Miscellaneous hacking

This page lists little tweaks I found non-obvious.

Installing OpenBlas, Torch, Cuda and Cudnn on Debian

Installing OpenBlas

To download OpenBlas from its git repository, compile it, and install it in ~/local/lib:

cd /tmp
git clone https://github.com/xianyi/OpenBLAS
cd OpenBLAS
export USE_OPENMP=1
make && make install PREFIX=${HOME}/local/

Do not forget to add

export LD_LIBRARY_PATH=${HOME}/local/lib:${LD_LIBRARY_PATH}

to your ~/.bashrc.

Installing Torch

I use the following to install Torch from scratch in ~/misc/git/torch:

export TORCH_DIR=${HOME}/misc/git/torch/
git clone https://github.com/torch/distro.git ${TORCH_DIR} --recursive
cd ${TORCH_DIR}
./install.sh -b -s

Note that the -s option prevents the installation from updating my ~/.bashrc, but I have added the following explicitly in it:

export TORCH_DIR="${HOME}/misc/git/torch"

TORCH_ACTIVATE="${TORCH_DIR}/install/bin/torch-activate"

if [[ -x "${TORCH_ACTIVATE}" ]]; then
    source "${TORCH_ACTIVATE}"
else
    echo "${VT_RED_FG}Cannot find ${TORCH_ACTIVATE}"
fi

Also, to update torch, I simply do:

unset LUA_CPATH LUA_INIT LUA_PATH && cd "${TORCH_DIR}" && git pull && ./install.sh -b -s

Cuda and Cudnn

Until open-source alternatives are available, the solution of choice for deep-learning computation remains the—unfortunately closed-source—powerful combination of NVidia's Cuda and Cudnn.

To install cuda under Debian stretch/sid, download from https://developer.nvidia.com/cuda-downloads the archive

Linux -> x86_64 -> Ubuntu -> 16.04 -> runfile (local)

and then install as root with

export PERL5LIB=. && sh ./cuda_8.0.61_375.26_linux.run -silent --override --driver --toolkit --verbose

Note that setting PERL5LIB may not be necessary if you have the proper perl libraries installed system-wide, and that this way of installing it is non-interactive. It is probably a good policy to install it at least once without any argument, in interactive mode.

To install cudnn, download from https://developer.nvidia.com/rdp/cudnn-download the archive

cuDNN v5.1 (Jan 20, 2017), for CUDA 8.0 -> cuDNN v5.1 Library for Linux

and then execute

tar zxvf ~/cudnn-8.0-linux-x64-v5.1.tgz -C /usr/local/

Snapshots with qemu/kvm

To use snapshots in qemu, you must use a vm image format that allows it, such as qcow2. To create one named debian.qcow2 of size 2Gb use

qemu-img create -f qcow2 ./debian.qcow2 2G

Then, install your OS as usual in it:

kvm -cdrom ./debian-7.5.0-amd64-netinst.iso -hda ./debian.qcow2

and when the installation is done, you can run the vm with

kvm -hda ./debian.qcow2

When it is running, alt-ctrl-2 switches to the qemu monitor in which you can use the command

savevm mysnap
quit

to create a snapshot named “mysnap” and quit the vm, or

loadvm mysnap

to re-load the vm in the exact state saved in the snapshot “mysnap”. Typing alt-ctrl-1 brings you back to the vm's console.

You can also start kvm directly into the state of the snapshot with

kvm -hda ./debian.qcow2 --loadvm mysnap

or provide access to the qemu monitor respectively from the shell stdin/stdout, a network socket (localhost, port 4444), or a unix-domain socket (named /tmp/blah) with

kvm -hda ./debian.qcow2 --monitor stdio
kvm -hda ./debian.qcow2 --monitor tcp:localhost:4444,server,nowait
kvm -hda ./debian.qcow2 --monitor unix:/tmp/blah,server,nowait

You can communicate with the monitor in the two latter cases with the netcat command, using the -U option for the unix-domain socket.

