Raspberry Pi – analog output noise

I got Raspberry Pi 2 as a present from my brother. It’s a nice toy, I was trying out OpenELEC, it makes for a really nice home theater in combination with a NAS on local network. The only drawback was that the analog sound output produced kind of unpleasant noise. I tried to follow a lot of pieces of advice found around on forums, changed the operating system, drivers, nothing helped. It seemed that the noise was a design problem of the analog sound (the digital sound output was all right).

In the end, I installed Raspbian and started using this Pi as a “thin client” to connect to other computers using X2Go remote sessions. It was a nice use case, but I didn’t need it so often as to actually miss sound. Eventually, I was advised to use an external sound card. A small, $10 USB card did the trick. The noise was gone and now, when using Raspberry as a thin client, I’m able to listen to music on it, too.

Posted in Hardware Tagged with: , , , ,

Scroll emulation with Trackman Marble in Debian 9

images-duckduckgo-comSpending a lot of time with mouse and keyboard, I decided I would give it a try with trackball. A friend lent me Logitech Trackman Marble for a week to see if I can get used to it. The one drawback in Linux is that there’s no support for scroll emulation by default. It was relatively easy to set this up on my laptop with help of xinput, but at home, where I’m using Debian 9 (currently ‘testing’ branch) with Mate, this didn’t work. So this had to go to a good old X.Org configuration file:

By the way, after two days of using it, I think I’m getting used to it, so I’ll probably buy one for myself.

Posted in Hardware Tagged with: , , ,

header_checks and Spamassassin headers in Postfix 2.6

images.duckduckgo.comI’ve had this mail server of mine for some time. I was an early adopter of Gmail back then, but as years went on and it became obvious that messages were data-mined by Gmail, I eventually started running my own Postfix server. Not just for me, but for family and eventually other people. Now, the thing is that some folks insist on having their emails forwarded to another service, like Gmail, Yahoo, etc. I can understand that. The problem is that if such mailbox receives a lot of spam messages, those messages get forwarded to Gmail and Yahoo as well, and as a result, my mail server can get bad reputation because of that – I can’t just explain to the other side that those spams are only forwarded.

I’m using Spamassassin to mark spam, but all it can do is to mark the messages for users’ MUAs, it can’t do anything else, like drop or reject unsolicited bulk email so that it doesn’t get forwarded. I’ve used Amavis somewhere in the past and it could have solved the problem, but here it felt as too large a gun for the task. All I wanted is to prevent the most obvious spam with high score points from being forwarded. So I created a file with a regular expression to catch all messages marked as Spamassassin with help of X-Spam-Level header.

and uncommented this line in:

The above mentioned HOLD action will put the messages into the hold queue for further inspection. Other option is to REJECT the messages (more here external_link).

To my dismay, it just didn’t work when I gave it a try with help of Gtube. What I didn’t realize was that header_checks happen while message is being received. Spamassassin, however, works as a milter that adds extra headers later, so it couldn’t work. There is a Postfix feature designed to solve this problem – milter_header_checks – which does the same thing, except it takes headers added by milters into account, too. The only tiny drawback was that this feature was added to Postfix 2.7 and my Centos 6 had Postfix 2.6 running. There was a patch on Postfix page which backported milter_header_checks into version 2.6, but I just didn’t have enough courage to go for it. Instead I used the workaround discussed here external_link (many thanks). The trick is to create another service in master.cf and use it as a content filter for the main smtp service. That way, the Spamassassin headers get applied and on the second run, they get noticed by header_checks.

I also had to add permit_mynetworks in recipient restrictions, but that was probably relevant just to my particular setup.

After the postfix reload, the spam messages with score higher than defined in /etc/postfix/header_checks finally got caught and stopped.

Update 21. 2. 2017:

There was one unintended side effect with the above mentioned solution – all forwarded emails were duplicated and arrived into the final mailbox twice. When there was forwarding set in the aliases file, the rule got applied on both smtpd service, the external one, as well as the internal one, where the header_checks happened. So this behaviour had to be suppressed using receive_override_options=no_address_mappings option to prevent this unintended duplication:

Posted in Operating systems Tagged with: , ,

Apache and umask 002

downloadI ran into a problem with Apache on Centos 6. For some time, I was the only person who had access to this particular machine so permissions were not a problem. However, now that somebody else is taking care of the website hosted there, they had troubles editing files that were uploaded via website and owned by apache. So I added the user to the apache group and put this line:

into file:

That way, any file created by apache user was by default writable by the apache group so the given user would be able to work with those files. When I tried it out, however, it didn’t work, the user was not able to modify those files, to my frustration. Now, I was left with two options, either pull my hair off, or modify the httpd init script, neither of them much to my liking. Eventually, I found out that the solution was pretty easy – the PHP upload script was explicitly setting the permissions to 644 so members of apache group were not able to modify the file. When I modified the application and its chmod command, everything worked like a charm.

