Elogviewer: A handy GUI for viewing Portage elog messages in Gentoo Linux

When merging (installing) packages in Gentoo, ebuilds often output console messages with information or warnings from the writer of the ebuild, usually at the end of the installation process. However, these ‘elog’ messages will not be displayed if you have configured the environment variable EMERGE_DEFAULT_OPTS so as to merge packages quietly or in parallel. Even if you did not configure EMERGE_DEFAULT_OPTS that way, it is easy to miss these messages as they scroll up and off screen if several packages are merging, one after the other.

The Gentoo package manager Portage has a logging facility that, if enabled, will log these elog messages to files so that you can review them afterwards. You can enable this facility by editing the file /etc/portage/make.conf and adding the environment variable PORTAGE_ELOG_SYSTEM="save" and the environment variable PORTAGE_ELOG_CLASSES with one or more logging classes. Here are the relevant lines from the file /etc/portage/make.conf on my laptop:

PORT_LOGDIR="/var/log/portage"
PORTAGE_ELOG_SYSTEM="save"
PORTAGE_ELOG_CLASSES="info warn error log qa"

For example, after merging the package www-misc/bluegriffon-bin-1.8 at 06:01:00 on 14 April 2016, I am able to examine the contents of the log file for that specific job:

$ cat /var/log/portage/elog/www-misc:bluegriffon-bin-1.8:20160414-060100.log
INFO: setup
Package: www-misc/bluegriffon-bin-1.8
Repository: local_overlay
USE: abi_x86_64 amd64 elibc_glibc kernel_linux userland_GNU
FEATURES: preserve-libs sandbox userpriv usersandbox
LOG: install
If you use BlueGriffon in KDE, use System Settings > Common Appearance and Behaviour > Application Appearance > GTK
and select any GTK theme other than Oyxgen, otherwise BlueGriffon will crash when you click on any pull-down menu.
QA: other
QA Notice: Pre-stripped files found:
/opt/bluegriffon/libreplace_jemalloc.so
/opt/bluegriffon/libnssdbm3.so
/opt/bluegriffon/libnss3.so
/opt/bluegriffon/bluegriffon-bin
/opt/bluegriffon/libnssutil3.so
/opt/bluegriffon/gmp-clearkey/0.1/libclearkey.so
/opt/bluegriffon/libsmime3.so
/opt/bluegriffon/libplc4.so
/opt/bluegriffon/libnssckbi.so
/opt/bluegriffon/plugin-container
/opt/bluegriffon/libsoftokn3.so
/opt/bluegriffon/libssl3.so
/opt/bluegriffon/libnspr4.so
/opt/bluegriffon/libxul.so
/opt/bluegriffon/libfreebl3.so
/opt/bluegriffon/components/libmozgnome.so
/opt/bluegriffon/components/libdbusservice.so
/opt/bluegriffon/libplds4.so
/opt/bluegriffon/libmozsqlite3.so
/opt/bluegriffon/bluegriffon

Of particular interest is the elog message:

If you use BlueGriffon in KDE, use System Settings > Common Appearance and Behaviour > Application Appearance > GTK
and select any GTK theme other than Oyxgen, otherwise BlueGriffon will crash when you click on any pull-down menu.

Clearly, some of the elog messages are important and must not be missed. After reading such messages, users can take appropriate action.

To facilitate reading Portage elog files, there is a GUI utility called Elogviewer which is easy to install and use:

# emerge elogviewer

$ elogviewer --help
usage: elogviewer [-h] [-p ELOGPATH] [--log {DEBUG,INFO,WARNING,ERROR}]

Elogviewer should help you not to miss important information. You need to
enable the elog feature by setting at least one of PORTAGE_ELOG_CLASSES="info
warn error log qa" and PORTAGE_ELOG_SYSTEM="save" in /etc/make.conf. You need
to add yourself to the portage group to use elogviewer without privileges.
Read /etc/make.conf.example for more information.

optional arguments:
  -h, --help            show this help message and exit
  -p ELOGPATH, --elogpath ELOGPATH
                        path to the elog directory
  --log {DEBUG,INFO,WARNING,ERROR}
                        set logging level

I happen to have configured EMERGE_DEFAULT_OPTS="--jobs=8 --load-average=8" (i.e. perform installation jobs in parallel using all eight cores of the CPU) in my /etc/portage/make.conf file, so I don’t see elog messages on screen, and therefore Elogviewer comes in handy. The output in the Konsole window looks like the following when I merge a package:

# emerge -v bluegriffon-bin

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ~] www-misc/bluegriffon-bin-1.8::local_overlay  0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB

>>> Verifying ebuild manifests
>>> Emerging (1 of 1) www-misc/bluegriffon-bin-1.8::local_overlay
>>> Installing (1 of 1) www-misc/bluegriffon-bin-1.8::local_overlay
>>> Jobs: 1 of 1 complete                           Load avg: 0.11, 0.07, 0.13
>>> Auto-cleaning packages...

>>> No outdated packages were found on your system.

 * GNU info directory index is up-to-date.

Notice that the important elog message regarding switching the GTK theme in KDE that is included in the log file was not displayed on the console during installation of the package, because of my setting for EMERGE_DEFAULT_OPTS.

If I then launch Elogviewer, either from the command line or using the KDE launcher, a window pops up as shown below. I can then view a list of recently merged packages and click on each to read the elog output easily. Whether installing only one package or many packages in one session, this makes life easier.

Elogviewer

Elogviewer window

BT Broadband could be cause of Netflix app’s ui-113 message

A couple of months ago I posted regarding a problem with the Netflix app on my LG smart TV (Netflix – Not fit for purpose?). We use BT Infinity broadband with a BT HomeHub 3. The Netflix app on the TV stopped working in early January and always displayed a Netflix ‘ui-113’ message when trying to connect. As we are paying good money to Netflix, we resorted to trying various DNS server addresses posted on the Web for US Netflix, which only work for a short time. Although US Netflix has more content than UK Netflix, we want the latter as it has UK programmes not available on US Netflix. Not to mention that we live in the UK. And it seems my family is not the only one suffering: BT Broadband Users Suffer Problems with Netflix on UK Smart TVs.

Today I found a YouTube video regarding a different Netflix error code (‘nw-2-5’) but, having tried everything else, I tried the suggested fix anyway (Enable Parental Controls then Disable Parental Controls then Delete Parental Controls) and then changed the DNS server address setting in the TV back to the default 192.168.1.254 for the BT Home Hub. Although the Netflix app first displays the ‘ui-113’ or ‘nw-2-5’ messages, if I retry a few times it now manages to connect to UK Netflix. After a couple of months of hassle with Netflix, that is progress.

The fix suggested in the above-mentioned YouTube video consisted of enabling then disabling and deleting BT Parental Controls via the user’s account page on the BT Web site. Even though I had never previously enabled BT Parental Controls, I logged in to the BT Web site, enabled Parental Controls, and then disabled and deleted them as per the instructions given in the aforementioned YouTube video.

