Excellent Android Free and Open Source Apps

Simple Mobile Tools has very nice replacement for basic features no matter you are using the apps that came with your phone’s stock ROM or LineageOS which has the minimum. It’s lightweight yet it does a little more than most default basic apps


  • Yet Another Call Blocker (it downloads a database to your phone instead of uploading the phone number to the server to do the check)


  • Brave (Can use sync chain that your data is not stored in other people’s cloud)
  • DuckDuckGo

Maps & Navitation

  • OsmAnd – Offline Mobile Maps and Navigation
  • Organic Maps – very neat map apps that shows the walking trails!

I do not recommend Navit for Android as it’s very slow and broken. GTK+ style GUI looks very odd on Android.




  • Rumble
  • Odysee (LRBY)
  • Youtube Vanced (Youtube app broke which keeps demanding me to update when it’s already the latest)
    You can change the comments behavior in Vanced settings

Social Media

  • Twidere: excellent Twitter/Mastodon client (Twitter’s official client is very resource intensive and sluggish.)

 0 total views

dd-wrt web admin UI WTF!? Inconspicuous invalid config combinations crashes your router out of the box.

I was puzzled by why my dd-wrt router behave erratically each time I change the “Start IP Address” in DHCP leases to an upper range and I just figured out why.

I hate the user interface of dd-wrt with a passion, but it’s the only open source firmware for one of my routers that signed Broadcom’s close source NDA to get its fucking driver SDK so I’m stuck with it:

Ugly as fuck

In the bad old days people think it’s a good idea to make 4 little edit boxes for IP addresses than checking if the input conforms to the IP address format with dots. But it cannot detect ‘.’ keypress and jump to the next box (use Tab instead). e.g.

Inconsistent state possible

Start IP address, which is dependent on Local IP Address, is not updated/reflected until you press “Save”. This means every time you make a change, you need to hit “Save” immediately so other dependent settings will make sense before you start editing them.

Features are arranged/grouped like config files

This is bare minimum effort on UI dev, which is not much better than going to linux prompt and edit the config files.

With config files, at least we’d be more careful and try to understand what each key-value pair mean and their relationship map. This lousy web admin UI interface gives a false impression that non-developers knows what they are doing, so it turns into a puzzle that we’ll have to google the answer for every fucking basic application.

Using the web UI instead of editing the config files feels like programming in assembly as an improvement over programming in raw machine code. It’s begrudgingly painful.

One example is the grouping for wireless radio. For most considerate web admin interface, the SSID are grouped logically with your WiFi password, but in dd-wrt, you set SSID in “Basic Settings” and the WiFi password under “Wirelesss Security”. Make sense for the programmer to decouple the radio from the access control (group by features), but it’s not application/use case oriented (group by radio interface), thus it frustrates users.

Non-intuitive (less common) presentation

As described above, out of developer’s convenience, dd-wrt’s web admin UI just do everything that makes beginners’ life miserable or just throw them off. e.g. Windows users are used to specifying the subnet mask in quad-dotted notation like, not the CIDR notation like /24:

Confusing names

The names are often too terse that creates confusion with similar named features in a lot of places.
e.g. “Wireless GUI Access” does not mean the welcome page for your Guest network, but whether the wireless client have access to the Router Administration‘s Web UI!

It’s probably a few minutes of extra thought to call it “Allow admin web UI: Yes/No”

Another example is AP Isolation, which is under Advanced settings tab for each radio:

Is this isolating APs in a mesh or isolating clients connected to the AP from each other? Turns out it’s the latter! Just say “(For this AP), allow connected wireless clients to talk to each other on the same network: Yes/No”. I think it’s a common use scenario that the regular users should be aware of and shouldn’t be stowed away with obscure radio/PHY-level tweaks (settings aimed for hackers).

Overloaded names

The admin web UI is littered with overloaded names/terms which means something completely different depending on context (like the settings 2 lines above). For example:

Image:Access point.jpg
Access Point (AP) mode
The SSID here is the SSID of the Access Point
(Wifi host. AP station accepting wirelesss clients)
Client/Repeater[Bridge] Mode
(all involves the dd-wrt router connecting to certain AP station/SSID)
The SSID here is the SSID where the Client/Repeater-Bridge/Client-Bridge is attempting to connect to that contains the uplink/WAN!

WTF?! The dialog box looks exactly the same despite the wifi section is acting like a completely different device! What the fuck is “Network Configuration: Unbridged” for a Client Bridge?! HELP!

Unchecked invalid combinations that crashes!

This is the most frustrating behavior and should be considered a bug. I wasted days resetting my router over and over and it keeps hanging randomly after I change the DHCP server’s starting IP address. This is the default out of the box settings:

Default DHCP settings. End IP Address is

End IP Address = Start IP Address + Maximum DHCP Users – 1. They probably chose this number to reserve for static IP (like some admin page of other devices). 255 is broadcast IP so of course it shouldn’t be assigned

Moving the the “Start IP Address” up without adjusting “Maximum DHCP Users” accordingly will make your router behave erratically because the DHCP will try to lease IP out of range!

