Categories
Freedom and Privacy Technology Tutorial yunohost

INSTALLING ROUNDCUBE 1.4 VERSION ON YUNOHOST

Thanks to the work of Brian we can now install the newest version of Roundcube on Yunohost.

Why is this so exciting?

  • Newer, fresher UI
  • PGP encryption Functionality with the enigma plugin
  • Mobile friendly skin

In short, it makes your self-hosted email awesome on a mobile too, regardless of whether you have an email app that works or not with PGP

Normally, if this app was an approved app in the Yunohost app list you would be able to simply search it and install it from the app list. Until then we have to install it by the command line but it’s not that scary at all so let’s begin.

Installing it

  1. ssh into your Yunohost box
  2. run this command to install it:
    sudo yunohost app install https://github.com/bhdouglass/roundcube_ynh/tree/testing

Configuring the Install

A bunch of questions will start. Here is how I answered mine but you can adjust as you like. Note, if you press the enter key it will choose the default option for quick installation. Critical step is choosing ‘yes’ when you are presented with the Enigma opion.

This first question is just a warning. You’re brave. Take that risk!

WARNING! Installing 3rd party applications may compromise the integrity and security of your system. You should > probably NOT install it unless you know what you are doing. Are you willing to take that risk? [Y/N] : y

This next step shows all the domains you have configured in your Yunohost box and will ask you which one you want this Roundcube to be associated with:

Available domains:
-domainone.com
-domaintwo.com

Choose a domain for Roundcube (default: domainone.com:

This next question lets you choose which URL folder you want for the mail. I changed mine from the default since I have other things running but you can leave default if you don’t have something already using ‘/webmail’:

Choose a path for Roundcube (default: /webmail): /pgpmail

I’m using Nextcloud calendar stuff so i don’t need CardDav stuff now but feel free to install it if you need it and want to use it:

Install CardDAV synchronization plugin? [yes | no] (default: no):

This is an important one if you plan to encrypt your emails!

Install Enigma messages encryption plugin? [yes | no] (default: no): yes

Testing it out

Once complete, you should now be able to go to ‘domainone.com/pgpmail’ (or whatever your options are) and hit the new Roundcube installation and log in with your Yunhohost email server settings. I recommend doing the following tests each time you get setup with something like this since desktop browser and mobile browser use different skins (sometimes) in Roundcube.

Before beginning, make sure that the public key of each email address has been sent/imported into each side of the email transaction. You can use the ‘import key’ feature in Roundcube’s desktop mode quite easily. At point of this tutorial I haven’t tried importing keys with Mobile browser, so I can’t confirm if that works or works well.

  • Send totally plain text test message from desktop browser to test email address
  • Send totally plain text test message from Mobile browser to test email address

All good? Now with public keys attached:

  • Send new email with just public key attached using Roundcube’s ‘attach public key’ feature – from Desktop browser
  • Send new email with just public key attached using Roundcube’s ‘attach public key’ feature – from Mobile browser

Still good? Now encrypt it!

  • Send new email fully encrypted using Roundcube’s ‘encrypt this email’ feature – from Desktop browser
  • Send new email with just public key attached using Roundcube’s ‘encrypt this email’ feature – from Mobile browser

Everything still good? You should be ‘in business’

Hope you enjoyed and found this useful.

Categories
Freedom and Privacy Life Skills Technology Tutorial

SETTING UP EMAIL WITH YUNOHOST AND CLOUDFLARE

In a previous blog post I set up a Yunohost (“YH” moving forward) box with a script so that it would report it’s location back to Cloudflare (“CF” moving forward) automatically using a cron job entry on the box and a cool piece of free software called ddns-cloudflare. That blog was to make sure the website stuff (ie. WordPress blog, Nextcloud, etc) would work. The other neat part about setting up your YH box this way, I was thinking during the process, is that (I guess but haven’t tested yet), you could just unplug it and plug it in at another physical location (with the right ports open at that location, of course) and it should just start ‘magically working’. This would be a real selling feature for getting ‘off the grid’.

Now to attack the part that most people like me avoid – EMAIL!

We have all heard that email servers are complicated and stressful, but, with the CF-YH combo – once I figured it out – it now seems much easier than I had expected. But there weren’t any specific blogs out there for me to follow so I decided it would be super helpful to write one to help others avoid what I just went through.

This tutorial will connect CF to your YH email and give you a few tips to test as you go until it’s all working, since there are a few things in both CF and in YH that are a bit ‘weird’ I discovered. My hope is that this tutorial helps you get setup faster and easier.

This tutorial assumes you already have a CF account setup with the settings from the previous tutorial (www and A record stuff).

KNOWING WHERE YOUR YUNOHOST SETTINGS ARE

You will be able to find the private and unique details for your own Yunohost installation in the following section of your user interface:

Domains / nameofyourdomain.com / DNS Configuration

When you click this it will open up a pane that has all your records from the previous tutorial but also the recommended email settings. If you are like me, none of it will make sense at all.

The parts you are going to need to match up to CF are:

MX, DKIM and DMARC

The way in which you input them into CF is more than half of the battle, and the part where this tutorial should save you about 3 days of messing around.

First, let me give you a link to Cloudflare’s own support page on this topic. This will also give you a list of pretty much any kind of entry you might need in your own setup, if it’s more advanced than this tutorial. It also shows you how to create a records in your CF DNS settings. Here’s the link.

Now that you know how to enter a record in general, let’s enter them.