Finally, you can use the qemu-img command to manipulate the image file, for instance to convert from one format to another, or list the available snapshots in it with

qemu-img snapshot -l debian.qcow2

Installing a certificate on Android

First, generate the proper filename for the certificate on the phone. You need openssl, and I will use Idiap's certificate as an example

openssl x509 -noout -subject_hash -in CA-idiap.crt

For this certificate, the results of this command is 8d8d3baa. Then, create the file to use on the phone from your certificate:

cat CA-idiap.crt > 8d8d3baa.0
openssl x509 -inform PEM -text -in CA-idiap.crt -out /dev/null >> 8d8d3baa.0

Then, copy this file in /storage/emulated/0/ on the phone, and then, on the (rooted) phone, execute:

su
mount -o remount,rw /system
cp /storage/emulated/0/8d8d3baa.0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/8d8d3baa.0
mount -o remount,ro /system

CUPS and Brother HL-2270DW on Debian

This is the configuration that seems to work best (and in particular is not sluggish when printing large documents):

Description:	Brother HL-2270DW
Location:	Office
Driver:	        Brother HL-2140 Foomatic/hpijs-pcl5e (recommended) (grayscale, 2-sided printing)
Connection:	lpd://192.168.0.14/PCL_P1
Defaults:	job-sheets=none, none media=iso_a4_210x297mm sides=two-sided-long-edge

The address 192.168.0.14 is its IP on my LAN, and as far as I understand, the PCL_P1 refers to one of the multiple queues of the printer, some of which can also accept directly postscript (never managed to have it work though).

Switching cron logs off

The cron command adds log information to both /var/log/syslog and /var/log/auth.log every time it executes something. To prevent this from happening on a Debian installation, you have to change in /etc/rsyslog.conf the line

*.*;auth,authpriv.none -/var/log/syslog

to

*.*;cron,auth,authpriv.none -/var/log/syslog

and you have to add in /etc/pam.d/common-session-noninteractive, the line

session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid

before

session required pam_unix.so

Using MSMTP

The msmtp SMTP client is a light tool that provides mail functionality from your local box by forwarding local mails to any SMTP server with authentication.

A system-wide configuration file can be put in /etc/msmtprc, and user-specific ones in ${HOME}/.msmtprc. A typical configuration file looks like

defaults
auth             on
tls              on
tls_certcheck    on
logfile          /var/log/msmtp.log

account          bob_simpson_account       # Name of this account for
                                           # the configuration file
host             smtp.something.org
from             bob.simpson@something.org # The "From:" value
user             bob_simpson               # Login on the SMTP server
password         l33t_p4ssw0rd             # Password on the SMTP server
tls_starttls     off                       # My SMTP server needs this
tls_fingerprint  12:34:56:78:90:AB:CD:EF:12:34:56:78:90:AB:CD:EF:12:34:56:78

account default : bob_simpson_account

If you do not know your server's fingerprint, you can get it by setting tls_certcheck to "off", commenting the tls_fingerprint line, and sending a mail with

mail -v dummy@address.com

The server's fingerprint will be in the log.

Legacy font rendering in Debian Wheezy

If you install the current Debian stable, aka Wheezy, you may notice that the font rendering is not the same as it used to be (at least on my machine). The "new" font rendering is less crisp, with a halo around characters. As far as I understand, this is the Ubuntu style, and this is what young people prefer these days.

You can still use the legacy rendering, by typing as root:

cd /etc/fonts/conf.d
ln -s ../conf.avail/11-lcdfilter-legacy.conf

Using a LUKS encrypted partition

The Linux Unified Key Setup (aka LUKS) is an encryption specification that simplifies the use of encrypted volumes.

While the "old" way of using encrypted volumes consisted in passing all the encryption specification (cipher, key lengths, etc.) to the mount command, LUKS stores this information in the volume itself, so that you only have to remember the passphrase.

To initialize a partition

cryptsetup -y -v luksFormat /dev/disk/by-id/usb-DummyDiskName-part1

To create the corresponding device as /dev/mapper/blah:

cryptsetup luksOpen /dev/disk/by-id/usb-DummyDiskName-part1 blah

To close it:

cryptsetup luksClose blah

The said device /dev/mapper/blah can be used as usual, i.e. mkfs.* to create the file system, mount to mount it, etc.

If you want to use a file instead of a volume partition, you have to attach it to a loop device with the losetup command, and then use the said device as a partition.

