Tag: privacy

How to use Onionshare on Ubuntu

Looking for some extra security, privacy and anonymity whens sending files? This might be a neat solution for you.

Currently it seems the instructions for using this interesting Onionshare technology are not super clear so I’m writing up a quick tutorial so others can save a few minutes and set their expectations correctly.

First, how it works is this:

  • You have to use a command line tool for now
  • Onionshare does a bunch of fancy stuff to your file and turns it into a shareable link
  • The person on the other side gets the files by entering that link into a tor browser (not a regular browser – won’t work)
  • You get a .zip file, not the raw file which you download to your local device and extract
  • It seems you only get one chance and if you don’t get the files, the link dies and the sender has to start again.

So, let’s get started:

1. Install Onionshare.

Command line install instructions are in the Ubuntu section here

2. Install Tor browser

I used the Ubuntu Software centre. Probably there are other ways to get it.

3. Convert your file into a shareable and anonymous link

In the terminal, go to where your file is with the CD command and then type:
onionshare filename.txt
Where filename.txt is whatever file it is you are trying to share.

4. Copy Link to clipboard

If you haven’t used a terminal for copying before you’ll need to do control + shift + C (not just control + c)

5. Have sender open link in Tor browser

In this case it’s probably you for the first test so paste the link into the Tor browser.

6. Download the file(s)

It seems you only get one shot and that it won’t download raw file but only compressed package. Also if you aren’t familiar with Tor, I lost some precious time here as well looking on my computer for the file but it downloads into a ‘tor folder’ it seems so use the browser to go find your file in case it didn’t end up where you expected…what I did was find it, and then control + X it to my local machine from there to do the next steps.

7. Extract and Enjoy

Worked for me!

One-Shot Sharing

Try now to click the download files button again. You will see it’s dead.
Try also to use the same share link again. You will see this also is dead.
Kind of cool.

Sending more than one File at Once

So, after sending one file, I tried again to send an entire directory containing a screenshot, a PDF and a music file just to see what happened. I then tried to do the exact command with a regular directory to see if this would be able to handle it but no go. Onionshare appears not to be able to do this. It failed and couldn’t open the end zip file. For the second test I compressed the directory first as a .zip, then sent that via the instructions above and … still no go. When I try to extract it fails.

So it may currently only be able to send single files, but definitely single files work well with these instructions above and if you figured out how to send a directory, throw that in the comments below.

Tags : ,

Bridging a Matrix and Telegram Room

ASSUMPTIONS

For this tutorial, we shall assume that you already have:

  • An existing Matrix chat room of which you are administrator and
  • A Telegram supergroup with admin rights to add members
  • The Matrix room is set to “Anyone who knows the room’s link, apart from guests” in the “Who can access this room” settings of the group
  • Encryption is turned off (otherwise bridge won’t work)

Let’s continue assuming the above to be true.

1. Add username “@tchncs_bot” to the Telegram group to which you wish to bridge Matrix

Do this in the usual way you add a member to a Telegram group.

2. Send Request to Telegram Bot to get Alias Info

In the Telegram Group chat text input area, type
/alias
And then send as a message to the group. It will spit back a long paragraph including this key information:

….”#telegram_-123456789:tchncs.de”…..

3. Invite the Alias Bot to the Matrix group

This step should be ok by any regular member of the group (no admin needed)
Invite this user to your matrix group: @aliasbot:tchncs.de
You should see message “Alias Bot joined the room”

4. With Full Admin Rights to the Matrix Group, Bridge it!

You will not be able to do this with anything less than full admin rights.
In the chat text input area, enter:

!alias #telegram_-12345668987654321

and send it (of course replacing the numbers with the ones you got in Step 2 above)

5. Enjoy your newly built bridge

Tags : , , ,

How to Sync Files from Ubuntu Touch to Nextcloud using UBsync

Ubuntu Touch is awesome. Nextcloud is also awesome. Put them together and you have awesome… squared. How cool would it be to have your photos automatically sync to your own Nextcloud sever? Well, you can do it today and here is how.

EDIT DEC 24, 2018 – Important Security Warning before beginning!
Currently as of the time of this post, UBsync is not very secure. The volunteers who forked it are not security experts and the password file is not secure and is in plain text. Therefore, be warned that if your content is of extremely private nature, do not use this blog contents until the app has been properly updated.

However, if you are just trying to move your selfies from your phone to your Nextcloud for safe-keeping, this blog will suffice and hopefully in the next little while we’ll have some helpers in the project to improve the way the password is handed.

Also, there is a way to mitigate some risk so that at least your main NC user/password cannot be high jacked. When you log in to your Nextcloud user settings through a browser and go to ‘Security’ and ‘Create new app password’. Be sure to save this password right away during creation and in a safe place because you can only see the password one time (you can’t come back and see it again).

Once you have this password ready, continue with the blog.

