Author: Martin

Last week the Owncloud community released version 7 of their fabulous cloud at home software and I could of course not wait to update. There are lots of changes that made it into 7 and I'd say the major ones are focused on making management of larger installations easier. But there are also a number of new things that are interesting for my much more limited usage scenario.

The first improvement, even if it only seems to be minor is an improved user interface when a new calendar entry is created via the web interface. While I usually create new entries either on a mobile device or in Thunderbird/Lightning, every now and then I also use Owncloud's own web interface which has been a bit clumsy so far. It's much better now.

Another thing I noticed is that files can now be sorted by date, name and size. Also it's now possible to get a list of all files that I have shared with others and all files that have been shared with me. Very helpful, too!

Also on the list of 'must-have's' from now is the Activity Stream view that shows which files and directories I have created, deleted, copied, shared, etc. and when. So far, I've never bothered to configure email notifications for various purposes such as automatically sending a notification to someone with whom I shared files with or to get automatic email notifications when a family member also using my Owncloud has shared something with me. Configuring the email notification settings is much improved in OC7 and can be done right from the web interface in the admin section. Reason enough to configure it and it only took me two minutes. Great, never without it from now on!

And one feature that I find particularly interesting also from a conceptual point of view is the new Inter-cloud sharing. I've noticed that when I share a file or directory via a link, there's a "Add to your Owncloud" button now. In other words if someone shares files on his Owncloud, I can directly put it into my Owncloud. I haven't yet tried out how this works under the hood but from what I've been able to read up it is based on the WebDAV protocol. Sharing between clouds, now that's a novel and interesting concept!

There's tons of other new features I haven't yet tried, have a look here for the details. Upgrading from Owncloud 6 to 7 worked quickly and flawlessly and all my calendar and address book clients still synchronize as they should.

Congratulations to the Owncloud community, it's an awesome new version!

It's good to see that more and more programs use secure http (https) to encrypt data they send and receive over the network. Especially over public hotspots and due to the prying eyes of security agencies around the globe, there's no alternative to it. The downside is, however, that data is also concealed from debugging and personal analysis purposes. But there's a solution: mitmproxy!

Mitm stands for 'Man In The Middle' as the software can split an SSL connection into two parts and decrypt data in the middle. To do this, the device or program under test has to be configured for http proxying. On Android and other mobile operating systems this is part of the Wi-Fi setup. On PCs it's part of the web browser configuration. Once done, all http and https requests are sent to mitmproxy which then terminates the secure link and opens another secure connection towards the destination. As mitmproxy doesn't have a valid SSL certificate for the destination it has to create a certificate of its own on the fly and send that to the client device. As the mitmproxy can only sign the certificate with its private credentials, an error message pops up in the web browser every time a https protected site is visited and the user has to manually confirm to proceed. That's how it should be because security is broken when an SSL connection is not terminated at the destination.

To stop these error messages, mitmproxy offers an easy way for devices to import its certificate authority credentials. On Android and other platforms this is as simple as surfing to a given URL and pressing OK on the dialog that pops up that asks if the certificate is to be put into the certificate store. Almost too easy from a security point of view.

Remains the question on where to run mitmproxy. As the software is written in Python it can be easily installed on Linux PCs and also on Mac OS and then use the IP address of that device in the proxy configuration in the device or software under test. But as I'm always a bit reluctant to install software on my PC I don't need on a daily basis, I decided to install it on a Raspberry Pi instead. As the software is installed and compiled from source it takes about half an hour to install it on the processing power restricted Pi. However, it's well worth the wait.

When what is called 'tethering' today first became fashionable to a few geeks at the end of the 1990's, Bluetooth was the technology of choice and it was well suited for the data rates in 2G mobile networks of a few tens of kilobits per second. But over time, mobile networks outgrew Bluetooth's capabilities when the technology could not evolve beyond around 2 Mbit/s. Here's an interesting post I published back in 2007 if you care for the historical perspective. Fortunately, Android pushed Wi-Fi tethering to the masses in around 2010 and for some time it looked like it could keep pace with theoretical peak data rates in mobile networks. At some point I had my doubts it could in such small devices when LTE data rates reached 100 Mbit/s and beyond. But it looks Wi-Fi chipset manufacturers were not sleeping as Anandtech reports in this post that they have measured a maximum throughput of over 400 Mbit/s in the Samsung Galaxy S5. And it's by far not the only device anymore going well beyond the 200 Mbit/s line with 802.11ac. Such speeds are likely to be only reached at close range but that's how tethering is mostly used anyway.

