Help with Exchange Server security issue - 8125, K-JAM, P4300, MDA Vario ROM Development

Recently I hooked up my WM6 device to my company's Exchange server. A security protocol was automatically installed. One of the restrictions of this protocol is that you must enter a password (1) every time the device is restarted and (2) after 5hrs of non-usage.
Therefore, I can't use my PDA as an alarm clock any more. At the time I want an alarm, it starts up silently and waits for a password.
Is there a workaround that anyone can think of?

What version of Exchange? What endpoint security are they using?

ndoeberlein said:
What version of Exchange? What endpoint security are they using?
Click to expand...
Click to collapse
No idea and don't know. Is this something I can check from my PDA? If not, I'm unlikely to find out. It's a large corporation (not a 50 person small business).

You had a slim chance anyways, because it's all set up in your profile on the Exchange server. Your best bet is to talk to your IT dept. and see what they can do for you.
I know what you're trying to do is a viable functionality with the security they have set up, you just have to convince them to do it.
Good luck!

ndoeberlein said:
You had a slim chance anyways, because it's all set up in your profile on the Exchange server. Your best bet is to talk to your IT dept. and see what they can do for you.
I know what you're trying to do is a viable functionality with the security they have set up, you just have to convince them to do it.
Good luck!
Click to expand...
Click to collapse
i'm a net admin and administer our exchange 03 server with about 40 wm devices. i have not had a chance to see what the new features of 07 allow device security policy, but the standard ms windows mobile admin tools are pretty limited. i only use the administration tool to remotely kill devices or check sync times. there must be some kind of pretty complex endpoint security software that they are using. granted security should not be taken lightly, but do you work for the nsa, fbi, cia or a company that works for them? other than that, every 5 hours (waking up) seems like overkill. basically, damn that sux.
however, its incredibly not useful, but you could delete the exchange connection (it probably doesn't even allow you to do this) and then just check your email through oma or owa. maybe even pop3 if its open (doubtful). if you can't delete the connection, hard reset the device

Related

BlackBerry Connect OTA enterprise activation backup, passwords etc.

