Meltdown and Spectre: Links compilation

Having recently come to light, meltdown and spectre are names given to a set of high impact security issues exploiting CPU instructions to read system memory. Provided below is a collection of links that relate to different aspects of these vulnerabilities.

Initial Disclosure

Updates from Vendors



Against meltdown

Against spectre

Performance / Benchmarks


Bits from the web


Roaming profile on Linux in 2017

To quote Wikipedia,

A roaming user profile is a concept in the Windows NT family of operating systems that allows users with a computer joined to a Windows Server domain to log on to any computer on the same network and access their documents and have a consistent desktop experience, such as applications remembering toolbar positions and preferences, or the desktop appearance staying the same.

Our office environment consists of a mix of Windows and Linux systems, and the task was to setup a system on which user data could be stored such that the users would not be bound to a single system and be able to work on any system.

On Windows using Active Directory and Roaming profiles user data and logins can be centrally store and authenticated. Advances have been made in Linux too to allow for a similar setup:

  • [server side] Samba can be used to setup a Domain controller to authenticate users (for Linux only environments, solutions like Free IPA also exist).
  • [client side] Can be setup by combining different services (as given here and here), or an integrated system can be used (like given here).

After considering the above, we went with the following solution:

Server side setup

Went with Zentyal server for user authentication, data storage, and file sharing (other options like ClearOS also exist).

Client side setup

Used pbis open for authenticating to the AD server, and put together a system for implementing roaming profiles.

Roaming profile setup

When searching for roaming profile on linux, csync was found which seemed like the ideal solution; however in practice an issue was encountered trying to sync between a local home folder and a samba mount of the remote folder.

Eventually discovered osync which synced the folders (local and remote) correctly.

Wrote some scripts tie it all together (available here).

Note: SMB v1.0 was used for the remote home folder cifs mount as unix extensions needed for proper permissions support seem to implemented for that version only (link).

Adding an external fan to the Raspberry Pi 3 Model B

A while ago I had purchased a Raspberry Pi 3 to learn more about building software on the ARM platform (IoT), and getting to know configuration management software like SaltStack.

Since I intended to compile software on the Pi, I looked into external cooling solutions and found that adding a heat sink and fan should work. Ordered the items, and when they came I attached them to the Pi.

But there was an issue: the fan was too loud and not really required unless the Pi was heating.

Searching for solutions, I found two tutorials, the first of which used a transistor controlled via the Raspberry Pi’s GPIO system (I could not find the suitable transistor online) to turn the fan on/off as required, and the second  one which used a relay module (which I could find online and ordered).

After some fiddling around, managed to get the connections right, and it worked 🙂 There was a strange issue though that whenever the GPIO pin was set to output mode, irrespective of the fact whether the voltage was HIGH or LOW, the fan got switched on. As a workaround I set the GPIO pin to input mode instead of setting it to output LOW and it worked.

I took the scripts from the tutorials , modified them a bit to workaround the above issue, merged the best bits, and wrote some code for monitoring. All this is now available in a Github repo.

Raspberry Pi 3 fan setup


  1. Automated-cooling-fan-for-Pi
  2. how-to-control-a-fan-to-cool-the-cpu-of-your-raspberrypi
  3. raspi-fan

If anyone has any comments or queries feel free to post them in the comments section below.

Manjaro OpenRC 17.0 Xfce Development ISOs [RC]

While waiting for Manjaro 17.0 to be released, have created RC ISOs for Manjaro OpenRC 17.0 Xfce edition.


  • Kernel updated to 4.9.x series (next LTS).
  • Reverted to using ALSA by default (decided by voting, see here for reference).
  • Old CLI installer patched to work with manjaro-tools 0.13.8 (changes
    available here).


P.S. May also create Net Edition ISOs this time around if there is need for them.


RC (Release Candidate) ISOs were released, have updated the download link (old link for reference).

Manjaro OpenRC 16.10.2 ISO released!

After about a month of development (mostly over the weekends), Manjaro OpenRC 16.10.2 ISO has been released. It was originally not intended as a development edition, but become one since I noticed that it failed to boot in EFI mode both in Virtualbox as well as on bare metal, and was unable to fix it (has been fixed).

Major changes are the inclusion of Linux 4.8 to better support newer hardware like AMD Polaris, and the inclusion of Pulseaudio for better out of the box support for multiple audio devices (more of that in the release announcement).

Minor changes include switching the icon theme to elementary-xfce-icons (shoutout to oberon2007 for adding it to the community packages), and adding hardinfo for graphical system information, and ffmpegthumbnailer for video thumbnails.

Release announcement:



Native Window Snapping / Window Tiling with Fluxbox, Openbox, and xfwm4 (Xfce)

I find tiling helpful when I have to work with the contents of two windows at once, or when comparing things.

