Bash on Synology DiskStation

I picked up a Synology DS415play, a couple weeks ago. I’ve been looking for a good way to store family memories, as well as have device-indepentet on-site storage and redundancy.

The Synology DiskStation is a Linux-based NAS, and I couldn’t stand that the default shell was ash. How to fix?

Process

I’m taking a lot from this post on the Synology forums, and trying to explain it in a litte more detail[1].

Finding the bootstrap file for the Intel Atom CE5335 was a bit of a challenge, since Synology doesn’t use it as widely used as some other CPUs in their lineup. Fortunately the thread I linked above has a relatively recent (Nov 2014) bootstrap for a DS214play, which uses the same CPU. I guessed it would be the same, and it was.

I’m going to assume that if you’re reading this, you are thinking of doing the same on your DiskStation, and that you have an ill-defined-but-higher-than-zero knowledge of both *nix systems and how to Google.

First, you’ll need to ssh into the NAS as root (root’s password is the same as the admin user password).

You’ll need to execute the following commands, command by command:

$ cd /volume1/@tmp  
$ wget http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/syno-i686-bootstrap_1.2-7_i686.xsh  
$ chmod +x syno-i686-bootstrap_1.2-7_i686.xsh  
$ sh syno-i686-bootstrap_1.2-7_i686.xsh  
$ rm syno-i686-bootstrap_1.2-7_i686.xsh

Line by line, the above does the following:

  1. Change into the Synology’s temp directory
  2. Download the bootstrap script
  3. Make the script executable
  4. Run the script
  5. Remove the script

At this point you have ipkg, the package manager, installed, but your shell doesn’t know about the folder it’s installed in. You’ll need to add /opt/bin/ and /opt/sbin/ to the PATH[2] in your .profile.

While you’re in your .profile, you might see a line that says HOME=/root/. I changed mine to HOME=~/, since I want this .profile to be portable between users. I’ve copied it to the admin user when I finished, so I have the same experience when I’ve connected as admin and root.

Now, if you type ipk and hit [tab] it should autocomplete to ipkg.

So, let’s install bash:

$ ipkg install bash`

Bam. You’ll get some output, then you should have bash installed.

Now, I needed conventions for getting into bash when I connect to the device. Again, the Synology forums came to the rescue.

Add the following to the end of your .profile:

if [[ -x /opt/bin/bash ]]; then   
    exec /opt/bin/bash  
fi

The above checks if /opt/bin/bash is executable. If it is, the command will execute /opt/bin/bash. If it is not, it doesn’t execute /opt/bin/bash, therefore leaving you in ash.

Add the following to .bashrc:

PS1='\u@\h:\W \$ '  
export SHELL=/opt/bin/bash

The top line you may want to adjust to your taste. That’s how I like my prompt to look. Here’s a good tool to help you build the prompt that suits you.

The second line sets the SHELL variable to /opt/bin/bash. Remember that .bashrc is only read by bash when bash is started, so the SHELL only gets set if bash is called.

Now before you close your current SSH session, start a second. You should get your new, fancy bash prompt. Success!

Once you have that good feeling, copy .profile and .bashrc to /volume1/homes/admin/, and start another ssh session, this time connecting as admin. If that works, you’re set.


  1. I find that if I start a project like this by thinking about (and sometimes outlining) a post like this as I go, I have a better understanding of what I’m doing. Often, if I can’t follow the thread from beginning to the end, I don’t actually begin the project because I feel like I don’t understand the process well enough.  ↩

  2. Here’s an explanation of the PATH variable in UNIX, if you’re not familiar.  ↩

Fixing Forza 5

Dan Greenwalt, Creative Director on Forza Motorsport 5:

Well, it's hard to say with the XP boost, because that was an experiment just seeing whether people are interested are not. It's not meant to be something that you're meant to do. Right now we're looking at whether people are using it or not. If they're not using it, we'll remove it, if they are using it we won't remove it. The work's already done to put it in, and we're experimenting - we didn't expect people were going to take it as a statement. That's something... I understand how people took it. Most of us were just surprised that people were up in arms. I'm not blaming people, and I want to be clear on that. I'm just saying that wasn't our intention going in, and so it was surprising to us.

