So, after a take on Metacity , I just went ahead and implemented the same quick workspace switching feature for KDE (namely, kwin) – with great help from Nicolas Lécureuil (a.k.a. Neoclust) of course!
Basically, it works essentially like the same feature in xfwm4 – when you switch to a different workspace via a keyboard shortcut, and press the same shortcut again while on this workspace, it will bring you back to the previous one. So you can press ctrl-f2 to switch to from workspace 1 workspace 2, and when you press ctrl-f2 again kwin will recognize that you want switch back, to whatever workspace you were before, and will do it. An extremely handy quirk which I cannot live without anymore 
.
I have to assume that I have never ever coded anything for KDE until yesterday, but it turned out to be extremely simple. KDE has its flaws, its infrastructure with billions of libraries and processes everywhere is hard to understand, but I actually was surprised on how easy it was.
So, without further words, the patch for kdebase4-workspace which adds this functionality follows (sorry for the formatting, but kde has some very long lines of code..):
diff -p -up kdebase-workspace-4.5.65svn1165394/kwin/kcmkwin/kwindesktop/main.cpp.switchback kdebase-workspace-4.5.65svn1165394/kwin/kcmkwin/kwindesktop/main.cpp
--- kdebase-workspace-4.5.65svn1165394/kwin/kcmkwin/kwindesktop/main.cpp.switchback 2010-09-01 09:10:02.000000000 -0300
+++ kdebase-workspace-4.5.65svn1165394/kwin/kcmkwin/kwindesktop/main.cpp 2010-09-01 09:21:13.000000000 -0300
@@ -184,6 +184,7 @@ void KWinDesktopConfig::init()
connect( m_ui->popupHideSpinBox, SIGNAL(valueChanged(int)), SLOT(changed()));
connect( m_ui->desktopLayoutIndicatorCheckBox, SIGNAL(stateChanged(int)), SLOT(changed()));
connect( m_ui->wrapAroundBox, SIGNAL(stateChanged(int)), SLOT(changed()));
+ connect( m_ui->switchBackBox, SIGNAL(stateChanged(int)), SLOT(changed()));
connect( m_editor, SIGNAL(keyChange()), SLOT(changed()));
connect( m_ui->allShortcutsCheckBox, SIGNAL(stateChanged(int)), SLOT(slotShowAllShortcuts()));
connect( m_ui->effectComboBox, SIGNAL(currentIndexChanged(int)), SLOT(changed()));
@@ -252,6 +253,8 @@ void KWinDesktopConfig::defaults()
m_ui->wrapAroundBox->setChecked( true );
+ m_ui->switchBackBox->setChecked( false );
+
m_editor->allDefault();
emit changed(true);
@@ -285,6 +288,9 @@ void KWinDesktopConfig::load()
KConfigGroup windowConfig( m_config, "Windows" );
m_ui->wrapAroundBox->setChecked( windowConfig.readEntry<bool>( "RollOverDesktops", true ) );
+ // Quick switching back to previous desktop
+ m_ui->switchBackBox->setChecked( windowConfig.readEntry<bool>( "SwitchBackDesktops", false ) );
+
// Effect for desktop switching
// Set current option to "none" if no plugin is activated.
KConfigGroup effectconfig( m_config, "Plugins" );
@@ -341,6 +347,9 @@ void KWinDesktopConfig::save()
// Wrap Around on screen edge
KConfigGroup windowConfig( m_config, "Windows" );
windowConfig.writeEntry( "RollOverDesktops", m_ui->wrapAroundBox->isChecked() );
+ //
+ // Quickly back to previous desktop
+ windowConfig.writeEntry( "SwitchBackDesktops", m_ui->switchBackBox->isChecked() );
// Effect desktop switching
KConfigGroup effectconfig( m_config, "Plugins" );
diff -p -up kdebase-workspace-4.5.65svn1165394/kwin/kcmkwin/kwindesktop/main.ui.switchback kdebase-workspace-4.5.65svn1165394/kwin/kcmkwin/kwindesktop/main.ui
--- kdebase-workspace-4.5.65svn1165394/kwin/kcmkwin/kwindesktop/main.ui.switchback 2010-09-01 09:09:59.000000000 -0300
+++ kdebase-workspace-4.5.65svn1165394/kwin/kcmkwin/kwindesktop/main.ui 2010-09-01 09:59:02.000000000 -0300
@@ -7,7 +7,7 @@
<x>0</x>
<y>0</y>
<width>572</width>
- <height>310</height>
+ <height>334</height>
</rect>
</property>
<layout class="QHBoxLayout" name="horizontalLayout">
@@ -141,6 +141,16 @@
</property>
</widget>
</item>
+ <item>
+ <widget class="QCheckBox" name="switchBackBox">
+ <property name="whatsThis">
+ <string>Enable this option if you want to remember and recall previous desktop when switching via keyboard shortcuts. E.g., if you switched to desktop 2 by pressing its shortcut, pressing it again while on desktop 2 will bring you back to the previous desktop.</string>
+ </property>
+ <property name="text">
+ <string>Remember and recall previous desktop when switching via keyboard shortcuts</string>
+ </property>
+ </widget>
+ </item>
<item>
<widget class="QGroupBox" name="groupBox_3">
<property name="title">
diff -p -up kdebase-workspace-4.5.65svn1165394/kwin/kwin.kcfg.switchback kdebase-workspace-4.5.65svn1165394/kwin/kwin.kcfg
--- kdebase-workspace-4.5.65svn1165394/kwin/kwin.kcfg.switchback 2010-09-01 09:10:56.000000000 -0300
+++ kdebase-workspace-4.5.65svn1165394/kwin/kwin.kcfg 2010-09-01 09:16:20.000000000 -0300
@@ -41,6 +41,7 @@
<entry key="ShadeHover" type="Bool" />
<entry key="GeometryTip" type="Bool" />
<entry key="RollOverDesktops" type="Bool" />
+ <entry key="SwitchBackDesktops" type="Bool" />
<entry key="FocusStealingPreventionLevel" type="Int" />
<entry key="Placement" type="String" />
<entry key="AutoRaise" type="Bool" />
diff -p -up kdebase-workspace-4.5.65svn1165394/kwin/options.cpp.switchback kdebase-workspace-4.5.65svn1165394/kwin/options.cpp
--- kdebase-workspace-4.5.65svn1165394/kwin/options.cpp.switchback 2010-09-01 09:12:09.000000000 -0300
+++ kdebase-workspace-4.5.65svn1165394/kwin/options.cpp 2010-09-01 09:26:40.000000000 -0300
@@ -87,6 +87,8 @@ unsigned long Options::updateSettings()
rollOverDesktops = config.readEntry("RollOverDesktops", true);
+ switchBackDesktops = config.readEntry("SwitchBackDesktops", false);
+
legacyFullscreenSupport = config.readEntry( "LegacyFullscreenSupport", false );
// focusStealingPreventionLevel = config.readEntry( "FocusStealingPreventionLevel", 2 );
diff -p -up kdebase-workspace-4.5.65svn1165394/kwin/options.h.switchback kdebase-workspace-4.5.65svn1165394/kwin/options.h
--- kdebase-workspace-4.5.65svn1165394/kwin/options.h.switchback 2010-09-01 09:12:07.000000000 -0300
+++ kdebase-workspace-4.5.65svn1165394/kwin/options.h 2010-09-01 09:22:14.000000000 -0300
@@ -215,6 +215,11 @@ class Options : public KDecorationOption
*/
bool rollOverDesktops;
+ /**
+ * whether or not quick switching back to previous desktop is allowed via keyboard shortcuts
+ */
+ bool switchBackDesktops;
+
// 0 - 4 , see Workspace::allowClientActivation()
int focusStealingPreventionLevel;
diff -p -up kdebase-workspace-4.5.65svn1165394/kwin/workspace.cpp.switchback kdebase-workspace-4.5.65svn1165394/kwin/workspace.cpp
--- kdebase-workspace-4.5.65svn1165394/kwin/workspace.cpp.switchback 2010-05-20 08:42:10.000000000 -0300
+++ kdebase-workspace-4.5.65svn1165394/kwin/workspace.cpp 2010-09-01 10:10:02.000000000 -0300
@@ -95,6 +95,7 @@ Workspace::Workspace( bool restore )
, desktopGridSize_( 1, 2 ) // Default to two rows
, desktopGrid_( new int[2] )
, currentDesktop_( 0 )
+ , prevDesktop_( 0 )
, desktopLayoutDynamicity_( false )
, tilingEnabled_( false )
// Unsorted
@@ -1403,6 +1404,15 @@ bool Workspace::setCurrentDesktop( int n
StackingUpdatesBlocker blocker( this );
int old_desktop = currentDesktop();
+
+ // Eugeni: are we trying to switch back to previous desktop?
