Replacing Dropbox with BitTorrent Sync

Too many times, you’ve heard a cloud storage/sync product described as “like Dropbox.” There’s Box, OneDrive, Google Drive, iCloud Drive, Bitcasa, SpiderOak, Wuala, Transporter, and I’ve missed a bunch. It doesn’t matter because they’re all pretty bad, and nearly all have the same problem, which is that any data you upload can be decrypted by the provider. In the event of a bug or a breach, anyone could have access to your files.

BitTorrent Sync draws the inevitable comparison, but it’s different and better. It lets you sync folders between multiple machines, and it supports every major computing platform, but it works without a cloud component. It’s peer-to-peer, encrypted, and fast. Sync is in beta, but I replaced Dropbox with Sync over five months ago, and it’s been great. The most recent version even handles syncing OS X extended attributes with an intermediate Linux peer.

I’ve been using Sync to publish files to the web, replicate a Minecraft server, sync personal documents between my computers, access files on the go with my iPhone, automatically upload security camera footage offsite, and even back up my iPhone’s camera roll to a home computer. It works.

Sync makes ad-hoc sharing easy, with expiring and optionally read-only links. It’s one of the easiest and fastest ways to share large files.

The most intriguing feature of BitTorrent Sync is its ability to include peers that can sync without having a decryption key. I’ve taken advantage of that feature to keep a copy of my documents synchronized with my own cloud server. On that server, the file contents, names, and metadata are encrypted and I feel reasonably secure knowing that if someone hacked the server, my tax returns and security camera footage would remain private.

Sync is hard to get right, and BitTorrent Sync is impressive. On my wishlist: Hosted plans for folks who need the always-on aspect of cloud storage and can’t roll their own, and a Dropbox-compatible SDK for mobile app developers.

TestDisk Data Recovery on OS X

One of the 4TB external USB hard drives I use for local backups started randomly disconnecting a few days ago. Today it failed completely. It’s a Seagate Backup Plus model, where the bottom of the enclosure consists of a small, removable shim that contains the USB & power connections and the USB to SATA converter chip. After trying different USB ports and cables without success, I decided to hook up the drive directly using SATA. After trimming a SATA cable with a utility knife to make it fit the narrow port opening, hooking it up, and rebooting… Finder offered to initialize an unreadable disk.

Disk Utility showed a single unreadable 500GB partition and a FAT partition table. The drive previously had a GUID partition table, not FAT. I have no idea what corrupted the disk in such an interesting way, but TestDisk was able to quickly scan the drive, locate the partitions and types, and repair everything in just a few seconds. The user interface hails from the 1990’s, but the software worked wonders and it’s completely free and open-source. It also runs on Linux, Windows, and DOS.

All my backups are intact and valid. I haven’t figured out what to do with the drive, though. Anecdotal evidence from the Internet suggests USB/SATA adapters are prone to failure, but I’m guessing the cause is probably cheap, poorly-designed power supplies. I’m not sure if it’s worth opening a support case with Seagate.

Migrating virtual machines from Amazon EC2 to Google Compute Engine

My Amazon EC2 discount contract is almost up, and I’ve been playing with Google Compute Engine (GCE). Initial impressions are that it’s faster and costs less money, particularly if you don’t want to pay up-front for EC2 reserved instances. Google’s web console is more modern than Amazon’s, though slightly less sophisticated. Google’s CLI tools are much faster and don’t require Java. Google’s API uses JSON instead of XML.

In terms of capabilities, GCE is not as advanced as EC2, but it’s vastly more powerful than Linode, Digital Ocean, and the like. One exception is that Google doesn’t permit sending SMTP directly from GCE instances. They have a partnership with Sendgrid for that. I’m using Mandrill instead, and so far I’m very pleased with that choice.

Migration from EC2 to GCE without re-installation

It’s possible to migrate virtual machines from EC2 to GCE. This post explains how I migrated my production Ubuntu 12.04 LTS instance. It’s not a detailed guide. If you possess a good amount of Linux operations knowledge, I hope the information here will help you do your own migration quickly.


Important differences between EC2 and GCE

EC2 uses Xen for virtualization. GCE uses KVM.