This will corrupt your router’s memory!

The End IP Address is displayed on Status -> LAN -> Dynamic Host Configuration Protocol -> DHCP Status. And here’s the WTF moment:

The End IP Address is now in a different subnet from the Start IP Address!
I’m using /24 so 192.168.1.X is different from 192.168.2.X.
From the web page, the attribute name is “dhcp_num”
This is the code that shows the derived ‘End IP Address” shown above

I don’t know how it is coded, but if this number is computed in a low level way, chances are it’ll write garbage to the memory (for example if the number is used as an array index). I think normally it’s checked in any not so shitty user interface so the invalid state/condition won’t propagate down the code and hang the router. But in my case it did. If I just reboot the router without resetting to the defaults, it’d just hang again after a few interactions (like moving between a few pages or applying a setting).

In any case, this check must be done at user level as even if the low level code say, quietly sets a valid default value when an invalid range was ‘entered’, it’d only surprise the user and make it even harder to troubleshoot. This UI bug is even less excusable as it’s more natural to have users enter the (Start, End) instead of (Start, # of slots). Probably takes half an hour more in coding to layout the UI code to enter ranges (add 4 boxes for quad-dotted notation for End IP and check them instead of just 1 box for # of DHCP leases), but making the user to do mental gymnastics and punish them by if they did it wrong is just outright terrible.

FreshTomato has quite a bit of learning curve, but at least it try to do something that’s sensible for users for common scenarios instead of sticking strictly to how the code/config files are written at developer’s level.

I seriously thought of tossing my router that only have dd-wrt as the only fully functional open source 3rd party firmware and find one that works with FreshTomato/OpenWRT/Merlin or the like. DD-WRT is powerful but the UI suck big time, not because the features overwhelm less tech savvy users, but it’s purely unnecessary torture and pain even you know why it’s done that way.

 1 total views

Fedex loses your shipment, UPS roughen up your shipping boxes, and DHL (US) doesn’t care to ship.

There’s no good delivery service in the US. Each one of them just suck in a different way regardless of how much you pay them.


Fedex lost my $1700 shipment (oscilloscope) in 2018 by scanning the package they mis-delivered* as delivered, and the people in Memphis didn’t give a damn about finding it. Unfortunately, the seller gave me free shipping and he didn’t insure the shipment nor require a signature; because the package was scanned as ‘delivered’, the ball is at my court.

Fedex basically told me to suck up the loss and take the $100 claim (that’s the default insurance).

Fedex’s fail opened a Pandora box of complex legal liability issues about who’s responsible (I believe it’s whoever that made the shipping insurance decisions is responsible).

The unit has an upside close to $10k if I get a chance to repair it, so it wasn’t just $1700 that was lost! That’s why I always get angry when Fedex lose my purchases (either breaking it or losing it) because the purchase price is the max of what I can claim so it can never cover the upside (which is often multiple times of what I’ve paid)!

Since this incident, I often prefer having eBay sellers ship on my account (or I make the label for them) because it’s easier for the recipient to do the claim (as shipping companies takes the one who pays them much more seriously). Also it’s kind to the seller because they’ve fulfilled their duty and it’s beyond their control if Fedex breaks it, they might need the money and don’t have the capacity to reimburse me first and wait for Fedex to reimburse them.

I used to love Fedex because Fedex Ground was more gentle handling packages. I’ve witnessed a few times inexperienced sellers screwed up on the packaging so bad that it couldn’t have possibly arrive in one piece unless the entire delivery chain was very gentle with the shipment and Fedex Ground saved the day and the instrument arrived without a dent.

This comment do not apply to Fedex Express as they broke my shipment a couple of times. They paid the claims but I wasn’t happy because the shipping damages costed more than my purchase price and I cannot find a comparable deal because those were rare finds.

I met a Fedex old-timer at the hub picking up a thrice missed deliver and shared my experience about how well Fedex saved the poorly packed shipments with extra care and UPS shipments often looked like the boxes was chewed by a dog. He loved his job and passionately told me that Ground and Express are like 2 separate entities and Fedex is self-insured: if Fedex break your package, they pay your claims out of their pocket, not through a 3rd party insurer (like UPS) so they feel the pain feedback more directly. I could at least feel that Fedex has people who cares.

I had been a loyal customer to Fedex even if they charged more than UPS. However, this incident change my mind and I switched to UPS (despite they are rough on packages) for good. Having a damaged shipment is better than no shipment. Since then I use Fedex only if my customer provides their Fedex account. If I am the one who makes the decision, I won’t use Fedex even if they are cheaper (which they are not).

