Skip to content

How to hide processes from other users in Linux’s “top”

A few months ago, I had to set up a server where a bunch of people would need to connect to directly access a MariaDB SQL database, with also an SSH access for tunneling. A few users would also use that server for other purposes, and I didn’t want everyone to view everyone else’s processes, which to my surprise was possible by default (if any user runs top, they can see everyone’s running processes :s).

Starting with Linux kernel version 3.2, a setting was (finally) added to prevent unprivileged users from seeing each others’ processes. Basically, you need to set the hidepid option to 2 for the /proc filesystem:

nano /etc/fstab
– Find the line starting with “proc”
– Add hidepid=2 to the options

For instance, the line:

proc            /proc   proc    defaults      0       0


proc            /proc   proc    defaults,hidepid=2      0       0

Then don’t forget to save and restart

Note that sometimes the proc line can be missing (I have this case on a VPS), I’m not sure what should be done then… Maybe adding the proc line as quoted above would work (?)

Posted in Linux, servers.

How to disable the Ctrl+Shift keyboard layout switch shortcut in Windows 10

Whoever created this shortcut must probably never play games. That default key combination for switching keyboard layout is so easy to hit by accident, when many, many games will use Shift as the run key and Ctrl as the crouch key.

Anyhow, it can be disabled (or changed, with limited options available though), even though it’s pretty tedious to find. Here’s the screenshot with most of the steps (I just skipped the first one):
Configuring the keyboard switching shortcut in Windows 10

  1. Open Region & Language settings (can be obtained directly by typing that into the Start Menu)
  2. Click “Additional date, time, & regional settings”
  3. Click “Language”
  4. Click “Advanced Settings”
  5. Click “Change language bar hot keys”
  6. Switch to the “Advanced Key Settings” tab
  7. Select “Between input languages” (that should be already selected, though, I think) and click “Change Key Sequence…”
  8. Yay! You’ve arrived! Enjoy 🙂 Note that you can set a shortcut both for switching input language and keyboard layout. I disabled the first and changed the second to something I hope I’ll accidentally hit less often. It’s a pity we can’t fully customize this and must instead choose from only 3 options (or disable)

Posted in Windows 10.

I upgraded to Firefox 57, and it wasn’t so horrible after all

When Firefox 57 “Quantum” (please, please, get rid of that ludicrous name in the near future) was released, I didn’t want to update at first, because so many of my beloved add-ons got destroyed by the move to WebExtensions. Namely, APK Downloader, Cookie Manager+, RefControl, Small Tabs, Tamper Data (and Tamper Data Icon Redux – funny how those 2 never merged), and YesScript. And the speed of Fx 56 wasn’t that bad IMO, particularly on Windows 10. On Windows 7, it was indeed a bit slow at times, but I’m not sure if my weaker config is to blame for this.

There was, however, the concern over security updates. Which is why I started looking at forks, mostly Waterfox, a somewhat long standing project which started in 2011 as a 64 bits build and apparently evolved into a lot more over time, and Basilisk, a new fork brought to us by the same team as Pale Moon just to escape the WebExtensions hell (just like Pale Moon itself was mostly about escaping the UI massacre that happened when Fx decided to copycat Chrome some years ago). Those 2 seemed quite satisfying, so I pretty much intended to stay on Fx 56 and then migrate to either, when security issues would require it.

But there was another problem: more and more sites started to become really unusable on Fx 56. It was so horrible that I would joke some frameworks like Angular got sabotaged in the purpose of making Fx look bad. Sites like Slack, Gmail, AWS (no, I don’t use those personally but I regrettably have to use them at work) would work (badly) for a few minutes, then totally freeze. Or freeze right away. In the end, the choice was either to upgrade to Fx 57, or to use all of those in Vivaldi.

So I started looking for alternatives to my extensions. And I did find a few interesting ones:
– RefControl got replaced by Smart Referer. It’s not exactly the same, notably its default behavior is to send referrers only when staying on the same domain. Which is nice, because it avoids most of the trouble I used to get when forging all my refers with RefControl
– YesScript got replaced by YesScript2. Again it’s not exactly the same, but this time it’s worse: it toggles between non blocking, “half” blocking, and blocking. Half blocking means it will block all external scripts. I guess this is intended against trackers and ads, but since it’s off by default (needs to be enabled per site) it’s not quite efficient against tracking, and for ads (and trackers too) there are way better dedicated add-ons like uBlock and Ghostery. And it sends “full” blocking a click farther away. Still, I didn’t use YesScript that often, so that’s good enough
– NoScript, which I stopped using a while ago in my main profile, is, according to hearsay, having issues in Fx 57. But ScriptSafe, which I’ve been using for a while in Vivaldi, has now come to Firefox 🙂 It also features great functions against tracking and fingerprinting, so I added it to my setup. With scripts enabled
FoxyProxy got fully rewritten, and a lot of users seem unhappy about it. I, however, like the new version, as I find it a lot less messy than the previous one (I suppose having lost a bunch of unimportant features helped ^^). Sure, it’s a bit ugly, but that not the kind of concern people juggling with proxies usually have.

