Good-bye Mr. Zuckerberg!

Nachdem ich ja schon vor über 2 Jahren meinen WhatsApp-Account gelöscht habe und vor ein paar Tagen auch meinen Instagram-Account, folgt nun im nächsten Schritt der Abschied von Facebook.

Ich weiss, das wird mir weit schwerer fallen, aber nach reiflicher Überlegung glaube ich, dass es nötig ist. Facebook kostet einfach zuviel Zeit und Nerven und hat keinen wirklichen Nutzen.

Ich habe nun als erstes die Facebook- und Messenger-Apps von Smartphone und Tablet gelöscht und werde auch auf meinem PC Facebook in den nächsten 4 Wochen nicht mehr öffnen – weder zum Schreiben noch zum Lesen.

Alle öffentlich zugänglichen Beiträge sind ab sofort nur noch für Personen auf meiner Facebook-Kontaktliste sichtbar. Alle, die meinem Account bisher nur öffentlich gefolgt sind, haben keinen Zugriff mehr.

Sollte ich nach 4 Wochen meine Entzugserscheinungen (die sicherlich auftreten werden ;-)) im Griff haben, dann wird der Account komplett gelöscht.

In der Zwischenzeit werde ich versuchen, die Inhalte, so gut es geht, lokal zu retten, da dort doch so einiges enthalten ist, an was ich mich gerne erinnere und was ich behalten möchte.

Parallel habe ich zwischenzeitlich meinen eigenen Mastodon-Server aufgebaut. Dabei handelt es sich um eine Open Source-Lösung, die in etwas wie Twitter funktioniert. Im Unterschied zu Twitter oder Facebook gibt es aber keinen zentralen Server auf dem alles abgelegt ist, sondern jeder kann sich “seinen” Server aussuchen und sich dort einen Account anlegen. Jeder kann aber mit anderen Benutzern auf anderen Mastodon-Server (genauer: auf allen Servern des sog. Fediverse) kommunizieren.

Wer möchte kann mir über diese Webseite https://social.urspringer.de/@m0urs weiterhin folgen. Ohne Anmeldung kann man da natürlich nur die öffentlichen Beiträge sehen und auch nicht kommentieren.

Ich lade aber alle gerne ein, sich einen eigenen Account auf einem Mastodon-Server zu besorgen und mir dann zu folgen. Wer möchte darf sich natürlich auch gerne einen Account auf meinem Server anlegen (https://social.urspringer.de/invite/PkyWSx8A).

Apps für das Smartphone oder Tablet gibt es für Mastodon natürlich auch. Ich nutze derzeit für iOS die App “Mast”.

Ich würde mich sehr freuen, manche von Euch “auf der anderen Seite” wieder zu treffen. Für alle die, die den Schritt nicht mit gehen wollen, bin ich natürlich weiterhin gerne (bevorzugt) per Signal (+4915143106798) oder per Mail (michael@urspringer.de) erreichbar.

Und ich stehe für Fragen zu Mastodon und Fediverse gerne zur Verfügung. Auch wenn ich da bisher auch eher noch Anfänger bin 😉

Lebt wohl! Ich werde Euch sicher auch ein wenig vermissen 😉

Add Authentication to Jitsi Meet

By default Jitsi Meet is open for everyone. So everyone can just put in a name for a conference room and start a conference. As my Jitsi Meet instance is not running on a dedicated server but shares the server with other important functions like DNS, mail etc., I do not want that everyone is using Jitsi without my permission.

So I needed to add some kind of authentication to Jitsi which means, that only certain authenticated users can start a conference. Once started everyone then can join the conference without further authentication just like before.

The steps to provide that, are documented in this article under the subject “Secure domain”.

I just followed the steps 1 to 4 and it worked fine afterwards.

Just to know: The additional virtual host which you need to create in Prosody (in the example named “guest.jitsi-meet.example.com” is only existing internally so you do NOT need to create that hostname in your DNS.

Now if someone enters a conference room, Jitsi tells the user to wait until the conference has been started or, if you are owner, to open the conference by entering your Prosody user and password.

As soon as the conference room has been opened, all other clients can just join the conference. The room is then available until the last participant is leaving the room. During that time, all users can enter without authentication.

Jitsi Meet Installation

I installed a Jitsi Meet instance on my virtual server this weekend. Although it was quite easy by following the Quick Install Guide there were some things which did not work in my environment:

Apache Integration

I have en existing Apache server running on my machine. Although the installation script should automatically recognize Apache and configure it for Jitsi, this did not work for me.

After the installation nothing changed in my Apache configuration. so I needed to create a new virtual server instance for my Jitsi server URL. There is a template on Github which you can use as example. Do not forget to change “/etc/jitsi/meet/jitsi-meet.example.com-config.js” so that it is matching the correct path in your environment (depending on the hostname of your server).

Prosody Integration

I also had already a Prosody XMPP server running on my machine, which is also used by Jitsi.

For my existing server I had a config file called “/etc/prosody/prosody.cfg.lua” which included already a statement “plugin_paths = { … }” to tell prosody where to find its plugins.

Jitsi added an additional Prosody config file in “/etc/prosody/conf.avail/<your hostname>.cfg.lua” which also included such a statement. This seems to have overruled my existing statement so that my plugins could no longer be found after restarting Prosody.

So I commented out the statement in the new file and added the Jitsi plugin path to my existing config file.

