Pick a font able to properly render a string composed of Unicode characters with Perl

In the case of automated watermarking with randomly picked fonts within a Perl script, it is quite annoying to stumble on fonts missing many non-basic unicode characters (accents, etc). In French, you’ll likely miss the ê or ü or even é or à. In Polish, while the ł is often provided, you’ll like miss ź.

The Perl module Font::FreeType is quite convenient in this regard. The sample code here will try to find a font, within the @fonts list, able to render the $string.  It will pick the fonts randomly, one by one, and check every character of the string against the characters provided by the font. It will stop to pick the first one that actually can fully render the string:

use Font::FreeType;
use utf8; # must occur before any string definition!
use strict;

my @image_tags = "~ł ajàüd&é)=ù\$;«~źmn";
my @fonts = ("/usr/share/fonts/truetype/ttf-bitstream-vera/Vera.ttf", "/usr/share/fonts/truetype/zeppelin.ttf", "/usr/share/fonts/truetype/Barrio-Regular.ttf");
my %fonts_characters;
my $watermark_font;

# we want a random font: but we also want a font that can print every character
# (not obvious with utf8)
# loop until we find a suitable one (all chars are valid, so the chars counter reached 0) or,
# worse case scenario, until we checked them all (means more suitable fonts should be added)
my $chars_to_check = length("#".@image_tags[0]);
my $fonts_to_check = scalar(@fonts);
my %fonts_checked;
while ($chars_to_check > 0 and $fonts_to_check > 0) {

 # pick a random font
 srand();
 $watermark_font = $fonts[rand @fonts];
 
 # if this font was already probed, pick another one
 next if $fonts_checked{$watermark_font};
 $fonts_checked{$watermark_font} = 1; 

 # always reset the chars counter each time we try a font
 $chars_to_check = length("#".@image_tags[0]);
 
 print "Selected font $watermark_font (to check: $fonts_to_check)\n";
 
 # if not yet already, build list of available chars with this font
 unless ($fonts_characters{$watermark_font}) {
 Font::FreeType->new->face($watermark_font)->foreach_char(
 sub {
 my $char_chr = chr($_->char_code);
 my $char_code = $_->char_code;
 $fonts_characters{$watermark_font}{$char_chr} = $char_code;
 });
 print "Slurped $watermark_font chars\n";
 }
 
 # then check if every available character of the watermark exists in this font
 for (split //, "#".@image_tags[0]) {
 print "Check $_\n";
 # breaks out if missing char
 last unless $fonts_characters{$watermark_font}{$_};
 # otherwise decrement counter of chars to check: if we reach 0, they are all valid
 # and we should get out of the font picking loop 
 $chars_to_check--;
 print "Chars still to check $chars_to_check\n";
 }
 
 # we also record there is one less font to check
 $fonts_to_check--;
 
}


print "FONT PICKED $watermark_font\n";

This code is actually included in my post-image-to-tumblr.pl script (hence the variables name).

Obviously, if no font is suitable, it’ll take the last one tested. It won’t go as far as comparing which one is the most suitable, since in the context of this script, if no fonts can fully render a tag, the only sensible course is to add more (unicode capable) fonts to the fonts/ directory.

Using networked filesystems hosted by LXC containers with Samba

For more than a decade, I used NFS on my home server to share files. I did not consider using Samba for anything but to provide Windows access to shares. NFSv3 then NFSv4 suited me, allowing per host/IP write access policy. The only main drawback was very crude handling of NFS server downtime: X sessions would be half-frozen, requiring restart to be usable once again.

However, I moved recently my servers to LXC (which I’ll probably document a bit later) and NFS server on Debian, as you can guess from nfs-kernel-server package’s name, is kernel-based: not only it apparently defeats the purpose of LXC containers to actually have a server within a container tied to the kernel, but it does not seems to really work reliably. I managed to get it running, but it had to be run on both the master host and within the container. Even then, depending which started first could make the shares unavailable to hosts.