QUESTION 1
I've been flashing and reflashing ROMs for a couple of weeks now and am very impressed with Dutty's latest endeavor. In anticipation of the v4 release, I'm hoping someone in the community can tell me if it is possible to backup an over-the-air (OTA) enterprise activation of BB Connect. Currently I'm calling our technical support guys who, sooner than later I'm sure, will start asking why I have to have to get a new OTA activation password (which they change as soon as you use it) every 5-7 days.
So, in short: moving from one ROM to the next and want to back up OTA BBConnect enterprise activation. Possible? If so, how?
QUESTION 2
Any BES administrators out there willing to tell me if my Tilt/Kaiser shows up on the BES (v4) differently than a BlackBerry (like the POS 7280 I'm given by the company). If so, is there a way to "spoof" that since my company will not allow non-blackberry devices.
QUESTION 3
When using the stock AT&T ROM, my Tilt respects the (highly restrictive, Bluetooth disabling, password-enforcing, ridiculous) IT Policy pushed by the BES administrator. When I flashed to Dutty's DualTouch ROM v3 Final, this no longer happened. Now, it just reads "default" for the IT Policy. Is this a fluke or some wonderful reg entry that we need to identify and protect like diamonds?
Thanks, all.
Cheers,
Your Local Village Idiot
VillageIdiot said:
QUESTION 2
Any BES administrators out there willing to tell me if my Tilt/Kaiser shows up on the BES (v4) differently than a BlackBerry (like the POS 7280 I'm given by the company). If so, is there a way to "spoof" that since my company will not allow non-blackberry devices.
Click to expand...
Click to collapse
We run BES here and indeed non-blackberry devices are reported as the phone model when you look up the phones information.
This could probably easily be spoofed to whatever you like. If you hacked the blackberry connect application, or intercepted and modified the data passed over to BES. You could make it say anything you want at that point.
I'd get "in" with your IT guys and that way they can pull a favor for you now and then with the BES server. Other then that, have the company pay for a blackberry phone and carry two phones around, or refuse to carry a company phone and don't use your personal phone for company resources. If they're blocking your productivity by a poorly guided company policy, make it cost them money. Don't inconvenience yourself to keep your productivity as an employee on par.
Really though, it's not feasible to secretly go behind your employers back with your tilt. I think it's ridiculous a company wouldn't let you use your Tilt -- though probably because the corporation is uneducated or ignorant to the fact that the Tilt can be locked down just as well as a blackberry phone. Too bad the employer has a bunch of pointy haired management types running around who don't know what they're doing and out of ignorance banned non-BB devices.
Jon,
Thank you for your prompt reply and clarification on what shows up at the BES. Hacking the BB connect app is beyond my current knowledge set, but I may look into it if I'm unable to find a simpler solution.
Unfortunately, my company has several thousand employees so my productivity concerns are far outweighed by their misinformed security concerns. I've pitched the benefits of BB connect, WM5/6 devices and direct-push Exchange sync, but my pitch falls on deaf ears. They have provided me a BB 7280 and some get newer 8XXX devices, but beyond that we're expected to be happy with what we have. I'm even buying a non-camera Tilt to replace my two week old Tilt because they won't allow personal camera phones (all BB connect issues aside). You'd think I work for MI-6...
Cheers,
T.V.I.
VillageIdiot said:
QUESTION 1
I've been flashing and reflashing ROMs for a couple of weeks now and am very impressed with Dutty's latest endeavor. In anticipation of the v4 release, I'm hoping someone in the community can tell me if it is possible to backup an over-the-air (OTA) enterprise activation of BB Connect. Currently I'm calling our technical support guys who, sooner than later I'm sure, will start asking why I have to have to get a new OTA activation password (which they change as soon as you use it) every 5-7 days.
im soooo it this situation, any ideas?
Click to expand...
Click to collapse
Here's how you do it
you could use the desktop software instead of OTA. this will activate the phone without requiring you to get a new activation code.
Here's how I back up and restore. This has worked often, and not worked a few times.
Try to follow this exactly for best results.
get task manager v2.7 from fdcsoft
tap the blackberry icon on the taskbar and suspend the service under status
start taskmanager, and go to services. stop the two blackberry services, log and security.
open file explorer, and copy the directory RIM in /application data to your storage card
flash your phone with whatever-
copy the RIM folder back to /application data from your storage card
load blackberry connect (this should be the same version you had, otherwise you may have issues)
tap the blackberry icon in settings-system
instead of installing, you should see a window that says "repairing settings"
your old password should be restored, and the phone will lock and ask you to unlock. use your password you had before the backup.
all of your folders and mail should be back.
This works about 90% of the time.
some issues I've had-
multiple blackberry folders- one with emails, one with nothing.
folders missing, a bunch of email in drafts folder.
older messages no longer sync with desktop
good luck!

Can you spoof the device ID?

