In the spirit of this Finnish IT retailer listing most returned products, for once, this is not really an howto. The easiest solution I found was to return it. The contrast and luminosity is impossible to set. It changes over reboot, it changes over operating system. And even set to get high contrast, black is never black, despite Iiyama claiming that “it is also possible to adjust the brightness and the dark shades with the Black Tuner, giving greater viewing performance in shadowed areas”. I replaced it with a SyncMaster S24D340H and had none of these problems.
Using a package out of date since more 2 years ago does not sound like a success story but that is the only way so far I found to get suspend/resume to work without systemd within KDE5 without headaches. pm-suspend and pm-hibernate, on the command line, work perfectly though.
Why? Because Powerdevil, KDE’s power management tool, use upower which itself deprecated pm-utils support in favor of systemd. So, no matter whether your hardware can actually suspend and hibernate, no matter if the kernel, GNU/Linux itself, can handle, upower won’t.
When calling upower -d, it should output something with can-suspend and can-hibernate. Since they dropped support for pm-utils, it won’t if you don’t use systemd . It’ll behave as if it knew what it was doing except it does not.
I filled a bug report and this one was discarded very fast. Martin Gräßlin immediately marked it as RESOLVED DOWNSTREAM with the comment “This works fine on Debian testing. Please get in contact with your distribution to figure out why this broke in your Debian fork. You might consider of course to install systemd”. You get the idea. Thanks to Michael Palimaka, I got confirmation that it was tied to upower version (which I guessed beforehand because of several related messages by some Ubuntu or else users – hence the mention “with upower 0.99.3 and Devuan” in my report title) and he listed working solutions: using systemd; using ConsoleKit2; using upower <=0.9.23.
Using systemd to fix a problem caused by an attempt not to use systemd? Not an option. Using ConsoleKit2? Except I have no knowledge of ConsoleKit2 being packaged yet, neither do I know which release of upower actually got ConsoleKit2 support.
So I went for the third option, the lamest obviously, that is installing obsolete, unsupported software, and put in on hold. It can be done as follow:
echo "deb http://ftp.debian.org/debian wheezy main" > /etc/apt/sources.list.d/oldstable.list apt-get update apt-get -t wheezy install libgnutls26 libgcrypt11 libtasn1-3 libusbmuxd1 libimobiledevice2 upower libupower-glib libplist1 echo "upower hold" | dpkg --set-selections
Then a call to upower -d gives:
Daemon: daemon-version: 0.9.17 can-suspend: no can-hibernate no on-battery: no on-low-battery: no lid-is-closed: no lid-is-present: no is-docked: no
It is better but still no good. As root it’ll work, though. You need to add some PolicyKit rule to allow regular users to use it. The following assumes that powerdev group exists and that your regular users are in this group (if they are not, add them with adduser thisuser powerdev):
echo "[Suspend power group override] Identity=unix-group:powerdev Action=org.freedesktop.upower.suspend ResultAny=yes ResultInactive=yes ResultActive=yes [Hibernate power group override] Identity=unix-group:powerdev Action=org.freedesktop.upower.hibernate ResultAny=yes ResultInactive=yes ResultActive=yes" > /etc/polkit-1/localauthority/50-local.d/power-group.suspend-override.pkla
Now, if done properly, upower -d returns:
Daemon: daemon-version: 0.9.17 can-suspend: yes can-hibernate yes on-battery: no on-low-battery: no lid-is-closed: no lid-is-present: no is-docked: no
Logout and login should be enough to have back suspend and hibernate within KDE5.
So this works. For now. But there is no doubt, this is wrong in so many ways. I wonder for how long it will be possible to run a modern desktop environment on GNU/Linux, and not on systemd/whatever.
In some cases, Samba garble file names, as backward compatibility with old Microsoft Windows system that cannot handle long filenames or filenames with specific characters. It would then be shown with the form
(If you don’t need backward compatibility with Microsoft Windows system from another era), you can switch off this mecanism:
In /etc/samba/smb.conf, in [Global], add:
mangle case = no mangled names = no
Then simply restart Samba (invoke-rc.d samba restart).
I updated my qrename.pl script (add a prefix like CCC5—$file in front until it reaches WWW) so it’ll extract description/comment with Image::ExifTool and add it as suffix, if started with –description option.
I started using GnuPG in 2002. I dont usually do stuff that requires heavy privacy so I dont care much for it. From time to time, I just encrypt some useless crap so if anyday I had serious stuff to encrypt it would not look obviously suspicious.
Things is most of the people I communicate with are not using GnuPG and are probably not about to.
There is also an obvious issue with GnuPG is how to share key among computers/clients. How to decrypt messages with your phone or webmail? Copy the private key everywhere? It might just be worse than having no security at all.
I dont use GnuPG much, especially since I created my key in 2002 and don’t even know how secure this key is still now. I need it nonetheless to sign stuff like packages. Confronted to the problem of having to copy the key by hand on one more laptop, I considered dropping my current set and, inspired by this example of primary key/subkeys model and debian’s one, to have a primary key secure somewhere and give a short-lived subkey per device.
But, it fixes not much of GnuPG problems, and implies lot of annoying not automated work, not satisfying. And anyway, if en/decrypt can only work for one subkey. So one subkey per device is not really working.
To make the process less painy, on a box being made from time to time available over network, I did as follow:
I created a primary key running
gpg --expert --gen-key (cannot sign, cannot encrypt) with 4y expiry. (more entropy with
rngd -r /dev/urandom).
I added with
trust save the relevant additional addresses running
gpg --expert --edit-key myemail
I created a sign and a encrypt subkey with no expiry (considering that they ll be revoked on the fly from the primary whenever it make sense).
I made up gpg-grabsub.sh that prompt for the hostname of the box hosting the keyring, will import the ring and remove the primary key from it, leaving just the necessary keys to sign and encrypt.
This script could probably be used in a chain (box secured from the net -> script run on gate server -> script run on a end client). It requires further testing.
Using ssh-updatekeys, you can set up and maintain ~/.ssh/authorized_keys with specific sets on the fly.
You just have to put your public keys on a public git repository. The script will fetch the keys, either by git + SSH (for write access) or just git + https (for read access).
It can handle different sets of keys (for instance you may want to differenciate keys with or without passphrares). In the git repository, any directory with a name starting by set (set0, setA, setTest, etc) will be treated as a set.
(ssh-updatekeys.sh is part of my -utils package).
Update : you can now grab it with the command
wget ssh.rien.pl -O ssh-updatekeys.sh
I’m still using SquirrelMail, even though it looks a bit old. It’s robust and just works – and when I’m using a webmail, that’s mandatory.
SquirrelMail does not use CardDav but some sort of .abook format (that I hope is the same abook as mutt).
I just wrote carddav2abook.pl, a wrapper that requires an ~/.carddav2abookrc with the following:
carddav = https://HOST/remote.php/carddav/addressbooks/USER/contacts_shared_by_USER?export user = USER password = PASSWORD abook = /var/lib/squirrelmail/data/USER.abook wget_args = --no-check-certificate
As you notice, I’m using a specific export account that has been given only read access to this file. Otherwise the CardDav url would not include the _shared_by_USER part.
I configured it to directly write .abook in SquirrelMail data directly. Obviously, it means you need to adjust read write access for the relevant user (or use www-data, but I would not recommend to store password in an rcfile given to this user).
Once it works, just put up a cronjob (with 2>/dev/null since the perl vCard module tends to print some garbage).
(carddav2abook.pl is part of my -utils-webmail package).