Sadly, I couldn’t find replacements for quite a few:
– APK Downloader is gone :/ But I tested it in Fx 56 and it seemed broken already, so I guess I can’t really count it as a loss caused by Quantum…
– Cookie Manage+ and Tamper Data (and Tamper Data Icon Redux) are gone too. There are ways to accomplish kind of similar things (the developer tools, other weaker cookie management add-ons…), but it really sucks not being able to mess around with the cookies without any limits, or to easily intercept and modify live POST or GET requests on the fly

Last but not least, a special mention for Small Tabs. It made the UI quite more compact and I found no replacement for it either. However, Fx 57 introduced a “Density” setting, which you’ll find at the bottom of your screen in “Customize” mode. It features a “Compact” mode which, while not as compact as Small Tabs, saves pretty much enough space for most of my needs.

Well that covers it, my other extensions uBlock, Ghostery and HTTPS Everywhere were ready for the migration quite some time before the Firefox 57 release, so overall the move wasn’t as catastrophic as I expected. On sites that were not obviously broken, the speed gain from Firefox 57 wasn’t very obvious at first, but after using it for a bit more than a week, it really feels a lot more responsive globally (and notably on Windows 7).
I don’t see any valid reason for sticking to Chrome now that Firefox copied their GUI and their speed, except if you have some irresistible compulsion to keep giving always more power to Big Brother Google… The future of the World is in your hands 👀

Posted in Firefox, Internet.

Configuring the Grub2 boot loader

I had to use Linux for work the last few days, and my previous installation was completely outdated so I reinstalled from scratch, switching distribution in the process (from OpenSUSE to Kubuntu).
Part of the fun in installing Linux on a computer where I still want to mainly use Windows is configuring the bootloader. Apparently, it’s 2017 yet it still has to be done 100% via manually editing configuration files.

The file you want to edit is /etc/default/grub, so:

sudo nano /etc/default/grub

Then the interesting things to change are among those lines:
GRUB_DEFAULT=4 : boot the 5th item in the list (numbering starts at 0, so 5th item is 4, not 5)
GRUB_DEFAULT="Windows 7 (loader)" : boot the item named “Windows 7 (loader)”. NB: for me, for some reason it didn’t work
GRUB_DEFAULT=saved : boot the last operating system you chose (requires to also set GRUB_SAVEDEFAULT=true). NB: for me, the saving failed for some reason so it always loaded the first item :/
GRUB_CMDLINE_LINUX_DEFAULT="" : show console log output when starting up, instead of the static splashscreen (which is the default "quiet splash") (link

After you’ve saved your modifications, you have to run sudo update-grub to apply them, as /etc/default/grub isn’t directly used by Grub but it used to automatically generate Grub’s configuration files (which is /boot/grub/grub.cfg and shouldn’t be manually modified)

More details there:

Bonus 1 my /etc/default/grub file

#GRUB_DEFAULT="Windows 7 (on /dev/sdb1)"
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`

Bonus 2: if you happen to have damaged RAM, you can use Grub to enable BadRAM filtering. Not sure how this works exactly, but the setting is called GRUB_BADRAM

Bonus 3: since you’re here, I assume you’re dual booting. Maybe you’re having an issue with Windows and Linux both messing up your system date. Long story short, run "timedatectl set-local-rtc 1" to make Linux store local time instead of UTC in the hardware clock (well at least that’s how it is for Ubuntu). More details:

Posted in Linux.

Node.js / npm mini cheatsheet

Just some really basic commands, but paradoxically they’re not always obvious to find so hopefully they’ll help some newcomers

Running a script with Node.js:
node myscript.js

Initializing a Node app/package:
Move to the target folder (where you want to place your code) and npm init

Installing dependencies (listed in package.json) for the current package:
npm install

Updating dependencies:
1) Quick and dirty: edit package.json and replace version numbers for the dependencies you want to update with "*", then run
npm install --save, or npm install --save-dev for the devDependencies
2) Normal way: for each package, one by one, run:
npm install package-name --save (or --save-dev)
It happened to me in the past that dependencies wouldn’t update when I ran that, in which case you can try to change their version number as described in 1), only one by one, and you could also try deleting your package-lock.json file
3) npm update is also supposed to update dependencies, in the same way as 1) I remember it failing more often than succeeding, but last time I tried it worked nicely

Removing some dependencies:
Remove their entries from package.json, then run npm prune

Updating global librairies/packages:
npm update -g

Removing a global package:
npm uninstall -g [package name]


Posted in JavaScript / TypeScript / Node.js.