I was wondering if you can spoof the device id on android devices....
A firewall is blocking all devices except for BlackBerry devices. I want to spoof my device ID to appear as a BlackBerry so I can access the exchange server remotely.
If there is no way to spoof does anyone know of any different workarounds?
Please help!!!
jdlumley said:
I was wondering if you can spoof the device id on android devices....
A firewall is blocking all devices except for BlackBerry devices. I want to spoof my device ID to appear as a BlackBerry so I can access the exchange server remotely.
If there is no way to spoof does anyone know of any different workarounds?
Please help!!!
Click to expand...
Click to collapse
There is an exchange server that is blocking all devices besides Blackberries? Never heard of one like that. What happens when you try to set up the account using HTC Mail?
It is already setup with HTC mail. It works when i'm on my work wifi because i'm already past the firewall that is blocking devices from the exchange server. When I try to access remotely, I get denied. It works fine with all blackberries. I know this because I tried with a blackberry and it worked fine. They only allow blackberries because that is he only kind of device they issue.
bump - someone help me on this please.....
Flipz?
It works with blackberries because BB uses BIS an email server that is proprietary to BB, and it bypasses your company's exchange server.. Unless you are set up for a BES exchange server, which is an additional monthly fee, and if that is the case, there is no way to make an HTC device connect to BES because it is a BB service..
Also, as of yesterday, any cellular "spoofing", be it caller id or anything else, is now a federal offense.
jdlumley said:
Flipz?
Click to expand...
Click to collapse
Really?
tooshort
azyouthinkeyeiz said:
It works with blackberries because BB uses BIS an email server that is proprietary to BB, and it bypasses your company's exchange server.. Unless you are set up for a BES exchange server, which is an additional monthly fee, and if that is the case, there is no way to make an HTC device connect to BES because it is a BB service..
Also, as of yesterday, any cellular "spoofing", be it caller id or anything else, is now a federal offense.
Click to expand...
Click to collapse
Thanks for the info but we use BES which then connects to the exchange server. The only reason it works is because the firewall allows BB device IDs. If I could spoof to appear to be a BBC I would be fine.
Also regarding your statement about spoofing, the bill is specific to spoofing caller ID and not specific to cell phones. Also, isn't law yet; requires further approval.
jdlumley said:
The only reason it works is because the firewall allows BB device IDs.
Click to expand...
Click to collapse
There is no such thing..
The blackberry connects to BES by your BB PIN... If you don't have a BB.. There is no way to "spoof".
The phone would have to be registered by BB on their server as a BB device by the PIN, which there is no way to "spoof" unless you find some way to hack into RIM.. Good luck with that approach.
Also, regarding your statement about the "Truth in Caller ID Act of 2010" which was passed by *CONGRESS* and immediately ratified, does not require any further approval. And is now effectively a law..
It also does not have any clarification between "spoofing" and "spoofing caller id".. The only clarification is that any attempt to "spoof" the originating call location. (I.e. phone number or location, and the only exception to that is you are still allowed to block that information. "Spoofing would lead the call receiver, in this case BB, to not have accurate call originating information, which in turn, is spoofing and a federal offense....
azyouthinkeyeiz said:
There is no such thing..
The blackberry connects to BES by your BB PIN... If you don't have a BB.. There is no way to "spoof".
The phone would have to be registered by BB on their server as a BB device by the PIN, which there is no way to "spoof" unless you find some way to hack into RIM.. Good luck with that approach.
Also, regarding your statement about the "Truth in Caller ID Act of 2010" which was passed by *CONGRESS* and immediately ratified, does not require any further approval. And is now effectively a law..
It also does not have any clarification between "spoofing" and "spoofing caller id".. The only clarification is that any attempt to "spoof" the originating call location. (I.e. phone number or location, and the only exception to that is you are still allowed to block that information. "Spoofing would lead the call receiver, in this case BB, to not have accurate call originating information, which in turn, is spoofing and a federal offense....
Click to expand...
Click to collapse
First off, you obviously don't know much about Exchange and the way ANY device interacts with it. BES is esentially a tunnel to get you from your BB to the exchange server. The BES still needs to get through the firewall to get to the exchange server. The firewall can be configured in many different ways. The most common are A) allow the entire BES access or B) allow specific device IDs access. Are you starting to understand?
Secondly, you're a f*cking idiot. Congress is not the final approver of this bill. Obama has not signed off on it, which means it is not law yet. And it is specific to Caller ID. If you had even processed the title of the bill correctly in your peanut-sized brain, you would know this. Please check your facts before you post and make yourself look like a douchebag.
