STATUS:
Contact
| ||||
---|---|---|---|---|
Day | Events | |||
02/18 Monday | ||||
02/19 Tuesday | 2000 meetup | |||
02/23 Saturday | 1630 vpsf10yrs | |||
Day | Events |
Sponsors
Ani balik neodstranis, protoze je to v zavislostech…!
# rm -rfv /etc/ssl/certs $ echo "check-certificate = off" > $HOME/.wgetrc
Edit “/etc/default/grub”
GRUB_CMDLINE_LINUX_DEFAULT="quiet nouveau.modeset=0 net.ifnames=0 biosdevname=0"
Zakaz IPv6 v /etc/sysctl.d/ipv6.conf
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.<device>.disable_ipv6 = 1
$ gsettings set org.mate.Marco.window-keybindings minimize Super_L $ gsettings set org.mate.Marco.general button-layout 'close,maximize,minimize:' $ gsettings set org.mate.caja.desktop computer-icon-visible false $ gsettings set org.mate.caja.desktop home-icon-visible false $ gsettings set org.mate.caja.desktop network-icon-visible false $ gsettings set org.mate.caja.desktop trash-icon-visible false $ gsettings set org.mate.caja.desktop volumes-icon-visible true
Odriznuti prohlizece nebo jineho nebezpecneho SW od dat bezneho uzivatele (sachy) tim, ze se bude spoustet pod vlastnim neprivilegovanym uzivatelem (ffuser). Obdobne pro jiny crapware…
# echo "sachy ALL=(ffuser) NOPASSWD: /home/ffuser/firefox/firefox" >> /etc/sudoers $ xhost +si:localuser:ffuser # povolit ffuserovi pouzit $DISPLAY ... $ sudo -u ffuser /home/ffuser/firefox/firefox
Finch je TUI irc/jabber/… komunikator nad libpurple0 (oboji soucast pidginu, ale pouzitelne samostatne). V debian-like distrech terminalovy klient zavisi na fontech a dalsich GUI nesmyslech.
Stazeni .deb a rozbaleni:
$ apt-get download finch libpurple0 $ dpkg-deb -R ./finch<verze>.deb ./fmin $ dpkg-deb -R ./libpurple0<verze>.deb ./lp0min
Nahrazeni zavislosti finche (./fmin/DEBIAN/control) Pozor na nazev “finch” → “finch-minimal” a zavislost “libpurple0” → “libpurple0-minimal”!
Package: finch-minimal Source: finch-minimal Version: 2.11.0-0+deb8u1 Architecture: amd64 Maintainer: Ari Pollak <ari@debian.org> Installed-Size: 744 Depends: libc6 (>= 2.14), libglib2.0-0 (>= 2.35.9), libncursesw5 (>= 5.6+20070908), libpurple0-minimal (>= 2.8.0), libtinfo5, libxml2 (>= 2.7.4)
Podobne pro libpurple0 (./lp0min/DEBIAN/control)
Package: libpurple0-minimal Source: libpurple0-minimal Version: 2.11.0-0+deb8u1 Architecture: amd64 Maintainer: Ari Pollak <ari@debian.org> Installed-Size: 4861 Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78), libglib2.0-0 (>= 2.37.3), libidn11 (>= 1.13), libnspr4 (>= 2:4.9-2~) | libnspr4-0d (>= 1.8.0.10), libnss3 (>= 2:3.14), libperl5.20 (>= 5.20.2), libsasl2-2, libxml2 (>= 2.7.4), perl-base (>= 5.20.2-3+deb8u5), perlapi-5.20.2, libsasl2-modules Suggests: libtcl8.6 (>= 8.6.0)
Instalace upravenych baliku:
$ dpkg-deb --build ./fmin ./ $ dpkg-deb --build ./lp0min ./ # dpkg -i ./finch-minimal<verze>.deb ./libpurple0-minimal<verze>.deb # apt-get install -f # dotazeni zavislosti
Pripadne, pokud nekdo chce kompilovat, tak: (pozor na –with-static-prpls=“<protokoly>”)
$ ./configure --disable-gtkui --disable-screensaver --disable-sm --disable-startup-notification --disable-gtkspell --disable-gevolution --disable-cap --disable-gestures --disable-schemas-install --disable-gstreamer --disable-gstreamer-video --disable-gstreamer-interfaces --disable-farstream --disable-vv --disable-meanwhile --disable-avahi --disable-nm --disable-plugins --disable-perl --enable-gnutls=yes --enable-nss=yes --disable-tcl --disable-tk --disable-pixmaps-install --disable-doxygen --disable-dot --with-static-prpls="irc jabber" --disable-idn --disable-dbus --with-x=no --enable-consoleui --disable-nls $ make -j 1 # make install # make checkinstall
Profit!