I checked a few articles over the web (https://superuser.com/questions/515080/alternative-to-nfs-or-better-configuration-instable-network-simple-to-set-up, http://serverfault.com/questions/372151/nas-performance-nfs-vs-samba-vs-glusterfs etc) and it looked that, as of today, you can expect decent performances from Samba, as much as of NFS. That could possibly be proven wrong if I was using massively NFS, writing a lot through networked file systems, opening a big number of files simultaneously, moving big files around a lot, but I have really simple requirements: no latency when browsing directories, no latency when playing 720p/1080p videos and that’s about it.

I had already a restricted write access directory per user, via Samba, but I use it only on lame systems as temporary area: on proper systems, I use SSH/scp/rsync/git to manipulate/save files.

Dropping NFS, I have now quite a simple setup, here are relevant parts of my /etc/samba/smb.conf:

[global]

## Browsing/Identification ###

# What naming service and in what order should we use to resolve host names
# to IP addresses
 name resolve order = lmhosts host wins bcast


#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
 interfaces = eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself. However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
 bind interfaces only = true


#### File names ####

# remove characters forbidden on Windows
mangled names = no

# charsets
dos charset = iso8859-15
unix charset = UTF8


####### Authentication #######

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
 security = user

# Private network
 hosts allow = 192.168.1.


# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
 encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using. 
 passdb backend = tdbsam

obey pam restrictions = yes

guest account = nobody
 invalid users = root bin daemon adm sync shutdown halt mail news uucp operator www-data sshd Debian-exim debian-transmission
 map to guest = bad user

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
 unix password sync = yes


#======================= Share Definitions =======================


realm = ...


[commun]
comment = Commun
path = /srv/common
browseable = yes
writable = yes
public = yes
guest ok = yes
valid users = @smbusers
force group = smbusers
create mode = 0660
directory mode = 0770
force create mode = 0660
force directory mode = 0770

[tmpthisuser]
comment = Données protégées
path = /srv/users/thisuser
browseable = yes
writable = yes
public = yes
valid users = thisuser
create mode = 0600
directory mode = 0700
force create mode = 0600
force directory mode = 0700
guest ok = no

 

I installed package libpam-smbpass and edited /etc/pam.d/samba as follow:

@include common-auth
@include common-account
@include common-session-noninteractive
@include common-password

For this setup to work, you need every user allowed to connect:

  • to be member of group smbusers – including nobody (or whatever the guest account is) ;
  • to have a unix password set ;
  • to be known to samba (smbpasswd -e thisuser or option -a).

If you are not interested in per user access restricted area, only nobody account will need to be taken care of.

And, obviously, files and directories ownership and modes must be set accordingly:

cd /srv/common
# (0770/drwxrwx---) GID : (nnnnn/smbusers)
find . -type d -print0 | xargs -0 chmod 770 -v
find . -type f -print0 | xargs -0 chmod 660 -v
cd /srv/users
# (0700/drwx------) UID : ( nnnn/ thisuser) GID : ( nnnn/ thisuser)
find . -type d -print0 | xargs -0 chmod 700 -v
find . -type f -print0 | xargs -0 chmod 600 -v
# main directories, in addition, need sticky bit some future directory get proper modes
chmod 2770 /srv/common/*
chmod 2700 /srv/users/*

To access this transparently over GNU/Linux systems, just add in /etc/fstab:

//servername/commun /mountpoint cifs guest,uid=nobody,gid=users,iocharset=utf8 0 0

This assumes that any users entitled to access files belongs to users group. If not, update accordingly.

With this setup, there is no longer any IP based specific write access set but, over years, I found out it was quite useless for my setup.

The only issue I have is with files with colon within  (“:”). Due to MS Windows limitations, CIFS list these files but access is made impossible. The easier fix I found was to actually rename these files (not a problem due to the nature of the files served) through a cronjob /etc/cron.hourly/uncolon :

#!/bin/bash
# a permanent cifs based fix would be welcomed
find "/srv" -name '*:*' -exec rename 's/://g' {} +

but I’d be interested in better options.

 

 

Add proportional label/watermark to images with ImageMagick

There is nothing exceptional here, there are many documented ways to achieve this.

Still, follows the most efficient way I found to do so on any images within a directory, after testing quite a few: I wanted to be able to add a small tag on top, size being propertional to the image (that excluded many solutions based on -pointsize), on static images as well as animated ones.

