Archive for May, 2016

Battling against the 4.7.0 CrashPlan Synology package update

Saturday, May 21st, 2016

If you’re using CrashPlan to backup data on your Synology NAS in headless mode, you’ve probably already had to go through this update nightmare. This is pretty regular unfortunately; each time an update arrives for CrashPlan, the package gets broken in various ways.

Basically, clicking the “update” button always leads to a couple of hours wasted :(

Here’s how I fixed the issue this time, just in case it could help other people! Before you start, make sure you have a good hour in front of you.. ;-)
The commands are assumed to be executed as root…

  • close your eyes and update the package
  • start the package, it’ll download the update file then will crash and burn
  • copy cpio from the CrashPlan package to /bin/cpio: cp /var/packages/CrashPlan/target/bin/cpio /bin/cpio
  • extract the “upgrade” file: 7z e -o./ /var/packages/CrashPlan/target/upgrade.cpi
  • move the upgrade file outside the Crashplan folder
  • uninstall the CrashPlan package
  • install the CrashPlan package again (don’t let it start)
  • move back the upgrade file and put it in the upgrade folder (/var/packages/CrashPlan/target/upgrade)
  • edit install.vars in the CrashPlan folder to point to the correct location of Java on your NAS. To find it, just use ‘which java’. Then put the correct path for the JAVACOMMON property
  • (optional) rename the upgrade file to upgrade.jar (or whatever you like)
  • extract the upgrade file: 7z e -o/var/packages/CrashPlan/target/lib /var/packages/CrashPlan/target/upgrade/upgrade.jar
  • remove the upgrade file (not needed anymore)
  • remove the upgrade.cpi file
  • IF you have enough memory, then add the USR_MAX_HEAP property to /var/packages/CrashPlan/target/syno_package.vars
  • start the CrashPlan package; it should now stay up and running
  • install the latest CrashPlan client version on your machine
  • disable the Crashplan service on your machine
  • get the new Crashplan GUID on your NAS: cat /var/lib/crashplan/.ui_info; echo
  • copy the guid (everything before “,0.0.0.0”) in the ‘.ui_info’ file under C:\ProgramData\CrashPlan (assuming you’re on Windows). You must edit the file from a notepad executed as admin. Make sure to replace the IP (127.0.0.1) by the one of your NAS
  • Start the CrashPlan client, enter your CrashPlan credentials and passphrase (you do have one, right? :p)
  • Now let CrashPlan sync all your files for a few days :o)

Hope this helps!

Enjoy :)


So you want to be safe(r) while accessing your online bank account?

Saturday, May 14th, 2016

Web browsers

One quick tip: if you want to access sensitive Websites safely (e.g., your online bank, your taxes, …), then:

  • do so in a different Web browser than the one you generally use.
  • make sure that the browser you use for sensitive sites is NOT your default browser (i.e., the one that opens when you click on links in e-mails for example)
  • make sure that your browser is up to date
  • make sure that you never use that browser for anything else
  • do NOT visit anything else (i.e., no other tabs) at the same time
  • quickly check that you don’t have weird extensions or plugins installed (you could very well have been p0wned by any application installed on your machine)
  • make sure that you configure very strict security rules on that browser (e.g., disable caching, passwords/form data storage, etc)

Why does this help? Well if your machine isn’t part of a botnet or infected with hundreds of malwares yet, then the above could still protect you against commonly found vulnerabilities (e.g., cross-site request forgery), vulnerabilities exploited through a different tab in your browser, etc.

Personally I use Google Chrome as my default Web browser and Mozilla Firefox whenever I need to access sensitive sites.

Do NOT consider this as bulletproof though, it’s nothing but ONE additional thing you can do to protect yourself; you’re still exposed to many security risks, the Web is a dangerous place ;-)