Google Domains Exits Beta... And Promptly Gets Divested!

Google Domains is on its way to the Google Graveyard, not long out of it's long "Beta" period. DNS is a pretty generic service, I didn't think Google's was the cheapest even but it had some easy tie-ins for other products (sites, blogger, etc). But looking at SquareSpace Domains pricing, it looks like it's going to be a price increase for less functionality so I will end up transferring it. We've changed DNS providers a couple of times so once this goes ahead, I will set that up... Probably with Hover because they're an old hand on the Internet (née Tucows), they're Canadian, they sponsor my favourite podcast Grumpy Old Geeks, and pricing is better than SquareSpace Domains. 

More on that transfer once that comes. 

Ciao 

Dom617b

Autofs with SMB

 "autofs" software for Ubuntu and other Linux systems mounts file systems and network shares on demand and there are a couple key benefits to using autofs compared to fstab and other methods and I've posted before about Autofs and a couple tricks with NFS shares. 

• File share does not have to be available on boot so faster boot times and fewer failures after restart
• File share is unmounted when not in use reducing system resources on client and server side
• Consistent abstraction of mounts is easier to maintain across systems

Giant caveat that Linux does not segregate permissions once a share is mounted. This is fine for single-user systems and also fine where systems are un-attended (i.e. servers) but really a big problem on multi-user systems that user a and user b can both access share Z once it is mounted and it is as the connected user.

The Ubuntu standard "autofs" package includes an "auto.smb" which dynamically configures the shares in most cases so long as credentials are available and some basic pre-work is done. This should work for generic needs but for file share specific configurations use the auto.misc instead

Required packages to work with SMB shares (i.e. on Windows) and mounting with the stock CIFS driver (i.e. same old driver in Linux).

 

    apt install autofs smbclient cifs-utils

 

The auto.smb file itself doesn't have to be configured, if you look in the file it advises what configuration to add to "auto.master" and how to setup credentials.

 

    # edit /etc/auto.master and add this line

    /cifs  /etc/auto.smb --timeout=300

 

    # create /etc/creds with restricted permissions

    sudo mkdir -m 700 /etc/creds

    # edit a file with the server name like /etc/creds/MYNAS

    username=myuser

    password=reallygoodpassword

 

    # restart autofs

    sudo systemctl restart autofs

 

As any user you should be able to list shares and access contents of any available share the configured user has access to.

    # shows all shares on the server (not hidden ones)

    ls /cifs/MYNAS

    # access files as normal within a share

    ls /cifs/MYNAS/MyShare

 

If file shares or the contents do not appear, check "mount" and system logs for hints what may be wrong. Biggest caveat I had had was that cifs-utils really are required and I'm pretty sure smbutils as well - out of the box autofs with the stock system drivers and packages may have been able to do SMB1 but SMB1 should be disabled on any file servers so yeah, need to get "cifs-utils" package which includes tools to work with the newer SMB2 and SMB3 protocols. 

Another Round?

 We eventually saw Google change their tack with The Return of the Google Apps Free Accounts. It was pretty unnerving to lose services which had been free for over a decade. Really the services are free anyhow: Email in Gmail, custom domains in Google DNS, cloud storage in Drive, basic web hosting in Sites and Blogger. Why wasn't there are a better migration tool? Google has been eroding the GA free for years and all we really needed was a migration tool to get like 80% migrated to Gmail etc and this push could have been more successful. But then again, how many users signed up for GA a decade ago and are still using it? I know we're free-loaders but really the "free" services are doing for Google what they're supposed to: Get users hooked on Google's suite of services.

</rant>

Dom617b

The Party For Grandfathers' Free Google Apps Is Over

With the end of Google Apps free accounts I've been looking at what services end up where and Google is pretty well covering personal use with maybe a few asterisks particularly around email.

TL;DR 

Setup Email Forwarding in Google Domains by adding up to 100 email aliases.

Send an email from your alias in Gmail

1. Generate your app password
2. Add an email alias
3. Confirm the address
4. Change the "From" address
5. Optionally set this address as default sending address once confirmed.

Use Google Sites or Blogger and add custom URLs and they will generate the DNS entries as needed.

<Rant>

Google Domains "is out of Beta" ... Uh what? I've been using Google Domains for a few years already and didn't realise it was a "Beta". It did mean they sent out promo codes to all their existing "beta" customers so we can get 20-30% off their regular price registrations

I took the opportunity to register a test domain to test out some of the changes for when the GA free accounts go away shortly. As far as DNS registration and hosting goes it's a pretty good offering. Not the cheapest, but does include WHOIS privacy, integration with website services, and up to 100 email addresses forwarded for free.

The website services is a handy integration including with free services both on Google Sites and on Blogger (i.e. this site). It automatically creates DNS records when you create custom domain. Maybe it's more intuitive for a lay person than an IT pro because on Blogger you click the option for "custom domain" and type in whatever you want and if it's in a domain under your account it just registers it? I guess? Not clear it doesn't tell you a lot which is maybe point - it's all very easy.

Email I was really struggling with because there seem to be a lot of variables. We're using plain old Gmail account and there's two parts to deal with custom domains: receiving and sending. The receiving side is simple - add an alias in Google Domains (or 100) and you're done. 

Sending is far more complicated which I chalk up to "we can't have nice things". In Gmail you can add an alias with another Gmail account and that setup is pretty easy "mymail1@gmail.com" can be added in your settings as an alias for "mymail2@gmail.com". To use an alias with a custom domain you have to give a mail server and you can use the Gmail SMTP but you need an app password. And you can only use an app password if you have 2FA on your account. And if you don't have 2FA you can use "less secure authentication". But that's a feature apparently getting dropped soon so if we follow all the caveats, it means you have to use 2FA and app passwords. There's Google docs all over the place - the above link in the TLDR I think has the necessary info. 

