NextCloud quirks – moving folder breaks the site

I changed the folder of where my NextCloud files is and got this error.

Adding the “.ocdata” dummy file there doesn’t work. The message is cryptic. I tried to run occ at the root folder (hoping it’s some sort of management tool) by running this at the command/SSH prompt:

php ./occ

and it spits out:

Your data directory is invalid
Ensure there is a file called ".ocdata" in the root of the data directory.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in 
{New Folder}/lib/private/Console/Application.php:168
Stack trace:
#0 {New Folder}/console.php(99): ...

I replaced my actual path for the new location of the NextCloud files with {New Folder}, so you get the idea.

I also noticed the old path was regenerated with just a /data folder with two files

This means some programmer got lazy and hard-coded the path somewhere!

Line 99 of console.php didn’t give too much hint so I looked at the code around for some sort of config-related operations before. Then I noticed this:

So I searched for config.php and found it’s located in /config/config.php. Bingo!

<?php
$CONFIG = array (
...
  'trusted_domains' => 
  array (
    0 => '{Old URL}',
  ),
  'datadirectory' => '{Old Path}/data',
...
  'overwrite.cli.url' => 'https://{Old URL}',
...
);

And to my horror the SQL password is stored in plain text in config.php! WTF! I’ll choose a password that’s dedicated to one use and not shared!

I recalled a when I rename WordPress databases, I have to manually edit the changes in wp-config.php. Turns out nobody warned us about that for NextCloud! That config file also contain database settings, so I bet if I change the database names or database usernames, I’ll have to come back and edit it manually too.

The site is working after I made the migration changes, all in /config/config.php.

 43 total views,  1 views today

Linux setup notes – hostname to communicate with Windows computer

In Debian, the hostname is located in /etc/hostname. The name won’t show up on my router (linux firmware) until I’ve got the right hosts order:

# /etc/nsswitch.conf
hosts:          files dns wins

However, Windows doesn’t recognize the hostname since it uses NetBIOS, which means I need nmbd in sambapackage:

apt-get install samba

Install it and I can ping right away and use the SMB shares!

 41 total views

Windows Live Mail (2012) IMAP Folder Setup – cPanel Email

My web hosting package comes with cPanel email, which comes with Calendar/Tasks (CalDAV) and Contact list (CardDAV) in one convenient package.

Default setup often causes a few user experience problem

  • Special storage folders not working (hint: path incorrect)
  • Sent email not saved in ‘Sent’ folder

Turns out that every ISP has their own IMAP folder structure. My ISP structured everything, from system special folders (Sent, Drafts, Trash, Spam) to user-defined folder, into subfolders under Inbox.

So the settings in Windows Live Mail should be:

I chose to assign a user-defined folder Archive in place of system folder Trash so I can reroute delete operation to archiving

DO NOT FORGET to set the root folder Inbox! Subfolders are internally accessed as Inbox.Sent, Inbox.Drafts, etc. Using DOT (.) as seperator! Do not use slash like Gmail. It doesn’t work!

If you specify the “Root folder path” and have the special folders relative to that, the Windows Live Mail client will show a flat layout (Just like the webmail client):

Alternatively, I tried entering the special folders’s full path individually one by one

but I’m pleased to see that doing so VISUALLY placed ALL folders (system or use-created) into a nice tree structure that follows its native structure!

Having a root folder “Inbox” implied a prefix “Inbox.” (with the dot at the end) to all special folders path. Again, slash do not work as it’s not Gmail. The separator is dot in cPanel.

Seems like the whether ‘Root folder path‘ is specified determines if the folders are flattened or have the native tree structure in Windows Live Mail’s display.

Special folders settings can be invalid, which the Windows Live Mail Client will quietly ignore them and operate in local storage folders instead.

How did I discovered it? I saw the tool-tip INBOX.sent when I hover over the ‘Sent’ folder in Horder WebMail.

 54 total views

Windows Live Mail (2012) IMAP Folder Setup – Gmail

Many years ago, Gmail changed their folder structure so some of the IMAP settings tutorials are not correct anymore. Since Windows Live Mail (WLM) auto-configures Gmail, the special folders are automatically determined and they cannot be specified. Please leave Root folder path alone like this:

Gmail IMAP folder settings are automatically configured when established automatically in Windows Live Mail
Do NOT change the settings. If you do manual configuration, make sure you mirror these settings.