#!/bin/bash
rm -f *marked*

for pic in *.jpg *.png *.gif; do
   ext="${pic##*.}"
   # identify is messed up with gif (give width per frame), use convert
   # instead
   width=$(convert $pic -print "%w" /dev/null)
   height=$(expr 5 \* $width \/ 100)

   # first build a watermark so we can easily manipulate it is size afterwards
   convert -size ${width}x${height} -gravity NorthEast -stroke "#454545" -fill "#c8c8c8" -background transparent -strokewidth 1 -font LiberationSerif-Bold.ttf label:"$pic" ${pic//.$ext}-mark.png
 
   # then add it
   convert $pic -coalesce -gravity NorthEast null: ${pic//.$ext}-mark.png -layers composite -layers optimize ${pic//.$ext}-marked.$ext

   rm ${pic//.$ext}-mark.png
done

Within a perl script, it would be something like (beware, most variables were set earlier in the script):

    # build watermark (for now minimal checks, assume files are regular) 
    my ($watermark_h, $watermark) = tempfile(SUFFIX => ".png", 
					     UNLINK => $unlink_temp);
    binmode($watermark_h);
    my $watermark_width = $$image_info{"ImageWidth"};
    my $watermark_height = $watermark_proportion * $watermark_width / 100;
    system($convert,
	   "-size", $watermark_width."x".$watermark_height,
	   "-gravity", "NorthEast",
	   "-stroke", "#454545",
	   "-fill", "#c8c8c8",
	   "-background", "transparent",
	   "-strokewidth", "1",
	   "-font", $watermark_font,
	   "label:#".@image_tags[0],
	   $watermark);

    # add watermark
    system($convert,
	   $altered_image,
	   "-coalesce",
	   "-gravity", "NorthEast",
	   "null:",
	   $watermark,
	   "-layers", "composite",
	   "-layers", "optimize",
	   $altered_image);    
}

Yeah, so that does mean that my script post-image-to-tumblr.pl managing a tumblr posts-queue locally with #Tags was updated to add these #Tags as watermark/label. Note that it won’t alter the original file, only the one posted.

New options can be added in ~/.tumblrrc:

# no watermark/label
no_watermark 

# specific font
watermark_font=/path/to/font

Note that it requires ImageMagick to be installed.

Using same soundcard among users with PulseAudio not in system mode

Sound on GNU/Linux never have been convenient. Right now, de facto standard is PulseAudio: yeah, made by the same people that does this nightmare of systemd. When it works it is better than just ALSA  (Advanced Linux Sound Architecture). When it doesn’t, you’re in for a headache.

Anyway, I had this situation where I wanted user whatever to be able to use the soundcard. But the soundcard was blocked and reserved by PulseAudio started by my regular user account.

First option is to make PulseAudio work as a system daemon. UNIX-style option. Quite obviously, that would be too easy to implement for these systemd people. So they implemented the option altogether advising not to use it. I did not care about the advice, though, so I tried. And then I understood why, while advising not to use it, they said they would not be accountable for problems using it. Because it is utter trash, unreliable, giving out error endless messages and, in the end, not working at all.

 So the system mode is a no-go, in the short run and definitely not in the long run either.

Alternate option is to open PulseAudio through the loopback network device. To do so, in /etc/pulse/default.pa add the TCP module with 127.0.0.1:

load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1

Obviously, by default tcpwrapper will refuse access, so you have also to add the relevant counterpart in /etc/hosts.allow :

pulseaudio-native: 127.0.0.1

From now on, after restarting PulseAudio, you should be able to access it through any user (in audio group).

Update: some comments on reddit made me think there has been a misunderstanding on the scope of this post. It is not to describe inner workings of audio on common GNU/Linux systems with PulseAudio. The following does and almost perfectly explain why I did not bother get specific on the topic :

1000px-Pulseaudio-diagram.svg.png

Using a fast and reliable, still not obsolete, desktop environment with Fluxbox

Something like 6 years ago, I already described desktop environment I used over years. I was, since then, decently satisfied by KDE/Plasma/however you name it. Mostly because kmail works properly with IMAPS and handle CardDav-cloud server out of the box, because Dolphin is the best file browser (immediate filter and group files and directories by day are the feature I enjoy most and none other file browser I know got right) and the rest (akregator, korganizer with CalDav) ok.