http://news.yahoo.com/s/ytech_wguy/20100415/tc_ytech_wguy/ytech_wguy_tc1637
Now if there are any devs out there that can shed some light on where the device ID is stored or even how to spoof it, please respond!
Not worth it...
PS.. Take a guess as to what your "DEVICE ID" is..
Wow.... I already know what my device ID is. I asked how to change or spoof it.
My device ID is: HTCAnd444430*
Ya know.... they should really make you pass a test to be able to post on forums. Then I would have to deal with idiots like azyouthinkeyeiz.
Um....wouldn't common sense dictate that any sort of spoofing be ethically challenging? Well I would like to think that some things are just better not left to chance. I am not trying to be all goody goody and claim I don't do anything that isn't entirely lawful......but with how nutty the FCC can be, trying to spoof your device ID is akin to MAC spoofing to bypass security measures even if it is not for malicious intent. It can't and won't end well.
Just my two cents....
Off topic... but I wonder what that bill means, if anything, for those of us using Google Voice configured to display our GV number instead of our 'real' number.
Although not the answer you are looking for, you can do this using Nitro Touchdown Exchange.
Sent from my HERO200 using the XDA mobile application powered by Tapatalk
Ok. The question was not what your device id is, its a question of what your device id should be, which is a bb pin. (*which might I add since you keep saying Device ID, has no relevance to anything in your HTC HERO Phone, it is just a entry field label on BES for entering your BB PIN #)
Good luck trying to get it to work. Lol.. You're trying to tell a Network Admin and Sprint Tech (me) that I know nothing of, something I use everyday...
Now that I am at work not on my phone... You can use your HTC Device ID all you want.. But it means nothing.. Obviously, since it doesn't work as of now, does it? You need to have the BB "device ID" , which is if you had any sense to you at all, very apparent, as I've told you a thousand times already that it is the BB PIN.. Those are on a whitelist and to access BES your device has to be on that list, and activated through a carrier, with the attached SOC code for the BES plan..
You can access from your work, not because it passes some *firewall*, but because it bypasses BES because you are logging directly into the Exchange Server, through the local network, and that is nothing new, any business with BES is set up exactly the same.. To access your Exchange Server from home, your company uses the BES Gateway, and to use that, you have to have access to BES. And without the SOC code from your service, a BB PIN registered on the Blackberry Network, and the correct settings for your exchange server, you cannot access your email.
So next time, before you start throwing insults and acting like you know anything, at least have the key terms down... Just because the IT guy at work threw some terms around at you, doesn't mean you know anything..
You ask for help with something you obviously know nothing about, and then act like you have answers. And two people even told you, that whatever you think you are dealing with, they have never heard of before.. (a firewall that blocks anything but blackberries??? I mean really?)
You sir are an incompetent clown.
*edit.. I have also been looking all morning for anything that would even suggest that you have any idea of what you are talking about, and there are 4 HTC WinMO devices(TOUCH's and the TYTNII) that you can download a program that allows access for those specific HTC models.. Nothing else..
Ok, lets stop the name calling.
To the OP: Am I correct in assuming you've asked the Exchange Admins to add the Hero device ID and they denied the request? If so, then don't mind me. It seemed like the logical first step.
I haven't read the bill which passed (yet) but I will... Just a few notes.
The Bill has passed both Senate and House versions, it is NOT law yet, but probably will be soon. I see some issues though with the terms being somewhat Vague. Yes, it will be nice that telemarketers and such will no longer being able to hide, but INTENT is a big glaring need which has to be addressed. I mean, come on... There are PERFECTLY legitimate reasons for not wanting to give your number to someone or to give the impression you are calling from a number, i.e., masking your location.
(Honey, I'm at my friend John's house playing cards, be home late tonight)... Lmao...
To make this type of instance a Federal Crime is just "out of this world ridiculous". Big Brother on Steroids... Or what one Judge said recently, that "those who seek anonymity are only doing so for Illegal purposes". NOT!!!... So I wonder then is Ghost writers can be arrested and pseudonyms result in a 10 year stint... Come on... What next? E-mails must be your name? How about that Federal Registry/I.D. #, hell, why don't we just use our Social Security number for everything??? Forget Credit cards, bank accounts, etc...
But anyway, welcome to the New U.S. of A... where all you get to do is breathe without it being tracked, watched, cataloged, traced, recorded, stored, etc., all without your knowledge, permission or ability to resist.
Who was it that said: "Just because I'm paranoid - doesn't mean they aren't watching me!"...
azyouthinkeyeiz said:
Ok. The question was not what your device id is, its a question of what your device id should be, which is a bb pin. (*which might I add since you keep saying Device ID, has no relevance to anything in your HTC HERO Phone, it is just a entry field label on BES for entering your BB PIN #)
Good luck trying to get it to work. Lol.. You're trying to tell a Network Admin and Sprint Tech (me) that I know nothing of, something I use everyday...
Now that I am at work not on my phone... You can use your HTC Device ID all you want.. But it means nothing.. Obviously, since it doesn't work as of now, does it? You need to have the BB "device ID" , which is if you had any sense to you at all, very apparent, as I've told you a thousand times already that it is the BB PIN.. Those are on a whitelist and to access BES your device has to be on that list, and activated through a carrier, with the attached SOC code for the BES plan..
You can access from your work, not because it passes some *firewall*, but because it bypasses BES because you are logging directly into the Exchange Server, through the local network, and that is nothing new, any business with BES is set up exactly the same.. To access your Exchange Server from home, your company uses the BES Gateway, and to use that, you have to have access to BES. And without the SOC code from your service, a BB PIN registered on the Blackberry Network, and the correct settings for your exchange server, you cannot access your email.
So next time, before you start throwing insults and acting like you know anything, at least have the key terms down... Just because the IT guy at work threw some terms around at you, doesn't mean you know anything..
You ask for help with something you obviously know nothing about, and then act like you have answers. And two people even told you, that whatever you think you are dealing with, they have never heard of before.. (a firewall that blocks anything but blackberries??? I mean really?)
You sir are an incompetent clown.
*edit.. I have also been looking all morning for anything that would even suggest that you have any idea of what you are talking about, and there are 4 HTC WinMO devices(TOUCH's and the TYTNII) that you can download a program that allows access for those specific HTC models.. Nothing else..
Click to expand...
Click to collapse
You obviously do not know squat about exchange servers, corporate networks, etc... if you have not heard of ISA. ISA is a popular firewall, which my company uses with the exchange server. ISA can and is configured to manage access to certain phone models based off Device ID. All of the allowed devices IDs are BlackBerry IDs. I know for a fact my problem has nothing to do with BlackBerries using a BES. Remember, I have access on wifi, just not remotely and my friends on the exchange team confirmed this for me.
I work in IT but do not manage the exchange/ISA servers. Even if I did, our environment would require a change control for a change like this. We have asked to have our device IDs added to access the exchange server but the change committee has not decided yet if they will grant it. Again you would know nothing about these things as you are a Sprint techie.
I'm not on these boards with the intention of being rude and name calling as you are. I am sorry I lowered my standards and insulted you; I just can't stand ignorant people that think they know everything when really most everything they say/type is false. I simply created this topic in search of a way to change my device ID. I do not care if it is unlawful, wrong, yadda, yadda, yadda. If you or anyone else that reads this knows how to do this, please respond.
To the fellow that suggested Nitro Touchdown. I tried this software but it only allows you to spoof your client agent ID. ISA is configured by Device ID. Thanks for the suggestion but no luck there.
I never said I had never heard of ISA.. I said there's not a firewall that only blocks non-blackberries.. You can block whatever you want with firewalls, its not a feature that it blocks blackberries..
I am telling you the answer, even with ISA, the problem you are having is, the option on the admin side of ISA, is to allow all devices, to allow all devices from BES, or to allow user privileges. There is no button for blackberry/HTC/Apple.. You cannot access the server because you cannot pass through BES without a PIN..
I did no name calling, read back, you stooped there yourself pretty harshly, and I am still helping you... [mirror]
LISTEN- You can connect on your work's wifi, because it is directly accessing the server from an IP on the LOCAL NETWORK.. When you connect to the server on your phone through the mobile network, you are accessing from the PUBLIC DOMAIN.. Which from your explanations, indicates that they allow access only through BES... Since "it only allows blackberries"...
Changing your device ID (if even possible) is going to create more problems than it solves. You basically have 2 options for the device ID:
1 - Change the stored device ID in the handset. This will break all kinds of functionality as every single call the OS makes to getDeviceID() will return an invalid value. My guess is that no applications are coded to respond correctly to a BB device.
2 - Only use a different device ID in the email software. This would require you to write a custom application to get Exchange support.
If you can connect with a desktop PC via VPN, you might want to take a look at RoadSync -- it provides Exchange access over VPN via a proxy server. I believe the current version only has support through 1.6, so if you're running 2.1 you may have to roll back your rom to install it.

