article

|

Interesting, I managed to screw up my blog. Logging in is impossible through a web browser, I get the message:

502 Bad Gateway

nginx

This happened after messing around with the WP Reset plugin, apparently I deleted some custom table I shouldn’t have… Funnily enough I am still able to use the android app to create posts so not all hope is gone.

Weird things happen….

Edit: Turns out I couldn’t access the login screen for my site but could access the comments section (you know the one where you can approve new comments, then from there Dashboard was broken but I could access the menu Tools -> WP Reset). I had the foresight of creating a snapshot before messing around with the plugin, I just couldn’t find a way to restore it, the more you know

Day 21 of

article

|

A brief summary: I’ve been looking into privacy friendly alternatives to software most of us use or used in our everyday lives. To be more precise, an alternative to WhatsApp for communication within my family. Long story short: I lost this one…

A while back I switched from WhatsApp to Signal and kind of forced my family to switch as well, however:

Signal requires a phone number and depends on centralized servers. I know there are ways to have your own server but as far as I know the process can be difficult, there is no one-to-one video calls on desktop (yet) and there is no support for federation out of the box (If you, the reader, have more info on this point I’d love to know since I have only researched on the surface of the topic)

My current solution is a synapse installation and element client app on desktop, iOS and android device, which seems to meet all the requirements I had plus the installation process is fast and easy on a yunohost server

On the technical side of things everything is fine and works, we are able to communicate securely through a home server I own and manage but the thing is: My family only uses element to communicate with me and they keep relying on WhatsApp to communicate between them and others. It is a bit frustrating but at least our video calls are private so there is a silver lining here.

The arguments to use it have been many: “there are no customizable stickers”, “What do you have to hide? don’t be so paranoid”, “I don’t care if I am spied on, I’m not that interesting”, “all my friends are on WhatsApp and I like to have a single app for all my conversations”

I have been trying to explain the risks of thinking like this and after being frustrated for a while I realized that most people concerned with privacy have an electronic or computer engineering (or similar) backgrounds, we sometimes are a bit big-headed (at least I have been at times) and forget how it is to have no understanding of how apps and communication work.

I’d like to use this entry post to encourage people to be more understanding and patient while trying to explain privacy risks or persuading non-tech oriented people, after all, even when we’re right, no one likes an arrogant smart-ass and forcing everyone to be more privacy oriented is impossible.

Let’s keep it up, do and take what you can.

Day 17 of

article

|

Let me start by saying that the purpose of this entry is not to say “Look at how selfless I am for donating money to FOSS organizations or projects” so, with that in mind, I will not list any specific quantities because that is not the point I am trying to make. Having written the proper disclaimer, let’s get to it:

My preferences

In the past month I have written about my projects and experiences with FOSS, self hosting and even digital art. Here’s the list of organizations/projects I support and why I chose them:

  • Krita: I just loved how they’re working hard to include amazing brushes and textures by default. I didn’t try digital before because I’m used to traditional media (in particular watercolor).
  • Yunohost: Easy self-hosting solution, very nice people in the forums and even this blog runs on a Yunohost server!
  • ManjaroARM: I just love what they’re doing for the Pinebook, Pinephone and Raspberry Pi
  • Fosstodon.org: My mastodon instance and what started the whole “better/safer digital life” train I’m on
  • Matrix.org: I’m using my own Synapse server for encrypted communication with my family, thanks to Yunohost.

(there are many more I’d like to support but, you know, adulting and paying the bills…)

Why donate?

Aside from sharing my preferences I’d like to encourage you (my surely millions of readers that is 😛 ) to support any FOSS project you’ve found useful or interesting, either by donating a small amount of money or (even better) by contributing with time and coding expertise.

Day 16 of

article

|

After my last update about my blog migration, basically all I did was install LiteSpeed Cache plugin and mess around with it.

For reference, lots of documentation goodness here

The most important part to note is that I kept getting bugged by both Google’s PageSpeed Insights and GTmetrix to enable text compression.

After some time reading about compression and Marco Saric’s post, I tried to enable compression by adding some lines of code at the bottom of the .htaccess file (accessible by the plugin through: LiteSpeed Cache->Toolbox->Edit .htaccess ):

<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

This didn’t work and realized that gzip doesn’t come enabled by default (most things were commented out) in yunohost’s nginx installation. So I referred to this link and edited the file /etc/nginx/nginx.conf :

gzip on;

add_header Content-Encoding "gzip2";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript

The line 

add_header Content-Encoding "gzip2";

is the most important, after that my blog was tested for compression using: https://www.giftofspeed.com/gzip-test/ and https://varvy.com/tools/gzip/ , both test websites see compression enabled.