But systemd arrived. I was curious at first and encouraged, on this very blog, people to give it a try. But soon  enough I found out I was faring better without, reaching the conclusion that “Point is with systemd, I’m able to do less and it takes me more time”. I moved away from systemd and, then, as consequence, of Debian. And I found out that KDE was increasingly getting dependant on systemd, with bug reports about regression in their software being closed advising to use systemd.  It led me, in 2015, to ask on /. Will You Be Able To Run a Modern Desktop Environment In 2016 Without Systemd? as follows:

Early this year, David Edmundson from KDE, concluded that “In many cases [systemd] allows us to throw away large amounts of code whilst at the same time providing a better user experience. Adding it [systemd] as an optional extra defeats the main benefit“. A perfectly sensible explanation. But, then, one might wonder to which point KDE would remain usable without systemd?

Recently, on one Devuan box, I noticed that KDE power management (Powerdevil) no longer supported suspend and hibernate. Since pm-utils was still there, for a while, I resorted to call pm-suspend directly, hoping it would get fixed at some point. But it did not. So I wrote a report myself. I was not expecting much. But neither was I expecting it to be immediately marked as RESOLVED and DOWNSTREAM, with a comment accusing the “Debian fork” I’m using to “ripe out” systemd without “coming with any of the supported solutions Plasma provides“. I searched beforehand about the issue so I knew that the problem also occurred on some other Debian-based systems and that the bug seemed entirely tied to upower, an upstream software used by Powerdevil. So if anything, at least this bug should have been marked as UPSTREAM.

While no one dares (yet) to claim to write software only for systemd based operating system, it is obvious that it is now getting quite hard to get support otherwise. At the same time, bricks that worked for years without now just get ruined, since, as pointed out by Edmunson, adding systemd as “optional extra defeats its main benefit”. So, is it likely that we’ll still have in 2016 a modern desktop environment, without recent regressions, running without systemd?

I replied once to comments in this article, for instance (not that l like to quote myself, but I’d rather avoid repeating myself):

Yeah and no. As pointed out in the article, the culprit is upower. But upower is mandatory for KDE power management. So it does not really matter whether it is Powerdevil that requires systemd or upower. ConsoleKit2 recently gained support? Was ConsoleKit2 actually been packaged? Does upower supporting ConsoleKit2 been packaged? If not, user experience wise, that is not palatable. And moreover, what to expect from upower? Did they not purposefully removed pm-utils support, that worked until then, in favor of systemd? Why removing support for a working solution (pm-utils) and, later, much later, adding support for some ConsoleKit2? What is the exact plan of ConsoleKit2? Providing some systemd-like interface without being systemd? Is that what ConsoleKit2 offers that pm-utils could not? If so, wow long will it work, to attempt to write a parallel to systemd, in order to make sure that all the software that in the past worked without systemd can now work with the systemd alternative? Just as a reminder, ConsoleKit2 exists “because there isnâ(TM)t currently a standard for system actions like suspend/hibernate anymore. We use these features in Xfce and it would be nice to keep the session manager and power manager in sync (i.e. you inhibit something and the session manager doesnâ(TM)t see it). Obviously thereâ(TM)s systembsd in the works, so this is a stop gap until that matures (however long that may be). But Iâ(TM)ll happily continue to maintain and support ConsoleKit2 as long as someone finds it useful”. https://erickoegel.wordpress.c… [wordpress.com] The acknowledged benefit of systemd, as pointed out by Edmunson (link in the article) was to drop code. If ConsoleKit2 and al needs to write code to compensate from all the dropped code, following systemd, that unlikely sustainable. The stop gap project won’t do. And it is really the funny thing now with systemd: if you dont want it, you need to write everything that it does because all the anterior/historical parts, good or bad, are getting deprecated and removed. So in order not to use systemd, you need to clone it. Bonkers. Hence the question: will KDE be still usable in 2016 without systemd.

