Decentraleyes: An additional defense against large companies analyzing you

I recently found out about the Decentraleyes add-on for Firefox. To understand why Decentraleyes is a good idea and why it can help you protect your privacy, here’s what’s been happening so far:

  1. Web developers all over the world have started using the same libraries of Free Software code to solve the same common problems. This is good.
  2. Web developers thought it would be a good idea to host this code on CDNs (distributed content delivery networks). This makes pages load faster and takes the (financial) burden of hosting them off the web developers. This is also good.
  3. Large companies like Google, Microsoft and Facebook – who make money by analyzing and recording your behavior in order to sell private details about you to other companies – have started offering such library hosting for free. This is bad.

Because every time you visit a website that refers to such a hosted library, and that’s hundreds of thousands or millions of websites, you give away your intentions to the company hosting the library. You tell Google where you’ve been on the Internet, and by pinging them every time you open any number of websites, they can track where you’re going, whether you’re using your phone, your tablet or your computer, when your preferred time for web surfing is, etc.

There is a reason these companies offer this hosting for “free”. It’s because you are the product, this data about you is aggregated and resold to advertisers. What’s worse, those companies can at any time introduce malicious code into your browser by changing the libraries they offer. Your browser will not be able to tell whether it is running a manipulated version of the code.

Because we won’t be able to convince web developers to do the right thing and either create a non-profit organization to securely host all these libraries or host the libraries on the websites themselves, you can only take matters into your own hands. Decentraleyes does this for you, by downloading all those libraries to your own computer and rerouting any request that would ordinarily go to a shared library server to your computer instead. It takes no configuration, you just need to install the Firefox add-on and that’s it.

This alone won’t be enough to win back your privacy, but it’s one building block. A free bonus is that pages that would normally use a CDN now load faster if you have this extension.

Handling logspam like "action 'action 20' resumed (module 'builtin:ompipe')" on Debian Jessie

If you’ve upgraded to Jessie on a server (or any other machine without X), you might have started noticing strange new messages in your logs that look like this:

Nov 4 06:33:21 mail rsyslogd0: action 'action 20' resumed (module 'builtin:ompipe') [try ]
Nov 4 06:33:21 mail rsyslogd-2359: action 'action 20' resumed (module 'builtin:ompipe') [try ]

As discussed in this bug report, that shouldn’t really happen and you can get rid of it by disabling logging to xconsole in rsyslog. Find this section of /etc/syslog/rsyslog.conf and comment it:

# news.err;\
# *.=debug;*.=info;\
# *.=notice;*.=warn |/dev/xconsole

That should take care of it until this is fixed upstream.

Backing up email from any IMAP server (plus: syncing and migrating)

I recently migrated email providers (several times, actually) and came across the fantastic tool mbsync. It’s included in most GNU/Linux distributions, though sometimes called by its old name, “isync”.

mbsync is very powerful, it can not only sync between a remote IMAP server and e.g. a local on-disk mirror that you want to keep so you can back it up, it can also sync between two remote IMAP servers directly.

Many very advanced configurations are possible from your own personal .mbsyncrc file. But since it took some time to puzzle together a good config from the semi-cryptic manpage, here are two configs I used for two typical situations.

Migrating from one IMAP server to another

IMAPStore   oldserver
User        myusername
Pass        mypassword

IMAPStore   newserver
User        myusername
Pass        mypassword

Channel   migrate
Master    :oldserver:
Slave     :newserver:
Patterns  * !Trash
Create    Slave
Expunge   Slave
Sync      Pull

Calling mbsync migrate will migrate your email from your old server to the new one, creating any new directories and messages on the new server and not deleting anything on the old server. You can run this multiple times in case new messages are still arriving on your old server.

Mirroring your IMAP mail to a local directory

This is useful for backing up your email. Particularly nice if you’re on a free or cheap email provider that does not offer backups.

