Aria2 WebUI Notes

Aria2 is a convenient command line downloader that works like curl/wget on http/ftp, but it also support many other protocols, and it aria2 natively multipart download!

Instructions for Aria2 on Entware hosted by Lighttpd (defaults to Port 81):

Instructions for Nginx on Entware (defaults to Port 82):

Instructions for Aria2 on Entware:

There are some minor details that changed.

# Install the base (core) software first
# This example is for entware
opkg install aria2

# Download the package from Github zip to /opt/tmp
wget -c -O /opt/tmp/ --no-check-certificate

# Make sure you have some web server installed (nginx, httpd, apache, etc.)
# Nginx HTTP server instructions
# Make sure you know what {Webroot} is
# for Nginx, {Webroot} is /opt/share/nginx/html

# Unpack to the zip file at /opt/tmp and clean up the zip
unzip /opt/tmp/ -d /opt/tmp/ && rm /opt/tmp/
# Move/rename to desired location
mv /opt/tmp/webui-aria2-master {Webroot}/aria2

Nginx defaults to port 82 (change it to where you set your web server). The WebUI can be accessed at http://your_server_here:82/aria2/docs.

/doc is inconvenient, so I created a redirection by placing this index.html under aria2’s root folder:

<meta http-equiv="Refresh" content="0; url='./docs'" />

The RPC host breaks out of the box because the you’ll need to make a few adjustments to /opt/etc/aria2.conf before you can start the service without crashing it (so the WebUI of course will complain with a lot of cryptic error messages):

# Basic Options
dir={Change it to a viable folder that has enough space if /opt/var/aria2/downloads
 is is not big enough}

# RPC Options
# Unless you want to get a certificate, you'll need to use unsecure mode:
# Change your rpc-secret to be matched in "Connection Settings" in the WebUI

After you get the config file correct

# Start the installed aria2 service 
$ (the package already have a service wrap over aria2c)
# aria2 seem to assume it's port 81 so the init.d script has a "S81" prefix, but aria2 does not control the port, where you put the WebUI in http. So it's just a cosmetic filename naming convention.
/opt/etc/init.d/S81aria2 start

If the service wouldn’t start (some bad configs might have the service reported as “done” and after you check again in a second with “S81aria2 check“, it’ll report as “dead”. You can debug by looking at what went wrong at /opt/var/log/aria2.log. That’s how I figured I need to turn off “rpc-secure” parameter.

 55 total views

Mailpile Installation Notes

There’s a powerful Gmail web interface replacement for your regular mail hosted anywhere called Mailpile. Think of it as Thunderbird but hosted like a web page. There are a few things I liked about in the process of freeing myself from Gmail:

  • Free to use any email (storage) services and not tie your client to it
  • View multiple accounts at the same time (NextCloud won’t do it)
  • Very clean, concise interface that makes sense (Gmail users will be comfortable with it)
  • Very security and privacy conscious with attention to details! It even encrypts your local email cache and search index if you want to (performance penalty)
  • Excellent email setting autodetection. Just type your email account and everything’s set up for you!

The only downside is that the documentation is a little lacking. There are a few concepts that are not explained that’d confuse and scare users away. That’s why I’m explaining it here.

  • This is a headless service where the interface is webpage you access on a web browser.
  • It’s originally designed to install and run as a local web server where you access mailpile.
  • Call mailpile (can create a shortcut) and it’ll try to launch the correct page for the mailpile client.
  • Mailpile does not maintain a separate user registry: it uses the hosting computer’s native user manager
  • Log into your mailpile using the user account name of the computer where mailpile is installed!

Advanced concepts

  • Install multipile instead if you want other computer to access the headless service
  • You’ll need login to the computer that hosts the headless mailpile and run mailpile AS the user you want to setup once to establish the account before use.