I emailed their CEO and told them that they cannot just trust their drivers to scan the packages without GPS cross checking the address and take their word for it. By 2021, a few of their drivers still have a habit of scanning the package at the truck or anywhere that’s not at my door! Do they know much panic and agony they’ve created for the customer when the customer sees a ‘delivered’ email and look outside and see nothing!?

* I knew for 100% sure that it was misdelivered (not lost to porch pirates) because 3 weeks later, without Fedex’s involvement, an unrelated apartment leasing office 2 blocks down called me and said they had my package but no phone number (eBay stopped providing it to sellers) so they had to Google stalk me to find my contact info.


Despite my incoming UPS frequently arrive in beaten up boxes, they have yet to create big losses for me. Having thick and robust padding might mean your package might arrive in one piece, but it doesn’t stop whiplash from happening.

I shipped a PC-based oscilloscope to a customer 1 hr away from me and the PCI card got bumped out of the PCI socket on arrival. From my customer’s description, I knew right away it’s a PCI card that got displaced during shipping so I didn’t bother to have them ship it back to me, reseat it on my end, just to have UPS whiplash it again, so I drove to their site and reseat the card.


DHL entered US domestic market in 2003 and withdrew in 2009. They tried to be the discount delivery to undercut FedUPS in price by not having properly staffed locations and rely on everything filled online and sparsely located drop boxes.

What they didn’t realize is that like a buffet restaurant, logistics is an economies of scales game. You can easily get into a death spiral that people don’t come because you cut corners, and you are tempted to cut even more until you are eaten alive by fixed costs. With FedUPS already established their network, a new competitor cannot expect to scale up organically. People are not going to live with huge inconveniences to use your clumsy network just to save 5%~10% on shipping.

DHL still has a little presence in the US and their ‘sales’ (account manager) called the most persistently out of the 3 companies yet the rates they offer for small business is far more pricey than UPS and not even better than my Fedex account. Even for international shipping, which is supposed to be DHL’s stronghold, is more expensive than UPS after discounts.

That aside, even in the 2020s, they still work like in the 2000s which they don’t have dedicated shops and have a minimum crew and tiny vans picking up packages from drop-boxes and mom-and-pop shops. There’s absolutely no good reason to use them as they have no merits in any dimension whatsoever (speed, price, reliability, convenience). Why would I pay more to deal with more inconvenience?!

Today I got a foreign customer with a DHL account for me to ship against, and to my dismay, I found DHL is a total f*cking disgrace! It just felt like they’ve completely given up and waiting for the management to pull the plug! Here’s what I went through to ship a time-sensitive package:

  1. I haven’t logged in to make a shipping label for a while and noticed my email/login ID cannot get access to MyDHL+! I remember the last time I used DHL, it wasn’t called MyDHL+. That could be the reason.
  2. I can access my DHL billing account, which was separate from MyDHL. So I suspected they did not migrate my login information to MyDHL when they updated the system
  3. I emailed customer service and it took them a day to reply to my email EACH trip. The automatic reply reads “Thank you for contacting DHL Customer Billing Support Department. Our hours of operation are Monday-Friday, 8:00am-5:00pm (CST). We will return your request within 2 to 3 business days“. They are working at the French’s pace!
  4. Without logging in, I tried creating the e-waybill as a guest and they only take credit cards and there’s no option to use my customer’s shopping account, which means paying the retail rate at my expense! At least they should have the decency to have guests use recipient’s DHL account number and provide the credit card for charge-backs!
  5. This left going to the stores and fill in a waybill manually like a grandma as the only option to use my customer’s DHL account. I did it before in the past so I thought it’d work this time.
  6. I went to one of the crummy mailing shops taking packages for UPS and filled in the paper waybill there and was accepted.
  7. Since I’m at the mailing shop close to the cut-off time, I met the driver and he said manual/hand-written waybill is no longer accepted, but he’ll make the exception and take the loose paperwork to the office and make a label for me. This worried me as there’s no identifying information on the box so I’m gambling on the driver’s memory with no recourse or means to recover the package whatsoever if it wasn’t done correctly (i.e. broke chain of custody).
  8. 2 days later the package showed up at my door with DHL’s note in the pouch saying that the package was refused because they no longer accept manual waybill!
  9. WTF! It was an urgent package and they gave me force promises and wasted 2 days and it landed on a Saturday so I’d lose a whole weekend! WTF!?

This is an example of gross incompetence from IT to back-end to front-line workers. DHL in USA is broken, way broken, even for their international delivery services. DHL is now creating harms! I’d be saved had the workers told me to take my business elsewhere. I’d still had a an hour and a half to run to UPS if they had turned me down at the store!