Using the Open Sans Light font in Latex

To install the Open Sans font for Latex on a Linux system (at least for Debian 6.0, which does not have it packaged), you can do

cd /tmp/
wget http://mirrors.ctan.org/fonts/opensans.zip
unzip opensans.zip
cd opensans
cp -a doc/ fonts/ source/ tex/ /usr/local/share/texmf/
mktexlsr
updmap-sys --enable Map=opensans.map

To select the Open Sans light font as the default font in Latex, and the Computer Modern font for the mathematical expressions, add

\usepackage[default]{opensans}
\usepackage{cmbright}

\renewcommand{\familydefault}{fos}
\renewcommand{\seriesdefault}{l}
\renewcommand{\bfdefault}{sb}

Switching off the nVidia card on a Lenovo T420s

Some of the Lenovo Thinkpad T420s have an Optimus video card, which means that they have both an Intel integrated and a nVidia graphic cards. The nVidia can be switched off in the BIOS, or by software. For the later, you have to first install a module that allows to make acpi calls, and then to use a shell script as root to switch off the card.

First, install the module acpi_call.ko. You have to download it, compile it, install it in the proper directory containing the additional modules for the current kernel, and update the module dependencies. All this can be done as follows:

git clone https://github.com/mkottman/acpi_call.git
cd acpi_call
make
mkdir -p /lib/modules/$(uname -r)/extra
cp acpi_call.ko /lib/modules/$(uname -r)/extra
depmod

When this is done, you can use the script optimus-t420s.sh to switch on or off the nVidia card. This script has to be run as root, so the best is to put it in /usr/local/bin with the root as owner, and then to chmod +s it. Note that this script does not check for the presence of nvidia-related modules, and may crash your kernel if you do not take care of that yourself.

If you switch the card off and reboot under Windows, it will not be available (go figure). On my machine, I switch the card off at boot and on when reboot, both with a script in /etc/init.d. Also, I switch it off when coming back from suspend with a script in /usr/lib/pm-utils/sleep.d/. (Update: While it works, and the card is on under Windows after reboot, the nVidia drivers crashes often. So at the moment I switch off the machine and restart it instead of simply rebooting.)

Here are the two said scripts, which do a lot of other things because I am a control-freak. Please remove what is not needed and use with care.

Copy them respectively in /etc/init.d and /usr/lib/pm-utils/sleep.d/, and then run

update-rc.d fleuret-tweaks-t420s-init defaults

to set up properly the calls to the first one from the various /etc/rc?.d.

Debian Squeeze on a Lenovo T420s

The ethernet card of the Lenovo T420s is not supported by default in Squeeze, there seems to be troubles with the Sandy Bridge chipset (resulting in kernel locks and such), and xorg performance is awful.

All this can be fixed by upgrading to a more recent kernel and xorg, which can be done simply by using the wonderful Debian backport repository. It hosts recent versions of certain packages, compiled for stable Debian versions, which allows to have "bleeding edge" kernel and xorg, without messing up all your installation by hand.

In practice, since the ethernet card was not operational, you have to download the kernel packages linux-image-2.6-amd64, linux-headers-2.6.39-bpo.2-common, and linux-headers-2.6.39-bpo.2-amd64, save them on a usb key, and install them with dpkg. From there, you simply have to add

deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free
deb-src http://backports.debian.org/debian-backports squeeze-backports main contrib non-free

to /etc/apt/sources.list, and then

aptitude update
aptitude -t squeeze-backports install xserver-xorg-video-intel xserver-xorg

and you are done. You can also install similarly all the packages related to the kernel (source, headers, etc). I also have

Option      "AccelMethod" "xaa"

in the "Device" section of my /etc/X11/xorg.conf, and it seems that it matters.

USB tethering with Cyanogen 6.1.1 on an HTC Desire

The USB tethering with my HTC desire was working perfectly well under Linux until I installed Cyanogen 6.1.1. With it, while I could still see the USB device appearing in the logs when I switched on the USB tethering, the network interface was not appearing anymore.

To fix that, I had to install new versions of a few modules, following these instructions. In a nutshell: download http://downloads.sourceforge.net/synce/usb-rndis-lite-0.11.tar.gz, compile and install the modules.

Adding a lock file to getmail

The getmail command is a very convenient method to fetch mail from an IMAP or POP3 account. However, it does not include a canonical way to avoid several instances to run simultaneously.

The script withlock.sh below can be used to execute a command with a lockfile. Simply call it with the original commands and its arguments as arguments.

