Redirecting Signal Desktop’s log from syslog to a separate file

After switching from the old Chrome app to the new Signal Desktop app, my syslog began to get spammed with lines containing stuff like “Sending a keepalive message”.

They seemingly come from gnome-session, but it’s actually Signal operating under gnome-session. Not having the actual application name for filtering, I just made a slightly hackish /etc/rsyslog.d/20-redirect-signal.conf with the following contents:

:msg,contains,"{\"name\":\"log\",\"hostname\":\"saegusa\"" -/var/log/signal-desktop.log 
& stop

(Where saegusa is my hostname; you should obviously change this to match yours.)

Get GIT_WORK_TREE from the post-checkout hook

I was crafting a post-checkout hook and wanted to do something depending on the absolute path of $GIT_WORK_TREE in the current environment. In git 2.7.4 (and up to 2.4.14) at least, that environment variable was set to “.” when inside the post-checkout hook, which was a little unhelpful in this case. So I spent some time trying to google why and coming up empty.

Here’s where you’re entitled to laugh at my over-thinking this.

Since I’m in the work tree already (.) when inside the hook, the absolute path is the current working directory, or $PWD. No need to fiddle with GIT_WORK_TREE at all.

Apache 2.4 + Gitlab Omnibus (CE) with a relative URL: 404 (not found), 422 (The change you requested was rejected)

It’s been a painful month battling with this and I’m too tired to document everything thoroughly, so I’ll just throw this out there:

# "Note this config assumes unicorn is listening on default port 8080 and
# gitlab-workhorse is listening on port 8181."

Alias /lab "/opt/gitlab/embedded/service/gitlab-rails/public"

<Directory /opt/gitlab/embedded/service/gitlab-rails/public>
    Include conf-available/geoblock-non-fi.conf
    
    Options -MultiViews
    #DirectoryIndex disabled
</Directory>

<Location /lab>
    Include conf-available/geoblock-non-fi.conf
    
    ErrorDocument 404 /404.html
    ErrorDocument 422 /422.html
    ErrorDocument 500 /500.html
    ErrorDocument 502 /502.html
    ErrorDocument 503 /503.html

    RequestHeader set X-Forwarded-Proto https
    Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains"

    ProxyPass "http://127.0.0.1:8181/lab"
    ProxyPassReverse "http://127.0.0.1:8181/lab"
</Location>

That one disabled line (#DirectoryIndex disabled) was required (uncommented) when I used the RewriteRules version of the recipe, otherwise it was 404 whenever logging in.

You also obviously need to either out-comment “Include conf-available/geoblock-non-fi.conf” or add your own geoblocking rules in the file it references.

Strange problems with self-hosted Mattermost? It might be your router’s fault

I spent the last few days online trying to get Mattermost working on my home server. It looks like a promising replacement for Slack, very polished and professional and the installation process is well documented. The only twist was that, since I’m already running Apache on the server, I figured I’d set it up to also function as a proxy for Mattermost. (The developers apparently favor nginx, whereas documenting usage with Apache rests on the community.)

Everything seemed to go smoothly, and the web app worked just fine when called locally. But when I tried to access it using my FQDN, it just kept failing with the “We’re having trouble connecting to Mattermost” page staring me bluntly. I’ve lost count how many times I’ve hit refresh only to see that page again and again.

Today I had a breakthrough when I realized that a statically served JavaScript file was failing to load, and bizarrelly only in Firefox: when I finally fired up Chrome out of desperation, everything was working just fine. With Firefox, or with wget for that matter, trying to load the JS file directly only resulted in loading a fraction of the file, or not at all.

This was only halfway towards the solution, I still spent hours tearing my hair out until I finally figured out the root of the problem: my home router doesn’t do NAT loopback.

After I pointed my FQDN to the home server in my desktop’s hosts file, the static JS came through in Firefox just as easily as it had in Chrome. (I shudder to think what it is that Chrome does that made it able to circumvent the problem.)