DHL do not let you bill to an account unless you login
What I got from the package sent back to me, which wasted 2 days.
The driver said he’ll make the exception, but the office ended up rejecting it.
Not only it wasted 2 days, it landed me on a weekend so it could have been 3 days lost for an urgent package if it weren’t for UPS picking up on Saturdays!

Manual waybill wasn’t even one of the standard reasons for rejecting packages!
Sounds like DHL just whipped this cheapfuck policy out of their ass!

I ended up shipping with my own UPS account right away (using the expensive options to recover the lost time) and bill my customer later since the package is urgent and I don’t have time to go back and forth with this loser shipping company!

I’ve lost so much of my own time and energy fighting with this DHL nonsense, not to mention the stress as DHL was wasting days for an urgent shipment.

DHL has become so non-redeemable that unlike Fedex, I wouldn’t email their management to give them feedback because through this incident I can sense that nobody working there cares. The best I can do is to just tell my customers to stay away from DHL.

EDIT: The billing support just replied on Sunday after I replied to them with the DHL account number they asked for, what I got was “For further assistance on this shipment please contact our Customer Service at 1-800-225-5345 or MyDHL.Express.dhl Help and support Tip and Advise.“. I think they are not working in US hours despite their emails claimed so (likely Europe time), which would explain that they started the weekend earlier than I expected. More importantly, they are totally wasting my days by asking for details and in return gave me a generic boilerplate response that’s totally unhelpful. DHL in the US is hopeless.

 3 total views

RS-232 Stop Bits in Agilent Instruments

Turns out Agilent instruments do not use the same defaults for the RS-232 in their instruments.

54600 series uses 1 stop bits (most common):

RS-232 modules used in old 54600 series
54620/54640 series (newer 54600 series)

However other bench instruments such as power supplies (E3640 series 663X series) and 33120A arbitrary waveform generator uses 2 stop bits (fixed regardless of parity), which is usually NOT THE DEFAULT for most terminal clients:

E3640 series and 33120A’s RS-232 configuration.
Parity only trade away one data bit, so it does not affect stop bit
663X series powers supplies’ programming manual aren’t explicit about that except in code example

 7 total views

F#*@ing newline in Putty

I tried to use Putty to connect to my serial port test instrument (Agilent’s 33120A or E3600 series power supplies) and to my dismay it doesn’t respond to my commands.

I figured it might be newlines not being recognized properly. Checked the programming manuals and found that HP/Agilent accepts LF (‘\n’)as newline and optionally allowing a CR (‘\r’) before it (i.e. CR+LF like Windows).

I thought this configuration (Implicit LF in every CR) would work:

However it doesn’t! I had to dig through internet forums to find out that the ‘Terminal’ settings page controls what gets SPIT OUT TO THE TERMINAL SCREEN, not how your keystrokes are treated/sent! This page controls what your keystrokes mean:

However, it says nothing about what Putty does with ENTER key. I found from Stackflow that Putty sends out only CR (‘\r’) when ENTER key is pressed.

Turns out with terminals,

  • Ctrl+J is LF
  • Ctrl+M is CR,

and the convention for ENTER is Ctrl+M (also mentioned here):


So if you want ENTER/RETURN key to generate LF (instead of CR) with the official putty, you have to press Ctrl+J each time!

Putty sending CR (Ctrl+M) with ENTER key by default is also hinted by the default Telnet (only applies to telnet, not serial) setting in the Putty docs “Return key sends Telnet New Line instead of Ctrl+M”, which means outside Telnet, it the default behavior or ENTER/RETURN key is Ctrl+M (CR)!

Ironically even HyperTerminal came with the option to send out CR+LF on ENTER key! Luckily some kind soul (Grzegorz Niemirowski) compiled a mod (currently v0.74) which added the option and and posted it on Stack overflow:

 5 total views

RS-232 motherboard header mapping (DB9)

The pin ordering for RS-232 (DB9) pin is sequential is row-wise (the long side is a row) while the IDC-10 (ribbon cable) header is column-wise (zig-zag pattern).

This might be a little confusing because geometrically, they are in-place on both sides (you can overlay the pins of DB9 on top of IDC-10 and they align perfectly, except pin 6-9 was lowered by half a notch on the DB9 side). I am writing this post so nobody waste their time separating the wires in a ribbon just to find out the DB9 was designed so it aligns with the flat ribbon cable perfectly.