Basically Gmail decided with the exception of Inbox, which stays at root, all “System labels” goes under the subfolder [Gmail]. However user-created labels (simply called “Labels“) stay at root folder level. For example, I have a user folder called Save enabled for IMAP, the folder tree with the Gmail account looks like this:

Example of Gmail IMAP folder structure. Inbox and user-created labels stays on top.
ALL system labels go under the subfolder [Gmail]

Because you cannot specify where the Trash folder is, delete button really mean delete (to a recycle bin that’s purged in 30 days), not archive to a folder.

Also because Gmail is smart enough to save a copy in your [Gmail]/Sent Mail folder if you use their SMTP (out-going mail) server, the “Save copy of sent message in ‘Sent Items’ folder” setting on Windows Live Mail is irrelevant: you cannot choose not to save it.

And yes, I tried it checking this (for other non-Gmail accounts), and confirmed that Gmail is smart enough to save one copy (not one from the SMTP and one executed by the client).

So here’s a summary:

  • Gmail automatically configures and dictates IMAP’s special folders. You have no choice
  • No special folder choice means you cannot reroute ‘delete’ to mean archive/move
  • If you use Gmail’s SMTP server (likely), it will save a copy of outgoing mail to [Gmail]/Sent Mail folder. You cannot turn this off.
  • Save copy of sent message in the ‘Sent Items’ folder‘ is irrelevant if you use Gmail’s SMTP server. It will correctly save only one copy of the sent mail.

 40 total views

Take back control over your data (1) – Email, Calendar & Tasks, Contact

One thing that 2020 and 2021 taught us is that we’ve foolishly surrendered our data to private companies for harvesting and subjected ourselves to being manipulated (behavior conditioned) by bots (artificial intelligence studying our habits), in exchange for a little convenience having big companies hosting our data (on the cloud) for free.

The conventional wisdom is that something is free without the pains (either hard to use or has advertisement), you are the product to be monetized.

Data is today’s new currency for world domination.

Their house, their rules.

Not only the big data companies know us better than we do, they also have the power to censor us at their own whims.

They are the ones who wrote the law, interpret the law, and enforce the laws. The unholy trinity has fused the 3 traditionally separated powers in democracies and became THE almighty.

Like it or not, private companies are dictatorships in all relationships: vendor, customers, employees.

Of course they bear the consequence of their actions, depending on how much de facto leverage they actually have, which is increases with their size. They are already effectively controlling the government with their extensive lobbying budgets.

We are all at the mercy of the big tech if we become dependent on their products.
THEY OWN US if we don’t own our data.

Not to mention that we are also rely on their IT security department that are constantly under attack since a centralized target provides a high return on investment in hacking attempts. Bad people only need to hack a big corporation once to steal 100 million+ user data. If the 100 million+ users’ data are scattered on many different servers with different software, configurations and locations, each attack will be much less worthwhile.

In some sense, it’s much safer for less attractive targets (nobodies) to risk security flaws in their own setups because nobody cared to go after them. More importantly, I don’t want to feed a monster with my data that they are going to bite me or other people I support whenever they wanted to.

Here are the basic minimum web services that we’ve become reliant on in our daily lives.

  • Email
  • Calendar & Tasks
  • Contact List (e.g. Phonebook)

In Google ecosystem:

  • Gmail
  • Google Calendar & Google Tasks
  • Google Contacts

Apple (iCloud) uses the standard protocols

  • Email: IMAP/SMTP
  • Calendar & Tasks: CalDav
  • Contact List: CardDav

If you are paranoid about full control over your data that nobody (including tech support) can see, you should host your own server (based on the protocols above). But if you are concerned about up-time, these services come pretty standard with most cheap (shared) web hosting plans at around $2/mo.

If your provider uses cPanel (e.g. namecheap), each email account comes with Calendar/Task (CalDav) and Contact List (CardDav) sync services. They typically come with a webmail client like horde/roundcube.

