Synology & “Shellshock” bash Vulnerability

Synology released a statement about the “Shellshock” vulnerability.

From the statement:

A vulnerability of a commonly used UNIX command shell, Bash, has been discovered allowing unauthorized users to remotely gain control of vulnerable UNIX-like systems. A thorough investigation by Synology shows the majority of Synology NAS servers are not concerned. The design of Synology NAS operating system, DiskStation Manager (DSM), is safe by default. The bash command shell built-in in DSM is reserved for system service use (HA Manager) only and not available to public users. For preventive purpose, Synology is working on the patches addressing this bash vulnerability and to provide them as soon as possible.

Only one of my three DiskStations is on the vulnerable list (the 1511+). That particular NAS always gets updated last. It’s used for all my backups and file storage. While recovery would be possible it would take a long time. My test NAS (the 212J) isn’t on the vulnerable list so I can’t test the updated firmware. My main NAS, the DS212+, isn’t on the list either.

Since I can’t test the update I’m not applying it to my 1511+. The 1511+ isn’t accessible from the internet, it isn’t even set up for quick connect, and my router wouldn’t send any Internet traffic to it. So the risk to me seems nearly non-existent and the risk of problems is higher than normal. I’ll wait until others beat on the update for awhile and apply it sometime in the future, maybe just the next update. As I write this the update for the DS1511+ isn’t available from the download center or through automatic update.

Installing the DSM 5.1 Note Station App

Note Station is a new Synology Package that’s available with the DSM 5.1 beta. Since I installed the beta I was eager to take a look at Note Station so I went ahead and installed it. I cover the install process below although it is the same as other packages.

  1. Open Package Center and locate the Note Station package. Then click Install.
    Install Note Station
  2. Once Note Station is installed its icon will be added to the main menu.
    Note Station icon
  3. Starting up Note Station reveals:
    Empty Note Station app
  4. I don’t typically work with the Synology Admin ID so I’ll need to give my regular ID permission to use Note Station. This is done through “Control Panel” -> “Privileges”.
    Synology Control Panel
  5. Highlight “Note Station” then select “Edit”.
    Edit Note Station privileges
  6. Click the user or groups that you want to have permission to Note Station. I like to restrict things on the ID level so I just give my user permission.
    User permission to Note StationPermission could be given to groups:
    Group permissions for Note StationDefault permissions can also be set:
    Default Note Station permissions

Note Station reminds me of Evernote, although it won’t have the application integrations. With all the apps that support Evernote along with other integrations it will be hard for me to replace Evernote but I will give Note Station a try.

While web access is possible, so far the iOS app for Note Station has not been released (and the existing apps haven’t been updated for DSM 5.1 beta either). The Android apps have been updated for the beta and Note Station is available on Android.

While Note Station is a nice addition to the DSM package suite it has an uphill battle to replace Evernote for me. And if it can’t replace Evernote completely then I have to decide if Note Station is worth splitting my data between two apps. I’m not optimistic but it’s worth giving it a look.

Upgrading To Synology DSM 5.1 Beta

I upgraded my test NAS to the DSM 5.1 beta. It’s a simple process that I’ll cover here. This is beta software so there will be bugs. The only unknown is the severity of those bugs. Downgrading to the older version can be done but isn’t officially supported and will wipe out the current data and settings. You may want to back up the data and settings before doing this. Do this update at your own risk.

My screenshots were done on a Mac but the only difference on Windows is the file browsing.

  1. Download the DSM 5.1 beta firmware for your specific NAS from Synology. Click the “Install now” button at the previous link and follow the directions. Download the firmware to your local computer.
  2. Log as admin on the the web interface for your DiskStation. Open Control Panel then DSM Update. Once there click the manual update button.
    DSM Update in Control Panel
  3. Browse to the firmware file you downloaded and select it.
    Browse to the firmware file
  4. It will take a minute or two to load the file then you’ll be prompted to confirm the upgrade.
    Prompt to confirm upgrade
  5. Now all you need to do is wait. I was prompted that it would take about 10 minutes. I get this same time estimate with every NAS and every update but in this case it was accurate. The DiskStation will reboot on its own.
    Upgrading progree display
  6. Once you log on a series of tips will be display. Click the screen to advance through the tips.
    DSM 5.1 beta tips
  7. Then a new tutorial is opened. The tutorial is geared to new DSM users, at least new DSM 5.x users. It doesn’t specifically call out new features in DSM 5.1.
    DSM 5.1 beta Turorial main menu

All my installed packages were upgraded when I installed the DSM 5.1 beta. From what I remember, in the past I had to do the upgrades manually after the firmware upgrade. So this was a nice bonus.