  1. Make sure that you have a user account and password from a Nextcloud server.
    If you don’t have a nextcloud user account, consider strongly hosting your own. You can do this on an unused computer, or using Nextcloudpi on a Raspberry pi, or host a more ‘serious server’.
  2. In your Nextcloud user directory, create an appropriate directory to put your Ubuntu Touch files in. If you don’t touch anything everything will go into your ‘Photos’ folder by default.
  3. Make sure you have the UBsync app installed from the OpenStore
  4. Go to System Settings in Ubuntu Touch
  5. Go to ‘Accounts’
  6. Select ‘Add Account’
  7. Select ‘Nextcloud’
    Note: If you try to add an account and it doesn’t respond and take you to the next step, you may need to reboot your device.
  8. Enter your Nextcloud credentials (from the ‘new app password’ you created at the very beginning)
  9. Open UBsync App on your Ubunt Touch device
  10. Select ‘Add a New Account’
  11. Select ‘allow’ if the prompt is showing the correct username with the correct server address
  12. Go back to ‘General Settings’ screen of UBsync
  13. Set your sync frequency.
  14. Select any other changes you want on this page.
  15. Go back another screen with the back button top left
  16. Select the folders on your device that you want to sync to your Nextcloud with the ‘Sync Folders’ option.
    The default option will put your Ubuntu Touch photos (unedited) into the /photos directory (which is a default directory when Nextcloud creates a new account) from the following Ubuntu Touch directory

Default: /Pictures/com.ubuntu.camera/.original

  • Add a new folder with the + plus sign on the top right.
    Select the directory on your UT device you want to sync. NOTE: This is the tricky part, the big ‘tick’ check mark in the center of the screen is not ‘touchable’ but is trying to direct you to hit the ‘tick’ in the top right menu!

Do the same actions for the remote folder.
If the Folder doesn’t exist you can create a new one easily by just typing it. After creating it, touch it again and hit the ‘tick’ in the top right to make it real.

  1. When complete, press the back arrow at top left of ‘sync settings’ title.
  2. Start the sync
    Select ‘sync service’ and then the green ‘sync’ button. NOTE: Make sure you are on wifi if you allowed your settings to use both cell phone data and wifi as the sync could be pretty big, especially the first one while it pulls the files from your phone and moves them to nextcloud.

How to Delete an Account un UBsync for Ubuntu Touch

  1. Go to System Settings in Ubuntu Touch
  2. Go to ‘Accounts’
  3. Touch ‘Nextcloud’
  4. Select ‘Remove Account’ button

That’s it. The account is now removed/deleted.

Tags : , , , ,

MAKING DDNS WORK IN OPEN WRT

OpenWRT project is awesome for sure. It’s free software (open source) and it allows you to use your router the way you want, unlike how they usually come out of the box. That said, there doesn’t appear to be a super vibrant community around it (yet) so some stuff is pretty hard to do. I’ve created an OpenWRT English-speaking Telegram Group (for now) in hopes this might help some more community building.

Anyway, here is what you came to this blog for: Making the DDNS service work in your OpenWRT router – in my case, specifically, this is a Dlink DIR-615 router and I’m working with No-ip.com so you may need to adjust a bit according to your service. But if you have NO-IP or haven’t started yet, then maybe just use No-IP?

Let’s do it.

  1. Get your OpenWRT router setup with OpenWRT. If you happen to have a Dlink DIR-615 – bonus! Here is my blog post to that. If not, it might still be useful or inspiring for helping you get rolling.
  2. At the top of the router menu options, go to ‘System’ and then ‘Software’ and click the ‘update lists’ button.

This will pull all the possible packages you can install into your router from the community.

  1. Before installing other packages, install package named “luci-app-ddns.”
    It ‘seems’ that this also installs ddns-scripts when you install this which is another one you need so it’s nice it’s automatically installed with this package.
    Important Note: If you cannot find packages, or something is strange during package install, you may need to reboot your router to free up some RAM memory. This happened a few times and after rebooting the router I was then able to update the lists correctly.
  2. Using the same method as the step above, Install the No-IP package for OpenWRT called “ddns-scripts_no-ip_com”

A tab called ‘Services’ should now appear at the top of your router’s menu options because you performed step 3 above. Verify this is good and if some problem, repeat the above steps until you have your tab and possibly you will need to reboot router (see important note above)

  1. Under new ‘Services’ menu dropdown at top, “Dynamic DNS’ should now be an available option. Here is a link to some No-IP documentation for the client that I found useful. This link here in the ‘OpenWRT configuration’ section was also helpful to me for your reference although it wasn’t No-IP specific.
  2. In the ‘add’ field at the bottom left, give your service a listing name (I used ‘Noip’ for mine) Then click ‘add’.
  3. In the DDNS Service provider[IPv4] field, select “no-ip.com” from the dropdown list. Note: even though this is later in the order of fields, do this now.
  4. Press ‘change provider’ button
  5. For the ‘Lookup Hostname’ give it your No-IP custom URL without the “HTTPS://” stuff.
  6. In the “Domain” field, put the same info from step 7 above.
  7. username = your No-ip username (maybe your email?)
  8. Password = you guessed it! Your password for the No-IP service
  9. Under ‘Advanced Settings” I selected “https:// checkip .dyndns .com” from the “URL to detect[IPv4]” field. I found No-IP service wouldn’t work until I chose something from this list. It wouldn’t seem to point No-IP to my router without it…
  10. ‘Save and Apply’
  11. At the top right you might (I can’t remember to be honest) see a notification that you have unsaved changes in your router. If so, go and apply those changes to your router.
  12. Go back to overview list where you started. You should now see your new entry
  13. Click the ‘enabled’ checkbox
  14. Press ‘start’ button. You should now see a PID and a number with it and a red icon.

Now, you should be up and rolling and after No-IP has a bit of time to apply the changes your router should now be accessible by the URL you put in step 8 above.

Tags : , , , ,

Flashing OpenWRT onto a D-link DIR-615 – The Sequel!

The funny part about this blog is that I spent an entire day searching for how to do this and then I ended up landing on a blog post with the answer… written by ME. in this 2015 blog post Lol or something?

