Skip to content

Welcome to fidoriel's Blog

Sometimes I am curious how I solved issues in the past. I like simple solutions to issues that do not break down soon. I also like practical things that solve these issues in the manner of bauhaus that I can reproduce and repair myself. Therefor I keep a collection of high quality hard- and software tools and need a way to keep the information on how I did this. Until now, I have a private collection of markdowns where I kept this information. This blog is an attempt to change this.

StudNET Studentenwohnheim Leipzig

Why is it worth to talk about a student dormitory in Leipzig, Germany. My sister was accepted to study Veterinary Medicine in Leipzig, and she got a room in a dormitory. They call their network studNET. There are good news: It's free, but the bad news are their authentication is complete nonsense.

Authentication

The administrators' idea is to connect a device to the network outlet and then have a ssh connection constantly open to a server to keep authenticated. For Windows they offer a software which does this for you. This software runs as daemon and connects to their server and keeps the connection open. For Linux Johannes Matschke wrote a tool that does this, its a 15 year old unmaintained PHP cli tool. Somethin similar has beed implemented for Linux as Daemon. Nothing I can hand to a medicine student without deeper technical knowledge.

Note after the ssh connection is establish, instead of a shell a script is executed that shows some information and takes your IP to authenticate against their so-called firewall. As long as the connection is open, the script is running and internet access is granted. If a second connection is established with the same credentials, the first one is killed.

In 1997 their ssh authentication might have been state of the art but in 2024 it is definitely not. But since WiFi is a thing now, and no one is using their old EATX Tower PC wired to a wall socket to ssh authenticate with their firewall server a better solution must be found. The Studentenwerk sais that you can hook up a WiFi Router connect via ssh and use the sweet sweet WiFi. The router is functioning as a better access point, all DHCP is done on the device based on their DHCP server set up. This is also possible via an Android App Android App. And probably also via an iOS Terminal Emulator App.

Ok fine. An old AVM FritzBox hooked up to the network outlet and connected to the WiFi, authenticated via ssh on her MacBook. It worked. Yay. But after some minutes the connection timeouted and she had to reauthenticate. Also authenticating on every device is a pain in the ... you know. Every device every time. Ever. Updates overnight? Push Notifications? No way. Answer a FaceTime call on the iPhone? Mobile data is used until you authenticate again.

No proper subnet, no cloud sync, no local network, no handover, no local anything. Can't give access to a friend. You get the idea.

How does their Firewall Thingy work?

My understanding is that if you follow their Tutorial and set up DHCP settings for your device is that your device joins their LAN network. Through the ssh call ssh your_rent_number@their_firewall_thing they get the IP that is authenticating against their server and grant access to the internet.

What could be done?

My Criteria:

  • no manual ssh authentication#
  • automatic authentication on device start/first connect/wifi logon
  • automatic reauthentication
  • no setup on every device
  • WiFi
  • closed local area network
  • easy access (for friends)

It's basically everything what you would expect from a modern home network. Nothing fancy just a standard functional and convenient network.

It is possible to build fancy stuff with a Raspberry Pi running in access point mode and so on. Every cheap mini PC could do the job. But it needs to be reliable and also understandable for a non-technical person and should have better WiFi than a Raspberry Pi or cheap dongle. The FritzBox used earlier would work, but then a second LAN Card would be needed. She does not pay for power so if they only provide stupid Internet Access why should I bother. But I do. Because this seems error-prone to me and I need to buy a USB Ethernet Adapter for the access point, which will be around €15.

What I will do

My sister will receive my cheap Chinese WiFi Router with OpenWRT support, a Gl.Inet GL-A1300.gog.com Their cheapest GL-SFT1200 can always be found on the internet for around for around €30. I got the one off Amazon because it is shipped faster, so she does not need to wait that long and easier to send back if my ideas don't work. Then I will use the Linux as Daemon tool to authenticate the router. Because it is a Linux device it should work. I can easily connect to their DHCP stuff, run the authentication daemon and create a subnet.

