maggicl - Atelier INF

How to rickroll people that try to run "rm -rf" on your system

Jul 28, 2016 -- Claudio Maggioni

WARNING: The method showed here could not prevent the actual execution of "rm -rf" if the "UNIX vandal" is clever enough. Proceed at your own risk, and make backups!

I like Rick Astley late 80's songs, and you can see them here in my Spotify:

My Spotify with a bunch of Rick Astley songs
My Spotify with a bunch of Rick Astley songs

I like rickrolling people too, especially if they are trying to delete my entire /home directory or, even worse, /. Since I learned how to use the alias built-in, I wanted a way to prevent that random people tinkering with my laptop (that I may forgot to lock) could delete potentially important stuff, just for fun or boredom.

The method that I will show will lock any rm command runned in both recursive and force mode, so rm -rf, rm -f -r and rm -r --force are all blocked, even if they are runned with sudo. I am going to alias the rm command in /etc/profile, /etc/bash.bashrc and in /etc/zsh/zshrc (I am a zsh user) so that the rickroll will be possible from all users, even root and the ones with a brand new .bashrc or .zshrc. Here is the code I appended to those files:

Alias code to use to activate rmAlias
alias rm=/bin/rmAlias
alias sudo='sudo '
# this enables aliases in sudo, see
# http://askubuntu.com/questions/22037

Since alias is not able to control the flags of the aliases (see here, we are going to redirect each call of rm to /bin/rmAlias, that would run the command if it is safe. I did not use a function because it is a bit tricky to make that work with sudo. So, let's see the code I put in rmAlias:

Code for rmAlias
#! /bin/bash
# Rickroll whoever tries to desert this system, even root.
# To achieve this, set the appropriate aliases even in
# /etc/profile and similars.

# Video played when rickrolling
ROLLVIDEO=/opt/anti-rm/serious-video.mkv
# it's just Never Gonna Give You Up on my system, but
# feel free to customize this!

rickroll(){
  echo "Never gonna desert this system..."
  xdg-open $ROLLVIDEO 2>&1 &
  exit 0
}

while getopts ":rf-" opt; do
  # Prevent '--force' to be detected as -r and -f
  if [ "$opt" = "-" ]; then
    OPTIND=$OPTIND+1
    continue
  fi
  if [ "$opt" = "r" ] || [ "$opt" = "f" ]; then
    if [ "$tmp" = "" ]; then
      tmp=$opt
      continue
    elif [ "$tmp" != "$opt" ]; then
      rickroll
    fi
  fi
done

for var in "$@"
do
  if [[ "$var" = "--force" && "$tmp" = "r" ]]; then
    rickroll
  fi
done

# If it's safe, just run rm
/bin/rm "$@"
exit $?

It may look messy to a UNIX guy more experienced than me, but it works. The getopts built-in sees if both the -r and the -f flags are used and, if so, it starts rickroll(), which opens with xdg-open that amazing clip from RickAstleyVEVO. From line 30 and below, the script checks if the --force flag is used instead of -f.

Let's give execution permissions to the script we have just created:

Giving execution permissions of rmAlias
# chmod +x /bin/rmAlias

Restart your shell, and enjoy. If you want to test safely, I suggest trying to run rm -rf with no folders or a nonexistant one, since this script stops even these commands.

If you want even more security, you can rename this script to /bin/rm and move the original one in some other place, getting rid of all the aliases. I prefer the solution above because it's tidier: you haven't to move anything. In fact, this could be just an AUR package...

Installing Gentoo on a Lenovo ThinkPad X60s

Jul 12, 2016 -- Claudio Maggioni

Currently, my only laptop is a IBM/Lenovo ThinkPad X60s, a top line ultrabook from 2006 that features:

  • An Intel Core Duo L2400 dual core 32 bit CPU, clocked at 1.66 Ghz;
  • 2GB of RAM;
  • 60GB of SATA1 hard drive;
  • Wifi, Bluetooth, trackpoint mouse only, 56k modem, and a decent set of I/0 ports (including a CardBus slot!).
The X60s
An image of the ThinkPad X60s Another image of the ThinkPad X60s

This machine had an installation on Arch Linux, and I was using it for school stuff. It runned smoothly KDE5, Atom (great editor, I am using it to write this article), and it was usable even with PhpStorm. Pretty impressive for such an old thing, right?