IMAPStore yourserver
User      yourusername
Pass      yourpassword

MaildirStore mirror
AltMap       yes
Path         ~/mailmirror/

Channel   mirror
Master    :yourserver:
Slave     :mirror:
Patterns  * !Trash
Create    Slave
Expunge   None
Sync      Pull

Then run mbsync mirror to pull your email. You can run this multiple times, it will not delete messages in the mirror directory. If you want messages to be deleted there, set Expunge to slave. Make sure to back up both the mailmirror directory and the Maildir directory, which holds your INBOX.

A note about AltMap: This particular option was required so that I could mirror to remotely mounted NFS shares. It will make mbsync create its UID validity data in a database instead of in a .uidvalidity file. For whatever reason, it seems that writing the .uidvalidity file stalls forever on NFS shares. If you’re not using an NFS share, you can try without that option.

In both examples, the Trash directory is ignored.

Another way to fix tearing and vsync issues using the Nvidia driver

Nvidia’s proprietary driver is notorious for having a lot of tearing and vsync issues. Even if you use their control panel to enable vsync, more often than not it will have no effect. I’ve seen this on a GTX 560, on a 650 Ti, 660 Ti, 860M. Previously I tried using compton to fix this issue, but compton sometimes makes e.g. video display sluggish or seems to add some delay and irregular framerate to games. This won’t work, since for games I want a constant framerate, and drops below 25 or so are unacceptable.

That’s when I found out about about the ForceCompositionPipeline option for the proprietary Nvidia driver. It can be used like this to enable it temporarily from the command line:

nvidia-settings --assign CurrentMetaMode="DVI-I-1: nvidia-auto-select { ForceCompositionPipeline = On }"

Or made permanent in xorg.conf:

Section "Screen"
    Option         "metamodes" "DVI-I-1: nvidia-auto-select { ForceCompositionPipeline = On }"

You’ll have to use something like xrandr to figure out the name of the output (in this example, DVI-I-1). Thank you, Mark Volker Dickmann, for this hint.

Zürich to Brussels and back in a Tesla Model S

This February, a few friends and I went to FOSDEM in Brussels and we took my Model S. The reason I haven’t written about this yet is that there isn’t really anything to write about — everything just worked. And that’s probably important to write about after all, since people have range anxiety and whatnot.

Here’s our route:


That’s 1400 km all in all. Here’s a picture from the rather ugly hypermarket near Metz:


The important part is all the Belgian beer we bought there! And well, the recharge they gave us (there is a supercharger in the middle of the parking lot).

For news junkies who want to stay organized and happy: NewsBlur and TinyTinyRSS

In 2013, the famous online ad reseller Google shut down their Google Reader service. If you ask me, and I do have an arsehole as well as an opinion, it was to drive people towards their less customizable, not standards-based News product that they can pepper with ads. But there are other RSS clients and news readers, and of all of those I’ve spent almost two years with TinyTinyRSS and now a month with NewsBlur.

My heart is split in two between these: Andrew and Samuel are both interesting, and it’s fascinating to see how different from each other their visions are.


NewsBlur is the brainchild of Samuel Clay. He didn’t just invent an RSS reader, he came up with a completely new visual style with warm, cofee-like colors and large, friendly interface elements. Hell, the logo is a stylized sun and if you sign up for a premium account, you get to feed his dog Shiloh, that’s how much good feeling is going on here.


Each site also gets its own custom color bars to the left of it, based on its favicon. This doesn’t do much for things like YouTube, since all your YouTube channels will just have a red bar, but seeing The Register’s very black vulture favicon and equally black bars does set the mood. Some sites turn instantly recognizable from afar thanks to this, like DeviantArt with its trademark green or Phoronix with its, err, also trademark green. This helps pick things apart if you are ever viewing a list of all your news combined.


If you don’t like how things are displayed, the customization options, pictured above, are immense. You can also opt to view stories not in their summary RSS form but in the original, as they appear on the original website. But Samuel’s vision doesn’t stop at the visual style.

The service is set up so that you can share your favorite news with people. You can import your Twitter or Facebook friends, or you can skip all the social networking stuff and just follow people directly on NewsBlur itself. Then you get to see what news stories they share and can interact.