+ if (options->switchBackDesktops && (old_desktop == new_desktop ) && (prevDesktop() > 0) )
+ {
+ // go back to previous desktop
+ new_desktop = prevDesktop();
+ kDebug(1212) << "Switching back to " << new_desktop;
+ }
+
if (new_desktop != currentDesktop() )
{
++block_showing_desktop;
@@ -1413,6 +1423,7 @@ bool Workspace::setCurrentDesktop( int n
ObscuringWindows obs_wins;
currentDesktop_ = new_desktop; // Change the desktop (so that Client::updateVisibility() works)
+ prevDesktop_ = old_desktop;
for( ClientList::ConstIterator it = stacking_order.constBegin();
it != stacking_order.constEnd();
diff -p -up kdebase-workspace-4.5.65svn1165394/kwin/workspace.h.switchback kdebase-workspace-4.5.65svn1165394/kwin/workspace.h
--- kdebase-workspace-4.5.65svn1165394/kwin/workspace.h.switchback 2010-08-11 07:08:13.000000000 -0300
+++ kdebase-workspace-4.5.65svn1165394/kwin/workspace.h 2010-08-31 23:34:01.000000000 -0300
@@ -245,6 +245,10 @@ class Workspace : public QObject, public
*/
int currentDesktop() const;
/**
+ * @returns The ID of the previous desktop.
+ */
+ int prevDesktop() const;
+ /**
* Set the current desktop to @a current.
* @returns True on success, false otherwise.
*/
@@ -314,6 +318,7 @@ class Workspace : public QObject, public
QSize desktopGridSize_;
int* desktopGrid_;
int currentDesktop_;
+ int prevDesktop_;
QString activity_;
bool desktopLayoutDynamicity_;
@@ -1142,6 +1147,11 @@ inline int Workspace::currentDesktop() c
return currentDesktop_;
}
+inline int Workspace::prevDesktop() const
+ {
+ return prevDesktop_;
+ }
+
inline int Workspace::desktopAtCoords( QPoint coords ) const
{
return desktopGrid_[coords.y() * desktopGridSize_.width() + coords.x()];
Some rpm quirks that can come quite handy sometimes. Specially for the ones who do not know how the rpm and spec files work .
The first one goes to a quick command which displays the top packages that use the most of your hard drive:
rpm -qa --qf="%{size} %{name}\n" | sort -n
This will list all installed packages, sorting them by size. There are some limitations for that (for example, it does not works nicely with hard links), but it gives you a big picture.
The second one goes to the:
rpm -qf /path/to/some/file
This will display which package the file you are looking at belongs to.
The third complements the third, and it is:
rpm -Vf /path/to/some/file
It will discover to what package the file belongs to, and verify if this package was changed since the install. So if something suddenly stopped working, and you are unable to figure out why by looking at the configuration file, this could come handy.
Next one goes to:
rpm -qf --scripts /path-to-some-file
If you notice that some command gets executed right after a package is installed, and the only thing you know about this package is one file it provides, this will show all such commands.
Fifth is:
rpm -qa --qf '%{license}\n' | sort | uniq
This will show you all the licenses of all packages you have installed on the system.
And a bonus one goes to:
rpm -qf --changelog /path/to/a/file
which shows the whole package changelog for the package that contains a specific file. This helps you find someone to blame when a package stops working .
I just packaged the gource package for Mandriva Cooker, so therefore it will be available in Mandriva 2010.1 – which will be released in just few weeks.
While doing so, I was playing a bit with it, and it is an impressive piece of software. I often receive comments asking about “who is really working on Mandriva-specific software”. So, just to illustrate it in details, here goes a detailed explanation of who had commited something into drakx-net (Mandriva network stack) over the past year and half:
The command to generate this video was (inside drakx-net source directory, checked out with git):
gource -640x360 -s 0.1 --stop-at-end --disable-progress --output-ppm-stream - | \
ffmpeg -y -b 3000K -r 60 -f image2pipe -vcodec ppm -i - drakx-net.mp4
Every time I try to switch to a different desktop environment/window manager, there is just one simple feature which always make me go back to xfce – the possibility to quickly switch back to previous virtual desktop. A simple but extremely addictive feature, which only xfwm4 was offering…
…until yesterday! I became tired on metacity not offering this feature, so I just went ahead and implemented it overnight (learning a lot about gnome development during the process).
So, if anyone out there was missing this feature – feel free to grab this patch and apply it to the metacity source. Basically, it will add one new gconf entry (switch_to_previous_workspace), and will make metacity remember the last workspace. So you can press ctrl-f2 to switch to from workspace 1 workspace 2, and when you press ctrl-f2 again metacity will recognize that you want switch back, to whatever workspace you were before, and will do it.
Once again, this is the beauty of the open source. If there is something you need, but nobody implemented it, you always have the possibility of just doing it yourself. At least, sometimes .