It's interesting, to me, to read this article. By and large, I see FM5 as a huge success and a blast to play. I understand the design decisions Turn 10 has made, and I think it works. I've used to XP Boost, myself, as a quick way to gain levels. I understand that adding a way to use real-world currency to purchase cars makes the game more fun to people who don't want to spend hours and hours grinding out wins to earn enough credits for one car.

Maybe it's a function of growing up. I don't have the time to invest in games that I had ten or fifteen years ago, and when I do play games, I really want to get the most out of my time, so I see the value in how Turn 10 designed the systems. I'm certainly not a "hardcore" gamer, so I might not be in the demographic that feels hurt by this.

Obviously, I'm a fan of the game. There's a lot to love. But, maybe nothing more than the ablity Turn 10 has to iterate and experiment with a game that's in production. It's wonderful.

Markdown to MindMap v1.0

Brett Terpstra created something I've been thinking about making for a while (and I'm 100% positive he did a better job that I would have): a service that takes plain text lists and formats them as OPML to paste into mind mapping software. It sounds like he cooks ideas in approximately the same way I do.

Born Slippy: the Making of Star Fox

Damien McFerran's 20-year retrospective on the making of StarFox. This quote from Jez San, about working with Shigeru Miyamoto, jumped out at me:

"It was amazing to see the way he worked," says San. "He didn't design games up front, like western game designers would do. He had ideas and liked to play, refine and evolve. He especially liked to iterate - he did a lot of trial and error. It really felt like he would be flying by the seat of his pants much the time. It was occasionally frustrating, because you couldn't schedule the project in advance. You couldn't know how much effort or man-hours were required for any specific feature or element because he didn't really plan in any great detail. He seemed to do everything by what feels right, which means it has to be pretty much fully built before he could evaluate how much fun it was - and then he'd tell you to change this or change that, and so on."

I doubt that anyone who has ever played a Miyamoto game would be surprised that he relentlessly iterates.

Selective use of Unblock-Us.com with my Very Own DNS Server

I’m using a service called Unblock-Us to specific domains for me. The service is really excellent; a DNS-based service that (I assume) works by accepting DNS requests on their service, they proxying the request and all responses through their network. I say “I assume” because when I emailed Unblock-Us for confirmation, they wouldn’t confirm or deny my assumptions. I guess they didn’t want to give up the recipe to their secret sauce. Can’t blame them.

Now, while Unblock-Us is DNS-based, I’m not too cool with the idea of sending all of my DNS requests across the internet. I cooked up a little modification to my caching DNS server that sends the domains I specify to Unblock-Us, forwarding other requests to public DNS servers the first time, then just serving them up locally. Here’s how I did that.

  1. First things first, I signed up for Unblock-Us[1], and I activated it.

  2. I created a fresh SD card for my Raspberry Pi. You could run this on any Mac or pretty much any Linux distro. I’m sure you could make it work on Windows, though I have no idea how. There are plenty of reasons to use something more powerful than a Raspberry Pi, but I don’t care about them for the time being. The Pi is fine for me.

  3. I got the Raspberry Pi online and gave it a static IP on my network.

  4. Installed BIND 9, a great and really widely-used DNS server.
    sudo apt-get install bind9 on Debian (or Raspbian or Ubuntu) systems.

  5. Modified my configuration files, by adding the following lines to the listed files:

    1. /etc/bind/named.conf.options
      This specifies the DNS servers that my BIND server will forward requests to when it doesn’t already know how to handle them. It’ll take all answers from these guys and cache them until the TTL expires, so it can handle future requests without going out to the internet.

       forwarders {
              4.2.2.2;
              8.8.8.8;
        };
      
    2. /etc/bind/named.conf.local
      This defines the zones for specific domains that will just be forwarded to Unblock-Us’s DNS servers.