So it seems that BT is either the cause of the problem or a major contributor. I suspect the blame may lie with more than one company, though, because: a) the Netflix app’s ‘ui-113’ and ‘nw-2-5’ messages occur even after I made sure BT Parental Controls really are disabled; b) it is touch and go whether the app is successful in accessing the Netflix site at the first attempt; c) other devices accessing Netflix via my home network don’t suffer from the problem. I just hope LG, Netflix and BT are working together to solve it properly, because the current situation is completely unacceptable.

Thunderbird’s defective method of enabling anti-virus software to scan incoming POP3 e-mail messages

Thunderbird’s method of enabling anti-virus software to scan incoming e-mail messages is explained in the mozillaZine article ‘Download each e-mail to a separate file before adding to Inbox‘ and in Mozilla bug report no. 116443 (the bug report that resulted in the functionality being implemented). It is my contention that the design is deficient and is actually not a solution. In this post I explain why I believe this to be the case. Although here I will discuss Thunderbird in Linux, I believe the deficiency applies to Thunderbird in all OSs.

By default, Thunderbird inserts new incoming e-mail messages into an Inbox file. However, it is possible to configure Thunderbird to first create a temporary file containing each individual e-mail message in the /tmp directory, to enable external anti-virus software to scan each message before Thunderbird inserts it into the Inbox file. This approach only works for POP3 e-mail. The developers’ rationale for implementing this approach was to avoid the possibility of anti-virus software deleting or quarantining an entire Inbox.

In summary, if you want to scan incoming e-mails on your machine without running the risk of losing the entire Thunderbird Inbox, you must:

  1. configure Thunderbird so it creates temporary files /tmp/newmsg* (each file contains a single e-mail message containing ASCII characters);
  2. configure the anti-virus software not to scan the directory containing the Inbox;
  3. configure the anti-virus software to scan the /tmp directory.

Nevertheless, it seems Thunderbird developers would prefer you to disable local scanning of e-mail messages entirely: ‘mozillaZine – Email scanning – pros and cons‘.

Nowadays e-mail servers scan e-mail messages before you even download them. Some e-mail servers even send you an automated e-mail to inform you about an infected incoming e-mail or about an infected outgoing e-mail rejected by a receiving e-mail server. So local scanning of e-mail messages is far less important. Furthermore, I am not sure if the anti-virus software I use (ClamAV) is capable of detecting viruses in e-mail attachments encoded as ASCII characters. Anyway, purely out of curiosity I decided to investigate whether it would be possible to scan Thunderbird’s temporary files reliably.

To configure Thunderbird to create the temporary message files, it is necessary to select ‘Edit’ > ‘Preferences’ > ‘Security’ > ‘Antivirus’ and tick ‘Allow anti-virus clients to quarantine individual incoming messages’ (which sets mailnews.downloadToTempFile to true). Once that option has been selected, Thunderbird creates a temporary file /tmp/newmsg per message, which exists for a very brief (and inconstant) time before Thunderbird deletes it. When downloading several e-mail messages in very rapid succession, Thunderbird creates temporary files with different names (‘newmsg‘, ‘newmsg-1‘, ‘newmsg-2‘, ‘newmsg-3‘ and so on) to avoid overwriting messages, but usually one file named newmsg is sufficient to cater for the message download rate, as Thunderbird only keeps the temporary files for a very short time until it moves the message to the Inbox.

The problem with this approach is that Thunderbird does not provide any handshake mechanism to inform external anti-virus software that it has finished writing to a temporary file and that the file is available for scanning, nor does Thunderbird provide any handshake mechanism for external anti-virus software to inform Thunderbird when the scan of each temporary message file has finished (i.e. to tell Thunderbird that it can go ahead and delete the temporary file). In other words, the Thunderbird ‘solution’ is not a solution at all. In fact, I have found empirically that, if the anti-virus software is not fast enough, it can scan an incomplete temporary message file (i.e. the evaluation of the e-mail message would not be thorough and hence would be invalid). The Bash script below, for example, is sometimes able to scan an entire Thunderbird temporary file but at other times only manages to capture part of the file (it appears Thunderbird opens and closes the temporary file more than once) before Thunderbird deletes it:

#!/bin/bash

# This script only works with Thunderbird.
# This script only works for POP3 e-mail.
#
# You must configure Thunderbird to create temporary files /tmp/newmsg*.
# To do that, set Edit > Preferences > Security > Antivirus and tick
# 'Allow anti-virus clients to quarantine individual incoming messages'
# which sets mailnews.downloadToTempFile to true.

WORK=$HOME/clamtmp
mkdir $WORK 2> /dev/null
rm $WORK/* 2> /dev/null

counter=1

# Watch for newmsg* file(s) created by Thunderbird in /tmp
inotifywait -q -m -e close_write --format '%f' /tmp | while read FILE
do
     if [ "${FILE:0:6}" = "newmsg" ] && [ -s /tmp/$FILE ]; then
          TMPFILE=${counter}$FILE
          cp -p /tmp/$FILE $WORK/$TMPFILE
          # Do not let clamscan write temporary files to /tmp as inotifywait will detect them!
          clamscan --tempdir=$WORK $WORK/$TMPFILE
          counter=$((counter+1))
     fi
done

Below is an example of an incomplete newmsg file that the above script copied to the directory $WORK when Thunderbird downloaded an e-mail message:

From - Sun Feb 21 09:40:58 2016
X-Account-Key: account8
X-UIDL: AAAAAKlA+Ah2LghLoJE4Le5Z5U0BAI04UNOj2gdNjwPO57yvmrIAATVHik4AAA==
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:

I began to wonder if a valid scan would be possible if the script were to lock the temporary file (e.g. using the chattr +i command) until it has completed copying it. The use of the chattr command in the script means it has to be executed by the root user. When I first did that with a modified version of the script using KDialog to display the result of ClamAV’s scan, the following error message was displayed and the script aborted:

kdialog(xxxxxx)/kdeui (kdelibs): Session bus not found
To circumvent this problem try the following command (with Linux and bash)
export $(dbus-launch)

I therefore added the line ‘export $(dbus-launch)‘ to the script as follows:

#!/bin/bash

# This script must be launched by the root user.
export XAUTHORITY="/home/fitzcarraldo/.Xauthority"
export DISPLAY=":0"
export $(dbus-launch)

WORK=$HOME/clamtmp
mkdir $WORK 2> /dev/null
rm $WORK/* 2> /dev/null

inotifywait -q -m -e modify --format '%f' /tmp | while read FILE
do
     # If file name begins with "newmsg" then copy it to work directory and scan it.
     if [ "${FILE:0:6}" = "newmsg" ] && [ -f /tmp/$FILE ]; then
          chattr +i /tmp/$FILE # Stop Thunderbird opening/deleting file.
          cp -p /tmp/$FILE $WORK/
          chattr -i /tmp/$FILE # Allow Thunderbird to open/delete file.
          clamscan --tempdir=$WORK $WORK/$FILE >> $WORK/$FILE.log
          kdialog --msgbox "$(cat $WORK/$FILE.log)"
     fi
done

However, when the above script was running, Thunderbird displayed a pop-up window if it attempted to copy the temporary file to the Inbox before the script released the lock on the file:

There was an error copying the downloaded message from the temporary download file. Perhaps it contained a virus, or you are low on disk space.
From:
Subject: Test to see what happens if script locks newmsg file
Do you want to skip this message?