Exchange wants to have 7 instead 4 digits for login

Hi
View days ago I got my brand new surface! A great device and I am absoultely happy with this. Except one thing: If I try to integrate an exchange account into the mail app I got the message that the tablet cannot fullfill the security features as requested from the exchange server. Meanwhile I have the feeling its because the 7 digits the exchange wants to have for the login. Surface (or windows 8 RT?) is supporting 4 digits only as I found out.
All in all it must be a joke! My windows phone accepts the rules from the exchange without any problem, and my android tablet as well.
I there already a workaround for that issue, or someone with the same issue on planet earth?-)
Thanks and best regards
Bruno
bootlicker said:
Hi
View days ago I got my brand new surface! A great device and I am absoultely happy with this. Except one thing: If I try to integrate an exchange account into the mail app I got the message that the tablet cannot fullfill the security features as requested from the exchange server. Meanwhile I have the feeling its because the 7 digits the exchange wants to have for the login. Surface (or windows 8 RT?) is supporting 4 digits only as I found out.
All in all it must be a joke! My windows phone accepts the rules from the exchange without any problem, and my android tablet as well.
I there already a workaround for that issue, or someone with the same issue on planet earth?-)
Thanks and best regards
Bruno
Click to expand...
Click to collapse
I am surprised that your Surface only supports 4 digits. My Windows RT (an Asus VivoTab RT) is completely happy with my rather long and complex password.
Maybe you could try the following:
Remove the PIN (in the user control panel)
Lock your computer and use your password to log on again
Connect to your Exchange server and let the policies be installed
Renable the PIN if you really, really must.
Hope this helps,
Stephen
sermann said:
I am surprised that your Surface only supports 4 digits. My Windows RT (an Asus VivoTab RT) is completely happy with my rather long and complex password.
Maybe you could try the following:
Remove the PIN (in the user control panel)
Lock your computer and use your password to log on again
Connect to your Exchange server and let the policies be installed
Renable the PIN if you really, really must.
Hope this helps,
Stephen
Click to expand...
Click to collapse
thanks, but it doesn´t work, because Exchange wants to have 7 digit pin. It drives me crazy....

[Q] WPA-Enterprise Configuration

Hi
Does anyone know how to import the wireless authentication certificate from Win7 (for a WPA-Enterprise Wifi Nework - most corporate wifi networks), and install it on Android ?
Use case: I have a laptop that connects to my work wifi using a stored certificate and would like my phone to connect to the corporate wifi as well.
Also, the company does not 'officially' support Android phones. Only BB and iPhone allowed.
imarvind said:
Hi
Does anyone know how to import the wireless authentication certificate from Win7 (for a WPA-Enterprise Wifi Nework - most corporate wifi networks), and install it on Android ?
Use case: I have a laptop that connects to my work wifi using a stored certificate and would like my phone to connect to the corporate wifi as well.
Also, the company does not 'officially' support Android phones. Only BB and iPhone allowed.
Click to expand...
Click to collapse
Your IT let you connect BB and Iphones on the Corporate Network?
Look, as an IT administrator I'm going to say this... if your IT department wanted you to connect your Android device to the corporate network, they would provision it for you. If they are not provisioning it for you, you're probably breaking company policy. Even if it were possible, there's no way I'd help you do this.
rootSU said:
Your IT let you connect BB and Iphones on the Corporate Network?
Look, as an IT administrator I'm going to say this... if your IT department wanted you to connect your Android device to the corporate network, they would provision it for you. If they are not provisioning it for you, you're probably breaking company policy. Even if it were possible, there's no way I'd help you do this.
Click to expand...
Click to collapse
I see. Well that's like saying - 'If Samsung wanted you to have KitKat on their older models, they'd provision it for you. I will not help you install kangs'.
Thanks anyway. I'll look elsewhere
imarvind said:
I see. Well that's like saying - 'If Samsung wanted you to have KitKat on their older models, they'd provision it for you. I will not help you install kangs'.
Click to expand...
Click to collapse
Not really, no. Installing a Kang is not affecting someone's corporate network, putting it at risk and putting your job at risk and potentially causing massive problems for your IT department.
It's more akin to saying "My company doesn't want me to have a corporate credit card. They've given me the numbers for online purchases but I want to use it in a physical shop. Can you help me print the details to a blank card"
anyway, I said "even if it was possible", meaning in other words "it's not possible"
rootSU said:
Not really, no. Installing a Kang is not affecting someone's corporate network, putting it at risk and putting your job at risk and potentially causing massive problems for your IT department.
It's more akin to saying "My company doesn't want me to have a corporate credit card. They've given me the numbers for online purchases but I want to use it in a physical shop. Can you help me print the details to a blank card"
anyway, I said "even if it was possible", meaning in other words "it's not possible"
Click to expand...
Click to collapse
I full quote.
Anyway, on serious networks the are always port-security enabled and several checks at access and distributions layers. Say that, @imarvind, even if you can import your certificate, this is does not mean that you can reach connectivity