I’m still not sure about Google’s PageSpeed Insights but GTmetrix sees it as well. Here are my results (for now):

Google’s PageSpeed Insights
GTmetrix

Just for fun (haven’t looked too much into this yet) I am adding the score for Website carbon as well:

So far I am more or less happy with the results and there is room for improvement. Some settings seem to break my Indieweb and ActivityPub plugins.

Day 15 of

article

|

In recent days I’ve been busy trying to get my blog up and running on my cheapo Raspberry Pi + Yunohost server setup. The process was fun, so here’s a blog entry about migrating my blog (blogception?) from a writefreely instance to my self hosted wordpress instance.

Why though?

To put it simply: because I can.

On a more serious note, my previous blog was hosted at qua.name and there was nothing wrong with it, but I really wanted to be able to have a bit more interaction,  easy theming, and an overall a plug and play solution with a GUI. Now, theming is possible in writefreely instances with a bit of CSS magic but I wanted to stay away from that, maybe in the future… As for the interaction side of things, the ol’ leave a comment kind of thing is good but there are a lot more possibilities.

One of the advantages of writefreely is the built in federation support, and finding out that there is an ActivityPub plugin (in beta) for WordPress was interesting and another point in favor of the change.

My setup

The first step was buying the cheapest domain name I could find on namecheap.com (after all this is a budget server setup), and if I remember correctly, the deal was $8.5 for 2 years.

Then, obtaining a SSL certificate from Let’s Encrypt and the WordPress app installation through yunohost was straightforward through the admin GUI.

Importing posts as plain text files from my writefreely instance was straightforward as well, luckily WordPress seems to support Markdown in its block editor, so it was a matter of copy and paste, updating links to the old blog posts and changing the published date. Also, I had less than 15 posts so… not a massive effort.

Federation and Indieweb

I installed the ActivityPub plugin and began testing, had a little trouble with the entire posts being dumped as a single toot in the timeline, but that was fixed tweaking the settings:

Which makes it possible to have a neat timeline like this:

While testing this, another concept came to light: Indieweb, I opened another can of worms, so of course I liked the idea and I had to make my blog Indieweb compliant by installing the corresponding plugins.

Here’s a list of the active plugins on my blog:

  • ActivityPub
  • Akismet Anti-Spam
  • Classic Editor (this one is important, post kinds and micropub need it, new block editor is not fully compatible)
  • Companion Auto Update
  • IndieAuth
  • IndieWeb (this is one of the first ones to install, it provides how to get started information and provides a list of other relevant plugins)
  • Micropub
  • Microformats 2
  • Post Kinds
  • Semantic-Linkbacks
  • Simple LDAP Login
  • Simple Local Avatars (To avoid using Gravatar)
  • Syndication Links
  • Webmention
  • WebSub/PubSubHubbub
  • WP Fail2Ban Redux
  • Yarns Microsub Server

Last details

Apparently the theme I am using doesn’t display my h-card correctly through the available widget so after reading Kev Quirk’s post, my h-card was manually added by editing the footer .php file, this is nice because it’s just sitting there not changing the appearance of the blog.

This is also efficient because my yunohost installation defaults the wordpress user email to the selfhosted email, and that is not working at the moment (content for another blog post maybe)

The test in indiewebifyme displays it correctly:

Also I discovered that the default settings of the Webmentions plugin make it so that every kind of interaction is displayed as an avatar and not under the comments section so I just changed this:

The results are shown in this post

There are some more details related to the plugins and using bridgy to link your social media interactions to posts, but this pretty much covers the basics and having a look into the plugin settings gives a better idea on how they work.

Kudos to Ricardo, hs0ucy, pixelroiber, and Robby for helping me test webmentions and federation on my previous dummy site and/or the current one.

Next steps will be looking into optimization and such, for now I think the Lazyload plugin messes up my h-card somehow.

Day 12 of

 

article

|

For context, let me refer to my very first entry, the idea was basically looking for alternatives, so here’s the long awaited progress report:

Changes already in place

  1. Using Mastodon instead of Twitter
  2. Using Pixelfed instead of Instagram
  3. (On Android) Using NewPipe instead of YouTube, this one is quite cool, it has all the features you’d want: Download, Picture in Picture mode, Background Music reproduction…
  4. Using Writefreely and/or WordPress (Still haven’t decided) instead of other blogging platforms
  5. (On Android) Using Signal instead of WhatsApp, although that may change in the near future
  6. Using Jitsi Meet instead of Skype, Zoom, Google Hangouts
  7. Using Protonmail instead of Gmail (although not sure if FOSS/FLOSS, they maintain an OpenPGP library)
  8. (On Android) Using Simple Mobile Tools SMS Messenger instead of Google Messages
  9. Using Simple Mobile Tools Gallery instead of Google Photos
  10. Using Bitwarden instead of LastPass
  11. (On Android) Using andOTP (at least for personal stuff)
  12. Using F-Droid instead of the Google Play Store whenever possible

