/ext3/ext4 filesystem only, and replace the ‘x’ by the correct number):

# e2fsck -pvf /dev/mdx

But if like me you have LVM, then you will need a few extra steps. The ‘syno_power_off’ has probably deactivated the LVM logical volumes, to be sure check the “LV Status” given by the next command (harmless, not the complete output is here given):

# lvdisplay
--- Logical volume ---
LV Name                /dev/vg1/volume_1
VG Name                vg1
LV UUID                <UUID>
LV Write Access        read/write
LV Status              NOT available
LV Size                1.00 TB

As you can see the logical volume is not available. We need to make it available so that the link to the logical volume is accessible:

# lvm lvchange -ay vg1/volume_1
# lvdisplay
--- Logical volume ---
LV Name                /dev/vg1/volume_1
VG Name                vg1
LV UUID                <UUID>
LV Write Access        read/write
LV Status              available
# open                 0
LV Size                1.00 TB

The status has changed now to “available”, so we can proceed with the filesystem verification:

# e2fsck -pvf /dev/vg1/volume_1

To finish this, you need to remount and restart all the stopped services. I do not know a specific Synology command to do that, so I simply rebooted the machine:

# shutdown -r now

Measuring and understanding how a process is using the primary memory (aka RAM) is complex because Operating System have been optimising primary memory use to save space or optimise run time (memory map, virtual memory, kernel same page merging, etc.). Therefore most tasks managers are reporting several metrics to inform about memory usage, and even their own help page are sometimes reporting a wrong definition for a metric. So I am always learning new things about what actually all those metrics are measuring. Today’s is PSS:

Linux’s PSS (Proportional Set Size) metric. This is the amount of RAM actually mapped into the process, but weighted by the amount it is shared across processes. So if there is a 4K page of RAM mapped in to two processes, its PSS amount for each process would be 2K. The nice thing about using PSS is that you can add up this value across all processes to determine the actual total RAM use. – Android Developer Blog, Understanding How Your App Uses RAM

OS X unstability, Mavericks is just unfinished!

I am really really disapointed by Apple, and for more than just one reason. Here below is my list of  growing concerns with the company and especially how they molest OS X.

First of, when I have a stable running system, the last thing I want to hear is that there is availability of an upgraded OS version which, on top of providing new features, is correcting several security flaws which won’t be corrected on the current stable OS release!!!

Imagine a world where Microsoft would have stopped providing security updates to Windows XP the day Vista was out, even if it had been for free, would you have done the upgrade right away? No! You want to wait that the new OS gets stable enough (in Vista’s case that meant waiting for Windows 7) before you upgrade.

Well bad luck, Apple decided last October to provide OS X 10.9 (a.k.a Mavericks) to everyone without providing further supports (at least in terms of security updates) to previous OS X versions. Giving this upgrade for free was just the sweet juice to cover the bitter poison taste.

I analysed the vulnerabilities in our current OS X version and decided that I could wait for OS X 10.9.1 before upgrading, hoping that Apple would also see that stopping security updates on previous OS X versions was plain stupid. This did not happen and shortly after OS X 10.9.1 was published I did the jump and upgraded.

The upgrade was bug free, but not the use of OS X since then. For the past month we have been struggling with the following problems:

  • Impossibly slow to switch users (my wife and me are sharing the same and unique MacBook, so we do use quite often this feature)…
  • …when it does not simply hang in the process of switching!
  • The screen, mouse and keyboard freezes randomly, often this is related to the insertion of the Thunderbolt network adapter, other times it is out of the blue.
    Note: sometimes pulling out the Thunderbolt plug unfreezes the Mac, sometimes not.
  • Mail App crashes often or the geometry of the window keeps on changing to the weirdest form. I simply stopped using it.
  • Launchpad should support keyboard input to quickly filter the list of application, so that typing “Con” would propose you “Contacts”, “Console”, etc.. But since Mavericks this handy feature does not work everyday.
  • WiFi needs router reboot to get IP address after the computer was asleep. It is a bug from iOS that has been carefully ported to OS X. Now I can also enjoy router reboot because I just want to use the WiFi! Yeah!
  • App Store updates which get lost: I got notified that I had 1 possible updates, I fired up the App Store app and clicked on Update. I saw that Evernote had an update but then the computer froze. I waited 5 min after which I shutted down and restarted. The App Store shows no update to perform (even after search for them) but looking for Evernote shows that it can be updated! That’s a reliable update mechanism!

Giving upgrade for free is no excuse for the unstability and little testing that this OS X Mavericks has received. Take the example of Ubuntu and their Long Term Support release, that is serious work done and they also provide their upgrades for free!