How to download an old version of a freesite on Freenet

I just dug up that 2+ year old draft so this will be short.
Freenet-hosted websites (“freesites”) are usually advertised via a “USK@…” URI, which allows you to fetch the latest version automatically. But when a freesite is updated, actually the old one remains in the system (at least, as long as it hasn’t decayed yet). It’s possible to access any old revision (again, as long as it hasn’t been flushed) via a simple URL manipulation:

For instance, the current version of FMS is accessible via this key:

And a specific old version would be accessed via this key:

The starting “USK” is replaced by “SSK”, and the end of the URI changes from [sitename]/[version]/ to [sitename]-[version]/

This used to be explained on the Freenet wiki there, but apparently this page was removed in the migration :/

Posted in software.

Windows duplicates (and keeps) your installers (and NVIDIA does it too)

Today, I decided to do some computer cleaning, and I thought I’d search and destroy some large-ish duplicate files. Since I had forgotten what was my usual duplicate finding software, I found that old one called simply “Duplicate Files Finder“, which is open source and still working nicely and at least doesn’t weigh a ton like most modern software does.

Windows hoards your installers

I found no less than 28 GB of duplicate files. Notably, I had a whole Windows partition backup, from when I had a disaster and made a full partition dump before reinstalling, which caused the duplicate finder to search through what would have normally been hidden/system folders (by default, the software doesn’t look into those). And it found a bunch of duplicated installers in 2 Windows folders:
C:\Program Files (x86)\InstallShield Installation Information

Apparently, Windows keeps installers (or a portion of them) there for uninstallation purposes. I guess that would be okay if all developers prepared just a small uninstaller for that purpose, but sadly quite a few of them are lazy and will just dump the whole freaking installer in there. Way to optimize space use… 😡
You can delete those if you want to reclaim the space, however you’ll then need the installer whenever you want to uninstall the concerned programs. So I’d recommend only deleting the really big ones, if any and if you think you won’t miss the easy uninstall option: in my case, the total contents of both folders were around 2.5 GB, with one installer taking up about 1 GB, so I only deleted that one.

Comodo and NVIDIA do a similar mess too

Comodo Firewall keeps its installer in C:\ProgramData\Comodo\Installer. But the very same installer is also kept in C:\Windows\Installer. Not sure how safe it is to delete one or the other (vis-à-vis the updates), so I kept both because it’s not too huge. At least, unlike NVIDIA, they don’t keep the whole freaking history!

You read right, I also found that NVIDIA keeps all its drivers installers (not just the last one) in C:\Program Files\NVIDIA Corporation\Installer2. And at the same time, Windows keeps them in C:\Windows\System32\DriverStore\FileRepository (folders named nvcvi.inf*). And this time it’s pretty huge: 2.5 GB in each folder. Yet, luckily, I skipped many driver updates: I assume someone who updates every time will get at least 10 wasted GB per year (probably a bunch more), unless maybe older versions start getting discarded after a certain quantity is reached.
Don’t get me wrong, I believe it makes sense to keep the previous installer, in case an update goes South (although it’s very easy to either keep the installer yourself, or just get it back from NVIDIA’s website). However, I see no point in keeping a lengthy history. So hurray, about 4 GB reclaimed, and on my system partition, too (which happens to be my smallest).
The ones in C:\Windows\System32\DriverStore\FileRepository can be a bit tricky to delete, but DriverStore Explorer, ran as administrator, should do the trick.

More to be found?

I only mentioned my main findings here, because the detailed list isn’t that relevant: it will depend on your setup, so my advice would be to run Duplicate Files Finder (or a similar program) yourself, making sure you configure it to search through all folders (meaning hidden and system folders too).

Of course, the usual common sense applies: investigate and think before you delete stuff. That means don’t delete stuff directly from the software, but do go have a look in the detected files’ folders first. And don’t delete stuff you’re not sure you can delete.
Also a tip: set a minimal file size to at least a few bytes: you most likely don’t want to bother with the super tiny files, and it will make the scan faster. From my first scan, I feel 50KB sounds a nice limit (NB: Duplicate Files Finder takes an input in bytes, so 50000)

Other various things I found this way (non-exhaustive list, just the biggest ones):

  • Kaspersky does the same thing as Comodo (keeps its installer in C:\ProgramData\Kaspersky Lab Setup Files but it’s also in C:\Windows\Installer
  • Intel Thunderbolt drivers: C:\Program Files (x86)\Intel\Thunderbolt Software\Drivers and C:\Windows\Installer
  • VeraCrypt: just keeps its whole installer in C:\Program Files\VeraCrypt (it’s not duplicated in C:\Windows\Installer but it’s still ridiculous)
  • Some utility specific to my laptop brand kept a copy of the .NET Framework installer for himself in C:\Program Files (x86)\Hotkey
  • Comodo again: it seems that I was wrong, they keep some kind of history, only in one place. It also has an alias, which is why my duplicate finder picked it up: C:\ProgramData\Comodo\CisDumps and C:\Users\All Users\Comodo\CisDumps

All in all, NVIDIA takes the cake by far though. If you want to play it lazy, that would be your one thing to clean.