I’m going to display this like this:

MX RECORD

  • WHAT YH SHOWS IN DNS CONFIG PANE: @ 3600 IN MX 10 mylataylor.ca
  • HOW TO ENTER AND PASTE IT INTO CF
  • TYPE: MX
  • NAME: nameofyourdomain.com
  • VALUE: SERVER: nameofyourdomain.com PRIORITY: 10
  • TTL: AUTOMATIC

DKIM RECORD

  • WHAT YH SHOWS IN DNS CONFIG PANE: mail._domainkey 3600 IN TXT “v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA…super_duper_long_long_thing”
  • HOW TO ENTER AND PASTE IT INTO CF
  • TYPE: TXT
  • NAME: mail._domainkey
  • VALUE: v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA…super_duper_long_long_thing (NO quotations)
  • TTL: AUTOMATIC

DMARC RECORD

  • WHAT YH SHOWS IN DNS CONFIG PANE: _dmarc 3600 IN TXT “v=DMARC1; p=none”
  • HOW TO ENTER AND PASTE IT INTO CF
  • TYPE: TXT
  • NAME: _dmarc
  • VALUE: v=DMARC1; p=none
  • TTL: AUTOMATIC

It was explained to me that I also need to check RDNS, but I have not had any problems yet, and I’m not sure what this is nor how to do it. If you want to add this instruction in the comments that would be great.

If you refresh your page in CF and notice that an orange cloud has re-appeared from grey status, you may not have updated your .yml zone file correctly from previous tutorial. Your script might be updating the DNS records and accidentally forcing it back on. And this will stop your emails from working (the orange cloud). Go back to that tutorial and review the script yml config file setup and make sure you got he hashtags on the right lines…

At this point, it’s the moment of truth: will you be able to send and receive emails?

CREATE ACCOUNTS (AND EMAIL ACCOUNTS) IN YUNOHOST

This part created some issues for me because there may (or may not) be either a bug or an interface issue in the YH account setup. It appears, as you create the YH user that the email can be separate, however, from my experience, you should keep the username and the ’email name’ to be exactly the same – let YH auto-fill it and keep that as your email name. So, if you want your email to be johndoe@nameofyourdomain.com, make your YH username as johndoe at the top and let that auto-fill into the email field below. It seems like YH can’t take periods/dots in the username so john.doe won’t work. There appears to be email aliases that are supposed to work so probably you can figure this out but for me, for this tutorial, I would just avoid dots/periods, keep a simple username and make sure it auto-fills into the email field.

TEST YOUR SETUP

Once your username / email is set up in YH, now move on to test the email, in the client of your choice, but I strongly recommend Thunderbird to at least test to make sure things are working because it definitely works, I can confirm. Once this test is confirmed and you can send, receive emails with a basic thunderbird setup, then can feel confidence about all your settings above.

THUNDERBIRD SETUP

Literally, just follow this link exactly. If your settings are right, it will work. If they aren’t, they won’t. Also, be sure to wait at least 30 minutes for your cron jobs (if you are continuing from the Cloudflare tutorial) to run because the cron job can mess up your settings as well, I discovered. Once you have run a cycle or two of cron jobs and all is well, go wild with the hottest new technology – email…

TIP: when you get to the manual config, Thunderbird puts a period / dot before the serverhostname which is easy to miss. If your email is in the main domain root, then make sure to remove these dots.

Now send a test email to another account you have access to. One important thing to check is that you aren’t ending up in spam folders…

TIP: If you press send on your test email and it hangs on sending, go into your account settings of Thunderbird and you might have some old Outoing (SMTP) servers from previous YH email tests in there. I found after I deleted these old test servers and tried again, it worked perfectly, but if there were other ones in there it hung and failed.

Assuming you got your test email, now send a reply back to it and make sure you get that too. If you’re excited and bored or both, do this step over and over again perhaps with nursery rhyme verses…but make sure no one is watching you… I can’t emphasize enough that you need to wait at least a cycle or two of your cron jobs running to make sure it’s not messing things up over at Cloudflare.

All good? Nice. Another consideration now that you are a warrior hosting your own email is that by using Thunderbird you can back up your emails easily enough by simply connecting and synching your emails across multiple devices.

UBUNTU TOUCH DEKKO SETUP

Now let’s set this up on our Ubuntu Touch device with Dekko.

  1. Select the left hamburger menu
  2. Select the top right settings cogwheel on dark panel
  3. Select ‘mail’
  4. Select ‘accounts’
  5. Select the top right + plus sign
  6. Select IMAP
  7. Enter ‘whatever you want’ for the first two name options
  8. IMAP hostname: overwrite example with your yunhost server email location
  9. ENCRYPTION: should already default to this: ‘force encryption (SSL/TLS)’. if not, do it.
  10. username/password: auto-filled from first step
  11. authentication: change to ‘login’ (defaults to ‘plain’)
  12. SMTP server: overwrite example with your yunohost server email location
  13. SMTP port: 587
  14. ENCRYPTION: ‘use encryption (STARTTLS)
  15. AUTHENTICATION: change to ‘login’ (it defaults to ‘plain’)

Last and final and very important or your outbound email will literally break for this account and, I think, all your email accounts. You need to go back into the settings for this new email address and to this step:

  1. Select top left hamburger menu
  2. Select top right settings cogwheel on dark panel
  3. Select ‘mail’
  4. Select ‘accounts’
  5. Select Your newly-created yunohost email account
  6. Select Outgoing Server
  7. Scroll down under the LOGIN field and turn on the switch that says ‘Authenticate from server capabilities’
  8. Press left arrow at top of screen to save settings

CONCLUSION

Now, you should be in business sending and receiving emails from a Yunohost server, in your house, using Dekko email client on your Ubuntu Touch device.

Categories
Freedom and Privacy Mesh Networks Technology Tutorial

Converting a Zsun Wifi Card Reader into a Wifi Range Extender

This post is a follow-up post to my original where I successfully flashed OpenWRT onto these Zsun devices. Be sure to see that post first if you haven’t already flashed OpenWRT onto the device.

Note that this tutorial should also work for any device upon which you can put OpenWRT (ie any compatible old router you have kicking around).

With this project, what I was really trying to do was create a legitimate ‘mesh network’ but my skills and time ran out so I resolved to have a ‘half victory’ which was to be able to use these little devices to expand our home wifi with small size footprint and lower energy usage, even if it was just on demand, as needed. For example, if I needed wifi to reach outside while gardening so I could listen to streamed music, etc, I could plug one of these in nearby and extend the range instantly.