#!/bin/bash

# This command allows to call another command with a lockfile to avoid
# concurrent executions for the same user.

set -e

if [[ ! $1 ]]; then
    echo "withlock.sh <command> [command args]"
    exit 0
fi

LOCKFILE=/tmp/lock$(which $1 | sed -e "s:/:-:g").${USER}

(set -C && : > ${LOCKFILE}) 2> /dev/null

if [ $? != "0" ]; then
    echo "Lockfile ${LOCKFILE} exists." >&2
    exit 1
fi

trap 'rm ${LOCKFILE}' EXIT

$*

Getting mails with getmail and sendmail

Getmail is a nice alternative to the infamous fetchmail to fetch mails from a POP3 or IMAP account. However, my own configuration uses sendmail locally (the postfix sendmail command in my case), and an exotic error showed up that I remember I met already a decade ago. The problem is that sendmail by default interprets a line containing a single dot as an end-of-mail. Hence, you have to pass it the -i option to prevent this.

So finally, for an IMAP account through SSL (encrypted connection) you should have a configuration file, for instance in ~/.getmail/something_dot_com

[retriever]
type = SimpleIMAPSSLRetriever
server = imap.something.com
username = myusername
password = mypassword

[options]
delete = true

[destination]
type = MDA_external
path = /usr/sbin/sendmail
arguments = ("-bm", "-i", "-f", "%(sender)", "fleuret")

and then invoke getmail with

getmail --getmaildir $HOME/.getmail -r something_dot_com

Dealing with brute-force ssh attacks

If you do have a server with an open ssh port, you may have noticed heavy brute-force attacks which result in the sshd process taking noticeable amount of CPU and the /var/log/auth growing.

To limit the effect of such attacks, I combined two simple measures. The first one is to add in the firewall three rules to forbid more than four connections to the sshd server on port 22 in less than a minute form the same IP. For that, I have the following fire-wall in my /etc/init.d/ffboot.sh, which is linked from /etc/rc2.d/S30ffboot.sh (only the lines with --dport 22 are related to ssh):

# Reset all the rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# Allow everything from the lo
iptables -A INPUT -i lo -j ACCEPT
# Drop spoofing of the localhost on any other interface
iptables -A INPUT -s 127.0.0.0/255.0.0.0 -j DROP
# Drop packet on the ssh port if there was more than four connections
# established on that port from that IP in the last minute
iptables -A INPUT -i eth0 -p tcp \
    -m tcp --dport 22 \
    -m state --state NEW \
    -m recent --update --seconds 60 --hitcount 4 --name DEFAULT --rsource \
    -j DROP
# Memorize the IP if the packet was not dropped and a connection is
# established
iptables -A INPUT -i eth0 -p tcp \
    -m tcp --dport 22 \
    -m state --state NEW \
    -m recent --set --name DEFAULT --rsource
# And let the packet goes in
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# Accept all tcp traffic on the user ports
iptables -A INPUT -p tcp -m tcp --dport 1024:65535 -j ACCEPT
# Same for udp
iptables -A INPUT -p udp -m udp --dport 1024:65535 -j ACCEPT
# Accept icmp echo reply, destination unreachable and time exceeded
iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
# Accept traffic from the lan
iptables -A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -j ACCEPT
# Drop all other attempts at establishing a tcp connection
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j DROP
# Drop all other udp packets
iptables -A INPUT -p udp -j DROP
# Drop all other icmp packets
iptables -A INPUT -p icmp -j DROP

The second measure is to run every day the ffboot.sh script above to reset the firewall, and to run every 5 minute the script block-brute-ssh.sh given below, which parses the /var/log/auth and adds specific dropping rules in the fire-wall to block ips with fail attempts on unknown logins (note that I have only fleuret as allowed login on my box).