This news regurgitation goes one step further yet, NewsBlur gives you an optional BlurBlog, a page where your shared stories are published in a blog format so that even people without NewsBlur can follow them. Maybe someone even subscribes to that using TinyTinyRSS! Haha, wow, so funny. My BlurBlog is over there, by the way.

Another killer feature is that premium subscribers get is very fast updates for all the sites in their feeds, up to 10x a day. This is noticeable, once you have a decent list of feeds you can almost see their unread counters increase as you watch.

NewsBlur does something with machine learning, apparently you can let it know which articles you like and it will find more of the same, but I haven’t tried so I can’t comment.

There is a client for Android which works extremely well both on tablet and on mobile. Get it on F-Droid, it’s just called “NewsBlur”. I found especially the syncing very robust, I even slapped one touchscreen device with each hand like a spasming orangutan while watching NewsBlur in the browser and both devices’ interactions were replicated properly.

You can see that I’m gushing and totally happy with this. Of course I signed up for the ridiculously cheap premium account (US$24 a year at the time of writing). Take my cash and turn it into beautiful source code (and dog food), please!

If you don’t want any of this premium crap and would like to host NewsBlur yourself, of course it is Free Software. Go get the source.


TinyTinyRSS by Andrew Dolgov looks a little stark, a little utilitarian in comparison. But this isn’t bad, it allows you to focus on the content, and that’s the idea here, right?

original Screenshot stolen from Lifehacker Australia.

TinyTinyRSS is something you host yourself on your webserver, there is no hosted service or one of those crazy cloud things. It requires PHP and either MySQL or PostgreSQL, with PostgreSQL being preferred. I found setup to be quite easy and I was surprised by the quality of the upgrade process, in over two years not a single upgrade ever caused any issues. It feels like a tank, and I mean that in the good sense.

If you’re looking for a solution to host yourself that works on a broad range of web servers, even on some very cheap shared hosting solutions, and that you could potentially even use with your circle of friends or coworkers to make use of the news sharing service, TinyTinyRSS will do the job.

There are mobile clients for Android and Meego/Sailfish OS. Android even has two! One written by Andrew himself, which he makes money from, and one written by Nils Braden. I will not place a link to Google Play, not because I don’t want Andrew to make money, but because I don’t want Google to make money 🙂 Nah, just kidding, here’s Andrew’s client on Google Play and Nils’ client on Google Play. The Sailfish/Meego client comes to you courtesy of cnlpete.

I’ve used both clients on phones and tablets and I can’t say which one I prefer. They are quite similar in feature set and of course Nils’ client being Free Software may skew you that way.

Whether you want to host things yourself or have them hosted, share with the world or just with your friends, whether you’re on Android, Sailfish OS or your desktop, these are extremely competent Free Software news readers just for you.

If you get a lot of logspam from systemd in your /var/log/syslog, this might help

Do you get log entries that look like this?

Jun 29 10:40:31 www systemd-logind[329]: New session 3264 of user foo.
Jun 29 10:40:31 www systemd: pam_unix(systemd-user:session): session opened for user foo by (uid=0)
Jun 29 10:40:31 www systemd[1]: Starting user-1000.slice.
Jun 29 10:40:31 www systemd[1]: Created slice user-1000.slice.
Jun 29 10:40:31 www systemd[1]: Starting Session 3264 of user foo.
Jun 29 10:40:31 www systemd[1]: Started Session 3264 of user foo.
Jun 29 10:40:31 www systemd[1]: Starting User Manager for UID 1000...
Jun 29 10:40:31 www systemd[16056]: Starting Paths.
Jun 29 10:40:31 www systemd[16056]: Reached target Paths.
Jun 29 10:40:31 www systemd[16056]: Starting Timers.
Jun 29 10:40:31 www systemd[16056]: Reached target Timers.
Jun 29 10:40:31 www systemd[16056]: Starting Sockets.
Jun 29 10:40:31 www systemd[16056]: Reached target Sockets.
Jun 29 10:40:31 www systemd[16056]: Starting Basic System.
Jun 29 10:40:31 www systemd[16056]: Reached target Basic System.
Jun 29 10:40:31 www systemd[16056]: Starting Default.
Jun 29 10:40:31 www systemd[16056]: Reached target Default.
Jun 29 10:40:31 www systemd[16056]: Startup finished in 13ms.
Jun 29 10:40:31 www systemd[1]: Started User Manager for UID 1000.
Jun 29 10:40:31 www console-kit-daemon[1489]: missing action
Jun 29 10:40:32 www systemd-logind[329]: Removed session 3264.
Jun 29 10:40:32 www systemd: pam_unix(systemd-user:session): session closed for user foo