This tutorial assumes you are using Ubuntu and know how to access your terminal and do some basic commands. If not, do a quick study on that before you begin. If you aren’t using Ubuntu on your computer I’m not sure what I can do to help other than encourage you to switch immediately.

This tutorial also assumes that your computer/laptop is plugged directly into the DIR-615 router by ethernet cable and not by wifi. It could probably be done with wifi, but I don’t know and I know it adds an extra layer of complexity I don’t like. So find a cable and plug in to do all this.

1. Download the appropriate image from OpenWRT to your computer.

I got mine by refining a search here.

2. Extract the file into it’s raw ‘.bin’ format.

Mine looks exactly as follows at the time of this writing when it’s sitting in my directory but as versions change and improve this could slightly change be aware:

lede-17.01.4-ar71xx-generic-dir-615-c1-squashfs-factory.bin

3. Using your terminal cd (change directory) to the location where the file is you just extracted in step 2.

4. Make sure your computer is set to a static IP address.

If you don’t know how to do this, search it online as I don’t have a quick link to it right now. “How to set static IP address in Ubuntu’ should find something. Make sure that your static IP address you are setting does not conflict with another device on the router, nor with the router itself at 192.168.0.1.

192.168.0.2 static

NOTE: After this router is flashed you will need to get rid of this static IP address since it won’t match your new router!

5. Pre-enter the following command into your terminal so you are ready to press enter

curl -0vF files=@lede-17.01.4-ar71xx-generic-dir-615-c1-squashfs-factory.bin http://192.168.0.1/cgi/index

Again, the part after the @ symbol in the command above might change depending on the .bin file you are flashing on. This tutorial will likely get old at some point so you may need to swap out a different file name into the command above but the rest should work long term.

6. Power off the router by unplugging the black power cable

Warning. You are about to forever wipe your router’s ‘operating system’ so if you have anything in there you care about this would be the time to get those out!

7. Put pen in the reset button of router and hold it there

8. While still holding reset button, plug in the power cable.

Keep holding the reset button! Don’t let go. The light will be a solid colour (orange, I recall?) but you are waiting for the first flash before executing the next step.

9. As soon as the solid light starts to flash hit the enter key in your terminal and run the curl command you pre-entered in step 5 above

After you hit this command at the perfect moment, things should start to work. When they do, you’ll see some funky html stuff come on the screen that looks like this:
* Hostname was NOT found in DNS cache
* Trying 192.168.0.1…
* Connected to 192.168.0.1 (192.168.0.1) port 80 (#0)
> POST /cgi/index HTTP/1.0
> User-Agent: curl/7.35.0
> Host: 192.168.0.1
> Accept: /
> Content-Length: 3932431
> Content-Type: multipart/form-data; boundary=————————464dbec1925a46d8
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Server: uIP/0.9 (http://dunkels.com/adam/uip/)
< Content-type: text/html
<
backup loader Device is Upgrading the Firmware


  • Don’t turn the device off before the Upgrade jobs done !
` `

More notes for this step
The screen will stay with this html/> script on there and at this point you can keep your eyes on the router as nothing will happen on the screen.
You should see lights flashing and reboots. Wait, wait, wait. Failure seems real but it’s not yet…. For me I was stuck on a green light for a really long time and no updates in terminal.

If after 5 minutes (or so) things appear to be ‘stuck’ at that point you could try unplugging the power cable and plugging it back in again to test.

To test to see if it worked, go to the new access IP address which should be 192.168.1.1. If you are prompted for user/password you succeeded.

A few troubleshooting notes

Something didn’t work? Read these next few points for some inspiration:

  • Did you really make a static IP address in step 4? You might think you did but maybe it didn’t work. Check with ifconfig command and see what IP address your computer/laptop has. If it’s not static, things won’t work right.
  • Were you too fast or too slow with the timing of the curl command in Step 5? Timing is a bit finicky here so you may have to try a few times to nail it.
  • If things are really goofy you ‘may’ need to install the original Dlink .bin file and start from there. I doubt it but there are records of this online so I thought I would mention it. You could get this on there by finding this .bin file online and using your new curl skills from above to flash the original .bin on there first.

Bin file name for DIR-615 = dir615_revC_firmware_311NA.bin

command to flash it on:
curl -0vF files=@dir615_revC_firmware_311NA.bin http://192.168.0.1/cgi/index

Follow up notes

  • Reminder! Turn your computer/laptop back to DHCP mode from static IP otherwise you might not be able to connect at all to your new router! I made this mistake way too many times and easy to forget.
  • After getting things up and running and if you need ddns, reboot device via ssh. when it comes back, then you could try this tutorial I wrote for the No-ip service. Here is a link to that tutorial.

Tags : , , , , ,

Doing a Really Big and Fast First Upload on a Fresh Nextcloudpi Install (the Samba Way)

Nice long title. Thankfully the speed of getting your first big upload to your new Nextcloudpi (NCP) server won’t be so long, thanks to this tutorial! By spending 10 minutes and doing this tutorial you will be uploading 95% faster (that was my experience).

Assumptions Before Beginning

  • You have full 100% admin access to your NCP (ie. you are the master admin and probably created the server and installed it, or are close friends with the person who did)
  • You have SSH access to your NCP, and you know how to SSH into your NCP. If you don’t… you’ll need to research that first.

1. Confirm the Username in NCP Who Will receive the Big File Shipment

This major upload will need to be associated with a username. In my case, I have created a ‘master-master user’ for this kind of reason. So I will be shipping this big upload to my ‘master-master user’ so that after it’s done that user can assign which files are to be shared with whom (and how). I think this is the right way to do it, even if you are the admin yourself. Topic is open to discussion, but that’s how I roll…

Make sure this user exists in NCP is the key point.