Download and installation instructions:

# Currently there's only Debian-like distributions (because it uses apt-get)
# These instructions do not assume direct root account. Use sudo instead

# Install pre-requisite packages: curl apt-transport-https gnupg
sudo apt-get update && sudo apt-get install curl apt-transport-https gnupg

# apt-key add {contents of the package signing key provided by
curl -s |sudo apt-key add -

# Register's package server with Debian apt package manager
echo "deb release main" |sudo tee /etc/apt/sources.list.d/000-mailp.list
# NOTE: Official instruction says 000-mailp instead of 000-mailp.list 
#       You need to have some file extension as apt-get checks

# Multipile (mailpile-apache2) = Mailpile + (allowing access from other computers through apache)
sudo apt-get update && sudo apt-get install mailpile-apache2

# You'll need to run mailpile as the user once to establish your account with mailpile before use
# If you are on terminal interface instead of web interface, enter 'setup' at mailpile prompt:
> setup
# Follow the instructions on the web interface for setup if you do not use terminal mailpile client interface

Additional Resources:

 54 total views

Off the Matrix Notes

Namecheap Shared Hosting

  • Free Dynamic DNS with domain (Namecheap has a free Windows client. Use zoneclient for Linux)
  • Email (IMAP): usese Maildir (for those who need migration)
  • Contacts: CardDav (use DavX5 adapter on Android)
  • Calendar: CalDav (use DavX5 adapter on Android)
  • Notes/Tasks: NextCloud (can sync with NextCloud’s built-in CalDav server)
  • Blog: WordPress
  • And of course, your own website!

VPS Hosting

  • NextCloud has File-On-Demand (like OneDrive) called Virtual File System (VFS)
  • YunoHost: easy to use modular self-hosting
  • UBOS Linux: distro for self-hosting. Even works for Raspberry Pi
  • Awesome-Selfhosted: has many free web services packages

Phone (Android only)

  • De-google your phone with microG Project
  • Play store: F-droid (Bonus: many open source apps that are paid apps on Google store offer the full version for free on F-droid to encourage you to move away from Google Play), Yalp Store


  • Rob Braxman Tech (He knows about the nasty dictators like the Chinese Communist Party. Don’t think you are safe in America. The reach of the Chinese Communist Party Mafia, formerly known as the Chinese SOVIET Republic) is beyond our imagination.

Alternatives to Big Tech respecting privacy (for now)

  • Search (Google): DuckDuckGo
  • Browser (Chrome): Brave
  • Email (Gmail): see above (self-host) or ProtonMail (zero knowledge encryption)
  • Cloud (Google Drive, OneDrive, Dropbox, etc): see above (self-host) or use zero-knowledge encryption
  • Text/Chat (Whatsapp, Line): Signal App
  • Calling: Telegram has better voice quality than signal, but sometimes it has weird behavior on certain phones. Telegram does not have zero-knowledge proof, so it’s up to Pavel Durov (he’s usually good at not bending to totalitarians).

Alternatives to Big Tech that refuses to censor and manipulate users (for now)

  • Video (Youtube): Odysee (LBRY), Rumble
  • Facebook: MeWe
  • Twitter: Gab, Safechat, CloutHub has a crappy search feature, Parler now has PC bots patrolling and misfiring

Zero-knowledge encryption means the server have no access to the info you put in there as they are all encrypted and protected by a password which only you have (preferably use zero-knowledge proof so the owner of the server do not have any master keys to see your data: you lost the key and the data is practically gone forever)

 61 total views

NextCloud setup notes

Free Horde Webmail client was ugly so I was looking for alternatives to view my email, calendar, contacts and notes. After a bit of research, I decided to try NextCloud.

NextCloud hosts calendar/tasks (CalDav) and contacts (CardDav) as a server, but do not store emails. Use any email provider (from your ISP or free email services as long as they do IMAP/POP and SMTP).

  • Default welcome/demo files are under /core/skeleton (you can change this by editing /config/config.php)
  • If you move the folder, you have to edit the database and root location paths in /config/config.php
  • Need to setup MySQL first. Avoid PostgreSQL option as it does not work out of the box.
  • Disable sqlite3 PHP extension
  • If installed on shared hosting, install without featured app because it will install CODE which is a can or worms.
  • Collabora Online is a can of worms. See below

Collabora Online (LibreOffice engine to edit documents live on web browsers) require special handling:

  • There’s a free community edition called CODE (Collabora Online Development Edition)
  • Do NOT install the BUILT-IN CODE server Nextcloud App if you NextCloud is on a shared hosting because this will appear as a rogue app that slows Nextcloud to a crawl, exhausting entry processes (aka concurrent Apache requests), and still it’ll timeout opening a document. Probably malfunctioning due to some permission issues on shared hosting.

