Manage Your eBooks with Calibre

We all hoard data in one way or another. Some of us have loads of music and some of us have loads of movies. It all began when personal computing became affordable and all of us got to play with these virtual packets of data called files. Then came the Internet and the Napster era — MP3 files flowed in the thousands. That called for some serious media file management — what we now so effortlessly do (most of the time) using Rhythmbox, Amarok or iTunes (if you’re an Apple fan).

HTPC (Home Theatre Personal Computer) Operating Systems like MoviX or their software suite counterparts like XBMC (the XBox Media Center) allow management of not just music, but your videos, TV shows and online radio too. As data grows, it is only its swift management that keeps us from going mad and pulling our hair out, as those ones and zeroes flow in torrential fury.

Just when we thought the worst was behind us, good ol’ Murphy paid us another visit… and lo and behold, ebooks in volumes arrived. Add to it the cool convenience of ebook readers like the Kindle and the Nook, and you find yourself hoarding ebooks too! The question now arises: is there a (FOSS) way to manage all my ebooks? The answer is, “Yes, there is.”

Calibre is really neat. A cross-platform tool (yes, it does Windows and Mac too, besides Linux), it lets you manage ebooks of almost any format under the sun. It syncs up with almost all the popular ebook readers out there — and the cherry on the cake is that it can double up as a content-management server, allowing you to share your collection on your local network via a Web interface!

Installing Calibre

Let’s get started. Installation is pretty straightforward. If you are a Windows or a Mac user, it is a simple download-double-click-install process. If you’re a Linux user, there are two ways (both listed on the download page link on Calibre’s website ). These are:

1. Use the package provided by your distribution — not recommended, since it may not be updated regularly.
2. Manually perform a binary installation using the following command:

   sudo python -c "import urllib2; exec urllib2.urlopen('http://status.calibre-ebook.com/linux_installer').read(); main()"

Using Calibre as a management tool

Start Calibre from the OS applications menu or by typing calibre in the run-command dialogue box or even in the terminal. You will be greeted with a first-start wizard, which asks you questions like which ebook reader you are using (if any) and where you want the library to reside. Completing the wizard brings up the main window (Figure 1).

 

Figure 1: Calibre Main Window

The Calibre main window consists of:

1. The main toolbar
2. The Category pane on the left
3. The ebook listing pane in the centre
4. The ebook cover preview pane on the right

All primary functions like adding ebooks, converting and viewing them, is done via the main toolbar. The Category pane allows us to control what we see in the listing pane. For example, if you want to see ebooks only from the “Chicken Soup for the Soul” series, you can do so by selecting that particular series name from the “Series” node in the tree that resides in the category pane. Clicking on a book brings up its cover preview, along with the author’s name, format and path in the preview pane.

Calibre has an inbuilt ebook reader that reads all formats. Double-clicking on a book opens it. You can also choose “View” from the main toolbar. Editing ebook meta-data is also very simple. Just select the book, click the field (example: “author”) and hit F2 — just like you would to rename a file. Edit the field and hit Enter to save the changes. The moment you make the change, Calibre will reorganise your library at the backend (i.e., it will automatically make changes to your library’s folder structure). Neat, isn’t it?

You may also tag and rate your titles, so that searching and sorting become cooler. Spend some time playing around, and I’m sure you would grow to like it a lot. I cannot imagine how I ever managed my ebook collection without this super tool.

The content server

It is not just local management that Calibre is good at. It is versatile enough to become a content server too! Let’s suppose you want to share your library on your network, so that you can read books on any PC that’s hooked up — or say you want to read them over Wi-Fi. Wouldn’t that be cool? It’s very easy to do this:

1. On the main toolbar, hit the “Connect/Share” button (Figure 2).
2. Select “Start Content Server”.
3. Wait a few moments, and the three blue orbs on the button will turn green (Figure 3) — this means that your content server is running.

 

Figure 2: The ‘Connect/Share’ feature

 

Figure 3: It’s green! Our server is up.

