Powershell DPAPI Script

technology 2018-01-05
I am writing a backup script which is supposed to backup data to a remote server, encrypted, and run as a scheduled task on a Windows machine. If you want all of that, you will have to store the encryption key somewhere. Instead of storing the password in plaintext, I had the idea to use the [Data Protection API]. Initially worried that I might have to write a wrapper for [CryptProtectData] myself, I quickly found the decent looking github project [DPAPIbridge]. Ultimately however, I figured out that Powershell can do all things. Presenting vault.ps1: 
Param(
  [string] $StoreSecret,
  [Parameter(Mandatory=$True,Position=0)]
  [string] $filename )
[void] [Reflection.Assembly]::LoadWithPartialName("System.Security")
$scope = [System.Security.Cryptography.DataProtectionScope]::CurrentUser
if ($StoreSecret -eq "") {
  $data = Get-Content $filename
  $ciphertext = [System.Convert]::FromBase64String($data)
  $plaintext = [System.Security.Cryptography.ProtectedData]::Unprotect(
    $ciphertext, $null, $scope )
  [System.Text.UTF8Encoding]::UTF8.GetString($plaintext)
} else {
  $plaintext = [System.Text.UTF8Encoding]::UTF8.GetBytes($StoreSecret)
  $ciphertext = [System.Security.Cryptography.ProtectedData]::Protect(
    $plaintext, $null, $scope )  
  [System.Convert]::ToBase64String($ciphertext) > $filename
}
This script can be run as vault.ps1 [-StoreSecret SECRET] FILE. If the optional argument is present, it will store a protected blob containing SECRET in FILE, otherwise it will read a blob of protected data from FILE and print the enclosed secret string. [DPAPIbridge]: https://github.com/vincepare/DPAPIbridge [Data Protection API]: https://msdn.microsoft.com/en-us/library/ms995355.aspx [CryptProtectData]: https://msdn.microsoft.com/de-de/library/windows/desktop/aa380261(v=vs.85).aspx [Borg]: https://borgbackup.readthedocs.io/en/1.1.2/usage/general.html?highlight=borg_passcommand#environment-variables

Simple WordPress Update Script

code, technology 2014-08-07
I need to update this wordpress install every once in a while. There are lots of bash scripts on the internet that perform this task, and they are complicated beyond reason. This is what I use: 
function cfg {  
    grep $2 $1/wp-config.php | awk 'BEGIN {FS="[, )\x27]*"}; {print $3;}'
}

echo "> backing up database."
mysqldump --user=$(cfg $1 DB_USER) \
          --password=$(cfg $1 DB_PASSWORD)  \
          --host=$(cfg $1 DB_HOST)          \
          $(cfg $1 DB_NAME) > backup.database.sql

echo "> backing up website."
tar -cjf backup.files.bz2 $1
    
echo "> retrieving latest wordpress."
wget -q https://wordpress.org/latest.zip
unzip -qq latest.zip

echo "> updating wordpress."
rm -r $1/wp-includes $1/wp-admin
cp -r wordpress/* $1/

echo "> cleaning up."
rm -r wordpress
rm latest.zip
It takes a single argument, which is the name of your wordpress root directory. It backups your database to the file backup.database.sql and backups the files to backup.files.bz2, then it simply proceeds as described in the wordpress codex for updating manual. I do not see what all the fuzz is about.

Incremental Backups with RSYNC in Windows

productivity, technology 2014-01-31
I was pointed to the cool rsync-backup script which uses cygwin's rsync and hardlinks in NTFS to provide a method for incremental backups which is probably the best I have seen so far. Basically, the effect is as follows: Whenever you backup your data to the backup location (which is somewhere on an NTFS drive), the only actual data that will be copied is for the files that have changed since the last backup. Nevertheless, there will be a new folder in your backup location which contains all files and folders you just backed up. Just: Those that did not change have not been copied, they have just been hardlinked to the old files instead. Now here comes the best part: The actual contents of a file with more than one hardlink to it are deleted only after the last link to it has been removed. Thus, you can delete old backups and the only data that will actually be deleted is the old data, the data that changed in later backups. Now, I modified the script slightly to better suit my needs. First of all, I only back up a single folder. If you want to backup multiple folders to a single location, move along. This is not for you. Use the original rsync-backup if you wish. Mine is different. Do you want to know more?

Import & Export Cygwin List of installed Packages

technology
If you want to go from 32 to 64 bit [Cygwin](http://www.cygwin.com) but keep all the packages ((At least those that are available.)), you might find yourself in a spot where you would like to export the list of cygwin packages and also be able to install cygwin with all these packages again. I will tell you how. Open your Cygwin shell and enter 
grep " 1$" /etc/setup/installed.db | awk '{print $1}' > packagelist
This will dump a list of all *selected* packages and is the kind contribution of Yamakuzure-san. Earlier, I had proposed the following command: 
cygcheck -c -d | sed -e "1,2d" -e 's/ .*$//' > packagelist
which will simply dump a list of *installed* packages, including all the dependencies (possibly cluttering up your cygwin backup file). In the comments below you'll see that my command worked better in one case. If you decide to try both, leave a comment about how they performed for you. To install Cygwin 64 from such a package file, download [setup-x86_64](http://cygwin.com/setup-x86_64.exe). Of course, this will also work with the old [setup-x86.exe](http://cygwin.com/setup-x86.exe) if you are reading this just for the sake backing up your cygwin install configuration. Execute the installer with the command line parameters 
./setup-x86_64 -P `awk 'NR==1{printf $1}{printf ",%s", $1}' packagelist`
The **awk** command reads your file and turns it into a comma-separated list, then this string is passed as the argument to the **-P** option of the installer. It may not be documented with great detail in the [Cygwin installer command-line options](http://cygwin.com/faq/faq.html#faq.setup.cli), but CSV is exactly what the **-P** option expects. Since you might want to use **cygcheck** to backup your cygwin-install, you might not have **awk** and a bash shell at your disposal at the time of install. However, you should certainly have some kind of python installed already. Here is a python script that will read your packages correctly and install cygwin with them selected: 
from urllib import request
import sys, getopt, subprocess
build = 'x86'
packagefile = 'packagelist'
opts, args = getopt.getopt(sys.argv[1:],'',['64','packages='])
for o,a in opts:
    if o == '--64': build = 'x86_64'
    if o == '--packages':
        packagefile = a
setupfile = "setup-%s.exe" % build
packages = ','.join([ x.strip() for x in open(packagefile).readlines()])
r = request.urlopen("http://cygwin.com/%s" % setupfile)
open(setupfile,'wb').write(r.read())
subprocess.call([setupfile, '-P', packages ])
In fact, it first downloads the current setup executable from the cygwin server and then launches it. It accepts the option --64 to install 64 bit cygwin and the option --packages=packagelist to select a file with a list of packages.

Synchronize Droid and Thunderbird Contacts

technology 2014-01-29
I've had an Android phone for quite some time now. I do not want to give *anyone* my personal contacts. However, I want to synchronize my contacts across devices. So I used the *MyPhoneExplorer* to manually sync my contacts between the phone and all my three clients. Since this is a pain in the ass, I was looking for an alternate solution. Do you want to know how I did it?
Authors have copyrights. People say these things in footers.
All Hail the Great Yawgmoth, Father of Machines.