Most EC2 instances are paravirtualized (PV). They do not emulate actual PC hardware, and depend on Xen support in the kernel. Most of the time, EC2 instances use PVGRUB to boot. PVGRUB is part of the Amazon Kernel Image (aki-xxxxxxxx) associated with your instance. PVGRUB basically parses a GRUB configuration file in your root filesystem, figures out what kernel you want to boot, and tells Xen to boot it. You never actually run GRUB inside your instance.

With KVM, you have a full hardware virtual machine that emulates a PC. It requires a functioning bootloader in your boot disk image. Without one, you won’t boot. Fixing this, and using a kernel with the proper support, are the two main obstacles in migrating a machine from EC2 to GCE.

Let’s get started.

On EC2:

  • Snapshot your system before you do anything else. If you’re paranoid, create the snapshot while your system isn’t running.
  • Install a recent kernel. The Ubuntu 12.04 LTS kernel images don’t have the virtio SCSI driver needed by GCE. I used HPA’s 3.13.11 generic kernel. (These days it isn’t necessary to use a “virtual” kernel image. The generic ones have all the paravirtualized drivers and Xen/KVM guest support.)
  • Make sure your EC2 system still boots! If it doesn’t boot on EC2, it won’t do much good on GCE.


  • Create and boot a new (temporary) instance on GCE using one of their existing distribution bundles.
  • Create a new volume large enough to receive the boot volume you have at EC2, and attach it to your temporary instance.
  • Create an MBR partition table on the target volume, partition it, and create a root filesystem.
  • Mount your new filesystem.

On EC2:

  • Copy data to your new GCE filesystem. Use any method you like; consider creating a volume on EC2 from the snapshot you just created and using that as your source. That will make sure you copy device nodes and other junk you might overlook otherwise. Remember to use a method that preserves hard links, sparse files, extended attributes, ACL’s, and so on.


  • Verify you received your data on your target volume and everything looks OK.
  • Bind-mount /proc and /dev into your target volume and chroot into it.
  • Install grub2 and grub-pc (Or whatever provides grub2 on your distribution.)
  • Remove any legacy grub ec2 packages you might have.
  • Remove /boot/grub/menu.lst
  • Add and edit the following in /etc/default/grub:
GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,38400n8 ro root=LABEL=(your root fs label)"
GRUB_SERIAL_COMMAND="serial --speed=38400 --unit=0 --word=8 --parity=no --stop=1"
  • Run update-grub
  • Install grub onto your new volume (probably grub-install /dev/sdb).
  • Edit your fstab to disable any other disks you haven’t migrated over
  • Edit the hostname (/etc/hostname)
  • Edit /etc/resolv.conf to use a valid resolver
  • Uninstall any ec2-specific software packages.
  • Exit the chroot
  • Un-mount the bind mounts and target fs
  • Detach the target fs
  • Create a new GCE instance using the target fs, and boot!
  • If it boots, destroy your temporary instance. If it doesn’t, re-attach the target disk to it and see what went wrong.

These are the minimum changes required to boot the image on GCE. You’ll still want to clean things up and make changes according to Google’s suggestions.


Check the serial console output. Is the kernel starting?

... KVM messages omitted ...
Booting from Hard Disk...
Booting from 0000:7c00
[    0.000000] Initializing cgroup subsys cpuset
[    0.000000] Initializing cgroup subsys cpu
[    0.000000] Initializing cgroup subsys cpuacct
[    0.000000] Linux version 3.14.3-031403-generic (apw@gomeisa) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #201405061153 SMP Tue May 6 15:54:50 UTC 2014

If you don’t see anything after “Booting from 0000:7c00″ then you haven’t installed GRUB properly.

If the kernel starts but the root filesystem doesn’t mount, make sure you see the root disk being detected. Make sure the root disk label is properly set in the filesystem and the GRUB configuration.

Please help me improve this post. Leave a comment below!

Secure browsing on open Wi-Fi hotspots

I frequently connect to insecure Wi-Fi networks on my iOS devices and my Mac. Aside from the risk of eavesdropping and malware when connecting to these hotspots, they frequently block access to services, insert advertisements in web pages, or worse.