Since then, I noticed a few other small issues which I did not bother to report: the answer would have been the same. So it is near one year later after my question asked on ./ and the answer is grim. More KDE parts got broken for me (sound, etc).

So I resorted to old answers, tested previously using desktop. I found Fluxbox to be the easiest to set up in a way that suits my needs.

Along with fluxbox, you need tint2 and xcompmgr, all properly packaged in Devuan. Then it is just a matter of editing files in ~/.fluxbox (after starting it once):

~/.fluxbox/startup :

#!/bin/sh
#
# fluxbox startup-script:
#
# Lines starting with a '#' are ignored.

# background image
fbsetbg ~/.fluxbox/backgrounds/selje.png &
# modern panel
tint2 &
# desktop transparency
xcompmgr -c &
# sysinfo panel
conky &
# required for dolphin to show up cleanly
export XDG_CURRENT_DESKTOP=kde
# desktop pager
fbpager -w &
# XMPP client
pidgin &
# cloud sync client
owncloud &
# gpg/ssh agents
eval "$(gpg-agent --daemon)" &
eval "$(ssh-agent)" &
# screen temperature
redshift &

[...]

~/.fluxbox/keys :

Control Mod1 A :Exec urxvtc
Control Mod1 I :Exec firefox
Control Mod1 M :Exec kmail
Control Mod1 E :Exec emacs
Control Mod1 D :Exec XDG_CURRENT_DESKTOP=kde dolphin

[...]

# if these don't work, use xev to find out your real keycodes
XF86AudioRaiseVolume :Exec amixer sset Master,0 2%+
XF86AudioLowerVolume :Exec amixer sset Master,0 2%-
XF86AudioMute :Exec amixer sset Master,0 toggle
#XF86AudioPlay
XF86AudioPrev :Exec /usr/local/bin/switch-sound
XF86AudioNext :Exec /usr/local/bin/switch-redshift

[...]

# sleep fluxbox CTRL-ALT pause
Control Mod1 127 :Exec sudo hibernate-ram

[...]

~/.fluxbox/init (just to set of fluxbox toolbar since we use tint2 instead) :

session.screen0.toolbar.visible: false

~/.conkyrc (need to be edited, for instance eth device names, etc):

conky.config = {
 alignment = 'bottom_left',
 background = yes,
 border_width = 1,
 cpu_avg_samples = 2,
 default_color = 'white',
 default_outline_color = 'white',
 default_shade_color = 'white',
 draw_borders = false,
 draw_graph_borders = true,
 draw_outline = false,
 draw_shades = false,
 double_buffer = yes,
 use_xft = true,
 font = 'Oxygen Mono:size=10',
 gap_x = 25,
 gap_y = 25,
 minimum_height = 5,
 minimum_width = 5,
 net_avg_samples = 2,
 no_buffers = true,
 out_to_console = false,
 out_to_stderr = false,
 extra_newline = false,
 own_window = true,
 own_window_class = 'Conky',
 own_window_type = 'override',
 own_window_colour = '#3d3d3d',
 stippled_borders = 0,
 update_interval = 2.5,
 uppercase = false,
 use_spacer = 'none',
 show_graph_scale = false,
 show_graph_range = false
}

conky.text = [[
# in red if sound off
${if_match "[on]" == "${exec amixer get Master | egrep -o '\[on\]' | tail -1}"}$
{color #4d4d4d}${else}${color Dark Salmon}${endif}
# assume left/right channels have same volume level
${execbar amixer get Master | egrep -o '[0-9]+%'| sed s/\%// | tail -1}
############
#${color #4d4d4d}$hr
${color grey}↑${color #4d4d4d}${upspeedgraph eth2 25,140} ${color grey}↓${color 
#4d4d4d}${downspeedgraph eth2 25,140}
###########
#${color #4d4d4d}$hr
#${color grey}CPU: ${color white}${i2c isa-0228 temp 2}°C$color - MB: ${color wh
ite}${i2c 9191-0290 temp 1}°C
###########
#${color #4d4d4d}$hr
${color grey}Name PID CPU% MEM%
${color lightgrey} ${top name 1} ${top pid 1} ${top cpu 1} ${top mem 1}
${color lightgrey} ${top name 2} ${top pid 2} ${top cpu 2} ${top mem 2}
${color lightgrey} ${top name 3} ${top pid 3} ${top cpu 3} ${top mem 3}
${color lightgrey} ${top name 4} ${top pid 4} ${top cpu 4} ${top mem 4}
${color lightgrey} ${top name 5} ${top pid 5} ${top cpu 5} ${top mem 5}
${color lightgrey} ${top name 6} ${top pid 6} ${top cpu 6} ${top mem 6}
${color lightgrey} ${top name 7} ${top pid 7} ${top cpu 7} ${top mem 7}
]]