diff -p -up metacity-2.30.1/src/core/prefs.c.switch metacity-2.30.1/src/core/prefs.c
--- metacity-2.30.1/src/core/prefs.c.switch 2010-03-30 11:35:40.000000000 -0300
+++ metacity-2.30.1/src/core/prefs.c 2010-05-06 17:47:14.000000000 -0300
@@ -97,6 +97,7 @@ static char *cursor_theme = NULL;
static int cursor_size = 24;
static gboolean compositing_manager = FALSE;
static gboolean resize_with_right_button = FALSE;
+static gboolean switch_to_previous_workspace = TRUE;
static gboolean force_fullscreen = TRUE;
static MetaVisualBellType visual_bell_type = META_VISUAL_BELL_FULLSCREEN_FLASH;
@@ -412,6 +413,11 @@ static MetaBoolPreference preferences_bo
&resize_with_right_button,
FALSE,
},
+ { "/apps/metacity/general/switch_to_previous_workspace",
+ META_PREF_SWITCH_TO_PREVIOUS_WORKSPACE,
+ &switch_to_previous_workspace,
+ FALSE,
+ },
{ NULL, 0, NULL, FALSE },
};
@@ -1757,6 +1763,9 @@ meta_preference_to_string (MetaPreferenc
case META_PREF_FORCE_FULLSCREEN:
return "FORCE_FULLSCREEN";
+
+ case META_PREF_SWITCH_TO_PREVIOUS_WORKSPACE:
+ return "SWITCH_TO_PREVIOUS_WORKSPACE";
}
return "(unknown)";
@@ -2719,6 +2728,12 @@ meta_prefs_get_mouse_button_menu (void)
return resize_with_right_button ? 2: 3;
}
+guint
+meta_prefs_switch_to_previous_workspace (void)
+{
+ return switch_to_previous_workspace;
+}
+
gboolean
meta_prefs_get_force_fullscreen (void)
{
diff -p -up metacity-2.30.1/src/core/screen-private.h.switch metacity-2.30.1/src/core/screen-private.h
--- metacity-2.30.1/src/core/screen-private.h.switch 2010-01-14 22:31:32.000000000 -0200
+++ metacity-2.30.1/src/core/screen-private.h 2010-05-06 17:47:14.000000000 -0300
@@ -80,7 +80,7 @@ struct _MetaScreen
MetaUI *ui;
MetaTabPopup *tab_popup;
- MetaWorkspace *active_workspace;
+ MetaWorkspace *active_workspace, *last_workspace;
/* This window holds the focus when we don't want to focus
* any actual clients
diff -p -up metacity-2.30.1/src/core/workspace.c.switch metacity-2.30.1/src/core/workspace.c
--- metacity-2.30.1/src/core/workspace.c.switch 2010-01-14 22:31:32.000000000 -0200
+++ metacity-2.30.1/src/core/workspace.c 2010-05-06 18:00:39.000000000 -0300
@@ -377,7 +377,31 @@ meta_workspace_activate_with_focus (Meta
meta_workspace_index (workspace));
if (workspace->screen->active_workspace == workspace)
- return;
+ {
+ meta_verbose("Switching to same workspace detected, going back to previous one!!\n");
+ if (meta_prefs_switch_to_previous_workspace()) {
+ if (workspace->screen->last_workspace) {
+ meta_verbose("Going to desktop %d\n", meta_workspace_index(workspace));
+ meta_workspace_activate_with_focus(workspace->screen->last_workspace,
+ NULL, timestamp);
+ return;
+ } else {
+ meta_verbose("No old workspace..\n");
+ return;
+ }
+ } else {
+ meta_verbose("Last workspace switching disabled..\n");
+ return;
+ }
+ }
+ else
+ {
+ if (workspace->screen->active_workspace)
+ meta_verbose("Updating last workspace.. current: %d, new: %d\n",
+ meta_workspace_index(workspace->screen->active_workspace),
+ meta_workspace_index(workspace));
+ workspace->screen->last_workspace = workspace->screen->active_workspace;
+ }
if (workspace->screen->active_workspace)
workspace_switch_sound(workspace->screen->active_workspace, workspace);
diff -p -up metacity-2.30.1/src/include/prefs.h.switch metacity-2.30.1/src/include/prefs.h
--- metacity-2.30.1/src/include/prefs.h.switch 2010-01-14 22:31:32.000000000 -0200
+++ metacity-2.30.1/src/include/prefs.h 2010-05-06 17:47:14.000000000 -0300
@@ -60,7 +60,8 @@ typedef enum
META_PREF_CURSOR_SIZE,
META_PREF_COMPOSITING_MANAGER,
META_PREF_RESIZE_WITH_RIGHT_BUTTON,
- META_PREF_FORCE_FULLSCREEN
+ META_PREF_FORCE_FULLSCREEN,
+ META_PREF_SWITCH_TO_PREVIOUS_WORKSPACE
} MetaPreference;
typedef void (* MetaPrefsChangedFunc) (MetaPreference pref,
diff -p -up metacity-2.30.1/src/metacity.schemas.in.in.switch metacity-2.30.1/src/metacity.schemas.in.in
--- metacity-2.30.1/src/metacity.schemas.in.in.switch 2010-05-06 17:47:14.000000000 -0300
+++ metacity-2.30.1/src/metacity.schemas.in.in 2010-05-06 18:01:16.000000000 -0300
@@ -4,6 +4,24 @@
<!-- General preferences -->
<schema>
+ <key>/schemas/apps/metacity/general/switch_to_previous_workspace</key>
+ <applyto>/apps/metacity/general/switch_to_previous_workspace</applyto>
+ <owner>metacity</owner>
+ <type>bool</type>
+ <default>false</default>
+ <locale name="C">
+ <short>Remember and recall previous workspace when switching via keyboard shortcuts</short>
+ <long>
+ Set this to true to allow to switch to previous workspace when
+ using the current workspace keybinding. For example, if you switched
+ from workspace 2 to workspace 1 by pressing keyboard shortcut for
+ workspace 1, pressing the same shortcut again while on workspace 1
+ will switch to workspace 2.
+ </long>
+ </locale>
+ </schema>
+
+ <schema>
<key>/schemas/apps/metacity/general/mouse_button_modifier</key>
<applyto>/apps/metacity/general/mouse_button_modifier</applyto>
<owner>metacity</owner>
diff -p -up metacity-2.30.1/src/metacity.schemas.in.switch metacity-2.30.1/src/metacity.schemas.in
--- metacity-2.30.1/src/metacity.schemas.in.switch 2010-04-06 07:10:38.000000000 -0300
+++ metacity-2.30.1/src/metacity.schemas.in 2010-05-06 18:01:06.000000000 -0300
@@ -4,6 +4,24 @@
<!-- General preferences -->
<schema>
+ <key>/schemas/apps/metacity/general/switch_to_previous_workspace</key>
+ <applyto>/apps/metacity/general/switch_to_previous_workspace</applyto>
+ <owner>metacity</owner>
+ <type>bool</type>
+ <default>false</default>
+ <locale name="C">
+ <short>Remember and recall previous workspace when switching via keyboard shortcuts</short>
+ <long>
+ Set this to true to allow to switch to previous workspace when
+ using the current workspace keybinding. For example, if you switched
+ from workspace 2 to workspace 1 by pressing keyboard shortcut for
+ workspace 1, pressing the same shortcut again while on workspace 1
+ will switch to workspace 2.
+ </long>
+ </locale>
+ </schema>
+
+ <schema>
<key>/schemas/apps/metacity/general/mouse_button_modifier</key>
<applyto>/apps/metacity/general/mouse_button_modifier</applyto>
<owner>metacity</owner>
@@ -247,7 +265,7 @@
<applyto>/apps/metacity/general/theme</applyto>
<owner>metacity</owner>
<type>string</type>
- <default>Clearlooks</default>
+ <default>Ia Ora Steel</default>
<locale name="C">
<short>Current theme</short>
<long>
As our version freeze for Mandriva 2010.1 approaches quickly, I felt it was the right time to release new versions of msec, netprofile and drakguard.. and, as always, blog a bit about each of them.
Starting with msec. The last release introduced a security summary gui, which was very warmly welcomed by the community. This new release further improves this gui, and also adds some interesting and useful features.
New GUI layout. Among new features, it now displays when each periodic check was lust run, allows to run it instantly and view last results
As you can see, new GUI switched the layout a bit, and also added features to improve the usage of periodic checks. Now it is possible to run each check instantly, instead of waiting from cron to run it on periodic base, and also view the results of the last check.
Simple visualization of msec periodic checks
Besides that, a few bugs were fixed, and an interesting new feature was added, based on a patch from Tiago Marques from Caixa Magica: support for ACL. This features was added initially to allow drakguard application to work together with msec, in order to restrict users from running applications they should not have access to.
How does it works? Basically, besides the usual filesystem permissions for each file, it is possible to specify users who should have additional permissions. For example, permissions for /usr/bin/somescaryapp could be set to 750, but via ACL you could say that users eugeni, guest and friend could have read and execution permissions for it. This way, it is possible to extend the traditional unix access rules in a quite flexible way.
