This is an old revision of the document!
Table of Contents
Lehky kolovy tucnak
Ani balik neodstranis, protoze je to v zavislostech…!
Vira duveru prenasi
# rm -rfv /etc/ssl/certs $ echo "check-certificate = off" > $HOME/.wgetrc
Fixovani hipstrovin
Edit “/etc/default/grub”
GRUB_CMDLINE_LINUX_DEFAULT="quiet nouveau.modeset=0 net.ifnames=0 biosdevname=0"
Zakaz IPv6 v /etc/sysctl.d/ipv6.conf
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.<device>.disable_ipv6 = 1
clubmate
$ gsettings set org.mate.Marco.window-keybindings minimize Super_L $ gsettings set org.mate.Marco.general button-layout 'close,maximize,minimize:' $ gsettings set org.mate.caja.desktop computer-icon-visible false $ gsettings set org.mate.caja.desktop home-icon-visible false $ gsettings set org.mate.caja.desktop network-icon-visible false $ gsettings set org.mate.caja.desktop trash-icon-visible false $ gsettings set org.mate.caja.desktop volumes-icon-visible true
Nebezpecny SW pod jinym uzivatelem
Odriznuti prohlizece nebo jineho nebezpecneho SW od dat bezneho uzivatele (sachy) tim, ze se bude spoustet pod vlastnim neprivilegovanym uzivatelem (ffuser). Obdobne pro jiny crapware…
# echo "sachy ALL=(ffuser) NOPASSWD: /home/ffuser/firefox/firefox" >> /etc/sudoers $ xhost +si:localuser:ffuser # povolit ffuserovi pouzit $DISPLAY ... $ sudo -u ffuser /home/ffuser/firefox/firefox
Finch a jeho zavislosti
Finch je TUI irc/jabber/… komunikator nad libpurple0 (oboji soucast pidginu, ale pouzitelne samostatne). V debian-like distrech terminalovy klient zavisi na fontech a dalsich GUI nesmyslech.
Stazeni .deb a rozbaleni:
$ apt-get download finch libpurple0 $ dpkg-deb -R ./finch<verze>.deb ./fmin $ dpkg-deb -R ./libpurple0<verze>.deb ./lp0min
Nahrazeni zavislosti finche (./fmin/DEBIAN/control) Pozor na nazev “finch” → “finch-minimal” a zavislost “libpurple0” → “libpurple0-minimal”!
Package: finch-minimal Source: finch-minimal Version: 2.11.0-0+deb8u1 Architecture: amd64 Maintainer: Ari Pollak <ari@debian.org> Installed-Size: 744 Depends: libc6 (>= 2.14), libglib2.0-0 (>= 2.35.9), libncursesw5 (>= 5.6+20070908), libpurple0-minimal (>= 2.8.0), libtinfo5, libxml2 (>= 2.7.4)
Podobne pro libpurple0 (./lp0min/DEBIAN/control)
Package: libpurple0-minimal Source: libpurple0-minimal Version: 2.11.0-0+deb8u1 Architecture: amd64 Maintainer: Ari Pollak <ari@debian.org> Installed-Size: 4861 Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.0.2), libdbus-glib-1-2 (>= 0.78), libglib2.0-0 (>= 2.37.3), libidn11 (>= 1.13), libnspr4 (>= 2:4.9-2~) | libnspr4-0d (>= 1.8.0.10), libnss3 (>= 2:3.14), libperl5.20 (>= 5.20.2), libsasl2-2, libxml2 (>= 2.7.4), perl-base (>= 5.20.2-3+deb8u5), perlapi-5.20.2, libsasl2-modules Suggests: libtcl8.6 (>= 8.6.0)
Instalace upravenych baliku:
$ dpkg-deb --build ./fmin ./ $ dpkg-deb --build ./lp0min ./ # dpkg -i ./finch-minimal<verze>.deb ./libpurple0-minimal<verze>.deb # apt-get install -f # dotazeni zavislosti
Pripadne, pokud nekdo chce kompilovat, tak: (pozor na –with-static-prpls=“<protokoly>”)
$ ./configure --disable-gtkui --disable-screensaver --disable-sm --disable-startup-notification --disable-gtkspell --disable-gevolution --disable-cap --disable-gestures --disable-schemas-install --disable-gstreamer --disable-gstreamer-video --disable-gstreamer-interfaces --disable-farstream --disable-vv --disable-meanwhile --disable-avahi --disable-nm --disable-plugins --disable-perl --enable-gnutls=yes --enable-nss=yes --disable-tcl --disable-tk --disable-pixmaps-install --disable-doxygen --disable-dot --with-static-prpls="irc jabber" --disable-idn --disable-dbus --with-x=no --enable-consoleui --disable-nls $ make -j 1 # make install # make checkinstall
Profit!