Free your data: running your own server (post under construction :)

So you want to run your own server, eh? Whether you want to free yourself from data mining, commercialising, monetising, greedy be-tied-and-suited media moguls or from the spiritual successors of J. Edgar Hoover and Yuri Andropov does not matter. You want your data to be just that, *your* data. While this might seem extreme to some the idea is actually not far fetched, nor is it impossible to realise. After all, the 'net and the web were conceived as a decentralised network of services. This model, while good in allowing diversity and freedom, is less than ideal from a profitability standpoint so you should not expect those who stand to profit from hoarding your data to lend a helping hand here You're on your own here.
Well, not really on your own of course as there is a metric ton of information on this subject to be found on the 'net. Everything from how to turn that old laptop into a server through using single-board computers as servers through re-purposing whatever you happened to find dumpster-diving. Suffice to say that you need hardware, software and a network connection. A separate router, preferably one under your own control, running known software (OpenWRT, DD-WRT, Tomato, etc) on stable and not to anemic hardware so it can be used to run a VPN to your phone. You'll want your own domain name as well, either one from the free services which are (still) around or something more 'personal'.
Network connection and domain
Here you often don't have that much choice. If possible, choose a wired connection over a wireless one, both for the higher reliability as well as the usually more acceptable use policies and the fact that wireless connections often change IP address. Choose a connection without a traffic cap over one which has one. Choose the connection with the highest upload rate, even if this means settling on a lower download rate - servers send traffic up the net after all.
There are many ways to get a domain name. You can buy one, of course. For a personal server this might be overkill, but the choice is yours. One advantage of having your own domain is that it enables you to keep your mail/jabber/web/whatever addresses no matter what happens (as long as you pay the registrar, of course). You're totally free here as you can simply point your domain elsewhere if you happen to move to another ISP (and/or country...). Cheaper - as in 'free' - is to use one of the many free dynamic DNS services. As long as you have an address to feed your phone and other devices which will make use of your server you're fine.
Router
Best here is to use a router which is fully under your own control. While some ISP routers might be marginally usable, these devices are often at the whim of the ISP as they can be remotely controlled and configured. This is not what you want for your network, so just use the thing in bridge mode if possible, otherwise forward all traffic to your own router. With one of the free and open router firmwares on a reliable device you can do interesting things, ranging from port knocking on the router to VPN tunnels to your mobile devices.
Hardware, storage
Power consumption. heat- and noise production are of more importance than raw power here. There should be enough memory to keep the thing from paging (or 'swapping') on the intended work load on the chosen OS. The same goes for storage: If it fits in the box, fine. If it does not (external drives on laptops, Raspberries, etc) make sure the whole contraption is stable so you don't get any sudden 'disconnects'. For a personal server, power consumption, noise and heat production (which directly relates to reliability) are - again - more important than raw performance.
OS
Any 'unix' of choice is fine here. Linux, *BSD, doesn't matter. Even MacOS would do. Windows, not so much. It is not impossible to use Windows but it is more of a hassle given that a lot of the software is tailored to a unix environment. If you really insist on running Windows, at least make sure it is patched up to the hilt and that all - and that means all - unnecessary services have been switched off.
Software
This is the interesting bit, and the reason why this message is here in the first place. On one of the forum threads here someone was surprised by the fact that I don't run any of the Google apps on my devices, wondering how I got by without Google Play, GMail, contacts and calendar sync etc. Part of the answer to that question involves running your own server, part is covered by using alternatives for the Google-provided apps and services. I would have put this all in a table but it seems this silly forum does not support those...
Commercial service: Alternative (Remarks)
Google Play: F-Droid (The F-Droid store only contains free software. It does not provide a full alternative to the Play Store. If you really want to run the Play Store but still have a notion of privacy on your device, consider enabling Google Services only when required, disabling them afterwards. You can also designate one device as the one which gets to run the Play Store and side-load apps from this device to all others. Theoretically this should be possible using an emulator on your server as well, automating the whole process and creating a 'playstore by proxy'. I have not tried this.)
