Alfresco Backup and Recovery Tool, release v0.1

Project was moved to Github!

Please go to https://github.com/toniblyx/alfresco-backup-and-recovery-tool for downloads, questions, issues, suggestions or feedback. Thanks!

Here you go, first release of the Alfresco Backup and Recovery Tool (Alfresco BART). An Apache 2.0 licensed tool for backup and restore of Alfresco ECM.

DESCRIPTION
Alfresco BART is a tool written in shell script on top of Duplicity for Alfresco backups and restore from a local file system, FTP, SCP or Amazon S3 of all its components: indexes, data base, content store and all deployment and configuration files. It should runs in most Linux distributions, for Windows you may use Cygwin (non tested yet).

Brief description of its features: full and incremental backups, backup policies, backup volume control, encryption with GPG, compression. Also it has a restore wizard with shortcuts for quick restore of some key components (alfresco-global.properties and more).

DISCLAIMER
This is an initial version, it has bugs and needs many improvements, please take care 🙂

FEATURES
Features in this version (v0.1):

  • 5 different modes of work: backup, restore, verify, collection and list
    • backup: runs an incremental backup or a full if first time or configured
    • restore: runs the restore wizard
    • verify: verifies the backup
    • collection: shows all the backup sets in the archive
    • list: lists the files currently backed up in the archive
  • Full and incremental backups.
  • Backup policies:
    • Periodicity: number of days of every full backup, if not backup found it does a full
    • Retention: keep full or incremental copies, clean old backups.
    • Control of number of moths to remove all backups older than or backup retention period.
  • Separated components (backup sets or groups), ability to enable or disable any set (cluster and dedicated search server aware), all backup sets supported are:
    • Indexes (SOLR or Lucene)
    • Data base (MySQL, PostgreSQL and Oracle)
    • Content Store plus deleted, cached and content store selector (optional).
    • Files: all configuration files, deployments, installation files, etc.
  • Restore wizard with support to:
    • restore a full backup (all sets)
    • given backup set
    • restore from a given date or days, month, year ago
    • restore alfresco-global.properties from a point in time
  • Backup volume control:
    • All backups collections are split in a volume size 25MB by default, this can help to store your backup in tapes or in order to upload to a FTP, SCP or S3 server.
  • Backup to different destinations:
    • Local filesystem
    • Remote FTP or FTPS server
    • SCP server (should have shared keys already configured, no authentication with user and password supported)
    • Amazon S3
  • Encryption with GnuPG, all backup volumes are encrypted, this feature is configurable (enable or disable).
  • Compression, all backup volumes are compressed by default
  • Log reporting, Alfresco BART creates a log file each day of operation with in a report of any activity.

DEPENDENCES

  • Duplicity 0.6 (with boto and fabric)
  • Python 
  • GnuPG
  • NcFTP
  • librsync
  • mysqldump for MySQL backup
  • pg_dump for PostgreSQL backup
  • exp for Oracle backup

TODO

  • TEST, TEST and TEST with JBOSS, MySQL, Oracle, S3, FTPs, SCP, etc.
  • Add more input and task controllers (and configuration, first run).
  • Restore single repository file.
  • Snapshots (LVM if exist, AWS if exist).
  • Support for MS SQL Server.
  • Configuration wizard (shell).
  • Share admin panel configuration page as main point to configure more options related to backup (eager, cleaner, index backup, trascan cleaner, etc.).
  • Custom logging control and reporting improvement.

DOWNLOADS and INSTALLATION 

Most recent information about tool and latest code is available in:
http://blyx.com/alfresco-bart

Please report bugs and improvements to: reverse moc.xylb@inot

Alfresco trick: bulk users invitation to a site (external and internal users)

For a personal project I was wondering if I can invite a group of friends to a site without having to get them access to my Alfresco, just wanted to give them access to certain site as consumers.

Here is how I did that, once I generate a list of friends like below (file solo-mails.txt):

[bash]
[email protected]
[email protected]
[email protected]
[/bash]

I run next curl command in JSON format. Remember that $i is the mail address of any friend, use your own admin credentials as user:password, you should change ‘surname’, localhost, and site name ‘mysite’ in the URL. The option -H “Accept-Language: en,en;q=0.8” will send the invitation in english, if you want to sent it in spanish use Accept-Language: es,en;q=0.8.

for i in `cat solo-mails.txt`; do curl -i -u user:password -H “Content-Type: application/json” -H “Accept-Language: en,en;q=0.8” -d “{‘invitationType’:’NOMINATED’,’inviteeUserName’:”,’inviteeRoleName’:’SiteConsumer‘,’inviteeFirstName’:’$i‘,’inviteeLastName’:’surname‘,’inviteeEmail’:’$i‘,’serverPath’:’http://localhost:8080/share/’,’acceptURL’:’page/accept-invite’,’rejectURL’:’page/reject-invite’}” “http://localhost:8080/alfresco/s/api/sites/mysite/invitations“; done
This command will send an invitation with an autogenerated username and a password.