By native window tiling I mean that we will be using only the native commands of a particular window manager and not any external program.


The following can be added to ~/.fluxbox/keys

# Tiling
Control Mod1 Left :MacroCmd {ResizeTo 50% 100%} {MoveTo 00 00 Left}
Control Mod1 Right :MacroCmd {ResizeTo 50% 100%} {MoveTo 00 00 Right}
Control Mod1 Up :MacroCmd {ResizeTo 100% 50%} {MoveTo 00 00 Up}
Control Mod1 Down :MacroCmd {ResizeTo 100% 50%} {MoveTo 00 00 Bottom}
Control Mod1 Return :ToggleCmd {Maximize} {Restore}

The modifiers above (Ctrl + Alt + Left/Right/Up/Down/Enter) should not conflict with existing modifiers, else they will not work correctly.


The following can be added to ~/.config/openbox/rc.xml within the keyboard tags.
(have to use a pastebin as WordPress interprets it as tags)

xfwm4 (Xfce)

Go to Menu -> Settings -> Window Manager -> Keyboard

The commands should already be present, only the keys need to be set.


Using OpenRC on Arch / Archbang / Manjaro Linux.

With the increasing complexity of systemd, I decided to look for alternatives. After some searching and experimentation, I settled upon OpenRC.

OpenRC is a dependency based rc system that works with the system provided init program, normally sysvinit.

Before proceeding furthur, let me list some of the resources available:

1) Manjaro Linux wiki

2) Manjaro Linux forum (new) (old)

3) Arch Linux wiki

4) Arch Linux forum

5) Archbang wiki

6) OpenRC AUR packages

7) PKGBUILDs by artoo:

8) Pacman repos for openrc and related stuff, built from above pkgbuilds:

SigLevel = PackageOptional
Server =$repo/$arch

9) (much more up to date than this blog).

Setting Up OpenRC

Step 1)
Add the repos mentioned in the resources section to /etc/pacman.conf

SigLevel = PackageOptional
Server =$repo/$arch

Install the openrc-base package group:

sudo pacman -S openrc-base

This installs the binary init system (sysvinit), and the base OpenRC scripts and configuration.

The sysvinit package conflicts with the systemd-sysvcompat, so it will be necessary to remove it in order to install OpenRC.

The output of the command looks like the following:

$ sudo pacman -S openrc-base
:: There are 10 members in group openrc-base:
:: Repository openrc-eudev
   1) cronie-openrc  2) cryptsetup-openrc  3) dbus-openrc
   4) device-mapper-openrc  5) dhcpcd-openrc  6) glibc-openrc
   7) inetutils-openrc  8) lvm2-openrc  9) mdadm-openrc  10) openrc-core

Enter a selection (default=all): 
resolving dependencies...
looking for inter-conflicts...
:: sysvinit and systemd-sysvcompat are in conflict. Remove systemd-sysvcompat? [y/N] y

Packages (13): cronie-1.4.11-2  systemd-sysvcompat-212-3 [removal]
               sysvinit-2.88-16  cronie-openrc-20141002-1
               cryptsetup-openrc-20141002-1  dbus-openrc-20141002-1
               device-mapper-openrc-20141002-1  dhcpcd-openrc-20141002-1
               glibc-openrc-20141002-1  inetutils-openrc-20141002-1
               lvm2-openrc-20141002-1  mdadm-openrc-20141002-1

Total Download Size:    0.32 MiB
Total Installed Size:   1.24 MiB
Net Upgrade Size:       1.24 MiB

:: Proceed with installation? [Y/n]

On installing openrc-base, OpenRC should boot by default instead of systemd.


If on booting you get an error like “/etc/sysctl.conf not found”, it can be corrected by creating /etc/sysctl.conf with the command sudo touch /etc/sysctl.conf

On shutdown if you get a message like “Warning: /usr/lib/rc/cache is not writable!”, then this directory can be created as sudo mkdir /usr/lib/rc/cache

The boot logs are stored in /var/log/rc.log by default.

Step 2)
Some common services that could be enabled are dbus, which is a system message bus, and cronie, which provides the cron service, by running:

sudo rc-update add dbus default
sudo rc-update add cronie default

For networking dhcpcd is enabled by default via netifrc, for more details have a look here.

dhcpcd worked out of the box on my Arch install in a VM, but on my main laptop I use a Wifi connection, so I installed networkmanager-openrc from the openrc repo.

Nowadays I am using wicd-openrc (available in the repo) as an alternative to networkmanager.

By default, a graphical Display Manager is not enabled; for that one would need to install displaymanager-openrc, configure one’s display manager in /etc/conf.d/xdm, and enable and start the xdm service.