As for drakguard, most credit goes to Tiago Marques (if he manages to read this post, thanks a lot!). Among new features are more efficient GUI for managing all drakguard issues, and support for application blocking for specific users.
New initial drakguard gui
New drakguard interface for restricting application usage for specific users
This is one of the things I like the most about open source and community. If there is some functionality you need or want, you could just grab the code and implement it right away.
And finally, netprofile. Among some trivial bugfixes, it has one nice feature: support for custom services configuration. Turns out that while the way netprofile was working before, simple restarting some specific services when switching profiles, was enough for most use cases, it is not adequate for some cases. For example, you could want to run ypbind, cups and postfix in one profile, and run neither of them in another. Now it is possible to do so.
For this to work, it is extremely easy. Just switch to a different profile and disable/stop the services you don’t want, or enable/start the services you want to run on this profile. This will be saved automatically, just like all other settings, and the next time you switch to a profile your configuration will be restored.
There are some bugs left, and some features to be implemented yet. But in any case, as always, feel free to leave your opinion, suggestions and comments!
One of the most asked features for msec was to provide a “summary” screen, which could show the current state of system security to the user without making him go through all the possible security options and system tools.
Since today, this features was added to msecgui, showing the summary for three of the most important parts of system security: the firewall status, security overview and status of system updates.
Summary screen for msec
Of course, we all know that it is cooker version, and it is by no means final point on the UI design and functionalities . And, as usual, comments are more than welcome!
As promised in one of the past blog posts, a few more news about msec.
Since 2009.1, msec was supporting an arbitrary number of custom security levels, providing two levels by default: standard, focused on casual desktops, and secure, focused on security-concerned machines. Clearly, this was not covering all the possible use cases, and, while it was possible to create custom security levels for different users needs, few users actually dared to do so.
Starting with 2010.1, msec will provide a larger number of custom, task-oriented security levels. Among such levels, initially are the netbook (focused on low-end machines, running mostly on batteries, with a single local user and no remote accesses); fileserver (focused on a network server, such as SAMBA, NFS, or a database server, where only authenticated users are allowed), and webserver (focused on a web-facing server, attending unauthenticated and unknown users). The idea is to allow users to focus on their specific tasks (e.g., creating a web server, or configuring the netbook), without going too deep into the configuration options.
The msecgui UI was also improved to support those levels, among with user-created custom levels:
Msec levels selection, including the provided levels among with user-created ones
Besides those changes, the UI was simplified a bit thanks to a great cooker discussion and comments from Fabrice Facorat (and will be further improved in newer versions), the support for configuring the log retention period was introduced, and a few bugs were fixed.
More changes are still to be implemented in msec, but I thought that the ones I described in this post are interesting enough to deserve a new msec release.
Stay tuned for future updates!
Improving system speed, disk life and everything else in one small command
5 Comments | Filed under Linux-Planet devel english linux mandrivaI just noticed this days that, according to smartctl, the hard disk on my notebook has reached 365 days on Power_On_Hours variable. As the notebook itself has almost 2 years of age (I bought it in March of 2008), it is almost a double birthday-combo .
However, at this age, it is obvious that the hard disk of the notebook was not prepared to endure such challenges nicely. Both of its speed (5400 RPMs), durability, capacity, and so on were targeted on a more light use.
On the other hand, the system has 3GB of RAM, which is more than enough for most of my tasks. So after some thinking, I’ve been using some small script to automatically improve the system performance by offloading the most I/O-consuming stuff to RAM for the past few months.
How does it works? Simple. I have a small script which grabs content of a disk directory which I expect to receive heavy use (for example, /usr/lib/firefox, or the rpm BUILD/ directories which receive lots of I/O when building packages, and so on), and converts them into a RAM disk. This way, when anything inside such directory is accessed, it requires absolutely no hard disk I/O, the seek times are non-existent as well, and the throughput is incredible.
For example, if I build mozilla-thunderbird by using real hard disk BUILD directory, it takes almost 2 hours to build. If I use ramdisk for just the BUILD directory, the time required for such task drops down to about 30 minutes. The firefox startup time (both cold and hot – e.g., the first execution and consecutive ones) have the same time of about 1 second; and so on.
So, without further words, this is the script I am using:
#!/bin/bash
#
# This script remounts a directory in tmpfs (ramdisk) to speed it up
#
DIR=$1
SIZE=$2
if [ ! "$UID" = "0" ]; then
# this script must run by root. Let's try sudo'ing to root..
exec sudo $0 $*
fi
if [ ! -d $DIR ]; then
echo "Usage: $0 <full path to a directory>"
exit 1
fi
if [ "a$SIZE" = "a" ]; then
OPTIONS=""
else
OPTIONS="-o size=$SIZE"
fi
# first, copy everything somewhere to reuse it later
TMP=`mktemp`
tar cpf $TMP $DIR
# remount dir as ramdisk
mount -t tmpfs $OPTIONS $DIR $DIR
# unpack everything back
(cd / && tar xpf $TMP)
rm -f $TMP
To use it, just save it under a name like toram and use it on the directory you want to move to ramdisk. The second optional parameter is the size of the ramdisk to use – as by default tmpfs mounts itself with 50% of available ram, sometimes you may want to use more or less memory.
Just some examples on how to use it:
# toram `pwd`/BUILD (will remount current BUILD directory in RAM)
# toram /usr/lib/firefox-3.6 (will remount firefox directory in ram)
I hope this could be useful to someone .
It has been quite some time since I last posted here about msec. For the past few weeks, it received some attention and now I guess many of the features I wanted to push for Mandriva 2010.1 are implemented. So I’ll describe the most interesting ones in this blog post (and save some for later ).
First of all, starting with Mandriva 2010.1, msec will support user-defined periodicity for all periodic security checks. Therefore, it is possible to specify if each test should be executed daily (like in all previous msec versions), weekly or even monthly. In my opinion, this feature is one of the most interesting among all others, because it allows you to fine-tune the balance between security checks and daily I/O load caused by some expensive checks.
By default, checks which require lots of I/O (e.g., checking for unowned files, or world-writable files, and so on) will run weekly on the standard security level. Why so? Because this check was responsible for approximately 80% of all time required to run the periodic checks, and on most of the machines its results did not differ between consecutive days. Surely, it is nice to have a daily notification of all those changes, but the I/O cost of it is unacceptable high. Of course, you can define the periodicity of all such checks to be daily when you want, by using msecgui application of editing the configuration file manually .
Another interesting feature was the de-duplication of variables between main msec configuration file (security.conf) and the level configuration file (for example, level.standard). On previous versions, all variables were defined in security.conf, even if they have exactly the same value as the default one for the current security level. This way, it was easier to see all the configuration at once by looking into /etc/security/msec/security.conf file. On the other hand, it lead to duplication of almost all variables..
So for 2010.1, the behavior when saving the configuration file was modified to be more logical (and similar to the one of msecgui, which displays variables that differ from the default values for the security level in different way). If you want to redefine a variable, just specify it in security.conf and this change will take effect. If you want to disable a variable completely, just define it to an empty value (like, CHECK_SOMETHING=), like in previous versions, and it will be disabled.
To simplify this, we could use the following analogy: in previous msec versions (e.g., 2009.1 and 2010.0), the security.conf file contains the whole security configuration of msec plus the name of the security level which is used as base. In 2010.1, it contains the reference to the base security level plus only the variables which must be overridden for this level. In other words, on Mandriva 2010.1 just by looking at the msec security file it is possible to say “this machine is configured to use the same configuration as on standard security level, except those three checks that should be disabled).