Ports that need to be opened (more accurately port-forwarded to the CODE server) for Collabora:

  • 443 (HTTPS)

Turns out port 80 (HTTP that starts with Univention administration interface) is not necessary. It just redirects to port 443 (HTTPS) if you forgot to type the URL starting with https:// (it’s http:// by default when you type in the address bar of your browser).

Since the URL of Collabora Online-server in NextCloud settings uses only HTTPS and a HTTP URL is going to be redirected to HTTPS anyway, don’t bother with forwarding Port 80 (HTTP) and enter https:// in the Collabora Online-server URL instead.

You don’t need to forward 9980 (WOPI) either. Somebody mentioned it in Nextcloud forum but that’s not the cause.

Well, the next part is the hairiest. Turns out even the Collabora server checks out with NextCloud, the documents won’t open (some weird error messages):

The webpage at https://<Collabora Server>/loleaflet/23e6a73/loleaflet.html?WOPISrc=https%3A%2F%2F<Collabora Server>%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2180_octqxsu7tnwz&title=<Filename of document to edit>&lang=en&closebutton=1&revisionhistory=1 might be temporarily down or it may have moved permanently to a new web address.

Of course, substitute <Collabora Server> and <Filename of document to edit> with your scenario.

I tried going to https://<Collabora Server> and noticed this NET::ERR_CERT_AUTHORITY_INVALID error:

Turns out given my server do not have the SSL certificate installed yet (and I got around it by “Disable certificate verification” in Collabora Online setup), my users/clients has to manually visit the Collabora (NOT NextCloud) server and click through the security warning to accept the Collabora site that do not have a valid SSL certificate. After that the Collabora Online works properly!

In other words, if you run into certificate issues with Collabora server, NextCloud won’t tell you when it calls Collabora server (with REST API) to open the document, instead it’ll just appear as a fail HTTPS call without warning or giving you a chance to correct the certificate issue.

 93 total views

NextCloud quirks – moving folder breaks the site

I changed the folder of where my NextCloud files is and got this error.

Adding the “.ocdata” dummy file there doesn’t work. The message is cryptic. I tried to run occ at the root folder (hoping it’s some sort of management tool) by running this at the command/SSH prompt:

php ./occ

and it spits out:

Your data directory is invalid
Ensure there is a file called ".ocdata" in the root of the data directory.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in 
{New Folder}/lib/private/Console/Application.php:168
Stack trace:
#0 {New Folder}/console.php(99): ...

I replaced my actual path for the new location of the NextCloud files with {New Folder}, so you get the idea.

I also noticed the old path was regenerated with just a /data folder with two files

This means some programmer got lazy and hard-coded the path somewhere!

Line 99 of console.php didn’t give too much hint so I looked at the code around for some sort of config-related operations before. Then I noticed this:

So I searched for config.php and found it’s located in /config/config.php. Bingo!

$CONFIG = array (
  'trusted_domains' => 
  array (
    0 => '{Old URL}',
  'datadirectory' => '{Old Path}/data',
  'overwrite.cli.url' => 'https://{Old URL}',

And to my horror the SQL password is stored in plain text in config.php! WTF! I’ll choose a password that’s dedicated to one use and not shared!

I recalled a when I rename WordPress databases, I have to manually edit the changes in wp-config.php. Turns out nobody warned us about that for NextCloud! That config file also contain database settings, so I bet if I change the database names or database usernames, I’ll have to come back and edit it manually too.

The site is working after I made the migration changes, all in /config/config.php.

 92 total views

Take back control over your data (1) – Email, Calendar & Tasks, Contact

One thing that 2020 and 2021 taught us is that we’ve foolishly surrendered our data to private companies for harvesting and subjected ourselves to being manipulated (behavior conditioned) by bots (artificial intelligence studying our habits), in exchange for a little convenience having big companies hosting our data (on the cloud) for free.

The conventional wisdom is that something is free without the pains (either hard to use or has advertisement), you are the product to be monetized.

Data is today’s new currency for world domination.

Their house, their rules.

Not only the big data companies know us better than we do, they also have the power to censor us at their own whims.

They are the ones who wrote the law, interpret the law, and enforce the laws. The unholy trinity has fused the 3 traditionally separated powers in democracies and became THE almighty.

Like it or not, private companies are dictatorships in all relationships: vendor, customers, employees.

