How to configure postfix under Ubuntu 16.04 to securely use Google's smtp relay service.
I've had this idea for about a week now -- I want to store my working source-code tree in the cloud, securely, so that I can access it from my machine at work, or from home. I use a laptop at work as my primary machine -- which is cool -- but I really hate lugging the damn thing back-and-forth from work to home. In my mind, it introduces risk - shoving a laptop into a backpack and trundling 70 or so miles (one-way) just doesn't seem, to me, to be the best way to treat delicate electronics, even if said device was designed to be portable. There's also the additional liability of theft or loss of the device.
Like most geeks, my home machine makes a far better development environment because it has significantly more display real-estate, more memory, and faster everything else. I don't have to hunt for a spare power receptacle to plug the laptop into, or work off the kitchen table because my desk is already at capacity.
So I came up with the idea (and I'm not claiming this to be original - but it does work) that if I could store my source code in the cloud, then all I'd need is a duplicate operating environment (apache, mysql and the db contents, etc.) while I ran my development source from the cloud, pushing it to the stage-server when necessary, thereby always maintaining the code in a consistent state across platforms.
I need the repository to be stored under subversion, and I want really decent encryption so that if the account gets hacked, my code isn't exposed. (Protect corporate assets.)
Oh, and I want it to be free. :-)
And to be large enough to store my entire project. (I like CloudApp and DropBox, but I don't feel they offer either enough space for what I need to do, or the ability to access the remote "device" as a filesystem.) Here we go...
I decided to use a service called ZumoDrive for my cloud storage simply because they offer 2Gb of mountable file storage. Unlike others, this storage is visible as a mounted drive on your desktop. It's also compatible with Mac OS X, Linux, Windows, and mobile devices (Android, iPhone and Palm Pre).
Go to their website - I've linked it above - and download the appropriate file -- they pretty much walk you though every process -- and install the file on your machine. On my Mac, the install requires only 4.7Mb of disk space. Sweet. Once installed, you'll be asked to create an account or log in to an existing account.
I first installed this application on my desktop machine. I created a login/password using my favorite account management tool, 1Password, and I chose a randomly-generated 16-bit password. As an aside, the more I use 1Password, the more I rely on their password-generator. I'm breaking the mold of the rotating-three passwords and using something that's both non-intuitive and random to protect my accounts.
Once I've created an account, and logged-in to the account, I'm now in the Zumo landing page, or what they term the "Dojo". Initially, Zumo offers you 1Gb of free storage but if you take an extra couple of minutes to run through their tutorial and examples, they'll quickly bump you (promoting your account in "belts") to the maximum storage freely available of 2Gb. Sweet.
What you now should have is a mounted drive on your desktop that looks like any of the other connected devices. This virtual drive is accessed like any other drive which allows you full file-system management to the device. (You can copy and delete files and stuff.)
Before we do anything, we want to prepare the device. I was wondering if the data you stored on the cloud device was secure so I searched-for and found this blog post from Zumo which basically states:
The file being uploaded is transferred to the ZumoDrive server which is hosted by Amazon's EC2 (Elastic Compute Cloud). It is done via 256-bit SSL encryption. SSL is the same type of encryption used when you log into your bank's secure website. The EC2 is the workhorse. It's the liaison between the client on your computer and the ZumoDrive datacenter (which is hosted by Amazon S3; more on this below). It also services the ZumoDrive website.
Ok, so the data you store on the device is already being encrypted. Cool. But what if you want it to be really, really encrypted? Should you be this paranoid? Consider the excerpts from this article:
I am only storing source code. But it's not my source-code -- it's the IP of my company. Therefore, your encryption methods do not satisfy my requirements and I shall have to devise an alternative strategy.
It's called Truecrypt.
I've already extensively blogged about Truecrypt in a 3-part post so I'm not going to cover the basics here. Go read or review the series if you need a refresher on using Truecrypt and creating secure files and volumes.
Start TrueCrypt and create an encrypted file on your Zumo device. I'm going to create a 500Mb encrypted file container on the Zumo drive. I'm going to use multi-pass encryption scheme with a strong hash algorithm. I'm going to use my 1Password program to randomly generate a password to control access to this container. I'm creating this as a FAT filesystem, fully formatted. Total time to format was about 10 seconds.
Once I've created the file container, I have to mount it. I do this by selecting the file from within the Zumo filesystem share, using the TrueCrypt manager/program, and clicking "Mount". I supply my password and the encrypted file container is now mounted to my desktop. I now have two devices mounted -- the original Zumo drive and the TrueCrypt file container within the Zumo drive.
Were someone to access my Zumo device, without the TrueCrypt module, all they will see is a 500Mb file with my container name. Stored inside the container is what appears to be random bits. Perfect.
I can still store files to the Zumo device, along side my container file -- they will not be encrypted using TrueCrypt however.
The next step is to install my source code repository. I use the best PHP IDE in the whole multi-verse: PHPStorm by JetBrains. It's so good, that this checkout process will be amazingly simple and fast. My code repository will be checked-out from, and completely maintained in, subversion by the IDE. Sweet.
I realize you may not yet be enlightened yet to PHPStorm and that's ok. Use your inferior product to valiantly struggle to get the source code out from repository into the TrueCrypt volume. You may even be successful!
For the rest of us, we simply select: Checkout From Version Control -> Subversion, and select the repository (svn+ssh://...). The tricky part, for us Mac users, is that we have to locate the filesytem destination for the source-code files under the directory Volumes beneath the root mount-point. In the Volumes directory, you will see (at least) two Volumes -- one for your Zumo drive and one for your encrypted container within the Zumo Drive.
If you want your source code to be stored in the encrypted container, within the Zumo drive, you have to select the encrypted container. In the screenie shown, my container is creatively named "NO NAME". This is the device I will select to check-out my source code into. I'll create additional paths within the container that are proprietary to the application.
Once that's done, I click "OK" and, in the next dialog, tell PHPStorm to check-out from the HEAD and include external locations. The final dialog asks me for version compatibility and I select 1.6. The check-out process within PHPStorm takes off.
For my code base, checkout the entire code library and storing it to the encrypted volume took less than four minutes for slightly more than 100Mb worth of files. True, there is processing overhead in retrieving the encrypted file form storage and de-crypting the file on-the-fly (and the same holds true in reverse) but the files are secure and my company's IP is protected.
From this point, as long as I have both the Zumo drive, and the TrueCrypt, software installed on whatever platform, I can access my source code, securely, from the cloud while ensuring that the source code itself remains current.
With the exception of the JetBrains PHPStorm IDE, the Zumo drive and the TrueCrypt software programs are open-source and free to use.
As a final caveat, this system puts you at the mercy of your ISP -- if there's no internet access, then you'll be unable to access your files. Also, you'll want to make sure that you stage your source code regularly. My general rule-of-thumb is to commit only when I reach the point where I don't want to have to re-engineer and re-type in the new code, or modifications, that I would lose should something happen to my cloud repository.
Zumo drive maintains it's files locally on your machine so that you always have off-line access to your files. Therefore, you're really not at the mercy of your ISP. You are, however, at the mercy of your hard drive space and your connectivity upload speed. It took me hours to upload my 500Mb encrypted file container to Zumo -- at 77K/sec, it was not only painful, but it also bogged down my network speeds so that other idle entertainments (WoW) were pretty much impossible.
The upload speed lag, which I blame both my ISP and Zumo (throttling) for, meant that earning "achievements" from Zumo wasn't instantaneous -- I had to wait for network processing to complete before I could earn my "belts". Eventually I did get up to my 2Gb of free storage so it's all good.