Just a short reminder to myself, but maybe helpful to others.
Lego Boost ist quasi ein "kleines Mindstorms", mit dem die Kinder ihre eigenen Maschinen bauen und programmieren können.
Doch leider hat Lego die Berechtigungsanfrage und das Firmware-Update in Boost-App für Android Version 1.9.7 offenbar versemmelt, aber ich habe eine zumindest für mich funktionierende Lösung gefunden.
Dell's newest Latitude 9420 comes with a 16:10 display and a integrated Webcam shutter (see below).
Soundcard and Touchscreen:
Download and install Linux Headers, Modules and Images of Kernel 5.13 from https://kernel.ubuntu.com/~kernel-ppa/mainline/
If, for some reason, certbot's --renew-hook argument is not an option, you can use systemd to automatically restart any service whenever a certificate is renewed.
You need two files:
[Unit] Description=Certbot service restarter After=network.target [Service] Type=oneshot ExecStartPre=/bin/sleep 10 ExecStart=/usr/bin/systemctl restart %i.service [Install] WantedBy=multi-user.target
[Path] PathModified=/etc/letsencrypt/live/ PathModified=/etc/letsencrypt/live/DOMAINNAME/ # Add one entry here for every certificate that should be monitored [Install] WantedBy=multi-user.target
After changing these files, execute systemctl daemon-reload to notify systemd of the changes. Now you can start a "restart trigger" for each service you want to:
$ sudo systemctl start firstname.lastname@example.org $ sudo systemctl start email@example.com
The "sleep 10" argument in ExecStartPre ensures that the restart is triggered only once even if multiple files where changed.
Since 2017 the people of knx.org developed a new software called ETS Inside that only costs 160 EUR and targets private users. It has less features, but should be sufficient for most family house installations.
Unfortunately, the client cannot be accessed with a regular web browser:
"it is not possible to access an ETS Inside server using an internet browser (e.g Firefox, Chrome, Internet Explorer, Edge, etc.). In order to protect the project data, the web service communication between the client and the server needs to be encrypted and this is only done when using the ETS Inside clients mentioned above."
This means that the body of every POST request to the web service and the response is encrypted. When analysing the traffic with a network monitor you'll notice that ETS Inside seems to use a symetric encryption with a static key, because the encrypted content will be the same for each identical request. This means the key must be somewhere in the client apps and it should be possible to extract it¹.
However, this is not neccessary, because we can just disable the encryption! Go to the installation directory of the ETS Inside Server, which should be "C:\Progam Files\ETS Inside\Server", and open the file "Web.config" with a text editor. Look for the line that defines the EncryptionModul:
<add name="EncryptionModule" type="Knx.Ets.Osprey.Iis.EncryptionModule, Knx.Ets.Osprey.Iis" />
and replace it with the following line:
<add name="EncryptionModule" type="Knx.Ets.Osprey.Iis.AspConcurrencyModule, Knx.Ets.Osprey.Iis" />
AspConcurrencyModule does nothing relevant to the transmission, so it's basically a transparent no-op and eventually disabled the encryption. You can now open the client in a regular browser using the system's IP and Port 8081, for example http://127.0.0.1:8081. I've tested it with Vivaldi, Chrome, Firefox and Edge, and it worked in every browser.
The downsite is that the dedicated app cannot be used anymore because it expects encrypted contents. But if you really require this to work in both, App and Browser, just download this file and save it as "Default.htm" into "C:\Progam Files\ETS Inside\Client". This file is preferred by IIS over "index.html" and will remove the cipher key that has been initialized by the App before loading the real "index.html". Additionally, this adds a nice progress bar while waiting for the libraries to be loaded.
¹) Of course this means that the traffic between client and server isn't really secured. HTTPS would have been a better choice, also this is hard to implement [de] for a non-public domain in a private network.