Docker on the RPi

This is just a place holder for a future guide and hopefully useful information for someone who searches.

Docker is a very interesting virtualization technology and I’ve been wondering what can be squeezed into a Raspian OS and 1gb RPi 3b+. So I decided to build it – but it went wrong on Raspian Buster.

Why Raspian? Well its the community supported OS based on Debian for RPi. I have other Pi images I’m happy with running on Ubuntu but its a bit messy with some hardware options. So I decided to use Raspian. However the latest “Buster” distribution versions from late 2019 on. Since I had run into a bunch dpkg errors … i thought i’d work with the older “stretch” distro of Raspian. Not much older – I got the latest one from here and used Imager from RPi to write it to microSD

These are 2 pieces of information I used so far to install it via apt instead of via the downloaded script from docker (which itself calls apt to retrieve it). I wanted it to just install like any other package.

Get the sources right

sudo touch /etc/apt/sources.list.d/docker.list
### then add this line to that docker.list sources file
deb [arch=armhf] https://download.docker.com/linux/raspbian stretch stable

Documentation from Docker on how to install it via command line.

You should reboot before you get to the point of testing with

sudo docker run hello-world
##output from this
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
4ee5c797bcd7: Pull complete 
Digest: sha256:8e3114318a995a1ee497790535e7b88365222a21771ae7e53687ad76563e8e76
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (arm32v7)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

Its good to know that Docker Images have to be made for the RPi system architecture so you have to find RPi images. The “docker-apps designed for x86/x64 and i386 architecture on your Raspberry Pi will return an error”.

Learn admin on an RPi? Part2 – Reverse Proxy

So I’m not the only one who thinks admin is all about the command line, the terminal – the ssh session and so on. SSH makes you as powerful as the guy asking Clyde to punch problematic bikers in Any Which Way but Loose with Clint Eastwood (which you might want to find and watch using your torrent seedbox … maybe someone recorded it to a file and its not copyrighted … probably not?

A Word on Copyright and Torrents

That’s why its a grey area – we used to record stuff from TV to VHS tapes and give to each other or leave laying about in community libraries. These days people want to seek rent on every view … not everyone agrees – it could be illegal (copyright law). So don’t assume, DYOR and I live in a country where its more fuzzy interpreting these laws somewhere in the east. Some law is just about how much is it worth for them to pursue and enforce copyright. Other times we have fair use – but law is not my expertise. If you sell copies – well that’s definitely more illegal than just accidentally viewing a screen without paying someone pay per view fees. Is this GIF meme illegal – some days it seems to be infringing copyright, other days its just fair use?!

On one hand we can, if it all works find our way around graphical tools that label options with buttons and check-boxes rather than expect us to read and know how to construct a command. On the other hand we tend to just stay flat and not move up the learning curve that leads to confidence. The command line and the .conf file are the reality to some … to others they are the same, just different approaches. In Linux however the command line is most complete.

In Part 1 – i linked to the Raspberry Pi (RPi as we write in shorthand) and explained that its a great, affordable way to have a server of that you can install, take with you or totally expand upon. Its as powerful as many basic level virtual servers you might rent online to build your website projects and other infrastructure. So its basically a direct match, you can put linux on it and there are projects.

Visit Part 1 if you haven’t built a project that you would want to follow up with these proxy, sharing ideas. Much of that was about basics of getting started and lead into the project – if you have an RPi up and running you could follow this guide as mentioned in Part 1.

The seedbox project is the culmination of understanding the need for privacy when it comes to using bittorrent. Many people use it for getting files that are in the grey (or red zone) when it comes to copyright infringement – but its also just a tool for all of us to share files or download in a nice resilient, time-saving way. I can throw the torrent files at the seedbox web interface daily and sftp them locally into my main work PC, or my home PC. My server is effectively online accessible where-ever I travel – when I have a “hosted seedbox”.

What if its an RPi operating from your home. Well, first – how do you access it at all if your ISP is a private network and you have no way to forward from your public IP address because it simply doesn’t start at your router, its further out there in the ISP and you can’t request forwarding rules. They have decided you can’t host … that way. So the answer – reverse proxy and/or tunnelling.

