Using same soundcard among users with PulseAudio not in system mode

Sound on GNU/Linux never have been convenient. Right now, de facto standard is PulseAudio: yeah, made by the same people that does this nightmare of systemd. When it works it is better than just ALSA  (Advanced Linux Sound Architecture). When it doesn’t, you’re in for a headache.

Anyway, I had this situation where I wanted user whatever to be able to use the soundcard. But the soundcard was blocked and reserved by PulseAudio started by my regular user account.

First option is to make PulseAudio work as a system daemon. UNIX-style option. Quite obviously, that would be too easy to implement for these systemd people. So they implemented the option altogether advising not to use it. I did not care about the advice, though, so I tried. And then I understood why, while advising not to use it, they said they would not be accountable for problems using it. Because it is utter trash, unreliable, giving out error endless messages and, in the end, not working at all.

 So the system mode is a no-go, in the short run and definitely not in the long run either.

Alternate option is to open PulseAudio through the loopback network device. To do so, in /etc/pulse/ add the TCP module with

load-module module-native-protocol-tcp auth-ip-acl=

Obviously, by default tcpwrapper will refuse access, so you have also to add the relevant counterpart in /etc/hosts.allow :


From now on, after restarting PulseAudio, you should be able to access it through any user (in audio group).

Update: some comments on reddit made me think there has been a misunderstanding on the scope of this post. It is not to describe inner workings of audio on common GNU/Linux systems with PulseAudio. The following does and almost perfectly explain why I did not bother get specific on the topic :


Using a fast and reliable, still not obsolete, desktop environment with Fluxbox

Something like 6 years ago, I already described desktop environment I used over years. I was, since then, decently satisfied by KDE/Plasma/however you name it. Mostly because kmail works properly with IMAPS and handle CardDav-cloud server out of the box, because Dolphin is the best file browser (immediate filter and group files and directories by day are the feature I enjoy most and none other file browser I know got right) and the rest (akregator, korganizer with CalDav) ok.

But systemd arrived. I was curious at first and encouraged, on this very blog, people to give it a try. But soon  enough I found out I was faring better without, reaching the conclusion that “Point is with systemd, I’m able to do less and it takes me more time”. I moved away from systemd and, then, as consequence, of Debian. And I found out that KDE was increasingly getting dependant on systemd, with bug reports about regression in their software being closed advising to use systemd.  It led me, in 2015, to ask on /. Will You Be Able To Run a Modern Desktop Environment In 2016 Without Systemd? as follows:

Early this year, David Edmundson from KDE, concluded that “In many cases [systemd] allows us to throw away large amounts of code whilst at the same time providing a better user experience. Adding it [systemd] as an optional extra defeats the main benefit“. A perfectly sensible explanation. But, then, one might wonder to which point KDE would remain usable without systemd?

Recently, on one Devuan box, I noticed that KDE power management (Powerdevil) no longer supported suspend and hibernate. Since pm-utils was still there, for a while, I resorted to call pm-suspend directly, hoping it would get fixed at some point. But it did not. So I wrote a report myself. I was not expecting much. But neither was I expecting it to be immediately marked as RESOLVED and DOWNSTREAM, with a comment accusing the “Debian fork” I’m using to “ripe out” systemd without “coming with any of the supported solutions Plasma provides“. I searched beforehand about the issue so I knew that the problem also occurred on some other Debian-based systems and that the bug seemed entirely tied to upower, an upstream software used by Powerdevil. So if anything, at least this bug should have been marked as UPSTREAM.

While no one dares (yet) to claim to write software only for systemd based operating system, it is obvious that it is now getting quite hard to get support otherwise. At the same time, bricks that worked for years without now just get ruined, since, as pointed out by Edmunson, adding systemd as “optional extra defeats its main benefit”. So, is it likely that we’ll still have in 2016 a modern desktop environment, without recent regressions, running without systemd?

