Bits and thoughts

#!/bin/bash is not rude

Archives 2014

Debian Jessie Multimedia

Written by ⓘⓓⓔⓝⓣⓛⓤⓓ - -

Debian Jessie (Debian 8) is, by default, provided with many multimedia capabilities.

Playing any audio files comes natively with the platform. Watching a video recorded from your phone is easy once the video has been downloaded to the computer where Jessie is installed.

Some DVDs are directly playable and some of them require libdvcss which is not provided on debian repositories because of legal stuff but it can be downloaded as a debian package from videolan.

Flash video playing is not pre-installed. There is a way to install Flash but more and more websites use HTML5 video tag to provide video content. This makes Flash quit useless. But anyway it can still be installed if you add "non-free" repository to your package repository configuration. There are plenty of sites to show you how to do that ...

There are some websites that propose videos on .mp4 format. This working very well with a default install in Iceweasel. The solution is simply to install ffmpeg plugin for gstreamer :
sudo apt install gstreamer0.10-ffmpeg
I don't have a blue-ray drive so I can't tell how well blue-ray is working on Debian Jessie ...

Perhaps there are some other tricks for an advanced usage of multimedia that I'm not aware of !

GNU Social : update on my subcriptions

Written by ⓘⓓⓔⓝⓣⓛⓤⓓ - -

Last year  (July 2013) I posted a break-down of my subscriptions. Here is an update.First statistic : I went from 100 subscription to 116. That's not a big improvement but I have been out of the network for the bigger part of 2014 because of a queue daemon that I failed to diagnose as being the root cause of not receiving messages anymore.


Platform diversity

The number of different platforms I'm subscribed to went down from 67 to 45. I combed all my subscriptions and removed those that where unreachable or for whom the last post was much too old to be considered active. Note that I had not checked the same thing last year, meaning that this figure's decrease may not be relevant to demonstrate the activity (or lack there of) of the GNU Social community as a whole.

Single user instance vs. multiple user instance.

I have seen a shift from single user owned instances to multiple-users instances. We'll see that later but Quitter is one of the main actor for this shift.Single users went from 58 users to 35 (-39,6%)  (and users hosted on multi-users instances went from 42 to 81 (+92.8%)

Distribution of users

Among the instances from which i follow more than one user there are some changes:

And I got rid of !!

Classified in : thoughts - Tags : none

Calendar and contacts server

Written by ⓘⓓⓔⓝⓣⓛⓤⓓ - -

This post dating from 2012 is still relevant in September 2014 !I'm still on my trajectory to lower my Google dependency . As for now I have already hosted my own emails and I have tried to reduce as much as possible any incoming spam . Calendars and Contacts are the next step.


Calendars and Contacts are respectively based upon two standards   
Both are derived from WebDAV protocol. There are many products that implement these standards. I chose Baïkal for some reasons :   
  • It looked easy to setup
  • It brought what I needed and not the full range of groupware solution
  • It added a lightweight administration layer to manage users and their Calendars or Address Books.

Baïkal setup

Setting up the web application

I downloaded Baikal and un-tarred it in its own directory : /var/www/baikal. and I made sure that it was owned by default Apache user www-data
cd /tmp
cd /var/www
tar -xzvf /tmp/baikal-regular-0.2.3.tgz
mv baikal-regular/ baikal
chown -R www-data: baikal/
I edited .htaccess file that was alread present in /var/www/baikal/html to add "Allow from all" directive because my Apache configuration is locked by default on every directory.I  created an Apache virtual host to reach Baïkal pointing to /var/www/baikal/html accessible with https through /etc/apache2/sites-available/
<VirtualHost *:443>
        DocumentRoot /var/www/baikal/html
        <Directory "/var/www/baikal/html">
                Options None
                Options +FollowSymlinks
                AllowOverride All
        SSLEngine On
        SSLCertificateFile    /etc/ssl/certs/certificate.pem
        SSLCertificateKeyFile /etc/ssl/private/priv_key.pem
Any http access will be redirected to https through /etc/apache2/sites-available/
<VirtualHost *:80>
        <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
And then I had to enable these configurations in Apache :
It never hurts to check if Apache is happy with this configuration :
apache2ctl configtest
And then an Apache reload
service apache2 reload

Setting up MySql database

By default Baikal uses a SQLite database but it can run on MySql ... and I happen to have a MySql dabase running ...
# mysql -p
mysql> create database baikal;
mysql> grant all on baikal.* to 'baikaluser'@'localhost' identified by 'password';
mysql> \q#
mysql -u baikaluser --database=baikal -p
mysql> @/var/www/baikal/Core/Resources/Db/MySQL/db.sql
mysql> show tables;
| Tables_in_baikal |
| addressbooks     |
| calendarobjects  |
| calendars        |
| cards            |
| groupmembers     |
| locks            |
| principals       |
| users            |
I'm good to go ...