Compared to how easy it is to do one Gmail address as an alias for another this was a bit mind boggling to go through. I get it - Google wants to sell as many Workspace accounts as they can, and lots of other options just don't work in the 21st century because we ruined the Internet and Email with so much spam. 

Other options to consider 1) use a real mail client like Thunderbird and you should be able to specify your email and this is fine if you do this already or only infrequently care about sending as your custom email address 2) use own mail servers heck even Synology has apps to run mail services but still its pretty rubbish to deal with backups, certificates, spam blacklisting, etc. 3) pony up for Workspace which if this is work related its pretty cheap - but that's a bit silly for personal use (even Zoho and others). 

</Rant> 

If you made it this far you're either brave for reading that rant or clever for skipping it :) 

Ciao

Dom617b

Restoring from Gmail Backup

 Migrating to a new Gmail email account is a lot easier using Google Takeout this Thurderbird Add-on ImportExportTools NG. I have been splitting up my email accounts so that I have several distinct accounts - more on that below. The gist was that in the past I was forwarding all mail into one account which I'm no longer doing but now I want to move all that old mail, ~30,000 emails, into a different mailbox. Recommendations online were to connect Thunderbird to the two accounts and move messages in batches but in practice Gmail times out these connections very quickly and the batches are way too small. Instead I ended up exporting my email and importing it - why Google does not offer an import of the format in which they export boggles the mind, and while it's possible I've simply missed proper screen where this can be done, somehow I think not. This seems to be one of those things that is easy enough, but not obvious and took a bit of searching. 

The easiest process I found was to use the ImportExportTools Add-on:

1. Spring cleaning time of your old email! Newsletters and automated notifications that were being filtered to a folder go 💥, gone.
2. Go to Google Takeout and export mail. This produces a ZIP file which you can extract and there is a single large MBOX format file
3. Install  Thurderbird and the ImportExportTools NG add-on
4. Import the MBOX as a local folder with ImportExportTools
• 
5. Re-Export the email from local folder to a directory of EML files with ImportExportTools
• 
6. Connect Thunderbird to your new email account
7. Import with ImportExportTools "all messages from a directory" and import into your "All Mail" folder
• 
8. Wait.  ... Wait ... Ponder if you should have done more aggressive cleaning... And wait. My mailbox I think it ran at least 3 hours? Not sure, but a lot time, many hours.
9. Tada! Go into your Gmail account and try a few searches and see if you got everything you expected.

This ImportExportTools is generic enough you could use it for any sort of mail service and I think I could have done the initial export with it instead of Google Takeout thus saving a couple steps. My confidence isn't that high that 100% of the email was coming across with the connection timeouts so I would kind of suggest sticking with Google Takeout to get the mail and go through the extra steps and also having the Takeout as a backup is a good idea regardless.

Really this stemmed from wanting to split from One Mailbox To Rule Them All, which I already was moving away from. I'm working with 4 mailboxes now.

A personal email address which I really only use with other people; friends, family,  like actual humans. Mostly, a couple exceptions but so few as to be trivial. This is on thenibble.org domain and I have a handful of aliases (yay for grand-fathered free Google Apps account).

A general email address I use for most everything - online services, loyalty points programs, emailing with contractors, the bank, etc. Some people call this a "personal assistant" in that it's handling everything outside your most personal emails. A lot of my other mailboxes forward into this one. This is where I wanted to move all the mail.

A junk email address particularly to get to websites where they require an email or registration to access whatever specific thing that I need and is probably a one-off and I really don't want to hear from them again. Basically any email into this mailbox, I flag the sender as Spam so it stays pretty clean but it is functional enough to pass a registration. Some people like using 10 Minute Mail or similar.

A second "personal assistant" email address but for the household. My wife and I sign up for Spotify - goes on the household mailbox. Also, fun spy-craft tip: you can use this as a secret message drop by writing a DRAFT email which is then read by the other person and then deleted. This way the message never went through all the delivery servers so there's no logs of it and there won't be multiple copies of it.

Ciao

Dom617b

Some Bits to Remember About Synology Standard Operating Procedures

Since running the Synology at home for a while now, there's a few things that I wanted to note which aren't really intuitive and I don't do often enough to remember. 

Encrypted folders are setup in a couple ways which I touched on in Home NAS Encryption 

One uses a key file stored on a removable USB drive. I have it setup to mount automatically so that's okay... But I used a really old USB key because obviously I didn't need an 32GB key to store a 32KB file but it's flaky so sometimes the USB key isn't available and it doesn't mount until I wiggle the key and re-mount.

Second uses a passphrase so there's no way to mount automatically and whenever I reboot like after a DSM update I have to go back in.

To mount the encrypted share manually, whatever the case it isn't mounted automatically, it is found in control panel.

1. Open Control Panel
2. Navigate to Shared Folder
3. Select the share with the closed lock
4. Encryption menu
5. Mount
6. Provide passphrase (if applicable)

The other part of the S.O.P. is updating the DSM and package software, i.e. the most common cause for reboot :) It's all been really smooth so I try to do it all the time.

DSM 7.0 was released a little while ago and I left the major version upgrade just so that I wasn't among the earliest adopters. Ran the upgrade today and it was seamless so far and Synology provided some clear prompts on cleanup items like removing obsolete packages (like Python now part of DSM).

Ciao!

Dom617b

Now Certified

Passed my Microsoft Azure Fundamentals certification this week and this is my first Microsoft exam. My primary resource was Microsoft Learn where there is a lot of material broken up into 30-60 minute lessons including some labs. Also used the practice tests and did those many times before writing the cert exam itself.