So here is what is way faster about admin on the command line – installing software. You need to learn sudo and apt and then you just read what else to type to install packages to enable you to follow guides and make things happen. Snap (or snapd) is another package system that you might use to speed up installing ngrok. It tends to be in ubuntu by default these days. This is a way unique to linux.

sudo snap install ngrok

When I installed to my Ubuntu 19.1 PC the snap install confirmed with “ngrok 2.3.35 from Khiem Doan (khiemdoan) installed”

The other way to install ngrok (if you don’t want to use snap or don’t have it) is to download the file from the ngrok website and then … unzip it into your home directory or where-ever you decide you want to organize the files. This is common for Mac, Windows and Linux. Don’t take “/path/to” literally it refers to where you put ngrok.zip

unzip /path/to/ngrok.zip

The Ngrok tool – assuming it is downloaded or installed via snap – has a server side. What you installed was the client side that will open a tunnel through the server. Ngrok have free accounts on their server. So ngrok is a little mystery for you to solve but its all the more clear when make an account with https://ngrok.com/ – then you get yourself a authentication code as you follow their getting started guide. I operated that with the local server port via https as so:

The getting started guide will explain that you should run ngrok with the authtoken command … note it depends how you installed ngrok if you are running it from the directory you extracted it to via “./ngrok” or simply typing ngrok because its been properly installed into /usr/bin – you can also just copy ngrok there yourself. The command generates a config file … but you can also just edit/create the file … its up to you to read the guide.

$./ngrok authtoken 1ifj49fjls43jl49090f90590seg
Authtoken saved to configuration file: /home/owner/.ngrok2/ngrok.yml

./ngrok https 8112

Then you get to see ngrok connect to the server and if you have set it up as per their guide you’ll get a URL. Here is one I just ran as an example – it will be destroyed after I close ngrok. You can see I have an account “ja” – thats find. I don’t mind if you see that. I don’t use this any more – as I’ll explain – because I switched to hosting my own ngrok server.

So in testing this with deluge on port 8112 I was able to give access to the deluge-web gui – a website running on the Rpi. I also configured sftp so my friends could get to where the files were seeded or downloaded to and retrieve (anonymously) the files. sftp is encrypted – so its just a private encrypted data stream from their computer to yours. Even if you run an http session you can https expose it with ngrok which gives it a real certificate and encrypts the website. These days everything should be encrypted or it’s a security risk. My friends maxed out at about 8-10 mbit download speeds, but my home has 150mbit fibre up/down speeds. Which I wanted to leverage. So you could either

1. Pay Ngrok for a plan that has more options/power. It doesn’t really say what kind of throughput you would get. This may not be appropriate for seedbox sharing …
2. DIY Ngrokd (note that adding a d (daemon) letter after a program tends to refer to a process running as a server – staying alive, waiting for connections internally or over the network. For this one you need a server.
3. Find a different solution for reverse proxy and there are many ways to skin that cat. You could just open tunnels if you know how it is done. Here is someone taking time to explain what goes on inside ngrok and other tools – you could do that yourself and its on my todo list for “someday”.

Option 2 – DIY Ngrokd (host your own)

So I have a server that does very little – it has mail services that I built as part of another project. Very basic set up that was. Its mostly on idle but it has 2gb RAM and 5TB of monthly bandwidth … but that company is complex. I also use this Vultr.com hosting company more recently – you can get $100 free credit if you sign up and pay like $10. The truth is you’ll never really get away with anything quality for less than $10 sign up – so don’t spend too much time looking for free virtual servers – it costs you in the end.

I definitely recommend Vultr and if you are learning admin you could start up a lot of stuff in your first month on that credit and pay effectively nothing for experimenting. Vultr also have a lot of free extra services – unlike some more mercenary hosting companies that want you to pay for every little extra. You can become an admin boss just by installing VPS and using applications that accelerate everything such as Plesk – so rather than choose an OS, look at Application. Most of them are preset to install an image with Ubuntu 18.04 x64. If you are really learning you can just start from a generic Ubuntu and install it yourself but … it might take you down a lot of pathways where things aren’t tuned right and bugs or failures need to be fixed one after another before things just “work”. That is why applications are already mostly set up to work well and you get to the results as fast as possible. Depends how much time you have to invest – both ways are good. I’ve installed servers every which way I can because – its just like that doing admin for years. Don’t be afraid to discard and reset to a fresh one if its all going wrong.

If you want to keep going I’ll assume you have a server … say ubuntu 18.04 type … you can build the ngrokd service. You’ll get the ssh username/key. Don’t use crap passwords .. you’ll very easily get hacked. This guide comes from the maker but its an older version … its a variation and doesn’t use any authkey – but this self hosting, its a challenge. On an RPi you’ll – you might find that when you build both the client and the server in this walk through that go doesn’t work. Rpi have a different CPU so for it to work that was something extra I had to do because Ngrok is using go or “golang” https://golang.org/

So this was the Reverse Proxy escape hatch

Solution to having an ISP “private network” and no usable IP address is reverse proxy. If you made your own server and put ngrok on it – congrats. However if you want your torrent application itself to be anonymous you aren’t there yet. If you get a torrent then its possible the tracker gives your IP away as it makes contacts with other seed/leechers of a torrent file your getting. Even if you use a magnet link and DHT – that still links you to trackers that are open … so you need to anonymize with a proxy for the send/receive torrent data. I highly recommend IPvanish – its got the highest throughput of anything I’ve tested. Recently I noticed they also give a 250gb cloud storage that is actually fast and usable for online backup. I connected it to rclone and uploaded backups of my RPi sd card made with dd or imagewriter32. That’s $99 a year of free cloud storage. I can tell you … I’ve tested a lot of cloudstorage companies and many of them are a total joke so I was enormously chuffed. So if you want to be able to follow through in the next part go ahead and sign up for IPVanish – its usually 30 days free (money back guarantee) so you can just cancel it after you’ve played around and don’t want to keep it. Here is a tip – if you idle for a while on the signup page … a popup will come and offer you an extra 20% more discount! [I recently changed the link to their super discount deal].

I’ll get into more of the admin problems and solutions- like proxy, security, firewall, stability and crontab scripts, monitoring your connection so you can restart the ngrok or reboot the computer if its stopped functioning in Part 3 which is not written yet but will come soon.

Learn admin on a Raspberry Pi? Part1 – Seedbox

So … full disclosure, on another blog I published a white paper about how your Raspberry Pi is a poor choice as a home security “hub”. Mostly because companies making you pay a lot are using these fab little computers to deliver something that … is all to easy to hack. On the other hand – I recommend you to buy a Raspberry Pi 3b+ or 4 or anything … and make something. So here is my guide to what has been a frustrating but eventually rewarding journey attempting to make something useful with an RPi.

Advice (1): its very easy to make something useful of an RPi if you manage your expectations. More often than not we go for the “wow its a cheap computer” and we want to use it … as a computer. Web browser, videos and so on – which you can but … unless its the absolute latest one and I haven’t got one of those RPi4 yet …well its going to be slow, frustrating and probably crashy. Oh, i’m sorry I am a realist, but there is a light at the end of the tunnel.

Advice (2): if you do want to go RPi project making, learning etc find my links on the “RPi4 or RPi3b+” leading to Canakit products and save yourself a lot of bother by getting a full kit from the get go … otherwise maybe you’ll feel you saved money but you’ll be massively delayed by all the various dramas and shopping searches that ensue after you realize you need all these other parts. You can do without the kit but its a lot of risk of damaging your RPi … or crashing due to bad power, wearing out weak plug points. Make sure you add on an HDMI cable at least … there are bigger kits too for real builders and educational use

Flashback to 2012

My first experience was the early day Raspberry Pi model B which I pre-ordered – just so I could show off a tiny computer. I was already building ever smaller computers, servers, firewalls but … well this was cheap and small. I was hooked but I had no illusions it would be for serious computing – at least back then. Sometime in May-June 2012 I got mine. The original concept seems to go back 6 years before then – so someone was at it for a very long time. The idea of this product was to get a computer into more peoples hands be it for children or low income earners so they could … learn programming. Much like the One Laptop Per Child project but from more of a minimal price hardware than engineered for children specifically.

Flash forward to 2019 – RPi is pissing off business world by enabling new IOT projects

Last year I did an extensive testing of RPi 3b+ as a media player and I did make it work, had great times. Also had some very suspect times … where it seemed to be hacked … but thats what you get when you are downloading from strange “repositories” of dodgy code. That is the Kodi media center track and OpenElec is another path. Basically I had moved to my new home, with my new wife and I only had a laptop. I was doing RPi research and so I was doing that thing where you are all positive. Downloading all kinds of things.

First stop – an image of a system – an image writing utility.

You get yourself an image, a memory card … you might buy a bundle that has a power adapter, memory card and the “Pi” as we end up calling them. Then you play and typically I want to try a few OS or just start again if things go wrong … so after looking at Raspian OS for a bit and how shitty it was if you opened youtube.com. You may already be satisfied with the basic OS and leave it be. The Raspberry Pi website will guide you through the basics but know that there are alternatives to win32diskimager. You can make a lot of OS bootable from a memory card or USBdrive with Rufus so don’t feel like there is only one tool. Google is your friend.

Second Stop – NOOBS

There is a NOOBs of image loader that lets you have a whole selection of OS installs on one memory card, delete, reload, add, remove – choose which one is first boot choice … and a few options to fix the settings so your mouse or LAN connection fire up. I found this website excellent for distributing “berry boot” images. https://berryboot.alexgoldcheidt.com/images/

That was where I went through and of course there is one excellent distribution called Kali for ethical hacking, security testing and training. If you want to learn admin that’s an excellent place to start. So I had Kali and Kodi and Raspian on a 32gb microSD memory card. Kodi I had several versions and even within Kodi you can add a lot of software via repositories and go into the sketchy world of alternative video access. However, honestly there are boxes designed for running things like Kodi but they will often be branded as Android box … and I can’t guarantee anything … but you’ll want more RAM. I think the RPi4 will probably be far better for Kodi/OpenElec media center with 2-4gb RAM. The 1gb RAM on the 3b range – it works, until you install a bunch of add-ons and then things start to make you realize people tune Kodi for a much more powerful computer.

So Admin … enough of this GUI, Web Browser Stuff

My definition of Admin here is that you should be wanting to know Linux and the command line. If you install something that doesn’t have KDE or Gnome … just straight up Linux Bash terminal you can start putting apps into your RPi and using it as a local server. I will even explain how I went further and got it exposed to the internet so my friends could work with it.

So Covid19 … locked down at home, for an admin nerd its just another day at the office. The RPi sitting there under the monitor (its so tiny) and it is asking “you gonna do something with me or not?”. I have it plugged into a TV I’m using with a real Linux Desktop PC (dual boot windows :-|) and on the 2nd HDMI input the RPi was there waiting to be re-purposed.

Cost cutting or foolishness?

My idea was simple – I’ve been renting a server for many years that I use for redistributing bit-torrent. All legitimate files of course ;-(). Bittorrent is an early success story decentralized approach to file-sharing and yes P2P filesharing since the early days. There were many challenges or problems to hurdle beyond to replace a “hosted server” account with my at home little toy of a computer. Some people call this kind of solution a “seedbox” … but run it from home is completely backwards. Its running on a fast internet, which has a private network – so my public IP may or may not be exposed to the point where they can directly tag it if someone downloaded something copy protected (who would do that?). Seedboxes are usually hosted where people can ignore attempts to complain about specific file sharing participation.

Before we worry about internet access and sharing the access to people outside my LAN … “web hosting” aspect of it lets just make it.

I used Ubuntu – because I’ve been using Ubuntu 18.04 for several Virtual Private Servers – and Kali is much the same as Ubuntu so I thought I’d just see what they have. They have RPi well covered https://ubuntu.com/download/raspberry-pi and the version I installed didn’t boot into a graphical UI – which is perfect because I just want a headless CLI driven thing just like a VPS for website hosting. No NOOBS for this project – just write the image to the microSD card. I started with a 32gb samsung. I use this card reader, its excellent, the Ugreen SDcard reader I like it because I can also use it to backup my phone via microUSB connector and it has normal USB connectivity.

More Project ingredients Deluge, Ngrok

Then I followed this guide to add Deluge which is what I was using on the old seedbox for many years. I set up Deluge with a builtin plugin IPblocklist – just in case it helps the seedbox be more protected from snooping. I created a user and set up the home directory to be owned by root. Thus you can “chroot” it so that when people SFTP in they are locked into this as their “root” directory and can’t escape and start looking around your system. Then Deluge copies completed torrents and reads seeds from non-root owned “Deluge” directory inside that home directory. So users access the box via a web interface for deluge and upload/download files for torrent sharing via SFTP.

