Jitsi on Debian

Jitsi is a libre software (LGPL license) allowing encrypted instant messages (OTR protocol) and video conferences (ZRTP protocol). It looks as one of the most reliable solutions to have private conversations. It can be used to ensure that, e.g., personal informations are not leaked to third monitoring parties.

Jitsi runs on most common operative systems, and requires little encryption knowledge to set up secure calls. The interface is easy to use. Jitsi is in principle compatible with several protocols, including SIP, XMPP or Google Talk, but encrypted video calls may be in practice problematic with most protocol providers.

The webRTC based Jitsi Meet—also libre software, Apache License—is a remarkable solution (see the end of the post). Privacy is of primary importance to the project, and the software was used, e.g., to communicate with Edward Snowden during the Libre Planet 2016 keynote.

Installation on Debian

While the official documentation provide informations about Jitsi installation on Debian, the user is confusingly directed towards a repository containing several packages. Those packages are suggested to be installed before adding Jitsi's repository.

Instead of directly downloading and installing each package (and related dependencies), the easiest way to proceed for installation, is to simply add to following repository to /etc/apt/sources.list:
deb http://download.jitsi.org/deb unstable/

To avoid the GPG error warning, add the gpg key to your keyring:
# wget -qO - https://download.jitsi.org/nightly/deb/unstable/archive.key | apt-key add -

Optionally install Jitsi Meet (see more details below, though):
# apt-get install jitsi-meet
Install jitsi client:
# apt-get install jitsi

Launch Jitsi and login with your supported account.

At the following apt-get update there may be a warning for a duplicate Jitsi repository. To solve it, simply comment out the one added manually in /etc/apt/sources.list.

Issues

I got a `ICE failed' error probably depending on the protocol (Google Talk, XMPP, SIP) providers tested. According to the FAQ page, the problem may be solved by using an ippi account. Still, I could establish a secure OTR chat also with Google Talk and XMPP.

While on a secure chat with both ends authenticated through a Google Talk account, some instant message arrived unencrypted if, besides Jitsi, also the Google Talk Firefox plug-in was running at the same time. This is potentially compromising and would deserve more investigation. However, when Jitsi was the only active client on my desktop, the messages always arrived encrypted. Hence, as a general rule, while a secure chat is active it is advisable to close all Google Talk clients other than Jitsi.

I also encountered some graphical issues in Debian 8 'Jessie' using gnome. These are not serious enough to prevent the use of Jitsi, but still a bit annoying.

1. First, when sending the secret question to authenticate the other user during a secure (OTR) chat connection, the window would not scroll down, preventing the expected secret answer to be written (I just left it blank).
2. Second, when minimizing the window, it does not open again simply by clicking on the relative gnome activity bar icon. Need to right-click on the bar icon and choose 'jitsi' to open the window again.
3. Third, a jitsi icon stays on a desktop corner (see below). Clicking on it has no action.
   
   

Jitsi Meet - Web Conferences

An istance of Jitsi Meet is also provided at https://meet.jit.si/, no installation required (if using Debian Iceweasel browser, note that Jitsi Meet needs version ≥ 40). It is based on the webRTC protocol and allows many functionalities, among which conference video calls, instant messaging, screen sharing, document sharing (Etherpad) and live streaming. More information about how to configure a new Jitsi Meet instance can be found at the project webpage.

It is a great solution to invite people to video call through a libre, secure and performing software without requiring any account creation nor software installation, apart from having a browser supporting the webRTC protocol such as Firefox, Chromium or Opera.



Ref: jitsi github, jitsi docs

How to install python locally

Here is a fast reference to have a local installation of python, mostly useful as a user without root privileges. Pre-built python distributions are also available, e.g., Enthought's Canopy, but we discourage the use of proprietary software since it restricts fundamental user freedoms.


Create a local folders for libraries and executables

mkdir ~/.local

Download python source files, e.g.,

wget https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tar.xz

Untar into ~/src and enter the new python folder.

