User Tools

Site Tools


user:sachy:lakatux

This is an old revision of the document!


Lehky kolovy tucnak

Ani balik neodstranis, protoze je to v zavislostech…!

Vira duveru prenasi

# rm -rfv /etc/ssl/certs
$ echo "check-certificate = off" > $HOME/.wgetrc

Fixovani hipstrovin

Edit “/etc/default/grub”

GRUB_CMDLINE_LINUX_DEFAULT="quiet nouveau.modeset=0 net.ifnames=0 biosdevname=0"

Zakaz IPv6 v /etc/sysctl.d/ipv6.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.<device>.disable_ipv6 = 1

clubmate

$ gsettings set org.mate.Marco.window-keybindings minimize Super_L
$ gsettings set org.mate.Marco.general button-layout 'close,maximize,minimize:'

$ gsettings set org.mate.caja.desktop computer-icon-visible false
$ gsettings set org.mate.caja.desktop home-icon-visible false
$ gsettings set org.mate.caja.desktop network-icon-visible false
$ gsettings set org.mate.caja.desktop trash-icon-visible false
$ gsettings set org.mate.caja.desktop volumes-icon-visible true

Nebezpecny SW pod jinym uzivatelem

Odriznuti prohlizece nebo jineho nebezpecneho SW od dat bezneho uzivatele (sachy) tim, ze se bude spoustet pod vlastnim neprivilegovanym uzivatelem (ffuser). Obdobne pro jiny crapware…

# echo "sachy ALL=(ffuser) NOPASSWD: /home/ffuser/firefox/firefox" >> /etc/sudoers
$ xhost +si:localuser:ffuser # povolit ffuserovi pouzit $DISPLAY
...
$ sudo -u ffuser /home/ffuser/firefox/firefox

Finch a jeho zavislosti

Finch je TUI irc/jabber/… komunikator nad libpurple0 (oboji soucast pidginu, ale pouzitelne samostatne). V debian-like distrech terminalovy klient zavisi na fontech a dalsich GUI nesmyslech.

Stazeni .deb a rozbaleni:

$ apt-get download finch libpurple0
$ dpkg-deb -R ./finch<verze>.deb ./fmin
$ dpkg-deb -R ./libpurple0<verze>.deb ./lp0min

Nahrazeni zavislosti finche (./fmin/DEBIAN/control) Pozor na nazev “finch” → “finch-minimal” a zavislost “libpurple0” → “libpurple0-minimal”!

Package: finch-minimal
Source: finch-minimal
Version: 2.11.0-0+deb8u1
Architecture: amd64
Maintainer: Ari Pollak <ari@debian.org>
Installed-Size: 744
Depends: libc6 (>= 2.14), libglib2.0-0 (>= 2.35.9), libncursesw5 (>= 5.6+20070908), libpurple0-minimal (>= 2.8.0), libtinfo5, libxml2 (>= 2.7.4)

Podobne pro libpurple0 (./lp0min/DEBIAN/control)

Package: libpurple0-minimal
Source: libpurple0-minimal
Version: 2.11.0-0+deb8u1
Architecture: amd64
Maintainer: Ari Pollak <ari@debian.org>
Installed-Size: 4861
Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78), libglib2.0-0 (>= 2.37.3), libidn11 (>= 1.13), libnspr4 (>= 2:4.9-2~) | libnspr4-0d (>= 1.8.0.10), libnss3 (>= 2:3.14), libperl5.20 (>= 5.20.2), libsasl2-2, libxml2 (>= 2.7.4), perl-base (>= 5.20.2-3+deb8u5), perlapi-5.20.2, libsasl2-modules
Suggests: libtcl8.6 (>= 8.6.0)

Instalace upravenych baliku:

$ dpkg-deb --build ./fmin ./
$ dpkg-deb --build ./lp0min ./
# dpkg -i ./finch-minimal<verze>.deb ./libpurple0-minimal<verze>.deb
# apt-get install -f # dotazeni zavislosti

Pripadne, pokud nekdo chce kompilovat, tak: (pozor na –with-static-prpls=“<protokoly>”)