To work around these problems, I’ve tried numerous virtual private network (VPN) services. My experience with most of them has been awful. They tend to connect slowly or not at all, and I frequently can’t access anything on the Internet once the VPN connection is made. Many services don’t offer automatic connections, particularly on iOS. The software tends to be clunky and confusing.

Cloak VPN is an exception. I’ve been using Cloak for several months, and it’s been rock solid. It’s also affordable, at $3/mo for 5GB of data transfer or $10 for unlimited transfer. If you don’t want a subscription, Cloak also offers the ability to buy non-renewing, unlimited passes for a week, a month, or a year.

Cloak automatically detects when you’re connecting to insecure Wi-Fi and protects your connection. One account can be used to protect all your computers and iDevices.

Cloak released version 2.0 today for iOS, which is a significant upgrade. You can now identify trusted networks, such as your home or cellular network, and Cloak will stay out of the way when you use those networks. This means you can set it up and pretty much forget about it. (Cloak for Mac already offers this capability.)

Like any VPN, using Cloak can cause issues. Cloaked connections are sometimes misidentified by servers as coming from a “bot” instead of a human. This isn’t Cloak’s fault, but a consequence of well-intentioned but misguided system administrators. Some sites won’t let you connect at all, while others, such as Wells Fargo, may ask an extra question when you sign in.

With a few clicks or taps, you can disable Cloak and connect to problem sites. In practice, I’ve only found one or two websites that were completely blocked while using Cloak. I’ve also had outgoing iMessages get blocked sporadically. In all, the issues have been minor, and far outweighed by the benefits of the service.

Cloak has very responsive customer service and is sometimes able to work around blocks by re-routing traffic for certain websites.

I highly encourage you to learn more about Cloak and get started with a free 30-day trial. You don’t need to hand over a credit card to get stared.

Cloak provides small data kickbacks to users who tout them on Twitter. I don’t spam my followers so that I can get free stuff. I’m posting this because I rely on Cloak, and I think everyone should check it out.

On making good coffee

A couple of years ago, I was inspired to improve my diet. As part of that, I started drinking my coffee black. As someone who formerly drank coffee with lots of artificial sweetener and non-dairy “creamer” or milk, it came as a surprise that the switch was pretty easy. I got used to black coffee in a week or two and haven’t looked back. I’ve since discovered that coffee with any kind of creamer or sweetener has now become completely unpalatable.

Drinking black coffee has also given me an appreciation for good coffee. French presses can make pretty good coffee. A talented barista can make a good Caffè Americano. Most drip machines do not make good coffee. Pod machines suck.

I once bought a high-end Tassimo pod machine for home use based on its technical merits. It’s a fine system on paper; Bar-coded pods have customized brew profiles, automatically controlling variables such as temperature, pressure, pre-infusion time, brew time, and water volume. There’s a flow-through heater that doesn’t require pre-heating. The machine is wonderfully consistent. The coffee sucks, though. The pods are too expensive and the only “flavor” we ever really found acceptable (and only just) has been discontinued. I can’t recall the last time I used the Tassimo machine.

A few months ago, I bought an Aeropress. It looks more like a torture device than a coffee brewer, but it can make an amazing cup of coffee. The 3,000+ 5-star reviews (4.7 average) on Amazon are not wrong. The first cup of coffee I made with my Aeropress was an eye-opener: Not only was it smooth, it was rich. It had astounding depth of flavor and complexity. You’ve seen coffee like this in TV advertising (oh, Pierre!), but this Aeropress coffee is real. One cup from this plastic wonder made me abandon my drip machine. If I had to pick one thing that I don’t like about it, it’s that I can only make a mug or two worth of joe at a time. It’s no good for parties.

Using the Aeropress is easy. You put a small paper filter in the filter cap, screw it onto a plastic cylinder, and place that over a coffee mug. I like to pre-wet the filter. Put in a measured amount of ground coffee (measuring device included), and fill with hot water up to the indicated mark. Stir for 10 seconds. Insert the plunger and press.

A surprising aspect of the Aeropress is that it’s effortless to clean. It mostly cleans itself while you use it. After pressing, remove the filter cap and eject the puck of spent coffee into the trash. A quick rinse and a wipe afterward is all it requires. It’s much easier to clean up than any other coffee machine or French press I’ve had. This aspect alone makes up for any additional effort required up front.