Part 2 of this project gets quite involved so I’ll just say that after this I used Ngrok on the PI and Ngrokd on an external VPS to open tunnels for my friends to access Deluge and SFTP. My ISP doesn’t give one a real public IP – just a private IP in their network so forwarding ports from the router doesn’t give access to your LAN at all, other than perhaps to other users of your ISP … maybe. Ngrok is a kind of “reverse proxy”. In future I might also put a normal proxy server on the VPS and then all torrenting, web access and sftp are accessed via that server which is my PI tunnels into using Ngrok. Ngrok does try to keep the tunnels alive … but that’s a longer story. It is a working solution for over a week so far.

Testing ClamAV – the opensource Antivirus

What, you mean they have Open Source Antivirus?

So in the open source world the biggest project is ClamAV – not very exciting marketing speak but … there it is, often open source is like that. Just quietly moving along, run by community … there are often paid people if a project gets big enough.

So – say you aren’t using Linux/Unix — and you don’t feel like “compiling your source code” – well there are builds of ClamAV for other operating systems. I’m going to try it out – watch this space.

https://www.clamav.net/

Why am I not going to use a commercial product … well, because antivirus is only a piece of the puzzle and I get a bit sick of “marketingware” rather than software. Nagging you (nagware) to buy it, canceling upgrades if you don’t pay. Some sites are better off if the software will stay installed indefinitely and not keep going to a new version or expiring constantly. Sounds wrong because marketing people want you to think all these new versions and updates are necessary, sometimes they make things worse and downgrade you so you have to pay more to get back functions.

So – as a researcher every year or two I like to test the state of the free/open-source/sponsor only type offerings from the open source community. I believe that ultimately open source makes more progress than paid software for well know same old solutions … we don’t need to keep paying for wordprocessors surely. So we shouldn’t for many other types of software – unless we want to reward innovation.

However – on initial inspection – its more of a command line library that needs additional software to integrate it into Windows. Not really ready to give clients. No wonder its not really making a big impact in mainstream consumer antivirus world … but it wouldn’t take much. I found other IT consultants saying the same thing – “don’t bother with it”. Yet, i’m determined to ” bother with it”. Looking into documentation there is a windows installer that only appears linked there.

https://www.clamav.net/documents/installing-clamav-on-windows

https://blog.andornot.com/blog/How-to-set-up-ClamAV-as-a-Windows-Service-to-scan-file-streams-on-demand/

As well as other unofficial guides such as the latter link above. So as usual with open source software, where there is a will there is a way. Generally you want to avoid trying to write your own installer before you find how it has been done successfully or just to avoid writing code.

Have you ever “sudo apt upgrade”d?

I can’t explain how much easier it is than attempting to upgrade ALL your applications and system. Many systems will update software but it’s generally piecemeal

If you have …. (what I said in the title)’d then you are using some form of linux, most likely debian or ubuntu flavour.

The hardest thing about linux is that you probably can’t get where you want without typing in a few commands. That tends to lead to learning, googling and mostly just copying the instructions – its how everyone evolves.

I’ve been on and off with linux since it’s inception and yes, I was using computers well before linux and was there watching as it emerged as a barely usable joke project “lets make our own new, fresh unix operating system” but people worked and worked. Then it existed and software was immediately available – from unix but normal users don’t care. So unix grew and one of the things that grew from a unix clone was … Mac OS.

Yes that system became very unstable and they sacked Steve Jobs. He returned later with a unix clone (mach/darwin) called NeXT and they renamed it … Mac OS 10 …. and from then they had 10.1 … up to todays 10.whatever – who cares. Main thing – its like linux … you can get something like mac for free and run it on your windows computer. You can even make it look like a mac “look and feel” … and in the end some things take a lot of time, they aren’t as professional and slick as the commercial software world of Mac and Windows … at least not always, some are though, or even better in their own way.

The times are a changin’ and you can upgrade EVERYTHING with one little bit of typing into the CLI (command line interface) … and then that effort you invested pays back. You start to realize … oh, maybe I can leave windows and all its hacking, security and issues behind. I can work with a system designed to help me instead of exploit me. Frankly the same goes for mac – and on the iphone, the android phone its all based on a unix variant of some kind (effectively) which they just stole your CLI from you. CLI … is your friend, even if he is ugly, nerdy and you only approach him with fear. Yet you have a bit of a conversation – learn the words he understands and he becomes a great buddy – slowly you start to understand that windows aren’t always better and reaching for the mouse can be bothersome when you are already sitting there typing in a few commands.