      ######
       # Conditional Forwarding Zones: These zones forward their DNS requests as specified
       ######
      
       Zone "unblock-us.com" { type forward; forward only; forwarders { 208.122.23.22; 208.122.23.23; 184.106.242.193; };};
       Zone "domain1.com" { type forward; forward only; forwarders { 208.122.23.22; 208.122.23.23; 184.106.242.193; };}; 
       Zone "domain2.com" { type forward; forward only; forwarders { 208.122.23.22; 208.122.23.23; 184.106.242.193; };};
       ⋯
       Zone "domainN.com" { type forward; forward only; forwarders { 208.122.23.22; 208.122.23.23; 184.106.242.193; };};
      

      The first line, above, sends all requests for unblock-us.com to the Unblock-Us DNS servers (primary, secondary, and tertiary in order). The other lines, I populate with any other domains I’d like to send to Unblock-Us, just by replacing “domain1.com”, “domain2.com” … “domainN.com”. For example, if I wanted to send DNS requests for Google, Netflix, and Apple to Unblock-Us, my file would contain the following lines:

      ######
       # Conditional Forwarding Zones: These zones forward their DNS requests as specified
       ######
      
       Zone "unblock-us.com" { type forward; forward only; forwarders { 208.122.23.22; 208.122.23.23; 184.106.242.193; };};
       Zone "google.com" { type forward; forward only; forwarders { 208.122.23.22; 208.122.23.23; 184.106.242.193; };}; 
       Zone "netflix.com" { type forward; forward only; forwarders { 208.122.23.22; 208.122.23.23; 184.106.242.193; };};
       Zone "apple.com" { type forward; forward only; forwarders { 208.122.23.22; 208.122.23.23; 184.106.242.193; };};
      

      It’s worth noting that Unblock-Us doesn’t support Google or Apple, so while they will properly handle the DNS request, they will not provide any additional benefit. I was just providing them as a configuration example. Netflix is a supported site, and a full list of supported sites can be found here.

  6. Finally, I updated DHCP settings on my router[2] to point to my BIND server as the primary DNS server, and public DNS[3] as the secondary DNS server. As my devices DHCP leases came to expire, they’d check in with the router, and the router would hand them a new lease with the updated DNS settings.

I’m sticking this here because I thought some of you might find it helpful. This isn’t a solution for those who are less than technically inclined. To be honest, I don’t know enough about BIND to really troubleshoot it, but there’s tons of helpful documentation online. If I learn anything significant, though, I’ll post more about it.

Update August 13, 2014: I've been meaning to update this post for a while. Toward the end of last baseball season, this configuration stopped working. I reached out to Unblock Us about it, and they weren't able to give me much direction, except that the domains that MLB.tv, etc that need to be redirected to Unblock Us change frequently. They'd only support a configuration where all DNS traffic was hitting their DNS servers. So, I reverted to using Unblock-Us DNS on my Airport Extreme, and being done with it.

I suppose it would probably be possible to sniff the outbound DNS request being made by your computer when accessing the services, and redirecting those domains, but my fear is that it will be tedious to maintain as content providers switch CDNs, etc.

Update October 24, 2014: An interesting comment from Nick shed a little more light on capturing Netflix traffic. Worth reading if this setup is still something you'd like to do. Please do read.


  1. An affiliate link. If you sign up with this, I’ll get a little kickback. If you don’t want to use my affiliate link, here’s a non-affiliate link.  ↩

  2. Or DHCP server, if you run a seperate DHCP server. I’m running it all from my AirPort Extreme, though.  ↩

  3. I’m using 4.2.2.2, just like the forwarder on my BIND server.  ↩

What I want Apple to do with Podcasts

On this week's The Talk Show, John Gruber, Adam Lisagor, and John August spend some time talking about Apple's new Podcasts app. At one point (46m 34s, if you're playing at home), Gruber outlines what he wants Apple to do with Podcasts.

"The thing I want from a podcasts app - the thing I want from Apple - is I want them to put my podcast subscriptions in the cloud. And […] when I say 'I've subscribed to this podcast' it's all stored in the cloud, and then whichever device I look at, they all just know which ones I subscribe to. 'Cause the way this works is if I subscribe to a new show on my Mac in iTunes, today, then I go to my iPhone and open it up, that podcast is not in the Podcasts app yet. I have to sync it. That's crazy right? Isn't that what Steve Jobs told us a year ago that we wouldn't have to do anymore?"