Namecheap has their own dedicated email service, but I think their shared hosting plan is a much better deal unless you really need the ActiveSync (Outlook, but you can do it for free with CalDAVsynchronizer) and the Open-Xchange productivity suite (which looked better than horde webmail client). You can also host websites and WordPress (blogs) with the hosting plan and have a FTP server for your files.

cPanel is the most popular admin panel for shared hosting, but there are companies like Dreamhost that doesn’t use cPanel and do not offer calendar/task and contact sync services natively so watch out.


In Android, I recommend the following setup after trial and error

  • Email: FairEmail or stock Email client
  • Calendar: Simple Calendar Pro (by Simple Tools) or stock Calendar
  • Tasks: Tasks.org
  • Contact List: Stock android contacts (phonebook)
  • CalDAV/CardDAV sync adapters (needed for Calendar & Contacts above): DavX5

These are ALL open-source free software (privacy respecting) available from F-droid.org, which do not require login/purchases (please donate). You might see the paid version on Play Store, but it’s just taxing the less adventurous people.

Many fancy email apps that autoconfigures the server for you often harvest your data or do analytics. Be very careful of that. As far as I know FairEmail is the only one that has advanced features comparable to Gmail and doesn’t harvest your data nor charge you.

Remember to turn on Push-IMAP in your email client so it’ll be as responsive as Gmail. In Fairmail, it’s under Settings -> Receive -> When -> Automatically Optimize ON + Always.

I’ve tried a few other Calendar and Tasks app on Google store (such as BusinessCalendar and aCal), and so far the stock Calendar app and Simple Calendar Pro’s built in refresh works correctly with DavX5 sync adapters. The refresh button for the rest did nothing so I had to open DavX5 to manually initiate a refresh if I don’t want to wait 15 minutes (fastest update rate allowed by DavX5).

As for Tasks.org app, it doesn’t use the sync adapter. Instead we directly enter the CalDAV login info with the server link provided by your hosting provider

 36 total views

Namecheap Dynamic DNS Update Client for Windows

Namecheap provides a free Dynamic DNS client for Windows but unfortunately the client cannot be run as a service. To manage remote computers, the dynamic DNS update should at least run before any user is logged or we’ll run into a chick-and-egg problem: you want to log in remotely but the IP of the remote computer is not known (mapped/updated) until you logged in.

I initially tried to use sc.exe to create a Windows service but the program lacks a ServiceMain() implementation so the service won’t start:

Turns out there is a way to wrap a Windows executable not designed to be used as a service (without ServiceMain() implementation) and make it run as a service. Use a tool called NSSM – the Non-Sucking Service Manager!

Note that the default setting for “Log on as” is “Local System Account”, which will not work with this free Namecheap Dynamic DNS client. You must set it to “Log on as” an Administrator account.

To start the newly created service without rebooting, do nssm start <servicename>, where <servicename> is replaced by the name you choose for the service.

Note that the ‘Path to executable’ for the newly created service is nssm.exe itself, not directly the DNS update client program (like what it’d be if you create the service through sc.exe instead of nssm.exe). The reason is that nssm.exe is the wrapper that calls the underlying executable.

 38 total views,  1 views today

Namecheap Dynamic DNS Update Service

If you have a domain registered under Namecheap, you dynamically update the IP address to a remote computer at no extra costs. If you use no-ip.com, you have to pay $29.95/yr to use your own domain name.

However, the process is not entirely trivial because Namecheap only offers the dynamic update through its BasicDNS nameserver, which has a few implications

  • BasicDNS nameserver means you configure the DNS records directly Advanced DNS tab when you manage your domain name. DNS records in the Zone Editor in cPanel is not active with BasicDNS nameserver
  • If you use the domain name with Namecheap hosting services, you can no longer have everything configured for you (managed in cPanel’s Zone Editor) by choosing Namecheap Web Hosting nameserver. You have to transfer the DNS record in Zone Editor (cPanel) manually to Advanced DNS tab (Namecheap). At minimum, get the IP address of the HTTP server and enter it as the ‘A Record’ for the main/sub-domain.
  • Setting up subdomain name or root domain name to be used with Dynamic DNS update service is simply entering ‘A Record’ with an any IP address as seed ‘Value’ (subdomains entered as ‘Host’). The value (IP address) will be overwritten by the update service/client.

Namecheap also offer an eye candy called ‘A + Dynamic DNS Record’ which is exactly the same thing but makes it easier for you to remind yourself that the ‘A Record’ is specifically used for dynamic DNS update.

