Custom user Xsession with SDDM

Debian stretch is out, a lot of obsolete packages, a lot of major upgrades, which all in all resulted in quite a painful transition the last few days. But I’ll tell you more about that in the following posts.

I don’t really spend much time on Linux nowadays so KDE (along with KDM) has always been my goto solution for a jack all trade no-BS works-out-of-the-box desktop environment. And it worked like that just fine, until… well you know how software goes. KDE has been upgraded, KDM has been depreciated and replaced with SDDM.

I also use xsession so that I have a common way of starting session scripts and daemons (such as this one) and configuring stuff across different desktops. I generally selected custom session in the display manager and that was it. But SDDM does not seem to provide a way to do so, or at least that’s not so clear.

By default, it will execute /etc/sddm/xsession which itself sources /etc/X11/Xsession to which it will pass as argument the value of the Exec line in the desktop file (located in /usr/share/xsessions) describing the currently selected session.

If we want to bypass this, we need to scrap the argument passed to /etc/X11/Xsession no matter what SDDM thinks the current session should be. To do so create a wrapper for Xsession in /etc/X11/user-Xsession:


export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin

# Discard argument, we don't care about selecting the desktop environment.

And now configure SDDM to use this instead of its own version of it, in /etc/sddm.conf:


MSP430 and Contiki on FreeBSD

If you were trying to compile a Contiki application that targets an MSP430 platform (T-Mote Sky for example) on FreeBSD, you might have noticed that msp430-gcc was removed from the port tree and replaced by gcc-msp430-ti-toolchain. Contiki does not support this newer toolchain so you might find yourself a bit stuck there.

Fortunately you can still access the last version of the msp430-gcc packages from the FreeBSD archives:

Suspend on lid closed + battery

If you use FreeBSD 11 on the good ol’ ThinkPad X201, you’ve probably noticed now that suspend and resume work perfectly flawlessly with the latest FreeBSD release.

You probably wish to take advantage of this and suspend your laptop automatically when the lid is closed. Nothing could be easier:

sysctl hw.acpi.lid_switch_state=S3

Save this option /etc/sysctl.conf for it to be permanent.
Close the lid, the laptop goes to sleep, you’re done!
It’s that simple.

But, with this method it will go to sleep each time the lid is closed, completely ignoring whether the laptop is on battery or not. And if you’re like me you probably don’t want this. Instead you want it to suspend itself when the lid is closed and the laptop is on battery. Easy enough! We just have to invoke the mighty power of devd along with a very little shell script.

First we need to tell devd how to react when the lid is closed. Put this in /etc/devd/lid.conf, then restart (service devd restart):

# Notify lid close/open events.
notify 10 {
  match  "system"    "ACPI";
  match  "subsystem" "Lid";
  action "/etc/acpi/ $notify";

Now we will make a script that checks the lid and AC line states and chooses to suspend the laptop when both the lid is closed and AC line is disconnected. This goes in /etc/acpi/


lid="$1" # 0x00 is closed, 0x01 is open (see devd.conf)
acline=$(sysctl -n hw.acpi.acline) # 0 is battery, 1 is online (man acpi)

if [ \( "$lid" = "0x00" \) -a \( "$acline" -eq 0 \) ]
  logger "Lid closed on battery. Going to sleep."
  acpiconf -s3

Try it out! Disconnect the AC line, close the lid, it should go to sleep within seconds. However if it doesn’t work you might want to modify the script above a little to check whether lid events are received correctly or not.

Now you may use a modified version of this script to lock xscreensaver when the lid is closed and before the actual suspend. Well OK, I’ve done that for you:

# XScreensaver should be called BEFORE going to sleep to avoid the desktop to be
# shown for a few seconds when the system resumes from sleep.

lid="$1" # 0x00 is closed, 0x01 is open (see devd.conf)
acline=$(sysctl -n hw.acpi.acline) # 0 is battery, 1 is online (man acpi)

lock_display() (
  display=$(echo "$socket" | tr "X" ":")

  # Temporary pid file for the watching command

  # Wait until the display is actually locked.
  (timeout 2s xscreensaver-command -display "$display" -watch & echo $! > $tpid) | (
    # Issue the lock command only when we know that
    # the watching pipe is ready.
    xscreensaver-command -display "$display" -lock

    while read line
      line=$(echo $line | cut -d' ' -f 1)

      if [ "$line" = LOCK ]
        # We have to kill the watching command manually before breaking.
        kill -TERM $(cat $tpid)

  rm $tpid

# The X server may not be running
if [ ! -d /tmp/.X11-unix ]
  exit 0

# Lock each available display
for socket in $(ls /tmp/.X11-unix)
  # Lock the display
  logger "Locking xscreensaver on $socket"
  lock_display $socket &

# Wait until every displays are locked

# Now we can suspend if needed
if [ \( "$lid" = "0x00" \) -a \( "$acline" -eq 0 \) ]
  logger "Lid closed on battery. Going to sleep."
  acpiconf -s3

Today’s movie: The Wind Rises


The Wind Rises by Hayao Miyazaki. Almost saw this movie in 2013 when I lived for some time in Tokyo. We planned to see it at the cinema but for some reason we didn’t (there was so much to do back then). Finally didn’t got to see it until today.

