Orbot 17 messes with VPN settings

Orbot Logo from Wikimedia Common
Orbot Logo from Wikimedia Common

I am using Orbot on my linageos mobile phone to route the traffic of certain apps through the TOR network. Since the app updated to some 17.*-BETA-... it changed it’s icon but it apparently also seems to always start in VPN mode. I tried a couple of different settings, but even switching into Power User Mode (!?) didn’t help…

As it’s only possible to run a single VPN on Android, it hijacks the VPN connection of NetGuard: my defense against traffic that is utterly unsolicited. NetGuard blocks connections by providing a VPN, which filters traffic based on the source application the the destination’s server.

Anyway, if Orbot hijacks the VPN slot NetGuard can’t block unwanted traffic anymore.

The workaround is, however, pretty easy. Just open Settings -> Network and Internet -> VPN. Then select your preferred VPN app, that you want to use instead of Orbot. In my case that would be NetGuard. And from that app’s settings enable the Always-on VPN slider. That will prevent Orbot from taking over the next time it connects to the TOR network.


Current logo of CODE AHOI
Current logo of CODE AHOI

It’s corona-time and so many things are unclear. Yet, I decided to quit my permanent position at the University of Rostock and try something new o.O

So I just started my own company! The current logo is a paper boat and I already crafted a first draft of a website at CODE AHOI.de, so strangers can find my new business ;-)

I would like to use my expertise to support organisations and the local economy. And I would like to convince them to go for high quality and open source! Especially for public institutions: Public Money? Public Code!

The plan is to also blog about current jobs, ideas, and IT solutions over there at https://codeahoi.de/news_en/. Those articles will be multilingual in German and English. Blogging in German will be an exciting adventure itself… However, I may copy the English version into this blog if I assume that it may be of interest for readers of this blog.

So if you’re curious or if you’re in need of a motivated developer and engineer, go and check out CODE AHOI! And tell your peers ;-)

Window Open Features: Restrict and Test

Are you also annoyed by websites that open popups and external windows without your menu bar? And without scrollbars and no close button and … and .. and..

Restrict Window Open Features

Don’t worry, you can disable these “features”! In Firefox, open about:config and search for dom.disable_window_open_feature (see @azure’s pleroma post). Full documentation on these settings are available through MozillaZine. These preferences can also be set (and locked) system wide, which may be useful for multi-user and multi-system environments

Test Window Open Features

Mozilla’s Developer portal has a documentation on possible Window Open Features. There you can learn which features are available, what they mean, and how to set them.

Testing is then pretty easy. The following checkboxes allow for enabling/disabling most useful window features. If a box is ticked, the corresponding feature will be set; if it’s unticked the feature will be turned off. You can then click the link below to test how your browser behaves when opening this blog using the chosen set of features.

TEST NOW: Open binfalse.de using above settings.

The test should be browser independent, you just need to have Javascript enabled. However, let me know if it doesn’t work for you!

To see how I implemented the test tool take a look into the source code of this page, or check the script on GitHub. Remember? This blog is all open source :)

Say »Hello« to Staticman

Recently, I stumbled upon Staticman, which seems like a nice solution for comments on static sites (such as this). Today I implemented Staticman into binfalse.de :)

The idea is, that you have your static site version controlled at GitHub. Then you can add the Staticman App to your repository and add some configuration file, so Staticman knows where and how to save the comments. Also add a form to your static site, that sends the commenting user with the form values to an API page of Staticman.

Staticman will then create the necessary YAML files and send you a pull request to the corresponding repository. Thus, you only need to accept the PR and your site will rebuild with the new comment. Pretty smart I think :)

Integrating Staticman is pretty easy. Just follow the step-by-step guide at staticman.net/docs/index.html.

In contrast to many other approaches you still own the comment and don’t need to load it from some third party. The only privacy concern is, that users need to contact the Staticman API for sending the form values. However, that seems to be rather harmless compared to what is the default out there… As it’s still a concern, you can always use any of the other options to send comments. I’ll keep listing them above the comment form. Thus, it’s up to the user what’s more convenient/important :)

If you’re curious, I’d be happy if you give it a try!

Migrating from sSMTP to msmtp

As I described earlier, I’ve been using sSMTP for email support in Docker containers. Unfortunately, sSMTP is not maintained anymore. Instead msmtp should be used. I put the migration off for as long as possible, but eventually implemented the change!

For legacy reasons I will leave my orginal articles about sSMTP untouched (I’ll just add a link to this page), and instead post this migration how-to.


Let’s assume we’ve been using the following sSMTP config in /etc/ssmtp/ssmtp.conf:


In addition, we somewhere needed to tell the system/software/module how to send mails. For example, for PHP it would be somthing like that in /usr/local/etc/php/conf.d/mail.ini:

[mail function]
sendmail_path = "/usr/sbin/ssmtp -t"


In that case you would need a msmtp configuration in /etc/msmtprc:

port 25
tls on

account default
auth off
host RELAY
from webserver@HOSTNAME
add_missing_date_header on

In addition, you need to tell the system/software/module send mails via /usr/bin/msmtp -t. For example, for PHP it would be somthing like that in /usr/local/etc/php/conf.d/mail.ini:

[mail function]
sendmail_path = "/usr/bin/msmtp -t"

Please note that msmtp is in /usr/bin not /usr/sbin !! ;-)

Supplemental Material

  • The paths mentioned above are target paths. Thus, if you’re using Docker it actually doesn’t matter where you store the files, but you need to mount them to those paths inside the container..
  • There are much more options for msmtp! You can also configure an actual mail account at Posteo or Google or wherever. I recommend checking its documentation and Arch’s Wiki.

Martin Scharm

stuff. just for the records.

Do you like this page?
You can actively support me!