Correct aggressive mate-settings-daemon behaviour when running x2go

If like me you have replaced FreeNX by X2Go to remotely connect to your Desktop, and you use Mate as a fallback, you might have noticed that sometimes your machine becomes unresponsive. There is a bug/feature in the Mate settings daemon that detects the numlock status and seems to do it a bit too aggressively ( see bug 402 in X2go bug tracker

To avoid the behaviour, you can run the following command

gsettings set org.mate.peripherals-keyboard remember-numlock-state false

It disables the numlock status check avoid coming back to an unresponsive machine.

How to get 4od to work on Ubuntu 14.04 Trusty

Channel4’s video on demand service requires Adobe Flash Player but doesn’t work on Ubuntu 14.04 by default.

4oD relies on Adobe DRM that only works on Linux if the HAL service is running.

HAL is deprecated technology and has been stripped out since 13.10.

Luckily for us there is a PPA maintained by Michael Blennerhassett that works for both Saucy and Trusty, to enable it do as follow.

sudo add-apt-repository ppa:mjblenner/ppa-hal

sudo apt-get update && sudo apt-get install hal

Once you restart your browser, 4oD should work, enjoy!

EDIT: If hald doesn’t start automatically at boot. start it with /usr/sbin/hald (sudo not required)

Playing with the GPU frequencies on a Samsung NP530-U3C


The Samsung NP530U3C works fairly well with Linux (at least on Ubuntu) providing that your kernel and firmware 
are recent enough (Ubuntu 12.04.3 or at least 12.10 are recommended).

There is a few revisions of this laptop, the one I used to test this is the Ivy Bridge version.

Your first question should be "Why would I change the GPU frequencies of my laptop?", to that I have two 
possible answers
1. Battery life
2. Heat dissipation

This laptop seems to have a table of frequencies linked to the governor/CPU speed in use.

First you can see the current min and max frequencies by running the following commands as root.

cat /sys/kernel/debug/dri/0/i915_min_freq
and see the following result
min freq: 350

cat /sys/kernel/debug/dri/0/i915_max_freq
again result with appears as
max freq: 1050

To understand the extent of the possibilities there is a handy frequency table that you can access as follow
cat /sys/kernel/debug/dri/0/i915_ring_freq_table
you will get something like this.

 GPU freq (MHz)    Effective CPU freq (MHz)
 350        800
 400        800
 450        800
 500        800
 550        800
 600        800
 650        800
 700        800
 750        1200
 800        1300
 850        1300
 900        1400
 950        1500
 1000        1600
 1050        1700

Now let's say that you are playing a game that hits your CPU fairly hard, you will see the temperature of the 
latop rocketting at above 80C, not very healthy.

Now thank to this you can actually limit the frequency of the GPU to something a bit more manageable for the 
very limited cooling capabilities of an ultra-book.

You just need to run a command like this to cap the GPU.
echo 550 > /sys/kernel/debug/dri/0/i915_max_freq

And in my particular case, that reduced the operating temperature to 64C, a huge bonus!

All of the changes are lost after a restart and you will to do that again after each reboot.

Run and configure FreeNX on Ubuntu 12.10

What is FreeNX?

FreeNX is a Thin Client tool that allows you to establish a graphical session to your Linux desktop. It is optimised to reduce the bandwidth requirements and runs over a secure SSH session. In some ways it is very similar to Microsoft’s Remote Desktop Client.

Installing FreeNX on Ubuntu 12.10 has a few challenges that this article should hopefully overcome for you.


First you need to add the official PPA by opening a terminal and running the following commands

sudo add-apt-repository -y ppa:freenx-team/ppa
FreeNX on this PPA is only available for LTS releases so you need to cheat by opening a terminal and run the following command.

sudo sed -i s/quantal/precise/g /etc/apt/sources.list.d/freenx-team-ppa-quantal.list
Refresh your package list sudo apt-get update

Then install the required packages (openssh-server will be pulled automatically if you don’t have it already installed)

sudo apt-get install freenx-server gnome-session-fallback
You probably noticed that I am installing the gnome-session-fallback package, that’s because FreeNX doesn’t work with compositing and requires a window manager that can be run without hardware acceleration.