There is yet another reason for this change, which will be described in details when it gets implemented (probably in a few coming weeks). So stay tuned for more news .
Another feature was the possibility of running the RedHat sectool checks periodically, among with all other msec checks. Just install sectool package from the contrib, and its checks will be executed automatically by msec.
Additionally, the integration between msec and msecperms applications was improved, making it easier to switch security levels and creating custom levels.
Besides those changes, several msec messages were improved to make them easier to understand by non-geek users , and, like usual, several bugs were fixed.
Like always, I am very interested in your feedback on those changed. Please, feel free to drop me a note whether you like these features, dislike them, or any other kind of comments about msec.
Since I first heard about the filming of the Lord of the Rings movies, my life was almost divided into two stages: before I heard about it, and after that. The Lord of the Rings was the first book I read (at age 4 or 5, I don’t remember exactly), and I read it at least 50 times since that. So the waiting that movie was really, really expected.
After the last of the LOTR movies, I was a bit lost. There was no more need to wait for the next movies. I felt almost like ‘the cinema has got to its top, and I don’t think any other movie will entertain me, and allow me to go to the other worlds as the LOTR did’. For several years, I was waiting for the next LOTR movies like a child who is waiting for the Santa’s gifts at the end of the year. And suddenly I felt like all the wishes were fulfilled.
However, some new movies appeared and made me feel almost as when I was waiting for the Fellowship of the Ring, The Two Towers and The Return of the King – movies like the Spiderman series, The Jason Bourne series, the last episode in the Starwars movies (well, the 3rd episode to be correct), Pirates of the Caribbean, 300, the new Batman and The Dark Knight movies, and many others. However, most of those movies appeared before 2009, so I started the year thinking ‘oh my.. this year will be a really boring one, with nothing interesting to watch’.
Well, to sum it in a few words.. I was completely wrong. The year of 2009 brought me a lot more excellent movies that I could possible hope. Just to name a few: Watchmen (until the very end of the year, I thought it would be simple the best movie in a long long time), 500 Days of Summer, Zombieland, Terminator Salvation, Inglorious Bastards, Taken, Star Trek, Pandorum (almost-the-best SciFi movie in a long long time), District 9, and many many others. I have to say that all those movies were great, and left a mark in my memories.
And then Avatar came and put them all into the background.
I already expected a lot from this movie, and also was quite afraid that it would not live up to the expectations. However, I had a lot of trust in James Cameron – the cinema magician who created Terminator, Aliens, True Lies, Abyss and Titanic.. and he made yet another cinema miracle. In my opinion, Avatar is the biggest happening in the cinema world of this decade. And it is specially true for the ones out there who happen live some part of their life in different worlds – worlds created by writers, cinema guys, or RPG games.
The writers manage to create great worlds, and make you believe that they are real in your mind. Role-playing games put you in those worlds, and make you part of it. But with Avatar, James Cameron was the first guy to in fact create a different world, and let us to live in it for a while. That world feels so real, that you forget about all the computer-generated graphics, effects, and a (few) plot holes, so you just lose a few hours of your real life to spend them on Pandora.
So, to sum it all up – if you haven’t done it yet, go watch Avatar – and, if possible, watch it in 3D. You’ll probably feel the same feeling as the people in the beginning of the past century had, by watching the first movies ever.
I think that resumes pretty much everything I have to say about it .
From time to time, several questions appear asking about the support for Mandriva products – either with bugfix updates, or the security ones. According to the policy, each update is assigned a specific advisory, which can affect one or more distributions. Besides, each advisory could receive an errata, to correct a regression caused by a previous update. Moreover, most of the updates fall into the bugfix (e.g., fixing some bad behavior or crash or simple improving the application), or security (fixing a security issue which could lead to remote compromising of the system, denial of service or other nasty effects) categories. We also have the general updates category, but this is not that different from bugfix updates, so I’ll count both of them together here.
Now that we are entering the year 2010, I thought that it would be interesting to give you some quick follow-up on how many updates were done during the last few years.
In 2009, there were a total of 436 security updates for all Mandriva-supported packages (e.g., the packages in Main repository), and a total of 288 bugfix updates. The bugfixes are usually provided by the package maintainers, who are responsible for issuing the fix/patch, properly testing the updated package, and send it to the secteam. Secteam does the final validation, signs the package with the update key, and releases the advisory (which is sent to a mailing list and to the Mandriva web site). Later, the packages are sent to the mirrors, and become available to the users.
With security updates, it is a bit different. The entire process is usually handled by the secteam, which is responsible for identifying the security issue, locating the relevant patch or solution, updating and testing the fix, and releasing the updated packages. After that, those updates have a similar fate to the bugfix ones (e.g., signing, releasing the advisory, and so on).
If we look into the detailed numbers, things become quite more interesting:
- In 2006, we had 67 bugfix updates and 250 security updates. In total, 10769 RPM files were provided as updates.
- In 2007, there were 144 bugfix updates and 262 security updates, with a total of 17786 updated rpm files
- In 2008, we had 213 bugfix updates and 264 security updates, totaling 25718 rpms provided as updates
- And in 2009, there were 288 bugfix updates and 436 security updates, with a total of 41024 rpms provided as updates.
So I’d say that Mandriva users are pretty well supported .
Cleaning dust on photos: or “In Gimp We Trust!”
14 Comments | Filed under Linux-Planet devel english mandriva tutorialA few weeks ago I finally realized my old wish: I bought a real camera for me: a Nikon D40 – which is, according to many, many people, is the best DSLR out there. At least for non-professionals.
With just a few pictures it was already possible to note the difference – I could not ever EVER got close to those pictures with all my previous cameras (like Nokia N95 and Sony CyberShot W90):
However, after a few days with my new camera, I found out that it came with some dust on its sensor. Not much, but clearly visible on pictures with uniform colors (like sky or white wall). For example, it is possible to see the dust spot on the left half of the following picture – if you zoom in, you’ll clearly see that there is some dark spot covering part of a cloud and appearing in the sky:
One could say ‘Ahh, but that is just a small tiny spot.. nobody will notice it’. But… I do notice it, and I don’t like it. So I started looking for solutions for this issue.
In first place, I tried cleaning the sensor using a air blower (without luck). The dust spot moved a bit with the air flow (a few microns) and landed to its new place (permanently, I afraid). The next step was to ask the official Nikon support in Brazil, which is located in São Paulo city, about 250km from where I live. Their answer was is that the sensor cleaning should cost around R$ 100 (about 60 US$) + shipping. Quite expensive in my opinion.
So the next step was to start thinking like a computer geek. The photo is digital, so it is nothing more than a bunch of bits . So there SHOULD be some software or at least algorithm suitable for cleaning this all. After a quick research, I found that there is the Nikon Capture NX software which removes the dust pretty well. However, it is
- commercial
- expensive
- orders you to take photos in RAW only. I like RAW, but… the memory card is not infinite.
So another option was to clean the dust in gimp. Manually… and it is needless to say that this approach is.. well.. boring, time-consuming and pretty much futile.
However, when all the hope was, apparently, lost, the Great Google Gods sent me a wonderful link to the Resynthesizer plugin – which is AMAZINGLY EFFICIENT in solving the dust issues.
So, dear readers, without other words, I’ll show you the few needed steps to fix the dust on your photos:
Install resynthesizer plugin. On Mandriva systems, you can cheat and run a magic urpmi gimp2-resynthesizer command which will do the trick. On other systems, go to the resynthesizer web site, download, compile and install the plugin. it is trivial, so I won’t go into additional details here.