Changes in transition period

  1. Self-hosted Nextcloud instead of Dropbox, Google Drive, One Drive…
  2. Self-hosted Gitea instead of Github (currently only mirroring)
  3. Self-hosted Piwigo gallery instead of Google Photos (more info on my setup here)
  4. Self-hosted email (problems with outgoing port 25)
  5. Self-hosted Synapse (Matrix server) in testing phase, could replace Signal by Element if tests show promising results
  6. Calendar synchronization using Nextcloud instead of Google Calendar (Android apps: Simple Mobile Tools Calendar, DAVX5 and OpenTasks)
  7. (On Android) Trying to use OsmAnd instead of Google Maps (This is by far the hardest change to be made)

Compromises

  1. Facebook is still the platform where everyone plans events so I need that just to follow-up on them (not actively in use)
  2. Whatsapp and Facebook messenger as backup messaging (Trying to move friends and family over to Signal or Element)
  3. Can’t seem to get away from Microsoft: Teams, Outlook and Microsoft Authenticator are used for work

Day 11 of

Text

|

I will try to make this entry resemble a tutorial, hopefully this ends up being useful to someone.

Why start over?

I had been playing around with Open Media Vault before (see this entry for details), but it was mainly based on docker images and I could never get Nextcloud up and running (the closest I came was installing nextcloudpi, but I could never get the docker image to run using external storage).

Also I never got to the part of using letsencrypt to access everything through https, pretty sure there’s a tutorial out there somewhere.

Then tragedy happened, for some reason my SD card just died and I was left with nothing.

After that I decided that my setup needed some improvements, and to be completely honest I also wanted to try something different, in yunohost almost everything is a one-click step when it comes to installing apps so that was a huge point in favor, here I am telling you my story:

Initial setup

After the SD card incident, booting from an external drive seemed like the best option. There are 2 prerequisites for that to happen:

  1. update the pi’s bootloader in eeprom (detailed steps here, see section: Update the bootloader)
  2. burn the OS image to the external drive, and use your favorite file browser to copy & replace some files to the boot partition (no need to do this if you’re using 64 bit Raspbian OS). This is the list of files that need to be replaces (just get them from the repo):
    • fixup.dat
    • fixup4.dat
    • fixup4cd.dat
    • fixup4db.dat
    • fixup4x.dat
    • fixup_cd.dat
    • fixup_db.dat
    • fixup_x.dat
    • start.elf
    • start4.elf
    • start4cd.elf
    • start4db.elf
    • start4x.elf
    • start_cd.elf
    • start_db.elf
    • start_x.elf

In my particular case the base was Raspberry Pi OS lite, I know, you may be thinking: “Aren’t there yunohost images already out there? save yourself some trouble!” and my answer is documented here.
Then after updating, it’s possible to install yunohost (4.0.3 at the time of writing) with a curl one liner: curl https://install.yunohost.org | bash

Post intsall steps are pretty straightforward, here’s a link.

I ended up using a noho.st domain as it was graciously offered for free.

My multi-HDD setup

Note: What this section describes has to be done after yunohost is up and running in the system, I tried doing it the other way around and that caused my SATA HAT to stop working altogether, no HDDs were detected, fan stopped spinning and the little LCD display showed nothing

A while back I got an awesome RADXA Quad-SATA HAT that houses 4x1TB HDDs. It is not detected or working out of the box but the installation process is detailed here. So my system has 5 HDDs (4 in the SATA-HAT and the one I boot from connected one of the pi’s USB ports).

I also wanted to have some sense of security for my data so naturally I set up 2x RAID1 arrays (mdadm is your best friend, here’s a useful guide)

All this sounds very nice, doesn’t it? There’s always a catch: since the external drives are on the SATA HAT it is not possible to just edit fstab and auto-mount them on the system, there is a service associated with the SATA HAT that needs to be running to “see” the drives. My hacky solution for now is mounting the drives everytime I restart the system (yes, by hand, like a caveman).

App installing and configuration

Installing apps was surprisingly easy, Gitea, WordPress, Nextcloud and Piwigo are one clic installs except for Synapse, the fix is just installing from testing branch: sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug

Since the apps are installed in the boot drive I decided to move or reference content to/from the other drives. My Nextcloud instance has access to the external storage so I’m able to “upload” pictures to my external drives. then I just made symlinks from /home/yunohost.app/piwigo/.galleries to reference the album directories in the external drives. Here’s an useful link, also, hopefully you don’t screw up like me but here’s a link on how to remove symlinks. Hacky solution, yes, but it works.