How to do it yourself

Log into the WiFi and hook up the routers WAN Port to the network outlet. Make sure to use the left outlet if a multi outlet is provided in your room. Configure the external WAN of OpenWRT via the UI or CLI and connect to router via ssh.

Then on your system ssh onto the router. Use the password you set up and use for the UI.

ssh root@192.168.8.1

On the router install the ssh sshpass for programmatic ssh password input. We also install the OpenSSH Client to replace dropbear client, because dropbear lacks some functionality we need (proper forced pty/tty allocation). I used nano as an editor, so my sister is able to edit the files herself.

opkg install sshpass nano openssh-client

Put the bash script into /usr/bin/studnetauth so it is on path:

#!/bin/sh

echo "studnetauth started"
SSHPASS=PASSWORT sshpass -e ssh -t -t -o StrictHostKeyChecking=no -o ServerAliveInterval=30 RENT_NUMBER@FIREWALL_IP
echo "studnetauth exited"

Make sure to replace PASSWORT, RENT_NUMBER and FIREWALL_IP with the proper values. You need to look up here.

Security Notice: Your password is stored in clear text within the router. Everyone with physical or authenticated network access to the device will be able to read it. We also accept any remote host key without any questions asked.

You can check the logs with

logread | grep studnetauth

and reload the config with

service studnetauth reload

and restart the service with

service studnetauth restart

Make sure the script is executable:

chmod +x /usr/bin/studnetauth

And test if the authentication works. The first time you need to accept the ssh key. Just type yes and return to accept the key. The SSH key will be added to your known hosts.

If ssh RENT_NUMBER@FIREWALL_IP goes through (and put your key into the known_hosts file) and you now can use internet on your device test once again with the script on path.

studnetauth

If this also works you can put the script into the startup of the router.

Put the service config into /etc/init.d/studnetauth

#!/bin/sh /etc/rc.common

START=95

USE_PROCD=1

start_service() {
    procd_open_instance
    procd_set_param command /usr/bin/studnetauth  # Path to your executable
    procd_set_param respawn 1 1 0  # Test every 1sec if failed, delay before restart
    procd_set_param stdout 1
    procd_set_param stderr 1
    procd_close_instance
}

Make it executable

chmod +x /etc/init.d/studnetauth

Then start and enable the service

service studnetauth enable
service studnetauth start

To make sure we do not run into a timeout because no packages are sent we ping 1.1.1.1 every 10 seconds:

Put the bash script into /usr/bin/studnetping so it is on path:

#!/bin/sh

echo "studnetping exited"
ping -W 2 -i 10 1.1.1.1
echo "studnetping exited"

chmod +x /usr/bin/studnetping

Test it with:

studnetping

If this also works you can put the script into the startup of the router.

Put the service config into /etc/init.d/studnetping

#!/bin/sh /etc/rc.common

START=95

USE_PROCD=1

start_service() {
    procd_open_instance
    procd_set_param command /usr/bin/studnetping  # Path to your executable
    procd_set_param respawn 1 1 0  # Test every 1sec if failed, delay before restart
    procd_set_param stdout 1
    procd_set_param stderr 1
    procd_close_instance
}

Make it executable

chmod +x /etc/init.d/studnetping

Then start and enable the service

service studnetping enable
service studnetping start

Make sure both services are started correctly and internet is working. Now the router should authenticate itself and should try reauthentication on failure. Unplug the router and plug it back in to test if the service authenticates after startup.

Have fun with your new home network.

OpenWRT in VirtualBox

Use VBoxManage convertfromraw --format VDI openwrt.img openwrt.vdi to convert an img to vdi. Within network settings select Adapter 1 attach to Bridged Adapter and name to your network device. Enable Adapter 2 and do the same. Add created openwrt.vdi as storage and reboot.