$ ./configure --disable-gtkui --disable-screensaver --disable-sm --disable-startup-notification --disable-gtkspell --disable-gevolution --disable-cap --disable-gestures --disable-schemas-install --disable-gstreamer --disable-gstreamer-video --disable-gstreamer-interfaces --disable-farstream --disable-vv --disable-meanwhile --disable-avahi --disable-nm --disable-plugins --disable-perl --enable-gnutls=yes --enable-nss=yes --disable-tcl --disable-tk --disable-pixmaps-install --disable-doxygen --disable-dot --with-static-prpls="irc jabber" --disable-idn --disable-dbus --with-x=no --enable-consoleui --disable-nls
$ make -j 1
# make install
# make checkinstall

Profit!

mutt

Zvyraznovac dulezitych headeru v muttu:

/usr/share/nano/mutt.nanorc

## Here is an example for quoted emails (under e.g. mutt).
##
syntax "mutt"
color yellow  "^>.*"
color green  "^> >.*"
color yellow  "^Subject: .*"
color yellow  "^From: .*"
color yellow  "^Date: .*"
# echo 'include "/usr/share/nano/mutt.nanorc"' >> /etc/nanorc
$ echo 'set editor="nano --syntax=mutt "' >> $HOME/.mutt/muttrc

Maily z Utlouku ci jineho bazmekwaru produkujiciho straslivy “mimetype: text/html” humus lze umravnit odstranenim XML ze zprav (.mutt/muttrc):

set display_filter = " sed -e 's/<[^><]*>//g' "

Je to ale jen hotfix (utloucke maily jsou chvalne v text-only klientech necitelne zprasene) plny escape bugu. Lynx -dump je urcite lepsi reseni, ale ne vsude dostupne.

URL MitM

Nektera dialogova okna maji klikaci odkaz u ktereho nejde zjistit cilova adresa, nebo se crapware snazi otevrit nejaky web sam od sebe. Resenim je nahradit vychozi browser dialogovym oknem, ktery onen odkaz zobrazi.

Fake browser: /opt/displaylink.sh

#!/bin/bash
zenity --info --text="$1"
exit

Nastaveni MitM jako defaultniho browseru (system-wide):

# update-alternatives --install /opt/x-www-browser x-www-browser /opt/displaylink.sh 666

user-wide /usr/share/applications/displaylink.desktop

[Desktop Entry]
Version=1.0
Name=Displaylink     
Exec=/opt/displaylink.sh %U
Terminal=false
Type=Application

a pak pro http, https, ftp, …:

 
$ sed -i 's/x-scheme-handler\/http=.*/x-scheme-handler\/http=displaylink.desktop/g' $HOME/.config/mimeapps.list

Zniceni .xsession-errors

V HOME se tvori zbytecny, obrovsky log .xsession-errors a .xsession-errors.old. Presmerovani do /dev/null nepomaha, Xka si ho zase nahradi za bezny soubor.

Takhle se ho da zbavit:

# echo "exec >> /dev/null 2>&1" > /etc/X11/Xsession.d/05-noerr
# chmod +x /etc/X11/Xsession.d/05-noerr

Snizovani zbytecneho IO

v /etc/fstab se da pripojovat filesystem s volbami “noatime,nodiratime”, coz zakaze aktualizace casu pristupu k souboru/adresari (IMHO uplne zbytecny timestamp).

Zruseni xsession-errors (viz vyse)

/var/log se da mountit jako tmpfs.

none	/var/log	tmpfs	size=100M,mode=777,noatime,nodiratime	0	0

~.cache je trikove - ukladaji se tam napriklad nahledy medialnich souboru (kdo pracuje s mc, tak nahledy nepotrebuje), dconf “dvoubajtovy binarni blob”… Takze muze byt uzitecne si .cache presunout do tmpfs/nullfs:

Pozor na dostatek RAM!
$ rm -rfv $HOME/.cache
$ ln -s /dev/shm $HOME/.cache
$ rm -rfv $HOME/.mozilla/firefox/<profil>/cache
$ ln -s /dev/shm $HOME/.mozilla/firefox/<profil>/cache

Nenazrane pulseaudio

Pulseaudio si v /dev/shm dela 64MiB binarni bloby (pulseaudio-shm-*) a NEMAZE je po sobe, cimz efektivne zere “cached” (protoze tmpfs) RAM.

Pokud se tyhle bloby zakazou, podle internetu muze vzrust latence (ale nepozoroval jsem)…

Nastesti se to da zakazat upravou /etc/pulse/daemon.conf (pozor na strednik na zacatku radku)

enable-shm = no

Nefunkcni suspend (uspani do RAM)

Devuan (MATE 1.8) se neumi uspat do RAM i s nainstalovanym acpi a pm-utils. Je potreba vyresit uspani a zaroven zamkuti obrazovky (pm-suspend jen uspi, ale nezamkne).