I clicked ‘No’ and the e-mail message in the file /tmp/newmsg was deleted without being copied to the Inbox, and the message was not deleted from the e-mail server. Subsequent attempts to re-download the message resulted in the same behaviour if the script had not finished processing the message before Thunderbird tried to move the message to the Inbox. Had I clicked ‘Yes’ I assume Thunderbird would simply have deleted the message on the mail server.

I did not bother looking into it further, but presumably the chattr command triggers inotifywait, in which case the script could cycle several times for the same file.

An approach that would probably work would be for Thunderbird to provide some sort of interlock so that it waits to delete newmsg* files until an anti-virus application gives the go-ahead.

An alternative approach would be for Thunderbird not to delete a temporary file after it writes the message to the Inbox and just leave it in the /tmp directory without overwriting it. An anti-virus application would quarantine infected temporary files and leave uninfected temporary files in /tmp, and therefore the anti-virus application would have to be written so that it deletes the temporary file once it has finished scanning it.

The second approach mentioned above would not be as good as the first approach for the following reasons:

  1. It would not stop Thunderbird adding a message to the Inbox (which would mean the user would have to delete a message manually from the Thunderbird Inbox if the virus scanner reported a message as infected).
  2. Thunderbird would have to use a different file name to any existing temporary files (at present it reuses ‘newmsg‘ if a file of that name does not already exist).
  3. The user would have to ensure the temporary files do not accumulate ad infinitum. In my case, the contents of the /tmp directory are deleted each time I reboot, but, in theory, a partition could become full if a user never switched off a machine and received a lot of e-mails.

Regarding the second reason listed above, Thunderbird already names the temporary files ‘newmsg‘, ‘newmsg-1‘, ‘newmsg-2‘ etc., so perhaps the existing Thunderbird code would automatically use a different file name if a file with the same name were still present, rather than overwriting it. If e.g. files newmsg and newmsg-2 happened to exist, I would hope Thunderbird would name the next temporary file ‘newmsg-1‘ or ‘newmsg-3‘.

I wondered if it would be possible to catch up with Thunderbird by just copying the temporary message files from the /tmp directory to another directory (see the script below), and then processing them afterwards with another script. However, even if a script just copies the temporary files to another directory without running ClamAV or KDialog, I found it is still not fast enough to catch all temporary files before Thunderbird deletes them. If Thunderbird downloads a single message and no others are waiting on the server(s) to be downloaded, it seems a script can copy the temporary messages successfully. However, if there are several messages waiting to be downloaded from the e-mail server(s) and Thunderbird downloads them in rapid succession, Thunderbird deletes some of the temporary messages before the script can copy them fully.

#!/bin/bash

WORK=$HOME/clamtmp
# Create work directory if it does not already exist
mkdir $WORK 2> /dev/null
# Delete old working files if they exist
rm $WORK/* 2> /dev/null

counter=1

inotifywait -q -m -e close_write --format '%f' /tmp | while read FILE
do
     if [ "${FILE:0:6}" = "newmsg" ] && [ -s /tmp/$FILE ]; then
          TMPFILE=${counter}$FILE
          cp -p /tmp/$FILE $WORK/$TMPFILE
          counter=$((counter+1))
     fi
done

Consider the following six messages copied to $HOME/clamtmp by the above script (the script adds the first character to the name of the copied file):

-rw-------   1 fitzcarraldo fitzcarraldo    3829 Feb 23 02:24 1newmsg
-rw-------   1 fitzcarraldo fitzcarraldo    3107 Feb 23 02:25 2newmsg
-rw-------   1 fitzcarraldo fitzcarraldo 1158576 Feb 23 02:26 3newmsg
-rw-------   1 fitzcarraldo fitzcarraldo     237 Feb 23 02:28 4newmsg
-rw-------   1 fitzcarraldo fitzcarraldo    2106 Feb 23 02:28 5newmsg-1
-rw-------   1 fitzcarraldo fitzcarraldo    3107 Feb 23 02:28 6newmsg-2

The first three messages were each the sole message on all three e-mail servers accessed, and the copied files newmsg -> 1newmsg, newmsg -> 2newmsg and newmsg -> 3newmsg were all complete messages. However, the last three messages were on three e-mail servers simultaneously waiting to be downloaded, and when I clicked on ‘Get All New Messages’ in Thunderbird, the copied files newmsg -> 4newmsg, newmsg-1 -> 5newmsg-1 and newmsg-2 -> 6newmsg-2 were downloaded by Thunderbird in rapid succession. The copy 4newmsg was incomplete, the copy 5newmsg-1 was complete and the copy 6newmsg-2 was complete. So, even with a faster script, there is no guarantee that a script can catch all the temporary message files. Therefore, as I mentioned earlier, the only way to guarantee that temporary message files are properly scanned would be to modify Thunderbird to provide either a handshake (e.g. a file lock or inter-application flag) or to leave each temporary message file on /tmp and give it a unique file name.

The downside with both the above-mentioned approaches would be that the anti-virus software developer would need to know about the method, and write the software to perform the appropriate actions. If the first approach were adopted, the anti-virus software would need to signal to Thunderbird that it had completed scanning the file (e.g. by releasing a file lock or by an inter-application message). If the second approach were adopted, the anti-virus software would need to delete the message file from /tmp once it had completed scanning the file. The second approach would be easier for a simple Bash script to use, and, had the Thunderbird source code not been so complicated, I would have had a go at patching it to leave temporary message files in the /tmp directory after Thunderbird copies their contents to the Inbox file. But, as e-mail servers already do a good job of scanning messages before Thunderbird downloads them, I will not spend more time on this. Some e-mail servers even send an e-mail to the user informing them about an infected e-mail (see examples below), so it is not worth bothering.

Example 1
Automated e-mail server message to john@smith.com warning him that the e-mail with an infected attachment he sent to dave@hotmail.com was blocked by the receiving e-mail server.

Subject: Mail delivery failed: returning message to sender
Date: Wed, 17 Feb 2016 11:30:10 +0100
From: Mail Delivery System
To: john@smith.com

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

Reason:
virus/suspect content found

— The header of the original message is following. —

Example 2
Automated e-mail server message to john@smith.com warning him that an e-mail with an infected attachment sent to him by dave@hotmail.com was blocked by the receiving e-mail server.