It seems that all my Android Synology apps received a recent update. (“Recent” meaning today.) The mobile Note Station app was also available for Android. None of my iOS apps have been updated yet and the iOS Note Station app isn’t available yet either. I’m hoping they’ll appear soon and are just delayed by the iOS 8 app deluge.

There haven’t been any obvious problems since the update. But I’ve yet to really give the software a workout.

Synology DSM 5.1 Beta Released

Synology has released Synology DSM 5.1 beta. As usual, even though this is just a “dot release” (DSM 5.0 to DSM 5.1) there’s a lot of new features and enhancements to existing features. There’s an entirely new Notes application with its own mobile app.

I’ll be installing the beta on my Synology DS212J later tonight to begin testing it. While past betas have been relatively problem free there will be bugs so I’ll be holding off on my production DS212+. I may like the beta so much that I’ll eventually put the beta on it. My big backup box, the DS1511+ won’t get upgraded until the production DSM 5.1 is released.

I’m looking forward to the Notes application although replacing Evernote may be a stretch. I’m also looking forward to the new security and backup features.

iOS 8 Installed

Screenshot of my iPad home screeniOS 8 was released around the typical time of 10 AM Pacific Time (1 PM EST) and I installed it on both my iPad 3 and iPhone 5s shortly afterward. I set aside about an hour to do the upgrade and it was done in about that time. Most of the time was just waiting. It didn’t take long for the download portion, most of the time was spent preparing and doing the installation. My iPad 3 took longer thanks to the slower processing.

I skipped the iCloud upgrade on both devices.

The upgrade was uneventful on my iPhone. I did have a problem with the Audible app. It would crash right after starting but this occurred prior to the upgrade and began when I upgraded the Audible app. I hoped the iOS 8 upgrade would fix the issue but it wasn’t to be. I ended up uninstalling and reinstalling the app which did resolve the issue.

My iPad upgrade was a bit more eventful. It got caught in a loop prompting me to “authorize” my app store account when I tried to download app updates after the iOS upgrade. I eventually cancelled it and all was well. I was also prompted twice for my iCloud credentials (three times if I count the prompt during the upgrade) but these did stop. I didn’t have either of these problems on my iPhone.

Apple apparently pulled Healthkit integration at the last minute until a bug could be fixed. I’ve also been having problems finding some iOS 8 apps in the app store via search. It may be that they haven’t been pushed out yet. Other than that it’s been uneventful although I haven’t used the updated software very much.

iOS8 Preparation

Screenshot of my iPad home screeniOS 8 will be released tomorrow. There’s a lot of new features which means there will probably be a lot of bugs or incompatibilities. Now, “a lot” is subjective, but guaranteed that some will make a lot of internet noise. The smart think to do would be to wait for the dust to settle before upgrading my own devices (an iPhone 5s and iPad 3). But I rarely do the smart thing so I’ll be upgrading my phone & iPad as soon as I get the chance. While I’ve never had a serious problem I always prepare for the worst by doing the following:

  1. Delete all the apps I haven’t used in recent memory. This has the added benefit of cleaning up the accumulated cruft. When I go through the apps I always find ones I haven’t used in months but say “I really want to use this app”. I take a hard line and delete these. I can always re-install if I really do want to use it. The exception would be an app that hasn’t been used but has a lot of data. Deleting the app deletes the data so if it’s not stored someplace else (such as a cloud service) I’d leave the app. But honestly, I haven’t encountered this.
  2. Backup the device to my computer using iTunes. I backup both my iPhone and iPad to iCloud and I hate iTunes with a passion. But this is one time where I fire up iTunes and backup my devices. I use an encrypted backup so my passwords are backed up. Local restores are much faster than through iCloud. Plus, if Apple melts down completely iCloud could be affected.
  3. Check iCloud apps for compatibility. I’ve been burned by Apple’s cloud offerings so much that I’ve avoided storing files in iCloud. Apparently the phased rollout of iOS 8 and Yosemite can also cause problems. Day One is warning users not to upgrade to iCloud Drive (which is optional during the iOS8 upgrade) if they use iCloud with Day One. If you do upgrade to the new iCloud drive you won’t be able to see the documents on your Mac until it’s upgraded to Yosemite, or on other iOS devices until they are also on iOS 8. Apple does note this when they prompt whether or not you want the Cloud Drive upgrade – “You will not be able to access the documents currently stored in iCloud on your other devices until they are also upgraded to iOS 8 or OS X Yosemite.” Even though Yosemite is expected soon (and a public beta is available) I have not seen a firm Yosemite release date from Apple.
  4. Just prior to upgrading to iOS 8 I’ll do one last check to see if there are any app updates waiting. I’ll do a similar check just after the upgrade, but before running any apps.