Before beginning, it’s important to note that this process may need your critical thinking to build on what I’ve done, and if you have further progress, it would be appreciated by all to know, if you could write them in the comments. For full disclosure I fried two Zsun devices while learning so make sure to heed my advice in the other blog if you are using this device.

Oh, one last useful statement: I recommend turning off the wifi in your master-router so that you (you) don’t get confused by which wifi radio device you are connecting to since both devices will, by the end of the tuturial, be sharing the exact same SSID. It reduces confusion and headaches to turn this off (just the wifi, you can use wired connection if you have access). Also, while you are turning it off, take note as to what channel it is broadcasting on since you will want to choose a new channel that is far away from this one on the new device.

Ok, let’s get started.

Setting up the Device as an Access Point

For full credit I pulled the methods for this process from this video, but the video wasn’t super helpful because it required an internet connection to do the changes and I needed a static page with text instructions! These are those:

Step 1: Set up the Interface

  1. Go to ‘network’ and ‘interfaces’ in the sub-servient (new word I made, enjoy, GNU license word..gnucabulary…) device (in my case the zsun).
  2. If you have any other interfaces besides ‘LAN’, remove them as they won’t be used
  3. Edit the LAN
  4. Change the IPv4 field to the static IP address that this device will have on your main home network.
    If your main router is 192.168.1.1 for example, then you could set this to 192.168.1.5 if it’s available. If not, find one that is and set it. And don’t lose it! You will need it to log back into the router after making the change.
  5. Change the gateway IP address to the master (gnucabulary…) routers (ie. 192.168.1.1 if that’s your router’s admin login page)
  6. In the “DHCP Server” settings below on the same page, there is a checkbox called ‘ignore interface’. Check that box which will disable DHCP (the thing that sends out IP addresses to all your devices) since you won’t need it
  7. “Save and Apply’ button at the bottom

Reminder note: your device will no longer be found at 192.168.1.1 if that’s where you just logged in. It will now be accessible at the address you chose in step 4 above. I always forget this one, ha. Go find it and log back in…

Step 2: Disable the Firewall

  1. Go to ‘System’ and then ‘Startup’
  2. Scroll down until you see ‘firewall’
  3. Disable it by clicking on the ‘enabled’ button
  4. ‘Submit’ button

Step 3: Adjust the Wifi settings

  1. Go to ‘Network’ then ‘wifi’
  2. Edit the active wifi entry
  3. Change the channel (1 to 11) of the device to one that is fairy far away from that of your main router so there is a nice gap between the frequencies
  4. In ‘Interface Configuration’ section, change the mode to ‘access point’if it isn’t already
  5. change the SSID to exactly the same one as your main router (if it’s slightly different it won’t work)
  6. Change the WPA2/psk password to exactly the same one as your main router is outputting. If you don’t it won’t work
  7. ‘Save & Apply’ button

Some Follow up Notes

As hinted at at the very beginning of this tutorial, from this point on you will not (or may not?) be able to access your subservient device while the wifi of the master router is on. The reason for this is because probably your computer will find the master router’s wifi device and connect to that. I had big struggles trying to find this device again. If you need to access it, either unplug your master router (honestly this is the easiest way if no one will be angry at you for killing their internet) or go into the master router’s settings and disable the wifi transmit. For me, I recommend turning off the master router’s wifi transmit until it’s all setup on the subservient first.

I had quite a bit of problems, even though my master router wasn’t transmitting wifi, connecting to my newly-IP’d subservient device. After I cleared my browsers cache it did re-appear but I’m not sure that’s why. You might need to mess around with your browser to be able to hit the admin page again. I think my problem might be because I have multiple devices running OpenWRT and the browser gets confused…

Special thanks to all the contributors at OpenWRT!

Categories
Freedom and Privacy Technology Tutorial

Bridging a Matrix and Telegram Room

ASSUMPTIONS

For this tutorial, we shall assume that you already have:

  • An existing Matrix chat room of which you are administrator and
  • A Telegram supergroup with admin rights to add members
  • The Matrix room is set to “Anyone who knows the room’s link, apart from guests” in the “Who can access this room” settings of the group
  • Encryption is turned off (otherwise bridge won’t work)

Let’s continue assuming the above to be true.

1. Add username “@tchncs_bot” to the Telegram group to which you wish to bridge Matrix

Do this in the usual way you add a member to a Telegram group.

2. Send Request to Telegram Bot to get Alias Info

In the Telegram Group chat text input area, type
/alias
And then send as a message to the group. It will spit back a long paragraph including this key information:

….”#telegram_-123456789:tchncs.de”…..

3. Invite the Alias Bot to the Matrix group

This step should be ok by any regular member of the group (no admin needed)
Invite this user to your matrix group: @aliasbot:tchncs.de
You should see message “Alias Bot joined the room”

4. With Full Admin Rights to the Matrix Group, Bridge it!

You will not be able to do this with anything less than full admin rights.
In the chat text input area, enter:

!alias #telegram_-12345668987654321

and send it (of course replacing the numbers with the ones you got in Step 2 above)

5. Enjoy your newly built bridge

Categories
Freedom and Privacy Technology Tutorial Ubuntu Ubuntu Touch

How to Sync Files from Ubuntu Touch to Nextcloud using UBsync

Ubuntu Touch is awesome. Nextcloud is also awesome. Put them together and you have awesome… squared. How cool would it be to have your photos automatically sync to your own Nextcloud sever? Well, you can do it today and here is how.

EDIT DEC 24, 2018 – Important Security Warning before beginning!
Currently as of the time of this post, UBsync is not very secure. The volunteers who forked it are not security experts and the password file is not secure and is in plain text. Therefore, be warned that if your content is of extremely private nature, do not use this blog contents until the app has been properly updated.