Bike Repair

After my latest and bike shop experience I will do everything to not bring my bike there ever again. It was €147 and an absolute waste of money. €30 was for the Bosch firmware update. I do not like that I cannot do this on my own.

But the real reason was that the chain of my e-bike jumped down. I did put it back, but it jumped down again.

I decided to bring it to a bike shop to let a "pro" do the work. Also, I missed a Warranty maintenance interval.

E-bikes have a bracket that should prevent chains from jumping. The manufacturer used a stripped screw for screwing the bracket. I pointed the bike shop to the screw that I wanted this replaced within the maintenance. I needed to lose the crank to be able to change the screw. Because I did not have the tool I decided to bring it to the shop.

Result: Chain was on but jumped off again. Why? The shop did not change the screw, so it was not screwed down correctly. Within the maintenance they did not recognize that the cassette and chain has worn out after 3000 km (1850 mi). Did they even do a maintenance?

I do not know. After that I decided to gear up my bike tools and do everything on my own. I used my Dremel to carefully cut a slot into the screw so that I can use it with a flathead.

Tools at Home

I finally decided to get a torque wrench. But I did not find a wrench that was capable of 3-40 Nm, so I decided to get two: A Proxxon MC15 and a MC60. I also have a 1/4 (23080) and a 3/8 (23112) wrench set from them. They are sadly not "Made in Germany" but are high quality tools from Taiwan Tengtools. I also use my Proxxon Ring Wrench set (23821) and my "Wera HexPlus HF" for bike repairs.

Over time, I collected some very special tools:

  • Shimano HG for cassette and a chain whip
  • Shimano TLFC32 for center lock and bottom bracket (this I sadly cannot use with my torque wrench)
  • Bosch Lockring Tool and a crank puller for Bosch
  • 3D printed Chain Wear Indicator

The only thing I still miss, despite a mineral oil set, is a proper stand. I will keep an eye for special offers for a "Park Tool PCS 9.3 or 10.3".

Bike Bag

Last year I got an "Ortlib Commuter-Daypack" Urban from my parents to my birthday, which I absolutely love. I always carry my sailing stuff including a lighter for ropes and a Leatherman for everything. I decided to add a "Topeak MINI 20 PRO Multitool" for bikes. Remember to carry always a chain pin. Within this order I also got a basic tube repair kit. As a very small pump I got a "Lezyne CNC Pocket". Multitool + tube repair + Pump was €50 and everything I need in a repair emergency. The best is it fits into the small compartment bag within my backpack.

Mobile Tools

Conclusion

A big Investment in tools, but I hate bad quality tools. Maybe they will last long and used for other things than just bikes. It is cheaper and way faster to do bike maintenance on my own. To drop the Bike at the shop and collect it later cost me around 90 Min in total. DIYing the repair is more time efficient and faster done, and I do not have to miss my bike log. To be without my e-bike also cost me a lot of time.

About home server and self-hosting

I like to self-host stuff for privacy and cost save reasons. It also keeps me independent of some policy changes and allows me to use my media, books, music, audiobooks and so on how I like. Some stuff I like is not available at the big streaming services.

I have a Raspberry Pi 5 for the local applications. A VPS hosts the tools that need to be exposed to the internet. I ordered a cheap 16Tb Seagate drive on eBay, which was stored in a datacenter as replacement but never used. Music and Audiobooks are stored on a WD 1tb drive so that the big drive does not need to spin up often. I use hd-idle, energy is expensive in Germany.

Web

All of them are run within docker compose.