Now, I did try to access Mattermost from outside my home network previously, but being utterly disorganized in my debugging, I apparently had mangled the Apache configuration for the site each time I did those tests. With both the correct Apache configuration and the local hosts file fix in place, the FQDN works from inside the home LAN as well as from outside.

gnome-session: Expression error: unknown function bitrate()

The problem: my syslog is full of these three lines repeating

gnome-session[3926]: Expression error: unknown function
gnome-session[3926]:  Net: down  $ ( bitrate ( net.down ) ) , up  $ ( bitrate ( net.up ) )
gnome-session[3926]: ---------------^

So bitrate() is unknown.

The message is caused by the System Load Indicator (indicator-multiload), and more specifically a non-default value of the indicator-expressions key in the de.mh21.indicator-multiload.general schema. The value I had somehow managed to set there was:

['', 'Mem $(size(mem.user))', 'CPU $(percent(cpu.inuse))', 'Net $(bitrate(net.down))/$(bitrate(net.up))', 'Swap $(size(swap.used))', 'Load $(decimals(load.avg,2))', 'Disk $(speed(disk.read))/$(speed(disk.write))']

The default value, as I read it from /usr/share/glib-2.0/schemas/de.mh21.indicator-multiload.gschema.xml just now, is

[ "", "CPU $(percent(cpu.inuse))", "Mem $(size(mem.user))", "Net $(speed(net.down))/$(speed(net.up))", "Swap $(size(swap.used))", "Load $(decimals(load.avg,2))", "Disk $(speed(disk.read))/$(speed(disk.write))" ]

So the correct function to replace bitrate() is speed().

Fixing a Bluetooth headset to A2DP mode (Ubuntu 14.04)

I had a nice pair of Jabra Revo Wireless headphones to toy with, and getting them to work in A2DP (the quality mode better suited for music) on my desktop computer turned out to be a bit more than just plug ‘n’ play, so I’m writing this down for future reference.

Pairing the headphones with my Bluetooth adapter (“ISSCEDRBTA”; one of those cheap thumbnail-sized dongles, I don’t even know whether it does BT 3.0 let alone 4.0) went without problems in both Ubuntu 12.04 and 14.04 so I’ll not cover that here. What became a problem was switching the headset to A2DP (“high fidelity”) mode in system sound settings: it just wouldn’t switch over, instead causing the settings window to freeze and/or crash, or at best just revert back to HSF/HFP (telephony mode).

After scratching my head for quite a while I finally figured out the reason behind this: on sound settings’ input tab the headset, when connected, was the only listed input device. Apparently this always locked it into telephony mode (either on the headset side or Ubuntu’s Bluetooth stack, I don’t know the intricacies) and prevented it from switching/being switched to A2DP. The way I verified my initial suspicion of this was by plugging an analog microphone into the computer, at which point I was immediately able to switch the headset to A2DP without problems.

For first aid I stuck an adapter plug into the rear microphone port to have Pulseaudio think I have an analog microphone always attached. But turns out there’s a slightly more elegant solution, at least if you’re not going to use your headset for telephony at all (like me): adding a Disable=Headset line to the [General] section of /etc/bluetooth/audio.conf (and restarting the Bluetooth stack afterwards with `sudo service bluetooth restart`). This way the headset microphone does not show up in sound settings as an input device, and so won’t get selected even when no other inputs are present.

Overall Bluetooth unfortunately still seems pretty shaky on Ubuntu 14.04. During troubleshooting I had to keep dis- and reconnecting the Bluetooth dongle and turning the headset off and on again to properly reset everything; otherwise even things that otherwise worked would randomly fail. With Android devices the headset Just Works.

Blade Runner

Miksi joudun aina vain enemmän ja enemmän kompensoimaan julkaisijoiden tekemiä huononnuksia webselailussa? Web on nykyään pelkkä kuppainen horo, ei enää ollenkaan huvita pelehtiä sen kanssa kun riskit ovat iloihin nähden niin isot että on pukeuduttava kokovartalokumiin ennen kuin uskaltaa alkaa millekään.

Pelkkä mainostenesto ei enää läheskään riitä tekemään turvallista niin yksinkertaisesta tapahtumasta kuin artikkelin lukemisen pitäisi olla, vaan lisäksi pitää olla erillisiä jäljityksenestimiä ja vielä sittenkin sisällön edessä on kaiken maailman popuplätkä-perkeleitä (“tilaa sitä! tilaa tätä! liity facebumbler-fanitykkääjäksi ja instatviittaa tämä! ja anna sähköpostiosoitteesi spämmättäväksi!!!1!”). Vitutuksen maksimoimiseksi kaikkiaan kymmenen kappaleen mittainen sisältö (jonka olisi voinut tiivistää kolmeen) jaetaan viidelle eri sivulle.