2. SSH into your NCP

NOTE!  Apparently you can do steps 2, 3, and 4 via the NCP web admin so this means you might not need SSH, plus it might be easier.  I won’t have a chance to test myself for a while but try that out first maybe! Otherwise, learn SSH and do the next few steps the way I write.

3. Setup Samba in NCP

  • sudo ncp-config

The first screen is informative and the ‘yes/no’ answers don’t make sense if you read it for grammatical sense. Just chose ‘yes’ which means “I understand that I have to force NCP to ‘scan’ the files when I’m done putting files on the box” This has now (Dec 2018) been fixed by the developers and it now says ‘I understand’ in the option box. Nice and thanks!
You will see:
ACTIVE: NO
PASSWORD: ownyourbits

Type ‘yes’ (no quotes) overtop of ‘no’ in ‘active’ and type in a strong password. You will use this password later and probably you don’t want to give this to anyone else because if you do, that user can go in and mess with other people’s files (I think) Use the Tab key until you arrive at ‘yes’ and press ‘enter’

It should automatically create the ‘samba shares’ for each username you have already put into the system. This means that every user in your box can also access files on the cloud this way and not just with a nextcloud client user features. But the main point is that we’ll be able to move files quickly across the Local Area Network (LAN)

Once this part is done, press any key it will bring you back to your ncp-config screen.

Tab twice until you hit ‘finish’ and then press enter. That will bring you back to your terminal.

4. Do your Samba Shares (and I don’t mean the dance….)

In this example I will be using Ubuntu desktop, so if you are using some other operating system – tough bananas – and you’ll have to search some other tutorial about how to connect your computer to your NCP using Samba.

First, open Nautilus (also called ‘Files” if you mouse-over it. The thing that lets you browser your files on your computer and looks like a file cabinet.

Next, go down to ‘Other Locations’ on the left panel and click it. In this case we want to use the LAN IP address because that’s the whole point of this exercse – fast transfer across LAN instead of going through the internets…

As soon as you enter it in, assuming your box is on, it will find all those usenames and folders for them automatically. Double click the one you want to dump all the files into (probably your master-master admin account). The next part, although it seems easy – is not! But the reward is great so let’s do it.

I realized that what you need here for the username is indeed the NCP username but, but, but.. the password is the one you created in step 3 above! So tricky but alas…

5. “You like to Move it, Move it.”

Let’s move the files now. In Nautilus, middle mouse click wherever your main dump of files are. That will open up a new Nautilius tab from where you can drag, drop stuff into the other tab you just logged into. I just find this a nice and easy way but you can drag drop files there however you like.

Now, select everything you want to move and move them into your NCP user’s Nautilus tab.

Note: You should consider doing this piece by piece unlike me who tried to move 13 GB at a time. You don’t have an easy way to check the progress in this way so consider doing these moves small pieces at a time so you can see progress more easily.

While this is file move is happening, read on to the next section because you’ll have to tell NCP to scan the files when it’s done.

6. Scan the Files

After the move is completely finished from step __ above, in your Nextcloudpi web admin area, scroll down to the ‘nc-scan’ section and run it. It took much less time than I expected. It quickly scans all the files associated with all the users and (I guess) says ‘hey, there is a file here connected to this user’. After running the scan NCP is ready to roll.

7. Start your sharing

Log into the account you just put the files in and start sharing as you like and normally do.

We here at wayne(outthere) hope this made your day shiny and bright. Have a nice day.

Tags : , , , , ,

Doing a Successful Fresh Nextcloud Install without Screwing Up Something Big

The premise of this tutorial is to get a nextcloud instant back up and running while throwin away all the user data and nextcloud customizations of your last install but while keeping all the file stuff for a new upload. In my case, we have a ‘small operation’ and it’s not a big deal to just do a completely fresh install and put the files back. It annoys a few people because they have to do a brand new big sync, but it’s workable and assures that the install is truly ‘fresh’. This might work for other small business and families so I figured I would just document the workflow since it’s helpful for me to not forget something or lose something.

1. Notify others to backup

This step is important because the other people might have put some personal files in their user account that may no longer be on their local machine. If you do this wipe, they might lose the only copy of the file. Notify them to download to their local machine every file they might want letting them know if they don’t, it will be wiped

2. Backing Up

If you are using a local client, this will be easy: just copy/paste contents of the sync folder onto a big hard drive. If you are using the online version, download the files to a local machine.

3. Notify Others to Clear out their Local Sync Folder

If there are others using the NC instance, tell them to clear out the drive they are using now. They can do this after they have confirmed the files are safe in the step above ‘backing up’. If you are the main admin and are uploading a big chunk of files for others to share (ie. company directory) just leave everything where it is and it will make it faster to get everything back up

4. Clear Out the Hard Drive Upon Which Your Nextcloud Will Store Files

This is a bit more complicated than we can write here but depending on how you setup your NC your database files may be on the hard drive itself. To assure everything ‘just works’ (better) access the drive, clear out absolutely everything on it. Remember, make sure your drive is backed up (easy to forget) before doing this step! If this is your second install (or more) you may, like me, find it easier to SSH into the cloud and remove the files that way, if you have access. This allows me to just leave the drive as it is, mounted, and wiped clean. Again, depends on your setup. The key is that you will wipe all the ‘ncdata’ and ‘ncdatabase’ directories from the drive if they are stored there.