As I mentioned, command above is for external users, but if you want to do same thing for internals use same command but the value ‘inviteeUserName’ has to have the username you want to invite, for example ‘inviteeUserName’:’toni’. Obviously I run this command from my Mac also valid from a Linux with curl.

Thanks to my colleague at Alfresco Rui Fernandes, he pointed me out about where to start.

How to enable Tomcat Manager in an Alfresco installation

In order to address some maintenance tasks in Tomcat, may be useful to get access to the Tomcat Manager (http) interface, things like stop or start an application if you are doing some changes in Alfresco or Share, even a different way to access to its JMX interface using jmxproxy if you are working remotely.

This is a easy step by step guide about how you can enable the Tomcat Manager that comes with an Alfresco default (bundle) installation. Tested with Alfresco Enterprise 4.1.4, but should work with any other Alfresco 4 version.

  • Edit tomcat/conf/tomcat-users.xml and adapt it like below:

[xml]
<tomcat-users>

<role rolename="manager-gui"/>

<role rolename="manager-status"/>

<role rolename="manager-jmx"/>

<role rolename="manager-script"/>

<user username="CN=Alfresco Repository Client, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB" roles="repoclient" password="null"/>

<user username="CN=Alfresco Repository, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB" roles="repository" password="null"/>

<user username="manager" roles="manager,manager-gui,manager-status" password="manager"/>

<user username="manager2" roles="manager-jmx,manager-script" password="manager"/>

</tomcat-users>
[/xml]

  • Then edit tomcat/conf/Catalina/localhost/manager.xml and change like this:

[xml]
<Context antiResourceLocking="false" privileged="true" useHttpOnly="true" override="true">

<Valve className="org.apache.catalina.authenticator.BasicAuthenticator" securePagesWithPragma="false" />

</Context>
[/xml]

  • Restart your Tomcat and thats all.

Once Alfresco is up agan, lets try to access to the manager with user “manager” and password “manager”, please avoid using this credentials in production environments.

To access html interface:

http://localhost:8080/manager/html

Screen Shot 2013-05-30 at 12.38.33 PM

To list all applications:

http://localhost:8080/manager/list

To list server information:

http://localhost:8080/manager/serverinfo

To see default session info (use / or /context):

http://localhost:8080/manager/sessions?path=/

To start, stop, and undeploy alfresco or share

http://localhost:8080/manager/start?path=/alfresco

http://localhost:8080/manager/stop?path=/alfresco

http://localhost:8080/manager/undeploy?path=/alfresco

http://localhost:8080/manager/start?path=/share

http://localhost:8080/manager/stop?path=/share

http://localhost:8080/manager/undeploy?path=/share

To see all MBeans (jmxproxy):

http://localhost:8080/manager/jmxproxy.

Screen Shot 2013-05-30 at 12.39.34 PM

Sources: http://forums.alfresco.com/forum/developer-discussions/other-apis/unable-access-tomcat-manager-03292012-1345

and http://www.ixxus.com/blog/2011/02/monitor-and-manage-alfresco-jmx

Video del webinar “Uso práctico de Alfresco” (demo)

Aquí comparto el video del webinar en el que hago una demo de Alfresco sobre temas como:

  • Introducción a Alfresco Share
  • Clasificación automática de ficheros por correo entrante: Gestión de Facturas
  • Workflow
  • Edición de PDFs (marca de agua)
  • Alfresco One, colaboración y nube híbrida.
  • Sincronización
  • Alfresco Mobile
  • Edición en linea con MS Office
  • Búsquedas
  • Desktop Sync
  • Publicación Social

Espero que os resulte útil.

Playing with Duplicity backup and restore tool and Amazon S3

Duplicity is a python command line tool for encrypted bandwidth-efficient backup.

