Skip to content

Scanning and creating small PDFs using sane and ghostscript

I tend to try to avoid paper printouts. I have enough backups so scanned archives are enough. I made a few test on the best way to produce small PDF on the command line. I found the following bash functions to be the most effective:

function scan2pdf {
  cd ~/tmprm/scan
  [ "$FILE" == "" ] && read FILE
  [ -e "$FILE".pdf ] && return
  # scan A4 gray
  scanimage -l 0 -t 0 -x 215 -y 297 --mode Gray --resolution=300 > "$FILE".pnm
  # convert to ps because gs needs this import format
  pnmtops -dpi 300 "$FILE".pnm > "$FILE".ps
  # convert to PDF with decent /ebook quality setting
  gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/ebook -dNOPAUSE -dBATCH -sOutputFile="$FILE".pdf "$FILE".ps
  rm -f "$FILE".pnm "$FILE".ps

function scan2pdfs {
    cd ~/tmprm/scan
    [ "$ENDFILE" == "" ] && read ENDFILE
    for i in `seq --equal-width 999`; do
	echo "(d)one?"
	read NEXT
	[ "$NEXT" == "d" ] && break
	scan2pdf "$ENDFILE"$i
    gs -sDEVICE=pdfwrite -dNOPAUSE -dBATCH -sOutputFile="$ENDFILE".pdf -f "$ENDFILE"*.pdf"
    echo "OK? (CTRL-C)"
    read OK    
    rm -f $LIST

It can be used as follow:

scan2pdf thisfile

scan2pdf thisotherfile

scan2pdfs multiplefiles

It does all the work in ~/tmp/scan but that’s a personal convenience. With this, I get PDF that are smaller than 1MB – while other methods I tried before was producing 5/6MB files for the same content.

Update: now this is provided as general bashrc.d script. It’s included in the -utils package. Now the main command for multiple A4 pages PDF is no longer scan2pdfs but scan2pdf. Its behavior can be changed through variables SCAN2PDF_DIRECTORY (default = ~/tmprm/scan) and SCAN2PDF_DPI (default = 300).

Resetting Samba password and monitoring Wifi via a web interface

In my article Setting up a silent/low energy consumption home server (DHCP/DNS/SMB/UPnP) are featured two perl script to provide a web interface to reset Samba password and to monitor (allow or ban) connections on a wifi (hostapd).

It’s not sophisticated and I have no plans to make it so. It fits a simple purpose.

I added to my list of Debian -utils package so if you happen to use it, you should proceed as follow.

First, note somewhere the www-data MySQL password. You probably  don’t remember it. It was hardcoded. Get it typing:

grep "^my \$db_password " /srv/www/sysadmin/

Then update the package. Assuming you already got the -keyring package:

apt-get update

apt-get install stalag13-utils-websysadmin

Next, you put the www-data MySQL password in the fresh new conffile /etc/websysadminrc. It looks like:

# MySQL database password
db_password = HEREITGOES
# wifi setup
wlan = wlan1
wlan_deny = /etc/hostapd/hostapd.deny
wlan_conf = /etc/hostapd/hostapd.conf

Make sure this file is readable to and only to www-data:

chmod 600 /etc/websysadminrc

chown www-data /etc/websysadminrc

It should be working. You need to cleanup outdated files (that have been renamed since then):

rm -f /usr/local/bin/ /etc/cron.d/sysadmin

That’s all I can think of.

If you are not doing an upgrade but an install, the package -utils-nginx provide /etc/nginx/sites-available/fcgi as sample in order to set up Perl FastCGI.

Limit noise from hard disk using RAM (tmpfs) instead

I’m using a laptop, among other things, as alarm clock (included in my -utils general debian package). The hard disk of this laptop is not getting any younger and get noisy while there’s a decent amount of RAM available.

I toyed a bit in the past with ramdisk/tmpfs (the later having the benefit not to used a real fixed size but to adjust and unused memory free) and made tests to use tmpfs for /var/log. Since then, I did not use much this so-called transient log: it cannot be seriously used on a server where you want your logs not tampered with in any way – and especially there in case of failure; it does not make laptop or workstation very silent since there is still a large amount of file access that is in ~/.

