Expat-IT Tech Bits

Home

Contact

Links

Search this site:

Categories:

/ (287)
  Admin/ (122)
    Apache/ (10)
      HTTPS-SSL/ (4)
      PHP/ (3)
      performance/ (2)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (6)
    Monitoring/ (2)
      munin/ (2)
    SSH/ (6)
    SSL/ (1)
    Samba/ (1)
    VPN-options/ (6)
      OpenVPN/ (1)
      SSH-Proxy/ (3)
      Tinc/ (1)
      sshuttle/ (1)
    backups/ (17)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (2)
    commandLine/ (24)
      files/ (8)
      misc/ (10)
      network/ (6)
    crontab/ (1)
    databases/ (15)
      MSSQL/ (2)
      MySQL/ (8)
      Oracle/ (3)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (11)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (7)
      puppet/ (1)
    iptables/ (3)
    tripwire/ (1)
    virtualization/ (9)
      VMware/ (1)
      virtualBox/ (8)
  Coding/ (14)
    bash/ (1)
    gdb/ (1)
    git/ (3)
    php/ (5)
    python/ (4)
      Django/ (2)
  Education/ (1)
  Hosting/ (27)
    Amazon/ (18)
      EBS/ (3)
      EC2/ (10)
      S3/ (1)
      commandline/ (4)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (30)
    Android/ (1)
    Awesome/ (3)
    CPUfreq/ (1)
    China/ (2)
    Debian/ (8)
      APT/ (3)
      WPA/ (1)
    audio/ (1)
    encryption/ (3)
    fonts/ (1)
    misc/ (6)
    remoteDesktop/ (1)
    router-bridge/ (3)
  SW/ (45)
    Micro$soft/ (1)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (28)
      Drupal/ (9)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (7)
      WebERP/ (2)
      WordPress/ (1)
      eGroupware/ (1)
    chat/ (1)
    email/ (1)
    fileSharing/ (2)
      btsync/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (15)
    IMchat/ (2)
    circumvention/ (2)
    cryptoCurrency/ (1)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (2)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (14)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)

Archives:

  • 2016/07
  • 2016/05
  • 2016/02
  • 2016/01
  • 2015/12
  • 2015/11
  • 2015/06
  • 2015/01
  • 2014/12
  • 2014/11
  • 2014/10
  • 2014/09
  • 2014/07
  • 2014/04
  • 2014/02
  • 2014/01
  • 2013/12
  • 2013/10
  • 2013/08
  • 2013/07
  • 2013/06
  • 2013/05
  • 2013/04
  • 2013/02
  • 2013/01
  • 2012/12
  • 2012/10
  • 2012/09
  • 2012/08
  • 2012/07
  • 2012/06
  • 2012/05
  • 2012/04
  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09
  • Subscribe XML RSS Feed

    Creative Commons License
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
    PyBlosxom

    This site has no ads. To help with hosting, crypto donations are accepted:
    Bitcoin: 1JErV8ga9UY7wE8Bbf1KYsA5bkdh8n1Bxc
    Zcash: zcLYqtXYFEWHFtEfM6wg5eCV8frxWtZYkT8WyxvevzNC6SBgmqPS3tkg6nBarmzRzWYAurgs4ThkpkD5QgiSwxqoB7xrCxs

    Sat, 28 May 2016


    /Linux/Android: Android with Minimal Google Malware

    Why? I already have such a setup, and have Google Pinyin installed for Chinese input. Shortly after configuring Google Pinyin as my main keyboard, I got a popup reporting that Google Pinyin tried to access my address book. Why? Or how about this[1]: Google breaks networking for anyone in an iffy network environment (that would include all of China) just so Android can have a tantrum because it cannot callback to Google's servers. Why is that necessary? Sadly, even with minimal Google malware, the latter issue means that in China, the newest version of CyanogenMod (CM) I can run is CM11.

    Down to business: the following is an outline of the necessary steps, if anyone needs more detail let me know and I will try to fill in the gaps.

    First get yourself a CM-compatible phone from [2], and follow the installation instructions MINUS the bit about installing Google Play and friends. You do not need Google play, and you REALLY do not want it because of all the other Google crap it drags along. You just need to flash the bare CM image. Note that if you use a recent version of Debian or Ubuntu, all the necessary tools for flashing CM are already in the repos.

    The first thing you want to install on your newly-flashed CM phone is FDroid[3]. (You can install FDroid with adb, one of the tools you just used to flash the CM image.) FDroid only contains open source software, so install as much of the software as you want / need first from the FDroid reposities. (This is also not blocked within China.) For the stuff you cannot find in FDroid, we will next get by a backdoor method that avoids running Google Play on your phone (which *is* blocked in China, anyway.)

    On your (recent Debian/Ubuntu) machine install fdroidserver, apache, and pip. Also install gplaycli as follows:

    pip install gplaycli

    (Note that gplaycli is often installable by other methods, but in my experience it is extremely sensitive to dependency versions, and probably will not work. Use pip.)

    Setup your FDroid repository[4]. (I run this on one of my desktop Linux machines.)

    mkdir -p /srv/fdroid/repo
    cd /var/www/
    ln -s /srv/fdroid
    cd /srv/fdroid/
    fdroid init

    FDroid apps look automatically for a repository at /fdroid/repo/ for any configured server. The above directory structure and symlink in /var/www/ provides exactly that.

    I have a script that updates the repository as follows:

    #!/bin/sh
    
    echo "Update custom FDroid Google Play mirror:"
    
    chown -R user: /srv/fdroid
    chmod -R 755 /srv/fdroid
    chmod 600 /srv/fdroid/config.py
    
    proxychains /usr/local/bin/gplaycli -u /srv/fdroid/repo --progress --verbose
    
    cd /srv/fdroid/
    fdroid update --create-metadata
    

    gplaycli updates all Android apps (apk's) in the repo from Google Play. (Note: I use proxychains to proxy this action to a server outside China, where Google Play is blocked.) Then fdroid needs to update the repo metadata for any changes.

    Applications in the repo can get there initially by either copying an existing apk file in your possession into the repo, or searching / downloading the apk with gplaycli.

    Now on your Android, add the FDroid server you just created as a repository. For this machine on my local network, for example, I just added an IP address like this:

    http://192.168.8.107/

    After that, if port 80 is open on your server machine and all permissions are correct, when you next update the repositories in your Android FDroid app, they should make available the apk's in your new repository.

    Something really worth noting about CM: if you look in settings under "Privacy", have a look at "Privacy Guard". Any app selected in there (which should be most of them, certainly from among the non-Open Source apps) is blocked from accessing the address book or call logs. That is how I know Google Pinyin tried to access my Address Book, CM told me.

    [1] https://code.google.com/p/android/issues/detail?id=81843
    [2] http://wiki.cyanogenmod.org/w/Devices
    [3] https://f-droid.org/
    [4] https://f-droid.org/wiki/page/Setup_an_FDroid_App_Repo

    posted at: 06:38 | path: /Linux/Android | permanent link to this entry

    Mon, 02 May 2016


    /Admin/SSL: Free (Website) SSL with LetsEncrypt

    Last I checked reading about LetsEncrypt[1] can make one a bit dizzy, but if you follow these steps it is really very straight forward:

    On the subject of renewals, as I recall every issued certificate expires after three months, and becomes eligible for renewal after two months. A two week period seems just about right.

    [1] https://letsencrypt.org/

    posted at: 07:54 | path: /Admin/SSL | permanent link to this entry