We can now access the library portal via the URL http://<hostname>:8080/. (Replace<hostname> with the IP address/hostname of the PC on which the Calibre server is running; 8080 is the default port on which the content server runs.) To access it from the same PC as the Calibre server, use http://localhost:8080/. The portal’s home page looks like what is shown in Figure 4. Now you can access your entire library over the network! Isn’t it cool?

 

Figure 4: The Calibre library portal

The best part about this software is that we can continue hoarding our ebooks, without worrying about searching through and manually organising them. Or, as they say, we can now “Tag ‘em and bag ‘em”. Calibre has saved the day.

TrueCrypt — Learn the Art of Encryption

When did you last feel that you ought to have secured that important file so nobody else could view it without your permission? Ever lost your pen drive with loads of family photos or important spreadsheets? Do you often worry that Big Brother may be watching your uploads to the cloud? If the answer to all those questions is a “Yes”, the solution is encryption!

Many commercial encryption products can protect files, folders and partitions. Probably the most discussed is “Bitlocker”, which is bundled free with MS Windows 7 Ultimate. And if you have ever wondered if there is open source encryption software — there is and it’s called TrueCrypt.

As mentioned on TrueCrypt.org, it is a software system to establish and maintain an on-the-fly-encrypted volume (data storage device). On-the-fly implies that data is automatically encrypted right before it is saved, and decrypted right after it is read, without user intervention. No data stored on an encrypted volume can be decrypted without the correct password/keyfile(s) or correct encryption keys. The entire file system is encrypted.

Files can be copied to and from a mounted TrueCrypt volume just like with any normal disk (for example, by simple drag-and-drop operations). The software works as expected, is simple, and has a GUI for ease of use. Apart from these properties, I would say that its most important feature is the security TrueCrypt offers. It’s so secure that even FBI hackers failed to recover data from TrueCrypt encrypted volumes. Surprised? Here are some more facts: it is available under the GPL, works on almost all operating systems, including Linux, Mac OS and MS Windows 2000, and later versions.

Continue reading at your own risk… you may soon fall in love with TrueCrypt!

The basics of encryption

So let’s take a quick look at the basics of encryption. Everybody knows what a password is, and how it operates. Anybody can visualize encryption key to be same as the password. However, technically, there are a few differences. Look at the following table for a comparison.

Password	Encryption key
Typically, a combination of a few characters to be entered before gaining access.	A combination of characters, generally slang or a pass-phrase or random character sequence required to decrypt the message.
Does not change the contents of the original resource.	Is used to actually change the data by using encryption techniques.
If lost, protection can typically be removed with ready-made tools such as spreadsheet and document password crackers/removers, to reveal the actual data.	It is practically impossible to retrieve (decrypt) data from an encrypted file unless the key is known. The only way is brute force, which can also be ineffective for a key with sufficient strength.

(Be careful — lose the encryption key, and you lose all the data!)

Basically, there are three encryption mechanisms: the symmetric key, asymmetric key and hashing. For this article, we need to understand two of them.

Symmetric key encryption converts data from clear text (original format) to cipher text (encrypted format) using an encryption algorithm and an encryption key. The same key is used to convert encrypted data back to clear text. To keep data safe, one must guard the key.

A hash algorithm is used on data to produce a unique value (a string of unique characters). If the same algorithm is used on modified data, the generated checksum differs, thus confirming the loss of original data integrity. One important property of the hash value is that it cannot be used to recreate the original data.

TrueCrypt uses both these functions: symmetric key encryption and a hash algorithm. Now, let’s understand more about TrueCrypt.

Installation

Download the latest stable version available, which is 7.1, for your OS. The basic installation is simple and straight forward; I will walk you through the steps for SuSE 11.1.

Untar the downloaded binaries and launch the setup. Proceed through various screens and complete the installation by accepting the license. The application browser will show the installed package.

Usage

Launch TrueCrypt, select a slot and click the Create Volume button to launch the volume creation wizard. After selecting Standard TrueCrypt Volume, enter the desired filename (DemoVolume), as shown in Figure 1.