I then installed alsa-utils-openrc for ALSA (audio) support, and acpid-openrc for acpi support.

Note that after installing these packages, the services wont be enabled unless you addded to a runlevel, which is suggested when installing these packages:

installed acpid-openrc (20140527-1)
==> run 'rc-update add acpid default'

(need to be root when doing that)

For example,
sudo rc-update add acpid default

consolekit can be installed to perform root actions like shutting down or restarting system as non-root user from your Desktop Environment.

Consolekit can be installed in the following way:

sudo pacman -S consolekit-openrc polkit-consolekit cgmanager-openrc

The output looks like the following:

$ sudo pacman -S consolekit-openrc polkit-consolekit cgmanager-openrc
resolving dependencies...
looking for inter-conflicts...
:: polkit-consolekit and polkit are in conflict. Remove polkit? [y/N] y

Packages (9): cgmanager-0.37-2  consolekit-1.0.0-3  libnih-1.0.3-2  openrc-core-0.17-2  polkit-0.112-2 [removal]  cgmanager-openrc-20150911-1
              consolekit-openrc-20150911-1  polkit-consolekit-0.113-1

Total Download Size:    0.92 MiB
Total Installed Size:   4.44 MiB
Net Upgrade Size:       2.84 MiB

:: Proceed with installation? [Y/n]

After installing the consolekit service needs to be started and enabled. To enable the consolekit service, sudo rc-update add consolekit can be used.

Consolekit supports multi-user setups, mounting of partitions by unauthorised users, shutting down the system as normal user, etc. See for more details.

To check that consolekit is running and a ck-session was started, the following command can be used:


The output looks like the following:

    unix-user = '1000'
    realname = 'Aaditya Bagga'
    seat = 'Seat1'
    session-type = ''
    active = TRUE
    x11-display = ':0'
    x11-display-device = '/dev/tty7'
    display-device = ''
    remote-host-name = ''
    is-local = TRUE
    on-since = '2014-06-15T13:29:58.652929Z'
    login-session-id = ''

Consolekit sessions are usually started by the display manager when logging in, or via the command line like:

ck-launch-session startxfce4

To get all the desktop related packages in one go (the openrc-desktop package group can be installed as:

sudo pacman -S openrc-desktop

The output of the command looks like the following:

$ sudo pacman -S openrc-desktop
:: There are 9 members in group openrc-desktop:
:: Repository openrc-eudev
   1) acpid-openrc  2) alsa-utils-openrc  3) avahi-openrc  4) consolekit-openrc
   5) cronie-openrc  6) dbus-openrc  7) dhcpcd-openrc  8) displaymanager-openrc
   9) gpm-openrc

Enter a selection (default=all): 
warning: cronie-openrc-20141002-1 is up to date -- reinstalling
warning: dbus-openrc-20141002-1 is up to date -- reinstalling
warning: dhcpcd-openrc-20141002-1 is up to date -- reinstalling
resolving dependencies...
looking for inter-conflicts...
:: polkit-consolekit and polkit are in conflict. Remove polkit? [y/N] y

Packages (14): acpid-2.0.23-1  consolekit-0.4.6-5  js185-1.0.0-2
               polkit-0.112-2 [removal]  polkit-consolekit-0.112-2
               acpid-openrc-20141002-1  alsa-utils-openrc-20141002-1
               avahi-openrc-20141002-1  consolekit-openrc-20141002-1
               cronie-openrc-20141002-1  dbus-openrc-20141002-1
               dhcpcd-openrc-20141002-1  displaymanager-openrc-20141002-1

Total Download Size:    1.96 MiB
Total Installed Size:   10.94 MiB
Net Upgrade Size:       9.31 MiB

:: Proceed with installation? [Y/n] 

The services for the above packages can be enabled after installing. I also installed pm-utils for suspending and hibernating my laptop.

If you were using systemd on a GPT partitioned hard disk, then you may need to enable swap via /etc/fstab. This is so because systemd handled swap automatically on GPT partitions, and gave error if it was mounted via fstab.

Also, systemd used to set a tmpfs by default; to set it manually via /etc/fstab, see

With systemd cron jobs are implemented via systemd timers; for OpenRC a set of cronjobs can be obtained from

Some commonly used services are ssh and cups, to install and enable them have a look here.

Some things that are not working for me are:

  • Partition mounting by clicking on unmounted partition (may work for you if you are in the storage group)
    This was due to my login manager (lxdm) not automatically starting a ck-session. I was advised by artoo to use lightdm as it has runtime detection; using lightdm worked. A patched version of lxdm also works. I have put it in the openrc repo and the AUR as lxdm-consolekit.