Subject: VIRUS SUSPECTED: “Dave (Hotmail)”
Date: Wed, 17 Feb 2016 11:46:07 +0100 (CET)
From: Mail Delivery System
To: john@smith.com

A virus was detected in the following e-mail!

Mail details:

From: “Dave (Hotmail)”
TO: John Smith
Date: Wed, 17 Feb 2016 10:45:55 +0000
Subject: EICAR test file attachment

The concerned e-mail has been handled according to your Virus Protection Settings.

Sincerely
Your E-mail Service Provider Team

[ This is an automatically generated email, do not reply to this sender. You may find more
information in the online help of your client. ]

Other articles of interest: mozillaZine – Antivirus software.

Installing DraftSight 2016 Pre-Release in Gentoo Linux

Last year I posted about installing the 2015 Draftsight Free 2D CAD application in Gentoo Linux. Now a DraftSight 2016 Pre-Release is available, and it works in Gentoo. Dassault Systemes has fixed the annoying cursor lag in the 2015 Linux version. \o/

You can click on a link ‘Download DraftSight 2016 for Ubuntu (beta)’ on their Web page ‘DraftSight® FREE* CAD Software Download‘ and copy the downloaded file draftSight.deb to /usr/portage/distfiles/draftsight-1.7.0_beta.deb. Then rename the ebuild draftsight-bin-1.6.1_beta.ebuild to draftsight-bin-1.7.0_beta.ebuild in your local overlay directory /usr/local/portage/media-gfx/draftsight-bin/, but draftsight-bin-1.7.0_beta.ebuild is listed below anyway:

# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI=5

inherit fdo-mime udev unpacker

MY_PN="draftsight"
MY_P="${MY_PN}-${PV}"
DESCRIPTION="Professional 2D CAD application, supporting DWT, DXF and DWG."
HOMEPAGE="http://www.3ds.com/products/draftsight/free-cad-software/"
SRC_URI="${MY_P}.deb"

LICENSE="${MY_PN}"
SLOT="0"
KEYWORDS="~amd64"
IUSE=""
S="${WORKDIR}"

QA_PRESTRIPPED="opt/dassault-systemes/${MY_PN}/bin/DWGConverter
	amd64? ( opt/dassault-systemes/${MY_PN}/lib/libaudio.so.2 )"
QA_TEXTRELS="opt/dassault-systemes/${MY_PN}/lib/libDDKERNEL.so.1"
QA_EXECSTACK="opt/dassault-systemes/${MY_PN}/bin/FxCrashRptApp
opt/dassault-systemes/${MY_PN}/lib/libDDKERNEL.so.1"

RESTRICT="fetch"
DEPEND=""
RDEPEND="amd64? (
		sys-libs/zlib
		net-print/cups
		dev-libs/expat
		dev-libs/glib:2
		media-libs/glu
		media-libs/phonon
		dev-qt/qtcore:4
		dev-qt/qtdbus:4
		dev-qt/qtgui:4
		dev-qt/qtopengl:4
		dev-qt/qtsql:4
		dev-qt/qtwebkit:4
		dev-qt/qtsvg:4
		media-libs/alsa-lib
		media-libs/fontconfig
		media-libs/freetype
		x11-libs/libICE
		x11-libs/libSM
		x11-libs/libX11
		x11-libs/libXext
		x11-libs/libXrender
		x11-libs/libXt
		media-libs/nas
		)"

pkg_nofetch() {
	einfo "Upstream has a mandatory EULA agreement to download this file."
	einfo "Please navigate your browser to:"
	einfo "http://www.3ds.com/products-services/draftsight-cad-software/free-download/"
	einfo "Click \"Download DraftSight 2015 for Ubuntu (beta)\""
	einfo "Download the deb file and move it to ${DISTDIR}/${MY_P}.deb"
}

src_install() {
	cp -R "${WORKDIR}/opt" "${D}"
	exeinto /usr/bin
	doexe "${FILESDIR}/${MY_PN}"

	# prepare for dongle
	udev_dorules "${FILESDIR}"/10-ft-rockey.rules
}

pkg_postinst() {
	elog "To use DraftSight as your default viewer for DWG, DXF, and DWT"
	elog "Please run the following commands respectively as your normal user:"
	elog "xdg-mime default \"dassault-systemes\"_\"draftsight.desktop\" \"application/vnd.dassault-systemes.draftsight-dwg\""
	elog "xdg-mime default \"dassault-systemes\"_\"draftsight.desktop\" \"application/vnd.dassault-systemes.draftsight-dxf\""
	elog "xdg-mime default \"dassault-systemes\"_\"draftsight.desktop\" \"application/vnd.dassault-systemes.draftsight-dwt\""

	fdo-mime_desktop_database_update
	fdo-mime_mime_database_update

	for size in 16 32 48 64 128 ; do
		local XDG_OPTS="--noupdate --novendor --mode system --size ${size}"
		xdg-icon-resource install ${XDG_OPTS} --context apps \
			"${ROOT}/opt/dassault-systemes/DraftSight/Resources/pixmaps/${size}x${size}/program.png" \
			"dassault-systemes.draftsight"
		xdg-icon-resource install ${XDG_OPTS} --context apps --theme gnome \
			"${ROOT}/opt/dassault-systemes/DraftSight/Resources/pixmaps/${size}x${size}/program.png" \
			"dassault-systemes.draftsight"
		for mimetype in dwg dxf dwt ; do
			xdg-icon-resource install ${XDG_OPTS} --context mimetypes \
				"${ROOT}/opt/dassault-systemes/DraftSight/Resources/pixmaps/${size}x${size}/file-${mimetype}.png" \
				"application-vnd.dassault-systemes.draftsight-${mimetype}"
			xdg-icon-resource install ${XDG_OPTS} --context mimetypes --theme gnome \
				"${ROOT}/opt/dassault-systemes/DraftSight/Resources/pixmaps/${size}x${size}/file-${mimetype}.png" \
				"application-vnd.dassault-systemes.draftsight-${mimetype}"
		done
	done
	xdg-icon-resource forceupdate
}

pkg_postrm() {
	fdo-mime_desktop_database_update
	fdo-mime_mime_database_update
	for size in 16 32 48 64 128 ; do
		xdg-icon-resource uninstall --noupdate --context apps --mode system \
			--size ${size} "dassault-systemes.draftsight"
		xdg-icon-resource uninstall --noupdate --context apps --mode system --theme gnome \
			--size ${size} "dassault-systemes.draftsight"
		for mimetype in dwg dxf dwt ; do
			xdg-icon-resource uninstall --noupdate --context mimetypes --mode system \
				--size ${size} "application-vnd.dassault-systemes.draftsight-${mimetype}"
			xdg-icon-resource uninstall --noupdate --context mimetypes --mode system --theme gnome \
				--size ${size} "application-vnd.dassault-systemes.draftsight-${mimetype}"
		done
	done
	xdg-icon-resource forceupdate
}

The files 10-ft-rockey.rules and draftsight in the directory /usr/local/portage/media-gfx/draftsight-bin/files/ can stay the same as for the previous ebuild draftsight-bin-1.6.1_beta.ebuild, but they are listed below anyway:

BUS=="usb", SYSFS{idVendor}=="096e", MODE=="0666"

#! /bin/bash
BASEDIR="/opt/dassault-systemes/DraftSight/Linux"

export LD_LIBRARY_PATH="${BASEDIR}${LD_LIBRARY_PATH:+:}${LD_LIBRARY_PATH}"

# work around DT_RPATH (.) security issue by chdir'ing into expected $LD_LIBRARY_PATH
cd "${BASEDIR}"

exec "${BASEDIR}/DraftSight" $*

Then generate the manifest as usual and merge the package.

Automatically detecting files placed in my Downloads directory in Gentoo Linux and scanning them for viruses

I have been using Linux for almost a decade and have never been unduly concerned about viruses on my machines running Linux. However, I do receive files from people who use Windows and Mac OS, and some of those files might contain Windows or Mac OS viruses, so, as a matter of courtesy and assistance to others, it would make some sense to scan those files before passing them on. Furthermore, as I use some Windows applications under WINE, it would also make sense to scan received files for Windows viruses if I am going to use those files with a Windows application running under WINE.

External files could get into my Gentoo Linux installations via pen drives, memory cards, optical discs, e-mails, my Dropbox directory and downloads from Web sites. In this post I am going to concentrate on the last of these. All the various e-mail account providers I use already scan e-mails for viruses on their e-mail servers before I even download e-mail into the e-mail client on my laptop (standard practice these days), so e-mail is not a particular worry.

I have had ClamAV and its GUI, ClamTk, installed for a long time. Whilst ClamTk can be used to schedule a daily update of virus signatures and a daily scan of one’s home directory by ClamAV, I normally run ClamTk and ClamAV ad hoc. However, I can see some benefit in launching ClamAV automatically when I download a file from the Internet, so I decided to do the following …

Automatically scan a file downloaded via a Web browser

I use Firefox to browse the Web, and had configured it to download files to the directory /home/fitzcarraldo/Downloads/. I decided to monitor automatically the Downloads directory for the addition of any file. As I use the ext4 file system, the method I opted to use is inotify, specifically the inotifywait command which is available once you install the package sys-fs/inotify-tools.

It is surprisingly easy to create a shell script to detect files downloaded into a directory. The following script, running continuously in a terminal, would detect any files created in my /home/fitzcarraldo/Downloads directory, scan the new files with ClamAV and display a report in the terminal window:

#!/bin/bash

echo
DIR=$HOME/Downloads

inotifywait -q -m -e create --format '%w%f' $DIR | while read FILE
do
     date
     echo "File $FILE has been detected. Scanning it for viruses now ..."
     clamscan $FILE
     echo
done

A usable script would need to be a bit more sophisticated than the one shown above, because an existing file in the directory could be overwritten by one with the same name, or opened and amended. Furthermore, the script above would need a permanently open terminal window. Therefore I created a script to run in the background and use a GUI dialogue tool to pop up a window with the virus scanner’s report when the script detects a new or changed file in the Downloads directory. As this laptop has KDE 4 installed I opted to use KDialog to display the pop-up window, but I could instead have used Zenity. The final script is shown below.

#!/bin/bash

DIR=$HOME/Downloads

# Get rid of old log file
rm $HOME/virus-scan.log 2> /dev/null

inotifywait -q -m -e close_write,moved_to --format '%w%f' $DIR | while read FILE
do
     # Have to check file length is nonzero otherwise commands may be repeated
     if [ -s $FILE ]; then
          date > $HOME/virus-scan.log
          clamscan $FILE >> $HOME/virus-scan.log
          kdialog --title "Virus scan of $FILE" --msgbox "$(cat $HOME/virus-scan.log)"
     fi
done

Now when I download a file in Firefox, a window pops up, displaying a message similar to the following:

Virus scan of /home/fitzcarraldo/Downloads/eicar_com.zip – KDialog

Fri 19 Feb 23:42:02 GMT 2016
/home/fitzcarraldo/Downloads/eicar_com.zip: Eicar-Test-Signature FOUND

———– SCAN SUMMARY ———–
Known viruses: 4259980
Engine version: 0.98.7
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 4.595 sec (0 m 4 s)

Notice in the above message that ClamAV detected a virus in a file eicar_com.zip that I downloaded from the European Expert Group for IT Security Web site (originally ‘European Institute for Computer Antivirus Research’). In fact the executable eicar.com does not contain a real virus; it was designed to contain a known signature that virus scanner creators and users can use in checking anti-virus software. You can find out more about the virus test files on the EICAR Web site.

Of course, if I use applications other than Firefox to download files, I need to make sure they download the files into the applicable directory so that the script can detect and scan the files:

fitzcarraldo@clevow230ss ~ $ cd Downloads/
fitzcarraldo@clevow230ss ~/Downloads $ youtube-dl -o Carnavalito.mp4 -f 18 https://www.youtube.com/watch?v=ZDUL3w7zFD4
ZDUL3w7zFD4: Downloading webpage
ZDUL3w7zFD4: Downloading video info webpage
ZDUL3w7zFD4: Extracting video information
ZDUL3w7zFD4: Downloading MPD manifest
[download] Destination: Carnavalito.mp4
[download] 100% of 16.61MiB in 00:05

So, now I have a shell script that pops up a window informing me whether or not any file I put in $HOME/Downloads/ contains a virus. But I would like the script to be launched automatically when I login to the Desktop Environment. Therefore, as I use KDE 4, I selected ‘System Settings’ > ‘Startup and Shutdown’ and, in the ‘Autostart’ pane, clicked on ‘Add Script…’ and entered the path to my shell script (I left ‘create as symlink’ ticked). Now, every time I use KDE, any file placed (automatically or manually) into $HOME/Downloads/ is scanned for viruses automatically and a window pops up giving the result.

As my laptop is not always connected to the Internet, I prefer to update the ClamAV virus signatures database manually, which I do either using the ClamTk GUI or via the command line using the freshclam command:

fitzcarraldo@clevow230ss ~ $ su
Password:
clevow230ss fitzcarraldo # freshclam
ClamAV update process started at Sat Feb 20 10:51:01 2016
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.7 Recommended version: 0.99
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21375.cdiff [100%]
Downloading daily-21376.cdiff [100%]
Downloading daily-21377.cdiff [100%]
Downloading daily-21378.cdiff [100%]
Downloading daily-21379.cdiff [100%]
Downloading daily-21380.cdiff [100%]
Downloading daily-21381.cdiff [100%]
Downloading daily-21382.cdiff [100%]
Downloading daily-21383.cdiff [100%]
Downloading daily-21384.cdiff [100%]
Downloading daily-21385.cdiff [100%]
Downloading daily-21386.cdiff [100%]
Downloading daily-21387.cdiff [100%]
Downloading daily-21388.cdiff [100%]
Downloading daily-21389.cdiff [100%]
Downloading daily-21390.cdiff [100%]
Downloading daily-21391.cdiff [100%]
daily.cld updated (version: 21391, sigs: 1850214, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 271, sigs: 47, f-level: 63, builder: anvilleg)
Database updated (4274486 signatures) from db.UK.clamav.net (IP: 129.67.1.218)
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory

Stopping my laptop spontaneously resuming immediately after Suspend to RAM

If I selected ‘Suspend to RAM’ via the Desktop Environment in the Gentoo Linux installation on my Clevo W230SS laptop, the laptop did suspend but then immediately resumed automatically. The same thing happened if I suspended the laptop using either of the following commands from the command line:

root # pm-suspend

user $ qdbus org.kde.Solid.PowerManagement /org/freedesktop/PowerManagement Suspend

This behaviour was annoying, as it meant I had to shut down the laptop completely when I was not at my desk for a long time, rather than just being able to suspend the laptop.

Problem 1: USB devices

I usually have several USB devices connected to my laptop when I am at home or in the office, and I began to suspect that these USB connections were somehow causing Linux to resume as soon as it had suspended. Searching the Web turned up a Q&A page that seemed to confirm my suspicion: Why does my laptop resume immediately after suspend? I installed the utility acpitool mentioned on that Web page and used it with the ‘-w‘ option to check which wakeup-capable USB devices were currently enabled in my installation:

root # acpitool -w
   Device       S-state   Status   Sysfs node
  ---------------------------------------
  1. RP01         S4    *disabled  pci:0000:00:1c.0
  2. PXSX         S4    *disabled
  3. RP02         S4    *disabled
  4. PXSX         S4    *disabled
  5. RP03         S4    *disabled  pci:0000:00:1c.2
  6. PXSX         S4    *disabled  pci:0000:03:00.0
  7. RP04         S4    *disabled  pci:0000:00:1c.3
  8. PXSX         S4    *disabled  pci:0000:04:00.0
  9.            *disabled  platform:rtsx_pci_sdmmc.0
  10.           *disabled  platform:rtsx_pci_ms.0
  11. RLAN        S4    *disabled
  12. RP05        S4    *disabled
  13. PXSX        S4    *disabled
  14. RP06        S4    *disabled
  15. PXSX        S4    *disabled
  16. RP07        S4    *disabled
  17. PXSX        S4    *disabled
  18. RP08        S4    *disabled
  19. PXSX        S4    *disabled
  20. GLAN        S4    *disabled
  21. EHC1        S3    *enabled   pci:0000:00:1d.0
  22. EHC2        S3    *enabled   pci:0000:00:1a.0
  23. XHC         S3    *disabled  pci:0000:00:14.0
  24. HDEF        S4    *disabled  pci:0000:00:1b.0
  25. PEG0        S4    *disabled  pci:0000:00:01.0
  26. PEGP        S4    *disabled  pci:0000:01:00.0
  27. PEGA        S4    *disabled
  28. PWRB        S3    *enabled   platform:PNP0C0C:0
^C
root #

(I had to use Ctrl-C to get back to the command prompt.)

I then used the command ‘acpitool -W <device number>‘ on each of the three enabled devices (21, 22 and 28 above) in order to find out which of them needed to be disabled in order for my laptop to remain suspended when I suspended it. I found that I only needed to disable devices EHC1 (pci:0000:00:1d.0) and EHC2 (pci:0000:00:1a.0) to be able to suspend the laptop successfully:

root # acpitool -W 21 | grep 21
  Changed status for wakeup device #21 (EHC1)
  21. EHC1        S3    *disabled  pci:0000:00:1d.0
^C
root # acpitool -W 22 | grep 22
  Changed status for wakeup device #22 (EHC2)
  22. EHC2        S3    *disabled  pci:0000:00:1a.0
^C
root # pm-suspend

In this laptop these two devices are two internal USB root hubs:

user $ lsusb -t
/:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M
    |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/8p, 480M
        |__ Port 2: Dev 3, If 0, Class=Hub, Driver=hub/4p, 480M
            |__ Port 1: Dev 4, If 0, Class=Mass Storage, Driver=usb-storage, 480M
            |__ Port 3: Dev 5, If 0, Class=Mass Storage, Driver=usb-storage, 480M
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M
    |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/6p, 480M
        |__ Port 2: Dev 3, If 0, Class=Hub, Driver=hub/4p, 480M
            |__ Port 1: Dev 6, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
            |__ Port 4: Dev 7, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
            |__ Port 4: Dev 7, If 1, Class=Human Interface Device, Driver=usbhid, 1.5M
        |__ Port 3: Dev 4, If 0, Class=Wireless, Driver=btusb, 12M
        |__ Port 3: Dev 4, If 1, Class=Wireless, Driver=btusb, 12M
        |__ Port 4: Dev 5, If 0, Class=Video, Driver=uvcvideo, 480M
        |__ Port 4: Dev 5, If 1, Class=Video, Driver=uvcvideo, 480M

The next challenge was to find out how to disable and re-enable the two devices automatically when I suspend and resume the installation. Further searching of the Web turned up another Q&A page which pointed me in the right direction: How to run a script when suspending/resuming?. It turns out that you need to put a script of the following form in the directory /etc/pm/sleep.d/:

#!/bin/bash

case "$1" in
    suspend)
        # executed on suspend
        ;;
    resume) 
        # executed on resume
        ;;
    *)
        ;;
esac

If you want the script to run when hibernating and thawing, the tests would be for ‘hibernate‘ and ‘thaw‘ instead of ‘suspend‘ and ‘resume‘.

The thread [SOLVED] Computer immediately resumes after suspend in the KDE Forums almost gave me the solution I needed. I created a file /etc/pm/sleep.d/01-toggle-usb-hubs containing the following:

#!/bin/sh
#
username=fitzcarraldo
userhome=/home/$username
export XAUTHORITY="$userhome/.Xauthority"
export DISPLAY=":0"
#
case "$1" in
    suspend|hibernate)
        # Unbind ehci-pci for the device 0000:00:1a.0
        echo -n "0000:00:1a.0" | tee /sys/bus/pci/drivers/ehci-pci/unbind
        # Unbind ehci-pci for the device 0000:00:1d.0
        echo -n "0000:00:1d.0" | tee /sys/bus/pci/drivers/ehci-pci/unbind
    ;;
    resume|thaw)
        # Bind ehci-pci for the device 0000:00:1a.0
        echo -n "0000:00:1a.0" | tee /sys/bus/pci/drivers/ehci-pci/bind
        # Bind ehci-pci for the device 0000:00:1d.0
        echo -n "0000:00:1d.0" | tee /sys/bus/pci/drivers/ehci-pci/bind
    ;;
    *)
        exit $NA
    ;;
esac

I obtained the device details from the output of the ‘acpitools -w‘ command listed earlier and by looking in the directory /sys/bus/pci/drivers/ehci-pci:

root # ls /sys/bus/pci/drivers/ehci-pci
0000:00:1a.0  0000:00:1d.0  bind  new_id  remove_id  uevent  unbind

Notice that the script tests for either ‘suspend‘ or ‘hibernate‘ to disable the two devices, and tests for either ‘resume‘ or ‘thaw‘ to enable the two devices.