Figure 1: TrueCrypt main screen and volume creation wizard

Next, select the location where you wish to create the volume. The next screen asks you to select the encryption and hash algorithms. (You may also select a combination of algorithms.) To estimate the encrypted file write speed, you may want to benchmark your system. The test machine had 49 and 51 MBps encryption and decryption speeds.

Select the desired encryption and hash algorithm, followed by the volume size, as required. To create DemoVolume, I chose AES encryption SHA-512 hash and the size of 10 MB. Continue and provide a strong pass-phrase (I used KhulJaSimSimkhuljasimsim), choose the filesystem type, and format the volume.

Mount this volume (see Figure 2) by selecting DemoVolume and entering the corresponding pass-phrase. The mounted volume will be accessible just like any other. Files can be copied to it with a file browser. Once data is copied, simply dismount this volume. Your data is now saved in a TrueCrypt encrypted volume file, which you can email, copy on a pen drive, or even synchronise with cloud-based storage services.

Figure 2: Mount volume

You can use this tool to encrypt complete partitions, a pen drive or any data storage device to secure your data, just like creating a new volume of the required size. Do use this utility, and let your friends know about it. Also, do consider making a donation to this fantastic project.

Block Outgoing Traffic

PCop has an inherent lacuna in a very important area — it does not filter outgoing traffic based on TCP/UDP ports, but allows all outbound traffic (from the Green to the Red zone) on all ports. “URL Filter” addresses the filtering of websites only. An interesting add-on for this functionality is “Block Outgoing Traffic”, also called BlockOutTraffic or simply BOT.

With this, IPCop can filter outbound traffic based on Green IP/MAC addresses, Internet IP addresses and various services (ports), offering granular control over outgoing traffic, to conform with corporate Internet access policies. To achieve this, BOT creates iptables rules via the Web-based GUI.

It enables IPCop to divide the Green network into groups based on their IP (or MAC) addresses. These groups are then configured to access only the desired services such as HTTP, FTP, telnet, SSH, DNS, etc., either singly or by forming service groups. Control can be further tightened by allowing the services or their groups only to required Internet
addresses.

The parameters of a typical request from the internal network to the Internet include:

• Source: the IP address and the MAC address
• Destination: the IP address and MAC address (that of the default gateway)
• Source: Port number (TCP or UDP)
• Destination: Services

BOT allows the administrator to configure various groups by different parameters, as elaborated in Table 1.

Group type	Group parameter
Internal computers (devices)	IP or MAC address
Destination	IP address
Services	Services required to access destination

Note that source port number is considered not effective for filtering outgoing traffic, since it is generated by the requesting device.

To establish the access policy, BOT creates iptables rules to allow various groups of internal devices to access various groups of Internet destinations using groups of services.

Now let’s configure a typical Internet access control scenario, to help understand BOT installation and configuration, which appears tricky only until you understand the underlying concept.

We assume the IPCop box was configured as in the previous articles, with TCP 445 for Web access, TCP 800 as proxy port, and the IP address192.168.51.254. Download the BOT binaries.

As explained in earlier articles, copy the BOT binaries to the IPCop box using SCP. (Remember that the non-standard IPCop SSH port is 222 TCP.)  Log on to the IPCop console locally or via SSH and untar the binaries and install BOT:

mkdir BOT mv ./BlockOutTraffic-3.0.0-GUI-b3.tar.gz ./BOT cd BOT tar -xzf BlockOutTraffic-3.0.0-GUI-b3.tar.gz ./setup

This completes the basic setup. Log out from the console/SSH. Further configuration is via the Web-based GUI, so visit it and select Firewall –> Block Outgoing Traffic. You should see something like what is shown in Figure 1.

Figure 1: BOT screen

Click Editto enter the settings menu. Here, you must enter the administrator PC’s MAC address and the IPCop proxy port. This is a security feature restricting IPCop Web GUI access only to this PC. Before saving the setting, re-verify both entries; if you enter the wrong values, you will be locked out of the IPCop Web-based GUI.

Figure 2: MAC address and proxy port configuration

Next, click Enable BOT. You should see something like what’s shown in Figure 3.