Grab your dust-damaged image and open it in gimp. As you can see, there is a horrible dust on the left part of the otherwise-blue sky:
Gimp with the dust-cleaning victim
- Select a region around the dust to remove:
Selecting the dust to remove
- Press CTRL-X to remove the selected area:
Removing the dust
- Now, select a bit larger region around the white spot:
Selecting some space around the dust spot
- Go to Filters->Map->Resynthesize and run the Resynthesize filter:
The Resynthesizer plugin in all its glory
- Wait, wait, and…:
Magic!
- That’s it!:
A perfect clear sky!
Of course, it all could be done manually in gimp. However, the Resynthesizer plugin just makes it easier and better.
So what is the result? A bit more magic + some Hugin hacking and…:
Yes, that’s right. Every image on panorama had a dust spot, which I cleared up with Resynthesizer. So next time you encounter some dust on your photo, remember that there is a GREAT open-source plugin for gimp out there to help!
Enjoy, and have a Happy New Year!
New year, new car.. a tribute to Renault Megane, and a Merry Christmas message
2 Comments | Filed under english mandrivaAnother year is coming to an end, and, as everything in life, time comes to retire an old car and switch to a new one. And this time has come for me as well – after 4 years with my precioussss Renault Megane, I switched to a new car. So now I feel that the 4-years experience was quite enough to get a good opinion about the Megane.
The first photo ever of my megane, taken in 2005
Well, first of all, this was definitely the best car I ever had or driven. It is extremely stable, fast, easy to control and comfortable. Yet by some reason, it seems to be quite an outcast here in Brazil, and it leads to problems related to the repair parts and their prices.
During those 4 years I never ever had any serious problems with this car, and I can recall at least 5 times when it really saved my life when any other car would have been completely destroyed or at least seriously damaged. The car’s stability is phenomenal, and its easy of control at any speed and in all situations are remarkable.
Do not try this at home
So this post is sort of a tribute to my old Renault Megane. It was amazing to have you, and thanks for the ride! 
And, as the year is coming an end, I’d also wish a Merry Christmas and a happy 2010 to everyone who read, commented or just passed by and looked at this blog! See ya!
Well, the title says it all! Yep, one year has passed since I started working at Mandriva. Since then, it has been about 1100 SVN commits, about 300 closed bugz on bugzilla, around 65 security and bugfix advisories, and hundreds of git commits all around. If you are using Mandriva 2009.1 or 2010.0, you have certainly seen at least a bit of such changes – in msec, drakx-net, netprofile, net_monitor, tomoyo-gui, initscripts, shorewall, and others.
Of course, there also were some cooker breakages as well during this year . But, on the other hand, cooker is not fun at all when it is stable (albeit I am using it on my machine constantly).
So far, I can say that it is being a very cool experience . Mandriva distributions is getting better and better, and I am very proud of making part of Mandriva team and being able to contribute a bit to its development.
The number of played tracks is scaring..
I’d say that about 13000 tracks in this counter were played with mpd and a few custom scripts to control it..
As Mandriva 2010 final release data approaches, the final retouches are being worked out on some of the tools I am taking care of.
Net_monitor has evolved a lot since its first/new release. The interface was compacted, more features added and overall look-and-feel improved considerable.
net_monitor monitoring a wired connection
net_monitor monitoring a wireless ad-hoc connection
netprofile also received a few updates – most notable, the support for save, load and reset action, and a simple yet functional plymouth integration during boot:
Selecting a profile on boot
I don’t know how useful this integration is however (at least, for me). Most of the time my computer is either in suspend or hibernating mode, so I would see this screen about once a month .
net_monitor lives again
11 Comments | Filed under Linux-Planet devel english mandriva programming pythonWorking on Mandriva network tools, I looked on one of the most essential ones the network monitor (net_monitor). It was introduced a couple of releases before, and was mostly doing its job. However, it has a number of flaws and lack of features that motivated us to look closer at it.
Our old friend net_monitor, present in your favorite Mandriva distro!
The net_monitor currently used in all Mandriva versions is written in perl, is using internal drakx-net api (and is, therefore, only usable on Mandriva), and also have some issues such as memory leaks and non-usual interface. After a few thoughts and discussions we came to conclusion that it would be more adequate to project and rewrite it from scratch, turning it more modular, expansible and focused on common use cases.
Initially, I thought on using perl to write it, so it would still be part of drakx-net suite. However, after thinking on the code and the way it should work I felt that my brain was going to melt down (perl is a nice language, but it is certainly not that compatible with me). So I ended up with python, which is my language of choice (together with C). Also, I’ve received many comments saying that the net_monitor is no more relevant, as every desktop environment provides its own network monitoring tool, and it should be dropped from drakx-net. By combining those issues, we came to decision that it would be more proper to separate net_monitor into a different package – this way, it won’t depend on any drakx-net internal functionalities, and user could uninstall it if required and use his own network monitoring tool if he wants to. And, at the same time, users would still have a cute little network monitoring application on their machines.
So, as a picture says more than a thousand words, I guess I’ll just add some pictures here than additional KBs of text (EDIT: please note that the look and features of net_monitor have changed significantly in Mandriva since this post):
net_monitor monitoring a wireless connection
net_monitor monitoring a connection for which network accounting was not enabled
net_monitor displaying some statistics about your network usage (provided by vnstat)
looking at daily traffic statistics on my notebook for the past month
...and hourly statistics...
...and finding our when I killed my bandwidth..
Surely, this is just an early and preliminary version, with many missing features and such. If you want to give it a try, just install net_monitor package, and it will create /usr/bin/net_monitor executable for you. It won’t conflict with existent net_monitor from drakx-net which is installed in /usr/sbin, so both of them may coexist on your system. If you look at /usr/share/doc/net_monitor/TODO, you’ll see some of the ideas that I intend to add to it, but the idea is to keep it simple and not transform it into an emacs of network monitoring . And, of course, feel free to add your comments and suggestions (and bug reports) here!
P.S.: Just to prevent comments like ‘you should focus on fixing bugs instead of wasting time writing new things’. Net_monitor is present in Mandriva for years now, and if you look at bugzilla list it has a number of bugs and issues. So I am not creating a new app – I am bringing back from the land of the dead an old one .
P.P.S.: Answering in advance to another question – yes, it would work on any Linux distro which has python and pygtk. You’ll just have to add some tricks into your network startup scripts to enable vnstat integration, but it will work just fine even without that.
Improving website scalability: image sizes
1 Comment | Filed under Linux-Planet devel english mandriva webOne of non-trivial tricks involved in web site scalability is the optimization of all image files. One of the sites I am helping to take care of has a front page with more than 350KB in .jpeg images. And, obviously, it takes lots of time to load and, considering the number of accesses, the bandwidth is huge. Usually, those images can be optimized in photo editor, or saved with higher compression or lower quality, but sometimes there is not much else you can do. Or you think so.
One quick trick to improve this situation is by converting some images to png with ImageMagick and running pngcrush on them. A simple script can be used to do so:
#!/bin/bash
totalsize=0
for file in *jpg; do
# file.jpg becomes file.png
newfile=${file/jpg/png}
# convert to png
convert $file 1.png
# compact with pngcrush
pngcrush -brute 1.png $newfile > /dev/null
# calculate old and new sizes
newsize=$(wc -c < $newfile)
oldsize=$(wc -c < $file)
if [ $newsize -lt $oldsize ]; then
echo "$file: reduced from $oldsize to $newsize bytes"
# remove old jpg file
rm -f $file
# replace all references to old file everywhere
sed -i -e "s/$file/$newfile/g" *
totalsize=$[$totalsize + $oldsize - $newsize]
else
# old file is smaller, remove new file
rm -f $newfile
fi
done
echo "total reduction: $totalsize"
# remove temporary file
rm -f 1.png
By running it on the website in question, it managed to shrink the front page by about 200KB of image data. Considering 10000 daily accesses, it would save about 2GB of network traffic per day.