I made the script executable:

root # chmod +x /etc/pm/sleep.d/01-toggle-usb-hubs


Problem 2: Blank X Windows display due to NVIDIA closed-source driver bug

However, a problem remained: My laptop has an NVIDIA GPU and, when resuming from suspension, the X Windows display (Virtual Terminal 7) was a blank screen with only the mouse pointer visible. Now, it so happens that I also experience this behaviour if I switch from Virtual Terminal 7 to e.g. Virtual Terminal 1 (Ctrl-Alt-F1) and then switch back to Virtual Terminal 7 (Ctrl-Alt-F7). Apparently this is due to a bug in the closed-source NVIDIA driver (I am currently using Gentoo package x11-drivers/nvidia-drivers-358.16-r1). However, if I first disable compositing before switching to another virtual terminal, the X Windows display on Virtual Terminal 7 is still visible when I switch back to Virtual Terminal 7. It turns out there is a known bug in the NVIDIA closed-source driver, as explained in the following KDE bug report and thread in the NVIDIA CUDA ZONE Forums:

KDE Bugtracking System Bug No. 344326 – Black or corrupted screen on resume from suspend

NVIDIA CUDA ZONE Forums – Black screen on resume from suspend with 325.15 and KWin 4.11 with enabled compositing

As the suggested work-around is to disable compositing before suspending to RAM, I created a script /etc/pm/sleep.d/02-toggle-compositing containing the following:

#!/bin/sh
#
username=fitzcarraldo
userhome=/home/$username
export XAUTHORITY="$userhome/.Xauthority"
export DISPLAY=":0"
#
case "$1" in
    suspend|hibernate)
        su $username -c "qdbus org.kde.kwin /KWin toggleCompositing" &
    ;;
    resume|thaw)
        su $username -c "qdbus org.kde.kwin /KWin toggleCompositing" &
    ;;
    *)
        exit $NA
    ;;
esac

As I have KDE 4 on this laptop, I made the script use the command ‘qdbus org.kde.kwin /KWin toggleCompositing‘ to disable/enable compositing, so replace that command with the appropriate command if you are not using KDE 4.

I made the script executable:

root # chmod +x /etc/pm/sleep.d/02-toggle-compositing

Now both the scripts in the directory /etc/pm/sleep.d/ run when I suspend or resume the laptop, and everything works as expected. Mission accomplished!:-)

KDE Connect on a hotel Wi-Fi network

KDE Connect

I am a fan of KDE Connect (see my 2014 post about an earlier version), but had previously been unable to use it with a hotel network. However today I managed to do that, and here is how I did it …

I first connected my laptop and my Samsung Galaxy Note 4 to the hotel’s Wi-Fi network, then used the ifconfig command in Linux on my laptop to find the IP address of my laptop on the hotel’s network. Note that the IP address one sees if one uses a Web site such as WhatIsMyIPAddress will be the laptop’s outward-facing IP address, not the IP address of the laptop on the hotel network. For example, the ifconfig command has just shown me that my current DHCP-allocated IP address is 10.154.245.40 on this hotel’s network for this session whereas the Web site WhatIsMyIPAddress is showing my IP address as 78.100.57.102.

By the way, I can also use the excellent Android utility Fing on my Galaxy Note 4 to find the IP address of my laptop on the hotel’s network. It is quite interesting to use Fing to see what other devices (their hostname and IP address) are currently connected to the hotel’s network.

Anyway, then I launched KDE Connect on the Galaxy Note 4, tapped and ‘Add devices by IP’, and entered the laptop’s IP address (10.154.245.40 in this specific case). I was able to pair with KDE Connect running on my laptop and send files from my phone to the laptop, and vice versa.

Netflix – Not fit for purpose?

One of my family has a Netflix account. The account is accessible from any of the desktop and laptop computers in the house, whichever OS they are running.

Recently we bought a so-called ‘smart TV’ (an LG 40UF770V 4K Ultra HD TV, as it happens), and are pleased with it. It runs WebOS 2.0 (yay, Linux!) and the LG Content Store contains a Netflix app, which we promptly installed. The app worked perfectly for several weeks but then stopped being able to access Netflix. When the app was launched, the usual screen with the Netflix logo and the ‘Loading’ rotating indicator would appear but, after a minute or so, an error message would be displayed informing us that Netflix error ‘ui-113’ had occurred. One of the on-screen options then offered by the app was to check the network connection, which we tried, but everything was reported to be working correctly. Not to mention that all the other apps that require an Internet connection work fine. In order to watch a film using Netflix over the Christmas period we had to resort to connecting a laptop to the TV via an HDMI cable and accessing Netflix in a Web browser on the laptop. It is ridiculous to have to resort to such measures to view content on smart TVs which have Netflix apps.

I searched the Web and discovered that many, many people experience the same problem with Netflix and smart TVs. As in our case, they had no trouble accessing their Netflix account on their home network with other devices such as computers, tablets and smart phones. I came across reports by owners of smart TVs made by LG, Philips, Samsung, Sony, Toshiba, and other manufacturers. People who had contacted the relevant TV manufacturer were often told the problem is caused by Netflix, and people who had contacted Netflix were often told the problem is caused by the TV manufacturer.

Netflix has a Help page for this error message, but none of the steps Netflix listed worked, and neither did any of the remedies suggested by others on the Web (including in various YouTube videos). Resetting the TV did not solve the problem. Neither did cycling the mains power to the TV, broadband modem and router (however long the power was off). Nor did changing the TV’s setting for the IP address of the DNS server to one of the well-known public DNS servers such as Google’s. Nor did suggestions such as un-installing and re-installing the Netflix app. Nor did configuring the router to perform port forwarding for Netflix on the TV (not that this should be necessary, but I tried it anyway). Several people wrote that the parental lock in their routers caused the problem, but the parental lock is definitely not enabled in my router. I also tried to access Netflix via the TV’s Web browser; it can log-in to the Netflix account but cannot play content as it does not support the Microsoft Silverlight plug-in or HTML5 required by Netflix.

Nothing we tried solved the problem, and two weeks of this messing around was exasperating. Some people reported that changing the DNS server address in the TV to Google’s DNS servers worked, whereas others reported it didn’t. Even if some lucky person managed to get Netflix working on their smart TV using a certain procedure, other people in the same country with the same model of TV could not, even if they used the same procedure.

In addition to people in a given country trying to get the Netflix app in their smart TV to access their Netflix account in that country, I came across posts by people wanting to access Netflix in a different country (mostly people not in the USA wanting to access US Netflix because it offers a wider range of films and programmes, but also expatriates wanting to access Netflix for their home country with their home-country Netflix account). So I tried recommendations to configure the TV to use a DNS server in the US that some people in the UK had recently indicated would give the Netflix app access to US Netflix rather than UK Netflix (even though we wanted to access UK Netflix from the UK). But that didn’t work either.

However, I didn’t give up. I trawled the Web for lists of DNS servers that some people claimed would give access to Netflix in the UK. I found various Web sites listing IP addresses for DNS servers and tried several of them. Eventually I found one that actually enables the Netflix app in the TV to work, but it accesses US Netflix instead of UK Netflix. Given that the Netflix app has not worked for several weeks, I’m not complaining, but it is not what we were trying to achieve (US Netflix does not provide all the UK TV series available on UK Netflix). Furthermore, according to some of the posts I’ve read, periodically you have to change the DNS server address in the TV because Netflix stops working with the existing address.

Now, I’m a technically-oriented person and it took me several hours over a two-week period to find a solution (well, a work-around). Someone with little or no IT knowledge in the same situation would be at a complete loss as to how to get their Netfix account working. In order for streaming media services to become as ubiquitous as e.g. terrestrial TV, they have to be reliable and be accessible easily to paying customers. Use of Geolocation, GeoDNS and other complex techniques should not cause such a headache to bona fide users. Someone with a Netflix account in his/her country of residence and who simply wants to access Netflix on a smart TV should not have to jump through hoops or hit a brick wall. Clearly this is happening to many people.

On top of that, people such as myself who have to travel internationally frequently because of their work need to be certain that, if they subscribe to a streaming media service, it will work in whatever country they happen to be in at the time (except if blocked by Great Firewalls or content filters on proxy servers, of course) and not be purposely or inadvertently prevented from working by the media service provider’s network concept.

I myself had considered signing up for a Netflix account so that I could view films and TV programmes during my overseas work trips, but, after having to struggle for days to help a family member access a valid Netflix account on a smart TV in the country where the account was set up, will definitely not be giving Netflix my business. In this day and age it is ridiculous that users should have to try umpteen DNS server addresses and reset TVs, routers and modems in order to access their account with a media provider. Services such as Netflix will never have my business until their networking and DRM are sorted out properly and made to work reliably. Until Netflix changes its network delivery model, its service will remain a curate’s egg in my opinion.

Automatically log off inactive users in Windows 10

Although I use Linux on my own machines, the family PC in my lounge runs Windows 10. It has five user accounts and the other members of my family never bother to log out (‘sign out’ in Windows 10 parlance), usually leaving a browser window open. If I logged in to my account and clicked on my icon in the top left corner of the Start Menu, ‘Signed in’ was shown below any of the other users who had not bothered to log out. I found this behaviour somewhat frustrating and resolved to configure the PC to log out a user after a specified period of inactivity by that user. Although it is generally not recommended to forcibly logout someone in case e.g. they have a document open, in my family’s case it would be unlikely to cause a problem and is preferable to leaving several accounts unnecessarily active (albeit requiring each user to re-enter their password in order to access the account, as the default setting for ‘Require a password on wake-up’ is ‘Yes’). Below I explain how I configured Windows 10 to log out each user automatically after a period of inactivity.

First I downloaded the application idlelogoff.exe using the following link:

http://ftp.intelliadmin.com/release/idlelogoff.exe

See the Web page Automatically log off inactive users for details of that application.

I used the Windows 10 File Explorer to copy the file to the root directory C:\ and then I created a batch file IDLELOGOFF.BAT by right-clicking on the Windows 10 Start Menu icon, selecting ‘Command Prompt (Admin)’ and entering the following commands in the Command Prompt window:

cd C:\
notepad IDLELOGOFF.BAT

I made the contents of the batch file IDLELOGOFF.BAT the following, so that a user would be logged out automatically after 900 seconds of inactivity in their session:

start /min C:\idlelogoff.exe 900 logoff

and I changed the owner of the batch file to Users by right-clicking on it in File Explorer and then clicking ‘Properties’ > ‘Security’ > ‘Advanced’ > ‘Owner: Change’ and specifying ‘Users’.

Then I created a standard shortcut to the batch file for each user by getting each user in turn to log in to their account and following the instructions on the Web page Windows 10 – How to Run Program Automatically at Startup. Basically, you press the Windows Key and the R key simultaneously and enter ‘shell:startup‘ to open the user’s Start-up folder, and from there you right-click and select ‘New’ > ‘Shortcut’.

After that, the application idlelogoff.exe should be started automatically the next time a user logs in. You can check by pressing Ctrl-Alt-Delete in each user’s session, selecting ‘Task Manager’, clicking on the ‘Processes’ tab and idlelogoff.exe should be in the list of background processes. If you then log in to your own account and click on your account icon in the top left corner of the Start Menu, you’ll notice ‘Signed in’ is shown below the other user’s icon. If you check again after fifteen minutes, you’ll see that the ‘Signed in’ has gone, indicating that the user has been forcibly logged off.

SDDM keyboard layout

I am using Plasma 5 in Gentoo Linux ~amd64 with OpenRC on my Compal NBLB2 laptop. The Display Manager I am using is SDDM, and the log-in screen was using the US keyboard layout, the only keyboard layout available in the log-in screen’s keyboard menu. Searching the Web told me that SDDM uses the keyboard layout specified in the file /etc/X11/xorg.conf.d/00-keyboard.conf. The trouble is, it doesn’t (at least not in my case). The file already existed in my installation, and its contents are listed below:

Section "InputClass"
    Identifier "keyboard"
    MatchIsKeyboard "yes"
    Option "XkbLayout" "gb,us,br,es"
    Option "XkbVariant" ""
    Option "XkbOptions" "grp:alt_shift_toggle"
EndSection

The X.Org keyboard layouts specified in the file are available once I have logged in to the Plasma 5 Desktop, but none of the four keyboards (gb, us, br and es) were displayed by SDDM in its log-in screen menu. Eventually I discovered it is possible to specify the keyboard layouts in the file /usr/share/sddm/scripts/Xsetup which, by default, contains only the following:

#!/bin/sh
# Xsetup - run as root before the login dialog appears

I edited the file to contain the list of keyboards I wanted SDDM to allow me to choose from on the log-in screen:

#!/bin/sh
# Xsetup - run as root before the login dialog appears
setxkbmap gb,us,br,es

Now the SDDM log-in screen displays the national flags of those four keyboard languages in its keyboard menu, and I can select which keyboard layout to use for typing my password to log in to the Plasma 5 Desktop.

Follow

Get every new post delivered to your Inbox.

Join 68 other followers