#!/bin/bash

LOG_FILE=/var/log/auth.log
ACCEPTED_LOGIN=fleuret

for ip in $(grep 'Failed password' /var/log/auth.log | grep -v "${ACCEPTED_LOGIN}" | awk '{print $13}' | sort | uniq); do
    if [[ ! $(/sbin/iptables -L -n | grep DROP | awk '{print $4}' | grep ${ip}) ]]; then
        if [[ $ip =~ ^127.0.0.1 ]]; then
            logger "$0: $ip is the localhost, do not block."
        elif [[ $ip =~ ^192.168.1 ]]; then
            logger "$0: $ip is from the LAN, do not block."
        else
            /sbin/iptables -I INPUT -s ${ip} -j DROP
            logger "$0: iptables -I INPUT -s ${ip} -j DROP"
        fi
    fi

done

So I end up with the two following lines in /etc/crontab:

*/5 * * * * root /usr/local/bin/block-brute-ssh.sh
2   3 * * * root /etc/init.d/ffboot.sh

Installing Debian Lenny on a Norhtec MicroClient Jr. DX

I recently bought a Norhtec MicroClient Jr. DX (also known as the eBox-3300), a low-power fanless PC. The problem is that this beast has a Vortex86DX CPU, which requires a tailored Linux kernel. In practice, I could not even boot with the Lenny net-install CD.

So I used qemu on my laptop to install the system with an exotic kernel on a SD card, and used that SD card as the main hard disk on the MicroClient. This is a simple and general procedure to deal with exotic hardware when you need to tailor the installation before you can even boot the machine with it.

To do so:

  1. Get the Debian net-install iso file
    wget http://cdimage.debian.org/debian-cd/5.0.2/i386/iso-cd/debian-502-i386-netinst.iso
    
  2. Start qemu using the SD card as /dev/hda (on my laptop, the SD card reader appears as /dev/sdb) and the iso file as the CD-Rom with
    qemu -hda /dev/sdb -cdrom debian-502-i386-netinst.iso
    
  3. In qemu, install the Debian distribution as usual (if qemu steals your mouse pointer, you can get it back by pressing Alt-Ctrl), and then (still in qemu) download the kernel from the web site of the Vortex86DX manufacturer (or from another place if you have compiled your own, as described below)
    wget ftp://ftp.icop.com.tw/upload/Shawn/linux-image-2.6.27.9-vortex86dx_2.6.27.9-vortex86dx_i386.deb
    
  4. Install this kernel with
    dpkg -i linux-image-2.6.27.9-vortex86dx_2.6.27.9-vortex86dx_i386.deb.
    
    and shutdown qemu.
  5. Put the SD card into the MicroClient and boot on it.

You may run into trouble if for some reason the device corresponding to the SD card in qemu is not the same as the one in the MicroClient. In such a case, the /etc/fstab will be incorrect. To solve the problem, you can either mount the SD card and edit the fstab by hand afterward, or run qemu with adequate parameters so that this does not happen in the first place.

Also, you can compile your own kernel for the Vortex86DX:

  1. Get the kernel 2.6.29.3 source
    wget https://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.29.3.tar.bz2
    
  2. Untar the source
    tar jxvf linux-2.6.29.3.tar.bz2
    
  3. Get the .config
    wget http://fleuret.org/francois/files/config-2.6.29.3-vortex86dx-g4e8c2a0-dirty
    cp config-2.6.29.3-vortex86dx-g4e8c2a0-dirty linux-2.6.29.3/.config
    cd linux-2.6.29.3
    
  4. And create the Debian packages (which will be created in the parent directory)
    make-kpkg clean
    make-kpkg --initrd kernel_image kernel_headers
    

Handling suspend-to-ram troubles

There were two problems with my X61s when going to suspend-to-ram on Debian stable (Lenny). The first was a USB hub which would make the laptop resume (no idea why, probably a bug in the hub, see below), the second was the hard disk power management which would systematically switch to an aggressive mode. I did not install laptop-mode-tools, which is a bag of hurt as far as I can tell.

So, I ended up with only the acpi-related packages and pm-utils, I removed all the /etc/acpi/*/90-hdparm.sh which insist on changing the settings of my hard disk, and added the following in /usr/lib/pm-utils/sleep.d/50fleuret-tweaks.

#!/bin/bash

case "$1" in

    hibernate|suspend)

        # To prevent my usb hub from awaking

        for i in /sys/bus/usb/devices/*/power/wakeup; do
            if [[ $(cat $i) == "enabled" ]]; then
                echo disabled > $i
            fi
        done
        ;;

    thaw|resume)

        # Forces a less aggressive hard-disk power management

        for dev in /dev/sd? /dev/hd? ; do
            if [ -b $dev ] ; then
                hdparm -B 254 $dev
            fi
        done

        # To avoid usb_hcd_poll_rh making lots of wakes up

        for i in /sys/bus/usb/devices/*/power/wakeup; do
            if [[ $(cat $i) == "disabled" ]]; then
                echo enabled > $i
            fi
        done
        ;;

    *)
        exit $NA
        ;;

esac

Preventing USB from resuming a laptop

Among many magical things they can do, USB devices can wake up a computer. This is of major importance for instance to allow the user to resume his PC by pressing a key on a USB keyboard.