In their creator words: “Duplicity  incrementally  backs  up  files  and directory by encrypting tar-format volumes with GnuPG and uploading them to a remote (or local) file server.  Currently local, ftp, sftp/scp, rsync, WebDAV, WebDAVs, Google Docs, HSi and Amazon S3 backends  are  available.   Because  duplicity  uses librsync,  the  incremental  archives  are  space  efficient  and only record the parts of files that have changed since the last backup.  Currently duplicity supports deleted files, full Unix permissions, directories, symbolic links, fifos, etc., but not hard links.

My brief description: a free and open source tool for doing full and incremental backup and restore from linux to local or almost any remote target, compressed and encrypted. A charm for any sys admin.

In order to explain how Duplicity works for backup and restore. I’m going to show how to do a backup of a folder called “sample_data” to an Amazon S3 bucket called “alfresco-backup” and a folder called “test” inside my bucket (use your own bucket name) the bucket and folder has been created by me before running any command but could be created by duplicity first time we run the command. If you want to let Duplicity create your own Amazon S3 bucket and you are located in Europe, please read the Duplicity man page.

Note: please not get confused with my bucket name “alfresco-backup”, use your own bucket name. I will use this bucket name also in future articles 😉

How to install Duplicity in Ubuntu:

[bash]
# sudo apt-get install duplicity
[/bash]

Create a gpg key and remember the passphrase because will be required by Duplicity, defaults values works good. Your backup will be encrypted with the passphrase, all files created by command below will be on your Linux home/.gnupg but you won’t need that at all:

[bash]
# gpg –gen-key
[/bash]

Create required system variables (you can also use them with an script):

[bash]
# export PASSPHRASE=yoursupersecretpassphrase
# export AWS_ACCESS_KEY_ID=XXXXXXXXXXX
# export AWS_SECRET_ACCESS_KEY=XXXXXXXXXX
[/bash]

Backup:

To perform a backup with the Duplicity command (the easy and simple command):

[bash]
# duplicity sample-data/ s3+http://alfresco-backup/test
[/bash]

If you get errors, some dependencies for Python and S3 support are required, try installing librsync1 and next python libraries python-gobject-2, boto and dbus.

The command output should be something like this:

[bash]
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
No signatures found, switching to full backup.
————–[ Backup Statistics ]————–
StartTime 1368207483.83 (Fri May 10 19:38:03 2013)
EndTime 1368207483.86 (Fri May 10 19:38:03 2013)
ElapsedTime 0.02 (0.02 seconds)
SourceFiles 5
SourceFileSize 1915485 (1.83 MB)
NewFiles 5
NewFileSize 1915485 (1.83 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 5
RawDeltaSize 1907293 (1.82 MB)
TotalDestinationSizeChange 5543 (5.41 KB)
Errors 0
————————————————-
[/bash]

This will create 3 files in your S3 bucket:

  • duplicity-full-signatures.20130510T160711Z.sigtar.gpg
  • duplicity-full.20130510T160711Z.manifest.gpg
  • duplicity-full.20130510T160711Z.vol1.difftar.gpg

All files are stored with the GNU tar format and encrypted, “duplicity-full” means that was first backup, in next backups you will see “duplicity-inc” in different volumes.

  • sigtar.gpg file contains files signatures then Duplicity will know what file has changed and do the incremental backup
  • manifest.gpg contains all files backed up and a SHA1 hash of each one
  • volume files (vol1 to volN depending of your backup size) will contains data files, a volume file use to be up to 25MB each one, this is for improve performance doing backup and restoration.

For more information about file format look at here: http://duplicity.nongnu.org/duplicity.1.html#sect19

[bash]
# duplicity –full-if-older-than 30D sample-data s3+http://alfresco-backup/test
[/bash]

Verify if there are changes between last backup and your local files:

[bash]
# duplicity verify s3+http://alfresco-backup/test sample-data
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Fri May 10 19:38:03 2013
Difference found: File . has mtime Fri May 10 19:39:05 2013, expected Fri May 10 19:34:53 2013
Difference found: File file1.txt has mtime Fri May 10 19:39:05 2013, expected Fri May 10 18:25:36 2013
Verify complete: 5 files compared, 2 differences found.
[/bash]

In last example we can see that a fine called file1.txt has changed and also the root directory “.” date,

List files backed up in S3:

[bash]
# duplicity list-current-files s3+http://alfresco-backup/test
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Fri May 10 18:32:59 2013
Fri May 10 19:34:53 2013 .
Fri May 10 18:25:36 2013 file1.txt
Fri May 10 18:54:31 2013 file2.txt
Fri May 10 19:35:03 2013 mydir
Fri May 10 19:35:03 2013 mydir/file3.txt
[/bash]

You can see 3 files and 2 directories, in the statistics report duplicity counts any directory as file.

Restore:

Duplicity can also manage the restore process but it will never override any existing file, the you can restore to a different location or remove your corrupted or old data if you want to restore in the original place. If duplicity successfully completes the restore it is not going to show any output.

How to restore last full backup:

[bash]
# duplicity s3+http://alfresco-backup/test restore-dir/
[/bash]

How to restore a single file:

[bash]
# duplicity –file-to-restore mydir/file3.txt s3+http://alfresco-backup/test restore-dir/file3.txt
[/bash]

How to restore entire backup in a given date:

[bash]
# duplicity -t 2D s3+http://alfresco-backup/test restore-dir/
[/bash]

this will restore full backup of  2 days ago (see -t options, seconds, minutes, hours, months, etc may be used)

How to restore a single file in a given date:

If you are looking for a file with a content but you don’t know what version of the file you have to recover, you can try restoring different file versions in the backup:

[bash]
# duplicity -t 2D –file-to-restore file1.txt s3+http://alfresco-backup/test file1.txt.2D
# duplicity -t 30D –file-to-restore file1.txt s3+http://alfresco-backup/test file1.txt.30D
[/bash]

Note, you have to specify a different file name for local restoration, remember that duplicity never overrides existing content.

Delete older backups:

[bash]
# duplicity remove-older-than 1Y s3+http://alfresco-backup/test –force
[/bash]

also you can use for example 6M (six months), 30D (30 days) or 60m (60 minutes).

To see more information when you are running a duplicity command can use the vervosity flag -v [1-9] but also can see all logs here /root/.cache/duplicity/[directory with unique ID]/duplicity-full.YYYMMDDT182930Z.manifest.part

When you are finished playing with Duplicity and Amazon S3 remember to clean your passphrase and Amazon keys from the variables:

[bash]
# unset PASSPHRASE
# unset AWS_ACCESS_KEY_ID
# unset AWS_SECRET_ACCESS_KEY
[/bash]

In next posts I will show  how to use Duplicity to have a perfect backup and restore policy of Alfresco.

OpenDJ (LDAP Server) and how to configure with Alfresco for your best demos

OpenDJ is a fork of the former Sun OpenDS. Is a free and Open Source LDAPv3 server. It is not under our Alfresco Supported Platforms umbrella but it works fine for demo porpuses and is very easy to install, configure and maintain. Since OpenDJ is a Java application you can run it in Linux, Mac or “even” Windows 😉

Lets see how how to start with OpenDJ from scratch.

  • Installation and configuration of OpenDJ:

Download the application downloader and launcher here: http://download.forgerock.org/downloads/opendj/20130305020001/install/QuickSetup.jnlp (you may also download the entire package from here http://www.forgerock.org/opendj.html  but I think with QuickSetup is the easier way)

Download this initial LDIF file with demo users and groups for the first population of our new brand LDAP server.

You must have installed Java in your system in order to execute file QuickSetup.jnlp. Then double click to open it. And follow as in the video:

Now lets configure our Alfresco Server (I did all this steps with Alfresco Enterprise 4.1.3 but should be valid for any 4.X version).

  •  Alfresco configuration:

[bash]
# vi tomcat/shared/classes/alfresco-global.properties
[/bash]

Add next line with our new authentication system before the default chain.

[bash]
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
[/bash]

Create the needed directory for our new settings:

[bash]
# mkdir -p tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1
[/bash]

Create your own config file, set as your needs:

[bash]
vi tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties
[/bash]

File:

[bash]
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid=%s,ou=people,dc=alfresco,dc=com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://localhost:1389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.synchronization.active=false
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=Directory Manager
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=groups,dc\=alfresco,dc\=com
ldap.synchronization.userSearchBase=ou\=people,dc\=alfresco,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’Z’
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0
[/bash]

To have a full control about what is happening during the LDAP authentication add next lines to your custome log configuration file like next one. If you don’t have a custom log file already you can create it:

[bash]
cp tomcat/webapps/alfresco/WEB-INF/classes/log4j.properties tomcat/shared/classes/alfresco/extension/custom-log4j.properties
[/bash]

Add next options to the file:

[bash]
vi tomcat/shared/classes/alfresco/extension/custom-log4j.properties
[/bash]

Content:

[bash]
# LDAP
log4j.logger.org.alfresco.repo.importer.ImporterJob=debug
log4j.logger.org.alfresco.repo.importer.ExportSourceImporter=debug
log4j.logger.org.alfresco.repo.security.authentication.ldap=debug
[/bash]

Now reboot and try. Also you can do that easily and without reboot using JMX with console

Remember to keep watching your logs:

[bash]
tail -f tomcat/logs/catalina.out
[/bash]

When Alfresco is starting after our changes, you must see something like this:

[bash]
2013-03-07 09:46:26,175  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Starting ‘Authentication’ subsystem, ID: [Authentication, managed, ldap1]
2013-03-07 09:46:26,212  WARN  [authentication.ldap.LDAPInitialDirContextFactoryImpl] [main] LDAP server supports anonymous bind ldap://localhost:1389
2013-03-07 09:46:26,234  INFO  [authentication.ldap.LDAPInitialDirContextFactoryImpl] [main] LDAP server does not support simple string user ids and invalid credentials at ldap://localhost:1389
2013-03-07 09:46:26,235  INFO  [authentication.ldap.LDAPInitialDirContextFactoryImpl] [main] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://localhost:1389
2013-03-07 09:46:26,237  INFO  [authentication.ldap.LDAPInitialDirContextFactoryImpl] [main] LDAP server does not fall back to anonymous bind for known principal and invalid credentials at ldap://localhost:1389
2013-03-07 09:46:26,247  INFO  [management.subsystems.ChildApplicationContextFactory] [main] Startup of ‘Authentication’ subsystem, ID: [Authentication, managed, ldap1] complete
[/bash]

And after your first login:

[bash]
2013-03-07 09:47:34,404  DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-8080-5] Authenticating user "toni"
2013-03-07 09:47:34,421  DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-8080-5] Setting the current user to "toni"
2013-03-07 09:47:34,422  DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [http-8080-5] User "toni" authenticated successfully
[/bash]

Remember to change your LDAP log debug level before going live, something like INFO could be enough.

Integration demo between LibreOffice 4 and Alfresco 4 with CMIS

As first post for 2013 I want to share with you all this new screencast about the straightforward configuration and how it works the new version of LibreOffice with Alfresco. Note that my demo was done with Alfresco Enterprise 4.1 but this CMIS integration also should works with Alfresco Community 4.2. As you can see check-in/out and versioning with comments are already supported out-of-the-box from LibreOffice.

Also I would like to highlight the connection binding URL “http://localhost:8080/alfresco/cmisws/RepositoryService?wsdl” that is automatically filled by LibreOffice at configuration time, this URL is the new CMIS Web Services binding address for Alfresco 4.

Appendix:

Alfresco 4 CMIS binding address (based on OpenCMIS):
CMIS Web Services Binding: WSDL Documents = http://localhost:8080/alfresco/cmisws
CMIS AtomPub Binding: AtomPub Service Document = http://localhost:8080/alfresco/cmisatom

Alfresco 3 CMIS binding address (based on Apache CXF, obsolete/deprecated)
CMIS Web Services Binding: WSDL Documents = http://localhost:8080/alfresco/cmis
CMIS AtomPub Binding: AtomPub Service Document = http://localhost:8080/alfresco/service/cmis

More info about Alfresco and CMIS here.

10 años de blyx.com

pulserasQuería acabar este apasionante 2012 escribiendo un post a modo de celebración. Este mes de diciembre blyx.com ha cumplido 10 años. Todo empezó desde un PC a modo de servidor con FreeBSD instalado en mi casa, cuando las ADSL tenían IP fija, ahora todo es un poco diferente, pero lo que sigue igual son las ganas de seguir escribiendo lo que voy aprendiendo, o al menos intentarlo.

En estos años he publicado 218 artículos en forma de manuales, tutoriales, screencasts o demos que han provocado poco más de 12 millones de páginas vistas. He escrito sobre Software Libre, Seguridad, Libros y sobre todo en los últimos años, sobre Alfresco. Así procuraré seguir, espero que os resulte útil.

Para celebrarlo he hecho las pulseras que veis en la foto, si me ves y quieres una dímelo, quedan muy pocas pero quedan.

Por otros 10 años como los que ya han pasado, ¡Salud!

