Posts on Linux

How to improve Signal Desktop's usability under Firejail


Posted by Diego Assencio on 2020.08.19 under Linux (Security)

If you use Firejail to run Signal Desktop in a sandboxed environment on Linux, you will likely be surprised by the fact that a new application instance is opened every time you execute the firejail signal-desktop command. Attempting to open a second instance of Signal Deskop should simply cause the existing one to be activated instead, but Firejail breaks this default behavior.

On top of that, if you use the --use-tray-icon parameter to have Signal Desktop place an icon on your desktop environment's icon tray, the icon may not only be displayed incorrectly, but each new opened instance will place an additional (incorrect) icon there as well, making things even worse.

Addressing these issues is fortunately easy. All you need to do is create a Firejail profile file named signal-desktop.profile inside the ~/.config/firejail/ directory containing the following:

ignore private-tmp
include /etc/firejail/signal-desktop.profile

Whenever you run Signal Desktop with Firejail, this profile will be automatically loaded to define the sandboxed environment in which the application will be executed.

The second line on the file instructs Firejail to load its default profile for the Signal Desktop application. This is necessary because Firejail will not do that automatically whenever it detects a user-provided profile file (which is our case). In order to load the default security settings for Signal Desktop, we therefore need to have them explicitly added to our profile.

Within Firejail's default profile for Signal Deskop, there is a directive (private-tmp) which instructs Firejail to present an empty temporary filesystem on top of the /tmp directory to the application. Within that temporary filesystem, all files stored in the system's /tmp directory are not present except for perhaps X11 and PulseAudio sockets which need to be whitelisted for Signal Desktop to run properly. This increases the system's security by preventing a running instance of Signal Desktop from accessing files which other processes store at /tmp , but since Signal Desktop itself stores data at that location to indicate that an instance is currently running, its ability to prevent multiple concurrent instances is lost as a side effect of this security setting. The ignore private-tmp directive tells Firejail to present the system's actual /tmp directory to Signal Desktop instead of a temporary filesystem mounted over it, thereby addressing the problem (but at the cost of a lower system security level, of course). As a bonus, the tray icon issues are resolved as well.

Comments (3) Direct link

How to fix broken MathJax fonts on Linux


Posted by Diego Assencio on 2017.08.09 under Linux (General)

If you are using Linux and your MathJax fonts look ugly, and if you are certain that MathJax is correctly configured on the webpage you are accessing (e.g. by checking that things look fine on another device or browser), then your browser is probably selecting STIX fonts which are installed on your system instead of the ones offered by MathJax. The simplest way to solve this problem is by removing these STIX fonts. On Ubuntu/Debian, this can be done with the following command:

sudo apt remove fonts-stix

You can now see if this was the root cause of the problem by reloading the affected webpage with Ctrl+F5 (this will force your browser to bypass its cache).

Comments (0) Direct link

Separating iPhone photos and videos by date on Linux


Posted by Diego Assencio on 2016.11.25 under Linux (General)

Unfortunately, iPhones (and iPads) do not offer the possibility of automatically grouping photos and videos by date on separate directories. If you prefer organizing your photos and videos that way, you can transfer them to your computer and then run the script below at the directory to which there were transferred; it will automatically determine the dates at which your photos and videos were created and place them in directories with names in the format YYYY-MM-DD (e.g. all photos and videos created on the 15th of January of 2016 will be placed under the directory 2016-01-15).

Before you can run the script, you need to install the mediainfo and exiv2 packages. For that, open a terminal and run:

sudo apt-get install exiv2 mediainfo

The script below can also be downloaded directly by clicking here.

#!/bin/bash

# make the script work even if the photos/videos have been renamed
IFS=$'\n'

# process the photos first
for file in $(ls *.JPG 2>/dev/null)
do
    # determine the date at which the photo was taken
    date=$(exiv2 $file 2>/dev/null | \
           grep timestamp | \
           cut -d ' ' -f 4 | \
           sed 's/:/-/g')

    if [ ! -z "$date" ]
    then
        mkdir -p $date
        mv $file $date
    else
        echo "Ignoring photo '$file' (no valid date found)"
    fi
done

# now process the videos
for file in $(ls *.MOV 2>/dev/null)
do
    # determine the date at which the video was recorded
    date=$(mediainfo --fullscan $file 2>/dev/null | \
           grep com.apple.quicktime.creationdate | \
           grep -Eo '[0-9]{4}-[0-9]{2}-[0-9]{2}')

    if [ ! -z "$date" ]
    then
        mkdir -p $date
        mv $file $date
    else
        echo "Ignoring video '$file' (no valid date found)"
    fi
done
Comments (0) Direct link