Here’s a great tutorial building your own RS-232 cable which I took the images from to illustrate the point. Please pay them a visit to show some love: https://developer.toradex.com/knowledge-base/assembling-serial-idc-to-db9-cable

If you split the table on the right in half (cut after pin 5) and place pins 6 (DSR) ~ 9 (RI) on the right, you’ll see it align with the IDC10

1DCD (Data Carrier Detect)
Check if connection dropped
DSR (Data Set Ready)
DTR-DSR Handshaking
2RxD (Receive Data)
RTS (Request to Send)
RTS-CTS Flow control
3TxD (Transmit Data)
CTS (Clear to Send)
RTS-CTS Flow control
4DTR (Data Terminal Ready
DTR-DSR Handshaking
RI (Ring Indicator)
For phone rings
5GND (Ground pin)– (Not connected)10
Rearranged DB9M RS-232 to align with IDC10

Cable-tester.com has a clearer annotated picture that matches the physical mapping above:


Note that the tutorial itself has Tx(D) and Rx(D) reserved it was building a null modem cable and they skipped all the handshake lines. I’m doing a straight cable (which should be done for internal board header cables where the DB9 socket is male, hence DB9M).

The DTE/DCE might be confusing. Hope these properties can help people make sense out of it (so you can figure it out in your head confidently instead of randomly trying null modem adapters till it work)

  • DTE device (colloquially ‘computer’) has the pattern as shown in the pictures above (receive pins above/before the transmit pins), which is usually the computer end and the port/socket is male. Think of it as the ‘driver/master’ (though it’s arbitrary)
  • DCE device (colloquially ‘modem’) reverses all the sends and receives of the DTE. Can think of it as the ‘receiver/slave’ (though it’s arbitrary). It’s usually the modem and the port/socket is female.
  • For DTE-DTE (like data transfer between two PCs), the send lines on one side should go to the receive lines on the other side. A null modem cable that swaps the send pins with receive pins. You can think of it as making one side DCE. Given that the topology is symmetric, it’s up to the software set up to decide which side is the initiator/client (master) and which side is the reactor/server (slave)
  • The handshaking (optional) and flow control (optional) lines also have their initiator/reactor roles reversed with null modem cable.

Here’s an image for the above mapping:

Puertos E/S COM

It turns out the direct geometric mapping (IDC male pins match the relative locations of the DB9 male pins) mentioned above is the less common type of motherboard header configuration. IDC ribbon crimp-on DB9 headers like this:

ฅนบ้ายอ: [34+] Db9 Male And Female Connector Pinout

has to follow the above geometric layout since the pins cannot be remapped (so it has to follow the ribbon order). The soldered version looks like this:


However, the more commonly seen soldered RS-232M to IDC10 header uses a transposed configuration (which DB-9M pin numbers matches IDC-10 pin numbering EXACTLY despite one is row-major and the other is column-major), which has nothing to do with the IDC10 pin layout mentioned above.

(I don’t think it’s a good idea to call it ‘crossed-config’ like CWC did.
It almost mislead me to think it happens to swap the roles of Tx and Rx.
I did the mapping on paper and it didn’t make any sense.
Let’s call it ‘transposed-configuration’)

The crazy thing about the existence of these 2 pin layouts is that there’s no way to tell which pin layout/mapping it is until you open the connector up and inspect the solder joints!

So if you just buy some old scrap parts that came with old motherboards, this might confuse the heck out of you until you tested the pin mapping with a multimeter and realize things doesn’t add up!

Note to self: just open the DB9 side up whenever I see a DB9-IDC cable and mark the configuration on the DB9 end directly on the cable!

 8 total views,  1 views today

Off the Goolag (2): Low cost shared hosting

For absolutely privacy, avoid using email (say, talk on Signal instead). Unless it’s inter-server mail in zero-knowledge encrypted providers like ProtonMail that also encrypt the message headers (meta-data, especially who’s sending to who), expect determined people with enough social engineering or authority can see it naked. It’s the same deal as snail mail where people in the post office can see what’s written on the envelope.

For big files like photos and typical cloud storage, which you should self-host these at home anyway. If you are worried about slow internet connection and downtime, you can pay for Zero-Knowledge cloud storage (which the server owners don’t have the master keys to your files) to add redundancy.

The next step down is to self-host your email, contacts, calendar, tasks (productivity suite) which you physically own so nobody can peek into it as long as you guard your home.

Hosting these services from home might be more work and risks (downtime), especially when it’s possible that your ISP’s IP address block is on the spammer’s list or if your ISP blocks the ports needed. The less secure alternative is to pay for extremely cheap shared web hosting services (we are talking about <$4/mo regular price and <$2 for the first year) which

  • you can make as many email accounts as you wanted
  • each email account comes with contacts, calendar, tasks as a bundle
  • use your own domain name
  • also host your own webpage and wordpress site

With Google, Microsoft, Apple and other big providers, they have big security teams to protect your data from hackers, but because of their centralized nature, it’s much more rewarding for hackers to breach one big provider than going after little accounts spread across different servers and IPs. Unless you are a high profile person or expect to be specifically targeted, you are better off managing your own productivity suite’s hosting/storage.

More importantly, it feels creepy when Google harvest my email and suggest I allow them to automatically register my appointment on my calendar. Random staff might not be reading our emails, but bots are and god knows what else they can do just by updating their code if they someday want to turn on us. They’ve become so powerful that with enough bankroll, they can make our politicians look the other way so there’s no way to stop them if we become dependent on their platforms.