In a perfect world, you would just need to configure a NX client to connect to your system and everything would be fine but then this article would be pretty pointless

Making it actually work

Force Gnome fall-back as the default session manager

sudo vi /etc/nxserver/node.conf
Identify the section containing the following text

# The key that contains the name of the script that starts a gnome session.
# It's run when a 'unix-gnome' session is requested by the client.
#COMMAND_START_GNOME='gnome-session --session gnome-fallback'

Remove the # in front of COMMAND_START_GNOME and save

No fonts are displayed in your session

This one really took me a long time to find! It appears to be a bug in libcairo version 1.12

sudo vi /etc/nxserver/node.conf
Looks for the following line

#AGENT_EXTRA_OPTIONS_X=”-nolisten tcp”
and replace it by

AGENT_EXTRA_OPTIONS_X=”-norender -nolisten tcp”

That should be it, everything should be working fine now

“The virtual machine is running in a monitor mode…” while trying to enable Fault Tolerance

I have encountered this message a few times after disabling Fault Tolerance to run a few maintenance tasks and trying to re-enable it (without shutting down the VM).

VMware KB article describing the issue and solution

In short, you need to edit the settings of the VM
– Right click -> Edit settings
– in the Options tab -> in Advanced->CPU/MMU Virtualization
– Change from Automatic to the appropriate value (Use Intel VT-x and Software MMU in my case)
– vMotion the VM to another host to validate the setting change
– Enable FT and voila, it works!

A few IP Tables (IPv4) examples

IP Tables (IPv4) example

# Flush rules
iptables -F
# DROP everything by default
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Allow loopack
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow incoming SSH
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
# Allow outgoing SSH
iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
# Allow incoming TCP/3128
iptables -A INPUT -i eth0 -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 3128 -m state --state ESTABLISHED -j ACCEPT
# Allow DNS queries
iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
# Allow incoming ICMP
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
# Allow outgoing ICMP
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
# Allow outgoing TCP/8080
iptables -A OUTPUT -o eth0 -p tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 8080 -m state --state ESTABLISHED -j ACCEPT
#Save the rules
/etc/init.d/iptables save
#And apply
/etc/init.d/iptables reload

GPG cheat sheet

GPG quick memo

I always forget my GPG commands so I decided to make a quick cheat sheet 🙂

Create a key (RSA 2048)

gpg --gen-key

List existing keys

gpg --list-keys

Export public key (binary)

gpg --output fmo_public.key --export

Export public key (ascii)

gpg --armor --export fmo_public_asc.key

Backup public key (ascii)

gpg -ao fmo_public_asc.key --export

Backup private key

gpg -ao fmo_private_asc.key --export-secret-keys

Restore GPG key

Private first

gpg --import fmo_private_asc.key

then Public

gpg --import fmo_public_asc.key

Delete a key

gpg –delete-secret-and-public-key

Generate revocation key

gpg --output fmo_revoke.key --gen-revoke

Revoke a key

gpg --import fmo_revoke.key

How to shrink a VMDK the hacky way



I do not recommend using this method, following the below steps is at your own risk!


You create a VMDK with a large size using Thin Provisioning and you realise that it’s not a good idea. You have your system installed and don’t want to have to reinstall everything.


Make a backup of the VMDK files before you do anything. Reduce the size of your system inside the VMDK to the size you want. Defragment the disk.

My virtual machine is called VMwareConverter, the disk files are called

Edit the file VMwareConverter.vmdk and look for the section “Extent description”

# Extent description

RW 524288000 VMFS “VMwareConverter-flat.vmdk”

This value is calculated as follow
vmdk_size= (x*1024*1024*1024)/512 where x is the size of the vmdk in GB

Which means that the existing size is 524288000×512÷1024÷1024÷1024 = 250GB

We will go simple and bring it down to 25GB so we just have to take a zero out.
# Extent description
RW 52428800 VMFS “VMwareConverter-flat.vmdk”

Now to make it effective we need to clone the disk
vmkfstools -i VMwareConverter.vmdk ../VMwareConverter.vmdk

Once the operation is complete.
rm VMwareConverter.vmdk VMwareConverter-flat.vmdk
mv VMwareConverter*.vmdk .

If you need to rollback, restore your backed up VMDK files.