What I want might be a little greedier, and probably a lot more work for Apple to do, but it seems technically feasible. I'll lay it out:

  • I want what Gruber wants, sure. I want a list that's stored in iCloud with all my podcast subscriptions.
  • I want it to be updated with which episodes I've listened to and which I haven't.
  • Additionally, I want it to store playback time location.
  • I want it to be a system-wide store, like Calendars, that can be read and written by third party applications.

The upshot would be huge. If I'm talking with a coworker, and he says "Oh, hey, do you listen to "The Moth"? This week's episode is really good" , and I could open iTunes and click the subscribe button on my Mac, and I listen to the first 20 minutes before I have to head off to a meeting. Fast forward an hour, and I'm about to head home. I open Instacast, and it sees the updated iCloud Podcasts info, and after downloading the episode of The Moth, I can pick up right where I left off before my meeting. When I get home, I turn on my AppleTV and I can listen to the last part of the episode right there, through the AppleTV's native podcast support.

Instacast, on it's own, handles most of this. It syncs subscribed podcasts, episode status, and playback location across the iPhone and iPad App pretty well. This seems like a great spot for Apple to come in with a good solution to take work off its developers, and give its customers a better experience.

Concentrate

You know what's awesome? The Internet. There's so much cool stuff to learn and there's funny dog pictures, and there's schadenfreude. Sometimes it's just too much to bear.

A couple years ago, my Reddit addition was getting pretty bad, and I needed a break. I used an old and simple trick where I modified my /etc/hosts file to point reddit.com to 127.0.0.1, and stuck a simple webpage on my localhost that read, simply, "Get Back to Work" in big bold black letters on a light grey background. Since Reddit was effectively replaced with that page, I didn't go back to Reddit for more than a year. Lately, I've been back a bit, but when I feel the urge getting too strong and, I've been using a helper to keep me on-task.

Concentrate is a little application that sits in your menubar. You can use it to define tasks, and set those tasks to block access to websites, applications, open applications automatically, etc. It's a great help. My primary "Work" activity is pretty simple: block Reddit and open OmniFocus. Nothing more to it. It's set to a period of two hours, and that's usually enough to get me past the task I'm trying to put off. Great, great app.

Print to Evernote

I missed having the "Print PDF to Yojimbo" option in the standard OS X print dialog. This solution is a hell of a lot cleaner than the solution I'd been using.

Tip: If you don't have a ~/Library/PDF Services/ folder, you'll have to create it or the AppleScript will fail.

MLB Standings Geeklet (2012)

I hoped that I could get the MLB Standings Geeklet updated before the 2012 season started. Unfortunately, I haven't been able to. A lack of available time, and MLB's changes to how the stats are served means that I lack the temporal funds to spend on this project.

If I see a good alternative, I'll pass it along.

Update (June 1, 2012): I enabled the Geeklet on a whim a couple weeks back, and it was working fine! I guess the MLB team websites hid the standings until the season started, this year.

Toll-Fraud Prevention on Cisco Voice Gateways

Apr 3 18:06:31.532: //81/00F539C80300/CCAPI/cc_process_call_setup_ind:

>>>>CCAPI handed cid 81 with tag 0 to app "_ManagedAppProcess_TOLLFRAUD_APP"

 This line, from the output of a debug voice ccapi inout, on a new voice gateway in our Denver office, caused us several hours of hair-ripping frustration. There's not much about it on the Google, yet; at least not much we could find. This post by Guilherme Villarinho (translated) on the Portugese-language Avvid.net pointed us in the right direction.

Beginning with IOS 15.1(2)T, Cisco introduced a Toll-Fraud Prevention feature. The feature defaults to not connecting calls from a VoIP source that isn't trusted. Trust is defined by IP either by trusting individual hosts or subnets.

I don't really see the value of the feature, as it's described, and we decided to disable it with the following commands:

voice service voip      
   authenticate trusted no ip address

If you can think of a reason to enable it, though, I'd love to hear it.

Moving from Yojimbo to Evernote

I made the decision a couple days ago to move from Yojimbo to Evernote. I’ve been a pretty big user of Yojimbo since the end of 2007, and I have just shy of 500 items in my library. I really haven’t been looking forward to doing this[1].