Just about a year ago I bought my first Raspberry Pi out of curiosity and to get my Owncloud server project started. At the time it was an experiment but it turned out to be the most liberating computing experience I had in many years. A large part of this is due to Owncloud that finally let me use cloud services such as calendar, address book synchronization and many other things from home. But it did not stop there, I've since put more Raspberry Pis into service as a water alarm system, to run Selfoss as my RSS server after Google has shut down its service, for daily checks of call by call prices with automatic email reports, for hardware projects to better understand how a CPU works, I'm using one as an OpenVPN gateway at home and another one as a secure VNC remote desktop bridge, another one to stream music to my Hi-Fi equipment, one went to my brother as as a learning kit for his kids and to be used as XBMC media server for his TV, and another one has been put to work as an automatic Wi-Fi and baseband long duration stress tester. The list of things I'd like to do next with it but haven't had the time yet is at least as long. And it's so easy to get started with a new project as the hardware is always the same and the operating system works almost identical to Ubuntu (that I use on my desktops) and most other Linux OS flavours out there. In addition, most of the software available for Linux runs on the Pi as well. So if you are also toying with the thought of getting a Raspi for one project or another I can more than recommend it. But be warned, once you get started there it's difficult to stop. At this point I'd like to say a BIG THANK YOU to all the people at the Raspberry Pi foundation, you've done something really big here!

This is a follow up to a previous post in which I described a new 5€ a month roaming offer I've subscribed to which allows me to use my included voice minutes, SMS and my 1 GB mobile data bucket not only in my home country (Germany) but also in other EU countries.

Previously the all inclusive bundle + 1 GB of data traffic I've subscribed to was only valid in Germany, all traffic and phone calls abroad were charged separately. That means that when I had been abroad for two weeks I had to pay for my full subscription even though I was not in the country. In other words, I had to pay for two weeks of service without being able to use it.

What the new roaming offer now effectively does from a psychological point of view is to give the two weeks worth of my subscription to the network operator abroad who delivers the service (i.e. Internet access, voice calls, etc) to me instead.Think about this idea for a minute!

From a technical point of view this works out as I am not using the radio network at home, which is the most expensive part in the transmission chain. Instead I'm using the radio network of a network operator in another country. On average, that is neither more nor less expensive than using the radio access network at home. Note that I'm looking at this from a technical point of view, what network operators charge each other for roaming is another matter entirely.

From a technical point of view, the cost of using the mobile network at home or abroad is almost the same. The only difference is that my data still flows through a gateway located in the network of the home operator which then connects to the Internet. But data traffic on the backbone is cheap and the 5 euros extra a month easily cover that.

It's clear that mobile network operators don't especially like this because now they forward money they could previously keep to themselves. But this change is very much in line with the desire to have a single EU economy which has also triggered changes in other areas as well. An example is the banking sector, where already many years ago, extra charges for money transfers between EU countries were abolished. Another example is extra charges for use of credit cards in other EU countries, which also no longer exist.

Let me set this into a historical context by looking back only 30 years: In the 1980's there was no interoperability between mobile networks of different countries in Europe and it was in many cases even forbidden to take 'mobile' phones (i.e. big equipment in trunks of cars) accross a border! Unbelievable from today's point of view.

GSM changed this mindset of "our [nation's] frequencies, our [nation's] network" to "we all build networks based on the same standard and enable our subscribers to use their devices in other networks abroad". A radical shift to something we take for granted that didn't come easy and lots of battles of words had to be fought over it. Compared to this, the change of the current mindset from "subscribers pay for national service" to "subscribers pay for EU service" seems much less dramatic and it might even seem strange 30 years from now why it was so difficult to achieve this.

But as strange as it might seem 30 years from now I'm sure there will still be many battles of words to be fought before we arrive at this point. But we are getting there one step at a time!

As I often stay in hotels and try to make the best of the available hotel Wi-Fi, I've bought a Wi-Fi distribution dongle that connects to the Internet over the hotel Wi-Fi on the one side and spans up a private Wi-Fi network on the other side for all my devices to connect to. The advantage is that I only need to configure the Wi-Fi distribution dongle and that I only need to pay for one connection. The disadvantage of the approach is that while I can use a VPN tunnel on the PC to protect my data traffic, a lot of data that I exchange with services on the Internet with my other devices is unprotected. Needless to say that at some point it was time to change this.