Some tips for successful Aeropressing:

Water temperature matters! Aerobie suggests 175 degrees Fahrenheit, and that’s a good starting point. With the full immersion brewing and pressure at work, traditional brewing temperatures (195-205 F) are usually too hot. Experiment with this variable to find what works best for your particular roast and your own tastes. An instant-read thermometer is essential. I eventually purchased a PID-controlled kettle to save time in the mornings.

Dilute the coffee from the Aeropress with 50-60% hot water. The stuff from the press is strongly concentrated. It’s good; I find it quite enjoyable that way, but if you want something that resembles drip coffee or an Americano, you’ll need to water it down.

Grind matters, but here it matters less than for other types of brewing. You want to shoot for a grind slightly finer than you’d use to make drip coffee. Folks claim you don’t need a great grinder with the Aeropress, and to an extent, that’s true. You’ll get better results with a whirring-blade grinder and an Aeropress than you will with that grinder combined with any other brewing method. A burr grinder is better; The consistency will allow you to control the force required to press the water through the grounds. Ideally, it shouldn’t be difficult to press, and you should be able to press the water through in 20-30 seconds.

If you’re making coffee for two people, press the brew into a measuring cup, then fill with hot water around 14-16 oz, stir, and pour into two mugs.

If you like a bolder cup, consider getting one of the many metal filters available for the Aeropress. I have an Abel Disk-Fine, and I find that it can really improve some coffees.

Use Dropbox to host public files on your own domain name

I’ve been using a Dropbox public folder and some Apache trickery to share files directly from Dropbox on my own domain at Dropbox is drag-and-drop file sharing at its finest, and by sharing my files on instead of on, my files are accessible to corporate folks who would otherwise find themselves blocked by an over-zealous web filter. Last but not least, if one of my files becomes too popular, Dropbox won’t shut down my account.

product logos

Dropbox doesn’t offer a custom hosting service, so I had to build it. I already have an Apache server, so I created a new virtual host and added some reverse proxy magic. I set up my virtual host as the origin server for the Amazon CloudFront content distribution network, ensuring a minimal load on my own server and the ability to handle virtually unlimited amounts of traffic.

Here’s a recipe for Apache 2.2, mod_proxy, and mod_rewrite:

DirectoryIndex disabled

ProxyRequests off

RewriteEngine on
RewriteRule ^/(.*)$1 [P,L]
ProxyPassReverse /

Header unset cache-control
Header unset Pragma
Header merge cache-control max-age=3600
Header merge cache-control must-revalidate
RequestHeader set User-Agent Mozilla

The cache-control settings dictate that CloudFront should cache my content for an hour (3600 seconds). CloudFront currently ignores the specified max-age for 404 results, instead preferring to cache them for about 10 minutes. I’d prefer a shorter lifetime for failed requests, but that’s not easy with Apache 2.2; With 2.4, it’s do-able.

The requesting User-Agent override is necessary because Dropbox blocks requests from the Amazon CloudFront User-Agent.

Using mod_rewrite makes it possible to host overlapping content outside of Dropbox. If it exists on the server, it gets served locally; If it’s missing, Apache tries to fetch it from Dropbox. I locally host the favicon, robots.txt, a 404 handler, and a couple of other things.

If you want to use your own 404 handler, you’ll need this:

ProxyErrorOverride On
ErrorDocument 404 /path/to/404.html

Before you deploy something like this, carefully consider the security implications and make the necessary adjustments. Do you want PHP code in a Dropbox folder running on your server?

Dropbox public folders are not available to users who signed up for Dropbox after July 31, 2012.

Opendiag OBD-II Schematics & PCB Layout

oshw-logo-100-pxBack in 2000 I created some open-source hardware: An RS-232 to OBD-II interface. I’m posting the details of that project here so that I can shut down my old website. I’m no longer interested in this project, but it gets a surprising amount of traffic every day. I wanted to make sure it’s still available here in case anyone wants it.

By now there are undoubtedly far better approaches for connecting computers to cars, so please keep in mind that this information hasn’t been updated since 2002.