Choosing a remote support tool.

When you need help, you might be adept but out of your field or a complete duffer. Still, you can install tools and invite friends to help you, let them navigate you through the twists and turns. Even the easy tools can be a little intimidating but you know, if you are in a situation where you need help then unless someone is on-hand you are going to waste a lot of time and money when you could be making it easy for someone to assist you.

If someone is your friend its likely they don’t want to drive over just to walk you through something that might turn out to be basic. On the other hand if they are a computer junkie they might be more than happy to work with you by seeing your screen. You share what you can see, and even give control over the mouse and keyboard as if they were sitting there with you. Of course, if you found this blog … 1) I’ve sent it to you because you are someone I’m trying to assist myself, 2) You already know what remote support is and you searched for “choosing + remote support” and are looking for tools.

Some of the tools want to give you way more than you need, charge you for a huge subscription fee and harass you forever until you cancel the account. Others are freeware/shareware or free to trial. I feel that it’s always best to start with free/share/trial-ware because if you develop this habit you might accumulate vast savings and end up saving more than money, but a lot of trouble subscribing, fixing out of date accounts or just dealing with crappy changes designed to charge you for a product you paid for already. Remote support technology has existed for many years and for it to earn your payment it has to be very slick and useful in some way that you don’t need.

I actually only started using Teamviewer recently because I’d known about it but I was fine using VNC or logmein. There you go – top 3 in one sentance

VNC – which stands for virtual network computing is an old protocol. It has been implemented by different programmer/developer groups. I recommend TightVNC if you understand IP addresses and networks but if you want something with stronger security just check out other options like the older VNC product RealVNC

Teamviewer – if you have a client that doesn’t understand those things and you need to find them and connect. In the early days I avoided it because people got hacked through it too often so I just didn’t like the whole smell of that. Its been years – now its Teamviewer 14 software – it seems to have decent security features after all those years of issues.

Logmein – if you want to build a whole console of tools and computers this one might be for you but beware the charges really start to build up. I would say its not worth the price they put on it, but the price is set because it does work and work well. Especially deploying links to users who don’t know much what to do.

So, you want a mail server

In the early days I had mail servers – I mean I was using email on old days unix when it was NEW at university. I was using fidonet based on phone calls between modems – yes this is pre-internet at home. I ran all kinds of netware, compuserve, aol, microsoft exchange, postfix, sendmail … and eventually I outsourced it all to Gmail for a non-profit and had 1000 users and our domain pointed there.

Look at this image on top of this blog, its an old Mac SE someone is making connect to internet. That was a “newer” computer. As for email it hasn’t actually changed a huge amount since those days of the 80s. Recently I built the latest version of a very old mail server “postfix” – yes I’m back but I’m not going to sendmail (too old school but still used!). Its command line work, linux … reminds me of a colleague who said “command line is how computers really work” as if mice and windows aren’t. He was wrong, they are just different ways of doing the same thing – triggering something to run some code, script or macro. Clicking something or typing a command … not that big of a difference. Truth is that a good admin can do things fast with the command line, doesn’t have to search around as much as a window based user. However it depends how well set up the window user and how well designed his software tools are. I digress … so, you want a mail server

Option 1: You want your own domain email – you know what a “domain” and website is. So you go to a company like Godaddy that appears high on a google search. You will get a mail server … of sorts, but good luck getting service or control if it doesn’t give you what you want. It saves time at the outset but becomes more and more of a limitation or legacy problem if you grow to use it for a many accounts etc. Maybe it gets hacked because nobody maintains the server … seems to happen a lot to people who become my customers looking for the solution.

Option 2: Build it yourself. If you have the time and interest I can share what I know, freely – really – the community of users/admins understand. You can google, youtube and find many guides but its amazing how many of them don’t work or turn out to be very misguided. The person knows a lot but still .. they make a frankenserver and if you copy them you might be wishing you didn’t. So you have to resign to doing it a few times until you find a guide that is up to date and written by a real expert. I recently went through this one after looking around a while.

https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql/#test-email-with-mailutils

Option 3: Hire someone else to do it … like me or one of many admins you might find. Choose wisely.