Figure 3: BOT enabled

Note: If you are locked out by incorrect MAC/proxy port entries, to regain access, you will require physical console access to the IPCop box, and will then have to run the following commands:

iptables -F BOT_INPUT # iptables -F CUSTOMFORWARD

After this, access the IPCop Web GUI and correct the MAC address/proxy port. Disable and immediately enable BOT.

Test configuration

Now, let’s do a test configuration to allow Internet access as detailed in Table 2. This configuration example assumes that all client browsers are configured to use IPCop proxy port 800.

Group name	IP address	Services allowed	Service group	Service ports
MailAccess	192.168.51.0/27	POP3, SMTP	MailingServices	110 and 25
WebAccess	192.168.51.32/27	Internet access	InternetServices	IPCop Proxy

The first one allows email (POP3 and SMTP) access from the Green network to the outside (the Internet); the other from the Green network to the IPCop proxy (for Web browsing). Go to the administrator GUI’s Firewall –> Advanced BOT Configmenu option to create groups and access rules (Figure 4).

Figure 4: Advanced BOT configuration

And then:

1. Create the MailAccess list of internal PCs. Under Address Settings, configure MailAccess as Name, 192.168.51.0 as the IP address and 255.255.255.224 (CIDR /27) as the subnet mask.
2. Create the WebAccess list of internal PCs. Under Address Settings, enter WebAccess, 192.168.51.32 and 255.255.255.224 respectively. Figure 5 shows the created rules.
   

   Figure 5: Creating groups
3. Create the IPCop Proxy custom service. Under Services Settings, enter Service Name as IPCopProxy, Port as 800 (the port defined in Services –> Proxy or Advproxy) and select the TCP Protocol.
4. Create the MailingServices group. Under Service Grouping, supply MailingServices as theService Group Name. Select and add the POP and SMTP services from Default Services, as shown in Figure 6.
   

   Figure 6: Creating the MailingServices group
5. Now, the final step is to create Access Control rules. Proceed to Firewall –> Block Outgoing Traffic and click on New Rule. Create the rule by selecting the following parameters:
   • Source: Default network: Custom Address — MailAccess
   • Destination: Other Network/Outside: Default networks: Any
   • User Services: Service Groups: MailingServices
6. Click Rule enabled, add a meaningful remark for this rule, like “MailAccess PCs can use MailingServices” and click Next. Here, you can review the rule. Click Save to create the rule.

Internet access is to be allowed only through the IPCop Proxy. Create an access rule for the WebAccess PCs, to permit access to the IPCop Proxy service:

• Source — Custom addresses — WebAccess
• Destination — IPCop Access — User Services — Custom services: IPCopProxy
• Rule Enabled
• Remark — WebAccess PCs can access IPCop Proxy

Save the rule.

All BOT rules are available for viewing, editing and duplicating from the Firewall –> Block Outgoing Traffic link. This completes BOT configuration. The access controls in Table 2 are implemented. WebAccess PCs can browse the Internet, but cannot access emails via email clients, while MailAccess PCs can use mail clients but cannot browse the Internet.

Configuration verification

Try browsing the Web from a PC with an address not mentioned in the WebAccess range, say 192.168.51.25. The browsing does not work, and the log confirms this by showing GREEN DROP under the Chain column. The log shows Dst Port as 800, by its default service, MDBS_DAEMON.

Now, try browsing the Internet from a PC with an address in the WebAccess range, say 192.168.51.35 — and as expected, it works. You can also check Logs –> Proxy Logs in the IPCop Web GUI to confirm this. You can further check POP and SMTP access from email clients on computers in the two groups, and see if it works as desired.

Figure7: Firewall Log denying Internet Access

Troubleshooting

A few services may stop functioning after enabling BOT. This is because BOT blocks all traffic that is not explicitly allowed. Go to your BOT settings and enable the logging of packets that have not matched a BOT rule. Re-enable BOT and try your service again. Then look into the IPCop firewall logs under Logs –> Firewall Log for the blocked traffic — to get hints about which rule is missing. Now you should be able to create the missing BOT Accept rule.