However it may be a nuisance. For instance you may not want the plugging/unplugging of the mouse to wake up your PC, or in my case, an USB hub to do it 5s after the PC goes to suspend (even if no device is connected to the said hub, go figure).

The solution to the problem is simple, you just have to put the value disabled into the adequate /sys/bus/usb/devices/.../power/wakeup (see power-management.txt for more details).

Mounting USB disks according to the volume IDs

The usual way to describe a volume in /etc/fstab consists of specifying a device such as /dev/sda1 which corresponds to a certain partition of a certain hard disk.

It may be useful to mount a USB disk at the same location, whatever the device it appears on may be. The simplest way is to use the links present in /dev/disks/by-id thanks to udev.

For instance, my /etc/fstab contains the following:

/dev/disk/by-id/usb-SAMSUNG_SP2514N_10000E000CCD3357-0:0-part1 /mnt/backup.1     ext3    user,noauto     0       0
/dev/disk/by-id/usb-Hitachi_HTS543216L9SA00_00E0010367D45-0:0-part1 /mnt/backup.encrypted.1      ext3    user,noauto,encryption=aes   0       0

which states that the first partition of a certain Samsung USB disk I own has to be mounted on /mnt/backup.1, while the first partition of a certain Hitachi USB disk (which is encrypted with AES) has to be mounted on /mnt/backup.encrypted.1.

Making Emacs always show the moving cursor

A very fast key repeat frequency (100 per second or so) does not work well with Emacs + xft + fontlock. Often the cursor disappears while it is moving. This is due to a default setting of Emacs which stops refreshing the display if there are inputs waiting to be processed, which happens when the display is to slow. To prevent this from happening, just add

(setq redisplay-dont-pause t)

Create a bootable USB key with a Debian installer

If you need to install Debian on a laptop without optical drive, the most convenient solution consists of using a USB stick. Here is a procedure to create such a bootable USB stick with a debian installer on it. The device here is /dev/sdb and you have to be root to do most of the operations below. Please note that the procedure, as described, will erase the content of the key.

  1. Get the files
    wget http://cdimage.debian.org/debian-cd/5.0.2/i386/iso-cd/debian-502-i386-netinst.iso
    wget http://ftp.debian.org/debian/dists/lenny/main/installer-i386/current/images/hd-media/boot.img.gz
    
  2. If you start like me with a USB key with a damaged partition table, first erase 100M on the key to clear things up
    dd if=/dev/zero of=/dev/sdb bs=1M count=100
    
  3. Add a bootable primary partition of size 256M. Here this partition is the first, hence we will access it through /dev/sdb1 later (note that the key I use everyday has a first 3.5G FAT16 partition, followed by the Linux install partition)
    fdisk /dev/sdb
    
    n [enter] p [enter] 1 [enter] [enter] +256M [enter]
    a [enter] 1 [enter]
    w [enter]
    
  4. Install the MBR on the key. As far as I understand, it figures automatically what is the bootable partition
    install-mbr /dev/sdb
    
  5. Install on the partition what is needed to boot the kernel
    zcat boot.img.gz > /dev/sdb1
    
  6. Copy the iso file to the partition
    mount /dev/sdb1 /mnt/key
    cp debian-502-i386-netinst.iso /mnt/key/
    umount /mnt/key
    

You are done.

256 colors in XTerm

It appears that recent versions of XTerm (i.e. more recent than 10 years I presume) can handle more than 8 or 16 colors. To make the magic happen, you just need a correct XTerm version (mine is version 228-1 of the debian package), the ncurses-term package so that the terminal xterm-256color is defined, and to set the TERM environment variable precisely to xterm-256color. Then, under emacs, load xterm-256color.el so that the usual colors are defined.