PCB logo

This page contains plans to build a device to interface RS-232 (a laptop computer) to the ISO9141-2 / ISO14230 / SAE J1962 (OBD-II) diagnostic connector on many Volkswagen, Audi, Seat, Skoda, and Subaru automobiles. It should also work on many pre-OBD-II models. It has been tested on my two vehicles, a 1998 VW GTI 8v and a 1998 VW Passat GLS.

Please note that this page does not contain software. Free software was a goal of the Freediag project. Commercial software is also available which works with this interface.

Please don’t email me questions about this project.

This document is viewed by hundreds of people a day. It has helped thousands build the interface described here. The information presented here is as complete and accurate as necessary for a person of sufficient skill to build their own interface. If you require help, please seek it from a discussion group or your local electronics guru. I lack the time (and often, the ability) to answer questions. Thanks for your understanding.

Here is a parts list for Digi-Key:

Item Qty Part Number Description Application
2 2 2N3904-ND NPN SML SIG G.P. AMP&SWITCH TO92 T1 & T2
4 10 1.0KQBK-ND 1.0K OHM 1/4W 5% CARBON FILM RES R1,R2,R5,R6,R7,R9
5 5 1.5KQBK-ND 1.5K OHM 1/4W 5% CARBON FILM RES R3
7 5 150KQBK-ND 150K OHM 1/4W 5% CARBON FILM RES R8
9 1 A23279-ND 09 MSFL PLUG RA 318 (SL,FM,BL) DB9 MALE
10 1 A23305-ND 09 MSFL RCPT RA 318 (SL,FM,BL) DB9 FEMALE

On 5/21/2002, the cost of these parts was US$8.33, plus a $5 handling fee and shipping charges. You can get other parts, such as perf board, etc., at Fry’s or maybe Radio Shack. I do not sell any parts. You need to get them from an electronics distributor such as Digi-Key.

Frequently Asked Questions & Answers:

Question Answer
Will this device work with my car? If your car supports VAG, ISO9141-2 or ISO14230, it should work. That includes cars sold by Volkswagen, Audi, Seat, Skoda, and Subaru (1996+). Most vehicles sold by Ford, GM, or Chrysler are not electrically compatible with this interface.More information on OBD-II and ISO standards can be found here.Many newer cars (model year 2001+) utilize two K-lines and this device only supports one. If you’d like to contribute a schematic or other information on how to support dual K-lines, please contact me. But don’t ask me — if you don’t see the information here, I don’t have it. Thanks!
Do you sell these things? No. You can buy a complete hardware and software package from Ross-Tech at a very reasonable price.
What kind of capacitor should I use? It isn’t critical. If you use a polarized capacitor, make sure you get the polarity correct. (You should be able to figure that out yourself.)
Does it really work? Yes, hundreds of people have built this thing, and it works. I suggest you replace the 140k resistor with a 150k resistor for the best results, however.
I can’t find the NEC 2501-3. What should I use? There is no such thing as a 2501-3. I’ve simply stuck three 2501-1‘s together and called it a 2501-3.In North America, you can easily find the NTE NTE-3098 (Compatibility confirmed by Dale Kirstein). Fry’s Electronics carries NTE parts.You can also try the Infineon SFH615-A2 (Compatibility confirmed by Nigel Middleton)
My OBD-II (J1962) connector only has electrical contacts in pin positions 4, 5, 7 and 16. Why is pin 15 (L-line) missing? Not every car has an L-line connection. If yours doesn’t, don’t worry. This circuit will still work.
My OBD-II connector has a contact for pin 4 (or pin 5) but not both. I suggest you connect the two ground pins together on the circuit board. Some cars only provide one of the ground connections.
Is free software available? Yes, but it hasn’t been updated since 2003. Check out Freediag for more information.The Opendiag discussion group at Yahoo Groups is another resource.Ross-Tech seems to have discontinued their free version of VAG-COM.
How do I make a circuit board? I have written a basic guide that explains how built the board in the photos. These days I use cheap PCB manufacturers in Malaysia and China. A few can even accept EAGLE files directly.
I’m interested in writing software. Where can I find technical documentation on OBD-II online? You probably want a copy of HS-3000 from the Society of Automotive Engineers. The cost is around US$240 (in 2009).
My computer doesn’t have a serial port. The Keyspan USA-19HS is an excellent USB to Serial (RS-232) adapter for this application. Be aware that most other USB to Serial adapters will give you lots of trouble with this circuit. You have been warned.
I have another question that you haven’t answered here. Please look elsewhere on the internet, or ask your friendly local electronics guru.
Thanks for sharing. How can I express my gratitude? Send me a postcard:Jeff Noxon
1139 Rutland St
Houston, TX 77008 USA


Here are some pictures of my first assembled prototype.