Of course they bear the consequence of their actions, depending on how much de facto leverage they actually have, which is increases with their size. They are already effectively controlling the government with their extensive lobbying budgets.

We are all at the mercy of the big tech if we become dependent on their products.
THEY OWN US if we don’t own our data.

Not to mention that we are also rely on their IT security department that are constantly under attack since a centralized target provides a high return on investment in hacking attempts. Bad people only need to hack a big corporation once to steal 100 million+ user data. If the 100 million+ users’ data are scattered on many different servers with different software, configurations and locations, each attack will be much less worthwhile.

In some sense, it’s much safer for less attractive targets (nobodies) to risk security flaws in their own setups because nobody cared to go after them. More importantly, I don’t want to feed a monster with my data that they are going to bite me or other people I support whenever they wanted to.

Here are the basic minimum web services that we’ve become reliant on in our daily lives.

  • Email
  • Calendar & Tasks
  • Contact List (e.g. Phonebook)

In Google ecosystem:

  • Gmail
  • Google Calendar & Google Tasks
  • Google Contacts

Apple (iCloud) uses the standard protocols

  • Email: IMAP/SMTP
  • Calendar & Tasks: CalDav
  • Contact List: CardDav

If you are paranoid about full control over your data that nobody (including tech support) can see, you should host your own server (based on the protocols above). But if you are concerned about up-time, these services come pretty standard with most cheap (shared) web hosting plans at around $2/mo.

If your provider uses cPanel (e.g. namecheap), each email account comes with Calendar/Task (CalDav) and Contact List (CardDav) sync services. They typically come with a webmail client like horde/roundcube.

Namecheap has their own dedicated email service, but I think their shared hosting plan is a much better deal unless you really need the ActiveSync (Outlook, but you can do it for free with CalDAVsynchronizer) and the Open-Xchange productivity suite (which looked better than horde webmail client). You can also host websites and WordPress (blogs) with the hosting plan and have a FTP server for your files.

cPanel is the most popular admin panel for shared hosting, but there are companies like Dreamhost that doesn’t use cPanel and do not offer calendar/task and contact sync services natively so watch out.

In Android, I recommend the following setup after trial and error

  • Email: FairEmail or stock Email client
  • Calendar: Simple Calendar Pro (by Simple Tools) or stock Calendar
  • Tasks:
  • Contact List: Stock android contacts (phonebook)
  • CalDAV/CardDAV sync adapters (needed for Calendar & Contacts above): DavX5

These are ALL open-source free software (privacy respecting) available from, which do not require login/purchases (please donate). You might see the paid version on Play Store, but it’s just taxing the less adventurous people.

Many fancy email apps that autoconfigures the server for you often harvest your data or do analytics. Be very careful of that. As far as I know FairEmail is the only one that has advanced features comparable to Gmail and doesn’t harvest your data nor charge you.

Remember to turn on Push-IMAP in your email client so it’ll be as responsive as Gmail. In Fairmail, it’s under Settings -> Receive -> When -> Automatically Optimize ON + Always.

I’ve tried a few other Calendar and Tasks app on Google store (such as BusinessCalendar and aCal), and so far the stock Calendar app and Simple Calendar Pro’s built in refresh works correctly with DavX5 sync adapters. The refresh button for the rest did nothing so I had to open DavX5 to manually initiate a refresh if I don’t want to wait 15 minutes (fastest update rate allowed by DavX5).

As for app, it doesn’t use the sync adapter. Instead we directly enter the CalDAV login info with the server link provided by your hosting provider

 90 total views

Namecheap Dynamic DNS Update Service

If you have a domain registered under Namecheap, you dynamically update the IP address to a remote computer at no extra costs. If you use, you have to pay $29.95/yr to use your own domain name.

However, the process is not entirely trivial because Namecheap only offers the dynamic update through its BasicDNS nameserver, which has a few implications

  • BasicDNS nameserver means you configure the DNS records directly Advanced DNS tab when you manage your domain name. DNS records in the Zone Editor in cPanel is not active with BasicDNS nameserver
  • If you use the domain name with Namecheap hosting services, you can no longer have everything configured for you (managed in cPanel’s Zone Editor) by choosing Namecheap Web Hosting nameserver. You have to transfer the DNS record in Zone Editor (cPanel) manually to Advanced DNS tab (Namecheap). At minimum, get the IP address of the HTTP server and enter it as the ‘A Record’ for the main/sub-domain.
  • Setting up subdomain name or root domain name to be used with Dynamic DNS update service is simply entering ‘A Record’ with an any IP address as seed ‘Value’ (subdomains entered as ‘Host’). The value (IP address) will be overwritten by the update service/client.