However, if you are just trying to move your selfies from your phone to your Nextcloud for safe-keeping, this blog will suffice and hopefully in the next little while we’ll have some helpers in the project to improve the way the password is handed.

Also, there is a way to mitigate some risk so that at least your main NC user/password cannot be high jacked. When you log in to your Nextcloud user settings through a browser and go to ‘Security’ and ‘Create new app password’. Be sure to save this password right away during creation and in a safe place because you can only see the password one time (you can’t come back and see it again).

Once you have this password ready, continue with the blog.

  1. Make sure that you have a user account and password from a Nextcloud server.
    If you don’t have a nextcloud user account, consider strongly hosting your own. You can do this on an unused computer, or using Nextcloudpi on a Raspberry pi, or host a more ‘serious server’.
  2. In your Nextcloud user directory, create an appropriate directory to put your Ubuntu Touch files in. If you don’t touch anything everything will go into your ‘Photos’ folder by default.
  3. Make sure you have the UBsync app installed from the OpenStore
  4. Go to System Settings in Ubuntu Touch
  5. Go to ‘Accounts’
  6. Select ‘Add Account’
  7. Select ‘Nextcloud’
    Note: If you try to add an account and it doesn’t respond and take you to the next step, you may need to reboot your device.
  8. Enter your Nextcloud credentials (from the ‘new app password’ you created at the very beginning)
  9. Open UBsync App on your Ubunt Touch device
  10. Select ‘Add a New Account’
  11. Select ‘allow’ if the prompt is showing the correct username with the correct server address
  12. Go back to ‘General Settings’ screen of UBsync
  13. Set your sync frequency.
  14. Select any other changes you want on this page.
  15. Go back another screen with the back button top left
  16. Select the folders on your device that you want to sync to your Nextcloud with the ‘Sync Folders’ option.
    The default option will put your Ubuntu Touch photos (unedited) into the /photos directory (which is a default directory when Nextcloud creates a new account) from the following Ubuntu Touch directory

Default: /Pictures/com.ubuntu.camera/.original

  • Add a new folder with the + plus sign on the top right.
    Select the directory on your UT device you want to sync. NOTE: This is the tricky part, the big ‘tick’ check mark in the center of the screen is not ‘touchable’ but is trying to direct you to hit the ‘tick’ in the top right menu!

Do the same actions for the remote folder.
If the Folder doesn’t exist you can create a new one easily by just typing it. After creating it, touch it again and hit the ‘tick’ in the top right to make it real.

  1. When complete, press the back arrow at top left of ‘sync settings’ title.
  2. Start the sync
    Select ‘sync service’ and then the green ‘sync’ button. NOTE: Make sure you are on wifi if you allowed your settings to use both cell phone data and wifi as the sync could be pretty big, especially the first one while it pulls the files from your phone and moves them to nextcloud.

How to Delete an Account un UBsync for Ubuntu Touch

  1. Go to System Settings in Ubuntu Touch
  2. Go to ‘Accounts’
  3. Touch ‘Nextcloud’
  4. Select ‘Remove Account’ button

That’s it. The account is now removed/deleted.

Categories
Freedom and Privacy Mesh Networks Technology Tutorial Ubuntu

MAKING DDNS WORK IN OPEN WRT

OpenWRT project is awesome for sure. It’s free software (open source) and it allows you to use your router the way you want, unlike how they usually come out of the box. That said, there doesn’t appear to be a super vibrant community around it (yet) so some stuff is pretty hard to do. I’ve created an OpenWRT English-speaking Telegram Group (for now) in hopes this might help some more community building.

Anyway, here is what you came to this blog for: Making the DDNS service work in your OpenWRT router – in my case, specifically, this is a Dlink DIR-615 router and I’m working with No-ip.com so you may need to adjust a bit according to your service. But if you have NO-IP or haven’t started yet, then maybe just use No-IP?

Let’s do it.

  1. Get your OpenWRT router setup with OpenWRT. If you happen to have a Dlink DIR-615 – bonus! Here is my blog post to that. If not, it might still be useful or inspiring for helping you get rolling.
  2. At the top of the router menu options, go to ‘System’ and then ‘Software’ and click the ‘update lists’ button.

This will pull all the possible packages you can install into your router from the community.

  1. Before installing other packages, install package named “luci-app-ddns.”
    It ‘seems’ that this also installs ddns-scripts when you install this which is another one you need so it’s nice it’s automatically installed with this package.
    Important Note: If you cannot find packages, or something is strange during package install, you may need to reboot your router to free up some RAM memory. This happened a few times and after rebooting the router I was then able to update the lists correctly.
  2. Using the same method as the step above, Install the No-IP package for OpenWRT called “ddns-scripts_no-ip_com”

A tab called ‘Services’ should now appear at the top of your router’s menu options because you performed step 3 above. Verify this is good and if some problem, repeat the above steps until you have your tab and possibly you will need to reboot router (see important note above)

  1. Under new ‘Services’ menu dropdown at top, “Dynamic DNS’ should now be an available option. Here is a link to some No-IP documentation for the client that I found useful. This link here in the ‘OpenWRT configuration’ section was also helpful to me for your reference although it wasn’t No-IP specific.
  2. In the ‘add’ field at the bottom left, give your service a listing name (I used ‘Noip’ for mine) Then click ‘add’.
  3. In the DDNS Service provider[IPv4] field, select “no-ip.com” from the dropdown list. Note: even though this is later in the order of fields, do this now.
  4. Press ‘change provider’ button
  5. For the ‘Lookup Hostname’ give it your No-IP custom URL without the “HTTPS://” stuff.
  6. In the “Domain” field, put the same info from step 7 above.
  7. username = your No-ip username (maybe your email?)
  8. Password = you guessed it! Your password for the No-IP service
  9. Under ‘Advanced Settings” I selected “https:// checkip .dyndns .com” from the “URL to detect[IPv4]” field. I found No-IP service wouldn’t work until I chose something from this list. It wouldn’t seem to point No-IP to my router without it…
  10. ‘Save and Apply’
  11. At the top right you might (I can’t remember to be honest) see a notification that you have unsaved changes in your router. If so, go and apply those changes to your router.
  12. Go back to overview list where you started. You should now see your new entry
  13. Click the ‘enabled’ checkbox
  14. Press ‘start’ button. You should now see a PID and a number with it and a red icon.