It’s a daunting task if you haven’t done the work to understand how DNS record works since there are lots of new terms to learn.

However, it’s not that hard after you understand what ‘A Record’ does: map the domain name (or its subdomains) to an IP address. All Namecheap did is providing a web server (using REST API that accepts user inputs with certain syntax in the URL) that updates your ‘A Record’ (domain to IP address map).

 57 total views

Lantern-VPN Free for Hong Kong & China (香港已經開始局部封網,快裝免費 VPN 藍燈 翻牆軟件)

網站「香港編年史」hkchronicles.com 已經被香港政府封。已經證明香港通訊設施已經被某支蝗軍直接管轄。封得一個,而後 Youtube 同 大紀元 都封得。大家準備翻牆。

Lantern 藍燈 快裝工具 VPN 非常容易用。無需登記,對香港地區用家完全免費。下載:https://github.com/getlantern/lantern

Android 版本只有一個開關掣。Windows 版本不用 管理員Admin 權限,直接裝到用戶的個人資料夾,沒有複雜的設定。一機多人用的話每個用戶自己裝一次,不會弄到一個人上VPN,其他也要一起。

藍燈獲得了美國國務院國家種子資金的資助,如果還是怕釣魚VPN,可以檢視原始碼

還有一個由開放網路基金會贊助的翻牆軟件 賽風 (Psiphon)。我未親身試過,教學可以到https://free.com.tw/psiphon/。對獨裁惡魔淪陷區用戶也是完全免費。

 124 total views

Big Tech Alternatives

FunctionBig/Evil TechModern Alternatives
EmailGmailProton Mail (Zero-Knowledge Encryption. The host cannot decrypt)
IMWhatsappSignal (Zero-Knowledge Encryption. The host cannot decrypt)
Telegram (Better voice quality. The host so far won’t sell-out its users to tyranny)
DNSYour ISPVerisign (Privacy Respecting)
SearchGoogleDuckDuckGo (Privacy Respecting)
TranslateGoogle
Translate
deepL
Video ConferencingZoom,
Skype (Microsoft)
Jami (OpenDHT so nobody can ban you) / Jitsi

 48 total views

尊重私隱的通訊軟件 Signal & Telegram

現在科網絡巨企業壟斷 網絡資訊 和替 某支邪惡政權 侵害言論自由 從而 偷取美國實質政權。今天 Whatsapp 宣佈 用戶資料 (尤其是通訊錄和通話記錄) 要和母公司Facebook結合。

大家請不要再使用邪惡利益集團的平台,然後讓他們任意宰割。為了避免個人資料(尤其是電話簿)外洩,要在今年(2021)二月前把 Whatsapp 刪掉。尊重個人私隱的代替品有 Signal App (signal.org) 和 Telegram (telegram.org)。

如果要保障資料不被出賣,Signal是首選!要好好記住密碼,忘記了的話,Signal方面沒有辦法解密(即是執法機關沒有辦法逼他們交出主人密碼)。Telegram 是俄羅斯富商自費研發的,從來不向獨裁者交出用戶資料。但技術上不可能被出賣 Signal 總比要看 Telegram 的主人的逆權鬥志安全。

Signal 是富商 Brian Action 離開 Whatsapp 後用自己的資金的 非牟利( 美國501(c)(3) )事業。他是和 Whatsapp 意見不合而離開的,應該不是和 FB/Whatsapp 一伙。

同話質素 Signal 比 Whatsapp/Telegram 差。而我的使用經驗到目前為止 Telegram 的最好,語音質素比 Whatsapp 好很多。打電話我會用 Telegram。

現時我的建議是兩個都裝,用Signal短訊,用Telegram打電話。

Signal 有中文版。不是應用程式裏面轉語言的。Telegram 下載時候是英文版,安裝後到這個網頁直接按下所需語言包的連結,Telegram 會自動下載語言包和轉換語言。

Signal Desktop 版需要 Signal App 掃描 QR code。如果沒有智能手機,只有 Telegram 支援用SMS短訊認證。

可能因為 Signal 的保安嚴密,如果要用瀏覽器界面,只有 Telegram 可以 (web.telegram.org)。

 77 total views