5. Do a Completely Fresh Nextcloud Install

Self explanatory, but there are many ways to do this depending on your setup. This is where you jump to your ‘nextcloud installation tutorial’…

6. Create a Nextcloud ‘Master Master Admin’ Account.

Welcome back! How was the install?? I do this step because I want an account over top of my own user account to do higher level admin stuff. I like to do this so I can share stuff with people on a more overarching manner – including my own user account. Now, with your NC ‘master master’ admin account create a ‘working admin’ user/password which will be used for high level controls and also creating new users, etc. Just type ‘admin’ in the groups box and save the user. Once created, log out.
So just to review you will have:

  • Main Nextcloud master-master admin (for doing stuff on a purely technical basis for the cloud)
  • Master-Master account (for doing permission stuff over files and users)
  • Your account (created by Master-Master)

Log Back in as New Admin User

Self explanatory

Recreate All the User Accounts with the Admin Account You Just Created

Recreate all the user name accounts as they were before. They will have new passwords when created, or, if you are family and have their passwords you can even imput their passwords for them as they were before.

Upload the Files

If you are doing a massive upload (ie. small business with lots of files) it’s better to use a desktop client app I have found. The web interface seems to crap out if the upload is insanely large and this can cost you a lot of time. I recommend getting a laptop/desktop client setup and syncing that way.

Useful Note about super huge uploads
In the past I have found out that I was accidentally uploading to the wrong hard drive due to a setup issue. I recommend using SSH and going into your NC instance and looking at the hard drive once in a while to see if there is data going on while it’s syncing. On Ubuntu I just run this command every 3 minutes for the first 10 minutes to make sure everything is alright:

sudo du -sh /media

It will output something like:

501M /media/

Then run same command again in about 2 minutes and hopefully that 501M is much bigger. That means it’s working. If not, well then. Stop your sync and fix whatever is wrong 😉

Hope this helps and have a great day out there.

Tags : , , , ,

Setting up Nextcloudpi (NCP) with an Encrypted Hard Drive

The following tutorial is how you can setup an encrypted hard drive to work with Nextcloudpi. Please note that there are a few steps you will have to perform every time your pi goes down because the drive will require decrypting. Basic understanding of the command line will be required for this so if you don’t have these skills locate someone who does. One step that should be complete before beginning is formatting your encrypted drive. We recommend following this tutorial for setting up your drive.

1. Flashing Nextcloudpi onto the SD Card using Etcher

Go and find Etcher. There are other ways to do it but Etcher works really well and fast. They seem to have deb packages now if you are Ubuntu/Debian

2. Download the appropriate NCP image

Here is the repository for the NCP downloads. Make sure to get the right one as there are different ‘flavours’ of raspberry pi’s out there. Consider asking a community member. Generally it will be the generic RPi version if you are on a raspberry pi.

3. Extract the image from the downloaded archive

This extraction of the downloaded archive takes a bit more time than I expected so maybe get a coffee or play with your cat. Just saying. The extracted version is what you’ll flash to the card in the next steps, however, I think Etcher can use the raw archive but I’m too lazy to research that…

4. Flash the NCP Image to the SD Card

The instructions are pretty hard to mess up with Etcher in terms of how to use it. Just do it, but read the next important note (seriously read it, that’s why i put it bold and I’m mentioning it before you even read it)

Important usefule note!! It’s very easy to create a tragedy when flashing an image onto an SD card since Etcher doesn’t care that much what you are flashing on. I recommend physically removing any drive you don’t want to screw up. If you don’t it’s possibe to accidentally flash this onto your drive and completely kill it. Again, physically remove the drives you don’t want to kill and you’ll be a happier person.

  • Optional Step if you have previously attempted an Installation on this computer (clearly out your history)
    If you have already accessed a nextcloud server from Firefox and accessed it via ssh. While image is flashing onto the SD, remove historical garbage that will screw things up:
    • Remove cached stuff in Firefox (assuming Firefox)
      By going to settings and preferences / privacy & security / Cookies & Site data-Manage Data, then search IP address of your box and ‘remove’ and then ‘save’. It will give a warning which you say ok to. Not doing this might prevent you from accessing your box on same IP address with new install
    • Remove ‘known_hosts’ from SSH.
      This makes sure your old SSH keys and such don’t get in the way of a new SSH setup. In terminal go to /home/user(whatever it is) / .ssh.
      Now you are in the .ssh folder. Now type rm known_hosts.

5. Plug in Encrypted Drive

This step assumes you have already encrypted your drive. If you haven’t or aren’t sure if you have, don’t continue but instead refer to comment in pre-amble above.

6. Put newly-etched SD card with NCP image on it, into your Raspberry Pi and plug it in.

About 2 minutes later you should be able to move to next step. If it hangs, you’re too zealous… and chill. If you find the page won’t load, perhaps you already tried an installation and you need to follow the ‘optional steps’ above?

7. Go to IP address of your Pi in your Browser

If you don’t know the IP address of your Pi yet, you can get it from your router (if you know how) or you can use tools like nmap and zenmap to do this on your network. They scan to show what devices are there and their IP addresses. After entering your IP address into the browser URL (something like 192.168.x.xx), you will be prompted with an activation page. But righ before that you will be prompted to accept the not secure connection (which is fine for this part).

Save those passwords somewhere safe (note the convenient clipboard icon which automatically copies the long string to clipboard!) (I use KeepassX and ‘activate’ installation. Should take a minute or two. If it hangs on the activation page for more than 5 minutes, although unlikely, you may need to re-flash the image from Step 1 above as there could be a problem with the way the image flashed onto the card.

