Skip to main content

Hello ! This is my blog powered by Known. I post articles and links about coding, FOSS, but not only, in French (mostly) or English (if I did not find anything related before).


Raspberry Pi install checklist

2 min read

This is some memo for me, to use as a checklist whenever I set up a new Raspberry Pi which is to be running continuously (typically as a webserver).

First, I start from the lite version of Raspbian.

After install:

  1. sudo apt-get update && sudo apt-get upgrade

  2. sudo raspi-config and tweak according to my needs.

  3. Install some useful tools:

sudo apt-get install ack-grep fail2ban git heirloom-mailx htop libxml2-dev libxslt1-dev libyaml-dev moreutils msmtp-mta python-dev python-pip python3 python3-dev python3-pip screen vim zlib1g-dev

  1. Install RPi-Monitor. First install its dependencies:

sudo apt-get install librrds-perl libhttp-daemon-perl libjson-perl libipc-sharelite-perl libfile-which-perl

  1. cd $HOME; git clone; cd RPi-Monitor; sudo TARGETDIR=/ STARTUPSYS=systemd make install to install it. Be careful about a current bug with systemd install

  2. Some useful bash config: echo 'export PATH=$HOME/.local/bin:$PATH' >> $HOME/.bashrc; echo 'export EDITOR=vim' >> $HOME/.bashrc.

  3. Use NTP to keep the system in sync with current time: sudo timedatectl set-ntp true.

  4. Load ip_conntrack_ftp module: sudo echo "ip_conntrack_ftp" >>& /etc/modules-load.d/modules.conf.

  5. Set up an iptables systemd service à la Arch Linux. See this unit. Put iptables config in /etc/iptables/ip{6,}tables.rules.

  6. Remove the file in /etc/sudoers.d which prevents pi user from having to type its password.

  7. Configure msmtp to be able to send emails using the mailserver on my main server.

  8. Harden SSH configuration as you would do for a server.

  9. Set a MAILTO address in crontab and edit aliases.


Don du mois de janvier : Framasoft

1 min read

Je continue les dons du mois en donnant ce mois-ci 15€ à Framasoft.

Framasoft est un réseau dédié à la promotion du « libre » en général et du logiciel libre en particulier et offre de nombreux services et projets innovants mis librement à disposition du grand public, notamment dans le cadre de leur campagne de « dégooglisation » (des services libres, hébergés par Framasoft, qui offrent des alternatives aux services offerts par Google / Doodle / Facebook / Github etc, et la liste va croissante !). Bien évidemment, les services peuvent être très facilement autohébergés, et ils l'encouragent à travers leur campagne des CHATONS.

En particulier, leur liste d'alternatives est très bien faite et très pertinente.


Don du mois de décembre : EFF

2 min read

Je suis tombé sur les dons du mois de Sam & Max, qui donnaient chaque mois à une organisation qui fournit des produits et des services qu'ils utilisaient et qui avaient été importants pour eux le mois passé, tout en écrivant un billet sur leur blog afin de faire parler de l'organisme.

J'ai récemment migré l'intégralité des certificats SSL utilisés sur et ses sous-domaines, pour passer de StartSSL à Let's Encrypt, principalement suite à cette annonce de Mozilla. Je n'ai jamais payé pour un certificat SSL depuis que j'ai ce nom de domaine (StartSSL, tout comme Let's Encrypt les fournissent gratuitement), tandis que les autorités facturent jusqu'à 100$ le certificat.

Ce mois-ci, c'est donc 25$ qui vont à l'EFF principalement pour leur soutien à Let's Encrypt et leur certbot qui facilite énormément la gestion de ses certificats. L'EFF s'engage également pour défendre la liberté d'expression sur le net, pour lutter contre les brevets logiciels et contre les DRMs, ainsi que sur les questions de vie privée. Ils sont également derrière un certain nombre de logiciels et extensions tels que HTTPS Everywhere.


Moving from URxvt to st

2 min read

I have been using URxvt terminal for a while, but was suffering many issues with it recently. In particular, I had a weird locale issue, leading to unicode encoding errors whenever I copy accentuated characters using primary keyboard, some weird issues due to urxvt-tabbed and it just blew up when I tried to get new unicode characters right in it (such as smileys).

A friend told me about st which may be quite daunting at first, especially since all the configuration is made statically in a C header file, but it is working incredibly well, and just doing the job fine.

I have a mirror repo with my own configuration in case you want to have a look at it. This reproduces most of my URxvt user experience, except from two things:

  1. I don't have any tabs in st. But this is not a real issue and I'd rather depend on another program to handle tabs, such as tmux or even i3.
  2. I don't have clickable URLs as I used to have in URxvt. But once again, after a few weeks without this feature, I prefer selecting and copy/pasting URLs rather than clicking on them. This way, I don't open links unintentionally.

I was relying on a hack to get local notifications for my Weechat running through SSH + screen, using an extended escape sequence, and if you are also using it this commit will implement this behavior in st.



Improved back and forth between workspaces

2 min read

i3 has a feature to enable going back and forth between workspaces. Once enabled, if you are on workspace 1 and switch to workspace 2 and then just press mod+2 again to switch to workspace 2, you will go back to workspace 1.

However, this feature is quite limited as it does not remember more than one previous workspace. For example, say you are on workspace 1, switch to workspace 2 and then to workspace 3. Then, typing mod+3 will send you back to workspace 2 as expected. But then, typing mod+2 will send you back to workspace 3 whereas one may have expected it to switch to workspace 1 (as does Weechat with buffers switch for instance).

This can be solved by wrapping around the workspace switching in the i3 config. I wrote this small script to handle it.

Basically, you have to start the script when you start i3 by putting

exec_always --no-startup-id "python PATH_TO_/"

in your .i3/config file.

Then, you can replace your bindsym commands to switch workspaces, calling the same script:

bindsym $mod+agrave exec "echo 10 | socat - UNIX-CONNECT:$XDG_RUNTIME_DIR/i3/i3-back-and-forth-enhanced.sock" (Replace $XDG_RUNTIME_DIR by /tmp if this environment variable is not defined on your system.)

This script does maintain a queue of 20 previously seen workspaces (so you can go back 20 workspaces ago in your history). This can be increased by editing the WORKSPACES_STACK = deque(maxlen=20) line according to your needs.

Hope this helps! :)