Create encrypted space on USB stick

I needed a possibility to create an encrypted space on USB sticks so that the data is not readable if you loose such a stick somewhere. Although there is BitLocker To Go and VeraCrypt, I ended up with a tool called SecurStick as

  • it is available for Windows, Mac and Linux
  • it does not need an administrative account
  • supports also unencrypted files on the same stick


Daniel commented below that Cryptomator also has a portable version which does not need administrative rights. I tested it and it looks good. As Cryptomator is still a supported tool (SecurStick is old code which is no longer maintained) I will us ethat for my USB sticks at least if the data exchange is between Windows computers only. I think that for the Mac and Linux version it is not so easy to use it without installation. Currently I have no machine to test so that I could not try it by myself.

HCL Connections 6.5: Error CLFRN1198E

Today we had a user who was unable to edit his profile information in HCL Connections 6.5. As soon as he clicked “Save” on his profile page he got the error

"CLFRN1198E: Your session timed out or a server error occurred. Please resubmit your changes."

In the SystemOut.log of the Profiles server we saw the following error regarding to that user:

[18/01/21 10:28:31:041 CET] 0000042b APIErrorActio E execute Illegal character in authority at index 7: http://- / -                        Illegal character in authority at index 7: http://- / -        at$        at$Parser.parseAuthority(        at$Parser.parseHierarchical(        at$Parser.parse(        at<init>(        at

The reason for this problem was, that the user did enter the characters “- / -” in all profile fields, where he would not want to enter any data to show that there is no data available. Unfortunately he did also enter these characters in the field “Blog URL”. Connections wanted to convert the value into a valid HTML link and was unable to do so. The error message, which was displayed to the user, did not give a real hint to the root cause of the problem.

As soon as he removed the characters from that field, he was able to save the profile again.

Add Authentication to Jitsi Meet

By default Jitsi Meet is open for everyone. So everyone can just put in a name for a conference room and start a conference. As my Jitsi Meet instance is not running on a dedicated server but shares the server with other important functions like DNS, mail etc., I do not want that everyone is using Jitsi without my permission.

So I needed to add some kind of authentication to Jitsi which means, that only certain authenticated users can start a conference. Once started everyone then can join the conference without further authentication just like before.

The steps to provide that, are documented in this article under the subject “Secure domain”.

I just followed the steps 1 to 4 and it worked fine afterwards.

Just to know: The additional virtual host which you need to create in Prosody (in the example named “” is only existing internally so you do NOT need to create that hostname in your DNS.

Now if someone enters a conference room, Jitsi tells the user to wait until the conference has been started or, if you are owner, to open the conference by entering your Prosody user and password.

As soon as the conference room has been opened, all other clients can just join the conference. The room is then available until the last participant is leaving the room. During that time, all users can enter without authentication.

Jitsi Meet Installation

I installed a Jitsi Meet instance on my virtual server this weekend. Although it was quite easy by following the Quick Install Guide there were some things which did not work in my environment:

Apache Integration

I have en existing Apache server running on my machine. Although the installation script should automatically recognize Apache and configure it for Jitsi, this did not work for me.

After the installation nothing changed in my Apache configuration. so I needed to create a new virtual server instance for my Jitsi server URL. There is a template on Github which you can use as example. Do not forget to change “/etc/jitsi/meet/” so that it is matching the correct path in your environment (depending on the hostname of your server).

Prosody Integration

I also had already a Prosody XMPP server running on my machine, which is also used by Jitsi.

For my existing server I had a config file called “/etc/prosody/prosody.cfg.lua” which included already a statement “plugin_paths = { … }” to tell prosody where to find its plugins.

Jitsi added an additional Prosody config file in “/etc/prosody/conf.avail/<your hostname>.cfg.lua” which also included such a statement. This seems to have overruled my existing statement so that my plugins could no longer be found after restarting Prosody.

So I commented out the statement in the new file and added the Jitsi plugin path to my existing config file.

Connection Error

In the log file “/var/log/jitsi/jicofo.log” there were many errors like

The reason for that was, that my existing Prosody server did only listening to its external IPv4 and IPv6 address but not on “localhost”. To solve that I just removed the line “c2s_interfaces=” from my Prosody config file and restarted Prosody. It now listens on all interfaces including “localhost” and the error disappeared.