Connection Error

In the log file “/var/log/jitsi/jicofo.log” there were many errors like

The reason for that was, that my existing Prosody server did only listening to its external IPv4 and IPv6 address but not on “localhost”. To solve that I just removed the line “c2s_interfaces=” from my Prosody config file and restarted Prosody. It now listens on all interfaces including “localhost” and the error disappeared.

After doing Jitsi Meet did work fine.

If you are using Jitsi you should be aware that there currently is a problem with the current version of Firefox which leads to sometimes bad video / sound quality. So it is recommended to either use a Chromium-based browser of the Jitsi app which is available for Windows, Mac, Linux, iOs and Android.

Schaltbare Wifi-Steckdosen mit Tasmota

Falls jemand für sein Smart Home schaltbare Wifi-Steckdosen sucht, die keine China-Cloud benötigen und per MQTT ansteuerbar sind (z.B. für die Integration in FHEM, OpenHAB etc.):

Ich habe Steckdosen von Avatar gefunden (auch im 4er-Pack erhältlich), die sich, anders als die Sonoff S20, ohne Kabel-Fummelei over-the-air, also drahtlos, mit Tasmota flashen lassen. Außerdem ist in den Dosen auch eine Leistungsmessung integriert und sie sind billiger.

Das Flashen mit TUYA-CONVERT geht wirklich problemlos. Siehe auch diesen Artikel.

Man benötigt allerdings einen Linux-Rechner mit einem Wifi-Adapter der als Access Point fungieren kann. Ich habe hierzu einen Raspberry Pi mit dem internen Wifi-Adapter und einem fabrik-frischen Debian Buster genutzt.

Danach man die Steckdosen, wie alle Geräte mit Tasmota, per Web oder MQTT in sein Smart Home integrieren.

Die Steckdosen ersetzen bei mir die letzten Funksteckdosen im 432 MHz-Bereich, die einfach nicht verlässlich geschaltet hatten und die vor allem auch keinen Rückkanal haben. Man kann also nicht erkennen, ob der Schaltbefehl auch erfolgreich war. Mit Tasmota geht das.

Wer solche Steckdosen benötigt sollte schnell zugreifen. Es kann natürlich immer sein, dass der Hersteller, die Lücke, die für das over-the-air-Flashen benötigt wird, in einer neuen Firmware-Version schließt.

Windows 10: Delete Orphaned Network Adapters

I just had the issue that Virtualbox showed me two network adapters if I choose to create a bridged network. However, both network adapters were no longer existing and with none of the normal Windows commands you were able to see and delete these adapters.

Even searching the registry for the adapter names did not get a result back.

I then found this solution here.

The registry key, where the adapter entries are stored, are hidden even from a user running with administrative permissions

You need to run the “regedit” command with “TrustedInstaller” privileges in order to see and delete them.

You can use this tool here to do this.

You then find the orphaned entries under this registry key and can just delete from:

As always: Export the deleted entries first before you delete them. Just in case …

Spamassassin: Train Bayes Recognition

To train the Bayes recognition of Spamassassin you need to have a big amount of spam mails which you can feed to Spamassassin. Normally you would not have such amount of spam if you are just running your personal mailserver.

However you can download spam mails from the Untroubled.org Spam Archive.

Just download the archives you want (I recommend just to use newer archives e.g. from the last 2 years) and then run the “sa-learn” command of Spamassassin. I did it like that:

Linux Backup to Synology NAS

With the following command you can backup data from a Linux server to a Synology NAS:

The parameters have the following meaning:

<backup user>: User on NAS with permissions to use rsync to the target share

<synology host>: Hostname / IP of your Synology NAS device (if it is located remote you need to make sure that it is reachable via port 873/TCP

<synology file share>: The name of the target file share on your Synology host where you want to backup the data

In the file “/root/rsync_pass” you store the rsync password of the user <backup user>. Make sure to restrict permissions of that file (“chmod 600 /root/rsync_pass”)

This commands synchronizes the directories included in the “{}” brackets including the complete filename. Deleted files in the source will be deleted in the target as well, so that you do have an exact copy of your source.

To restore files you can use the following command (Example: Restore “/etc/” with all subfolders into the target directory “/restore“:

Unfortunately this will preserve the file and directory permissions but not the original owner of the directory/file. This will work if you use another Linux server as your backup device but I have not found a solution for a Synology NAS device.

Migrate IMAP account from Google Mail to Dovecot IMAP

I just needed to migrate all mails from a Google mail account to a Dovecot IMAP server. I did this with a tool called “Imapsync“.

I just wanted to synchronize all mails from the Google sent mail folder to the “Sent” folder of Dovecot and all mails from the Google “All Mails” view to a folder called “Archive” of the Dovecot account.

You need to make sure that you synchronize the “Sent” mails first as these are also included in the “All Mails” view and otherwise will not be added to the “Sent ” folder in addition.

This is the command I used for the migration:

With the “–exclude” option you can specify which folders should not me synchronized. I excluded the Inbox as I just wanted to sync all mails to the “Archive” folder of my Dovecot account.

The “–folderlast” option makes sure that the “All Mails” folder of Google will be synchronized at the end, after all other folders have been synchronized.

With the “–regextrans2” options you can specify which source folder name should be synchronized to what target folder name. You need to adapt that in order to match your environment!

This is a real sync so you can have already mails in your target Dovecot account before which will not be deleted. And you can run this command several times and it will just only synchronize the mails which have changed on the Google mail account in the meantime.

Dovecot: Rebuild full text index

For me to remember:

Re-index the fulltext index of a Dovecot user: