The moment you leave your laptop, say in a hotel room, you can no longer trust your system as it could have been modified while you were away. Think you are safe because you have a crypted disk? Well, if the boot partition is on the laptop itself, it can be manipulated and you will not notice because the boot partition can't be encrypted. The BIOS needs to access the MBR and boot loader and that loads the Linux kernel, all unencrypted. There has been some reports lately that the Linux cryptsetup is insecure because you can spawn a root shell by hitting the enter key for 70 seconds. This is not the real threat to your system, really. If someone has physical access to your hardware, he can get a root shell in less than a second by passing init=/bin/bash as parameter to the Linux kernel in the boot loader regardless if cryptsetup is used or not! The attacker can also use other ways like booting a live system from CD/USB etc. The real insecurity here is the unencrypted boot partition and not some script that gets executed from it. So how to prevent this physical access attack vector? Just keep reading this guide.

This guide explains how to install Debian securely on your laptop with using an external USB boot disk. The disk inside the laptop should not contain your /boot partition since that is an easy target for manipulation. An attacker could for example change the boot scripts inside the initrd image to capture your passphrase of your crypted volume. With an USB boot partition, you can unplug the USB stick after the operating system has booted. Best practice here is to have the USB stick together with your bunch of keys. That way you will disconnect your USB stick early after the boot as finished so you can put it back into your pocket.

Secure Hardware Assumptions

We have to assume here that the hardware you are using to download and verify the install media is safe to use. Same applies with the hardware where you are doing the fresh Debian install. Say the hardware does not contain any malware in the form of code in EFI or other manipulation attempts that influence the behavior of the operating system we are going to install.

Download Debian Install ISO

Feel free to use any Debian mirror and install flavor. For this guide I am using the download mirror in Germany and the DVD install flavor.


Verify hashsum of ISO file

To know if the ISO file was downloaded without modification we have to check the hashsum of the file. The hashsum file can be found in the same directory as the ISO file on the download mirror. With hashsums if a single bit differs in the file, the resulting SHA512 sum will be completely different.

Obtain the hashsum file using:


Calculate a local hashsum from the downloaded ISO file:

sha512sum debian-8.6.0-amd64-DVD-1.iso

Now you need to compare the hashsum with that is in the SHA512SUMS file. Since the SHA512SUMS file contains the hashsums of all files that are in the same directory you need to find the right one first. grep can do this for you:

grep debian-8.6.0-amd64-DVD-1.iso SHA512SUMS

Both commands executed after each other should show following output:

$ sha512sum debian-8.6.0-amd64-DVD-1.iso
c3883edfc95e3b09152d46ce29a032eed1de71531549aee86bb98dab1528088a16f0b4d628aee8ac6cc420364e208d3d5e19d0dea3576f53b904c18e8f604d8c  debian-8.6.0-amd64-DVD-1.iso
$ grep debian-8.6.0-amd64-DVD-1.iso SHA512SUMS
c3883edfc95e3b09152d46ce29a032eed1de71531549aee86bb98dab1528088a16f0b4d628aee8ac6cc420364e208d3d5e19d0dea3576f53b904c18e8f604d8c  debian-8.6.0-amd64-DVD-1.iso

As you can see the hashsum found in the SHA512SUMS file matches with the locally generated hashsum using the sha512sum command.

At this point we are not finished yet. These 2 matching hashsums just means whatever was on the download server matches what we have received and stored locally on your disk. The ISO file and SHA512SUM file could still be a modified version!

And this is where GPG signatures chime in, covered in the next section.

Download GPG Signature File

GPG signature files usually have the .sign file name extension but could also be named .asc. Download the signature file using wget:


Obtain GPG Key of Signer

Letting gpg verify the signature will fail at this point as we don't have the public key of the signer:

$ gpg --verify SHA512SUMS.sign
gpg: assuming signed data in 'SHA512SUMS'
gpg: Signature made Mon 19 Sep 2016 12:23:47 AM HKT
gpg:                using RSA key DA87E80D6294BE9B
gpg: Can't check signature: No public key

Downloading a key is trivial with gpg, but more importantly we need to verify that this key (DA87E80D6294BE9B) is trustworthy, as it could also be a key of the infamous man-in-the-middle.

Here you can find the GPG fingerprints of the official signing keys used by Debian. The ending of the "Key fingerprint" line should match the key id we found in the signature file from above.

gpg:                using RSA key DA87E80D6294BE9B

Key fingerprint = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

DA87E80D6294BE9B matches Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B

To download and import this key run:

$ gpg --keyserver --recv-keys DA87E80D6294BE9B

Verify GPG Signature of Hashsum File

Ok, we are almost there. Now we can run the command which checks if the signature of the hashsum file we have, was not modified by anyone and matches what Debian has generated and signed.

gpg: assuming signed data in 'SHA512SUMS'
gpg: Signature made Mon 19 Sep 2016 12:23:47 AM HKT
gpg:                using RSA key DA87E80D6294BE9B
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Good signature from "Debian CD signing key <>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

The important line in this output is the "Good signature from ..." one. It still shows a warning since we never certified (signed) that Debian key. This can be ignored at this point though.

Write ISO Image to Install Media

With a verified pristine ISO file we can finally start the install by writing it to an USB stick or blank DVD. So use your favorite tool to write the ISO to your install media and boot from it. I have used dd and a USB stick attached as /dev/sdb.

dd if=debian-8.6.0-amd64-DVD-1.iso of=/dev/sdb bs=1M oflag=sync

Install Debian on Crypted Volume with USB boot partition

I am not explaining each step of the Debian install here. The Debian handbook is a good resource for covering each install step.

Follow the steps until the installers wants to partition your disk.

There you need to select the "Guided, use entire disk and set up encrypted LVM" option. After that select the built-in disk of your laptop, which usually is sda but double check this before you go ahead, as it will overwrite the data! The 137 GB disk in this case is the built-in disk and the 8 GB is the USB stick.

It makes no difference at this point if you select "All files in one partition" or "Separate /home partition". The USB boot partition can be selected a later step.

Confirm that you want to overwrite your built-in disk shown as sda. It will take a while as it will write random data to the disk to ensure there is no unencrypted data left on the disk from previous installations for example.

Now you need to enter your passphrase that will be used to protect the private key of the crypt volume. Choose something long enough like a sentence and don't forget the passphrase else you can no longer access your data! Don't save the passphrase on any computer, smartphone or password manager. If you want to make a backup of your passphrase then use a ball pen and paper and store the paper backup in a secure location.

The installer will show you a summary of the partitioning as shown above but we need to make the change for the USB boot disk. At the moment it wants to put /boot on sda which is the built-in disk, while our USB stick is sdb. Select /boot and hit enter, after that select "Delete this partition".

After /boot was deleted we can create /boot on the USB stick shown as sdb. Select sdb and hit enter. It will ask if you want to create an empty partition table. Confirm that question with yes.

The partition summary shows sdb with no partitions on it. Select FREE SPACE and select "Create a new partition". Confirm the suggested partition size. Confirm the partition type to be "Primary".

It is time to tell the installer to use this new partition on the USB stick (sdb1) as /boot partition. Select "Mount point: /home" and in the next dialog select "/boot - static files of the boot loader" as shown below:

Confirm the made changes by selecting "Done setting up the partition".

The final partitioning should look now like the following screenshot:

If the partition summary looks good, go ahead with the installation by selecting "Finish partitioning and write changes to disk".

When the installer asks if it should force EFI, then select no, as EFI is not going to protect you.

Finish the installation as usual, select your preferred desktop environment etc.

GRUB Boot Loader

Confirm the dialog that wants to install GRUB to the master boot record. Here it is important to install it to the USB stick and not your built-in SATA/SSD disk! So select sdb (the USB stick) in the next dialog.

First Boot from USB

Once everything is installed, you can boot from your USB stick. As simple test you can unplug your USB stick and the boot should fail with "no operating system found" or similar error message from the BIOS. If it doesn't boot even though the USB stick is connected, then most likely your BIOS is not configured to boot from USB media. Also a blank screen and nothing happening is usually meaning the BIOS can't find a boot device. You need to change the boot setting in your BIOS. As the steps are very different for each BIOS, I can't provide a detailed step-by-step list here.

Usually you can enter the BIOS using F1, F2 or F12 after powering on your computer. In the BIOS there is a menu to configure the boot order. In that list it should show USB disk/storage as the first position. After you have made the changes save and exit the BIOS. Now it will boot from your USB stick first and GRUB will show up and proceeds with the boot process till it will ask for your passphrase to unlock the crypt volume.

Unmount /boot partition after Boot

If you boot your laptop from the USB stick, we want to remove the stick after it has finished booting. This will prevent an attacker to make modifications to your USB stick. To avoid data loss, we should not simply unplug the USB stick but unmount /boot first and then unplug the stick. Good news is that we can automate this unmounting and you just need to unplug the stick after the laptop has finished booting to your login screen.

Just add this line to your /etc/rc.local file:

umount /boot

After boot you can once verify that it automatically unmounts /boot for you by running:

mount | grep /boot

If that command produces no output, then /boot is not mounted and you can safely unplug the USB stick.

Final Words

From time to time you need to upgrade your Linux kernel of course which is on the /boot partition. This can still be done the regular way using apt-get upgrade, except that you need to mount /boot before that and unmount it again after the kernel upgrade.

Enjoy your secured laptop. Now you can leave it in a hotel room without the possibility of someone trying you obtain your passphrase by putting a key logger in your boot partition. All the attacker will see is a fully encrypted harddisk. If he tries to mess with your crypted disk, you will notice as the decryption will fail.

Disclaimer: there are still other attack vectors possible, but they are much harder to do. Your hardware or BIOS can still be modified. But not by holding down the enter key for 70 seconds or by booting a live system.

Posted Tue Dec 6 14:28:04 2016 Tags:

This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Creative Commons License

It was time for a new work laptop so I got a Dell XPS 15 9950. I wasn't planning to write a blog post of how to install Debian 8 "Jessie" on the laptop but since it wasn't just install and use, I will share what is needed to get the wifi and graphics card to work.

So first download the DVD-1 AMD64 image of Debian 8 from your favorite download mirror. The closest one for me is the Hong Kong mirror. You do not need to download the other DVDs, just the first one is sufficient. The netinstaller and CD images will not provide a good experience since they need a working network/internet connection. With the DVD image you can do a full default desktop install and most things will just work out-of-the-box.

Now you can do a regular install, no special procedure or anything will be needed. Depending on your desktop selection it will boot right into lovely GNOME3.

You will quickly notice that the wifi is not working out-of-the-box though. It is a Qualcomm Atheros QCA6174 and the Linux kernel version 3.16 shipped with Debian 8 does not support that wifi card. This card needs the ath10k_pci kernel module which is included in a newer Linux kernel package from the Debian backports archive. If you don't have the Dell docking station as neither I do, then there is no wired ethernet that you can use for getting a temporary Internet connection. So use a different computer with Internet access to download the following packages from the Debian backports archive manually and put them on a USB disk.

After that connect the USB disk to the new Dell laptop and mount the disk using the GNOME3 file browser (nautilus). It will mount the USB disk to /media/$your_username/$volume_name. Become root using sudo or su. Then install all downloaded package from USB with like this:

cd /media/$your_username/$volume_name
dpkg -i linux-base_*.deb
dpkg -i linux-image-4.7.0-0.bpo.1-amd64_*.deb
dpkg -i firmware-atheros_*.deb
dpkg -i firmware-misc-nonfree_*.deb
dpkg -i xserver-xorg-video-intel_*.deb

That's it. If dpkg finished without error message then you can reboot and your wifi and graphics card should just work! After reboot you can verify the wifi card is recognized by running "/sbin/iwconfig" and see if wlan0 shows up.

Have fun with your Dell XPS and Debian!

PS: if this does not work for you, leave a comment or write to meebey at meebey . net

Posted Sun Oct 16 05:46:18 2016 Tags:

This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Creative Commons License


Install/use Debian 8 or Ubuntu 16.0.4 then execute:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ethereum/ethereum
sudo sed 's/jessie/vivid/' -i /etc/apt/sources.list.d/ethereum-ethereum-*.list
sudo apt-get update
sudo apt-get install ethereum ethminer
geth account new
# copy long character sequence within {}, that is your <YOUR_WALLET_ADDRESS>
# if you lose the passphrase, you lose your coins!
sudo apt-get install linux-headers-amd64 build-essential
chmod +x
ethminer -G -F<YOUR_WALLET_ADDRESS> --farm-recheck 200
echo done

My Attention Span is > 60 seconds

Ethereum is a crypto currency similar to Bitcoin as it is based on the blockchain technology. Ethereum is not yet another Bitcoin clone though, since it has an additional feature called Smart Contracts that makes it unique and very promising. I am not going into details how Ethereum works, you can get that into great detail on the Internet. This post is about Ethereum mining. Mining is how crypto coins are created. You need to spent computing time to get coins out. At the beginning CPU mining was sufficient, but as the Ethereum network difficulty has increased you need to use GPUs as they can calculate at a much higher hashrate than a general purpose CPU can do.

About 2 months ago I bought a new gaming rig, with a Nvidia GTX 1070 so I can experience virtual-reality gaming with a HTC Vive at a great framerate. As it turns out modern graphics cards are very good at hashing so I gave it a spin.

Initially I did this mining setup with Windows 10, as that is the operating system on my gaming rig. If you want to do Ethereum mining using your GPU, then you really want to use Linux. On Windows the GTX 1070 produced a hashrate of 6 MH/s (megahashes per second) while the same hardware does 25 MH/s on Linux. The hashrate multiplied by 4 by using Linux instead of Windows. Sounds good? Keep reading and follow this guide.

You have to pick a Linux distro to use for mining. As I am a Debian developer, all my systems run Debian, which is what I am also using for this guide. The same procedure can be done for Ubuntu as it is similar enough. For other distros you have to substitute the steps yourself. So I assume you already have Debian 8 or Ubuntu 16.04 installed on your system.

Install Ethereum Software

First we need the geth tool which is the main Ethereum "client". Ethereum is really a peer-to-peer network, that means each node is a server and client at the same time. A node that contains the complete blockchain history in a database is called a full node. For this guide you don't need to run a full node, as mining pools do this for you. We still need geth to create the private key of your Ethereum wallet. Somewhere we have to receive the coins we are mining ;)

Add the Ethereum APT repository using these commands:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ethereum/ethereum
sudo apt-get update

On Debian 8 (on Ubuntu you can skip this) you need to replace the repository name with this command:

sudo sed 's/jessie/vivid/' -i /etc/apt/sources.list.d/ethereum-ethereum-*.list
sudo apt-get update

Install ethereum, ethminer and geth:

sudo apt-get install ethereum ethminer geth

Create Ethereum Wallet

A wallet is where coins are "stored". They are not really stored in the wallet because the wallet is just a private key that nobody has. The balance of that wallet is visible to everyone using the blockchain database. And this is what full nodes do, they contain and distribute the database to all other peers. So this this command to create your first private key for your wallet:

geth account new

Be aware, that this passphrase protects the private key of your wallet. Anyone who has access to that file and knows your passphrase will have full control over your coins. And also do not forget the passphrase, as if you do, you lost all your coins!

The output of "geth account new" shows a long character/number sequence quoted in {}. This is your wallet address and you should write that number down, as if someone wants to send you money, then it is to that address. We will use that for the mining pool later.

Install (proprietary) nvidia driver

For OpenCL to work with nvidia graphics cards, like my GTX 1070, you need to install this proprietary driver from nvidia. If you have an older card maybe the opensource drivers will work for you. For the nvidia pascal cards numbers 10xx you will need this driver package.

After you have agreed the terms, download the file. But before we can use that installer we need to install some dependencies that installer needs as it will have to compile a Linux kernel module for you. Install the dependencies using this command:

sudo apt-get install linux-headers-amd64 build-essential

Now we can make the installer executable and run it like this:

chmod +x

If that step completed without error, then we should be able to run the mining benchmark!

ethminer -M -G

The -M means "run benchmark" and the -G is for GPU mining. The first time you run it it will create a DAG file and that will takes a while. For me it took about 12 minutes on my GTX 1070. After that is should show a inner mean hashrate. If it says H/s that is hashes per second and KH is kilo (H/1000) and MH is megahashes per second (KH/1000). I had numbers around 25-30 MH/s, but for real mining you will see an average that is a balanced number and not a min/max range.

Pick Ethereum Network

Now it gets serious, you need to decide 2 things. First which Ethereum network you want to mine for and the second is using which pool.

Ethereum has 2 networks, one is called Ethereum One or Core, while the other is called Ethereum Classic. Ethereum has made a hardfork to undo the consequences of a software bug in the DAO. The DAO is a smart contract for a decentralized organization. Because of that bug, a blackhat could use that bug to obtain money from that DAO. The Ethereum developers made a poll and decided that the consequences will be undone. Not everyone agreed and the old network stayed alive and is now called Ethereum Classic short ETC. The hardfork kept its short name ETH.

This is important to understand for mining, because the hashing difficulty has a huge difference between ETH and ETC. As of writing, the hashrate of ETC is at 20% compared to ETH. Thus you need less computing time to get ETC coins and more time to get ETH coins. Differently said, ETC mining is currently more profitable.

Pick a Pool

Hmmmm, I want a swimming pool, thanks! Just kidding... You can mine without a pool, that is called solo mining, but you will get less reward. A mining pool are multiple computers that work on the same block to find a solution quicker than others. The pool has an aggregated hashrate that is higher than other solo miners. Each found block by anyone in this pool will be rewarded to everyone in the pool. The reward of 5 ether currently per block gets split in the same ratio of hashrate each member provides (minus the pool fee). So while you get less for a found block, you still have a steady lower income rate instead of higher with less chance of finding one (in time). Simply said: you have to find a new block faster than the others to receive the reward.

If you want to mine Ethereum Classic (ETC) use one of the pools listed here (at the bottom of the page).

If you want to mine Ethereum One / Core (ETH) use one of the pools listed here.

Run ethminer

The instruction page of the pool website usually says how to start the miner program, but here is an example of the pool that I use (because pony!):

ethminer -G -F<YOUR_WALLET_ADDRESS> --farm-recheck 200


If this guide was helpful for you, you can tip me at ethereum:0x9ec1220d2f2fadd3f0c96e3007daa827bc83fbd6 or simply run the ethminer using my wallet address for a day or two:

ethminer -G -F --farm-recheck 200

Happy mining!

Posted Sun Aug 7 00:35:58 2016 Tags:

This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Creative Commons License

And here we go again! We're proud to announce the new version of Smuxi, release 1.0 "Finally". During the development, 20 bug reports and 10 feature requests in 285 commits were worked on.

Finally 1.0

Smuxi is celebrating its 10th anniversary! 10 years ago, Mirco Bauer made the first commit to the Smuxi source code repository and is still very committed to it. He started the Gnosmirc project in 2005 when the only way a 24/7 "always-on" experience with IRC meant you had to use a console based IRC client like bitchx, irssi or epic combined with screen and SSH. This looks very practical at first and is a powerful Unix-ish way of accomplishing that job, but it has the big downside that it doesn't integrate with a desktop environment like GNOME. A bit later the Gnosmirc project was renamed to Smuxi when the new code architecture allowed other frontend implementations besides the GNOME one. The ncurses/STFL based text frontend was later implemented and is considered stable and useful enough for day to day use, but still has some rough edges. WinForms and WPF frontends also exist but need more work to reach a usable state.

At this point Smuxi 1.0 contains all features that we could have imagined and even goes beyond with very advanced features like message patterns or language agnostic scripting.

Changes since Smuxi 0.11

Message Persistence

One of the biggest drawbacks of the IRC protocol ever was that messages can't be retrieved from the IRC server because the IRC server is simply relaying messages to the connected clients. So, if an IRC client is freshly started and connects it starts to receive new messages, but all message you had received before are no longer available. This always made IRC in a way "volatile" unlike other communication systems like email where messages are relayed and stored on the client side. One common approach for IRC clients is to store log files in a text file. This is a simple feature and gives the user the possibility to read older conversations. Smuxi also supports text file logging like other IRC clients but it has a big user experience drawback as you need to open the file from the disk outside of the IRC client.

In Smuxi 1.0 messages sent and received are now stored on the disk in a way they can automatically be retrieved/loaded when you restart Smuxi. It is like you have never closed Smuxi! This feature was already available in Smuxi for some time as a technical preview and it used the Db4o object database, but we were never happy about the performance neither with the stability so it always stayed an optional feature you need to enable. This year we tried a new message buffer backend using the famous SQLite database and it works much faster and stable as a rock. So finally we can enable this feature by default because it just works and enhanced your experience. We hope you enjoy it.

Documentation of how you can change Smuxi message buffer backend and behavior can be found here.

For instructions how to convert your existing db4o history to SQLite can be found in the "smuxi-message-buffer tool" section.

User Interface Enhancements

  • Synced message markers: the position of of the seen/unseen messages marker is pushed to the smuxi-server and remembered when the frontend reconnects. (Sebastian Poeplau)
  • Persistent message markers: the message marker position is also remembered across Smuxi(-server) restarts.
  • Message Counter: in addition to the highlight counter next to a chat new/unseen messages are also counted. This makes it easy to identify chats with much traffic.
  • Single application instance support. If you start Smuxi again from the menu it will bring the existing instance into the foreground. This makes the Ubuntu Messaging Menu much nicer.
  • The command/message entry is alignment with the messages. (Lex Berezhny)

Text Frontend Enhancements

  • The console background color can now be configured using: /config set STFL/Interface/TerminalBackgroundColor = #000000 (Ondřej Hošek)
  • The text color contrast if nicks with the background is now ensured (Ondřej Hošek) #1033
  • Messages containing images will not be skipped but their alternative text is shown instead (Ondřej Hošek) #1035

New smuxi-message-buffer tool

This is a new commandline tool that allows you to convert and export the message history of Smuxi message buffer files. This can be used to convert your existing Db4o history to SQLite like this for example:

for DB_DB4O in $HOME/.local/share/smuxi/buffers/*/*/*/*.db4o; do
    smuxi-message-buffer convert $DB_DB4O $DB_SQLITE

Smuxi shouldn't be running when using this tool.

Scripting Enhancements

New Hook Points

Smuxi 1.0 supports with the following new hook points:

  • engine/protocol-manager/on-presence-status-changed/ This hook point is raised when the presence status of a protocol manager changes. This happens for example when an IRC connection toggles the away state.
  • engine/session/on-event-message/ This hook point raises event messages that usually begin with "-!-". This can be useful to track state changes that are shown as a message without having a dedicated hook point for it.
  • engine/session/command-$cmd/ This hook point is raised on the engine side for commands, e.g. /some_command that isn't handled by the frontend or engine built-in commands. This is useful for commands that should be available for all frontends and isn't specific to the frontend environment.

New Plugins

The following new plugins are supported by Smuxi 1.0:

  • topic-diff: Shows the word differences of the topic after topic changes. (meebey)
  • away-nick: Automatically appends and removes $AWAY_SUFFIX to/from the nick name when you go away using the /away command or by disconnecting all frontends from the smuxi-server. (meebey)
  • system-info: Shows system info. Includes system kernel version, distro name, and CPU vendor information. (AK0)
  • now-playing: This plugin is not new but was rewritten in Python to get rid of the spaghetti code monster which was written in Bash. (jamesaxl)

IRC Enhancements

  • NICKSERV support Notices from Nick/ChanServ are no longer shown on all channels as they like to send greeting messages and other spam which is annoying to see on all channels. #868
  • Automatic rejoin of channels protected with a key works as expected again
  • Connecting to is now supported. Gitter's IRCd implementation has a bug in the IRC protocol which is now tolerated.

Twitter Enhancements

  • The /search command shows tweets as live stream
  • Added /delete, /favorite and /unfavorite commands

Behind the Scenes

  • Re-licensed smuxi-common from GPLv2 to MIT/X11


Contributors to this release are the following people:

  • Mirco Bauer (199 commits)
  • Carlos Martín Nieto (15 commits)
  • Andrés G. Aragoneses (14 commits)
  • Piotr Drąg (12 commits)
  • Ondřej Hošek (11 commits)
  • Oliver Schneider (5 commits)
  • Calvin B (4 commits)
  • Victor Seva (3 commits)
  • Will Johansson (2 commits)
  • Sebastian Poeplau (2 commits)
  • Julian Taylor (2 commits)
  • James Axl (2 commits)
  • Daniel Mustieles (2 commits)
  • Christopher James Halse Rogers (2 commits)
  • Ş. Uzun (1 commit)
  • Lex Berezhny (1 commit)
  • Kalle Kaitala (1 commit)
  • Jordi Mas (1 commit)
  • Joe Hansen (1 commit)
  • Jimmie Elvenmark (1 commit)
  • Dimitris Spingos (1 commit)
  • Dean Lee (1 commit)
  • Clément Bourgeois (1 commit)
  • Carlos Hernandez (1 commit)

Thank you very much for your contributions to Smuxi!

Want this? Go here and grab it right now!

Posted Sun Aug 9 17:48:18 2015
Posted Mon Aug 10 11:44:10 2015 Tags:

This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Creative Commons License

And here we go again! We're proud to announce the new version of Smuxi, release 0.11 "Distractions". During the development, 11 bug reports and 2 feature requests in 112 commits were worked on. Notable highlights in this release are:

User Interface Enhancements

  • The chat list can be shrunken. This is especially handy with XMPP/Jabber and long group chat identifiers.
  • The highlight counter is now a separate column. This enhances the vertical alignment with other highlights and guarantees to be visible even if the chat name was truncated.

Multi Identity Support

Smuxi cares for user feedback. Multi identity support was the most voted feature and thus it has been implemented! Now you can please your schizo^Wdesire to use different nicks, users and real names depending on the server. Simply edit the server in preferences and change the details.

Message Patterns

Everybody knows text can be boring because it is all just text. Nothing can sidetrack you except reading that bare text. Text often has recurring patterns from which something useful and interactive can be created. For example, someone writes:

Hey meebey, do you know RFC2812?

RFCs are a recurring pattern with a distinct number behind it and are real references to something in the internet (collection of protocol specifications).

So I would usually fire up a browser tab, copy/paste or type RFC2812 into my favorite search engine and click the first hit. Then I'd reply to the question afterwards. But with Smuxi's message patters, it turns RFC2812 into a link on which you can simply click to launch the relevant document.

Wow this is very cool, but isn't this already happening with http URLs and email addresses? Exactly! Why shouldn't more information be used to create useful things from it? Smuxi message patterns allow you to define text patterns that are transformed into clickable links. This can be used for RFCs, CVEs, bug report numbers (#XXX), git commit hashes and much more. Make good use of your creativity!

By default Smuxi comes with built-in message patterns for:

  • URLs
  • heuristic URLs (not starting with http:// etc)
  • email addresses
  • RFCs
  • CVEs
  • Debian Security Advisories (DSA)
  • Many popular bug trackers (GNU, GCC, kernel, Launchpad, freedesktop, GNOME, KDE, Xfce, Debian, Redhat, Novell, Xamarin, openSUSE, Mozilla, Samba, SourceForge, CPAN, boost, Claws and Smuxi)

If you know more general patterns useful for others, please submit them.

For a full list of built-in message patterns or how to add your own patterns, head over to the message pattern documentation.

Hooks Enhancements

  • A bug was fixed that prevented hooks from issuing more than one command
  • New hook points:
    • engine/session/on-group-chat-person-added
    • engine/session/on-group-chat-person-removed
    • engine/session/on-group-chat-person-updated
  • New hook variables:
    • CMD
    • PROTOCOL_MANAGER_PRESENCE_STATUS: Unknown, Offline, Online, Away

Twitter Enhancements

As of 14 Jan 2014, Twitter disallows unencrypted HTTP requests which broke Smuxi's Twitter support. Smuxi is now making exclusively encrypted requests (HTTPS) and thus works with Twitter again.

JabbR (Beta) Enhancements

  • Messages now raise Smuxi hooks
  • The Validate certificate setting is now correctly honored.

Updated Translations

Smuxi should now be in your language, including:

  • Initial complete Dutch (Jeroen Baten)

Behind the Scenes

  • New Smuxi git repository @ GNOME
  • Cleaner XMPP code (Oliver Schneider)
  • Smuxi's STFL text frontend is doing a graceful shutdown on quit (Calvin B))
  • New sexy website! We hope you like it :)


Contributors to this release are the following people:

  • Mirco Bauer (98 commits)
  • Oliver Schneider (6 commits)
  • Calvin B (6 commits)
  • Andrés G. Aragoneses (1 commit)
  • Jeroen Baten (translations)

Thank you very much for your contributions to Smuxi!

Want it? Go here and grab it right now!

Posted Mon Apr 14 13:23:29 2014
Posted Wed Apr 30 14:28:35 2014 Tags:

This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Creative Commons License

Just after the Mono 3.0 release was announced I started working on Debian packages and after a couple of days of hard work I already have some preview packages for you.

The preview packages are currently limited to the AMD64 architecture but can be installed on Debian/Testing (Wheezy), Debian/Unstable (Sid) and Ubuntu/Quantal (12.10). After these preview packages have received some successful feedback (please leave feedback via comments!), I will upload them to Debian/Experimental.

In case you are shocked why I have packages in just 8 days after the official Mono 3.0 release, there are 3 factors that play a big role:

  1. New packaging workflow
  2. Downstream patches are management in git branches
  3. Release Early, Release Often: I no longer port and test every patch very carefully (especially with architecture specific patches), instead I port them with my best knowledge and upload them to and/or Debian/Experimental and use that as test ground. If regressions happen, let them happen, and make further uploads to address them.
  4. New packaging style
  5. Starting with my Mono 2.10 packages, each library has it's own package, which simplifies packaging.
  6. Sponsored packaging
  7. As my employer needs Mono packages for an upcoming software project, I was granted to work on Mono packages in worktime.

Install instructions


Add this line to your /etc/apt/sources.list file:

deb /

Now update the APT database and install mono-complete from that repository:

apt-get update
apt-get install mono-complete

UPDATE: Some people reported issues with xsp4 on Mono 3.0 that look like this:

An exception has occurred while generating HttpException page:
System.NullReferenceException: Object reference not set to an instance of an object
  at System.Web.Util.HttpEncoder.GetCustomEncoderFromConfig () [0x00000] in <filename unknown>:0
  at System.Lazy`1[System.Web.Util.HttpEncoder].InitValue () [0x00000] in <filename unknown>:0

I could track these issue down to an too old XSP version. The issue can be solved by building XSP from the git repository. This was also the reason I couldn't upload the preview packages to the official repositories.

UPDATE2: I have updated the repository with Mono 3.0.6 packages. An upload to Debian/Experimental and Ubuntu/Raring will happen very soonish as promised. The final packages for official inclusion need updated copyright information and library versioning as defined in the Debian Policy and Debian CLI Policy. Have fun Mono 3.0.6ing!

Posted Wed Oct 31 17:10:00 2012 Tags:

This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Creative Commons License

As longingly awaited I am very happy to announce Smuxi 0.8.10 codenamed "Tracy". During the development 8 bug reports and 15 feature requests in 136 commits were worked on making this release a major feature and minor bugfix release.

Screenshot of Smuxi 0.8.10 in action

Notable highlights in this release are:

Integrated Spell Checking

Everyone knows the "how do you spell that word again?" situation and either you don't care and send a possible typo or you go checking a dictionary which is kind of annoying. The good news is: with this release you no longer need to do that, as Smuxi includes automatic spell checking while you type messages. The bad news is that this feature is currently limited to Linux builds, and thus OSX and Windows build do not ship with it. The installers need to be extended and I haven't found pre-compiled OSX nor Windows binaries for the GTK+ spell checking library.

Screenshot of Smuxi 0.8.10 showing spell checking in action

Favicons for Server Tabs

Distinguishing server tabs can be difficult, especially if you have plenty of them. All server tabs have the same icon so you need to search for the right name. I wondered why this issue doesn't happen so easily with a web browser which usually also has lots of tabs open. Besides the page name there is the favicon right in front. So why can't Smuxi make use of that simple but effective technology? Well, now it does! You connect to a known network, and Smuxi will download and show the favicon of the website. It just works and does everything in the background for you.

Screenshot of Smuxi 0.8.10 showing favicons in action

Quick Join Bar

One thing that makes IRC really difficult for new comers is the important IRC concept that channels are network specific. So what happens is people try to find / join the channel they are looking for but on the wrong network. They have to connect to the right server/network and then switch to the right tab, before they can join the channel (using the /join command or join dialog). The developers of Smuxi had a brainstorming session and came up with something that should be easy enough for anyone to use and finally solves the issue: the quick join bar. You know which channel you want to join and which network, you enter the channel name, select the network from the list and hit the "Join Chat" button and you are done. Now Smuxi will do just the right thing for you and connects to that network if needed, joins the channel if needed, or switches to the channel if you are already there!

Click here for a screencast of the Quick Join Bar in action

Indention of multi-line messages

Messages on IRC and also Twitter are often longer than a single line in Smuxi can show, thus it has to be split into a second line or more. The issue here is that the continuation line looks cluttered because it doesn't align with the first line. Here you can see an example for this issue:

Screenshot of Smuxi 0.8.9 showing line breaks

Ewww, that looks ugly, doesn't it? I will make this one short, here is the cure with indented multi-line messages:

Screenshot of Smuxi 0.8.10 showing line breaks

Enhanced Text Frontend

The text frontend which is still in alpha state has received the following enhancements: new /exit command, new /help command, regular and xterm window title, and, several fixed crashes.

Screenshot of Smuxi 0.8.10's text frontend

Enhanced Commands

The /network command by default shows now all connected and also available networks:

Screenshot of Smuxi 0.8.10 showing network command

The /connect command now allows you to connect by network name like this:

/connect freenode

Updated Translations

  • Portuguese (Pedro Ribeiro)
  • Chinese Simp (Dean Lee)
  • Danish (Joe Hansen)
  • Swedish (Martin Bagge)
  • Russian (Yuri Myasoedov)

New Translations

  • Croatian (Matias M)
  • partially Polish (lukasznaw)


Contributors to this release are the following people:

  • Mirco Bauer (126 commits)
  • Bianca Mix (translations)
  • Dean Lee (translations)
  • Joe Hansen (translations)
  • Yuri Myasoedov (translations)
  • Pedro Ribeiro (translations)
  • Matias M (translations)
  • Martin Bagge (translations)
  • lukasznaw (translations)

Thank you very much for your contributions to Smuxi!

Already horny? Go here and get some!

Update: Smuxi

About 2 months after the 0.8.10 release, Smuxi with only important bugfixes and translation updates was released. This release includes the following 6 bugfixes: smuxi-server now honors the timezone of tweets, fixed a connection crash with InspIRCd-2.0 servers, quick join no longer opens another network tab, closing chats no longer crashes Smuxi sometimes, /connect works again and focusing the message area moves the focus back to the entry again.

Posted Tue Aug 21 23:16:05 2012
Posted Tue Aug 21 23:36:05 2012 Tags:

This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Creative Commons License

Installing and getting Battlefield 2 (an EA game from 2006) to work on Windows 7 is not as easy as it could be. For that reason I wrote this howto to get BF2 and Project Reality installed and running.