Configure the python installation

./configure --prefix=$HOME/.local

At this point one can install with

make
make install

Verify that the folders ~/.local/lib/python2.7/site-packages/ and ~/.local/bin/python2.7/ have been created. Finally export the new python path and add an alias in ~/.bashrc

PYTHONPATH="${PYTHiONPATH}:$HOME/.local/lib/python2.7/site-packages/"
export PYTHONPATH
alias python=$HOME/.local/bin/python2.7

Logout the shell. When login again, check the installation with

python --version

Now Python is installed. Let's then proceed to install modules, e.g. Numpy. Download the source files, and copy them in ~/src. Extract and enter the folder. Install the module

python setup.py install --prefix=~/.local

Exit the module source files folder, and verify the installation by checking that

cd ~/
python -c "import numpy"

gives no error. The module is then installed. Proceed similarly for other modules, like scipy of Cython, ipython, matplotlib.

Scipy

Scipy requires the installation of Blas and Lapack libraries, which may also need to be installed locally.

To install Blas:

mkdir -p ~/src/
cd ~/src/
wget http://www.netlib.org/blas/blas.tgz
tar xzf blas.tgz
cd BLAS

## NOTE: The selected fortran compiler must be consistent for BLAS, LAPACK, NumPy, and SciPy.
## For GNU compiler on 32-bit systems:
#g77 -O2 -fno-second-underscore -c *.f                     # with g77
#gfortran -O2 -std=legacy -fno-second-underscore -c *.f    # with gfortran
## OR for GNU compiler on 64-bit systems:
#g77 -O3 -m64 -fno-second-underscore -fPIC -c *.f                     # with g77
gfortran -O3 -std=legacy -m64 -fno-second-underscore -fPIC -c *.f    # with gfortran
## OR for Intel compiler:
#ifort -FI -w90 -w95 -cm -O3 -unroll -c *.f

# Continue below irrespective of compiler:
ar r libfblas.a *.o
ranlib libfblas.a
rm -rf *.o
export BLAS=~/src/BLAS/libfblas.a

To install Lapack:

mkdir -p ~/src
cd ~/src/
wget http://www.netlib.org/lapack/lapack.tgz
tar xzf lapack.tgz
cd lapack-3.5.0/
cp INSTALL/make.inc.gfortran make.inc          # on Linux with lapack-3.2.1 or newer

Then modify make.inc with the following compilation options

OPTS  = -O2 -fPIC
NOOPT = -O0 -fPIC

Now install the library:

make lapacklib
make clean
export LAPACK=~/src/lapack-3.5.0

The export options may be added to ~/.bashrc. Finally, to install scipy, enter the source file directory

python setup.py install --user

and check that the following gives no errors.

cd ~/

python -c "import scipy"

Scipy should then be installed locally.

Matplotlib

Download matplotlib source files. Make sure all the dependencies are installed, in particular: python, numpy, libpng and freetype. For the first two requirement see the description above, while we describe here the remaining dependencies.

To install freetype download the source files. Once extracted, enter the source directory and install locally:

./configure --prefix=$HOME/.local/
make
make install

The same for to install libpng, download the source files and install locally:

./configure --prefix=$HOME/.local/
make check
make install

Finally, add the local executable and library paths to the standard ones in ~/.bashrc:

export PATH=/usr/local/bin:$HOME/.local/:$PATH
export LD_LIBRARY_PATH=~/.local/lib/:$LD_LIBRARY_PATH

Having installed all the dependencies, enter matplotlib source directory and install locally as usual:

python setup.py build
python setup.py install --prefix=~/.local/

Refs:

• How to install locally python on linux home directory?
• Python Documentation
• StackOverflow
• Matplotlib, and this

How to scp without prompting for password

Whenever you need to use scp (secure copy) to copy files, it asks for passwords. It can get really annoying the fact that the password is asked every time. Fortunately, scp is it's easily scriptable.

Suppose we want to copy the file abc.tgz to an account of a remote machine:
scp abc.tgz user@foo:/documents
We can do it without the need of entering the user password, but still in a secure way thanks to ssh.

1. First, generate a public/private key pair on the local machine:
   ssh-keygen -t rsa
2. Then press Enter and leave blank the passphrase (since we don't want one). Your public key has been saved in ~/.ssh/id_rsa.pub
3. Copy the content of public key id_rsa.pub just generated to the remote machine. You can use scp to make the copy. If you are logging in as a user, it would be in /home/user/.ssh/authorized_keys. Notice that the authorized_keys file can contain keys from other PCs. So, if the file already exists and contains text, you need to append the contents of your public key file to what already is there.