Since now I don't need this laptop every day I decided to give a try at Gentoo, another rolling relase, DIY install distro. This was both a test of my skills, my patience and the performances of the machine. For those of you that don't know, Gentoo hasn't binary packages: imagine using Arch with just a developer mantained AUR.

I followed the installation guide without any problem until I had to emerge and install 309 packets from my @world set: it took 15 hours! The compilation of cmake crashed because of memory starvation, and so I had to use a spare USB stick as swap (the root file system was not resizable as it was JFS). After some research and a couple of seconds in top I discovered that PAE was not implemented in the install disk kernel. TIP: if you want to use a nicer install enviroment, use the Arch ISO. With Gentoo, the initialisation of the file system is made with a stage 3 tarball and not by tools like pacstrap.

I had another problem with make menuconfig, the tool used to specify what features add or remove in your compiled from source Linux kernel. The ncurses menu showed me 64bit options, even if the install disk and the CPU were both 32 bit. If you have this issue too, you can set the ARCH variable by your own:

Compiling the kernel
# make ARCH=i386 menuconfig
# make ARCH=i386
# make ARCH=i386 install

At the end, I made it! I only have a base install, but i can show you screenfetch:

The laptop running screenfetch
The laptop running 'screenfetch'

I have not installed Gentoo in dual boot because I did not figure out how to switch my bluetooth dongle in HID mode yet, so I can't select the OS with rEFInd. Hope this rambling was, if not useful, at least entertaining!

Get a Bluetooth keyboard work with Arch Linux

Jul 7, 2016 -- Claudio Maggioni

I've recently got a Rapoo E6100. This is a minimal and space saving Bluetooth 3.0 keyboard. If you pair it with Windows 10, it will remain paired after reboot, giving the possibility to use it since the login screen. After installing the Bluetooth stack on my Arch via the bluez and bluez-utils packages I thought the pairing process would be as simple as Windows if I used the KDE GUI menus for Bluetooth management. That's not true. The keyboard, once paired, will reconnect automatically just after plasmashell loaded, leaving me without keyboard during the SDDM login screen and, of course, during a non-graphical session.

As usual, i've searched help in the ArchWiki, founding this article. With that, i've succesfully reconnected my Bluetooth keyboard using the bluetoothctl utility. The next step was configuring the service for auto connection during boot. I've created the btkbd.conf and the btkbd.service files, enabling the last one with systemd. Let's give a look to the service file:

The btkbd.service file
[Unit]
Description=systemd Unit to automatically start a \
  Bluetooth keyboard
Documentation=archwiki: Bluetooth_Keyboard
Requires=dbus-org.bluez.service
After=dbus-org.bluez.service
ConditionPathExists=/etc/btkbd.conf
ConditionPathExists=/usr/bin/hcitool
ConditionPathExists=/usr/bin/hciconfig

[Service]
Type=oneshot
EnvironmentFile=/etc/btkbd.conf
ExecStart=/usr/bin/hciconfig ${HCIDEVICE} up
# ignore errors on connect, spurious problems with bt?
# so start next command with -
ExecStart=-/usr/bin/hcitool cc ${BTKBDMAC}

[Install]
WantedBy=multi-user.target

Line 13 enables the Bluetooth dongle, and line 16 connects it to the keyboard we gave the mac address in /etc/btkbd.conf. This should work flawlessly, right? Of course it doesn't. The service starts before the dbus-org.bluez.service is loaded and fails. However, if the service is started manually after login the Bluetooth keyboard works. After hours of trying figuring out what was wrong I've almost asked for a return on Amazon! The last attempt I made was with sddm disabled and involved built from scratch service:

My service file
[Unit]
Description=auto connect a Bluetooth keyboard

[Service]
Type=oneshot
ExecStart=/bin/hciconfig hci0 up
ExecStart=/bin/hcitool cc 00:11:22:33:44:55

[Install]
WantedBy=bluetooth.target

This incredibly worked. I think the problem was that multi-user.target that needs to be reached earlier than bluetooth.target. I got rid of all the tidiness of the ArchWiki solution just to be sure that was not the problem, but I think you can use all of that just correcting WantedBy=. Currently I haven't an ArchWiki account nor a forum one, but as soon as I'll register I'll correct the article.

Last thing: I discovered that my Bluetooth dongle is CSR 8510 A10 based so expect some ramblings about hid proxy.