In the case of my laptop part alarm clock, many ~/.directories and ~/.files are regularly read or wrote. So I finally changed the initial transient log init script into /etc/init.d/shush-toram that reads /etc/default/shush-toram to determines which directories to put into tmpfs, for instance /var/log and /home/alarmclockuser. bviously, you don’t want to put on tmpfs in directory that would use all or more of your actual RAM. There is also a /etc/cron.daily/shush-toram job that’ll daily update the data on the hard disk (just calling the init script with reload or restart).

Once the scripts in place, you just have to do:

invoke-rc.d shush-toram start      # start it
update-rc.d shush-toram defaults   # set autostart

Yeah, that’s sysv init scripts. It’s probably not necessary that I discuss the merits of systemd. I tried it and was happy to boot faster than usual. Then I found that making init scripts with it was annoying, counterproductive for me. Then I found that my /var/log directory contained a subdirectory journal of more than 800 Mo – that can be fixed by editing some conffile obviously, but it’s not working clean out of the box. It just does not suits me. It could, and will surely, improve. Still, it’s being made mandatory here and there while it’s still counterproductive and unpolished. I’ll continue to make script for sysv -that can actually be started outside of sysv- since I’m likely to try to avoid systemd as much as possible.

The shush-toram files are included in my -utils general debian package.

Off the list – The Pied Piper of MIT

Richard Matthew Stallman is a prolific writter and thinker. Mails he send these days start with:

[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden’s example. ]]]

Freedom matter a lot of him. So that makes sense.

But as the same time, RMS is an autocrat. He was in 2003 when he wrote:

I’d like people to understand that we are not still considering the question. It is a final decision to do this.

I will give a brief explanation. We cannot continue doing that because we have no one to maintain it properly.
This is maintained seriously. Therefore we will switch to This.

That was something he was never involved with, into he never spent a dime or a second. But as it relates to GNU, he thought he had the right not only to state his mind but to override any other opinion and ultimately decide. Because he thinks he’s right and know better, he thinks he can just have private talks with some parties and decides on his own. Well, This that he promoted turned into a proprietary software a few years later: he definitely should have know even better.

More than 12 years later, he’s still the same when he writes:

For now, please do NOT install this change.

I will talk with ThisDude about this, off the list, to find out more about the situation.

He still thinks himself entitled to make things go, begin or end. He still thinks he will find out what to do solely on his own after consulting people privately.

So although he values his freedom and values freedom in general, working with him, even in a very distant way, is just a matter of subordination. He’d make a credible science-fiction character: distopian guru, the Pied Piper of MIT.


Apt-get this /scratch (apt/steam cache, exim greylist, owncloud, tumblr daily post, etc)


I conveniently use, since more than 10 years, one debian package to distribute over different computers some scripts, notably all the ones published here and on github (except rawdog and pxe setup – but that could change). While it’s practical for me, it’s not for anyone else since the package content is overly random.

Someone using the apt/steam cache as described on this blog can easily end up with out-of-date scripts – unless he fetch updates from git directly.

I decided to split this big package into multiples and improve the conffiles so they are more or less zeroconf.

The result is:

  • -keyring: Keyring used to signed packages along with repository set-up
  • -utils-cache-apt: APT downloads cache setup
  • -utils-cache-steam: Steam downloads cache setup
  • -utils-cloud: Owncloud setup and apps
  • -utils-exim: Exim greylist, bogofilter and spamassassin setup
  • -utils-torrent: Manage transmission via NFS/Samba
  • -utils-tumblr: Automated image post on tumblr
  • -utils-webmail: Roundcube setup and plugins
  • and some others packages that these depends on.


The easiest way to get anything is to first install the keyring package and then directly apt-get:

  	# wget
	# dpkg -i stalag13-keyring.deb
	# apt-get update
	# apt-get install stalag13-...


Improving Qualys SSL server test results regarding Poodle attack and SHA1

Fancy being in the Qualys list of worst recent server tested for SSL? Got a T rating (A being the target)  mainly it’s due to the fact that I’m using self-signed certificates (no need to certify my authenticity toward myself), otherwise I’d get a C.

