ulno.net now safe - completely via https

As you might have seen, I had a lot of trouble getting disqus back up running for post discussions here on ulno.net. During the related experiments, I also finally went to letsencrypt and folowed the procedure dsecribed there to generate a real certificate for ulno.net.

It didn't work initially, so what finally went well was temporarily disabling my webserver and then running the following:

certbot certonly --standalone -d ulno.net -d www.ulno.net

Then I adapted my nginx rewrite rules - and now you will always access ulno.net via https. You will also get an idea if somebody eavesdrop or injects information into your connection to my site as the certificate would be marked as insecure.

Enjoy the safety!

Disqus only working for old posts, switch to isso

This is testing the disqus comments, this file was just copied and not generated from a working disqus post. There is something extremely strange happening as comments on my older posts work but not on new posts. It just tells me that it would not load and points me to their installation tutorial with very little documentation and debug options.

I started a discussion thread here, but no answer there in a decent amount of time.

I assume it had something todo with changing my server from Strato to Scaleway and therefore changing my website IP, but this is just guessing.

Suggestions (thanks gour) on the Nikola channel on IRC point me to isso or https://github.com/jacobwb/hashover - however, I am not too happy to put php back onto my own server.

Also thanks to Chris Warrick for pushing me away from yet another weird mailto based discussion system hack.

So, let's take a closer look at isso: https://posativ.org/isso/

And, even if was not really easy to set-up - some quirks in the documentation and the provided debian packages delayed me a bit, but still much much easier and user friednly than debugging disqus.

We are up and running again, I am looking forward to your comments!

Maker Faire 2017 and eHome news

I have been busy bulding a new ehome demonstrator. It's not from lego like the LegoEHomeDemonstrator it's again from wood like eHomeDemosntrator v1. It's a little smaller and has lots of wireless devices based on the Wemos D1 Mini running Micorpython.

I presented it at the Nova Maker Faire 2017 and also gave a talk on a Maker's perspective on home automation.

For more info take a look at my ehome page.

Midnight Commander in Ubuntu - not opening zip and jar files

Just a really weird dicovery:

I was recently getting problems opening zip (and jar) archives on Midnight Commander (on my Xubuntu 15.04 Desktop). I repacked soem jars and some opened but most didn't. Today I was dicovering that also zip-archives were not browsable anymore. Then I stumblen upon this post: https://www.midnight-commander.org/ticket/2623 (created 4 years ago). It basically tells you to check /usr/lib/mc/extfs.d/uzip and change

my $op_has_zipinfo = 0;

to

my $op_has_zipinfo = 1;

Voila. Everything works again.

Hope this helps anybody.

Re-Installing Samsung Note 3 (N9005) for encryption and NFC unlock

What an installation hell (2 days wasted)...

Being constantly exposed to all potential features of Mobile Phones, I wanted to have several things going on at the same time:
  1. Full encryption of the phone with long password entered usually only at boot time

  2. Using an NFC ring usually to unlock the phone (I was hoping to use Smart Lock for it.)

  3. Being able to run Unity and Vuforia-based projects from my student (this actually lead to having to use maximum Kitkat)

  4. Being able to use k9 (also serious display issues in Lollipop)

  5. Root access

Summing it up, it was extremely hard. The only solution I could get working, was getting a stock ROM for the Samsung phone from some shady download site, using Odin 3.09 to flash the respective Rom, encrypting the phone (I think it maters to do this first), using chainfire to re-root it, and then installign Xposed and there NFC Screen unlock.

As a remark, the only Lollipop ROM I got to encrypt was Cyanogenmod 12. It was however very difficult and involved realigning the filesystem (making space at the end) and enabling write-properties for the keymaster file on the firmware patition.

Here is a lose collection of links I used in this process:

Here is a copy of the (now old) discussion thread on disqus, which was spawned around this topic. If you want to add further comments, use the new comment system below:

  • 2016-02-10: Ulrich Norbisrath

    Just tried it again.

    In addition to making space at the end, deleting the old key with ext, you also need to mount the firmware rw. So you have to enter: umount /firmware and then:

    mount -t vfat /dev/block/platform/msm_sdcc.1/by-name/apnhlos /firmware

  • 2015-09-30: Ulrich Norbisrath

    Just finishing this up - I went back to stock kitkat/root/xposed as GPS and gyroscope/ accelorometer weren't working in cyanogenmod. So, I think the phone will stay there until I have some money for a new phone (I will avoid Samsung there -> too hard to mod). Zenfone 2?

  • 2015-09-03: Ulrich Norbisrath

    It's some time ago, I did this, but I did it several times (because I messed things up), so I think it should be reproducible. What really helps for debugging is to run adb logcat|grep crypt in a console to get error messages. First you need to make sure your data-partition has enough space and that the old keys have been deleted. What seemed to work was formatting the whole data partition first (in twrp) with ext2 and then the smaller partition with ext4 (maybe using dd and skip to write zeros in the end of the partition might work too).

    After this, I started cyanogenmod 12.1 normally until it came up (eventually clear cache and dalvik). Then enable development and root and as root unmount the firmware and remount it rw. make sure to check that it really is rw afterwards. Then encrypting should work. It shows though a lot of garbage on the screen (progress 250%) while doing it, but keeping the logcat gives you some insurance that the system is not dead. Hope this helps and let me/us know if it worked.

  • 2015-09-02: Donarsson

    the only Lollipop ROM I got to encrypt was Cyanogenmod 12

    Could you still reproduce this? I am trying hard to find a way to rum CM12 with encryption on my Note 3, I read all your provided links and tried changing permissions on the keymaster and resizing the data partition, reverting to stock and re-flashing everything, still doesn't work. I would be very thankful for any further hint how you achieved working encryption on CM12.

    Kind regards

Gitolite and Nikola, auto deploy

I am trying to test here, if the autodeploying with git and Nikola works. If it does, I will explain how it works. It seems like GIT_DIR and GIT_WORK_TREE play a big role like described here. Basically you should use a solution like this here.

This is how my script (post-hook) now looks like.

#!/bin/bash
echo Building Nikola output directory..
export GIT_DIR="/home/git/repositories/ulno.net.git"
export GIT_WORK_TREE="/home/ulno.net"
cd "$GIT_WORK_TREE"
echo "Checking out new files on server."
git checkout -f
echo "Building html-files.."
nikola build
echo "Making sure all rights are on read-access."
chmod -R a+rx output
echo "Done building Nikola output directory."