Olen tosissani alkanut miettiä, pitäisikö alkaa vapaustaistelijaksi joka käy yleisessä webissä ainoastaan kertakäyttöprofiilien turvin ja eristää sieltä noutamansa sisällön omille, äärimmäisen pelkistetyille sivuilleen itse tuotettuina tiivistelminä, eikä enää koskaan missään linkitä suoraan alkuperäisiin, sanitoimattomiin lähteisiin.

Disposabiliteetti

Jostain, varmaan Chris Siebenmannin blogin lukemisesta, on takaraivossani alkanut kutkutella ajatus kaiken selailun tekemisestä kertakäyttöikkunoissa (cks ei ole näin hardcore, mutta enemmän kuin minä nykyisin). Käytän niitä jo nyt aika paljon (chromiumin –temp-profile), mutta samalla pysyväisprofiilin ikkunassa on yhä (tällä hetkellä) 12 pysyvää välilehteä + satunnaiset.

Mitään tarkkaan mietittyä korkeampaa filosofiaa kertakäyttöisyysidean taustalla ei ole, se vain kuulostaisi juuri sellaiselta käyttäjäeksentrisyydeltä jollaiset ovat minulle tyypillisiä.

Isoin haaste siirtymässä olisi varmaankin Googlen palvelut, kun käytän (totta kai) kaksivaiheista tunnistautumista, ja kertakäyttöinen pakottaisi luonnollisesti tekemään sen joka kerta uudestaan (pysyväisprofiililleni olen antanut pysyväisluvan tunnistautua ilman varmistuskoodia). Toisaalta se taas ehkä kannustaisi irrottautumaan Googlen napanuorasta, joka tuntuu välillä aika ahdistavalta. [Alkujaan postasin tämän G+:aan, ja siihen sisältyvän ironian korostamiseksi nyt ristipostitus tänne.]

Lisäksi tuohon totuttautumisessa olisi se etu, että melkein millä tahansa uudella laitteella webin selailu tuntuisi ihan kotoisalta. Nyt, kun oma käyttöympäristö kotona on äärimmäisen räätälöity, vierailu muissa ympäristöissä tuntuu aina osittain tosi hankalalta. (Avaapa selain ensimmäistä kertaa vasta asennetussa käyttöjärjestelmässä: veikkaan että huokaiset syvään toisaalta puhtaan paperin potentiaalin, toisaalta sen autiuden takia. Mutta entä jos olisitkin tehnyt autiudesta kotisi?)

Cannot switch TTY with Ctrl + Alt + F1…Fn (Ubuntu)

Just copying what Lswest wrote more than two years ago: if your TTY switching is not working, and you have a custom ~/.Xmodmap, make sure your mappings for the function keys in it are as follows:

keycode  67 = F1 F1 F1 F1 F1 F1 XF86Switch_VT_1
keycode  68 = F2 F2 F2 F2 F2 F2 XF86Switch_VT_2
keycode  69 = F3 F3 F3 F3 F3 F3 XF86Switch_VT_3
keycode  70 = F4 F4 F4 F4 F4 F4 XF86Switch_VT_4
keycode  71 = F5 F5 F5 F5 F5 F5 XF86Switch_VT_5
keycode  72 = F6 F6 F6 F6 F6 F6 XF86Switch_VT_6
keycode  73 = F7 F7 F7 F7 F7 F7 XF86Switch_VT_7
keycode  74 = F8 F8 F8 F8 F8 F8 XF86Switch_VT_8
keycode  75 = F9 F9 F9 F9 F9 F9 XF86Switch_VT_9

(And, in case Ctrl + Alt + Backspace also doesn’t work:

keycode  22 = BackSpace Terminate_Server BackSpace Terminate_Server BackSpace

but you’ll also need to have it enabled in Keyboard Layout Options, under “Key sequence to kill the X server”.)