Web application setup

Open a browser and navigate to . The first step is to set up an admin user account ...

And then you need to setup the database connectivity :

Users setup

The final step is to declare users through the administration interface :

Client configuration


My desktop client is Evolution here is how I set it up, Calendar:

and Contacts :

Android 4.x

On Android I used one application for caldav and carddav :
  • DAVDroid   Open source calendar and contact synchronisation adapter available on independently managed application repository : F-droid
Independently signed certificates such as the one I use (certified by are not recognized by Android. In order for DAVDroid to be able to connect to my https Baïkal server I had to import root certificate into the phone :
  • On the phone download the root certificate
  • It should propose you to switch the settings of the phone in order to add the certificate to the user's approved container.
  • At this step you MUST have set up an unlock method for the phone (draw a schema, type a password or a PIN) ... this will be enforced by Android itself
The final setup consists in indicating the servers, the user and its password as in Evolution, using 'Accounts' in Android settings.


Migrating my Google Contacts to Baikal is as simple as a copy and paste in Evolution

Filtering SPAM on server with postfix, dovecot, and sieve

Written by ⓘⓓⓔⓝⓣⓛⓤⓓ - -

Identify spams is one step to fight against them. The next step is to be able to move them around independently of the device you are using to view your inbox.

Filtering spams by configuring the email client is sometimes possible (and sometimes not) but it requires to implement filtering rules on every client. Be it evolution on your computer or some other email client on your smartphone.

The solution is to filter them on the server when they are locally dispatched to recipients by the local delivery agent. (LDA)

In my basic setup of my email server I had postfix that was used as a mail transfer agent (MTA) and LDA. It happens that sieve is a mail filtering solution that comes bundled with dovecot. The setup is then made to :

  • use dovecot as a local delivery agent
  • configure sieve to move spam emails to 'Junk' folder

Of course the pre-required step is that spamassassin has already been set up to identify what emails are spams and what emails are not.

Base configuration

  • Debian Wheezy : 7.4
  • postfix : 2.9.6
  • dovecot with sieve embedded : 2.1.7

Use dovecot as LDA

Modify /etc/postfix/ file to change mailbox_command to dovecot deliver


Configure dovecot to enable sieve

The first step is to configure where sieve should be reading the rules configuration files. This is done by modifying /etc/dovecot/conf.d/90-sieve.conf and adapting sieve_default location. The result is that the behavior will be the same for all users for which a local mail delivery is made. If your MTA is configured to redirect emails to external mailboxes then the spams emails won't be moved to a junk folder.

sieve_default = /etc/dovecot/default.sieve

Enable dovecot user to read the file :

chgrp dovecot /etc/dovecot/conf.d/90-sieve.conf

Next step is to enable sieve plugin for LDA (local delivery agent) in /etc/dovecot/conf.d/15-lda.conf declare sieve as a plugin :

mail_plugins = sieve

Now how can sieve move spams to 'Junk' folders ? This is done by configuring the /etc/dovecot/default.sieve file with this content :

require ["fileinto"];
# Move spam to Junk
folderif header :contains "X-spam-flag" ["YES"] {
  fileinto "Spam";

This file must be binary compiled by sieve compiler

cd /etc/dovecot
sievec default.sieve

A new file default.svbin is created and it must be readable by dovecot user

chgrp dovecot /etc/dovecot/default.svbin

There are some permission problems with /var/mail/<<user>> INBOX with dovecot on Debian. The email can be delivered directly to ~/Maildir with a configuration of /etc/dovecot/10-mail.conf. 

#mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_location = maildir:~/Maildir

You can now restart dovecot and test a specially crafted spam email ;)

service dovecot restart
mail -s "Product for you" an-account-existing@your-server.tld

The following content was flagged as spam by spamassassin :

Online Drugstore can have your order of discounted Viagra shipped to you for only 5 minutes of your time!!!
No Prior Prescriptions Needed  
-Licensed U.S. Physicians are ready to fill your order  
-Guaranteed Lowest Prices Available  
-Discreet Mailing directly to your home or office

Just visit and enjoy the good life today!!!