mutt
Zvyraznovac dulezitych headeru v muttu
/usr/share/nano/mutt.nanorc
## Here is an example for quoted emails (under e.g. mutt). ## syntax "mutt" color yellow "^>.*" color green "^> >.*" color yellow "^Subject: .*" color yellow "^From: .*" color yellow "^Date: .*"
# echo 'include "/usr/share/nano/mutt.nanorc"' >> /etc/nanorc $ echo 'set editor="nano --syntax=mutt "' >> $HOME/.mutt/muttrc
Zobrazeni TEXT/HTML
Maily z Utlouku ci jineho bazmekwaru produkujiciho straslivy “mimetype: text/html” humus lze umravnit odstranenim XML ze zprav (.mutt/muttrc):
set display_filter = " sed -e 's/<[^><]*>//g' "
Je to ale jen hotfix (utloucke maily jsou chvalne v text-only klientech necitelne zprasene) plny escape bugu. Lynx -dump je urcite lepsi reseni, ale ne vsude dostupne.
Mutt v ruznych sitich
Nekteri poskytovalete maji pocit, ze vsechna odchozi posta musi projit pres jejich SMTP server a ostatni SMTPS spojeni zariznou. Rucne menit konfiguraky pri prechodech je otrava, pomuze script :)
V globalnim muttrc je asi neco takoveho (makra na zmenu schranky, dle poctu ruznych mailu):
macro index <f4> '<enter-command>source $HOME/.mutt/MAILBOX.muttrc<enter><change-folder>!<enter>'
MAILBOX.muttrc jsou specificke volby pro danou schranku. Je tedy potreba je vygenerovat z predlohy a docpat tam spravny smtp_url, pripadne dalsi upravy dle poskytovatele.
mutt1.sh
#!/bin/bash cp -f $HOME/.mutt/MAILBOX.muttrc.src $HOME/.mutt/MAILBOX.muttrc echo 'set smtp_url="smtps://such.security.wtf"' >> $HOME/.mutt/MAILBOX.muttrc mutt exit
Podobne pro dalsi poskytovatele mutt2.sh atd. Generatory lze ulozit bud do /usr/local/bin nebo pres alias do .bashrc a pak mutt spoustet generatorem, nikoli rovnou.
gnupg-2.1
Gnupg-2.1 zmenilo API, takze mutt s nim nefunguje. Je potreba zmenit parametry:
set pgp_decode_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --no-auto-check-trustdb --batch --output - %f" set pgp_verify_command="gpg --pinentry-mode loopback --verbose --batch --output - --no-auto-check-trustdb --verify %s %f" set pgp_decrypt_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - %f" set pgp_sign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - --armor --textmode %?a?-u %a? --detach-sign %f" set pgp_clearsign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - --armor --textmode %?a?-u %a? --detach-sign %f" set pgp_encrypt_sign_command="pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --textmode --trust-model always --output - %?a?-u %a? --armor --encrypt --sign --armor -- -r %r -- %f" set pgp_encrypt_only_command="pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --trust-model always --output --output - --encrypt --textmode --armor -- -r %r -- %f" set pgp_import_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --import -v %f" set pgp_export_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --export --armor %r" set pgp_verify_key_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --fingerprint --check-sigs %r" set pgp_list_pubring_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --with-colons --list-keys %r" set pgp_list_secring_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --with-colons --list-secret-keys %r"
URL MitM
Nektera dialogova okna maji klikaci odkaz u ktereho nejde zjistit cilova adresa, nebo se crapware snazi otevrit nejaky web sam od sebe. Resenim je nahradit vychozi browser dialogovym oknem, ktery onen odkaz zobrazi.