Update 17. 4. 2017

I came to face the same situation with nginx on Centos 7. The issue was basically the same, only the file where umask directive had to be placed to was different:

and umask had to be placed into the [Service] section:

Posted in Operating systems, Web-related Tagged with: , , , ,

“Lazy” Synolocker

A funny thing happened to me the other day. Someone brought me a 4-bay Synology NAS which had been hit by ransomware called Synolocker. The usual scenario – the NAS was exposed to the internet, maybe not updated as regularly as it should have been, and eventually targeted by ransomware. The bright side was that the owner kept an offline copy of the data that was stored on the NAS, so no big harm done. I was only asked to restore the NAS to the original settings to get rid of the nasty piece of software and make the NAS usable again.




The funny fact was that once I restored the operating system (thus removing the infected system) and was about to go and blank the encrypted volumes, I was surprised to find out that the data was still there, perfectly intact. This particular piece of ransomware was so “lazy” that it didn’t even bother to actually encrypt the data. It simply demanded ransom and waited for anyone who would panic enough to go and pay up.

Posted in Hardware, Operating systems Tagged with: ,


Yet another game from the 90’s that I wanted to tick off as done. Here are a few screenshots:

Posted in Games Tagged with: ,

Centos 7 – bridge for KVM

nicubunu-RPG-map-symbols-stone-bridge-100pxI got a machine on which I wanted to try Centos 7 and KVM virtualization. As usual, I had to search for how to do a network bridge as it’s been quite long since I did it last time (on Centos 6). So these are the basic steps. First, dont’t forget to install bridge-utils while installing the KVM-related packages:

Now, this was the default config file for the network interface:

I had to change it to point to a bridge interface called bridge0.

And this is where the new network configuration goes. It’s probably worth mentioning that it’s been changed from DHPC to a static IP address:

and also that the GATEWAY has been moved to /etc/sysconfig/network.


you should be able to connect KVM VMs directly to the LAN.

Posted in Operating systems Tagged with: , , ,

Systemd problem

At home, I’ve been using rolling release of Debian for my desktop for quite some time. The good thing about it is that years go by and you need not worry about the end of life of this or that particular release. Sometimes, things can go awry, of course, but that happens quite rarely and running apt-get dist-upgrade usually takes care of the problem. Yesterday, however, I ran into a funny error message:

I have to admit that as far as the current flamewars regarding systemd are concerned, I don’t feel my insight is deep enough to allow me to contribute to those discussions one way or the other, but in the light of the current spiteful debate, it was a really funny error message 🙂


Posted in General thoughts, Operating systems Tagged with: ,

Hardware repairs

kids helped a lot

kids helped a lot

I’ve been tinkering with my computers ever since the days of ZX Spectrum, more or less. In the last eight years or so, however, people would come to me with their broken laptops and computers every now and then. It didn’t happen too often to become a nuisance; instead, it was a welcome distraction from my regular daily tasks (with the exception, maybe, of the time when I had seven laptops at my office at once 🙂 ).

Read more ›

Posted in General thoughts, Hardware Tagged with:

Gettext translations

120px-Official_gnu.svgGettext is a great way to localize and internationalize (simply put, to translate) your (web)applications. It’s especially useful when you’re building a multi-language application because you can separate the code from the translation process effectively.

  1. all strings that need to get translated have to be wrapped in _() function in the source code files:

  2. cd to the project directory and run in bash (this will go through all the php files in the current working directory):

  3. to search for all php files in the project directory recursively, try this:

    If you need to omit a particular directory, use inverted grep like this:

  4. The above mentioned commands will output a file named projectname.po, which can be translated using Poedit or Pootle. Poedit will generate binary file projectname.mo on save.
  5. To use this binary file, create another directory in your project folder (I’m using cz_CS locale identifier)

    and copy the .mo file there.

  6. In your application, use the following:

This will load the .mo file with translated strings and replace all the _() wrapped strings in there.

Posted in Programming, Web-related Tagged with: , ,


My name is Vratislav Hutsky. I work as a Senior Quality Engineer at Red Hat. Before that, I was a freelance sysadmin and web developer for quite a few years.