8. Enter user and password into the prompt box.

These are the passwords you saved from step 5. Specifically it will be the password for the top one (:4443). The user is ‘ncp’ and the password is that long string of gobbly gook you saved in Step 5 above. You may/will also need to confirm security exception here again (which is normal).

9. Skip the installation wizard when prompted

We are skipping this step since we are adding an encrypted drive. We’ll do part of it later.

10. (Optional) Make Static IP

You can skipt this step, but I think it’s smart for your future to make a static IP for your NCP at this point because some routers tend to change it etc, etc. Just go to the nc-static-IP option and type in what you like and what will work in your unique network config.

Power off and get back to this web admin area so that your router/network will have new static IP if you did this step. You can do this with the power button icon in the top right of NCP admin, too, but when it comes back remember you’ll need to change the URL to the new IP in your browser.

11. Activate SSH in NCP admin

  • On the left hand column you will see the SSH option in the NCP admin page. Go there and click the activate checkbox and enter an easy password. You can enter something as simple as 1234 here since it won’t be your ‘actual password’.
  • Go to your terminal and do ssh pi@xxx.xxx.x.xx where the x’s are your pi’s IP address discovered in step 5 above.
  • At the first prompt you enter the 1234 (easy password) you just made in the NCP admin page. This next part is a bit ‘weird’ if you haven’t dont it because it will kick back a request for the same password again.
  • Enter it again.
  • NOW you enter a real and strong SSH password that you will use for actual access to your box. Make sure it’s strong and you don’t lose it.
  • Once you enter that it will log you out of SSH again and force you to log in again with your new and real password.

Mastering this step is critical because you’ll need SSH access to do encrypted drive stuff (such as decrypting it every time the power goes off) if something ‘goes wrong’ usually you can access your pi via SSH to try to fix it. Note: if you are prompted for the key fingerprint (should be) then answer ‘yes’.

12. Update your Pi-kages

This is to make sure you have the packages required to do useful stuff such as encrypt your drive. The cryptsetup package is in here so if ou want to do steps 11 below you better run these two:

sudo apt update
sudo apt upgrade

9. Do an NCP Update

Log in again with ssh pi@xxx.xxx.x.xx and run this command below. This is to make sure that your packages includ the ‘cryptsetup’ package and also makes sure that your box is up to date:

sudo ncp-update

10. Make Apache2 not start on boot.

Making apache2 not start on boot lets you decrypt your encrypted drive before the system starts up. If/when your pi goes down, you will need to later go in and manually mount the drive each time (instructions to follow):

sudo update-rc.d apache2 disable

Remember: when the power goes off your Nextcloud will not work until you go in with SSH, decrypt drive, and restart apache2. More on this later…

11. Pre-Mounting of the Encrypted Drive

From this point we assume your drive is already encrypted in Luks format. If it’s not refer to [this page](link to come) for those instructions

  • a) Install the encryption toolset so you can decrypt your drive on NCP sudo apt install cryptsetup
  • b) Check your pi to make sure the drive is showing up at least sudo lsblk

Mine shows up as ‘sda’ but yours might be different. Look at profile of it and make sure it’s at least there.

  • c) Key step: –> make sure contents of encypted drive are EMPTY…..
  • d) Decrypt the drive so it’s usable by Nextcloud. You’ll need your drive de-cryption password here (and every single time you reboot your NCP…so get used to this step…): sudo cryptsetup luksOpen /dev/sda gcw2
  • e) Check again to make sure drive is looking right sudo lsblk
    Mine looks like this:

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 232.9G 0 disk
└─gcw2 254:0 0 232.9G 0 crypt

12. Start apache

This makes your nextcloud stuff work so you can reach it in a browser

sudo /etc/init.d/apache2 start

13. Run the NCP Installation Wizard to Move Files to Encrypted Drive

  • Go to the address of your pi in your browser with :4443/wizard at the end to access the first run wizard in NCP https://xxx.xxx.x.xx:4443/wizard
  • “Do you want to save Nextcloud data in a USB drive?” Yes.
  • “Plug in the USB drive and hit continue.” –> it’s plugged in so ‘continue’
  • “If you want to prepare the USB drive to be used with NextCloudPi hit Format USB. Skip if already formated as ext4 or BTRFS. Attention! This will format your USB drive as BTRFS and will destroy any current data.” –> Skip formatting of drive because it’s encrypted and you want to keep it that way
  • Move data to USB –> click the button
  • Go through the ‘external access’ wizard however you like. I do mine manually in router
  • For DDNS, I skip and do mine manually in router as well with No-ip but you can try this if you want. This is not the point of this tutorial This should make your nc-datadir point to your drive meaning that your hard files will now save to the encrypted USB drive instead of to the stock SD card which is by default where they would go. You will know if this part was successful because nc-automount and nc-datadir should will change from an orange colour to a green colour in the bottom right side of your browser screen.
  • Go back to web admin panel from there

14. Run the nc-database move feature in the NCP admin panel

Again, make sure the hard drive is completely clear at this point. It’s probably possible to move a previous existing database here, but it’s out of the scope of my ability or this tutorial. You can investigate it yourself but this is assuming you have a clear drive.

Bonus section you hopefully won’t need

If you got a green light above in the last step don’t even read this section and skip to Step 15. If you have a problem where you try to do the above step and it gives you a permission So what happens here with encryption is a ‘symlink’ is created so it’s this symlink that needs to get the right permissions or NCP can’t do it’s thing with the step above. This may be a bug that no one else sees, but I’m leaving a few hints here in case we need it later:

In the next steps you have to in your terminal go to your /media/ folder and correct a permission manually before you are able to use the NCP ncdatabase function. if you have done previous nextcloud installations with their default directories on this drive, you will need to wipe out whatever is there before you move forward.

sudo chmod o+xr /media/gcw-ssd

(gcw-ssd is the name of the symlink created on your drive that points to USBdrive in Nextcloud)

Now go back to your NCP web area and do the nc-database move and it should work.