  • audiobookshelf for audiobooks and auto download of podcasts. They have a great app. I am also a small contributor there.
  • jellyfin for old TV Movies and Shows. On iOS I use Jellyfin mobile and Swiftfin
  • paperless-ngx for indexing and oranizing of PDFs and Books in PDF form mainly Pen and Paper
  • navidrome for music. Amperfy on iOS.
  • manyfold for 3D prints
  • romm for games from gog
  • filebrowser to easily manage files from the hdd
  • glances htop in the browser from the device it is running on
  • uptime kuma for telegram uptime news
  • pikvm as a KVM for some devices in the network
  • LibreChat cheap API frontend for LLMs
  • homeassistant, homebridge and esphome for smart home
  • homer for the dashboard
  • homebox as an inventory system for my stuff
  • awtrix as a 32x8 RGB Clock. They have a great but paid app.
  • OctoPi for the 3D Printer
  • FoundryVTT for pen and paper. Only paid I use. One time fee €50.
  • hedgedock collaborative markdown online editor
  • excalidraw collaborative online drawing tool. Alternative to tldraw
  • vaultwarden for passwords. Compatible to Bitwarden apps. Use Bitwarden for Production because they manage it. €9 for Bitwarden a year is fine for extra otp functions.
  • CodeCov code coverage ui. Used it within my first start up. Their managed service it too expensive and buggy.
  • gitea as a local git and hf hub mirror. Also supports GitHub actions via act

Non-Self-Hosted stuff I need to back up

  • Bitwarden
  • Fusion360
  • Brickmerge

Tools

  • CueTools for audio checksum verification (works with wine)
  • TagScanner and MP3Tag for tagging (works with wine)
  • EAC for CD encoding
  • Others people told me to use makemkv and libation but never tried it.
  • mediathekviewweb for legal (!) downloading of German TV Shows (no legal advice)

Amazon in 2024

The golden times of Amazon are over. They are not the cheapest, their special offers are not special, the customer service does not offer the goodwill of the past and prime is more expensive than ever. In 2017 Amazon was a great place to order stuff online: - best customer service - same day delivery - cheap shipping flat - best prices

With covid this changed. Other online retailers also offer very good shipping conditions like the German retailer "Thalia". They do also have a very good loyalty program and their shipping flat is free. Once a month they have a weekend with 17% on nearly everything. So they regularly have the best prices. Shipping takes around 2-3 days. Because Amazon Prime shipping has become worse, I feel they are right up now. The best thing: Thalia does not have this massive Chinese trash on their site. Lots of Chinese drop shippers are selling the same Chinese waste on Amazon. Same product images, same, copied description, some are cheap, some are more expensive. They invent a fake brand name and sell their junk in Europe. For Amazon Warehouse services they have to pay 30% in shipping and handling to Amazon. In the past Amazon had this "Plus Product" thing where they only shipped small and cheap items, <=€5 in value, with regular products for >=€20. I did not like this at the time, because there was no option to get the small items without a big order. Even ordering them with an added value bigger than €20 did not work. They dropped this rule some years ago. But then Amazon was flooded with Chinese trash. I have to pay attention to not order bike parts or other stuff that may not be safe. I also do not want to pay 10x the AliExpress price on Amazon with AliExpress shipping most items withing 10 days to Germany. If I am on AliExpress I know where to pay attention on to not get junk. But on Amazon I miss the selection of high quality items. If I order at Thalia, voelkner or alternate they preselected the items to avoid trash. Amazon does not, they do not even try. If I search for something I am flooded with trash. I have to pick items, check the sellers imprint, check the images, check AliExpress to make sure this is a value product. The times when I could just order something, and it is good are over. With Amazon becoming worse, their CMS full of junk items, I even cannot use Amazon to seek for specific items anymore. I only order small stuff from good brands there. For example the bike component brand "M-wave". They have simple solid, gets the job done items with good quality and reasonable prices. That can be ordered at Amazon with fast shipping. Sometimes I also order tools from Wera, Wiha, Knipex and so on there. But more expensive stuff can be easily and cheaper found on deal communities like mydealz with huge discounts. I have learned that other local online sellers are also grate and now even better than Amazon. Audible still has exclusive stuff, but I am not interested in their stuff anymore. The more niche stuff can be acquired somewhere else. If they have the special €9 for three months I become new customer again. Wait for 6 months and the account counts as new to audible again and qualifies for the special offer again. But audiobooks are a thing for a future post.