The instructions below assumes your shared hosting provider adopted cPanel as the account management interface which you have access to.

Like Google, your Gmail (email) account is also your account for a variety of productivity services (contacts, calendar, tasks). You can set it up by logging into cPanel, often https://(your server here)/cpanel.

There are a few naming conventions in cPanel that are different from Google’s ecosystem:

  • Login name is your ENTIRE email address because you can have different domains attached to the same hosting storage so you must enter the domain name after the @ sign for it to tell the accounts apart


In modern times, I’d stick with IMAP for email (which is enabled by default in cPanel). Since Google would like to keep you in their ecosystem as much as possible, IMAP is not enabled by default for Gmail.

Note that due to tougher security settings in shared hosting email server (EXIM Internet Mailer), you might not be able to receive email sent from servers with shady practice (often done by spammers) such as the source address’s server not resolving with DNS (no A or MX records). Skype server might have a typo in their verification email server so I cannot use my shared hosting email address for it.


Web email interface (you have a choice between Horde or RoundCube) is at port 2096. You can access it by

https://{name or IP to the shared host server assigned by your provider}:2096


https://{name or IP to the shared host server assigned by your provider}/webmail
(which will redirect you to port 2096 above)

In most cases, your domain name attached to the hosting points to the actual underlying shared hosting server assigned by your provider. I’d prefer not to use the underlying server address/IP because it might change when you move between hosting plans.

Also, per security design, WebMail doesn’t warn you when you enter non-existent email addresses (login). I’ll just silently loop you back to the login page again without explanation if you got any part of the login or password wrong.

DavX5 for calendar/tasks (CalDAV) and contacts (CardDAV)

In Android, calendar and contacts (also known as address book) are stored in a standard place shared by apps that picks them up from the system (email storage is per app, since POP3 and IMAP itself already does things very differently)

The default Calendar/Contacts app made it look like you have to use Google Calendar/Contacts to set up an online account (by default it came with Device/Local and Google accounts as option), but you can inject CalDAV/CardDAV accounts into the Android’s calendar/contacts system with an app called DAVx5.

The App is FREE if you download it from F-droid but costs $5.99 if you download it from Google Play. It’s not a loophole, but the authors want people to move away from Google Play and use F-droid, a Free-and-Open-Source (FOSS) app store.

DAVx5 works in a little unusual way that accounts are NOT added through calendar/contacts app but instead you register your CalDAV/CardDAV accounts, select the folders to sync, SYNC IT, then each sync’ed FOLDER (you hear me right) will show up as standard Android Accounts (just like Google/Samsung Accounts) which will work with any standard Calendar/Contacts app. All management (add/removal) happens in DAVx5.

When you set up an CalDAV/CardDAV account, remember NOT to use the first option “Login with email address”! You must enter the URL which points to Port 2080 of the shared hosting server

If you forget to enter the port number, the account will be set up with CalDAV/WebCAL, without CardDAV!

Select “Groups are separate vCards“:

Help - Davx5 (Davdroid): How do I use the Posteo address book and the  Posteo calendar on Android devices? - posteo.de

Basically CardDAV is just a folder storing each contact as VCF (vCARD) file and CalDAV is just a folder storing each event/task as an ICS file. Basically it’s just a primitive HTTP file manager hosted with HTTPS login and apps are supposed to find the folder using a consistent naming scheme.

 9 total views

Freshtomato for Netgear (Nighthawk) R7000

Netgear R7000 supports these major forms of firmware

  • DD-WRT (Powerful, but very messy web interface that are sometimes non-intuitively organized)
  • FreshTomato (Powerful. I wouldn’t say easy to use but mortal souls can understand it)
  • XWRT-Vortex (Easy to use AsusWRT Merlin web interface adapted for non-Asus routers)

There are other forms of Tomato that support R7000 but only FreshTomato is actively maintained as of late 2021.

However updating it from stock firmware to FreshTomato has some model-specific quirks (that you cannot extrapolate from general procedures for other models)

First of all. You cannot update directly to the latest firmware. There’s a bootstrap (intermediate) firmware called INITIAL (usually downloaded from ‘Netgear R-series initial files’ folder) that must be installed (upgraded from stock firmware to) FIRST so the router is ready to accept the latest/full firmware.

Here’s the model specific quirk: the default login/password is non-standard for R7000! It’s not root/admin (unless you press the button to reset the NVRAM)! It’s admin/@newdig!

After logging into the bootstrap/INITIAL freshtomato with the password above, upgrade the firmware to the latest (the one intended) and choose clear NVRAM along the way. The default login/password will be root/admin as standard for freshtomato.

There’s another twist for SSH connections! The username in your web admin interface do NOT matter! The username is ‘root’ for SSH regardless of what you set in the web interface, your password is the one entered in web admin interface! This is super counterintuitive!

 10 total views

Off the Goolag (1): Android (AOSP)

App Stores

The first thing to worry about after a fresh install is getting the Apps you need. I’d recommend installing all these app stores to start with:

  • F-droid (Only free and open source, privacy-respecting and community verified apps. Some paid apps on Google Play such as DavX and FairMail is free on F-droid to promote it! Note that sometimes the F-droid repository might be a little behind)
  • Aptoide (App writers self-publishes app under community scrutiny, which sometimes let you download geoblocked app. Fairly updated but not as updated as Auora. The apps are not tightly guarded as F-droid)
  • Auora (It’s a proxy to downloading the APK from Google Play store without letting Google track you. It’s anonymous account is international, which makes the search for the basic apps very difficult as it’s seeing a worldwide scope. You can have Auora sign in with a disposable Google account for apps that are relevant to your regions. Remember to disable your Google Play if installed and have Google Play links open with Auora.)

Yalp store is outdated and not actively maintained. Google Play store proxies needs to constantly fight with Google’s changes so they need to be updated frequently. Just stick with Auora for now.

Install Island (Sandboxing apps)

This is the very first app you need to install after you get F-droid or Auora. This app is a must even if your phone is not DeGoogled. A lot of apps asks for more permissions than they actually needed, but sometimes we are stuck with using them (like required at work).

The solution is to create a sandbox (another copy/instance of the app) that has a different space for app data and they cannot see your actual call logs, contact list, photos, etc even if you gave them the permission to do so. It’s called an ‘Island’ and the native space is called ‘Mainland’.

Putting an app in Island (work mode) doesn’t protect you from other access requests such as location, etc. Nonetheless the mainland and island app has their own data space (i.e. you have to configure it twice as if the apps are freshly installed) so they can have two sets of settings and application permissions.

Apps installed through the Island instance of the App Stores / Browsers above will stay in Island mode. Apps installed through Mainland instance of the App Stores will stay in Mainland mode. They are totally separate as intended. You can clone the APK/app between Island and Mainland through the Island App.

Note that some VPN clients will have a split personality (which is a good thing) between Mainland and Island! This means you get to have a group of apps that’s on VPN and a group of apps that’s on the direct network without managing them one by one with split tunneling!

Also note that the Island won’t be able to access external storage like SD cards. It’s by design so that Island apps are trapped in their own virtual space so they cannot snoop around your personal data even if you gave them the permissions (demanded during installation)

Browsers: Brave + DuckDuckGo

DuckDuckGo (sometimes the permissions and default app lunching do not work correctly with it. I use DuckDuckGo first whenever it doesn’t break)

Brave (based on Chromium). Replaces Chrome. It has a chain sync feature that syncs passwords, bookmarks, etc like Google Chrome does but WITHOUT AN ACCOUNT. As long as you have one device with Brave connected to the Internet and you did the steps to match the devices, they will sync up.

Keyboard: MS Swift Keyboard

I speak 5 languages and found Microsoft Swift on screen keyboard having nice IME (Input Method Engine) for all of them and also have an intuitive interface that’s not clumsy to use. I prefer it over Gboard and AOSP that came with LineageOS). I do not log in to Microsoft Swift and share data with them (the petty convenience of sharing the clipboard is just not worth it).

NON-CLOUD based Email client: Fairmail / MailDroid

Email is a huge topic which I’ll discuss in a separate post as it often come as a bundle with contact list, task lists, calendars, and taking notes.

Do NOT use free apps that sends your credentials to the provider‘s BACK-END SERVERS which you don’t own and manage, such as BlueMail if you are doing all these to protect your privacy (you might as well use Google if you do that)! NextCloud is OK as long as you host it.

K-9 mail client is promising but I do not like it implicitly forcing you to log in through Google’s web interface to set it up instead of doing the traditional IMAP setup if you use Gmail.

Fairmail has a lot of extra steps during setup because it let you customize the heck out of it and by default (out of the box), it protects you from tracking images and malicious HTML dingleberries out of the box (which hurts readability).

MailDroid is is supported by in-app advertisements (you can remove ads with Pro version). It’s more intuitive than Fairmail and K-9. It automatically detects Gmail’s IMAP settings (not Google OAuth2 login) correctly, but doesn’t autodetect does not work with namecheap’s cPanel mail while Fairmail does.

I don’t use Aqua Mail because the free version do not allow multiple accounts like MailDroid does.

K-@ Mail feels like Gmail. Support multiple accounts. Also autodetect Gmail IMAP correctly but not cPanel email correctly like Maildroid. IMAP Folders do not work correctly for either Gmail/cPanel (it shows nothing): the folder button (bottom left) shows generic Inbox/Draft/Outbox/Sent/Trash/{Folder list} which do not match the IMAP folders. “Folder list” shows the IMAP folders, but when I clicked on them it shows nothing.