Fake browser: /opt/displaylink.sh
#!/bin/bash zenity --info --text="$1" exit
Nastaveni MitM jako defaultniho browseru (system-wide):
# update-alternatives --install /opt/x-www-browser x-www-browser /opt/displaylink.sh 666
user-wide /usr/share/applications/displaylink.desktop
[Desktop Entry] Version=1.0 Name=Displaylink Exec=/opt/displaylink.sh %U Terminal=false Type=Application
a pak pro http, https, ftp, …:
$ sed -i 's/x-scheme-handler\/http=.*/x-scheme-handler\/http=displaylink.desktop/g' $HOME/.config/mimeapps.list
Zniceni .xsession-errors
V HOME se tvori zbytecny, obrovsky log .xsession-errors a .xsession-errors.old. Presmerovani do /dev/null nepomaha, Xka si ho zase nahradi za bezny soubor.
Takhle se ho da zbavit:
# echo "exec >> /dev/null 2>&1" > /etc/X11/Xsession.d/05-noerr # chmod +x /etc/X11/Xsession.d/05-noerr
Snizovani zbytecneho IO
v /etc/fstab se da pripojovat filesystem s volbami “noatime,nodiratime”, coz zakaze aktualizace casu pristupu k souboru/adresari (IMHO uplne zbytecny timestamp).
Zruseni xsession-errors (viz vyse)
/var/log se da mountit jako tmpfs.
none /var/log tmpfs size=100M,mode=777,noatime,nodiratime 0 0
~.cache je trikove - ukladaji se tam napriklad nahledy medialnich souboru (kdo pracuje s mc, tak nahledy nepotrebuje), dconf “dvoubajtovy binarni blob”… Takze muze byt uzitecne si .cache presunout do tmpfs/nullfs:
$ rm -rfv $HOME/.cache $ ln -s /dev/shm $HOME/.cache $ rm -rfv $HOME/.mozilla/firefox/<profil>/cache $ ln -s /dev/shm $HOME/.mozilla/firefox/<profil>/cache
Nenazrane pulseaudio
Pulseaudio si v /dev/shm dela 64MiB binarni bloby (pulseaudio-shm-*) a NEMAZE je po sobe, cimz efektivne zere “cached” (protoze tmpfs) RAM.
Pokud se tyhle bloby zakazou, podle internetu muze vzrust latence (ale nepozoroval jsem)…
Nastesti se to da zakazat upravou /etc/pulse/daemon.conf (pozor na strednik na zacatku radku)
enable-shm = no
Nefunkcni suspend (uspani do RAM)
Devuan (MATE 1.8) se neumi uspat do RAM i s nainstalovanym acpi a pm-utils. Je potreba vyresit uspani a zaroven zamkuti obrazovky (pm-suspend jen uspi, ale nezamkne).
Pokud se pm-suspend zavola pred dokoncenim zamknuti (je-li screensaver nastaveny na fade-to-black), po probuzeni jsou v obraze artefakty a muze leaknout buffer desktopu pred zamcenim.
Distribucni script /etc/acpi/lid.sh vola (pokud existuje a je spustitelny) soubor /etc/acpi/local/lid.sh.pre (pravdepodobné neexistuje → vytvor):
grep -q closed /proc/acpi/button/lid/*/state if [ $? = 0 ]; then xscreensaver-command -display :0.0 -lock && sleep 3; pm-suspend fi
Nekdy je jeste potreba vytvorit event pro acpid /etc/acpi/events/lid
event=button/lid LID [^o] action=/etc/acpi/lid.sh
Zakazani diskretni nvidie
Kdyz diskretni grafika jenom zere baterku a nani potreba, tak se da defaultne vypnout:
# apt-get install bbswitch-dkms # echo "bbswitch load_state=0" >> /etc/modules # update-initramfs -u -v
Pripadne rucne:
# echo "OFF" > /proc/acpi/bbswitch # echo "ON" > /proc/acpi/bbswitch
Firefox searchplugin
Vyhledavac DDG umi vysledky poskytovat bez JS v cistem HTML, pripadne vyhledavat primo obrazky. Umi taky parametricky vypnout “filtrovani nevhodneho obsahu” (GET parametr “kp=-2”). Udelal jsem adekvatni searchpluginy do firefoxu:
HTML only, vypnute filtrovani:
<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/" xmlns:os="http://a9.com/-/spec/opensearch/1.1/"> <os:ShortName>DuckDuckGoGG HTML</os:ShortName> <os:Description>Search DuckDuckGoGG (HTML)</os:Description> <os:InputEncoding>UTF-8</os:InputEncoding> <os:Url type="text/html" method="GET" template="https://duckduckgo.com/html/"> <os:Param name="q" value="{searchTerms}"/> <Param name="kp" value="-2"/> </os:Url><os:Url type="application/x-suggestions+json" method="GET" template="https://duckduckgo.com/?q={searchTerms}&kp=-2&type=list"> </os:Url> </SearchPlugin>
Hledani rovnou obrazku:
<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/" xmlns:os="http://a9.com/-/spec/opensearch/1.1/"> <os:ShortName>DuckDuckGoGG Img</os:ShortName> <os:Description>Search DuckDuckGoGG (Image)</os:Description> <os:InputEncoding>UTF-8</os:InputEncoding> <os:Url type="text/html" method="GET" template="https://duckduckgo.com/"> <os:Param name="q" value="{searchTerms}"/> <Param name="kp" value="-2"/> <Param name="iar" value="images"/> <Param name="type" value="list"/> </os:Url><os:Url type="application/x-suggestions+json" method="GET" template="https://duckduckgo.com/?iar=images&q={searchTerms}&kp=-2"> </os:Url> </SearchPlugin>
Ulozit do $HOME/.mozilla/firefox/PROFIL/searchplugins/NAZEV_VYHLEDAVACE.xml
Disable USB automount
echo 'ACTION==“add”,KERNEL==“sd*”,RUN==“/bin/true”' » /etc/udev/rules.d/noautomount.rules
Debian/Devuan cekaji pri bootu 90 s na sit
Nejaky idiot implementoval default, ze kdyz pri bootu neni link na eth, tak se musi pockat 90s a on se mozna zazracne objevi.
Reseni je snadne: na zacatek /etc/init.d/networking nacpat “exit 0”
Rychlejsi internety
https://www.root.cz/clanky/rizeni-toku-algoritmem-bbr-buldozer-nebere-ohledy-na-ostatni-spojeni/
# echo "tcp_bbr" >> /etc/modules # echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.d/bbr.conf
.nanorc
set smooth set softwrap set tabsize 2 set constantshow unset locking bind ^L copytext all
URL v xattr
Nejaky debil vymyslel a defaultne zapnul ukladani URL stahovaneho souboru do xattr. Informace samotná je uložena jako vlastnost user.xdg.origin.url, případně user.xdg.referrer.url
By default se tak chova wget (při kompilaci vypnout parametrem –disable-xattr; za běhu –no-xattr) a chromajzl.
https://www.root.cz/clanky/atributy-souboru-mohou-obsahovat-url-ze-ktere-byl-soubor-stazen/
Leading zeros v bc
“bc” zahazuje 0 na zacatku desetinnych cisel, protoze americani maji vseobecne s cislama problem (a neexistuje ani zadny prepinac ktery by to zapnul)
echo "5*0.1" | bc .5
Nastesti co nedokaze basic calculator, dokaze sed… Fix do .bashrc:
alias bc="bc | sed -e 's/^\./0./g' -e 's/^-\./-0./g'"
TODO
Upgrade Ascii -> Beowulf
Strange behavior of touchpad and broken scrolling
X11 migrated from evdev to libinput. Lets go back to the working method…
apt-get purge xserver-xorg-input-libinput apt-get install xserver-xorg-input-evdev
Release.pgp unsupported binary format
When apt-get update says ^^, it means that just some junk is left in /var/lib/apt/lists …
# rm -rfv /var/lib/apt/lists/*
ALSA
Well, audio output gets fucked up completely, since “alsa” command is not provided anymore by any package…
apt-get purge alsa* pulseaudio* # Na trisky nehled, me to odjebalo cely mate-desktop shutdown -r now apt-get install alsa-utils libasound2 libasound2-data volumeicon-alsa shutdown -r now
So “aplay -l”, note proper device you want to use and disable the other ones in /etc/modprobe.d/alsafucked.conf
options snd-hda-intel index=HUGE_INTEGER_DEFINITELY_NOT_0,0
Restart again… a v “alsamixer” nastav co je potreba. Restart again and it works (or GOTO 1)