This is an early prototype. The jumper wires on the bottom are not necessary with the current board layout.

Top of prototypeBottom of prototype


This is the artwork used in the latest revision of the board. It is a single-layer design. If you plan to etch your own board, use the Postscript or PDF files in the files section for greater accuracy.

Low-res of the PCB artwork

This picture shows component values and placement. Note that the 2501-3 is actually three NEC 2501-1 optoisolators. The Digi-Key part number is PS2501-1-ND.

Diagram showing component placement on the top of the PCB

Part Substitutions

The following parts are suitable replacements:

  • NEC 2501 Optoisolator: Infineon SFH615-A2 (Thanks: Nigel Middleton) or NTE NTE-3098 (Thanks: Dale Kirstein)
  • 2N3904 Transistor: NTE NTE-123AP (Thanks: Dale Kirstein)

These substitutions have been used by others who have built this device.


The files linked below and the images on this page (also referred to as “software”) are Copyright © 2000 Jeff Noxon, and are distributed under the terms of the GNU Public License. By downloading these files you agree to the terms of the license.

The GPL license has been chosen for two reasons. First, the documentation necessary to make this project possible was released to the public under open terms. Second, I have spent a great deal of time on this project. Any commercial vendor who sells this device (or one derived from these files) is obligated under the license to provide the schematics and/or board layout to their customers.

Files / Downloads

COPYING.TXT – License agreement for all files – IMPORTANT
ISO_B1.PS – Board layout, revision B1, Postscript
ISO_B1_LJET.PCL – Board layout, revision B1, PCL, 300dpi, HP LaserJet
ISO_B1_LJET4.PCL – Board layout, revision B1, PCL, 600dpi, HP LaserJet 4+
ISO_B1.PDF – Board layout, revision B1, PDF (for Adobe Acrobat Reader)
SCHEMATIC_B1.PDF – Schematic (PDF Format)
ISO_B1.SCH – Schematic (EAGLE Format)
ISO_B1.BRD – Board Layout (EAGLE Format)

OpenDiag – Aims to develop GPL’d software to use with this device. OpenDiag also provided the basis for this schematic.

B&B Electronics – Sells a rather expensive, but nice, SAE J1962 to DB9F cable compatible with this project. (Broken link, old SKU OBDIIJ1962 seems to be unavailable.)

Multiplex Engineering – Sells an alternative, much cheaper SAE J1962 to DB9F cable. See this e-mail for more information. I have not tried this cable. If you buy one and it works, please let me know!

Ross-Tech – Sells VAG-COM diagnostic software, which is compatible with this interface.

Cadsoft – Sells the Windows & Linux CAD software (EAGLE) used to develop the board.

Google Hangouts for iOS: Google Talk gets pushy

Since switching from Android to iOS, I’ve been looking for an instant messaging client that works well with Google Talk. Push notifications are essential for the “instant” part of instant messaging.

Unfortunately, most iOS Talk apps only have push capability until the application times out in the background (10 minutes); One client, Verbs IM Pro (App Store link), has server-based push notifications, but it times out after a week, and has some bugs and reliability issues. The developer hasn’t updated it for six months.

Google now offers a Hangouts app for iOS (App Store link), and it works very well. Most importantly, it has server-based push notifications that don’t time out. I’ve tested it by killing the app in the system tray. It’s really nice to have a way to keep in touch with friends without using SMS or iMessage, and it works well in conjunction with the built-in chat in Gmail and Google+.

If you want to use the new Hangouts app with a Google Apps account, your administrator will have to enable it for your domain first. Here’s the Google support article. Eventually, Google Talk will go away, so this is an early opt-in.

It’s unfortunate that Google ditched the standards-based XMPP protocol used by Talk. I’m not sure what this means for the future of third-party IM clients. If iMessage is anything to go by, there may never be any.