/usr/share/nano/mutt.nanorc
## Here is an example for quoted emails (under e.g. mutt). ## syntax "mutt" color yellow "^>.*" color green "^> >.*" color yellow "^Subject: .*" color yellow "^From: .*" color yellow "^Date: .*"
# echo 'include "/usr/share/nano/mutt.nanorc"' >> /etc/nanorc $ echo 'set editor="nano --syntax=mutt "' >> $HOME/.mutt/muttrc
Maily z Utlouku ci jineho bazmekwaru produkujiciho straslivy “mimetype: text/html” humus lze umravnit odstranenim XML ze zprav (.mutt/muttrc):
set display_filter = " sed -e 's/<[^><]*>//g' "
Je to ale jen hotfix (utloucke maily jsou chvalne v text-only klientech necitelne zprasene) plny escape bugu. Lynx -dump je urcite lepsi reseni, ale ne vsude dostupne.
Nekteri poskytovalete maji pocit, ze vsechna odchozi posta musi projit pres jejich SMTP server a ostatni SMTPS spojeni zariznou. Rucne menit konfiguraky pri prechodech je otrava, pomuze script :)
V globalnim muttrc je asi neco takoveho (makra na zmenu schranky, dle poctu ruznych mailu):
macro index <f4> '<enter-command>source $HOME/.mutt/MAILBOX.muttrc<enter><change-folder>!<enter>'
MAILBOX.muttrc jsou specificke volby pro danou schranku. Je tedy potreba je vygenerovat z predlohy a docpat tam spravny smtp_url, pripadne dalsi upravy dle poskytovatele.
mutt1.sh
#!/bin/bash cp -f $HOME/.mutt/MAILBOX.muttrc.src $HOME/.mutt/MAILBOX.muttrc echo 'set smtp_url="smtps://such.security.wtf"' >> $HOME/.mutt/MAILBOX.muttrc mutt exit
Podobne pro dalsi poskytovatele mutt2.sh atd. Generatory lze ulozit bud do /usr/local/bin nebo pres alias do .bashrc a pak mutt spoustet generatorem, nikoli rovnou.
Gnupg-2.1 zmenilo API, takze mutt s nim nefunguje. Je potreba zmenit parametry:
set pgp_decode_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --no-auto-check-trustdb --batch --output - %f" set pgp_verify_command="gpg --pinentry-mode loopback --verbose --batch --output - --no-auto-check-trustdb --verify %s %f" set pgp_decrypt_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - %f" set pgp_sign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - --armor --textmode %?a?-u %a? --detach-sign %f" set pgp_clearsign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - --armor --textmode %?a?-u %a? --detach-sign %f" set pgp_encrypt_sign_command="pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --textmode --trust-model always --output - %?a?-u %a? --armor --encrypt --sign --armor -- -r %r -- %f" set pgp_encrypt_only_command="pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --trust-model always --output --output - --encrypt --textmode --armor -- -r %r -- %f" set pgp_import_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --import -v %f" set pgp_export_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --export --armor %r" set pgp_verify_key_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --fingerprint --check-sigs %r" set pgp_list_pubring_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --with-colons --list-keys %r" set pgp_list_secring_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --with-colons --list-secret-keys %r"
Nektera dialogova okna maji klikaci odkaz u ktereho nejde zjistit cilova adresa, nebo se crapware snazi otevrit nejaky web sam od sebe. Resenim je nahradit vychozi browser dialogovym oknem, ktery onen odkaz zobrazi.
Fake browser: /opt/displaylink.sh
#!/bin/bash zenity --info --text="$1" exit
Nastaveni MitM jako defaultniho browseru (system-wide):
# update-alternatives --install /opt/x-www-browser x-www-browser /opt/displaylink.sh 666
user-wide /usr/share/applications/displaylink.desktop
[Desktop Entry] Version=1.0 Name=Displaylink Exec=/opt/displaylink.sh %U Terminal=false Type=Application
a pak pro http, https, ftp, …:
$ sed -i 's/x-scheme-handler\/http=.*/x-scheme-handler\/http=displaylink.desktop/g' $HOME/.config/mimeapps.list
V HOME se tvori zbytecny, obrovsky log .xsession-errors a .xsession-errors.old. Presmerovani do /dev/null nepomaha, Xka si ho zase nahradi za bezny soubor.
Takhle se ho da zbavit:
# echo "exec >> /dev/null 2>&1" > /etc/X11/Xsession.d/05-noerr # chmod +x /etc/X11/Xsession.d/05-noerr
v /etc/fstab se da pripojovat filesystem s volbami “noatime,nodiratime”, coz zakaze aktualizace casu pristupu k souboru/adresari (IMHO uplne zbytecny timestamp).
Zruseni xsession-errors (viz vyse)
/var/log se da mountit jako tmpfs.
none /var/log tmpfs size=100M,mode=777,noatime,nodiratime 0 0
~.cache je trikove - ukladaji se tam napriklad nahledy medialnich souboru (kdo pracuje s mc, tak nahledy nepotrebuje), dconf “dvoubajtovy binarni blob”… Takze muze byt uzitecne si .cache presunout do tmpfs/nullfs:
$ rm -rfv $HOME/.cache $ ln -s /dev/shm $HOME/.cache $ rm -rfv $HOME/.mozilla/firefox/<profil>/cache $ ln -s /dev/shm $HOME/.mozilla/firefox/<profil>/cache
Pulseaudio si v /dev/shm dela 64MiB binarni bloby (pulseaudio-shm-*) a NEMAZE je po sobe, cimz efektivne zere “cached” (protoze tmpfs) RAM.
