clefru's Blog

My monitor, or my X version, or my Xorg drivers, or my KMS kernel, or my xscreensaver version, or my goldfish has a broken DPMS implementation, so that my monitor doesn't turn of when idle. This is a particular waste of energy during the night. Luckily my monitor responds correctly to xset dpms force off when issued twice with a small delay. Using xprintidle-ng , I can work around the problem. #!/bin/sh ACTIVATE=$(expr 60 \* 1000 \* 45) # sleep after 45 mins. LASTIDLE=0 while sleep 60; do IDLE=$(xprintidle-ng) if [ "$LASTIDLE" -lt "$ACTIVATE" -a "$IDLE" -ge "$ACTIVATE" ]; then xset dpms force off sleep 10 xset dpms force off fi LASTIDLE="$IDLE" done

I am often tempted to try out a random github project with: # mkdir random-repo # cd random-repo # git clone http://github.com/random-dude/random-repo . # ./configure && make [...] # emacs hack-on-something.cc # make However that is naive from a security standpoint. Makefile s can do just about everything to your workstation, e.g. steal your e-banking credentials from .config/chrome . So, I want sandboxing. And I want it in a way that fuses nicely with the workflow above. Basing sandbox activation on my shell current working directory seems to work quite nicely. Consider the following: # id -nu clefru # echo $PWD /home/clefru/devel # pwdjail-mkdir random-repo # cd random-repo $ id -nu random-repo $ echo $HOME /home/clefru/devel/random-repo $ git clone http://github.com/random-dude/random-repo . $ ./configure && make [...] $ cd .. # echo $PWD /home/clefru/devel # id -nu clefru # emacs random-repo/src/file.cc [...] Notice: I use pwdjail-mkdir instead of mkdir . En

Sony's A6000 has a nice feature to allow it to push images via Wifi. The camera however only does so, if it has been paired with Sony's PlayMemories Windows software. That's a one time thing, also the pairing isn't really a pairing that's strongly enforced anywhere. It's just settings truncated GUID, that the camera will broadcast after connecting to the Wifi Hotspot. One could just grab a Windows device and do the pairing, however I was curios to see if I can cut out this requirement. And I could! I added sony-guid-setter.c to falk0069's sony-pm-alt repository which crafts non-standard USB packages so that the camera thinks it's pairing with PlayMemories. How this is done is documented in the README.md of falk0069's repo.

Google's Native SSH client for Chrome supports connecting to SSH via a websocket/HTTP protocol. I reverse engineered the protocol from the published source and wrote a NodeJS counterpart . This is useful if you don't want to expose your SSH port to the world, but want to hide it behind HTTP/Websockets, possibly using an additional authentication flow in front.

I am in the unfortunate position to have read Silver Needle in the Skype up to PDF page 21, where a successful heap overflow attack makes skype drop to a shell. Since then I decided that I either have to stop using Skype or sandbox it. Since about a year I have been doing the latter, with some bumps in the road, as new versions of Skype needed more files and more sandboxing. However, it worked for me most of the time, and it is time to share the gory details with the world. The sandbox script can be found at http://gist.github.com/615366 , where you can also edit the script.You need to have PulseAudio server running and listening to TCP traffic so that sound can break out of the sandbox. Verify that you have: load-module module-native-protocol-tcp in your PulseAudio config. Please review the variable settings to ensure that it fits your setup ( DIR , XAUTHORITY , PULSECOOKIE ). The sandbox is created for the user invoking the script. This user must have sudo capabilities to call t

This blog post is a copy of a much nicer PDF version . I found that Wave could be used as collaborative editor on Latex documents by using a modified export bot and a simple shell script. The exporty2 bot (living at exporty2@appspot.com ) allows you to access a wave using access tokens instead of cookie based logins making it easier to fetch those waves using curl. Also the exporty2 bot allows you to export only the text of a Wave using the ``raw'' template. The raw URL given by the exporty2 bot is pasted into the shell script below. It serves as master wave as it is the document that is latex-ed. Additionally it also lists other resources using the special %FETCHURL tag. These resources are pairs of local name and URL. Curl fetchs these resources and stores it under their local name before the shell scripts runs the usual combination of latex/bibtex/latex. I usually put those %FETCHURL tags below \documentclass . #!/bin/sh TITLE="wave-collaboration" TOKEN=c64