Now, you should be up and rolling and after No-IP has a bit of time to apply the changes your router should now be accessible by the URL you put in step 8 above.

Categories
Freedom and Privacy Mesh Networks Technology Tutorial Ubuntu

Flashing OpenWRT onto a D-link DIR-615 – The Sequel!

The funny part about this blog is that I spent an entire day searching for how to do this and then I ended up landing on a blog post with the answer… written by ME. in this 2015 blog post Lol or something?

This tutorial assumes you are using Ubuntu and know how to access your terminal and do some basic commands. If not, do a quick study on that before you begin. If you aren’t using Ubuntu on your computer I’m not sure what I can do to help other than encourage you to switch immediately.

This tutorial also assumes that your computer/laptop is plugged directly into the DIR-615 router by ethernet cable and not by wifi. It could probably be done with wifi, but I don’t know and I know it adds an extra layer of complexity I don’t like. So find a cable and plug in to do all this.

1. Download the appropriate image from OpenWRT to your computer.

I got mine by refining a search here.

2. Extract the file into it’s raw ‘.bin’ format.

Mine looks exactly as follows at the time of this writing when it’s sitting in my directory but as versions change and improve this could slightly change be aware:

lede-17.01.4-ar71xx-generic-dir-615-c1-squashfs-factory.bin

3. Using your terminal cd (change directory) to the location where the file is you just extracted in step 2.

4. Make sure your computer is set to a static IP address.

If you don’t know how to do this, search it online as I don’t have a quick link to it right now. “How to set static IP address in Ubuntu’ should find something. Make sure that your static IP address you are setting does not conflict with another device on the router, nor with the router itself at 192.168.0.1.

192.168.0.2 static

NOTE: After this router is flashed you will need to get rid of this static IP address since it won’t match your new router!

5. Pre-enter the following command into your terminal so you are ready to press enter

curl -0vF files=@lede-17.01.4-ar71xx-generic-dir-615-c1-squashfs-factory.bin http://192.168.0.1/cgi/index

Again, the part after the @ symbol in the command above might change depending on the .bin file you are flashing on. This tutorial will likely get old at some point so you may need to swap out a different file name into the command above but the rest should work long term.

6. Power off the router by unplugging the black power cable

Warning. You are about to forever wipe your router’s ‘operating system’ so if you have anything in there you care about this would be the time to get those out!

7. Put pen in the reset button of router and hold it there

8. While still holding reset button, plug in the power cable.

Keep holding the reset button! Don’t let go. The light will be a solid colour (orange, I recall?) but you are waiting for the first flash before executing the next step.

9. As soon as the solid light starts to flash hit the enter key in your terminal and run the curl command you pre-entered in step 5 above

After you hit this command at the perfect moment, things should start to work. When they do, you’ll see some funky html stuff come on the screen that looks like this:
* Hostname was NOT found in DNS cache
* Trying 192.168.0.1…
* Connected to 192.168.0.1 (192.168.0.1) port 80 (#0)
> POST /cgi/index HTTP/1.0
> User-Agent: curl/7.35.0
> Host: 192.168.0.1
> Accept: /
> Content-Length: 3932431
> Content-Type: multipart/form-data; boundary=————————464dbec1925a46d8
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Server: uIP/0.9 (http://dunkels.com/adam/uip/)
< Content-type: text/html
<
backup loader Device is Upgrading the Firmware


  • Don’t turn the device off before the Upgrade jobs done !
` `

More notes for this step
The screen will stay with this html/> script on there and at this point you can keep your eyes on the router as nothing will happen on the screen.
You should see lights flashing and reboots. Wait, wait, wait. Failure seems real but it’s not yet…. For me I was stuck on a green light for a really long time and no updates in terminal.

If after 5 minutes (or so) things appear to be ‘stuck’ at that point you could try unplugging the power cable and plugging it back in again to test.

To test to see if it worked, go to the new access IP address which should be 192.168.1.1. If you are prompted for user/password you succeeded.

A few troubleshooting notes

Something didn’t work? Read these next few points for some inspiration:

  • Did you really make a static IP address in step 4? You might think you did but maybe it didn’t work. Check with ifconfig command and see what IP address your computer/laptop has. If it’s not static, things won’t work right.
  • Were you too fast or too slow with the timing of the curl command in Step 5? Timing is a bit finicky here so you may have to try a few times to nail it.
  • If things are really goofy you ‘may’ need to install the original Dlink .bin file and start from there. I doubt it but there are records of this online so I thought I would mention it. You could get this on there by finding this .bin file online and using your new curl skills from above to flash the original .bin on there first.

Bin file name for DIR-615 = dir615_revC_firmware_311NA.bin

command to flash it on:
curl -0vF files=@dir615_revC_firmware_311NA.bin http://192.168.0.1/cgi/index

Follow up notes

  • Reminder! Turn your computer/laptop back to DHCP mode from static IP otherwise you might not be able to connect at all to your new router! I made this mistake way too many times and easy to forget.
  • After getting things up and running and if you need ddns, reboot device via ssh. when it comes back, then you could try this tutorial I wrote for the No-ip service. Here is a link to that tutorial.

Categories
Technology Tutorial Ubuntu

Doing a Really Big and Fast First Upload on a Fresh Nextcloudpi Install (the Samba Way)

EDIT 190515: Oops. Apparently in the instructions below in the Nautilus section I failed to say how to actually connect. Adding that now. Sorry.