So I really despise Apple for bragging so much about the 200 new features coming along with OS X Mavericks. Well I have seen a myriad of bugs, if they count as new features then yes they probably are not far from the 200 ones. But apart from an application which provides maps (where is the web version of it, I don’t want an app for that!), another one for reading books (like a MacBook is the most handy reading machine, sure!!) there are close to no visible features to the end-users. Ho yeah I forgot tags, like I am going to tag the 1 TiB of data I own just because I can!!!

Really Apple, stop wasting so much of your developers time into just providing what looks like a new skin for iOS 7+ and invest some valuable effort into bringing back OS X to the stable and professional OS it was!

Addendum – 2014-02-05: Today I tried to rate the OS X 10.9.1 application in the Mac App Store, my rate was one star, I clicked on it but got the following message “To rate this app, you must have purchased it from the Mac App Store”?!? Well it is true that I did not “buy” OS X 10.8, it was bundled with the laptop. So I only upgraded it to the “free” version from the Mac App Store using the Mac App Store.You can't give negative feedback ;-) So I did not technically buy it, true, but I own it! You can see a screenshot on the right-end side.

How to revert phone encryption on Android

How to revert your Smartphone encryption, credit: image based on Oxygen Icons

Smartphone Encryption Reverted

I am a recent owner of a smartphone (since August 2013), it is a relatively old one, a Samsung Galaxy S (GT-I9000), but it is still a usable and cool computer-in-a-pocket/phone.

Samsung dropped support for the phone a long time ago, but other projects picked-up and you can install various Android distributions on it. I am running CyanogenMod 10.2 (Android 4.3) and it works great.

I would anyway have done so even if Samsung would have continued support ;-) but that could be a story for another post and another day.

Encryption has slowed down the phone

However, one month ago I decided to encrypt the phone, this was a good idea (and I would recommend anyone to use encryption on a device as mobile as phones) but it turned out to slow down excessively everything on the phone up to the point that I was barely using it. Even calling or answering the phone was a pain.

I was decided to revert the encryption without losing too much of the data/settings of the phone. Here is how I did it.

Note: the following steps worked for me, it does not necessary means it will work for anyone. I cannot be held responsible if by using this shared experience you lose any data.

Approach to revert the phone encryption

The approach is to do a full backup, restore to phone to “factory” settings (restoring the installed OS without encryption or any settings) and applying back the backup.

This approach should work on any Android version. But the instructions here are given for Android 4.x release, and for some steps are specific to CyanogenMod 10.1 and above and/or Samsung Galaxy S. If you have a different phone or Android, you will have to find the specifics by yourself (when there will be specific instructions, I will mention it either with CM10 for CyanogenMod 10.x or with SGS for Samsung Galaxy S).

Prerequisite

As mentioned in the previous chapter, these instructions could work for other phones and Android versions, but I mention here only my own setup, the one on which I successfully went through these steps.

My environment:

  • A Samsung Galaxy S (GT-I9000) phone with CyanogenMod 10.2 installed;
  • A computer (OS X 10.9) with ADT installed (version 20131030);
    • Please make sure to install the ADT Bundle to be able to use adb.
  • A micro-USB cable to connect your phone to your computer.

Backup your data

For the backup, I have used adb (Android Debug Bridge) and I have used the recovery mode to reset to factory the phone. The rest of this section contains the various steps to do the backup.

Activate the adb daemon on the phone (CM10)

This steps depends on your Android flavour, please refer to your Android phone manufacturer documentation or community project. The instructions in this section apply to CyanogenMod 10.x.

When using CyanogenMod 10.2, you need to activate the Developer Options. This is done by taping 7 times the build number field in the About section of your phone Settings. You now have a new section in your Settings dubbed Developer Options.

Authorise to gain root access via adb

Authorise to gain root access via adb

Under Developer Options you can tick ON USB debugging which will activate the adb daemon once you connect your phone to a computer.

You need to also be able to give root access via adb in order to perform a full backup (that is my assumption). This is done by selecting ADB only or Apps and ADB in the Root access option under Developer Options (see screenshot).

Now plug your phone to your computer, your phone should ask for a USB debugging authorisation from the connected computer. You should authorise that.

You have now your phone ready to receive commands from your computer using adb.

Backup the phone using adb

The instructions in this section will be given for Unix/Linux/OS X. They work the same way for Windows, but the file path names will be different (e.g. ‘\’ instead of ‘/’, and so on). I am not going to give here Windows instruction. I assume that if you were able to install CyanogenMod on your phone, you can “translate” the below instruction for your platform. If you need assistance on Windows, you can use this excellent answer by Ryan Conrad.