Command to empty your folders complete are as follow (use with caution, of course because this will ruin your day if you do it to the wrong dir!)

(if it’s not empty run: sudo rm -rf /media/USBdrive/ncdatabase)

You might also like to keep this command handy to check permissions if someone asks:
sudo ls -ld

15. LetsEncrypt – nice and easy.

This is a good chance to relax and do some Lets Encrypt since it’s easy and satisfying. Go to the left panel of web admin find letsencrypt, fill in the blanks, and press go. Now you should be able to find your box from the internets with secure connection too. You’ll need your dynamic dns url at this point to make it all work so go and do that at no-ip.com or whatever you like. S

16. Reboot system to make sure things are working as they ought

  • Shut down your box with command:
    sudo reboot
  • To be sure it’s back up you can ping xxx.xxx.x.xx (your box). When it starts responding you should be ready to ssh in
  • SSH in (see instructions above in Step 8) At this point, because you made apache2 not start on reboot, neither your NCP admin pages nor your nextcloud instance will be accessible. We will proceed with a new section now which will be your process to get it back up each time the power goes down or it’s rebooted.

17. Getting things back up after a reboot:

  • Unlock/decrypt drive. Note: yours will not be ‘gcw2’ – that’s just my example. Can be whatever you like.
  • sudo cryptsetup luksOpen /dev/sda gcw2
  • Enter your decryption password for drive
  • Restart apache (see above)
  • sudo /etc/init.d/apache2 start

Celebrate if it’s working! Try again if it’s not!

Special thanks to Tobias, Nachoparker and Kevin for all your hard work with me getting it this far!

Tags : , , , , ,

Stop Fighting Apple-Just Force this Disclosure on buyers!

I’m super bored reading these kind of stories.  I’ve been free from such software and hardware for many years so at this point it’s just boring.  However, I do have a solution instead of trying to sue them for monopolizing or overcharging: just force a really simple, plain language disclosure document before the sale of any Apple Inc device. Here is my proposed disclosure:


I understand that by purchasing this Apple Inc device I will be forced into a software environment called the “App Store” that is the equivalent of a rigid monopolist jail cell.  I understand that the only apps I will be able to install must come from this Apple ‘App Store’.  There is no other way to get an app without violating your warranties but through this monopolist app store .

Because Apple Inc will take from the software developers who develop for this device a mandatory 30% of the purchase price when you purchase an app through their system, I could either be spending money on an app that could be otherwise free, or spending 30% more than I could while software developers try to make up for their business losses from this significant commission that Apple unilaterally takes for itself. 

Furthermore, I also understand that I will risk the chance of having my device’s performance remotely throttled by Apple Inc whenever they feel it is right to do so and without first consulting me about it.  I also understand that even the hardware itself is made with proprietary connectors (i.e. chargers) that will not work with other standard industry connectors.

I also understand that there are other software systems such as Linux which has operating systems such as Ubuntu, that respect my freedom and choices, and provide free software and free delivery of software and that are capable of running on top of many different types of hardware, including mobile phones.  I understand that many of the large corporations (such as Apple, Google) run these Linux systems for their own computers and servers. 

I declare that no one is forcing me to enter into this relationship with Apple Inc, that I have do have choices, that I have been warned, and I now choose to move forward with this purchase and risk suffering all of the above pains.

________________________

Apple Inc Device Customer

 

__________________________
Date of purchase

 


 

Tags : , , , , , , , , ,

How to Eat a Digital Elephant One Bite at a Time

I can’t believe I didn’t blog this before but let’s put my regrets aside.

So, you have come to realize that everyone who knows how technology works was right – it’s all spying on you.  And, well, you don’t like it but – you don’t know where to start.  You feel overwhelmed.  Many people have these kind of feelings

  • I’m too busy to figure this out
  • I’m afraid to try something new in case something breaks
  • I’m used to letting ‘geniuses’ fix my tech
  • I’m too old
  • Everything is changing to fast
  • I just want it to work

Ok, these are all normal feelings but let me be crystal clear that none of them are an excuse for letting a creep spy on you.  Imagine if a peeping tom had binoculars fixed on your bedroom window. It’s as bad as that or worse so do something today, ok?

Great.  Let’s get started.

THE SOCIAL STUFF

This is the most scary stuff.  I watch my foolish friends and family amass the precious photos and history of their children (who had no choice in the matter) onto the servers of some very uncool people.  What’s most frightening is that 9 out of 10 of these people don’t even know exactly how the technology works.  If you are one of those 9, just trust me and start making the better choice for your family with the following alteratives – and bring your friends and family so that you aren’t alone.

UnsafeSafer AlternativeWhere to get itQuick Notes
Facebook*Diasporahttps://diasporafoundation.org/Choose a pod. Sign up. Bring your friends and family. Never go back to facebook. Totally decentralized. Totally your data. You can even import and export all your data!
TwitterMastodonhttps://mastodon.socialFun and extremely awesome and powerful. Totally decentralized. Totally your data.
InstagramTBAlet me know!