Good luck with your upgrade!

Synology DSM 5.0-4493 Update 5 Released

Support – Synology – Network Attached Storage (NAS) DSM 5.0-4493 Update 5.

Synology has released another DSM 5 update. Only two fixes listed but one of them is a security fix:

Fixed a vulnerability that could allow servers to accept unauthorized access.

I updated my DS212J and DS1511+ without incident. While I do use encrypted folders I haven’t had a problem so I can’t verify that it fixed anything. I’ll update my DS212+ at the end of the day and post an update if I have any issues. The update of my DS212+ also went fine.

Linux Foundation Introduction to Linux Training On edX

edX LogoThe Linux Foundation recently created an Intro to Linux course that they made available for free on the edX training platform. I decided to take the course and recently completed it. The course is still available and is free. (It is $250 if you want the “Verified Track” to prove you took, and passed, the course. The course is self paced and online.

My Linux background includes maintaining my own web server on Linux. I learned what I needed to (but not much more) and managed the server from the command line. I shut down my server a few months ago and figured this would be a refresher while filling in some gaps. Plus, this training is targeted to desktop users. My last desktop Linux usage was Mandrake Linux (now Mandriva) about a decade ago and I wasn’t too impressed.

As I mentioned, the course is self-paced and it’s estimated to take 40 to 60 hours. I didn’t time myself and since I did have experience my time isn’t a good indication anyway. The 40 to 60 hours seems reasonable for someone who is new to Linux although much of that time would be working the labs and exploring on your own.

The course uses three distributions for its examples: Ubuntu, CentOS and openSUSE.

The course is called an introduction and lives up to the name. There’s broad coverage that doesn’t go very deep. The course is divided into 18 chapters:

  1. The Linux Foundation
  2. Linux Philosophy and Concepts
  3. Linux Structure and Installation
  4. Graphical Interface
  5. System Configuration From The Graphical Interface
  6. Command Line Operations
  7. Finding Linux Documentation
  8. File Operations
  9. User Environment
  10. Text Editors
  11. Local Security Principles
  12. Network Operations
  13. Manipulating Text
  14. Printing
  15. Bash Shell Scripting
  16. Advanced Bash Scripting
  17. Processes
  18. Common Applications

Each chapter is sub-divided into sections that focuses on one area in the Chapter.

There is some good content within each section. But to really learn you’ll need to work on your own to see what does and doesn’t work. That said, if the goal is to pass the test at the end it’s not too difficult. All the needed material is in the course and there’s no time limit on finishing the final exam. Plus it’s not only open book, it’s open everything.

That ease of passing makes the course unsuitable for using it as proof of knowledge when looking for a job. At least in my opinion. I’d recommend against spending the $250 for the verified certificate which could be included on a resume. There may be exceptions, if you’re new to Linux and want a Linux related job it may help, but you’ll need to consider the course material a starting point and dig in some more.

The material is a mixture of short videos (I only recall one that was over 2 minutes), text and some do-it-yourself examples. The do-it-yourself examples really only enforce the material by having you do it. Some are just typing tests where you’re given the information you need. If you get it wrong you’re given the answer and then have to enter it again. There are a few questions at the end of each section.

Each Chapter has a lab for you to do on your own. The answers are also provided. This is the only part of the training where you need your own Linux installation. The do-it-yourself sections of the training are done online, not in your own Linux installation.

Bottom Line

It’s an introduction course so it can’t be faulted for being basic. I did learn a little. But if you have some self-taught Linux experience like I do, you aren’t going to learn a lot. I’m guessing I spent less than one hour per chapter, so there wan’t a big time investment and it was free. I’d recommend anyone think twice before spending the $250 for the verified track but the course is worth the time investment if you’re new to Linux and want someplace to start.