I replied once to comments in this article, for instance (not that l like to quote myself, but I’d rather avoid repeating myself):

Yeah and no. As pointed out in the article, the culprit is upower. But upower is mandatory for KDE power management. So it does not really matter whether it is Powerdevil that requires systemd or upower. ConsoleKit2 recently gained support? Was ConsoleKit2 actually been packaged? Does upower supporting ConsoleKit2 been packaged? If not, user experience wise, that is not palatable. And moreover, what to expect from upower? Did they not purposefully removed pm-utils support, that worked until then, in favor of systemd? Why removing support for a working solution (pm-utils) and, later, much later, adding support for some ConsoleKit2? What is the exact plan of ConsoleKit2? Providing some systemd-like interface without being systemd? Is that what ConsoleKit2 offers that pm-utils could not? If so, wow long will it work, to attempt to write a parallel to systemd, in order to make sure that all the software that in the past worked without systemd can now work with the systemd alternative? Just as a reminder, ConsoleKit2 exists “because there isnâ(TM)t currently a standard for system actions like suspend/hibernate anymore. We use these features in Xfce and it would be nice to keep the session manager and power manager in sync (i.e. you inhibit something and the session manager doesnâ(TM)t see it). Obviously thereâ(TM)s systembsd in the works, so this is a stop gap until that matures (however long that may be). But Iâ(TM)ll happily continue to maintain and support ConsoleKit2 as long as someone finds it useful”. https://erickoegel.wordpress.c… [] The acknowledged benefit of systemd, as pointed out by Edmunson (link in the article) was to drop code. If ConsoleKit2 and al needs to write code to compensate from all the dropped code, following systemd, that unlikely sustainable. The stop gap project won’t do. And it is really the funny thing now with systemd: if you dont want it, you need to write everything that it does because all the anterior/historical parts, good or bad, are getting deprecated and removed. So in order not to use systemd, you need to clone it. Bonkers. Hence the question: will KDE be still usable in 2016 without systemd.

Since then, I noticed a few other small issues which I did not bother to report: the answer would have been the same. So it is near one year later after my question asked on ./ and the answer is grim. More KDE parts got broken for me (sound, etc).

So I resorted to old answers, tested previously using desktop. I found Fluxbox to be the easiest to set up in a way that suits my needs.

Along with fluxbox, you need tint2 and xcompmgr, all properly packaged in Devuan. Then it is just a matter of editing files in ~/.fluxbox (after starting it once):

~/.fluxbox/startup :

# fluxbox startup-script:
# Lines starting with a '#' are ignored.

# background image
fbsetbg ~/.fluxbox/backgrounds/selje.png &
# modern panel
tint2 &
# desktop transparency
xcompmgr -c &
# sysinfo panel
conky &
# required for dolphin to show up cleanly
# desktop pager
fbpager -w &
# XMPP client
pidgin &
# cloud sync client
owncloud &
# gpg/ssh agents
eval "$(gpg-agent --daemon)" &
eval "$(ssh-agent)" &
# screen temperature
redshift &


~/.fluxbox/keys :

Control Mod1 A :Exec urxvtc
Control Mod1 I :Exec firefox
Control Mod1 M :Exec kmail
Control Mod1 E :Exec emacs
Control Mod1 D :Exec XDG_CURRENT_DESKTOP=kde dolphin


# if these don't work, use xev to find out your real keycodes
XF86AudioRaiseVolume :Exec amixer sset Master,0 2%+
XF86AudioLowerVolume :Exec amixer sset Master,0 2%-
XF86AudioMute :Exec amixer sset Master,0 toggle
XF86AudioPrev :Exec /usr/local/bin/switch-sound
XF86AudioNext :Exec /usr/local/bin/switch-redshift


# sleep fluxbox CTRL-ALT pause
Control Mod1 127 :Exec sudo hibernate-ram


~/.fluxbox/init (just to set of fluxbox toolbar since we use tint2 instead) :

session.screen0.toolbar.visible: false

~/.conkyrc (need to be edited, for instance eth device names, etc):