GMail: IMAP to your own server, eg the Debian standard dovecot daemon. K9 or the standard Android email client on your device.
Contacts: CardDav to your own server (service is provided by ownCloud, amongst others), DAVdroid on your phone or tablet.
Calendar: CalDav to your own server (service is provided by ownCloud, amongst others), DAVdroid on your phone or tablet.
Cloud storage (Dropbox, Google Drive, etc): WebDav to your own server (service is provided by ownCloud, amongst others), one of the many webdav clients on your phone. There is a specific ownCloud app as well.
Photo sharing (Flickr, Smugmug, etc): Trovebox to your own server, Trovebox app on phone
Streaming service (Spotify, Google Music, etc): subsonic on your own server, dSub or Subsonic app on phone (there is a rudimentary streaming service in ownCloud as well, based on Ampache)
More will follow...
If you get in the game on time you might be able to join the Reset the Net initiative!
Reserved #2
This position is reserved for a more thorough list of services
Reserved #3
This position is reserved for a more thorough list of services
YetAnotherForumUser said:
Commercial service: Alternative (Remarks)
Google Play: F-Droid (The F-Droid store only contains free software. It does not provide a full alternative to the Play Store. If you really want to run the Play Store but still have a notion of privacy on your device, consider enabling Google Services only when required, disabling them afterwards. You can also designate one device as the one which gets to run the Play Store and side-load apps from this device to all others. Theoretically this should be possible using an emulator on your server as well, automating the whole process and creating a 'playstore by proxy'. I have not tried this.)
GMail: IMAP to your own server, eg the Debian standard dovecot daemon. K9 or the standard Android email client on your device.
Contacts: CardDav to your own server (service is provided by ownCloud, amongst others), DAVdroid on your phone or tablet.
Calendar: CalDav to your own server (service is provided by ownCloud, amongst others), DAVdroid on your phone or tablet.
Cloud storage (Dropbox, Google Drive, etc): WebDav to your own server (service is provided by ownCloud, amongst others), one of the many webdav clients on your phone. There is a specific ownCloud app as well.
Photo sharing (Flickr, Smugmug, etc): Trovebox to your own server, Trovebox app on phone
Streaming service (Spotify, Google Music, etc): subsonic on your own server, dSub or Subsonic app on phone (there is a rudimentary streaming service in ownCloud as well, based on Ampache)
More will follow...
More later, no time now,
Click to expand...
Click to collapse
This is an interesting topic mainly because android has the potential to become non dependant of google services and I would be nice to keep personal data really personal.
Also there is a No Gapps project here in xda that is quite interesting.
YetAnotherForumUser said:
Router
Best here is to use a router which is fully under your own control. While some ISP routers might be marginally usable, these devices are often at the whim of the ISP as they can be remotely controlled and configured. This is not what you want for your network, so just use the thing in bridge mode if possible, otherwise forward all traffic to your own router. With one of the free and open router firmwares on a reliable device you can do interesting things, ranging from port knocking on the router to VPN tunnels to your mobile devices.
Click to expand...
Click to collapse
This reminded me of something that happened in my dad's office recently:
http://arstechnica.com/civis/viewtopic.php?f=10&t=1209257
The ISP guys configured it that way because dad wanted to run a webserver on one system, the one directly connected to the modem on bridged mode. They apparently didn't think it was necessary to also add a router betweenthe modem and the network of computers :/
Lessons:
1. Don't trust anything the ISP guys do
2. Always us a standalone router or firewall
3. Don't use XP. Seriously.
TJKV said:
This reminded me of something that happened in my dad's office recently:
http://arstechnica.com/civis/viewtopic.php?f=10&t=1209257
The ISP guys configured it that way because dad wanted to run a webserver on one system, the one directly connected to the modem on bridged mode. They apparently didn't think it was necessary to also add a router betweenthe modem and the network of computers :/
Lessons:
1. Don't trust anything the ISP guys do
2. Always us a standalone router or firewall
3. Don't use XP. Seriously.
Click to expand...
Click to collapse
I can recommend something like this. They come with web-face, but you need have atleast base knowledge of how network things work.
slph said:
I can recommend something like this. They come with web-face, but you need have atleast base knowledge of how network things work.
Click to expand...
Click to collapse
Nah when I realised what the ISP guys had done I bought a D-Link 2750U and set it up properly in NAT mode
Wifi also works now since it isn't bridged to a computer anymore

Categories

Resources