Nice long title. Thankfully the speed of getting your first big upload to your new Nextcloudpi (NCP) server won’t be so long, thanks to this tutorial! By spending 10 minutes and doing this tutorial you will be uploading 95% faster (that was my experience).

Assumptions Before Beginning

  • You have full 100% admin access to your NCP (ie. you are the master admin and probably created the server and installed it, or are close friends with the person who did)
  • You have SSH access to your NCP, and you know how to SSH into your NCP. If you don’t… you’ll need to research that first.

1. Confirm the Username in NCP Who Will receive the Big File Shipment

This major upload will need to be associated with a username. In my case, I have created a ‘master-master user’ for this kind of reason. So I will be shipping this big upload to my ‘master-master user’ so that after it’s done that user can assign which files are to be shared with whom (and how). I think this is the right way to do it, even if you are the admin yourself. Topic is open to discussion, but that’s how I roll…

Make sure this user exists in NCP is the key point.

2. SSH into your NCP

NOTE!  Apparently you can do steps 2, 3, and 4 via the NCP web admin so this means you might not need SSH, plus it might be easier.  I won’t have a chance to test myself for a while but try that out first maybe! Otherwise, learn SSH and do the next few steps the way I write.

3. Setup Samba in NCP

  • sudo ncp-config

The first screen is informative and the ‘yes/no’ answers don’t make sense if you read it for grammatical sense. Just chose ‘yes’ which means “I understand that I have to force NCP to ‘scan’ the files when I’m done putting files on the box” This has now (Dec 2018) been fixed by the developers and it now says ‘I understand’ in the option box. Nice and thanks!
You will see:
ACTIVE: NO
PASSWORD: ownyourbits

Type ‘yes’ (no quotes) overtop of ‘no’ in ‘active’ and type in a strong password. You will use this password later and probably you don’t want to give this to anyone else because if you do, that user can go in and mess with other people’s files (I think) Use the Tab key until you arrive at ‘yes’ and press ‘enter’

It should automatically create the ‘samba shares’ for each username you have already put into the system. This means that every user in your box can also access files on the cloud this way and not just with a nextcloud client user features. But the main point is that we’ll be able to move files quickly across the Local Area Network (LAN)

Once this part is done, press any key it will bring you back to your ncp-config screen.

Tab twice until you hit ‘finish’ and then press enter. That will bring you back to your terminal.

4. Do your Samba Shares (and I don’t mean the dance….)

In this example I will be using Ubuntu desktop, so if you are using some other operating system – tough bananas – and you’ll have to search some other tutorial about how to connect your computer to your NCP using Samba.

First, open Nautilus (also called ‘Files” if you mouse-over it. The thing that lets you browser your files on your computer and looks like a file cabinet.

Next, go down to ‘Other Locations’ on the left panel and click it. In this case we want to use the LAN IP address because that’s the whole point of this exercse – fast transfer across LAN instead of going through the internets…

  • EDIT 190515: enter into the ‘connect to Server’ field at the bottom smb://ipaddress (ie. smb://192.168.1.30) where the ip address is, of course, the address of your nextcloud box
  • Enter in the credentials for the Samba user you made.

As soon as you enter it in, assuming your box is on, it will find all those usenames and folders for them automatically. Double click the one you want to dump all the files into (probably your master-master admin account). The next part, although it seems easy – is not! But the reward is great so let’s do it.

I realized that what you need here for the username is indeed the NCP username but, but, but.. the password is the one you created in step 3 above! So tricky but alas…

5. “You like to Move it, Move it.”

Let’s move the files now. In Nautilus, middle mouse click wherever your main dump of files are. That will open up a new Nautilius tab from where you can drag, drop stuff into the other tab you just logged into. I just find this a nice and easy way but you can drag drop files there however you like.

Now, select everything you want to move and move them into your NCP user’s Nautilus tab.

Note: You should consider doing this piece by piece unlike me who tried to move 13 GB at a time. You don’t have an easy way to check the progress in this way so consider doing these moves small pieces at a time so you can see progress more easily.

While this is file move is happening, read on to the next section because you’ll have to tell NCP to scan the files when it’s done.

6. Scan the Files

After the move is completely finished from step __ above, in your Nextcloudpi web admin area, scroll down to the ‘nc-scan’ section and run it. It took much less time than I expected. It quickly scans all the files associated with all the users and (I guess) says ‘hey, there is a file here connected to this user’. After running the scan NCP is ready to roll.

7. Start your sharing

Log into the account you just put the files in and start sharing as you like and normally do.

We here at wayne(outthere) hope this made your day shiny and bright. Have a nice day.

Categories
Technology Tutorial Ubuntu

Setting up Nextcloudpi (NCP) with an Encrypted Hard Drive

The following tutorial is how you can setup an encrypted hard drive to work with Nextcloudpi. Please note that there are a few steps you will have to perform every time your pi goes down because the drive will require decrypting. Basic understanding of the command line will be required for this so if you don’t have these skills locate someone who does. One step that should be complete before beginning is formatting your encrypted drive. We recommend following this tutorial for setting up your drive.

1. Flashing Nextcloudpi onto the SD Card using Etcher

Go and find Etcher. There are other ways to do it but Etcher works really well and fast. They seem to have deb packages now if you are Ubuntu/Debian

2. Download the appropriate NCP image

Here is the repository for the NCP downloads. Make sure to get the right one as there are different ‘flavours’ of raspberry pi’s out there. Consider asking a community member. Generally it will be the generic RPi version if you are on a raspberry pi.