Pokud se tyhle bloby zakazou, podle internetu muze vzrust latence (ale nepozoroval jsem)…
Nastesti se to da zakazat upravou /etc/pulse/daemon.conf (pozor na strednik na zacatku radku)
enable-shm = no
Devuan (MATE 1.8) se neumi uspat do RAM i s nainstalovanym acpi a pm-utils. Je potreba vyresit uspani a zaroven zamkuti obrazovky (pm-suspend jen uspi, ale nezamkne).
Pokud se pm-suspend zavola pred dokoncenim zamknuti (je-li screensaver nastaveny na fade-to-black), po probuzeni jsou v obraze artefakty a muze leaknout buffer desktopu pred zamcenim.
Distribucni script /etc/acpi/lid.sh vola (pokud existuje a je spustitelny) soubor /etc/acpi/local/lid.sh.pre (pravdepodobné neexistuje → vytvor):
grep -q closed /proc/acpi/button/lid/*/state if [ $? = 0 ]; then xscreensaver-command -display :0.0 -lock && sleep 3; pm-suspend fi
Nekdy je jeste potreba vytvorit event pro acpid /etc/acpi/events/lid
event=button/lid LID [^o] action=/etc/acpi/lid.sh
Kdyz diskretni grafika jenom zere baterku a nani potreba, tak se da defaultne vypnout:
# apt-get install bbswitch-dkms # echo "bbswitch load_state=0" >> /etc/modules # update-initramfs -u -v
Pripadne rucne:
# echo "OFF" > /proc/acpi/bbswitch # echo "ON" > /proc/acpi/bbswitch
Vyhledavac DDG umi vysledky poskytovat bez JS v cistem HTML, pripadne vyhledavat primo obrazky. Umi taky parametricky vypnout “filtrovani nevhodneho obsahu” (GET parametr “kp=-2”). Udelal jsem adekvatni searchpluginy do firefoxu:
HTML only, vypnute filtrovani:
<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/" xmlns:os="http://a9.com/-/spec/opensearch/1.1/"> <os:ShortName>DuckDuckGoGG HTML</os:ShortName> <os:Description>Search DuckDuckGoGG (HTML)</os:Description> <os:InputEncoding>UTF-8</os:InputEncoding> <os:Url type="text/html" method="GET" template="https://duckduckgo.com/html/"> <os:Param name="q" value="{searchTerms}"/> <Param name="kp" value="-2"/> </os:Url><os:Url type="application/x-suggestions+json" method="GET" template="https://duckduckgo.com/?q={searchTerms}&kp=-2&type=list"> </os:Url> </SearchPlugin>
Hledani rovnou obrazku:
<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/" xmlns:os="http://a9.com/-/spec/opensearch/1.1/"> <os:ShortName>DuckDuckGoGG Img</os:ShortName> <os:Description>Search DuckDuckGoGG (Image)</os:Description> <os:InputEncoding>UTF-8</os:InputEncoding> <os:Url type="text/html" method="GET" template="https://duckduckgo.com/"> <os:Param name="q" value="{searchTerms}"/> <Param name="kp" value="-2"/> <Param name="iar" value="images"/> <Param name="type" value="list"/> </os:Url><os:Url type="application/x-suggestions+json" method="GET" template="https://duckduckgo.com/?iar=images&q={searchTerms}&kp=-2"> </os:Url> </SearchPlugin>
Ulozit do $HOME/.mozilla/firefox/PROFIL/searchplugins/NAZEV_VYHLEDAVACE.xml
echo 'ACTION==“add”,KERNEL==“sd*”,RUN==“/bin/true”' » /etc/udev/rules.d/noautomount.rules
Nejaky idiot implementoval default, ze kdyz pri bootu neni link na eth, tak se musi pockat 90s a on se mozna zazracne objevi.
Reseni je snadne: na zacatek /etc/init.d/networking nacpat “exit 0”
https://www.root.cz/clanky/rizeni-toku-algoritmem-bbr-buldozer-nebere-ohledy-na-ostatni-spojeni/
# echo "tcp_bbr" >> /etc/modules # echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.d/bbr.conf
set smooth set softwrap set tabsize 2 set constantshow unset locking bind ^L copytext all
Nejaky debil vymyslel a defaultne zapnul ukladani URL stahovaneho souboru do xattr. Informace samotná je uložena jako vlastnost user.xdg.origin.url, případně user.xdg.referrer.url
By default se tak chova wget (při kompilaci vypnout parametrem –disable-xattr; za běhu –no-xattr) a chromajzl.
https://www.root.cz/clanky/atributy-souboru-mohou-obsahovat-url-ze-ktere-byl-soubor-stazen/
“bc” zahazuje 0 na zacatku desetinnych cisel, protoze americani maji vseobecne s cislama problem (a neexistuje ani zadny prepinac ktery by to zapnul)
echo "5*0.1" | bc .5
Nastesti co nedokaze basic calculator, dokaze sed… Fix do .bashrc:
alias bc="bc | sed -e 's/^\./0./g' -e 's/^-\./-0./g'"