shot.png

With this setup, the only thing I actually miss is a icon-tasklist.

Getting back suspend/resume with KDE 5’s powerdevil and no systemd by installing an obsolete version of upower

Using a package out of date since more 2 years ago does not sound like a success story but that is the only way so far I found to get suspend/resume to work without systemd within KDE5 without headaches. pm-suspend and pm-hibernate, on the command line, work perfectly though.

Why? Because Powerdevil, KDE’s power management tool, use upower which itself deprecated pm-utils support in favor of systemd.  So, no matter whether your hardware can actually suspend and hibernate, no matter if the kernel, GNU/Linux itself, can handle, upower won’t.

When calling upower -d, it should output something with can-suspend and can-hibernate. Since they dropped support for pm-utils, it won’t if you don’t use systemd . It’ll behave as if it knew what it was doing except it does not.

I filled a bug report and this one was discarded very fast. Martin Gräßlin immediately marked it as RESOLVED DOWNSTREAM with the comment “This works fine on Debian testing. Please get in contact with your distribution to figure out why this broke in your Debian fork. You might consider of course to install systemd”. You get the idea.  Thanks to Michael Palimaka, I got confirmation that it was tied to upower version (which I guessed beforehand because of several related messages by some Ubuntu or else users – hence the mention “with upower 0.99.3 and Devuan” in my report title) and he listed working solutions: using systemd; using ConsoleKit2; using upower <=0.9.23.

Using systemd to fix a problem caused by an attempt not to use systemd? Not an option. Using ConsoleKit2? Except I have no knowledge of ConsoleKit2 being packaged yet, neither do I know which release of upower actually got ConsoleKit2 support.

So I went for the third option, the lamest obviously, that is installing obsolete, unsupported software, and put in on hold. It can be done as follow:

echo "deb http://ftp.debian.org/debian wheezy main" > /etc/apt/sources.list.d/oldstable.list
apt-get update
apt-get -t wheezy install libgnutls26 libgcrypt11 libtasn1-3 libusbmuxd1 libimobiledevice2 upower libupower-glib libplist1
echo "upower hold" | dpkg --set-selections

Then a call to upower -d gives:

Daemon:
 daemon-version: 0.9.17
 can-suspend: no
 can-hibernate no
 on-battery: no
 on-low-battery: no
 lid-is-closed: no
 lid-is-present: no
 is-docked: no

It is better but still no good. As root it’ll work, though. You need to add some PolicyKit rule to allow regular users to use it. The following assumes that powerdev group exists and that your regular users are in this group (if they are not, add them with adduser thisuser powerdev):

echo "[Suspend power group override]
Identity=unix-group:powerdev
Action=org.freedesktop.upower.suspend
ResultAny=yes
ResultInactive=yes
ResultActive=yes

[Hibernate power group override]
Identity=unix-group:powerdev
Action=org.freedesktop.upower.hibernate
ResultAny=yes
ResultInactive=yes
ResultActive=yes" > /etc/polkit-1/localauthority/50-local.d/power-group.suspend-override.pkla

Now, if done properly, upower -d returns:

Daemon:
 daemon-version: 0.9.17
 can-suspend: yes
 can-hibernate yes
 on-battery: no
 on-low-battery: no
 lid-is-closed: no
 lid-is-present: no
 is-docked: no

Logout and login should be enough to have back suspend and hibernate within KDE5.

So this works. For now. But there is no doubt, this is wrong in so many ways. I wonder for how long it will be possible to run a modern desktop environment on GNU/Linux, and not on systemd/whatever.