After doing Jitsi Meet did work fine.

If you are using Jitsi you should be aware that there currently is a problem with the current version of Firefox which leads to sometimes bad video / sound quality. So it is recommended to either use a Chromium-based browser of the Jitsi app which is available for Windows, Mac, Linux, iOs and Android.

Schaltbare Wifi-Steckdosen mit Tasmota

Falls jemand für sein Smart Home schaltbare Wifi-Steckdosen sucht, die keine China-Cloud benötigen und per MQTT ansteuerbar sind (z.B. für die Integration in FHEM, OpenHAB etc.):

Ich habe Steckdosen von Avatar gefunden (auch im 4er-Pack erhältlich), die sich, anders als die Sonoff S20, ohne Kabel-Fummelei over-the-air, also drahtlos, mit Tasmota flashen lassen. Außerdem ist in den Dosen auch eine Leistungsmessung integriert und sie sind billiger.

Das Flashen mit TUYA-CONVERT geht wirklich problemlos. Siehe auch diesen Artikel.

Man benötigt allerdings einen Linux-Rechner mit einem Wifi-Adapter der als Access Point fungieren kann. Ich habe hierzu einen Raspberry Pi mit dem internen Wifi-Adapter und einem fabrik-frischen Debian Buster genutzt.

Danach man die Steckdosen, wie alle Geräte mit Tasmota, per Web oder MQTT in sein Smart Home integrieren.

Die Steckdosen ersetzen bei mir die letzten Funksteckdosen im 432 MHz-Bereich, die einfach nicht verlässlich geschaltet hatten und die vor allem auch keinen Rückkanal haben. Man kann also nicht erkennen, ob der Schaltbefehl auch erfolgreich war. Mit Tasmota geht das.

Wer solche Steckdosen benötigt sollte schnell zugreifen. Es kann natürlich immer sein, dass der Hersteller, die Lücke, die für das over-the-air-Flashen benötigt wird, in einer neuen Firmware-Version schließt.

Windows 10: Delete Orphaned Network Adapters

I just had the issue that Virtualbox showed me two network adapters if I choose to create a bridged network. However, both network adapters were no longer existing and with none of the normal Windows commands you were able to see and delete these adapters.

Even searching the registry for the adapter names did not get a result back.

I then found this solution here.

The registry key, where the adapter entries are stored, are hidden even from a user running with administrative permissions

You need to run the “regedit” command with “TrustedInstaller” privileges in order to see and delete them.

You can use this tool here to do this.

You then find the orphaned entries under this registry key and can just delete from:

As always: Export the deleted entries first before you delete them. Just in case …

Spamassassin: Train Bayes Recognition

To train the Bayes recognition of Spamassassin you need to have a big amount of spam mails which you can feed to Spamassassin. Normally you would not have such amount of spam if you are just running your personal mailserver.

However you can download spam mails from the Spam Archive.

Just download the archives you want (I recommend just to use newer archives e.g. from the last 2 years) and then run the “sa-learn” command of Spamassassin. I did it like that:

Linux Backup to Synology NAS

With the following command you can backup data from a Linux server to a Synology NAS:

The parameters have the following meaning:

<backup user>: User on NAS with permissions to use rsync to the target share

<synology host>: Hostname / IP of your Synology NAS device (if it is located remote you need to make sure that it is reachable via port 873/TCP

<synology file share>: The name of the target file share on your Synology host where you want to backup the data

In the file “/root/rsync_pass” you store the rsync password of the user <backup user>. Make sure to restrict permissions of that file (“chmod 600 /root/rsync_pass”)

This commands synchronizes the directories included in the “{}” brackets including the complete filename. Deleted files in the source will be deleted in the target as well, so that you do have an exact copy of your source.

To restore files you can use the following command (Example: Restore “/etc/” with all subfolders into the target directory “/restore“:

Unfortunately this will preserve the file and directory permissions but not the original owner of the directory/file. This will work if you use another Linux server as your backup device but I have not found a solution for a Synology NAS device.