Aria2 WebUI Notes

Aria2 is a convenient command line downloader that works like curl/wget on http/ftp, but it also support many other protocols, and it aria2 natively multipart download!

Instructions for Aria2 on Entware hosted by Lighttpd (defaults to Port 81): https://www.snbforums.com/threads/aria2-webui-on-asuswrt-merlin.63290/

Instructions for Nginx on Entware (defaults to Port 82): https://hqt.ro/nginx-web-server-with-php-support-through-entware/

Instructions for Aria2 on Entware: https://hqt.ro/aria2-download-manager-through-entware/

There are some minor details that changed.

# Install the base (core) software first
# This example is for entware
opkg install aria2

# Download the package from Github zip to /opt/tmp
wget -c -O /opt/tmp/webui-aria2.zip https://github.com/ziahamza/webui-aria2/archive/master.zip --no-check-certificate

# Make sure you have some web server installed (nginx, httpd, apache, etc.)
# Nginx HTTP server instructions
# https://hqt.ro/nginx-web-server-with-php-support-through-entware/
# Make sure you know what {Webroot} is
# for Nginx, {Webroot} is /opt/share/nginx/html

# Unpack to the zip file at /opt/tmp and clean up the zip
unzip /opt/tmp/webui-aria2.zip -d /opt/tmp/ && rm /opt/tmp/webui-aria2.zip
# Move/rename to desired location
mv /opt/tmp/webui-aria2-master {Webroot}/aria2

Nginx defaults to port 82 (change it to where you set your web server). The WebUI can be accessed at http://your_server_here:82/aria2/docs.

/doc is inconvenient, so I created a redirection by placing this index.html under aria2’s root folder:

<meta http-equiv="Refresh" content="0; url='./docs'" />

The RPC host breaks out of the box because the you’ll need to make a few adjustments to /opt/etc/aria2.conf before you can start the service without crashing it (so the WebUI of course will complain with a lot of cryptic error messages):

# Basic Options
dir={Change it to a viable folder that has enough space if /opt/var/aria2/downloads
 is is not big enough}

# RPC Options
# Unless you want to get a certificate, you'll need to use unsecure mode:
rpc-secure=false
# Change your rpc-secret to be matched in "Connection Settings" in the WebUI
rpc-secret=whatever_passphrase_you_like

After you get the config file correct

# Start the installed aria2 service 
$ (the package already have a service wrap over aria2c)
# aria2 seem to assume it's port 81 so the init.d script has a "S81" prefix, but aria2 does not control the port, where you put the WebUI in http. So it's just a cosmetic filename naming convention.
/opt/etc/init.d/S81aria2 start

If the service wouldn’t start (some bad configs might have the service reported as “done” and after you check again in a second with “S81aria2 check“, it’ll report as “dead”. You can debug by looking at what went wrong at /opt/var/log/aria2.log. That’s how I figured I need to turn off “rpc-secure” parameter.

 27 total views,  1 views today

Mailpile Installation Notes

There’s a powerful Gmail web interface replacement for your regular mail hosted anywhere called Mailpile. Think of it as Thunderbird but hosted like a web page. There are a few things I liked about in the process of freeing myself from Gmail:

  • Free to use any email (storage) services and not tie your client to it
  • View multiple accounts at the same time (NextCloud won’t do it)
  • Very clean, concise interface that makes sense (Gmail users will be comfortable with it)
  • Very security and privacy conscious with attention to details! It even encrypts your local email cache and search index if you want to (performance penalty)
  • Excellent email setting autodetection. Just type your email account and everything’s set up for you!

The only downside is that the documentation is a little lacking. There are a few concepts that are not explained that’d confuse and scare users away. That’s why I’m explaining it here.

  • This is a headless service where the interface is webpage you access on a web browser.
  • It’s originally designed to install and run as a local web server where you access mailpile.
  • Call mailpile (can create a shortcut) and it’ll try to launch the correct page for the mailpile client.
  • Mailpile does not maintain a separate user registry: it uses the hosting computer’s native user manager
  • Log into your mailpile using the user account name of the computer where mailpile is installed!

Advanced concepts

  • Install multipile instead if you want other computer to access the headless service
  • You’ll need login to the computer that hosts the headless mailpile and run mailpile AS the user you want to setup once to establish the account before use.

Download and installation instructions:

# Currently there's only Debian-like distributions (because it uses apt-get)
# These instructions do not assume direct root account. Use sudo instead

# Install pre-requisite packages: curl apt-transport-https gnupg
sudo apt-get update && sudo apt-get install curl apt-transport-https gnupg

# apt-key add {contents of the package signing key provided by mailpile.is)
curl -s https://packages.mailpile.is/deb/key.asc |sudo apt-key add -

# Register mailpile.is's package server with Debian apt package manager
echo "deb https://packages.mailpile.is/deb release main" |sudo tee /etc/apt/sources.list.d/000-mailp.list
# NOTE: Official instruction says 000-mailp instead of 000-mailp.list 
#       You need to have some file extension as apt-get checks

# Multipile (mailpile-apache2) = Mailpile + (allowing access from other computers through apache)
sudo apt-get update && sudo apt-get install mailpile-apache2

# You'll need to run mailpile as the user once to establish your account with mailpile before use
mailpile
# If you are on terminal interface instead of web interface, enter 'setup' at mailpile prompt:
> setup
# Follow the instructions on the web interface for setup if you do not use terminal mailpile client interface

Additional Resources: https://greenpark-code.github.io/Mailpile_tutorial/

 23 total views

Use old email clients (like outlook express and Windows Live Mail) with SSL email servers after TLS 1.0/1.1 support ended

My email service provider has recently pulled the plug on TLS 1.0/1.1 support as they reached end-of-life. This means old email clients not written for TLS 1.2 and above will not work when it tries to connect to the server with SSL support!

Google did this in 2014 but offered a compatibility option called “allow less secure clients”. Back then I didn’t know it means TLS 1.0/1.1 until I learned it the hard way when my shared hosting email provider pulled the plug on the old TLS protocols and I scrambled to figure out my email stopped working with cryptic IMAP errors (like suggesting my computer might be lacking memory, which is not true).


Stunnel config that needs to be changed from defaults. If stunnel was installed by entware (opkg), the config file is in /opt/etc/stunnel/stunnel.conf.

  1. Disable (comment out) drop privileges
  2. Remove the [dummy] section since we are going to set up sections for each (server, port) pair. stunnel won’t start without any port forwarding sections.
  3. It already has an [imap] section that’s commented out. Change the local port number and the target server url:port to your liking. Do [pop] if you use POP3 email instead of SMTP
  4. Do the same by adding a [smtp] section for outgoing email

Can look at the log by just executing stunnel. Use Ctrl+C to quit monitoring the logs.

Of course you want to make sure the stunnel service/server is always started on boot. If you are using entware (or jffs scripts) for your router, add the call to stunnel to /jffs/scripts/post-mount and make sure you set the script to executable so it’ll run:

#!/bin/sh
...
stunnel

Note that it’s post-mount because entware packages are installed on persistent storage (like USB drive or SD card in your router) that needs to be mounted before the files can even be read.

Remember to go to your old email client and change the email server address to computer running stunnel service (can be the same computer as the client, a raspberry pi, or a router)

 44 total views

Namecheap DDNS does not work in Asus Merlin (Tomato) Firmware until 384.7_2

My router only supported Merlin (Tomato) firmware up to 380.70_0 (2018-04-08) and there are no more updated from that branch.

Turns out the Namecheap DDNS client is not working. I searched its source code at Github for “Namecheap” to see if I can fix the HTTP 400 error (seen in router log) using “in:file” hoping to see if I can fix the bug myself (since it’s just a simple REST API, aka URL call) command and found this:

It means Asuswrt-Merlin (Tomato)’s firmware’s Namecheap DDNS service is broken UNTIL 384.7_2, which is for newer routers than what I have.

I compared the “namecheap” keyword search for the two versions and it seems like they are written very differently, so it might not be worth the effort to fix the obsolete Merlin branch. Doing a bit of additional search and discussions about John’s Merlin fork from the early days are still updated until 2019-04-17 :

It took me a while to find John’s forum post to get to the said 2019-04-18 release. The download link he provided has more updates up to Update-44EA (2020-07-12) and it still worked on my old router, so it’s not just the Update-39L3 previously discussed in the forum:

Do not get discouraged when John’s Merlin fork says version 374.43 instead of 380 (a lower number). All updates, even the latest one from John still use 374.43, which I suppose it’s to mark when the two code branches part ways. It’s not an older version.

 36 total views,  1 views today

To tough bargainers:

This meme is spot on about my expertise in HP/Agilent/Keysight Infiniium Oscilloscopes. It might take me 30 minutes to put on the automation I’ve created to fix a specific issue, but nobody with just one non-functioning unit in front of them can figure out the right steps even if they worked on it for months. Writing the automation itself turns out to be the least of the bulk, and it’s still more time than one is willing to spend writing the scripts or performing the undocumented procedures manually.

Many of my know-hows were acquired to be used once or twice. I solve problems that are not seen before. I always start with doing due diligence researching what has been done, rather than jumping to reinvent the wheel. If I confirmed that it’s an unsolved problem, I’ll start inventing.

Once I figure out the details I often automate the workflow, document it, and move on to something else.

That’s why for consulting, I often quote high hourly rate for the first few hours and taper it down for more complex projects (keeping the project short). It’s to make sure we don’t have incentives to waste each other’s time and focus on solving your problem as fast as I can figure it out.