I got hundreds upon hundreds of kilobytes of logspam like that and I wanted to solve the root cause, not just ignore it in logcheck. I happened to stumble upon the solution on, and promptly made a fool out of myself there, too. One solution is to enable lingering for user accounts that have cronjobs. For root, that would be: loginctl enable-linger root Since I searched for quite some time but this didn’t come up immediately, I’m putting it here to increase findability.

Why I'm switching from Jolla's Sailfish OS back to CyanogenMod for now

Before you throw any bricks, know that I’ve been a Jolla supporter from before day one. I had my preorder in there and my money earmarked the moment I knew it wasn’t going to be vaporware. I ran the Swiss Jolla Twitter community for several months even before there was a product and I have a TOHKBD and a Jolla Tablet preordered, as well as a second spare Jolla phone sitting in its original packaging.

So why am I leaving this awesome Jolla ship to go back to my old Android barque, a now 4 year old Samsung Galaxy Nexus with CyanogenMod? I won’t bore you for long, the reasons are simple.

Bad readability, bugs and inconveniences

  1. The Sailfish user interface is almost unreadable in daylight.
  2. Calendar and contacts (well, CalDav and CardDav) syncing is frustrating and unreliable.
  3. Some Android apps still do things much better than their Sailfish counterparts, if they exist.

Okay, now throw those bricks. But to illustrate:

Bad readability

Check out this random Sailfish screenshot. The font is too thin, the font’s contrast with the background is too weak, and add to that a very reflective and not too bright phone screen and a bit of sunlight. All of those grayed out podcast titles, they turn invisible.

I picked one of the highest contrast themes available, one I don’t even like, and I still have no clue who is calling me when the phone rings. I have to seek some shade to read SMS. That’s just not cool. Instead of being inspired by Microsoft’s new thin and light typography, maybe they could have copied Google instead and gone with strong, bold fonts that read well even in black on white.

There is a year-old discussion on Jolla Together about this, I don’t see how I could go back to the phone before this gets resolved. The four year old OLED screen on my Galaxy Nexus has many fewer issues even in brightest daylight, and not because it’s a much better screen, mostly because Android’s (or CyanogenMod’s) color theming and typography make more sense for a mobile phone.


I have tried both SyncEvolution before Sailfish even had any built-in CalDav or CardDav sync, and I’m using the built-in one now. Both failed for me. SyncEvolution once a week silently fell into a mode when it couldn’t sync my calendar entries anymore because it wanted either a full refresh from source or a full push from target. That is fine if I get a big fat warning, but I didn’t, so I lost a week’s worth of new calendar entries that didn’t sync to my CalDav server.

But what really made me angry: The built-in CalDav sync now has a bug where it moves all entries ahead by one hour. Yes, the bug is known, it’s being discussed, but there is no workaround. I don’t want to drag around a second mobile device with reliable syncing just to know that I’ll be in the right place at the right time. On Android, I have DavDroid, which works very well and has decent enough status reporting to figure out what’s wrong when it doesn’t.

The Android advantage

There are some apps that don’t integrate too well with Sailfish. I must confess that out of sheer peer pressure, I use WhatsApp for family communication. WhatsApp on Sailfish’s performance is random at best, notifications appear one time out of ten, I keep having to stop and restart the app every few hours to be sure I didn’t miss anything.