The following picture pretty much explains this post title:
Dward Fortress learning curve
If you enjoy state-of-the-art ASCII graphics, infinite gameplay, endless game possibilities and want to spend most of the rest of your life trying to understand how to play this game , you’ll certainly enjoy it!
The game page is here, and if you want a direct link to latest Linux version it is here. Ohh, and if you want some a bit more user-friendly UI, check out here.
Following yoho’s post, I thought it would be a good idea to join the Linux Planet project. My blog (well.. at least its technical part) is quite in line of the project’s goals: it is in English, it is technical, its content is all written by me, and it has the most reliable information out there about few opensource projects (for example, msec and netprofile ).
So, why not? From now on, this blog will land on Linux-Planet too!
Time has come for some msec updates.
With base on previous post, I was working (among other things) on few msec ideas. And now it looks like a good time to put them out to cooker.
First of all, I added support for exceptions into msec periodic check. I wanted to make it as flexible as possible, and I think I managed to implement everything I wanted. Right now, for each supported periodic check, it is possible to define as many exceptions as necessary. So, for example, if you run a local mandriva mirror with unsecure permissions on files, or want to exclude certain rules from firewall check, or some local users that appear unsafe to msec are safe to you, you can tell it to msec, and it will not bother you about it anymore.
For this, /etc/security/msec/exceptions file is used, and it is possible to define as many rules as necessary for each check there. The syntax is quite simple: RULE_NAME exception. To illustrate, that’s what I put into my local exception list on my machine:
CHECK_UNOWNED /home/chroot
CHECK_UNOWNED /home/images/chroot
CHECK_WRITABLE /home/chroot
CHECK_WRITABLE /home/images/chroot
CHECK_OPEN_PORT /deluge
CHECK_USER_FILES gdm
CHECK_OPEN_PORT eugeni:ircd
This way, I won’t receive msec alerts about unowned and world-writable permissions in chroots, about gdm home directory being accessible to the world, and about network ports used by deluge or connected to local ircd server. Each exception is a regexp, so the possibilities are endless.
Of course, it is possible to do it in the gui:
Showing the list of configured exceptions in msecgui
Adding a new exception
Besides that, as suggested in the last post, I also added a summary to periodic msec checks. So if you want to have a quick look on the results, you don’t have to read the entire mail.
Also, a few annoying bugs were fixed and few features were added.
But, besides that, I also contacted vdanen, the author of the rsec tool, and the sectool guys about some possible interaction between our projects. Hopefully, we’ll have some news soon.
Meanwhile, enjoy new msec and (as always) feel free to give your feedback over it.
With recent posts by vdanen and adamw, and a recent cooker mailing list thread, it became clear that msec is a very important project/package, and it should deserve much more attention and feedback.
As you probably know, msec underwent a huge redesign for Mandriva 2009.1, and it is getting a lot of attention for 2010.0. But that’s still not enough – even if it became a quite flexible and extensible package, it still has its rough edges, and I intend to solve them all. Of course, it won’t became a perfect package that would rule-them-all, but I intend to get as close to this objective as far as it is humanly possible .
So, please, if you use msec, or rsec, or sectool or any other security-concerned framework – please, speak about what you want to see in them, what are the points you are missing, and what features were left unimplemented for the time being.
As for me, I have the following items in the roadmap:
- implement skip list/exceptions for msec, for every possible test, in a similar way to mandriva bug #53307
- do my best to provide a nice common source base for both msec and rsec (I hope vdanen would be interested in that as well). Right now it is possible to configure msec to behave exactly as rsec, doing security checks and nothing besides that, but that is not that trivial to do (well.. it is for me, but not for any casual user out there ), and it should be beneficial to both projects
- provide support for sectool plugins in msec – either directly, or by converting them to msec-parseable format
- work with rsec/sectool/checksecurity/seccheck developers to provide a similar set of features for all those projects. We live in opensource world, and advances in one projects would certainly benefit all of us – specially in such critical area as system security.
So, if you have suggestions, ideas, features or any sort of comments – please, speak. We’ll hear you.
Usp finalmente colocou a minha tese na net! Uhuu!
Para quem quiser mergulhar numa aventura emocionante, conhecer as teorias, mitos e lendas do Grande Caos, comparar a sua inteligência com a artificial, e participar de uma busca dinâmica afim de e averiguar a verdadeira autonomia de computação, sintam-se convidados a se escalar nessa jornada!
http://www.teses.usp.br/teses/disponiveis/55/55134/tde-05082009-205709/
For some time now I was using binary chrome files, as distributed by chromium web site. I tried building chrome from the source, but its requirements (a few GBs of free disk space + lots of time to compile everything) made me gave up from the idea. Instead, I wrapped up a simple script+spec file to convert binary chromium distribution to a mandriva RPM.
Please note that it is NOT the right way to do it, and it is in fact a big big hack – I simply grab the binary .zip from chromium site, repackage it as rpm, and define some rpm hacks to work around different shared library names. But it works fine for me (on i586), so I decided to share it in case someone else could be interested.
To install it with urpmi, the following would do the trick:
urpmi.addmedia --mirrorlist http://eugeni.dodonov.net/rpm eugeni i586
urpmi chrome
this will install the browser startup script in /usr/bin/chrome, and also add an entry to the menu. Please note that this is a dirty hack , but it makes it a bit easier to test new chromium packages without lots of manual tricks.
After a very helpful feedback on cooker mailing-list, I decided to post a more in depth screencast which illustrates how netprofile works.
Let’s think about a simple use case. You are using your notebook at home, and everything is fine. However, every time you have to go to work, you have to change several settings related to your network connection, proxy configuration and firewall. Of course, you can do it all manually, or even wrap out a script, but.. there is no need for it with the new netprofile!
So, the goal of this post is to illustrate how to accomplish this task with new netprofile and updated drakx-net applications.
The first thing you have to do is to go to draknetprofile application, and create a new network profile (Update: scroll down to the botton of the post to see the actual draknetprofile screenshots):
draknetprofile graphical interface
When you create a new profile, you have to give it a name (for example, work):
Creating new network profile
After you are finished, this new profile will be created and, automatically, activated:
New network profile was created and activated
From now on, whey you use other drakx-net application, they will detect that you have multiple network profiles, and show you some helpful text to let you know what profile you are using currently. So you can configure your firewall:
firewall configuration with new network profile
Your network connections:
Configuring network settings for new network profile
Your proxy settings:
proxy configuration for new network profile
And other network settings you want:
network center displaying currently used profile
When you go back home, you simply right-click on the net_applet tray icon and activate the default profile again:
net_applet switching profiles
And this will (almost) instantly restore your settings stored on the default profile:
draknetcenter with default profile
You can repeat this procedure for any other profile and configuration. Of course, if you do not want to use netprofile at all, everything will just work.
I hope this clarifies a bit the netprofile application, and how it can help you to simplify your life in different network environment.
EDIT: Updating this post, this is how draknetprofile looks in Mandriva 2010 Beta:
Default netprofile view, with modules details hidden in Advanced section
Advanced view of draknetprofile, showing modules configuration
After the last-year msec rewrite for Mandriva 2009.1, my goal was to do something similar with netprofile, yet another Mandriva-specific tool, with lots of unique functionalities, but.. abandoned for about 4 years.