So far my idea is to “upload” content to external storage through Nextcloud and follow the same approach (for blogposts, videos, etc …)

I am also testing communication through my Synapse instance (I can be found as @lopeztel:lopeztel.hoho.st) and the Nextcloud Talk plugin with my folks back home.

Improvements

Because what kind of engineer would I be if I was satisfied? Improvements:

  • I recently bought a domain from Namecheap, so I’ll be using that for my blog in the future
  • Deciding between Writefreely or WordPress to migrate this blog (writefreely has federation and I don’t know if the activity pub plugin for wordpress is mature enough)
  • There is a problem with outgoing port 25 so my self-hosted email address can receive but not send any emails and there’s an issue with reverse DNS so basically even if I could send them they’d be rejected or best case sent to spam. Apparently this is a router issue, my ISP has replied that they don’t block anything on their side
  • Deciding if I move my inner circle from Signal to Element (through my Synapse instance) or just use Nextcloud Talk

Well, that’s all, any suggestions are greatly appreciated.

Day 10 of

Text

|

Ever since I started looking into the Fediverse, FOSS/FLOSS, privacy and self-hosting I was pleasantly surprised by how engaging and helpful the community can be.

As an example: in Fosstodon all my interactions have been very nice, from sharing random unrelated stuff to asking for advice on more technical matters everyone has always been helpful and willing to give advice.

Another great experience I had recently was related with the yunohost project (long story short, my Open Media Vault setup went down in flames, tutorial coming shortly), being kind of a big project one would think that as an individual, communication would be slow or hard, kind of like with companies as a consumer.

Surprisingly, all it took was a toot and a post on their forum to get up and running.

My first interaction was related to the fact that the available Raspberry pi image was neither the latest version (4.0.3 at the time of writing) nor booting on my pi, so after reading that the pi 4 was not supported officially and tooting about it I was surprised to receive a response from @yunohost prompting me to install on top of Raspberry Pi OS lite (it’ll always be Raspbian for me) using a curl one liner.

My second interaction, and after installing some apps, I came across another issue, the synapse (Matrix server) app installation failed and I wrote this post on the forum. I was surprised again to receive an answer in less than 24 hours! This time I just installed from the testing branch on their repo.

I have nothing but good things to say so far, and I will donate to the project, it is only fair and they are doing a great job.

Day 9 of

Text

|

Ever since discovering the Fediverse and reading toots from awesome people in Fosstodon, a little idea started to take shape in my head: perhaps its not that hard to self host, there are tons of tutorials and resources out there…And I need some alternative to google photos to share albums with my family back home

Hardware

After some research and settled for a RaspberryPi server/NAS, now, the purists will say that it is not the ideal platform to host but I think it is perfect to get started and learn the basics or as a hobby, then you can move on to the big boy fancy server hardware.

The first step was to choose the hardware, I settled for this kit because it provides a nice way to attach 2.5″ SATA drives:
Dual/Quad SATA HAT, top board HAT and metal case from Radxa

It was easy to assemble and the process was fun:
Step 1
Step 2
3

Software

For the software related part, I decided to install the Raspbian lite image from raspberrypi.org downloads. And then on top of that OpenMediaVault 5 since there are a lot of tutorials on YouTube and it has a nice GUI. Installation guide

I was up and running after following some instructions in the Radxa Wiki. Ran into some trouble with the Top board hat not displaying any information and RAID because my 4 drives were not detected at first by Open Media Vault and had to set up RAID from terminal- This setup has 4 1Tb HDDs on 2 x RAID 1 configuration – Just remember that forums are your best friends 😉

Now, you can basically learn everything related to Open Media Vault from Techno Dad Life. After a few tutorials I had a piwigo photo gallery up and running, accessible from my local network.

Hosting over 4G?

For the access through the internet part, the not so fun part: it is a long story, but in a nutshell I have to access the internet using a 4G router because my landlord sucks. Anyway it was a bit of a nightmare, after setting up dynamic DNS on my router with noip and also setting up OpenVPN (a very nice feature to have on a router if you ask me) I discovered that neither accessing my local network through VPN nor port forwarding were working.

After tedious exchanges with my ISP/carrier (I am using an additional sim card linked to my phone’s data plan), calls to the store where I got my router from and even TP Link’s product support; some random hero from my ISP’s customer support call center said “Officially we don’t support third party routers, that being said I would suggest you change your APN setting to internet.public” and here I am now, a week after following that advice, sharing photos with my family back home through means I trust and manage myself.

I also installed Murmur (The Mumble server component) on the Raspberrypi 4 and was amazed by how easy it was to set up. My use case is having voice with friends while we play 0 A.D.

Day 4 of