Pokud se pm-suspend zavola pred dokoncenim zamknuti (je-li screensaver nastaveny na fade-to-black), po probuzeni jsou v obraze artefakty a muze leaknout buffer desktopu pred zamcenim.

Distribucni script /etc/acpi/lid.sh vola (pokud existuje a je spustitelny) soubor /etc/acpi/local/lid.sh.pre (pravdepodobné neexistuje → vytvor):

grep -q closed /proc/acpi/button/lid/*/state
if [ $? = 0 ]; then
	xscreensaver-command -display :0.0 -lock && sleep 3; pm-suspend
fi

Zakazani diskretni nvidie

Kdyz diskretni grafika jenom zere baterku a nani potreba, tak se da defaultne vypnout:

# apt-get install bbswitch-dkms
# echo "bbswitch load_state=0" >> /etc/modules
# update-initramfs -u -v

Pripadne rucne:

# echo "OFF" > /proc/acpi/bbswitch
# echo "ON" > /proc/acpi/bbswitch

Firefox searchplugin

Vyhledavac DDG umi vysledky poskytovat bez JS v cistem HTML, pripadne vyhledavat primo obrazky. Umi taky parametricky vypnout “filtrovani nevhodneho obsahu” (GET parametr “kp=-2”). Udelal jsem adekvatni searchpluginy do firefoxu:

HTML only, vypnute filtrovani:

<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/" xmlns:os="http://a9.com/-/spec/opensearch/1.1/">
<os:ShortName>DuckDuckGoGG HTML</os:ShortName>
<os:Description>Search DuckDuckGoGG (HTML)</os:Description>
<os:InputEncoding>UTF-8</os:InputEncoding>
<os:Image width="16" height="16">data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAB8lBMVEUAAADkRQzjPwPjQQXkRQ3iPwTiQQXgPQPeQgrcOwPVNgDVNQDWOgbTMwDRMgDQMwDSMwDRNwTQLgDRJgDSJwDSLgDSNwTjOgDiOADjOQDkPADhQAXzs5v+/fv////0vKbiRQvgPQHpdUr85NzuknPdKgDcIwDnZzj2w7HqeU/gPQLsimb/+PftjWn97Obpb0LdJQDeLQDtjmvsi2jgSBDnbULgOQD/39HgLQDeMgDpeFLgSBH0v670uqbaJQD2qImWvP/G1Ob5+/3u//+fvvXyp47dMwDaLwD0u6v0v6/aNQDiXi/aKQD3qozU7/8gSY2vvtg0ZK/OqLDaKQHYKgLgWTfaNADZMgDZMADZLADzqpD7//+xwdz//9H/5Bn/7Bn//ADofADYMADYMQDZOgPXLgDiZDj//97/0AD3tQDvlgHZOgbXLATXMADWMgDfXjLVLQD///z+0AD/3Rn/yRnwnQDcVjbVMQDyv67wuKTSJwDRHQD+8O/tg3/iQQDwhAHnawHWMADvtKfyva7XQxHga0bQGQD2vbH/u8LXIQCmPQzja07XQxLliGn99fPkcVHvhnGZ5VguvUU5wktBwCcAgxzydVv/8/XmiGngdlL+ysi3+I8LtCE80V6P3YmX4sDleljSNQLzr6D7sKPXNQTSIwAEAbMrAAAAF3RSTlMARqSkRvPz80PTpKRG3fPe3hio9/eoGP50jNsAAAABYktHRB5yCiArAAAAyElEQVQYGQXBvUqCYRiA4fu2V9Tn+UQddI3aCpxaOoU6iU4gcqqpoYbALXBuCuoYmttamqJDiEoh4YP+MOi6BNCh+uYKEGiOVNCXXxA2XDVV/UyfKbRCXTLQWAxbP2vt8Ue/uYDvfim91615sb2um6rqtrr/NFb1cUf1Ybd06areU6lSlYpK79jzK1SyJOkfhOl8JGEcqV5zoKrTRqO6yUzIzNu46ijdM1VV9bhuUJ/nZURExLRzUiPQm3kKXHi4BAEGOmOi78A/L1QoU/VHoTsAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTQtMDEtMTlUMjA6MDE6MTEtMDU6MDAuET6cAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE0LTAxLTE5VDIwOjAxOjExLTA1OjAwX0yGIAAAAABJRU5ErkJggg==</os:Image>
<os:Url type="text/html" method="GET" template="https://duckduckgo.com/html/">
  <os:Param name="q" value="{searchTerms}"/>
	<Param name="kp" value="-2"/>
</os:Url><os:Url type="application/x-suggestions+json" method="GET" template="https://duckduckgo.com/?q={searchTerms}&amp;kp=-2&amp;type=list">
</os:Url>
</SearchPlugin>

