Secured connection to network (Android + OpenVPN)

Maybe you are using free wifi hotspots in your favorite cafe, restaurant or on airport.

Maybe your GSM Carrier is tracking your traffic in internet, of course for profiling/ad cause (I’m looking at you T-Mobile, I remember that you inject your internet plans ads in Twitter app)

Security wise there is a lot more of danger waiting at you at those ‘free’ hotspots.

So what to do?

What if I told you that you can still can use those bad but free hotspot while having somekind of protection? That you could hide some of that sweet-sweet traffic for yourself…

The solution that I want to introduce to you is a VPN

 

You don’t have to root your android phone to use vpn.

“OpenVPN fo Android” will work with payed service as self-hosted one (this is how you can setup one)

 

Advanced settings that will save your battery:

To protect your connection VPN need to be connected all the time – vpn don’t know when your application will get push notification, or when your friend will make a wificall to you. So it can drain battery a bit more than without using it. But you don’t have to sacrifice your battery life that much. We can tweak some settings to make it less battery hungry.

Edit two options in your vpn server config file /etc/openvpn/server.conf:

Allow new TCP port to accept connection:

Now change one setting on your android openvpn client config:

Remember to restart/reload your openvpn server so the new config will be used.

 

small Warning: TCP Protocol wasn’t meant to be used with VPN connection, with unstable internet connection you can fell a bit discomfort, but still the battery drain will be significant lower than with UDP setting.

Facebooktwittergoogle_plusreddit

Why I’m moving from Baikal to Radicale (CalDav & CardDav)

Saber/Dav which is a core component of Baikal is looking for maintainer (full story here)

It’s been some time now that I moved from Google Calendar service to self-hosted, open source solution.

I never notice any down sides with accessibility – maybe my need were simple enough 🙂

 

I’m not saying that Baikal is dead, if your are interested in Baikal fell free to lookup those posts (installation, updating)

 

As for me I started noticing one minor issue I had with Baikal, that is complicated calendar sharing setup – it IS possible to share calendars but its more complicated than it should be, it was announce that sharing will be added later after big code rewrite and I waited (because I wouldn’t even be able to contribute to php7.0+silex anyway), but here I found new solution… Radicale, it also don’t support sharing calendars via web-panel, but for me it got one BIG advanted in sharing zone, user rights, and with one little ACL list I was able to share whatever I wanted.

None of both solution support migration tools for this process so It was a bit of pain (as for now I wasn’t able to find too that would migrate my ‘Tasks’ from calendar, but I never used it as much and migration was done by hand with me clicking 2 buttons on each of 20 tasks I had left)

 

If you are interested, here are links related to process of installing, configure and migrate data from one solution to other:

  • Links coming soon

Facebooktwittergoogle_plusreddit

Bootloop into recovery after flashing custom firmware

Sometimes you get loop into recovery after flashing custom rom, there is a simple solution to this:

 Facebooktwittergoogle_plusreddit

Wallabag v2 – Pocket (getPocket/ReadItLater) alternative

From long time now I been using getPocket on daily basis – it main straight been big compatibility with IFTTT (if this then that) service which main purpose was automation of some things to make using web more attractive.

I stopped using IFTTT some time ago and I use Pocket just to store urls and sync them with other devices. That functionality now is embedded inside most common web browsers like Firefox and other known one. But I wanted to have full control over what url I want to store and I don’t need to know what are ‘popular’ links other stores.

Let us download needed package:

Extract it to /opt/wallabag

Configure vhost for apache:

From /opt/wallabag directory run:

To test wallabag we can start it from embedded web server that is inside wallabag:

 

Of course that command will start server on port 8000 on localhost, so we can access it only from that host – as security measure.

 

Version 2.0.0 had it release at 04/03/2016 so the android app don’t support the newest version, but the system works great anyway.

 

Edit 07/04/2016:

  • firefox plugin – https://addons.mozilla.org/firefox/addon/wallabag-v2/

Facebooktwittergoogle_plusreddit

Baikal – own calendar with ToDo list (CalDav) and address book (CardDav)

Using own CalDav and CardDav server can help you with creating private platform to synchronize event and contacts between multiply devices and other services like webmails.

First let us download latest baikal version from http://baikal-server.com/  to /var/www/dav.example.com

Next extract it

Move files to destination ex. /var/www/dav.example.com

Create vhost config file for Apache

or you could use more advance config file that use SSL (razem z Let’sEncrypt) + php5_fastcgi :

Now we enable required apache modules and restart it:

Let us change files ownership (depending on what user runs Apache default would be ex. www-data):

Create file so baikal will enable installation panel:

Depending which vhost file we use we enter baikal via web browser

On first page setup everything the way you like, and on the next one you will be able to configure database backend, so you can pick sqlite or mysql/mariadb.

 

So now we go up and running dav platform for you private data.

 

Updating:

Even if you use latest version from page, I would suggest update it to newest one from git page

For example currently the newest on git is 0.4.2 baikal version.

It is recommended to make backup of your database if you started already to use baikal.

Download newest baikal to same directory where you install the 0.2.7 version:

Extract it

Change ownership for extracted baikal and move every file outside excluding  ‘Specific‘ folder.

Enter administration panel ex. dav.example.com and you will see warning like this:

After login in baikal will update the database and you will be ready to use it once again.

 

Difference between 0.2.x and 0.4.x is in URL we tend to use card.php and cal.php are now  dav.php, and both still works but are deprecated so eventually they will stop working. I recommended to use dav.php.

Good practice would also be adding DNS record:

This way autodiscover function when setting up account on your device will find your proper configuration faster.

 

Example use:

Thunderbird:

 

Thunderbird + Cardbook

Add address book > Remote

 

Android + DavDroid:

 Facebooktwittergoogle_plusreddit

Dovecot – Proper IDLE timeout for android phones

If you are using your own imap server with android you could (but not nesesery) notice bigger battery drain and email application being on top of application that drain battery.

This could be a server side problem, because default dovecot configuration have idle_timeout set to 2minuts, so basicly every 2 minuts your phone query/poll imap server information about new emails – which results in higher battery drain.

Lets evalueate this with simple shell command:

This should result i:

The interval between each ‘OK still here’ is that your imap clean see/does. By default this should be 2minut interval.

Let us change this:

systemctl restart dovecot.service

And we are done.Facebooktwittergoogle_plusreddit

Google Authenticator – manual backup and restore

If we have ROOT access we can manualy backup the file that contains seeds needed to generate password in application.

Backup: You need to set ROOT access for ADB, and then:

The content of the file can be display with help of sqlite client application:

The above method can be done with file manager that can get ROOT access

Restore backup: You need to set ROOT access for ADB, and then:

The above method can be done with file manager that can get ROOT access and copy databases file to:

Also remember to set ownership for proper application user (com.google.android.apps.authenticator2) on this file, because with wrong one (root) the application will crash every time you try to open it.

 Facebooktwittergoogle_plusreddit