The platform of choice for this project is of course a Raspberry Pi with two Wi-Fi interfaces. I did a lot of research on the net but could not find a single project that combined the Wi-Fi Access Point functionality I needed with a second Wi-Fi USB stick for the client connection that acts as a backhaul and an OpenVPN client configuration that uses the backhaul to tunnel all traffic of my private Wi-Fi network. But each of these things are described separately and after experimenting a bit with all bits of the puzzle I was able to put the project together. In addition to using a Wi-Fi network as a backhaul link it's also possible to use the Ethernet port in case the hotel has cabled Internet access.

At first I thought I'd describe the solution in a blog entry but I soon realized that describing how to install a dozen packages and to modify 15+ configuration files is a bit too much in a single blog entry. So I put together an installation script, sample configuration files plus installation and usage information and put the result on GitHub. I spent two weekends to get the script and configuration files in a form and shape that their usage is straight forward on a newly installed Raspian with little manual work required. A lot of comments have gone into the script file so for those who'd like to know the details, have a look there and also at the configuration files used for the different components that are installed.

I've been using the solution in quite a number of environments over the past few weeks now and I'm pretty happy with the result and hope that this will be useful for others as well. Have fun!

Power doesn't fail often in Germany but just as luck had it, I experienced two failures in a row in the past year that rendered my cloud services at home out of service for a couple of hours. Needless to say that both incidents occurred at the least convenient time, i.e. while I was traveling.

So far, I've stayed away from uninterruptible power supplies (UPSes) as the last one's I've seen were bulky and had a noisy fan. But recently, I discovered the APC ES-700, a small UPS the size of a shoe box without active cooling that perfectly fitted my needs.

Despite it's size it can drive equipment that requires around 40 watts for around 70 minutes before it shuts down. Just like its big brothers it has a USB port for status messages and control input and the interface is compatible to Linux's APCUPS daemon that is easily installed. Apart from letting me query the status of the UPS from the server, the softare also logs power failures and automatically shuts down my Owncloud server before the battery is empty. No noise, open source software on Linux that is easy to use, it couldn't be any better. Two thumbs up!

The screenshot on the left shows log entries generated after the software installation while the UPS was not yet connected and some real messages once the setup was in place.

When describing the hardware of current smartphones, particular emphasis is usually put on the fact that there are there are two main processor blocks in the device. On the one hand there is the application processor, usually with several CPU cores today, that runs Android or another operating system. On the other hand, there's the baseband processor, sometimes also referred to as 'the modem' that handles communication with cellular networks such as GSM, UMTS and LTE. In many phones, both functionalities are integrated in the same chip. The modem, however requires a couple of functionalities between itself and the antennas such as transcievers that are separating the uplink and the downlink, frequency filters, power amplifiers, band switches, etc, commonly referred to as 'the front-end'. Quite some time ago, I saw this post on AnandTech that describes the latest state of the art and challenges in that area. Well worth a read!

It's good to see that the continuing pressure of the EU on European mobile network operators for affordable roaming charges has resulted in a further improvement of roaming tariffs. My preferred German network operator, for example, now offers to lift roaming charges in the EU for 5 Euros extra per month.

This means that I can use my (previously national) flatrate for voice minutes for calls in the visited country and back to Germany, for SMS messages and, most importantly, I can use my 1 GB data bucket for mobile Internet access in any EU member state and some other places such as Switzerland, Lichtenstein, Norway, Iceland and, believe it or not, French Guayana (in South America), Reunion and a couple of other French territories. This offer was an absolute no-brainer and I activated it immediately when it became available earlier this month.

I expected to see similar offers from network operators in other countries so I had a look on the websites of operators in Austria and France but came up pretty much empty handed. Incredible, should Germany for once become the leader in roaming pricing!?

I'd be quite interested to hear from you what kind of roaming tariffs you use at the moment and what mobile network operators offer in your country at the moment. So if you have a minute, please consider leaving a comment below. Thanks!

Three years ago I published a post on how to stop Android frequently calling home to Google. I was hoping that three years and a couple of devices later the situation would have improved somewhat with all the options one can disable in Android today and by replacing Google services with OwnCloud. But unfortunately this is still not the case. I can disable whatever I want in the settings but my Android phone still connects to Google via mtalk.google.com every time I unlock the screen. I also have the Amazon kindle app installed which contacts Amazon every 20 minutes even after rebooting the phone and not having opened the app before. Sorry guys, that is intolerable. So I had to again resort to the method of blacklisting all domain names that are used for these purposes in the hosts file on my device (see my original post from back in 2011). Unfortunately the method is not practicable for the ordinary user so it will remain a niche solution for the willy hacker.