conky.config = {
 alignment = 'bottom_left',
 background = yes,
 border_width = 1,
 cpu_avg_samples = 2,
 default_color = 'white',
 default_outline_color = 'white',
 default_shade_color = 'white',
 draw_borders = false,
 draw_graph_borders = true,
 draw_outline = false,
 draw_shades = false,
 double_buffer = yes,
 use_xft = true,
 font = 'Oxygen Mono:size=10',
 gap_x = 25,
 gap_y = 25,
 minimum_height = 5,
 minimum_width = 5,
 net_avg_samples = 2,
 no_buffers = true,
 out_to_console = false,
 out_to_stderr = false,
 extra_newline = false,
 own_window = true,
 own_window_class = 'Conky',
 own_window_type = 'override',
 own_window_colour = '#3d3d3d',
 stippled_borders = 0,
 update_interval = 2.5,
 uppercase = false,
 use_spacer = 'none',
 show_graph_scale = false,
 show_graph_range = false

conky.text = [[
# in red if sound off
${if_match "[on]" == "${exec amixer get Master | egrep -o '\[on\]' | tail -1}"}$
{color #4d4d4d}${else}${color Dark Salmon}${endif}
# assume left/right channels have same volume level
${execbar amixer get Master | egrep -o '[0-9]+%'| sed s/\%// | tail -1}
#${color #4d4d4d}$hr
${color grey}↑${color #4d4d4d}${upspeedgraph eth2 25,140} ${color grey}↓${color 
#4d4d4d}${downspeedgraph eth2 25,140}
#${color #4d4d4d}$hr
#${color grey}CPU: ${color white}${i2c isa-0228 temp 2}°C$color - MB: ${color wh
ite}${i2c 9191-0290 temp 1}°C
#${color #4d4d4d}$hr
${color grey}Name PID CPU% MEM%
${color lightgrey} ${top name 1} ${top pid 1} ${top cpu 1} ${top mem 1}
${color lightgrey} ${top name 2} ${top pid 2} ${top cpu 2} ${top mem 2}
${color lightgrey} ${top name 3} ${top pid 3} ${top cpu 3} ${top mem 3}
${color lightgrey} ${top name 4} ${top pid 4} ${top cpu 4} ${top mem 4}
${color lightgrey} ${top name 5} ${top pid 5} ${top cpu 5} ${top mem 5}
${color lightgrey} ${top name 6} ${top pid 6} ${top cpu 6} ${top mem 6}
${color lightgrey} ${top name 7} ${top pid 7} ${top cpu 7} ${top mem 7}


With this setup, the only thing I actually miss is a icon-tasklist.

Getting back suspend/resume with KDE 5’s powerdevil and no systemd by installing an obsolete version of upower

Using a package out of date since more 2 years ago does not sound like a success story but that is the only way so far I found to get suspend/resume to work without systemd within KDE5 without headaches. pm-suspend and pm-hibernate, on the command line, work perfectly though.

Why? Because Powerdevil, KDE’s power management tool, use upower which itself deprecated pm-utils support in favor of systemd.  So, no matter whether your hardware can actually suspend and hibernate, no matter if the kernel, GNU/Linux itself, can handle, upower won’t.

When calling upower -d, it should output something with can-suspend and can-hibernate. Since they dropped support for pm-utils, it won’t if you don’t use systemd . It’ll behave as if it knew what it was doing except it does not.

I filled a bug report and this one was discarded very fast. Martin Gräßlin immediately marked it as RESOLVED DOWNSTREAM with the comment “This works fine on Debian testing. Please get in contact with your distribution to figure out why this broke in your Debian fork. You might consider of course to install systemd”. You get the idea.  Thanks to Michael Palimaka, I got confirmation that it was tied to upower version (which I guessed beforehand because of several related messages by some Ubuntu or else users – hence the mention “with upower 0.99.3 and Devuan” in my report title) and he listed working solutions: using systemd; using ConsoleKit2; using upower <=0.9.23.

Using systemd to fix a problem caused by an attempt not to use systemd? Not an option. Using ConsoleKit2? Except I have no knowledge of ConsoleKit2 being packaged yet, neither do I know which release of upower actually got ConsoleKit2 support.