THE PERIPHERAL STUFF

The first step is to start switching from unsafe ‘peripherals’ to safer ones.  These will immediately start helping you relax about change because your operating system will be familiar.  It’s kind of like renovating an ensuite washroom before tackling the kitchen.  It kind of eases you into this new and safer life. But before we move on to this easy and simple step, please keep in mind that your ultimate goal *must* be to remove all unsafe operating systems from your life.  This includes Apple, Microsoft and Android.

But for now, let’s start with taking one bite of the elephant.

Unsafe Safer AlternativeWhere to get itQuick Notes
Microsoft Office SuiteLibre Officehttp://www.libreoffice.org/Wipes out Microsoft Word, Excel, Power Point and more while leaving you with *more* power and features and a great experience.
WhatsAppTelegram Messengerhttps://telegram.org/Not only open source but feature loaded and works on literally any device as well as even on a web browser.
Kakao TalkTelegram Messengerhttps://telegram.org/See notes above
Skypehublhttps://hubl.in/Browser based. Just allow it to use your mic/camera. Use it on almost any device. Once finished with link, never use it again, or link stays active and you can use it again and again. Multiple people at the same time is also awesome. No file sharing yet but Telegram can do this while on a chat.
Skypejitsihttps://meet.jit.si/Have heard good reports that jitsi works well on self-hosting (even safer)
Google ChromeFirefox
Internet Explorer (or whatever dumb new name they give to the same garbage)Firefoxhttps://www.mozilla.org/en-US/firefox/new/Most people use this anyways, but just in case you are really lost... Also, the plugins you can add to this make browsing so much more awesome.
Outlook ExpressThunderbirdhttps://www.mozilla.org/en-US/thunderbird/Just awesome and then you just plug in Enigmail plugin for total email encryption.
icloudNextcloudhttps://nextcloud.com/You can either buy their box or install it on an old computer as a server... or put it on shared hosting. Pure sweetness in cloud file stuff.
Adobe PhotoshopGIMPhttps://www.gimp.org/Unbelievably robust and easy to use. Edit photos like a pro or as a pro and never turn back.
Missed any?? Let me know!

EMAIL

So now we have the stuff out of the way, we need to deal with email by itself.

Most people, sadly, use some of the most compromising and horrific spying machines around.  Some of these might look familiar:

  • hotmail
  • gmail
  • yahoo
  • live
  • outlook
  • etc

First of all, putting technology aside, your email address actually speaks volumes about who you are as a person.  For more on this, read my post here about that.  But, on top of that, it’s not secure having your email on someone’s computer.  For just a second ask yourself this concerning question: Why would a company pay to give you free email?  Answer: to market to you or worse. So in order to market to you they must have all your data.  Haven’t you ever wondered why advertisements start to look very, very similar to what you are doing in your life?  Yeah.  That’s because of that (and other things)

For email, if you are technologically savvy enough you ‘could’ run your own email server which would be the safest possible solution.  However, it’s not that easy.  Maybe your friend could set it up, but if you don’t have such a friend, what is best is to stop supporting these companies who prey on people like this and move to something cooler.  It’s really *not* that expensive to pay for email.  Here is what you do:

  1. buy a domain like ‘your name’
  2. choose something cool that goes before it like ‘me’ or ‘name’
  3. call a company that sells domains and email (preferably in a country like Canada) and force their tech support to set it up.

Then you would have an email like this:

me@yourname.ca

If it’s not available there are countless Top Level Domains (TLDs) that you can choose from and certainly one of these will be waiting for you.  And it’s fun!

Just make sure that when you buy your domain and email that you have enough memory.  Most of them have some kind of unlimited plan for memory so go with that.  Also, make sure that it has IMAP support – I would be shocked if they didn’t but this is the email service you want.  You should budget about $15/year for the domain and another $?? for email and storage.  I have been really happy with Canadian Web Hosting for service and pricing if I can make a quick plug.  For about $5.00/month to have safe email per person is pretty reasonable.  If you have another reason to have a website, you could simply get unlimited email through your website hosting plan as well.  This requires a little more skill but it’s not that hard.  A friend who runs their own website should be happy to set it up for you once you purchase.  I would do this for my friends…

Now you’ve got your email and your other ‘stuff’ more secure, the last discussion is the big one.

THE OPERATING SYSTEM

You need to start planning to get rid of your current operating system which is probably either Apple/mac or Microsoft Windows.  These companies have compromised many things at your expense of both dollars and privacy.  They do not deserve your business nor are there endless reasons to stay with them.  For 99% of people they could switch 100% to a safer option and be completely happy.  There are a very small number of people in niche markets like print and design and perhaps medicine where the entire industry has forced everyone to communicate with these corrupted systems.  In these cases you may need to keep one computer for ‘work only’ and your ‘personal life’ should be immediately moved to a safer option.

I recommend that everyone immediately switch their desktop and laptops to Ubuntu

Ubuntu is the safest, fastest, most supported and most loved free and open source operating system in the world.  Switching to Ubuntu operating system is not that difficult but it does require enough comfort and skill.  It’s easy enough to learn, but if you do have access to an ubuntu community near you, you should join that community or start one yourself.

Soon Ubuntu will be ready to go for mobile devices too.  This is another reason why it would be wise to consider Ubuntu.

UBUNTU WEBSITE

 

A NEW AND SAFER INTERNET

Another important thing that we will all need to work on quickly is to create a new and community-owned internet.  This is a bigger picture discussion but please also start preparing your mind for ‘mesh networks‘.  I will post more here as I learn and this will be my new focus for 2017 and 2018 because what good is all this safe stuff if we are using them on unsafe platforms owned by people who have agendas that we cannot control?

I hope this has helped someone break the chains.

Tags : , , , , , , ,