Under Unix/Linux/OS X simply open up a Terminal. And go to where adb was installed. I assume below that you unpack ADT in your Desktop folder:

cd ~/Desktop/adt-bundle*/sdk/platform-tools

Now run the following command which will create a backup in your Desktop folder. This backup will include all applications and their data, all shared data (e.g. sdcard content) and full system backup.

./adb backup -apk -shared -all -f ~/Desktop/$(date +%F)-android-backup.abkp

Once you typed in this command, your device will ask you to confirm the operation and provide a password to encrypt the backup. I have used the same password as for the phone encryption, but I guess any password should work. Carefully remember the password because you will need it when restoring.

After you authorised the backup, it will take a while before it is completed (it took about 20 minutes for me).

Sadly, and this is a risk you will have to take, I know of no way to test the generated backup. After the completion of the above procedure, I simply checked the size of the file and verified that it could reasonably (even with some compression) contains my phone data. If you know better, let me know and I will update this section.

Reset to factory

Now come the part where you take some risk. In order to revert the encryption on the phone, we need to reset it to factory settings, which includes wiping out all your data. If the previous backup did not work or if your backup gets corrupted, your data might be lost once this step is performed. It is a good time to make a copy of the generated backup somewhere safe in case something goes wrong.

ClockWorkMod Recovery menu

ClockWorkMod Recovery menu (copyright Makvana @TheUnlockr)

First unplug your phone’s USB cable from the computer (this is optional I believe, but I think it is safer) and shutdown the phone. Once switched off, start your phone in recovery mode (e.g. on Galaxy S this is Volume Up + Home + Power). I assume you know how to use the recovery menu, without which you could not have installed your CyanogenMod version. But as a quick reminder, Volume Up/Down correspond to Arrow Up/Down and the Home button corresponds to Select.

Once in recovery mode, select the item wipe data/factory reset and proceed. This will delete all data on your phone, you have been warned. You will be asked to confirm and you should do so.

You have now a non encrypted phone freshly cleaned. We will need to restore your data. So please reboot the phone by selecting reboot system now.

Restore your data

After the reboot (it can take awhile, like a couple of minutes), you will be prompt to connect to your CyanogenMod and Google accounts. I do not have the former but do use the latter. So I skip the first step (which was registering the CM account) but proceeded with setting up my Google account.

Note: I am using Google 2-step verification and I did not remember my application password that I set-up for my Android phone. So I went to Google’s Account Security Settings on my computer and generated a new application password and revoking the previous one.

During the setup of my Google account I explicitly asked Google to restore my phone (I did use the phone built-in Google backup). After the setup, I waited that Google’s restore was over. Not much is restored by this feature, so I guess it is possible to skip this step, YMMV.

Now it is time to restore the full backup. You will need to reactivate the adb daemon, please refer to the above chapter. And once again the following instructions are given only for Unix/Linux/OS X and you will need a Terminal.

cd ~/Desktop/adt-bundle*/sdk/platform-tools
./adb restore ~/Desktop/$(date +%F)-android-backup.abkp
Android request confirmation to restore (image courtesy of Ryan Conrad)

Android request confirmation to restore (image courtesy of Ryan Conrad)

Note: if you were doing this late at night and have done the backup before midnight and are doing now the restore after midnight, you will need to remove “$(date +%F)” and replace it by yesterday’s date. ;-)

The restoration process will prompt a confirmation on your phone and ask you to enter the same password you used when you created the backup. Hopefully you remember it and can proceed.

The restoration is quite slower than the backup, and after 20 minutes I went to bed. So I do not know how long it took exactly. The app Google Play crashed several time during the restoration which did not seem to affect the process.

Once the restoration was completed, I rebooted the phone just to be safe.

Clean-up

Do not yet delete the full backup on your computer, keep it for awhile just in case.

But you should definitively restore the Developer Options to their original settings:

  • Root access: Apps only
  • USB debugging: OFF (unticked)

And switch OFF the Developer Options all together. You can unplug your phone from your computer and delete ADT bundle from it too (though I would keep it as long as the full backup file).

What worked and What didn’t

With my own experience, everything was restored but some applications authentication, no was data loss. So the approached was a success IMHO.

Some applications lost the authentication, I simply either had to request sign-in and it auto-magically found the account information again (e.g. Firefox Sync) or to request sign-in and fill in my login and password again.

Regarding specifically Google’s 2-step verification and the Google’s Authenticator app, the configuration of this application was not restored, but via Google Account’s Security I was able to set it up again in no time, which has invalidated the previous configuration at the same time. So perfect restoration with this extra step.