3. Extract the image from the downloaded archive

This extraction of the downloaded archive takes a bit more time than I expected so maybe get a coffee or play with your cat. Just saying. The extracted version is what you’ll flash to the card in the next steps, however, I think Etcher can use the raw archive but I’m too lazy to research that…

4. Flash the NCP Image to the SD Card

The instructions are pretty hard to mess up with Etcher in terms of how to use it. Just do it, but read the next important note (seriously read it, that’s why i put it bold and I’m mentioning it before you even read it)

Important usefule note!! It’s very easy to create a tragedy when flashing an image onto an SD card since Etcher doesn’t care that much what you are flashing on. I recommend physically removing any drive you don’t want to screw up. If you don’t it’s possibe to accidentally flash this onto your drive and completely kill it. Again, physically remove the drives you don’t want to kill and you’ll be a happier person.

  • Optional Step if you have previously attempted an Installation on this computer (clearly out your history)
    If you have already accessed a nextcloud server from Firefox and accessed it via ssh. While image is flashing onto the SD, remove historical garbage that will screw things up:
    • Remove cached stuff in Firefox (assuming Firefox)
      By going to settings and preferences / privacy & security / Cookies & Site data-Manage Data, then search IP address of your box and ‘remove’ and then ‘save’. It will give a warning which you say ok to. Not doing this might prevent you from accessing your box on same IP address with new install
    • Remove ‘known_hosts’ from SSH.
      This makes sure your old SSH keys and such don’t get in the way of a new SSH setup. In terminal go to /home/user(whatever it is) / .ssh.
      Now you are in the .ssh folder. Now type rm known_hosts.

5. Plug in Encrypted Drive

This step assumes you have already encrypted your drive. If you haven’t or aren’t sure if you have, don’t continue but instead refer to comment in pre-amble above.

6. Put newly-etched SD card with NCP image on it, into your Raspberry Pi and plug it in.

About 2 minutes later you should be able to move to next step. If it hangs, you’re too zealous… and chill. If you find the page won’t load, perhaps you already tried an installation and you need to follow the ‘optional steps’ above?

7. Go to IP address of your Pi in your Browser

If you don’t know the IP address of your Pi yet, you can get it from your router (if you know how) or you can use tools like nmap and zenmap to do this on your network. They scan to show what devices are there and their IP addresses. After entering your IP address into the browser URL (something like 192.168.x.xx), you will be prompted with an activation page. But righ before that you will be prompted to accept the not secure connection (which is fine for this part).

Save those passwords somewhere safe (note the convenient clipboard icon which automatically copies the long string to clipboard!) (I use KeepassX and ‘activate’ installation. Should take a minute or two. If it hangs on the activation page for more than 5 minutes, although unlikely, you may need to re-flash the image from Step 1 above as there could be a problem with the way the image flashed onto the card.

8. Enter user and password into the prompt box.

These are the passwords you saved from step 5. Specifically it will be the password for the top one (:4443). The user is ‘ncp’ and the password is that long string of gobbly gook you saved in Step 5 above. You may/will also need to confirm security exception here again (which is normal).

9. Skip the installation wizard when prompted

We are skipping this step since we are adding an encrypted drive. We’ll do part of it later.

10. (Optional) Make Static IP

You can skipt this step, but I think it’s smart for your future to make a static IP for your NCP at this point because some routers tend to change it etc, etc. Just go to the nc-static-IP option and type in what you like and what will work in your unique network config.

Power off and get back to this web admin area so that your router/network will have new static IP if you did this step. You can do this with the power button icon in the top right of NCP admin, too, but when it comes back remember you’ll need to change the URL to the new IP in your browser.

11. Activate SSH in NCP admin

  • On the left hand column you will see the SSH option in the NCP admin page. Go there and click the activate checkbox and enter an easy password. You can enter something as simple as 1234 here since it won’t be your ‘actual password’.
  • Go to your terminal and do ssh pi@xxx.xxx.x.xx where the x’s are your pi’s IP address discovered in step 5 above.
  • At the first prompt you enter the 1234 (easy password) you just made in the NCP admin page. This next part is a bit ‘weird’ if you haven’t dont it because it will kick back a request for the same password again.
  • Enter it again.
  • NOW you enter a real and strong SSH password that you will use for actual access to your box. Make sure it’s strong and you don’t lose it.
  • Once you enter that it will log you out of SSH again and force you to log in again with your new and real password.

Mastering this step is critical because you’ll need SSH access to do encrypted drive stuff (such as decrypting it every time the power goes off) if something ‘goes wrong’ usually you can access your pi via SSH to try to fix it. Note: if you are prompted for the key fingerprint (should be) then answer ‘yes’.

12. Update your Pi-kages

This is to make sure you have the packages required to do useful stuff such as encrypt your drive. The cryptsetup package is in here so if ou want to do steps 11 below you better run these two:

sudo apt update
sudo apt upgrade

9. Do an NCP Update

Log in again with ssh pi@xxx.xxx.x.xx and run this command below. This is to make sure that your packages includ the ‘cryptsetup’ package and also makes sure that your box is up to date:

sudo ncp-update

10. Make Apache2 not start on boot.

Making apache2 not start on boot lets you decrypt your encrypted drive before the system starts up. If/when your pi goes down, you will need to later go in and manually mount the drive each time (instructions to follow):

sudo update-rc.d apache2 disable

Remember: when the power goes off your Nextcloud will not work until you go in with SSH, decrypt drive, and restart apache2. More on this later…

11. Pre-Mounting of the Encrypted Drive

From this point we assume your drive is already encrypted in Luks format. If it’s not refer to [this page](link to come) for those instructions

  • a) Install the encryption toolset so you can decrypt your drive on NCP sudo apt install cryptsetup
  • b) Check your pi to make sure the drive is showing up at least sudo lsblk

Mine shows up as ‘sda’ but yours might be different. Look at profile of it and make sure it’s at least there.