Emacs keys in XTerm

As you may have noticed, when running Emacs in a XTerm, most of the sophisticated key combinations (ctrl-page up, ctrl-backspace, etc.) are not available. This is a problem if you are working through a remote console, or if you want to enjoy the beauty and speed of an anti-aliased xterm (as a matter of facts, I now use emacs 23.1.1 with the Vera Sans Mono font, and I can say that my life is perfect).

I do not know what is the normal way of dealing with that issue, and a bit of web-surfing on the topic let me feel that there are as many solutions as people who tried to solve the problem. However, I could not find how to have all the keys I needed to work.

Hence, here is my brutal way of fixing the problem: I heavily hack the .Xressource with what follows, so that XTerm will send a specific code for every key I need. This is a bit ugly, since I picked some sequences arbitrarily, and they may have already been defined in the VT-something specification. However it is pretty easy to fix this if there are conflicts.

The character '^[' can be typed under emacs with C-q C-Esc, '^?' with C-q C-Backspace and '^_' with C-q C-_.

XTerm.VT100.translations: #override\n\
  <Btn4Down>,<Btn4Up>:scroll-back(2,line)\n\
  <Btn5Down>,<Btn5Up>:scroll-forw(2,line)\n\
  Ctrl<Btn4Down>,Ctrl<Btn4Up>:scroll-back(1,page)\n\
  Ctrl<Btn5Down>,Ctrl<Btn5Up>:scroll-forw(1,page)\n\
  Shift<Btn4Down>,Shift<Btn4Up>:scroll-back(1,halfpage)\n\
  Shift<Btn5Down>,Shift<Btn5Up>:scroll-forw(1,halfpage)\n\
  Alt<KeyPress>:insert-eight-bit()\n\
  !Shift<Key>BackSpace: string("^?")\n\
  Ctrl<Key>BackSpace: string("^[OZ")\n\
  Shift<Key>Prior: string("^[[5;2~")\n\
  Shift<Key>Next: string("^[[6;2~")\n\
  Shift Ctrl<Key>]: string("^[O}")\n\
  Shift Ctrl<Key>[: string("^[O{")\n\
  Shift Ctrl<Key>/: string("^[O?")\n\
  Ctrl<Key>/: string("^[O/")\n\
  Shift Ctrl<Key>=: string("^[O+")\n\
  Ctrl<Key>=: string("^[O=")\n\
  Shift Ctrl<Key>;: string("^[O:")\n\
  Ctrl<Key>;: string("^[O;")\n\
  Shift Ctrl<Key>`: string("^[O~")\n\
  Ctrl<Key>`: string("^[O`")\n\
  Shift Ctrl<Key>': string("^[O\\\"")\n\
  Ctrl<Key>': string("^[O'")\n\
  Shift Ctrl<Key>.: string("^[O>")\n\
  Ctrl<Key>.: string("^[O.")\n\
  Shift Ctrl<Key>\\\\: string("^[O|")\n\
  Shift Ctrl<Key>-: string("^_")\n\
  Ctrl<Key>-: string("^[O-")\n\
  Shift Ctrl<Key>\\,: string("^[O<")\n\
  Ctrl<Key>\\,: string("^[O,")

Then, add the correct decoding of the sequences in the .emacs file. For instance with:

(unless window-system

  (set-terminal-coding-system 'iso-latin-1)

  (define-key function-key-map "\e[2~" [insert])

  (define-key function-key-map "\e[Z" [S-iso-lefttab])

  (define-key function-key-map "\e[1;2A" [S-up])
  (define-key function-key-map "\e[1;2B" [S-down])
  (define-key function-key-map "\e[1;2C" [S-right])
  (define-key function-key-map "\e[1;2D" [S-left])
  (define-key function-key-map "\e[1;2F" [S-end])
  (define-key function-key-map "\e[1;2H" [S-home])

  (define-key function-key-map "\e[2;2~" [S-insert])
  (define-key function-key-map "\e[5;2~" [S-prior])
  (define-key function-key-map "\e[6;2~" [S-next])

  (define-key function-key-map "\e[1;2P" [S-f1])
  (define-key function-key-map "\e[1;2Q" [S-f2])
  (define-key function-key-map "\e[1;2R" [S-f3])
  (define-key function-key-map "\e[1;2S" [S-f4])
  (define-key function-key-map "\e[15;2~" [S-f5])
  (define-key function-key-map "\e[17;2~" [S-f6])
  (define-key function-key-map "\e[18;2~" [S-f7])
  (define-key function-key-map "\e[19;2~" [S-f8])
  (define-key function-key-map "\e[20;2~" [S-f9])
  (define-key function-key-map "\e[21;2~" [S-f10])