All that we’d ever aspire from life, yet it’s nothing but a dream.

Disk failure happens

So my not-so-trusty-anymore 5 years old HDD crashed unexpectedly this morning. That happened on my working laptop. But thank god I do backups! I still probably lost some documents but it could have been much worse.

Coincidentally I was just saying to myself that it would be a good idea to reinstall it just to force me to clean this old setup a little bit. Well that providential failure forced my hand. Thanks for that!

This also prompted me to start building a NAS, an idea that I have in my mind since quite a few months now. So you will probably read more of that in a few weeks.

Using NAT64 locally

NAT64 is a translation mechanism that allows IPv6 addresses to be transparently mapped to IPv4 addresses. The principle if very simple. In a NAT64 address, the IPv4 address is embedded into the 32 least significant bits of the IPv6 address. When you send an IPv6 packet to a NAT64 router, it will extract the IPv4 address embedded into the NAT64 IPv6 destination address and send the packet using this IPv4 instead. The source IPv4 address used is chosen within a provided pool of IPv4 addresses (which can be SNATed, in which case you can use a private network reserverd for the NAT64 pool). The NAT64 router will also do the reverse mapping and translate the reply from the IPv4 remote address to your original IPv6 address.

This is very convenient for IPv6 only hosts (such as IoT smart objects) that need to contact a very sparse IPv6 Internet. Even if a remote host is only accessible via IPv4, it can still be accessed from IPv6 using its NAT64 address. Also since the majority of addresses are resolved using DNS, there are some servers (unbound is one of them) that provide a DNS64 module which will automatically construct a NAT64 AAAA record when no other IPv6 records are found for a specific domain. This way your IPv6 only hosts using DNS believe that all domains have an AAAA record, and that all the Internet is IPv6 enabled.

In my case I use Tayga NAT64 router along with Unbound DNS64 module. There are several posts out there that explain how to configure these two and this is not my intent here. Instead I want to focus on a problem that I had using Tayga’s NAT64 locally. That is trying to ping a non-IPv6 domain from the host that is running Tayga:

$ ping6

This command worked fine from outside the host running Tayga (for packets routed through the NAT64 router), but didn’t work at all when issued on the host running Tayga.

Using tcpdump, I found that when issued locally, Tayga used its own IPv4 address (its ipv4-addr option) as source address for the translated IPv6 packets. Since this address was not mapped in Tayga IPv4 source address pool, it did not translate the reply back to the original IPv6 address and so the ping6 command never got any reply.

What I also found was that the source address used by the ping6 command was also Tayga’s own IPv6 address (its ipv6-address option). Since the NAT64 address that ping6 tries to use is routed through the nat64 interface, it defaulted to the nat64 interface IPv6 address (that is Tayga’s IPv6 address) for its source address.

This is what triggered Tayga to use its own IPv4 address which is outside its pool resulting in the reply not being translated back to its own IPv6 address. So we need a way to avoid choosing Tayga’s own IPv6 address when trying to reach a NAT64 address locally. We know that Tayga configures its own IPv4 and IPv6 addresses on its nat64 interface. All we have to do is to add another IPv6 address to the interface so that it will be used instead as the source address for local packets destinated to the nat64 router interface.

Suppose we have:

  • Internet routed prefix: 2001:db8:1::/64
  • NAT64 IPv6 prefix: 2001:db8:64::/96
  • NAT64 IPv6 address: 2001:db8:1::64
  • NAT64 IPv4 address:

Then the nat64 interface will have the 2001:db8:1::64 IPv6 address. Just add another IPv6 address to this interface with:

ifconfig nat64 inet6 add 2001:db8:1::46 netmask 128

Tadaaa! Now when you try to reach a NAT64 address locally, the address you just added to nat64 will be used instead as the source address. Since this is not Tayga’s own IPv6 address, it will dutifully map the NAT64 using its IPv4 address pool and translate the reply back to the new IPv6 address. In other words NAT64 addresses now work on the host running the NAT64 router.