  • c) Key step: –> make sure contents of encypted drive are EMPTY…..
  • d) Decrypt the drive so it’s usable by Nextcloud. You’ll need your drive de-cryption password here (and every single time you reboot your NCP…so get used to this step…): sudo cryptsetup luksOpen /dev/sda gcw2
  • e) Check again to make sure drive is looking right sudo lsblk
    Mine looks like this:

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 232.9G 0 disk
└─gcw2 254:0 0 232.9G 0 crypt

12. Start apache

This makes your nextcloud stuff work so you can reach it in a browser

sudo /etc/init.d/apache2 start

13. Run the NCP Installation Wizard to Move Files to Encrypted Drive

  • Go to the address of your pi in your browser with :4443/wizard at the end to access the first run wizard in NCP https://xxx.xxx.x.xx:4443/wizard
  • “Do you want to save Nextcloud data in a USB drive?” Yes.
  • “Plug in the USB drive and hit continue.” –> it’s plugged in so ‘continue’
  • “If you want to prepare the USB drive to be used with NextCloudPi hit Format USB. Skip if already formated as ext4 or BTRFS. Attention! This will format your USB drive as BTRFS and will destroy any current data.” –> Skip formatting of drive because it’s encrypted and you want to keep it that way
  • Move data to USB –> click the button
  • Go through the ‘external access’ wizard however you like. I do mine manually in router
  • For DDNS, I skip and do mine manually in router as well with No-ip but you can try this if you want. This is not the point of this tutorial This should make your nc-datadir point to your drive meaning that your hard files will now save to the encrypted USB drive instead of to the stock SD card which is by default where they would go. You will know if this part was successful because nc-automount and nc-datadir should will change from an orange colour to a green colour in the bottom right side of your browser screen.
  • Go back to web admin panel from there

14. Run the nc-database move feature in the NCP admin panel

Again, make sure the hard drive is completely clear at this point. It’s probably possible to move a previous existing database here, but it’s out of the scope of my ability or this tutorial. You can investigate it yourself but this is assuming you have a clear drive.

Bonus section you hopefully won’t need

If you got a green light above in the last step don’t even read this section and skip to Step 15. If you have a problem where you try to do the above step and it gives you a permission So what happens here with encryption is a ‘symlink’ is created so it’s this symlink that needs to get the right permissions or NCP can’t do it’s thing with the step above. This may be a bug that no one else sees, but I’m leaving a few hints here in case we need it later:

In the next steps you have to in your terminal go to your /media/ folder and correct a permission manually before you are able to use the NCP ncdatabase function. if you have done previous nextcloud installations with their default directories on this drive, you will need to wipe out whatever is there before you move forward.

sudo chmod o+xr /media/gcw-ssd

(gcw-ssd is the name of the symlink created on your drive that points to USBdrive in Nextcloud)

Now go back to your NCP web area and do the nc-database move and it should work.

Command to empty your folders complete are as follow (use with caution, of course because this will ruin your day if you do it to the wrong dir!)

(if it’s not empty run: sudo rm -rf /media/USBdrive/ncdatabase)

You might also like to keep this command handy to check permissions if someone asks:
sudo ls -ld

15. LetsEncrypt – nice and easy.

This is a good chance to relax and do some Lets Encrypt since it’s easy and satisfying. Go to the left panel of web admin find letsencrypt, fill in the blanks, and press go. Now you should be able to find your box from the internets with secure connection too. You’ll need your dynamic dns url at this point to make it all work so go and do that at no-ip.com or whatever you like. S

16. Reboot system to make sure things are working as they ought

  • Shut down your box with command:
    sudo reboot
  • To be sure it’s back up you can ping xxx.xxx.x.xx (your box). When it starts responding you should be ready to ssh in
  • SSH in (see instructions above in Step 8) At this point, because you made apache2 not start on reboot, neither your NCP admin pages nor your nextcloud instance will be accessible. We will proceed with a new section now which will be your process to get it back up each time the power goes down or it’s rebooted.

17. Getting things back up after a reboot:

  • Unlock/decrypt drive. Note: yours will not be ‘gcw2’ – that’s just my example. Can be whatever you like.
  • sudo cryptsetup luksOpen /dev/sda gcw2
  • Enter your decryption password for drive
  • Restart apache (see above)
  • sudo /etc/init.d/apache2 start

Celebrate if it’s working! Try again if it’s not!

Special thanks to Tobias, Nachoparker and Kevin for all your hard work with me getting it this far!

Categories
Freedom and Privacy Life Skills Technology Ubuntu

Stop Fighting Apple-Just Force this Disclosure on buyers!

I’m super bored reading these kind of stories.  I’ve been free from such software and hardware for many years so at this point it’s just boring.  However, I do have a solution instead of trying to sue them for monopolizing or overcharging: just force a really simple, plain language disclosure document before the sale of any Apple Inc device. Here is my proposed disclosure:


I understand that by purchasing this Apple Inc device I will be forced into a software environment called the “App Store” that is the equivalent of a rigid monopolist jail cell.  I understand that the only apps I will be able to install must come from this Apple ‘App Store’.  There is no other way to get an app without violating your warranties but through this monopolist app store .

Because Apple Inc will take from the software developers who develop for this device a mandatory 30% of the purchase price when you purchase an app through their system, I could either be spending money on an app that could be otherwise free, or spending 30% more than I could while software developers try to make up for their business losses from this significant commission that Apple unilaterally takes for itself. 

Furthermore, I also understand that I will risk the chance of having my device’s performance remotely throttled by Apple Inc whenever they feel it is right to do so and without first consulting me about it.  I also understand that even the hardware itself is made with proprietary connectors (i.e. chargers) that will not work with other standard industry connectors.

I also understand that there are other software systems such as Linux which has operating systems such as Ubuntu, that respect my freedom and choices, and provide free software and free delivery of software and that are capable of running on top of many different types of hardware, including mobile phones.  I understand that many of the large corporations (such as Apple, Google) run these Linux systems for their own computers and servers. 

I declare that no one is forcing me to enter into this relationship with Apple Inc, that I have do have choices, that I have been warned, and I now choose to move forward with this purchase and risk suffering all of the above pains.

________________________

Apple Inc Device Customer

 

__________________________
Date of purchase