Ref: Linux Journal, Jayakara Kini's Weblog

Meld as SVN diff

The default Subversion's diff program can be replaced by, e.g., meld. In fact, it may also be used as merge program, but we do not address to this issue here.

To use melt as diff program, open with a text editor the file

~/.subversion/config

and replace or add the line

diff-cmd=meld

Then the command

svn diff -r v1:v2 FILE &

will compare the versions v1 and v2 of FILE using meld.

Mathematica and SSH

DISCLAIMER: we strongly discourage usage of proprietary software, since it violates fundamental user freedoms.
 
To run Mathematica on a remote machine, e.g., via ssh

$ ssh -X user@machine.domain.com

it is useful to not execute commands using the GUI. In fact, if the network is not optimal (like Internet), the computation would be drastically slowed down. Instead, one should run a Mathematica package via command line.

The steps to evaluate a sequence of Mathematica cells using a script are as follows:

1. write the program using the Mathematica notebook as usual;
2. select a cell, copy the content as InputForm, and paste it into a text file;
3. repeat the step above for all the cells;
4. save the text file with .m extension.

Then the package can be evaluated as:

$ math -script file.m

Alternatively, one may add a line at the beginning of the script, which will look as follows:

#!/usr/local/bin/MathematicaScript -script

(* output a file containing Cos[x] *)
Export["output.dat",Table[{x,N[Cos[x]]},{x,0,Pi}]]

Then make executable the script:

$ chmod a+x script.m

and run it:

$ ./script.m

To keep the run also without keeping the shell open, use:

$ nohup ./script.m &


Refs: Mathematica Docs, Bergman Lab

CPU fan on Lenovo Thinkpad T420

Content:

• Debian 8
• Configuration
• Enable the service
• Avoid overheating
• Ubuntu 11.10

Debian 8

While the fan behaves reasonably under Debian 8, I wanted to increase its usage as I often run short but CPU consuming processes. Thinkfan, originally created to solve the problem of unnecessary  high fan consumption (see the section below about Ubuntu). It provides an easy way in general to control the fan level for given temperature ranges.

Configuration

Install the packages

# apt-get install thinkfan lm-sensors

I encountered an error during installation, which is a known bug. This happens because it tries to load the service before it is properly configured. This error does not prevent the following steps for a proper configuration.

Setting up thinkfan (0.9.2-1) ... Job for thinkfan.service failed. See 'systemctl status thinkfan.service' and 'journalctl -xn' for details. invoke-rc.d: initscript thinkfan, action "start" failed. dpkg: error processing package thinkfan (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: thinkfan E: Sub-process /usr/bin/dpkg returned an error code (1)

Scan the system (answer all the default options)

# sensors-detect

Search for thermal sensors

$ find /sys/devices -type f -name "temp*_input"

My output looks like:

/sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/hwmon/hwmon3/temp1_input
/sys/devices/virtual/hwmon/hwmon0/temp1_input
/sys/devices/platform/coretemp.0/hwmon/hwmon2/temp3_input
/sys/devices/platform/coretemp.0/hwmon/hwmon2/temp1_input
/sys/devices/platform/coretemp.0/hwmon/hwmon2/temp2_input

Add the devices to the file

/etc/thinkfan.conf 

appending 'hwmon' to each line (in my case I excluded the first line of the previous output), so that the file would look something like this:

hwmon /sys/devices/virtual/hwmon/hwmon0/temp1_input
hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon2/temp3_input
hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon2/temp1_input
hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon2/temp2_input

(0,    0,    55)
(1,    48,    60)
(2,    50,    61)
(3,    52,    63)
(4,    56,    65)
(5,    59,    66)
(7,    63,    32767)

The numbers correspond to:

(LEVEL, LOW, HIGH)
LEVEL is the fan level to use (0-7 with thinkpad_acpi)
LOW is the temperature at which to step down to the previous level
HIGH is the temperature at which to step up to the next level
All numbers are integers.