I used to use Mitäkuuluu when it still existed, and I am willing to try Whatsup. But I dread something: If text display is as shite as it is in the rest of Sailfish, I might be able to connect, but I won’t be able to read anyone’s messages as soon as we get out of deep dark winter. Also, Facebook’s super-proprietary model means that whatever open WhatsApp client comes along, it will be locked out of WhatsApp at random, and that’s not what I want.

Then there’s email: I haven’t seen anything that does mobile email more reliably and with more options than K-9 Mail on Android. Gladly, that one works just fine on Sailfish too. And it’s readable, because it’s black on white.

All is not lost

What Sailfish did make me learn: I can live with very few apps, Android ones in particular. I can easily live without Google Services or any Google Android apps, so CyanogenMod is more than fine. With very few syncing, privacy-invading and battery hungry apps, I also get two days of battery life out of a four year old battery. Not bad! The Jolla gets 3 to 4 days easily under the same conditions, just so you know.

Right now my setup is simple and fast: CyanogenMod and many apps from F-Droid: Fennec (instead of Firefox and the built-in browser), DavDroid, RedReader, NewsBlur, K-9 Mail, ConnectBot, ownCloud client, Hacker’s Keyboard, KeePassDroid.

This does all I need. You see that my requirements aren’t great. I am looking forward to perhaps this time next year when I can fulfill them all with Sailfish. If anyone wants to buy my excess Jolla gear in the meantime, let me know 🙂

Ebook market still broken

In the last 8 years or so, I’ve regularly looked at the ebook market to figure out if they’ve fixed it yet. In 2015 I can say: no, they haven’t. But there is a new star on the horizon, at least.

Let’s start with a harmless example: Out of the five sci-fi ebooks that Kobo recommends for 2014, they refuse to sell you three. They claim that the books are not available in your country, Switzerland in my case. However, if you check out the competition, you notice that even newcomers to the ebook market like Thalia/Orell Füssli have the ebooks. What’s even worse, Amazon will not hestitate to sell all those five books to you for Kindle.

So here we have Kobo, a company that claims to make premium ebook readers and offer one of the largest ebook collections in the world, unable to fulfill something that both their biggest competitor and complete newbies at this game can do. This shouldn’t be that way — if one company can offer an ebook in one territory, all the others should be able to do that, too.

On the DRM front, things are still broken as well. By far most ebooks are sold with DRM. Fortunately, some countries allow you to remove that DRM from your books, and I can only thank Apprentice Alf again for all his effort in making DRM cracking tools easy to use.

The broken state of the market means that:

  1. Amazon remains the supreme ironfisted ruler of all that is ebooks. Nothing can  compete with them right now. They appear to be able to even get around publishers’ territorial disputes, and their prices and selection are still better than the competition’s. At the same time, they cheat a dozen countries by not paying their taxes and they treat their employees like cattle, but that’s another story.
  2. You can achieve a similar selection to Amazon’s if you’re prepared to hunt through two dozen independent ebook stores for the title you want, and pay a little more for it. It will probably come as an Adobe DRM-encrypted ePUB file. Prepare to crack the DRM. If you’re in a country that doesn’t allow that, you’re fucked.
  3. Publishers and book stores still haven’t managed to find a strategy to kill Amazon, but there is movement on the front. The Deutsche Telekom and a series of German and Italian book store chains are trying with their Tolino alliance, and Tolino has everything it needs to turn into some real competition. The Tolino Cloud that syncs books you uploaded yourself plus books you bought from any Tolino alliance member to all your Tolino devices could be a killer feature.

I don’t know what could be the best interim solution until the market is fixed. Probably buying a Tolino Vision 2 and hunting for books all over, then cracking them and shoving them into your Tolino Cloud Reader so they get synced. You can even buy books from Amazon, crack them and convert them to ePUB using Calibre.

To help your hunting, here are some of my current favorite ebook stores, some even without DRM:

Maybe that helps! See you in two years for an update on the situation.