Just because of the non-working IMAP folders, I chose to not use K-@ Mail and stick with MailDroid.

I personally like Fairmail because the interface wastes no visual space showing all my IMAP folders. MailDroid is visually pleasing but the folder panel took up too much white space and I cannot tuck away the special (local) folders in the side panel.

Chat: Signal, VoIP: Telegram

Fascist book now requires data sharing with Whatsapp, so people in Hong Kong who don’t trust the fascist Chinese Communist Party regime is dropping it like a hot potato.

Signal App do not keep a master key on your message (if you lose the key, you lock yourself out and there’s no recovery) and is my preferred app for chat. Although Telegram’s owner has a good track record of protecting political dissidents (that’s why it was used in 2019 Hong Kong Protests), it’s not fully open source and the owner still has the master key. Telegram is still way better than Whatsapp but for full privacy I stick with Signal App.

Signal App’s voice over IP is a little weak and it can break up easily on spotty network connection. Telegram is much better in terms of voice quality so I basically use Telegram as a VoIP phone and leave the chats to Signal.

 10 total views

Off the Goolag Applelago! (0) – Introduction

Privacy: detaching identity (fingerprinting) from activities!

The new idea of privacy is not hiding what you normally do (legal) perfectly, but to make it difficult for automation to uniquely identify and match you so your habit doesn’t get observed and stereotyped. For example, I love fried chicken and watermelon, but I don’t want to see advertisements for malt liquor.

Apple’s ecosystem is tightly controlled, so the uniqueness is guaranteed. If you use Apple products, you are totally at the mercy of Apple Inc AND their employees (whom you didn’t hire) honoring their legal, contractual and moral obligations. It’s by design: Apple limits what you can do within their imaginations so they can limit the scope of what kinds of thing that can possibly go wrong. The side effect is customers are giving away their freedoms to authoritarians for convenience and promised protections.

Therefore my exploration of escaping the Goolag Applelago do not consider Apple products. They can turn into Chinese Communist Party dictatorship at a flip of a switch when they’ve became so powerful that they are above law. Given how they bankroll the lobbyists and how close they are to ChiCom/CCP, it’s a more realistic threat than most think.

Operating system: AOSP

I don’t have a Pixel so I cannot try CalyxOS and GrapheneOS. For usability, it’s most practical to have Android-Open Source Projects builds that does not contain proprietary Google apps. Many proprietary Google services are built in stock ROM, so these AOSP builds either remove them or replace them with MicroG (which do not track users) so apps that depends on the proprietary Google Play Services will still run.

So far I’ve tried these OS that supports a wide range of old phones:

I’m least impressed by the performance of /e/. It’s very laggy compared to the rest to the extent it’s close to the Stock ROM. The concept is good that it tries to have a tightly integrated user experience (including Cloud) to replace Google’s ecosystem, but the apps that came out of the box is primitive. “Apps” is a nice package installer that gives a bit more access to common apps that’s a little less than Auora OSS (but easier to find) and a lot more than F-droid. That’s the only good thing I can say about it for now.

NanoDroid came with a lot of well-designed, excellent privacy-respecting open source apps that is eye opening (I’ll discuss it in later posts). They have a few more apps pre-installed than what I wanted, so I went with LineageOS + microG so I can pick-and-choose my apps.

The official LineageOS comes without these Google’s proprietary infrastructure, so either you install proprietary Gapps through TWRP (one of the universal bootloaders to install LineageOS and the like), which defeats DeGoogling, or painfully install microG on top of it. I decided to go with the latter.

The phone works A LOT FASTER (fluid user experience) with LineageOS than the bloated crap that came with Stock ROM.

WARNING: Things to watch out while mucking with Android OS upgrades/changes

Absolutely back up your files (apps, photos, videos, downloads, settings, etc) to external drive or cloud storage first! Do NOT trust any of the doc that your OS might work after an ‘upgrade’. It doesn’t. The AOSP builders did not spend much time thinking of migration issues (these are boring thankless menial work that nobody wants to do it for free, so don’t get your hopes up).

You MUST ALWAYS assume that you’ll have to factory reset your device, which I recently learned the hard way by losing data because I formatted the SD card as internal storage (called adoptable storage) in LineageOS 15.1 then unwittingly deleted the encryption key to the SD card while factory resetting the device because the /data and /system partitions are not in a compatible state with the new 18.1 (or even 16.0)!

Some maintainers are not very fond of adoptable storage so they don’t put much thought into it hoping it’ll go away. Adoptable storage a useful feature but it’s full of traps (fragile) so it’s best to avoid it altogether unless you swear to not upgrade your LineageOS and assume the SD card will live and die with the device.

 11 total views