Firewalld breaks libvirt networking on Ubuntu 18.10

After upgrading to Kubuntu 18.10, my virtual machine was no longer able to connect to the Internet. It turned out that this problem had already been reported on Fedora:

Once I changed the firewalld configuration (etc/firewalld/firewalld.conf) to use the iptables backend as suggested in that bug report, the virtual machine could connect to the Internet again.

Power Button on Debian Wheezy with Gnome

I upgraded a desktop machine from Debian Squeeze to Debian Wheezy. After the upgrade, the power button was mapped to a suspend action, instead of a shutdown as in Debian Squeeze.

In order to map the power button to a shutdown action, I had to do the following;
1) Set org.gnome.settings-daemon.plugins.power to 'nothing' by means of dconf (for all users)
2) Add a new section [org.gnome.settings-daemon.plugins.power] with the line button-power='nothing' to /etc/gdm3/greeter.gsettings

Intermittend loss of Wireless on Crunchbang Waldorf

I’ve installed Crunchbang Waldorf on two old laptops; none of them support PAE, and the Crunchbang distribution offered a kernel that didn’t require PAE.

However, both lost the wireless connection every now and then. I noticed a timeout related to IPv6 configuration in syslog (“IP6 addrconf timed out or failed”) and therefore proceeded to disabled IPv6 for the wireless connection in the NetworkManager settings (GUI).

This solved the problem on one of the laptops, but the other laptop was still loosing the wireless connection every now and then (although a lot less frequently).

The syslog showed that the rt2500pci driver had problems transitioning to a requested state (“phy0 -> rt2500pci_set_device_state: Error – Device failed to enter state 1 (-16)”) and subsequently had no more tx buffer space (“phy0 -> rt2x00queue_write_txt_frame: Error – Dropping frame due to full tx queue 0”). I google’d this a bit and found that my hardware was having problems with power management.

The resolution was to disable power management on the wireless interface by means of a NetworkManager script /etc/NetworkManager/dispatcher.d/02-wlan-powersave-off as proposed at

Sandboxed browser on Kubuntu 13.10

I consider it good practice to make your Internet browser run in a sandbox and do whatever possible to make the fences around the sandbox as tight as possible.

Here is an example on how to do this on Kubuntu 13.10. In this example, the Firefox browser will be made to run in sandbox consisting of a virtual machine and AppArmor (based on QEMU/KVM):


sudo aptitude install qemu-kvm libvirt-bin bridge-utils virt-manager spice-client


  1. Download an ISO image of a Linux Distribution (say, Peppermint OS, for example).
  2. Start virt-manager to configure your VM (let’s call it sandboxedbrowser) and install the just downloaded image.
    • Make sure to use spice as display, QXL as video card, kvm64 or kvm32 as CPU model, and AC97 as sound card.
  3. Once installed, run (assuming a Ubuntu derived distribution)
    sudo aptitude install spice-vdagent
    on the guest.
  4. Add /usr/share/X11/xorg.conf.d/09-qxl.conf (assuming an Ubuntu derived guest OS) with the following contents:
    Section "Device"
    Identifier "QXL video"
    Driver "qxl"
    Option "EnableSurfaces" "0"
  5. Shutdown the guest
  6. On the host, modify the bottom of /etc/init/libvert-bin.conf to contain the line “export QEMU_AUDIO_DRV=spice” right before the libvirtd is started. That is, something like the following:
    [ -r /etc/default/libvirt-bin ] && . /etc/default/libvirt-bin
    export QEMU_AUDIO_DRV=spice
    exec /usr/sbin/libvirtd $libvirtd_opts
    end script
  7. Quit virt-manager
  8. restart libvirt:
    sudo /etc/init.d/libvirt-bin restart
  9. Restart the guest OS and use spicec to get access to display, sound, and clipboard of the guest:
    virsh start sandboxedbrowser
    spicec -h -h 5900

The QXL driver seems to be having resource management problems. If you don’t manually modify the Xorg configuration, you’ll eventually have Xorg.0.log filled up with “Out of surface” statements, and the desktop of the guest OS will become very slow and sometimes unresponsive. Step 4 above fixes this.

Step 3 ensures clipboard integration between guest and host. It also improves mouse integration and ensures that the X-session resolution automatically adjusts to the client display resolution. If you’re very paraniod (perhaps worried about accidental leakage of your host clipboard contents), you may want to disable the spice-vdagent (either don’t install it or stop it after booting up the guest).

On a Ubuntu derived guest OS, you may optionally want to enable the Firefox AppArmor profile on the guest (if you’re using Firefox as a browser). The default profile is not very restrictive, however, but it’s better than nothing. I’ve been thinking about writing a more restrictive AppArmor profile for Firefox, but have not been able to get this done, yet.

Sound Lost on Carbon X1 with Kubuntu 13.10

Something is changing the sound settings automatically and sound may all of a sudden no longer be audible. This seems to happen more frequently when a monitor is connected to HDMI/DisplayPort.

I’m still not sure how to reproduce this problem exactly, and I’m also not sure how to make a workaround that will fix the problem every time it occurs. So far, however, it seems that the following may resolve the problem (temporarily):

$ pulseaudio -k
$ rm -rf .config/pulse
$ rm .cache/event-sound-cache.tdb.*
$ pulseaudio --start --log-target=syslog

Then open “Audio and Video Settings – KDE Control Center” and check the settings to make sure you use the following Audio Hardware Setup:

  • Sound card: Built-in Audio
  • Profile: Analog Stereo Duplex
  • Sound Device: Playback (Built-in Audio Analog Stereo)
  • Connector: Speakers

Hopefully, “PulseAudio Server” is now listed under “Device Preference”. Test:

  • Use the test buttons in the KDE Control Center.
  • paplay /usr/share/sounds/alsa/Front_Center.wav

I will have to do a bit more investigation before I can make a bug report that describes a 100% reproducible problem.