Hledani rovnou obrazku:

<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/" xmlns:os="http://a9.com/-/spec/opensearch/1.1/">
<os:ShortName>DuckDuckGoGG Img</os:ShortName>
<os:Description>Search DuckDuckGoGG (Image)</os:Description>
<os:InputEncoding>UTF-8</os:InputEncoding>
<os:Image width="16" height="16">data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAB8lBMVEUAAADkRQzjPwPjQQXkRQ3iPwTiQQXgPQPeQgrcOwPVNgDVNQDWOgbTMwDRMgDQMwDSMwDRNwTQLgDRJgDSJwDSLgDSNwTjOgDiOADjOQDkPADhQAXzs5v+/fv////0vKbiRQvgPQHpdUr85NzuknPdKgDcIwDnZzj2w7HqeU/gPQLsimb/+PftjWn97Obpb0LdJQDeLQDtjmvsi2jgSBDnbULgOQD/39HgLQDeMgDpeFLgSBH0v670uqbaJQD2qImWvP/G1Ob5+/3u//+fvvXyp47dMwDaLwD0u6v0v6/aNQDiXi/aKQD3qozU7/8gSY2vvtg0ZK/OqLDaKQHYKgLgWTfaNADZMgDZMADZLADzqpD7//+xwdz//9H/5Bn/7Bn//ADofADYMADYMQDZOgPXLgDiZDj//97/0AD3tQDvlgHZOgbXLATXMADWMgDfXjLVLQD///z+0AD/3Rn/yRnwnQDcVjbVMQDyv67wuKTSJwDRHQD+8O/tg3/iQQDwhAHnawHWMADvtKfyva7XQxHga0bQGQD2vbH/u8LXIQCmPQzja07XQxLliGn99fPkcVHvhnGZ5VguvUU5wktBwCcAgxzydVv/8/XmiGngdlL+ysi3+I8LtCE80V6P3YmX4sDleljSNQLzr6D7sKPXNQTSIwAEAbMrAAAAF3RSTlMARqSkRvPz80PTpKRG3fPe3hio9/eoGP50jNsAAAABYktHRB5yCiArAAAAyElEQVQYGQXBvUqCYRiA4fu2V9Tn+UQddI3aCpxaOoU6iU4gcqqpoYbALXBuCuoYmttamqJDiEoh4YP+MOi6BNCh+uYKEGiOVNCXXxA2XDVV/UyfKbRCXTLQWAxbP2vt8Ue/uYDvfim91615sb2um6rqtrr/NFb1cUf1Ybd06areU6lSlYpK79jzK1SyJOkfhOl8JGEcqV5zoKrTRqO6yUzIzNu46ijdM1VV9bhuUJ/nZURExLRzUiPQm3kKXHi4BAEGOmOi78A/L1QoU/VHoTsAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTQtMDEtMTlUMjA6MDE6MTEtMDU6MDAuET6cAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE0LTAxLTE5VDIwOjAxOjExLTA1OjAwX0yGIAAAAABJRU5ErkJggg==</os:Image>
<os:Url type="text/html" method="GET" template="https://duckduckgo.com/">
  <os:Param name="q" value="{searchTerms}"/>
	<Param name="kp" value="-2"/>
	<Param name="iar" value="images"/>
	<Param name="type" value="list"/>
</os:Url><os:Url type="application/x-suggestions+json" method="GET" template="https://duckduckgo.com/?iar=images&amp;q={searchTerms}&amp;kp=-2">
</os:Url>
</SearchPlugin>

Ulozit do $HOME/.mozilla/firefox/PROFIL/searchplugins/NAZEV_VYHLEDAVACE.xml

TODO

user/sachy/lakatux.1493416790.txt.gz · Last modified: 2017/04/28 21:59 by sachy