  (define-key function-key-map "\e[1;5A" [C-up])
  (define-key function-key-map "\e[1;5B" [C-down])
  (define-key function-key-map "\e[1;5C" [C-right])
  (define-key function-key-map "\e[1;5D" [C-left])
  (define-key function-key-map "\e[1;5F" [C-end])
  (define-key function-key-map "\e[1;5H" [C-home])

  (define-key function-key-map "\e[2;5~" [C-insert])
  (define-key function-key-map "\e[5;5~" [C-prior])
  (define-key function-key-map "\e[6;5~" [C-next])

  (define-key function-key-map "\e[1;9A" [M-up])
  (define-key function-key-map "\e[1;9B" [M-down])
  (define-key function-key-map "\e[1;9C" [M-right])
  (define-key function-key-map "\e[1;9D" [M-left])
  (define-key function-key-map "\e[1;9F" [M-end])
  (define-key function-key-map "\e[1;9H" [M-home])

  (define-key function-key-map "\e[2;9~" [M-insert])
  (define-key function-key-map "\e[5;9~" [M-prior])
  (define-key function-key-map "\e[6;9~" [M-next])

  ;; The following ones are not standard

  (define-key function-key-map "\eO}" (kbd "C-}"))
  (define-key function-key-map "\eO{" (kbd "C-{"))
  (define-key function-key-map "\eO?" (kbd "C-?"))
  (define-key function-key-map "\eO/" (kbd "C-/"))
  (define-key function-key-map "\eO:" (kbd "C-:"))
  (define-key function-key-map "\eO;" (kbd "C-;"))
  (define-key function-key-map "\eO~" (kbd "C-~"))
  (define-key function-key-map "\eO`" (kbd "C-\`"))
  (define-key function-key-map "\eO\"" (kbd "C-\""))
  (define-key function-key-map "\eO|" (kbd "C-|"))
  (define-key function-key-map "\eO'" (kbd "C-'"))
  (define-key function-key-map "\eO>" (kbd "C->"))
  (define-key function-key-map "\eO." (kbd "C-."))
  (define-key function-key-map "\eO<" (kbd "C-<"))
  (define-key function-key-map "\eO," (kbd "C-,"))
  (define-key function-key-map "\eO-" (kbd "C--"))
  (define-key function-key-map "\eO=" (kbd "C-="))
  (define-key function-key-map "\eO+" (kbd "C-+"))

  (define-key function-key-map "\eOZ" [C-backspace])

  )

You can easily add other key sequences that are not already dealt with here.

Use

xrdb ~/.Xresources

to reload the content of the X-window resource manager properly, and re-start an xterm, for instance with

xterm -geometry 155x55 -fa dummy -fs 11 -u8 -e emacs -nw &

Video grabbing from a webcam

This is not really a glitch-fixing. I battled for half an hour with the zillions of video-grabber I could find under Debian to grab my webcam, and nothing worked. Finally VLC did the trick with a pretty hairy list of arguments.

vlc v4l:/dev/video:size=320x240 --sout 
"#transcode{vcodec=mp4v,vb=1024,scale=1,acodec=mpga,ab=192,channels=2}:duplicate{dst=display,dst=std{access=file,mux=mov,dst=\"/tmp/webcam.mov\"}}"

Correct handling of short filenames on a vfat partition

Unless you add the option shortname=mixed when mounting a vfat partition, all filenames shorter than 8 characters + extension will be encoded in upper-caps. Thus, I have for my USB key the following in /etc/fstab

/dev/sda1 /key vfat user,noauto,uid=fleuret,gid=fleuret,noatime,shortname=mixed,fmask=133,dmask=022 0 0

Black screen after suspend on a Lenovo Thinkpad T41p

With some old kernels, when coming back from suspend under X, the screen remained black. To prevent this, I have to pass the acpi_sleep=s3_bios option to the kernel at boot. Thus, my /boot/grub/menu.lst contains

title           Linux 2.6.17
root            (hd0,1)
kernel          /boot/bzImage-2.6.17 vga=834 acpi_sleep=s3_bios
boot