Usually I do not return stuff. If I press buy, I am sure I need and want this. I only returns if the item is not as described or broken. I check the data sheet and so on to make sure the item is compatible to avoid climate harming returns. I know it is not great to order stuff online, but most of the stuff I cannot get around Berlin, takes a lot of time to get there and is very expensive at a local retailer. Often a combination of all three. I hope I can do a little damage limitation with being sure what I need.

I only order on Amazon if they offer the best price including shipping. Other stuff is obtained via mydealz at other retailers. The convenient days are over and Amazon tries to milk their loyal customer base and disgust away with thousands listings of the same Chinese junk. Chinese electronics and so on will be ordered at AliExpress to not overpay everything else I will order at great European retailers valuing their customers.

Personal Item Storage System

Requirements

I have a lot of Legos, Tools, cables, electronic components, computer components, screws, tabletop/pen and paper stuff, board games, 3D printing replacement parts, audio equipment and so on. Therefor a structured system for storing them in an organized way.

To build a sustainable solution I have some requirements:

  • good, future and broad availability
  • fairly priced (yes this one is subjective)
  • stackable
  • lid
  • easy to move
  • good quality

I was able to find two box/storage systems which fits my needs: IKEA Samla and Euronormbox. I bought Euroboxes from the german hardwarestore "Bauhaus" and from "Obi". Obi sells boxes from "Surplus Systems" and "Bauhaus" from their brand. Currently, I am invested in Euroboxes and Samlas with multiple hundreds of euros.

Samlas have been very cheap before covid when I started using them. Now they are pretty expensive. I have a lot of them and do not need new boxes frequently. They are also great because they are clear/transparent, Euroboxes are not available in clear, only in milky. To keep the color consistent with different manufacturers, I decided to buy gray. Speaking of different manufacturers. Pay attention on the Eurobox Compatibility. Only the outer dimensions of Euroboxes are standardized. The Surplus boxes do not fit onto the Bauhaus lids. Especialy big Euroboxes have therefore become more attractive. Nevertheless, choose your storage system wisely to not become dependent on one manufacturer you do not trust to stay in business or to sustain prices.

How do I store stuff in it? Each box only contains stuff specific to a topic, Legos, cables, you get the idea.

Special Solutions

But what to do with special items for example miniatures or small parts? Lego is sorted by brick type according to bricklink and stored in zip bags in my Euroboxes. But miniatures can become more difficult: There are these awesome but expensive "Feldherr" foam boxes. But they are big and do not fit within my storage system.

Therefor I created a storage system for them based on a 5L IKEA Samla: Samla Mini Storage You can find information on how to build your own at the Printables Listing. Spoiler it is customizable for different base sizes and will fit on a standard 22cm cubed printer. This is based on a great OpenSCAD IKEA Samla Insert design, also customizable. To store my resistors I remixed a simple Box storage system, I modified the base plate to fit the 5L Samla bottom perfectly. Resistor Storage

Type Trays

For IKEA Samla it is best to just use the inserts mentioned before, because they have such a strange shape. Also IKEA offers for 22L boxes a tray for bigger items which is also more stable than the inserts. But in my experience I need to enforce them with for example this insert stabilizer. But what to do with the Euroboxes? I measured them and decided to cut boxes.py part trays with a lasercutter. It was difficult to get the internal dimensions, because they become wider/more flexible to the top. For the "Surplus Systems 60x50x22" I decided to use 50.57*7 x 50.8*5 within the generator. I like to use the trays not only for sorting but also for temporary storage of Lego Bricks while working on a project. I can easily find relevant bricks for building a set and store them away.

Final words

I am very happy with my custom off the shelf extensions. Object management will be included in my homeserver post in the future.