 29 total views,  1 views today

Off the Matrix Notes

Namecheap Shared Hosting

  • Free Dynamic DNS with domain (Namecheap has a free Windows client. Use zoneclient for Linux)
  • Email (IMAP): usese Maildir (for those who need migration)
  • Contacts: CardDav (use DavX5 adapter on Android)
  • Calendar: CalDav (use DavX5 adapter on Android)
  • Notes/Tasks: NextCloud (can sync with NextCloud’s built-in CalDav server)
  • Blog: WordPress
  • And of course, your own website!

VPS Hosting

  • NextCloud has File-On-Demand (like OneDrive) called Virtual File System (VFS)
  • YunoHost: easy to use modular self-hosting
  • UBOS Linux: distro for self-hosting. Even works for Raspberry Pi
  • Awesome-Selfhosted: has many free web services packages

Phone (Android only)

  • De-google your phone with microG Project
  • Play store: F-droid (Bonus: many open source apps that are paid apps on Google store offer the full version for free on F-droid to encourage you to move away from Google Play), Yalp Store

Research

  • restoreprivacy.com
  • Rob Braxman Tech (He knows about the nasty dictators like the Chinese Communist Party. Don’t think you are safe in America. The reach of the Chinese Communist Party Mafia, formerly known as the Chinese SOVIET Republic) is beyond our imagination.

Alternatives to Big Tech respecting privacy (for now)

  • Search (Google): DuckDuckGo
  • Browser (Chrome): Brave
  • Email (Gmail): see above (self-host) or ProtonMail (zero knowledge encryption)
  • Cloud (Google Drive, OneDrive, Dropbox, etc): see above (self-host) or use zero-knowledge encryption
  • Text/Chat (Whatsapp, Line): Signal App
  • Calling: Telegram has better voice quality than signal, but sometimes it has weird behavior on certain phones. Telegram does not have zero-knowledge proof, so it’s up to Pavel Durov (he’s usually good at not bending to totalitarians).

Alternatives to Big Tech that refuses to censor and manipulate users (for now)

  • Video (Youtube): Odysee (LBRY), Rumble
  • Facebook: MeWe
  • Twitter: Gab, Safechat, CloutHub has a crappy search feature, Parler now has PC bots patrolling and misfiring

Zero-knowledge encryption means the server have no access to the info you put in there as they are all encrypted and protected by a password which only you have (preferably use zero-knowledge proof so the owner of the server do not have any master keys to see your data: you lost the key and the data is practically gone forever)

 29 total views

ATX Motherboard 433Mhz Wireless Remote Soft Power Button

I tucked away my PC a little away from my workstation desk and the power switch is located at an inconvenient location. I tried to keep the wiring minimal so I’d rather not wire a dedicated ATX power switch onto my desk.

Unfortunately my motherboard does not support turn on by USB keyboard, and I’m not ready to upgrade because I am using it to test PCI data acquisition cards and it’s the fastest one that has 4 PCI slots and they are hard to find nowadays.

I found a $2.5 wireless module on eBay that claims to switch LED lamps which works on the standard 433Mhz channel and it replicates momentary switch pattern and can operate on 5V (My motherboard is new enough to have 5Vsb from onboard USB header).

Initially I was tempted to get the built-in relay version, but I was worried about the current draw from 5Vsb and those are 12V relays., not to mention the footprint is much bigger (the one above is 22.5mmx 11mm x 8mm).

I thought I can figure out with some sort of BJT switch instead of using a relay that has a much bigger current draw requirement, but I realized it’s a pain in the ass because the output is ‘floating’ differential. The OUT- does not tie to the power ground (it’ll short out the unit when I tried to. That’s why I added quotes to ‘floating’ because it’s only relative to OUT+). I also measured OUT+ which is +5V with respect to power ground.

I tried to power a LED and it only works if current flows from OUT+ to OUT- so it’s really sinking current from source power to do that, and it’s unidirectional.

I’d just take a gamble and hook up with a 5V NO relay that I have around. Turned out it actuates with the 5Vsb from the USB header. I glued the relay to the back of the PCB and hook up a flyback/snubber diode (reverse biased) across the relay coil so the back EMF won’t fry my motherboard.

Seems like the transmitter-receiver pair is on momentary switch mode by default, so no addition configuration is needed other than pressing the learn button and immediately press the transmitter button to pair.

I wired a jumper extension cable (male – female) to the relay output from the middle as a by-pass since I’d like to keep the original power switch’s functionality (so it’s basically OR-ing between hardwired switch and the wireless remote 433Mhz switch)

Here’s an example of taking 5Vsb from USB header and tapping into the power switch jumper in Front-Panel jumper block:

Note that the PWR SW- pin is connected to the ground. Since I’m using a relay, the relay output is floating so the polarity does not matter.

 63 total views