Posted Sun May 13 13:04:54 2012 Tags:

This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Creative Commons License

Just in time for 2012 I am very pleased to announce Smuxi 0.8.9 codenamed "One Giant Leap". During the development 56 bug reports and 33 feature requests in 593 commits were worked on making this release a major milestone of the Smuxi project. At the Chaos Communication Congress (28C3) in Berlin I was doing the final development sprint to get 0.8.9 done, which was a very intensive and refreshing experience.

Here are the highlights of this release:

Development Builds / Rolling Releases

After the 0.8 release it became clear that a continious and short development -> test cycle is important to keep the project going quickly. At some point I have received requests if the project is dead while it was more active than ever. The lack of new releases (for about 15 months) lead to this wrong impression. Thus Smuxi can be obtained from development builds now. This includes daily builds for Debian (Squeeze, Wheezy, Sid), Ubuntu (Lucid, Maverick, Natty, Oneiric, Precise) and Windows. Thanks goes to Hannes Tismer for providing the Windows autobuilder and to Canonical for the PPA autobuilder.

We invite everyone to use these daily builds to keep track of the latest development of Smuxi. Issues and regressions are fixed in a very short period (usually the same day). Thanks to our users who ran development builds and reported issues which led to many bug fixes prior to this release.

On the other hand one of my New Year's resolutions are to "release early, release often" So there should be no nerd left behind...

Screenshot of Smuxi 0.8.9 on Mac OS X

Mac OS X support

With the help of Steven McGrath (Steve[cug]) who created the initial Mac OS X installer for Smuxi we now have official support for Mac OS X. The download page contains the instructions how to obtain and install Smuxi on Mac OS X. This makes the 4th platform where Smuxi can be used on besides Windows, Linux and *BSD.

For now Smuxi 0.8.9 doesn't feel as native as it could as it relies on the GTK+ port. We are looking into enhancing the experience though, just stay tuned.

Chat History on Disk (Beta)

The most exciting feature in this release I think are the "persistent message buffers". With this feature I could solve one of the biggest drawbacks IRC ever had: IRC does not retain any messages you have sent or received. All messages are only relayed to all users. The issue is that if you close your IRC client or even just leave a channel, all your received messages are gone.

One workaround in most clients was to create text log files which then contains the chat history, but it is annoying and not user-friendly to open some text file somewhere from your disk to read the history outside of your IRC client.

Now with Smuxi 0.8.9 you no longer have this issue, all chat history gets automatically written and read to a message database when you start Smuxi, join channels or open queries! As this feature is not fully stable yet it is not enabled by default. If you want to try it go to: File -> Preferences -> Interface and change "Persistency Type" from "Volatile" to "Persistent", hit OK and restart Smuxi. Now all messages are saved into the database and will automatically be shown.

Click here for a screencast of this feature

Jabber / XMPP Support (Beta)

You probably have friends not on IRC and Twitter, say on Jabber, gTalk or Facebook? This is where the new XMPP engine of Smuxi comes into play. You can send and receive messages to/from them now! The implementation is far from complete, though. It has no buddy list for example and needs only to be treated as a technical preview of what will be coming in future Smuxi releases.

Click here for a screencast of this feature

Screenshot of Smuxi's Text Interface

Text Interface (Alpha)

This is the first release that contains a text frontend based on the STFL library. STFL is a library that uses ncurses to draw text based user interface using a markup language (like Glade for GTK+). This frontend is in early alpha state and lacks a lot of interface features and likes to crash. It is still included to attract potential developers who want to enhance this frontend. The frontend can be enabled by passing --enable-frontend-stfl to the configure script and then by executing smuxi-frontend-stfl.

NetworkManager Support

Everyone with a laptop knows how annoying it can be to suspend and resume when network based applications suddenly go crazy because they have lost the connection and either spew errors or take forever to get back in shape. Smuxi will now detect the network state right away with the help of the new Network Manager support. It automatically reconnects when needed right away for you.

Next Generation Internet Support

You can now connect to IRC servers using the IPv6 protocol

Enhanced Find Group Chat Support

Users had real issues to find out how to search for channels, thus Bianca Mix added a neat feature. The /list command will now simply open the Find Group Chat dialog for you. This way everyone used to IRC will find it in no time. Searching for channels on freenode wasn't working correctly, this is now fixed. Smuxi also supports the SAFELIST feature of the IRC protocol now which allows to retrieve a full channel list and do client side search which makes consecutive searches much faster.

Enhanced Windows Experience

For a long time you could not use Smuxi with the latest GTK# version of 2.12.10 on Windows. The issue was that Smuxi relied on SVG support which 2.12.10 no longer had. Smuxi is no longer using SVG instead it uses pre-scaled PNG images thus it works just fine with GTK# 2.12.10 on Windows now. At the same time the issue that the maximized state of the main window was left when restoring from task bar is fixed with GTK# 2.12.10.

Screenshot of Fixed-Sys vs Consolas font Smuxi used by default the FixedSys font on Windows to give it the typical IRC look most people are used to. Since Windows Vista there is a better console-like font available called Consolas. Smuxi will now use the Consolas font instead on Windows Vista or later.

Another important enhancement is that Smuxi no longer has issues with multiple GTK+ installs on the same computer, which was getting more common with more popular ported GTK+ applications such as GIMP or Pidgin.

SSL for IRC fixed

IRC with SSL was only working with the default port of 6697. Thanks to Jo Shields now any port can be used with SSL.

Desktop notifications could crash Smuxi in case of errors related to the notification system or an absent notification daemon. There was a chance that the crash dialog simply disappeared which made reporting bugs more difficult no longer happens. Rapid use of ctrl+w, /window close (Jimmie Elvenmark) and opening the Find Group Chat dialog on the Smuxi tab do no longer crash. Also number-only network names, /network switch freenode and GTK+ install without SVG support no longer lead into a crash.

Enhanced Notice Handling

Notices will no longer open query tabs for you instead it will show them on tabs you share with the person who sent it with the server tab as fallback. This also avoids ChanServ, NickServ and spammy IRCop tabs.

Twitter fixes

Twitter made some changes to their API which broke the Twitter support of Smuxi 0.8. This was taken care of and also a few other issues were solved allowing Smuxi 0.8.9 to work smoothly with Twitter again.