…y ahora a hacer las maletas. Me muevo a los USA, los artículos de los próximos años los escribiré desde allí. Up Alfresco!!

Revisión del libro “Hacker Épico” de Informática64

Hacker ÉpicoHoy quiero comentar este libro, Hacker Épico. Magistralmente escrito por Alejandro Ramos (Dab) y Rodrigo Yepes, publicado y editado por Informatica64. Si empiezas no puedes dejarlo hasta que no lees la última página, te mantiene enganchado, en tensión, disfrutándolo y aprendiendo con cada una de sus poco más de 250 páginas.

Contada en primera persona por Ángel Ríos, el hacker protagonista, esta novela trata sobre la aventura en la que se ve envuelto este informático que trabaja para una prometedora consultora de seguridad como auditor y junto a la ayuda de su amigo Marcos, se enfrenta a un sin fin de retos que pondrán a prueba sus habilidades de hacking y análisis forense a lo largo de toda la trama. Ambientada en la Madrid actual, este thriller hacker se basa en hechos que lamentablemente leemos con demasiada asiduidad en prensa.

Como sabéis los que seguís el blog, comento muchos libros técnicos en blyx.com, generalmente relacionados de alguna forma con Alfresco. A diferencia de esos otros libros que he comentado, en esta ocasión no voy a hacer un repaso de cada capítulo ya que no quiero dar ninguna pista sobre lo que acontece en la historia, solo quiero limitarme publicar mi opinión y notas que he ido tomando mientras lo leía.

Hacker Épico no es una novela al uso, va mucho más allá, es un completo y actualizado manual de referencia, herramientas, casos de uso prácticos y totalmente actuales en los que, si estáis involucrados de alguna forma en el mundo de la seguridad informática, os sentiréis muy identificados y también, como ha sido mi caso, aprenderéis muchísimo mientras devoráis, sin necesidad de marca-páginas, esta maravilla.

Es un libro que no solo se lee una vez, puede ser perfectamente un libro de cabecera al que recurrir más de una vez. Como decía antes, prepárate una libreta (o Evernote en mi caso) mientras lo estés leyendo, podrás tomar jugosas notas, ver como se descubren vulnerabilidades 0day, saltar la seguridad de cámaras, puertas traseras, dominios, Windows, Linux, PDFs, redes WiFi y mucho más.

Por supuesto, también tiene su punto friki, como no podía ser de otra forma, no hay capítulo en el que no se hagan guiños al cine de superhéroes, series de culto y a otras novelas, e incluso a otros personajes de la escena hacker española. También se encuentran detalles y chascarrillos para gamers. Incluso, si conoces Madrid, te puedes ir imaginando algunas escenas descritas.

Fuga de datos, aplicaciones como Whatsapp, recursos web y redes sociales reales, iPhones, iPads… Conceptos, argumentos y soluciones bien documentados y totalmente cercanos al mundo real. Podrás ver como se hacen análisis forenses e incluso algunas partes de la trama y comentarios suenan muy familiares.

Un recorrido através de un sin fin de herramientas explicando cada uno de los flags utilizados.

¿Estamos ante el principio de una saga? ¿Son Alejandro y Rodrigo los Neal Stephenson y Clifford Stoll españoles? No lo sé, pero desde luego que no tienen nada que envidiarles, por lo menos por las sensaciones que provocan en el lector, igual que otras novelas del estilo como Criptonomicon o El Huevo del Cuco.

Aunque los autores se preocupan por explicar de la forma más sencilla posible algunas de las peripecias puramente técnicas del protagonista, si no estas familiarizado con algunos conceptos informáticos en algunas ocasiones puede resultar un poco difícil seguir la trama al 100%, de cualquier forma, si no eres informático o si lo eres y no entiendes algo siempre puedes buscar en internet lo que no entiendas. Así que, además de disfrutar, aprenderás más de lo que imaginas.

Hace unos años tuve el privilegio de trabajar durante unos días en el mismo departamento que Alejandro Ramos y compartir amigos comunes. Así que estoy doblemente orgulloso de que en nuestro país se escriban estas obras de arte y encima sea gente que se ha ganado lo que tiene a base de esfuerzo y pasión por esta locura infinita que es la seguridad informática. Gracias.

Seguro que no va a ser el único que diga que quiere más. ¡Quiero más aventuras de Ángel y Marcos!

Puedes comprarlo por 20€ en la web de Informática64, no te vas a arrepentir, te lo prometo.

¿Para cuándo la película?