My System

Operating System: Manjaro Linux
Desktop Environment: Xfce
Display Manager: lxdm


To boot with systemd instead, when the GRUB menu is encountered while booting, press e to edit, and at the end of the line that starts with linux, add:


Part 2) Going full monty:
Removing systemd and installing eudev

With OpenRC being used as init system, the role of systemd is reduced to that of a udev provider, and for compatibility reasons.

eudev, developed by the Gentoo folks, can be used as replacement. Note that removing systemd could cause incompatibilities with existing software, hence its advertised as being for advanced / minimalistic users.

Step 1) Install eudev and eudev-systemdcompat

sudo pacman -S eudev eudev-systemdcompat

The output looks like the following:

$ sudo pacman -S eudev eudev-systemdcompat
resolving dependencies...
looking for inter-conflicts...
:: eudev and libsystemd are in conflict ( Remove libsystemd? [y/N] y
:: eudev-systemdcompat and systemd are in conflict. Remove systemd? [y/N] y

Packages (5): eudev-1.10-1  libsystemd-212-3 [removal]  systemd-212-3 [removal]

Total Download Size:    0.90 MiB
Total Installed Size:   6.63 MiB
Net Upgrade Size:       -10.64 MiB

:: Proceed with installation? [Y/n] 

After the above step systemd would be uninstalled and replaced by eudev and its counterparts.

Possible issues

I had to rebuild gvfs as my unmounted partitions were not being displayed (seems to have been solved due to using eudev-systemdcompat).

Some packages now use certain systemd components like systemd-tmpfiles and systemd-sysusers while installing, to maintain compatibility the openrc-systemdcompat package from the repo can be installed.

Further Reading
Blog article by x33a (notfoss):

Update 07/08/14
ISOs available, based on Manjaro Linux.

Update 02/10/14
Old pacman repo and instructions and replaced with new repo and new instructions.

Update 26/01/15
I have decided to scale back on the efforts of maintaining the repo mentioned at the beginning of the post, people who want to keep more up to date can consider updating their packages by building from the sources mentioned in the beginning.

Update 07/03/15
New repo setup in association with nous from Arch Linux; it succeeds the earlier repo.

SigLevel = PackageOptional
Server =$repo/$arch

Update 15/02/16
nous has been maintaining the openrc-eudev repo from some time now (


Stop Debian from saving to the hardware clock on shutdown / Prevent Debian from messing up the system time (dualboot with Windows)

I’ve been using Debian for some time now, and faced this problem and could not find a solution myself, neither could I find a clearcut solution on the net.
Well now I’ve found it and would like to share it.

My hardware clock (also known as BIOS clock) is set to local time. I like it to be set to local time, but if anyone wants to set it to Universal Time, I’ll explain about that also.
Linux distributions like Debian and Arch recommend saving the hardware clock to UTC,
while in Windows and most other operating systems its set to local time.
This creates the problem between time settings of Debian/LMDE and Windows/Other OS’

We will use the hwclock command in the command prompt to configure the clock.

First of all check whether the hardware clock is set to local time or UTC using the command-
sudo hwclock -D

This will show you the system time(Operating System time), Hardware clock time and whether hardware clock is set to localtime.
By default in Debian Hardware clock is set to UTC.

Now assuming your system time is correct, write it to the hardware clock and set hardware clock to localtime, use the command-
sudo hwclock -w --localtime

This will set the current system time to hardware clock and configure the hardware clock to localtime.

If your system time is not correct, first of all make sure your time zone is set correctly by using the command-
sudo dpkg-reconfigure tzdata

Now if the system time is correct, goto step1 and set system time to hardware clock

Otherwise to manually set the system time use the date command-
date -s “1 JUL 2013 20:30:00”

To set the hardware clock to localtime directly using date command as-
hwclock --set --date='07/23/13 21:10:00' --localtime

Step 3
I don’t like Debian to save the system time to hardware clock at every shutdown,so to prevent Debian from doing that edit the file /etc/default/hwclock as-
sudo nano /etc/default/hwclock
and change HWCLOCKACCESS to NO
(also make sure that the line is uncommented)

Now at shutdown it will say-“Not Saving the System Clock”

Alternate solution-

1.Set other linux distributions to use Hardware clock time as UTC by
sudo hwclock -w --UTC
to set the hardware clock to UTC

I’ve tried editing /etc/default/rcS and setting UTC=no as posted on many sites but it did not work for me.

2.Configure Windows to use Hardware clock time as UTC

To make MS Windows calculate the time from the hardware clock as UTC. Create a file named WindowsTimeFixUTC.reg with the following contents and then double click on it to merge the contents with the registry:
Windows Registry Editor Version 5.00



Furthur Reading