Conclusion

My phone is now unecrypted, which is sad, but on the other hand I can use it again. It is now reasonably fast again that I can use applications and browse the web on the go. CyanogenMod 10.2 is a great update, the phone feels more responsive and as definitively more battery life (recharging it every 48h instead of every 36h).

The State of Retina Displays

Since almost a year, I own a retina display device. This type of screen has been so much praised by reviewer that I fell for it. So I got a 15″ Retina MacBook Pro. The screen is indeed beautiful but next time, I will save on the retina display premium cost and buy instead a good external screen.

On a retina screen optimised applications look gorgeous, but I am not a pixel junky and applications can look beautiful too on a non-retina screen. However most non optimised apps look dreadful and pixelated, and they are still loads of them. In addition, little application make really use of the extra amount of pixels, so it just looks slicker for fonts but does not really make use of the extra space.

The money saved by buying a non-retina notebook can be used to buy an external display, and with a small addition a 27″ WQHD screen which is not retina but offers an incredible space to work, I got one at work and I love it, better than a retina display.

So if you need to choose, don’t get the retina and get an extra external screen for that price! You will be more productive.

Corollary: don’t follow the advice of these guys here at CNET. An ultrabook/Air device is meant to have a lot of battery life, so a manufacturer that delivers a good screen with incredible battery (10 hours and more) is doing the right choice. And if that means no retina and no touch screen, then be it. We can wait another couple of years to enjoy this little amusement while keeping sustained battery use.

App security is really low

Web browsers have had since ages a small lock to tell their users when they were securely connected to a web server.

Apps, especially those for mobiles, do not expose this information. It is very difficult to know if they use proper encryption, or that they even check the validity of the encryption certificates (when using methods such as SSL or TLS). Without such encryption, user credentials (login and password) and the exchanged personal data can easily be snooped.

App makers should mandatorily use encryption for communication. And they should use certificates to make sure they connect to the expected server. And they should expose that to the user interface!

Mobile Security, Not Realy Usable, Not Really Secure

Yesterday I stumble upon a journalist opinion who think that current Yahoo! CEO, Marissa Mayer, is just a twerp when it comes to mobile security. I do not think we should qualify someone, even the CEO of an internet company like Yahoo!, of a twerp just because one does not use a pass-lock for its mobile phone.

Why mobile phone security is important?

It is certainly about money, one could use your phone/data connection, but you can easily/quickly close this gap (e.g. using Apple’s Find my iPhone, or some Android equivalents). The other thing that has value is the personal data within the phone. But this has value either in the numbers (smart phone data from thousands of users stolen could interest spammers and hoaxers, for sure) – but unlikely with one phone theft – or because you are a high-profile person or you want to use those data against its rightful owner (blackmail, defamation, etc.).

So yes, security is important for a mobile device.

Security vs. usability

But the usability and efficiency of the security features on mobile is awful! It gets into the way of quickly grabbing the phone and performing an action (urgent call, photo, etc.).

Which is why I understand that people do not want to use a pass-code or similar mechanism to access their phone. Most are cumbersome, they get in the way of easily/readily use the phone (that’s why I still carry a camera when I want to take pictures!). And their relative security is dubious. The PIN1 or gesture authentication mechanism can sometimes – and with the right tool – be read from the finger traces on the phone and/or could be brute force (I am convinced there are ways to do that automated).

Since a few weeks I have a smart phone. It is not a too old one, neither a brand new one, but it is a good smart phone. I got a Samsung Galaxy S (1st generation). I have tried several pass-lock, there is the ubiquitous 4 digits PIN, the swipe gesture, a password, a simple lock and nothing. Clearly, the two last options are the one usable! Out of the pseudo secure ones, only the PIN code seemed not too difficult to use. This is a great disappointment. I do not trust my phone to protect my data to the same extent I trust my computer. And the worst, it seems that making this better is not on the agenda of most manufacturers/mobile OS providers, unless you count the attempt by Apple to improve at least the usability side with the fingerprinting.

Fingerprinting is not the panacea in terms of security. But when properly implemented it is as secured as a PIN-lock and it does not get in the way of using the phone2. Furthermore, I am sure this technology will evolved and we can hope in the near future to have good-enough fingerprinting-lock technology which can surpass PIN-lock in terms of security.

 

  1. I still do not get why PIN pass-code system do not randomise the place of the numbers on the screen!?!
  2. This is my humble opinion, no hard facts. Others have better expressed their views on fingerprinting on mobile phone than I did.