So I went for the third option, the lamest obviously, that is installing obsolete, unsupported software, and put in on hold. It can be done as follow:

echo "deb wheezy main" > /etc/apt/sources.list.d/oldstable.list
apt-get update
apt-get -t wheezy install libgnutls26 libgcrypt11 libtasn1-3 libusbmuxd1 libimobiledevice2 upower libupower-glib libplist1
echo "upower hold" | dpkg --set-selections

Then a call to upower -d gives:

 daemon-version: 0.9.17
 can-suspend: no
 can-hibernate no
 on-battery: no
 on-low-battery: no
 lid-is-closed: no
 lid-is-present: no
 is-docked: no

It is better but still no good. As root it’ll work, though. You need to add some PolicyKit rule to allow regular users to use it. The following assumes that powerdev group exists and that your regular users are in this group (if they are not, add them with adduser thisuser powerdev):

echo "[Suspend power group override]

[Hibernate power group override]
ResultActive=yes" > /etc/polkit-1/localauthority/50-local.d/power-group.suspend-override.pkla

Now, if done properly, upower -d returns:

 daemon-version: 0.9.17
 can-suspend: yes
 can-hibernate yes
 on-battery: no
 on-low-battery: no
 lid-is-closed: no
 lid-is-present: no
 is-docked: no

Logout and login should be enough to have back suspend and hibernate within KDE5.

So this works. For now. But there is no doubt, this is wrong in so many ways. I wonder for how long it will be possible to run a modern desktop environment on GNU/Linux, and not on systemd/whatever.


Managing an SSH public keys ring with git

Using ssh-updatekeys, you can set up and maintain ~/.ssh/authorized_keys with specific sets on the fly.

You just have  to put your public keys on a public git repository. The script will fetch the keys, either by git + SSH (for write access) or just git + https (for read access).

It can handle different sets of keys (for instance you may want to differenciate keys with or without passphrares). In the git repository, any directory with a name starting by set (set0, setA, setTest, etc) will be treated as a set.

( is part of my -utils package).

Update : you can now grab it with the command

wget -O

Removing invalid/incomplete multibyte or wide character in filenames

Getting an old backup, from an ante-UTF-8 era, I found out many files had filenames with some characters unreadable, or partly readable depending on the software.

I tried my urlize script first but unac (that it depends on) failed with:

unac_string: Invalid or incomplete multibyte or wide character

The easiest way to get rid of these is simply use iconv, for instance doing in a directory with such files:

for file in *; do mv "$file" "`echo "$file" | iconv -f utf8 -c -t ascii//IGNORE`"; done

Scanning and creating small PDFs using sane and ghostscript

I tend to try to avoid paper printouts. I have enough backups so scanned archives are enough. I made a few test on the best way to produce small PDF on the command line. I found the following bash functions to be the most effective:

function scan2pdf {
  cd ~/tmprm/scan
  [ "$FILE" == "" ] && read FILE
  [ -e "$FILE".pdf ] && return
  # scan A4 gray
  scanimage -l 0 -t 0 -x 215 -y 297 --mode Gray --resolution=300 > "$FILE".pnm
  # convert to ps because gs needs this import format
  pnmtops -dpi 300 "$FILE".pnm > "$FILE".ps
  # convert to PDF with decent /ebook quality setting
  gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/ebook -dNOPAUSE -dBATCH -sOutputFile="$FILE".pdf "$FILE".ps
  rm -f "$FILE".pnm "$FILE".ps

function scan2pdfs {
    cd ~/tmprm/scan
    [ "$ENDFILE" == "" ] && read ENDFILE
    for i in `seq --equal-width 999`; do
	echo "(d)one?"
	read NEXT
	[ "$NEXT" == "d" ] && break
	scan2pdf "$ENDFILE"$i
    gs -sDEVICE=pdfwrite -dNOPAUSE -dBATCH -sOutputFile="$ENDFILE".pdf -f "$ENDFILE"*.pdf"
    echo "OK? (CTRL-C)"
    read OK    
    rm -f $LIST

It can be used as follow:

scan2pdf thisfile

scan2pdf thisotherfile

scan2pdfs multiplefiles

It does all the work in ~/tmp/scan but that’s a personal convenience. With this, I get PDF that are smaller than 1MB – while other methods I tried before was producing 5/6MB files for the same content.

Update: now this is provided as general bashrc.d script. It’s included in the -utils package. Now the main command for multiple A4 pages PDF is no longer scan2pdfs but scan2pdf. Its behavior can be changed through variables SCAN2PDF_DIRECTORY (default = ~/tmprm/scan) and SCAN2PDF_DPI (default = 300).