Extended Keybindings

Smuxi allows now to use the ctrl+tab / ctrl+shift+tab and ctrl+n / ctrl+p keys to switch tabs. The keybindings still work even with a hidden menu bar now.

Smuxi Server specific highlights

More interactive and much faster synchronization

When connecting to a smuxi-server you had to wait till Smuxi finished the synchronization before you could use the interface. Also you could not tell how far the synchronization was and just had to wait till it was completed. With Smuxi 0.8.9 the connect just takes a few seconds and all chats are synchronized in the background with a progress bar so you can use the interface from the first moment on and know how far it is. The speed how much it takes to synchronize all chats also reduced drastictly by 400%!

Click here for a screencast of this feature

More background communication

When using a smuxi-server the interface sometimes had load times like when opening the preferences or when using the nickname completion (Andrew Kannan). These operations are done in the background and no longer blocks the interface. Also when the communication is lost to the smuxi-server the frontend will now automatically reconnect to it in the background.

Low Bandwidth Mode

When it comes to mobile internet connectivity such as UMTS/HSDPA, Edge and GRPS it can be a real pain to connect to the smuxi-server as it has to transfer all the messages over that. If you just want to ask someone you know then you don't need any old messages to do that. With the "Low Bandwidth Mode" you can now connect to the smuxi-server without loading old messages which makes the connect very quick. You find this option in the engine connect dialog.

Stable Protocol

Initially I didn't plan to make the protocol of Smuxi stable before the 0.9 release, but as it turned out the 0.8 protocol was good enough to still use it and for that reason Smuxi 0.8.9 is still compatible with 0.8. The 0.8 protocol will see no breakages, instead the next protocol will be on-top or opt-in of the current one. This means future Smuxi versions stay compatible with it.

Shutdown Command

You can now shutdown the smuxi-server if you like using the /shutdown command. It it safe to use the command, it will do a clean shutdown sequence for you. For example it makes sure all messages are written to disk in the case of enabled persistent message buffers. If you have your smuxi-server daemon monitored (e.g. with runit) it can also automatically be restarted and upgraded this way.

Built-in SSH Keyfile Support

It is no longer needed to fiddle with the .ssh/config file or pagent to get SSH key authorization working. You can now simply tell Smuxi which SSH keyfile you want to use to connect to your smuxi-server.

Updated Translations

  • Catalan (Siegfried-Angel Gevatter Pujals)
  • Danish (Joe Hansen)
  • Finnish (Kalle Kaitala)
  • French (Clément Bourgeois)
  • German (Bianca Mix)
  • Italian (Vincenzo Campanella)
  • Portuguese (Americo Monteiro)
  • Spanish (Castilian) (Ricardo A. Hermosilla Carrillo)

New Translations

  • Chinese Simp (Dean Lee)
  • Slovak (Tomáš Vadina)
  • Swedish (Jimmie Elvenmark)
  • partially Russian (Aleksandr P)
  • partially Turkish (Umut Albayrak)
  • partially Urdu (makki)


Contributors to this release are the following people:

  • Mirco Bauer (497 commits)
  • Tuukka Hastrup (10 commits)
  • Bianca Mix (10 commits, translations)
  • Clément Bourgeois (8 commits, translations)
  • Andrius Bentkus (5 commits)
  • Carlos Martín Nieto (3 commits)
  • Jimmie Elvenmark (3 commits, translations)
  • Hannes Tismer (1 commit)
  • Jonathan Pryor (1 commit)
  • Jo Shields (1 commit)
  • Siegfried-Angel Gevatter Pujals (translations)
  • Dean Lee (translations)
  • Aleksandr P (translations)
  • Americo Monteiro (translations)
  • Andrew Kannan (translations)
  • Joe Hansen (translations)
  • Kalle Kaitala (translations)
  • makki (translations)
  • Ricardo A. Hermosilla Carrillo (translations)
  • Tomáš Vadina (translations)
  • Umut Albayrak (translations)
  • Vincenzo Campanella (translations)

Thank you very much for your contributions to Smuxi!

After reading this whole pile of text, head over here and grab this smexy stuff!

Posted Sun Jan 1 23:58:29 2012
Posted Fri Jan 6 19:55:01 2012 Tags:

This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. Creative Commons License

Last night I wanted to buy an album on Amazon and I couldn't do the checkout as the site required me to install the Amazon MP3 Downloader to make the purchase and download of the album. The downloader is not needed for a single song though, but buying each song separately would be more expensive and more work. The good news is that it automatically offered me packages for different Linux distros: Ubuntu, Debian, Fedora and OpenSUSE instead of telling me off for using Linux and leaving me behind with a Windows only download. But here comes the catch, all offered packages are only for the Intel 32-bit architecture.

Now this is a showstopper for me, as I am running an AMD64 Debian which is a 64-bit architecture. I first tried to download and run the 32-bit debian package nonetheless as there was some hope with the ia32-libs and ia32-libs-gtk package. But this was not working as the application needs gtkmm libraries like libglademm and bailed when I tried to run it. So I filed a wishlist bug report against ia32-libs-gtk for inclusion of gtkmm and possibly other needed libraries to run the Amazon MP3 downloader on AMD64.

So I bought the album using MusicLoad instead which simply puts all songs in a single archive on-the-fly and let me download that archive.

When I tweeted my frustration on Twitter I was hinted by Jo Shields and also by Gabriel Burt that there would have been a much simpler solution to this issue by using Banshee which includes an Amazon MP3 Store plugin:

Banshee screenshot showing the Amazon MP3 Store plugin

This plugin allows you to log into your Amazon account browse their store like the regular Amazon store, plays the song samples directly, purchase songs, downloads the songs and imports them into Banshee's database so you can play them right away. And as if this wasn't good enough yet, with the the purchase of MP3 songs on Amazon using Banshee automatically makes a donation to the GNOME foundation.

As I am the only one who forgot or wasn't aware of this awesome solution this deserved some blogging.

Update: some people pointed out that clamz is also available to make MP3 purchases on Amazon.

This blog is powered by ikiwiki.