Namecheap also offer an eye candy called ‘A + Dynamic DNS Record’ which is exactly the same thing but makes it easier for you to remind yourself that the ‘A Record’ is specifically used for dynamic DNS update.

It’s a daunting task if you haven’t done the work to understand how DNS record works since there are lots of new terms to learn.

However, it’s not that hard after you understand what ‘A Record’ does: map the domain name (or its subdomains) to an IP address. All Namecheap did is providing a web server (using REST API that accepts user inputs with certain syntax in the URL) that updates your ‘A Record’ (domain to IP address map).

 106 total views

Lantern-VPN Free for Hong Kong & China (香港已經開始局部封網,快裝免費 VPN 藍燈 翻牆軟件)

網站「香港編年史」 已經被香港政府封。已經證明香港通訊設施已經被某支蝗軍直接管轄。封得一個,而後 Youtube 同 大紀元 都封得。大家準備翻牆。

Lantern 藍燈 快裝工具 VPN 非常容易用。無需登記,對香港地區用家完全免費。下載:

Android 版本只有一個開關掣。Windows 版本不用 管理員Admin 權限,直接裝到用戶的個人資料夾,沒有複雜的設定。一機多人用的話每個用戶自己裝一次,不會弄到一個人上VPN,其他也要一起。


還有一個由開放網路基金會贊助的翻牆軟件 賽風 (Psiphon)。我未親身試過,教學可以到。對獨裁惡魔淪陷區用戶也是完全免費。

 200 total views

Big Tech Alternatives

FunctionBig/Evil TechModern Alternatives
EmailGmailProton Mail (Zero-Knowledge Encryption. The host cannot decrypt)
IMWhatsappSignal (Zero-Knowledge Encryption. The host cannot decrypt)
Telegram (Better voice quality. The host so far won’t sell-out its users to tyranny)
DNSYour ISPVerisign (Privacy Respecting)
SearchGoogleDuckDuckGo (Privacy Respecting)
Video ConferencingZoom,
Skype (Microsoft)
Jami (OpenDHT so nobody can ban you) / Jitsi

 78 total views

尊重私隱的通訊軟件 Signal & Telegram

現在科網絡巨企業壟斷 網絡資訊 和替 某支邪惡政權 侵害言論自由 從而 偷取美國實質政權。今天 Whatsapp 宣佈 用戶資料 (尤其是通訊錄和通話記錄) 要和母公司Facebook結合。

大家請不要再使用邪惡利益集團的平台,然後讓他們任意宰割。為了避免個人資料(尤其是電話簿)外洩,要在今年(2021)二月前把 Whatsapp 刪掉。尊重個人私隱的代替品有 Signal App ( 和 Telegram (。

如果要保障資料不被出賣,Signal是首選!要好好記住密碼,忘記了的話,Signal方面沒有辦法解密(即是執法機關沒有辦法逼他們交出主人密碼)。Telegram 是俄羅斯富商自費研發的,從來不向獨裁者交出用戶資料。但技術上不可能被出賣 Signal 總比要看 Telegram 的主人的逆權鬥志安全。

Signal 是富商 Brian Action 離開 Whatsapp 後用自己的資金的 非牟利( 美國501(c)(3) )事業。他是和 Whatsapp 意見不合而離開的,應該不是和 FB/Whatsapp 一伙。

同話質素 Signal 比 Whatsapp/Telegram 差。而我的使用經驗到目前為止 Telegram 的最好,語音質素比 Whatsapp 好很多。打電話我會用 Telegram。


Signal 有中文版。不是應用程式裏面轉語言的。Telegram 下載時候是英文版,安裝後到這個網頁直接按下所需語言包的連結,Telegram 會自動下載語言包和轉換語言。

Signal Desktop 版需要 Signal App 掃描 QR code。如果沒有智能手機,只有 Telegram 支援用SMS短訊認證。

可能因為 Signal 的保安嚴密,如果要用瀏覽器界面,只有 Telegram 可以 (。

 109 total views