Option 4: Collaborate with someone like me to use their server so that you get a best of both worlds – they built it, they maintain it for themselves and you get something almost the same as Option 3.

Option 5: Give up and discover you could have used your google account or other similar thing to get everything you needed and you just had not dug deep enough to see all the power you already had. Realize that you might even get a domain and use it with googles email but your own me@example.com web address. This full circle thing is not a bad place to arrive – it means you have re-evaluated.

More options – let me know … especially if you want to hire me 🙂

Mail Servers

Reviewing Mail Servers – why? To find out where the state of the art is since last time I checked. This is what blogging is to me – its not always about selling some service or some product. I’ve blogged for free since I ever heard of blogging. Its just a reflection of what happened at this time to add to the history to look at later perhaps, or not.

When Gmail came out – tentatively we all started to test it, sign up as beta users. We could invite friends into the program and I ended up with a 1000 user account with Google for their apps service to provide non-profit users with email and all the Google Apps as a business unit. It meant a lot less worry, and offloading server admin to Google. Also that people had everything there for them to find their way to using to integrate many things instead of pressing for an internal mail to integrate better with all the google tools.

So why would I go back and make a mail server. Mostly, because I there is so much tax and over-commercialization. People want to turn everything into a higher cost than it is perhaps worth. Still it will take me considerable management effort but when it comes to security then it will be in my hands. Security and restoring backups are not in your hands with a 3rd party provider. If they experience serious down time you will have to wait.

Google hasn’t had much downtime for years – that was lucky. I guess in the end we want a hybrid – something independent that also integrates. Yet there are so many more messaging services today – chat’s are almost replacing email, but not quite yet.

—- Update —

I’m going to install and try out mailcow – that seems low cost and useful, is getting developed at a good pace.

Going Linux – Going Gimp

Gimp, Graphics Image Manipulation Program, has always played 2nd fiddle to Adobe Photoshop. I remember when I was working at an apple shop when Adobe Photoshop 1 appeared and we used it on the monochrome screen of a mac SE thinking wow. Now Gimp has way surpassed that.

Recently, after some nasty malware related refreshing from backups on a windows laptop, I bought some PC parts. I threw together a desktop since now I have a family, house, home to work from. It ended up actually being 2 PCs in the end but that’s another story.

So as I started posting on this new install of wordpress – you are reading from here I was using Ubuntu linux on the downstairs PC. Running it on a TV, its a bit furry and I had just the stock installed basic photo/image program to adjust some graphics. I have tried gimp many times over the years but I saw Photogimp and some spanish text saying Adobe Photoshop, which I am much more used to … see image insert.

So I installed it and what do you know its all layed out like a modern photoshop. Now I can say for the first time – actually Gimp looks like its workable. Just like LibreOffice (formerly Open Office) is up to the task for editing documents.

Open source is basically able to surpass some of the older commercial software at this point. How could it be, well its the the idea that eventually instead of just moving stuff around and acting like you made it better when you really didn’t … or taking parts out and charging extra if you want them back. Well in Open Source you just find out what people really want and if they like it your variation of the code, fork, project becomes really appreciated and maybe others step in and help you make it even better. You aren’t trying to keep selling, or get subscriptions – perhaps you get donations but generally you can eventually after many years get the project to the point where it just does what people want and we can stop wasting our time paying and upgrading and re-learning some bullshit new version.

Now Ubuntu Itself falls into that category. You might love windows or macOS but in the end the only thing that really makes them superior other than basic look and feel (which can be duplicated) is that they have the stable support and drivers for all the computer parts you use as your PC. Yes and that means you too mac users – you use a PC with MacOS. Anyway, if I can put together a very recent set of parts and start a USB stick of Ubuntu and get sound video, software instantly (really, as fast as you can boot) then something is wrong on the older OS front. They stopped making their stuff better. Mac hasn’t written an installer for a long time, mostly they just chase a lot of security updates and hope they can retain customers. Its not all the way there yet – commercial software still rules a few areas but I’m going to work with linux now.

I was always just messing around as a kind of half serious thing on linux other than with servers. That’s another blog – but I think if I can invest my experience on linux as my work environment now its worthwhile. I recently heard someone say if you use windows you are an idiot – I almost agree. Especially when it comes to security concerns. Not that linux is immune – not at all but you have a lot more chance of securing it without fighting against the OS.