Initial installation of Kubuntu 13.10 on Lenovo Carbon X1

Installation went smooth.

USB Ethernet Adapter (Lenovo Model U2L100P-Y1) works out of the box.
WebCam is working.
Buttons for screen brightness working.
Keyboard backlight working.
Media buttons (Speak mute, play/pause, volumen up/down, next, previous) working.

MIC Mute button is not working. This is because KDE 4.11.3 is built on top of Qt 4.8.3 and the XF86AudioMicMute key symbol is only handled in Qt 5.

The fingerprint reader works almost out of the box:
I installed fprintd libpam-fprintd fprint-demo and used fprint_demo to enroll fingerprints. Sadly, an old unresolved KDE bug report is still blocking the final integration with KDE:

After I connected a monitor via HDMI (1920×1080), the mouse cursor all of a sudden started to become very large on the laptop screen. I disabled resolution dependent cursor in System Settings, but then all fonts changed. The loss of default font configuration is a known problem in KDE, which has not been resolved, yet, unfortunately.

I installed firewalld and firewall-applet. I’ve been using ufw earlier on, but firewalld seems attractive due its concept of zones, which integrate well with the NetworkManger. However, as far as I can tell, firewalld doesn’t block unwanted outgoing traffic by default, but this is something I can probably add late by means of firewalld’s “rich rules”.

3G on Carbon X1 with Kubuntu 13.10

IP configuration on the wwan0 interface failed on my Lenovo Carbon X1 with Kubuntu 13.10 (3.11.0-15-generic). The problem seemed to be a due to a kernel change;

I followed the proposal made at the end of the bug report; add
options cdc_ncm prefer_mbim=N
and reboot.

That solved the problem!

And while I was at it, I also added

No reason to have avahi running on an interface towards the Internet.

Concatenation of MP4 videos using MP4Box

I’ve come across several posts on the Net that states that concatenation of MP4 files by means of MP4Box (from gpac) will make VLC play two videos concurrently instead of playing the videos in sequence.

I had the same problem, but once I had all the source MP4 videos generated with the exact same audio and video encoding parameters (that meant adding audio to the MP4 videos that did not have audio) things worked out fine.

Actually, I thought I had used the same parameters for all my MP4 files, but during the conversion from an AVCHD video to an MP4 by means of ffmpeg, the frame rate somehow went from 25 fps to 26.09 fps (you can check this using ffmpeg -i somevideo.mp4 on all your MP4 videos). Once I added “-r 25” as the last option to ffmpeg, the issue was resolved.

My experience with .NET Compact Framework

I’ve recently been working with the .NET Compact Framework 3.5 on Windows CE 6.0 for a customer of mine. The .NET Compact Framework is frequently referred to as a sub-set of the full .NET framework. In reality, there are more differences, however.

Overall, the Compact Framework seems to have been crafted with one single strategy; reduced code-/ram-consumption. The garbage collector is therefore working differently. The JIT compiler may also have to compile the same code multiple times because the result of earlier compilations may have been thrown away by the garbage collector. Also, no virtual tables are used. Virtual calls are based on a search-algorithm. Many other differences are documented in Microsoft slide show with the title “MED 301 Developing High Performance Applications with .NET Compact Framework”.

The effect is that many constructs that are acceptable in terms of performance in the full .NET are less optimal in Compact Framework. A virtual method call, for example, has a significantly higher cost (roughly a factor of 1.4) in execution time than a non-virtual call. Of course, it is not a big surprise that a virtual call has a higher cost than a non-virtual call; that’s already known from C++ and also applies to the full .NET framework. The cost is, however, higher in the compact framework.

I helped create a teaser on this while we were working on the project. It’s in danish, I’m afraid, but the solution comes with some interesting measurements that are worth looking at.

Microsoft may well be right that embedded systems typically have less memory than desktops and servers and one therefore needs to be more cautious when coding for embedded systems. But many embedded systems also have significantly less CPU power and are often powered by a battery. So the CPU cycles also matter. And as of this writing, there are no tools available to compile a .NET Compact Framework application to native code for a Windows CE 6.0 device (again, Microsoft’s argument is that the resulting code takes up more space).

If we disregard usability issues, application speed perhaps matters the least in UI-applications. Perhaps Microsoft intended to target their compact framework entirely for UI-applications?

But then, as the range of UI controls, properties, and methods available in the compact framework are far less than those in the full framework, you can only make the most simple UI’s in the compact framework, unless you write your own replacement for Windows.Forms (see e.g. Creating a Compelling UI for Windows Mobile and the Microsoft .NET Compact Framework or Building Graphically Advanced Applications with the .NET Compact Framework 3.5) – and that’s not a small amount of work.

This all makes porting of an application from the full .NET framework to the compact framework non-trivial. Personally, I also feel that the closed-source nature of the .NET framework makes it more difficult to write optimal code.

Add to this that you need both a license for Visual Studio 2005 (to build Windows CE 6.0) and Visual Studio 2008/2010 (to build the .NET application).

All-in-all, my conclusion is; think twice before you embark on the .NET Compact Framework.