What is netprofile? The idea of this application is quite simple. For different network environments one requires different network settings. For example, you may use a fixed IP at home, with firewall disabled, and no proxy. At work, you must use a corporate proxy and a DHCP address for your ethernet connection. And while at a LAN house or Internet cafe, a full-featured firewall must be used, your ethernet connection disabled and a tor proxy (for example) to be in effect.
How to achieve this in a working system? Usually you must manually reconfigure the network settings, edit configuration files for network, firewall and proxy, and so on. And this is where netprofile comes into action.
The netprofile uses the concept of network profiles to represent different network environments. You start with the ‘default’ profile, and you may use your system normally. If you want to setup a different network environment, you may ‘switch’ to a different profile (a new profile will be created if necessary). Your current settings will be saved to your previous profile, and all changes to system configuration will now apply to your new profile.
To illustrate:
- You configure your system to use fixed IP address and a specific firewall configuration.
- You go to work, where different network environment takes place. You switch to the work profile (‘netprofile switch work’, or using net_applet gui), and if it is the first time you use this profile, it is created with base on your current settings.
- You configure your network card to use DHCP, configure your corporate-specific proxy and firewall settings, and continue using your machine normally.
- When you come back home, you switch the profile back to default, and your previous settings are restored.
You may also specify what network profile to use on boot, by passing the ‘PROFILE=
The new netprofile is based on modular architecture. While we have a core application (netprofile), all functionality is performed by modules. Right now we have the following modules:
- network – to store/restore network settings: ethernet, ppp, isdn, wireless and other connection settings.
- firewall – to manage firewall (iptables and shorewall) settings
- firewall6 – to manage firewall settings for IPv6 networks
- proxy – to manage system-wide proxies.
Also, I am thinking on the following modules:
- netfs – to manage remote shares and network file systems. For example, at work you may access a centralized NFS server, and at home a SMBFS/CIFS connection to your home server.
- authentication – you may use local users at home, and ldap/yp authentication at work. Transparently. With one mouse click/command to switch between them .
The inevitable question: why do we need it if we have NetworkManager and similar apps? Well, I have a few arguments:
- NetworkManager is great, has a modular design, and also supports network profiles. However, it is focused on network settings only, and not on proxy, firewall, authentication, and so on.
- NetworkManager is also based on a pluggable architecture. However, it is not that easy to write plugins for it.
- Not all distributions support NetworkManager. Netprofile, on its turn, will work on any unix system (or, even better, on anything that support running shell scripts. Yes, you can use it on windows too, with a few hacks ). Of course, it works better on Mandriva because it has drakxtools – Mandriva-specific scripts and applications. And we have draknetprofile as part of drakxtools, which works as shown on the following screenshot:
draknetprofile application to control netprofile profiles in Mandriva Linux
That’s it for now. If you want to experiment with netprofile, feel free to download it and play with it. It should be available on next Mandriva Linux 2010.0 release together with many other exciting new features !
This could be the best movie ever!
(found here)
I just finished quake4, and I am playing (again) doom3 on Linux right now. It feels great – so if anyone wants to say that there are no games on Linux, I could just show the list of some of the games I played this year and found quite impressive:
- Nexuiz
- OpenArena
- Doom3
- Quake4
- World of Goo (this one actually managed to keep me awake until 5am for a few days)
- Caster
- Cube
- …
and, besides those, we still have wine which plays most of the games just fine (except some of the bleeding edge ones, and the ones which are hurt by the the-f**ing-hating-mouse-rotation-bug like call of duty 4).
But.. even with all that progress, I miss the good old games. Of course, Crysis, Assassin’s Creed, Call of Duty 1/2/3/4, Dead Space and all other thousands of recently released games look pretty amazing, but I feel that most of modern games are not even close to the old ones. I still remember being awake for 24+ hours playing Baldur’s Gate, and loosing some of the faculty exams because of the Baldur’s Gate 2. And I’ll probably never forget how scary it was to play Doom on a 386 in a dark room. Nor wolfenstein 3d on a 286 for the first time. And, speaking about game story, few games came close to Baldur’s Gate, Planescape: Torment, Fallout 1/2, Final Fantasy VII (a.k.a. how-you-felt-when-Ariel-died??)/VIII..
But, speaking of 3d-shooters. The best so far (at least, for me) are: Doom, Doom 2, Heretic, Hexen, Duke3D/Blood/Shadow Warrior, Serious Sam 1/1.5/2, Half-Life, Prey, Quake1/2/4, …. Most (all?) of those games are based on the same concepts we have seen in early 90ths. I could mention Halo/Gears of War, which introduced some changes in the gameplay, but not that much to say that it was a break-through. You still keep walking around, grabbing new weapons (and dropping less useful ones, like in Medal of Honor/Call of Duty/Halo/…), killing stronger and more stronger enemies, and that’s it. Occasionally there are some innovations, like portals and gravity (Prey) or maybe some sort of character development (Daikatana, Call of Duty, Unreal Tournament) or time/physics manipulations (Half-Life 2) and environment interaction (Doom 3, Unreal Tournament), but nothing ground-breaking.
So far, I am feeling like the progress stopped in the way the games are developed. We have new physics, graphics, sounds, polygons and so on, but few games are introducing something truly new. On the other hand, maybe we have reached the point when everything is already implemented, and the games just have to focus on the state-of-the-art graphics only, and forget about all other items..
So, if you read so far, what do you think about that? Are there any modern games which are truly outstanding (and run on Linux – either natively or using wine)? I promise to test all the suggestion and post my impressions on this blog.
To celebrate the end-of-the-week, here comes another PlanetMandriva post!
TomoyoGui received some attention this week, and it slowly becomes more and more functional. The performance of huge tomoyo policy parsing was greatly improved (on my running system it has about 3MB in form of a text file), and the dependencies among sub-domains are now calculated.
The gui was improved to simplify the listing of domains, and now it allows you to do a quick search for desired application, and select all sub-domains of a process by double-clicking it. We are now also fully compatible with tomoyo’s ccs-savepolicy and ccs-loadpolicy formats.
Also, I am slowly progressing towards the idea of a application-based profiles (like in AppArmor – may it rest in peace! ). While tomoyo does not supports that in an easy form (everything is a huge text file), I had some ideas on how to make it work. So in some not-so-far future it will be implemented and described here.
So, as an image says more than a thousand words, some screenshots:
Initial view of tomoyo with some helpful and user-friendly text
Just a double-click away from selecting ACPID subdomains
Peeking into what a domain is allowed to do
Multiple selection of unrelated domains
Besides that, msec also received a few updates – now supporting the SECURE_TMP variable and improved diff_check procedure.
And in other news – the best football team in the world with the best football player in the world scored yet another victory in Brazilian championship . If you missed that, you can always see the goals again thanks to youtube!
As promised in the previous post, here come some first insight into the GUI for Tomoyo Linux, which will be present in Mandriva 2010.
Initial view
Active security domains
As far as I know, this is the first GUI for Tomoyo out there (except the TomoyoGUI Eclipse Plugin, but it seems to be quite eclipse-bound and abandoned. Its page is in Japanese, but the all-mighty google translator helped me to take a peek into it). But, of course, I might be wrong – so please let me know if you know of any other GUI for Tomoyo Linux.
Obviously there are still a lot of things to do:
- add support for auditing/tomoyo security log into msec
- add support for reloading profile on-the-fly
- saving/loading/changing settings on the fly
- support complex statements
- everything else
so keep an eye on this blog for more news.
Regards,
Dr. Eugeni