I fixed the following issues so now I get a A (ignoring self-signed):

It’s a good practice to get servers tested every now and then.

Update: for dovecot imap server edit /etc/dovecot/conf.d/10-ssl.conf and set

ssl_protocols = !SSLv2 !SSLv3

 For exim the relevant options should be added in your main conffile (depends on your setup, splitted or not, etc):

#openssl_options = +no_sslv2 +no_sslv3  # compiled with SSL
tls_require_ciphers = NORMAL:!VERS-SSL3.0

March 31th, Karen Sandler: “Financially the (GNOME) Foundation is in good shape”

I wanted to post his as a side note. But that’s a bit too much.

I dropped GNOME years ago. Back in the days when they dropped tons of cash on people creating shitty confusing companies like Eazel and HelixCode. I said Nautilus would never amount to anything and it never did. I said Miguel de Icaza was taking a very questionable path and he ended writing proprietary software. If it werent so sad, it would be kind of funny to see that nothing changed since then. Their Foundation is going more or less bankrupt while their financial reports shows that, for instance in 2012, they spent 1/4 of their resources to the pet project of their “executive director” Karen Sandler, some sexist bullshit called “Women’s Outreach” (I’m waiting for the “Black’s Outreach”, etc).

You don’t know who is Karen Sandler? Typical GNOME character. That’s just someone that never achieved anything related to computing but has been selected to be some sort of speaker nonetheless. I’m not saying only people that produced something that actually serve or served a purpose are entitled to speak. But to put people in position of “director”/whatever, at some point, there should be some knowledge, abilities, even just ideas, that makes the person stand out to be entitled to represent or lead the others.

So what could she speak of? About bad management?

More like, on “Announcing her departure, Karen said: “Working as the GNOME Foundation Executive Director has been one of the highlights of my career.” She also spoke of the achievements during her time as Executive Director: “I’ve helped to recruit two new advisory board members… and we have run the last three years in the black. We’ve held some successful funding campaigns, particularly around privacy. We have a mind-blowingly fantastic Board of Directors, and the Engagement team is doing amazing work. The GNOME.Asia team is strong, and we’ve got an influx of people, more so than I’ve seen in some time.”” 

Typical GNOME bullshit? Indeed: pompous titles, bragging, claiming. “Successful funding campaings”? Seriously? “Amazing work”. “Mind blowing”. It’s sad for the few GNOME developers that are worth it, because the main thing is a fucking joke.  It’s just empty words, no damn facts that matter that are even slightly true.

Not convinced? Too harsh maybe? Keep on reading. On her blog you’ll get her statement. The one quoted on

“I think I have made some important contributions to the project while I have been Executive Director. I’ve helped to recruit two new advisory board members, and we recently received a one time donation of considerable size (the donor did not want to be identified). Financially the Foundation is in good shape, and we have run the last three years in the black. We’ve held some successful funding campaigns, particularly around privacy and accessibility. We have a mind-blowingly fantastic Board of Directors, and the Engagement team is doing amazing work. The GNOME.Asia team is strong, and we’ve got an influx of people, more so than I’ve seen in some time.
I hope that I have helped us to get in touch with our values during my time as ED, and I think that GNOME is more aware of its guiding mission than ever before.”

Yes, you can skip the fact that she consider recruiting advisory board members as an achievement (!!!). It seems that she thinks that a Foundation should focus on itself and not on the project it is derived of, seems that she does not even for a second mention anything that the software project GNOME would benefit of directly. quoted her putting three dots and skipping “Financially the Foundation is in good shape”, and this just one week before we’re told they are definitely not.

She’s right one one thing though: now GNOME is definitely “more aware of its guiding mission than ever before”, since they are forced to cut on all unnessary expenses like the one she promoted.

I’m not sure to understand why someone smart as Bradley Kuhn recruited her at the Software Freedom Conservancy.


Get every new post delivered to your Inbox.