For more informations see the comments in the template configuration file

/usr/share/doc/thinkfan/examples/thinkfan.conf.simple

Enable the service

Enable the kernel module:

# modprobe thinkpad_acpi fan_control=1

Now that the module parameter fan_control=1 has been given to thinkpad-acpi, the fan levels can be set manually, e.g.:

echo level 4 | sudo tee /proc/acpi/ibm/fan

where the level can be set to an integer between 0 (no fan) 7 (high fan level). Note that level 7 (about 4500 rpm) does not correspond to the maximum speed reachable by the fan. It is possible to increase further the fan usage manually by setting the level to 'disengaged' (about 5500rpm)

echo level disengaged | sudo tee /proc/acpi/ibm/fan

and return back to automatic mode as

echo level auto | sudo tee /proc/acpi/ibm/fan

It is however preferable and more safe to start an automatic service, such as thinkfan, to control the fan level given certain temperature ranges.

Start the thinkfan service:

# systemctl start thinkfan.service

In no error appears, the service should be enabled. The following should inform you that thinkfan is active

$ systemctl status thinkfan.service

You can also check the fan level

$ cat /proc/acpi/ibm/fan
status:        enabled
speed:        1985
level:        1
commands:    level ( is 0-7, auto, disengaged, full-speed)
commands:    enable, disable
commands:    watchdog ( is 0 (off), 1-120 (seconds))
where ' level' is set between 0-7. If instead of being set to a number it is set to 'auto', then probably thinkfan is not active.

or using the command

$ sensors

Finally, load the module at boot:

# echo "options thinkpad_acpi fan_control=1" | sudo tee /etc/modprobe.d/thinkpad_acpi.conf

and enable the service at boot

# systemctl enable thinkfan.service

Avoid overheating

The temperature can still rise significantly (> 90C) when intense CPU usage is required. First, you may want to clean the heat sink. If it does not help, or if to clean the fan you wish anyway to disassemble the machine, it is probably required also the replacement of the thermal paste. Check your hardware maintenance manual to see how to disassemble the heatsink. Other unofficial sources (e.g. videos) may also be useful, but the official manual should be consulted, since this is a potentially dangerous procedure (even if easy).

Apart from mechanical solutions, it is also possible to force a reduced CPU usage. E.g., it may be required that CPUs are loaded only up to 80% of their capacities:

# echo 80 > /sys/devices/system/cpu/intel_pstate/max_perf_pct

A systemd script to set automatically the CPU levels at boot can be downloaded from here. Of course, this is not the optimal long term fix, but it is not invasive and requires no purchase.

Ubuntu 11.10

DISCLAIMER: while we keep this section for reference, we strongly discourage usage of Ubuntu, in particular those versions released between year 2012 and 2016 implementing spyware.

After installing Ubuntu 11.10 on a Lenovo Thinkpad T420, the fan always run too much, even if there is a minimal CPU usage. The solution is installing the package thinkfan, and care attention to wisely configure the fan options.

These steps solve the problem:

1. Install thinkfan package:

$ sudo apt-get install thinkfan

2. Add kernel module ‘coretemp’ to /etc/modules

$ sudo sh -c ‘echo coretemp >> /etc/modules’

3. Load kernel module ‘coretemp’

$ sudo modprobe coretemp

4. Add the following three sensor entries to /etc/thinkfan.conf just before the temperature levels:

sensor /sys/devices/platform/coretemp.0/temp1_input
sensor /sys/devices/platform/coretemp.0/temp2_input
sensor /sys/devices/platform/coretemp.0/temp3_input
sensor /sys/devices/virtual/hwmon/hwmon0/temp1_input

5. Add the following to /etc/modprobe.d/thinkfan.conf: ‘options thinkpad_acpi fan_control=1′

$ sudo sh -c ‘echo “options thinkpad_acpi fan_control=1″ >> /etc/modprobe.d/thinkfan.conf’

6. Reload kernel module ‘thinkpad_acpi’

$ sudo modprobe -r thinkpad_acpi
$ sudo modprobe thinkpad_acpi

7. Set START=”yes” in /etc/default/thinkfan

8. Start thinkfan:

$ sudo /etc/init.d/thinkfan start

9. Check whether it works

$ sudo cat /proc/acpi/ibm/fan

if level has a value between 0 and 7, and changes by times, your thinkfan daemon works.

10. Add thinkfan to startup applications.

Ref: Putokaz, Debian forum and mailing list, thinkwiki, stackexchange

Gnuplot

Basic code to print plots, also using symbols like greek letters:

set term post color eps enh
set output "plot.eps"
set title "{/Symbol abcdefghijklmnopqrstuvwxyz \245}"


See also this page and, in particular, this script.