Last night, I realized that left to my own devices, I’d put this move off forever. My entrenched usage was going to prevent me from ever actually switching. I’d become very comfortable with my everything bucket. The only way to handle this was like a Band-Aid; do it quick and get it over with in one motion.

Unfortunately, I’ve never been good at ripping Band-Aids off, and I treated the move much the same: a painful series of small (and often repeated) motions that only served to increase prolong the discomfort. If you’re thinking about doing this, learn from my mistakes.

Making the Move

Here’s what you’ll need to do to make the move:

  1. Move your Encrypted notes. I moved mine to Secure Notes in 1Password.
  2. Delete your Encrypted notes from Yojimbo.
  3. Buy at least a month of Evernote Premium[2]. The last thing you want is to hit that data transfer limit mid-transfer[3].
  4. After you purchase the upgrade, quit Evernote, then launch it again. Apparently Evernote only pulls your account status on launch.
  5. Optionally, move your serial numbers. Again, I moved to 1Password.
  6. Run this AppleScript.

The script worked great for me, once I made pretty much every mistake I listed above. As always, this is what worked for me, but your experience might be different. I hope that nothing goes wrong for you while making the move, but if it does, I at least hope that different things go wrong.


  1. Partially because I just enjoy Yojimbo. But the lack of cloud sync, and the sporadic release cycle really made me think that Yojimbo just wasn’t getting the love.  ↩

  2. If you have a really big library (more than a gig), you’ll want to break the transfer up into chunks, and spread it over several months. Which sucks. I don’t know of a way around this. Maybe try contacting Evernote support prior to moving.  ↩

  3. For every item you add once you’ve crossed that data transfer threshold, Evernote throws a modal alert. When you click “Ok” on the alert, it opens a webpage trying to sell you Evernote Premium. I had about 120 modal alerts to deal with. Just buy it up front.  ↩

Banning a Site from Top Sites on Safari

We came across an issue with one of our web apps where users running Safari on OS X were spawning hundreds of unterminated sessions. It was killing our servers. It only took a couple minutes of investigation to figure out that the culprit was the Top Sites grid when a user opens a new tab. Now the question became how to stop it.

Since this is a Software as a Service installation, we couldn't exactly muck about in code to kill unterminated but inactive sessions. Someone proposed (and temporarily implemented) a method that blocks based on user agent string. Not a very user-friendly solution, but it keept everyone else running while we figured out a better fix.

My idea was that I knew if you went into edit mode on the Top Sites page, and clicked the "X" on one of the thumbnails, that site would never come back onto the list again. I figured that if we could just write to the list, it should be easy to permanently keep the web app off Top Sites. I just didn't know where to do that.

A couple hours of defaults read commands, and a few trips to Google turned up the best solution I could come up with. It's not exactly as clean as I'd like, but it seems to work well enough for us, until we can get our vendor to limit the number of concurrent sessions per user.

I created a shell script which we can push out to the user computers. The script does the following:

#!/bin/bash

# This script is to ban a URL from appearing in the Top Sites in Safari
# since Top Sites was spinning up hundreds of unterminated sessions per user.

killall Safari                  # Kills Safari                          

echo "Removing Safari Caches"
rm -rf ~/Library/Caches/com.apple.Safari/Caches.db
rm -rf ~/Library/Caches/com.apple.Safari/Website\ Caches

echo "Clearing Top Sites List"
defaults write ~/Library/Safari/TopSites.plist TopSites '{ }'

echo "Banning URLs from Top Sites"
defaults write ~/Library/Safari/TopSites.plist BannedURLStrings -array-add http://yoururl.com/watever/
defaults write ~/Library/Safari/TopSites.plist BannedURLStrings -array-add http://www.yoururl.com/whatever/

I don't like that I can't politely quit Safari from the commandline without installing some additional software. Additionally, I'm not really clear why I have to add the URL both with and without the "www." when Safari doesn't seem to have to do that when it automatically adds to the Banned URL Strings array.

Finally, I'm not too cool that I have to clear the whole Top Sites array before making the edits. While I don't have anything pinned there, I can see a situation where someone uses Top Sites as a quick way to get to their favorite sites, and any change there might be a big deal.