Today’s movie: Rogue One

“We have hope. Rebellions are built on hope! ” – Jyn Erso

Now that’s a Star Wars I like to see!
Without hesitation the best Star Wars movie of the last decade (as of Jan. 2017). That’s not a hard feat though I must admit. But it brought far more to the cinematic universe of Star Wars than the last “Episode”. Not in the holes it fills, but more in the quality of the story, movie and its overall originality.

Now I can hear some of you screaming in the back, that’s not part of the main nonalogy (nonalogy? nonology? ennealogy?), it’s a standalone movie, it’s not really Star Wars. Well, tell you what, I don’t care. Disney decided to go non-canon anyway, so for me it’s just another movie in the alternate Star Wars universe.

Now that’s probably a targeting strategy for all of us who thought that Force Awakens was more of a disgrace than Ep. I, II, III. But it worked, I liked it, and now I want to see the next episodes. You got me Mickey Mouse!

Mike Mitchell‘s Mickey Mouse – $$$

The opinions were not undivided, but I liked it. There is something to this movie that is more human and makes it more plausible compared to the others in the series. It’s about small things. Like the stains and dust on spaceship windows, hyper-space light reflections during hyper-drive, the actual need of hyper-drive, the actual need of space travel, the reality of occupation by the Empire. In the end it made the movie much more believable to me.

But one of the things that I really liked was the way Jyn Erso character was developed throughout the movie. You could grasp her complicated views on the Rebellion and the Empire. You could feel her fears and doubts, you could see her think, understand her own awareness of the events and her place among them. She appeared as human as you can be. So it was really natural for me to attach to her character. And all that contributed to my realization that, in the end, she displayed real courage. See, you love people for what they really are, their inner self. And the movie tried to emphasize just that, what she really is.

It also presented the more hazy face of the Rebellion and the Empire by displaying both factions as more organic entities with their own internal political struggles, conflicting ambitions and ideals. This resulted in a story that had a bit more to offer by detaching itself slightly from the manichaean vision of the episodes.

It was also beautiful and thrilling. The pace was really good, and it contributed a lot to the intensity of the movie, especially in the latter parts. In the end all that contributed to a story that was most of the time really enjoyable.

Now that’s not to say that the movie was without flaws.

First, the most obvious, resurrecting dead actors with completely CGIed characters, just forget about it, seriously! It does not work yet, like not at all. Peter Cushing looks like some kind of evil puppet that suddenly became self aware but still has a really hard time figuring out what it is to behave, move and talk like an human being. Carrie Fisher was fine, but only for the fact that you see her for a couple of seconds.

A robotized version of Sir Alec Guinness plays Obi-Wan Kenobi in a future Star Wars installment.
– Robby the Robot portrait by Iain Claridge

The movie tries hard not to fall into the SixFlags camera shooting syndrome (where some scene look more like they were filmed from a rollercoaster than anything else) or the far too common InYourFace syndrome trying to abuse the sensational. Sure some scenes will make you cringe a little, but it’s still not as bad as The Hobbit for instance.

There are the obligatory two cents jokes and somewhat not-always-that-subtle cameos. But there are some who apparently think that you cannot make a movie without those nowadays. While I’m OK with nods to older episodes as long as they do not show up too frequently to feel like distractions, putting a stupid not funny at all joke at the end of a 30 seconds action scene can ruin not only the scene, but also the characters and butcher the story credibility.

Lastly I think that the movie really has one big flaw, it’s its non-homogeneous way of handling the characters. Like I said Jyn Erso character is well developed and this really adds to her credibility. Others like Cassian Andor or Cpt. Obvious (K-2SO) are also fine, and the latter makes a nice and funny support character.

On the other hand some characters were developed on a completely different dimension. I think in particular of Chirrut Imwe and Baze Malbus. They did not add that much to the plot, they got some of the worst and almost all clunky lines, and I couldn’t help but to see them as a dead weight couple that somehow found himself playing in the wrong movie.

I may seem a bit harsh but I really think you shouldn’t add characters just for the sake of it. Even so with the laudable intention of completing the story by the addition of new components. The story that the movie tries to convey must act as a coherent whole. And in this case it could have been much better articulated over fewer characters.

That being said I’m now eagerly waiting for the next episodes. With a bit of apprehension though considering Rian Johnson (Ep. VIII) and Colin Trevorrow (Ep. IX) filmography. Looper left me a bit unimpressed and that habit of throwing successful TV series directors or writers (even when that was only for a handful of episodes) in charge of tent poles movies never turned out well for me. And don’t even get me started on Jurassic World. But in the end only time will tell!