Posted in nVidia, Windows, Windows 10.

Various old Greasemonkey scripts

With Firefox 57, due in a month and a half (November 14) Mozilla is going to break add-on things again. Big time. As of today, 9 out of the 12 add-ons I’m using are still using the old “legacy” format. Among those, an unknown proportion will probably never be updated and will be lost forever :/ Notably, Cookies Manager+ already stated it would be discontinued. And I’m also worried about Tamper Data, which is an awesome add-on to mess around POST requests and has been working great for the last 7 years without any update, apparently. (if you have some suggestions for _good_ replacements, I’d be glad to hear about them in the comments)

Anyway, Greasemonkey is one of the add-ons that’s going to be updated to follow the new trend, but in order to do so they chose to make some backwards incompatible changes. Meaning some old scripts will stop working. So I had a look at my scripts, and noticed I only have self-made ones, that I don’t really use anymore. I think I’ll just remove GM completely. Before doing so, I wanted to save my scripts… so I’ll just post them here 🙂

I’m not sure any of those still work, because the sites they target have probably evolved, but hopefully they might help someone do stuff. Most of them consist in evading annoying ads they weren’t caught by the usual uBlock, or anti-ad blockers. One was used to hide comments from specific users from some French IT news site. Without further ado, here they are all.

Posted in Firefox, Greasemonkey scripts.

Internet companies violating net neutrality

If you’ve been following the IT news lately, you should be aware of all the shitstorm that happened around Daily Stormer (DS). Long story short, their registrar GoDaddy kicked them out, and a chain reaction followed where many registrars and hosts kicked them out too. Sure they publish “weird” and mean contents, to say the least, but these are still legal contents. So, the companies who kicked them out chose to do so by their own initiative to censor the web. While on the other hand, they’ve regularly resisted to suspend law-braking contents such as piracy stuff.

Ironically, most of those companies pretend to be fighting for “net neutrality”, aka the concept that Internet Service Providers should be forced to carry traffic from all services equally, without any filtering. So what they’re saying is “do as we say, not as we do”. I understand private companies have a right to hand-pick their customers. It really doesn’t feel “right”, though, when said companies either enjoy a quasi-monopoly, or when said companies act all together as one. Also, I don’t see how it makes sense to force ISPs not to discriminate but to let other internet companies do so.

Anyhow, here is the list, that I’ll try to update as I find new ones, of companies who kicked customers based on internal censorship criteria that go farther than legal requirements:

  • GoDaddy: kicked DS domain name (source). Claim to be for net neutrality
  • Google: held DS domain name hostage (source). Claim to be for net neutrality. They also pulled Gab (a Twitter-like where free speech is real, be it left or right) out of the Play Store. Update (2017-09-01): Of course, by now it should be no secret that Google are cyberbullies.
  • Apple: also refused Gab on the App Store, and worse they allow a fake app to use its name. Update (2017-08-31): claim to be for net neutrality
  • OVH: kicked the DS domain name and hosting (source, in French). I don’t think they’ve ever been very vocal about net neutrality, although they once complained that ISPs wanted to charge them for some of the huge bandwidth they use
  • Facebook: closed Andrew Auernheimer’s account (one of DS’s staff, who didn’t post controversial stuff on his FB personal account) (source). Claim to be for net neutrality
  • Namecheap: kicked DS domain name (source). Claim to be for net neutrality so much that they dedicated a whole domain name for that propaganda
  • Twitter but that’s no secret they’re a censorship/PC heaven
  • CloudFlare: stood for free speech for a few days but eventually kicked DS too while having the nerve to explain why their own decision was badClaim to be for net neutrality
  • OpenDNS/Cisco Umbrella: are blocking DS domain name.
    This one is really special: other companies were companies that refused DS as a customer (breaking their contracts with unacceptably short notices, though). While in my opinion this is some worrisome censorship (because 1. it’s not easy to find alternatives that will accept DS and 2. it paves the way to legitimate a lot more censorship: if those companies start cherry-picking contents, they are effectively making themselves responsible for all the contents they do accept), I guess that in a way it is fair game. OpenDNS’s case is different: DS was never their customer. Their customers are just internet users, like you and me, who chose to ditch their ISP’s DNS servers in order to bypass whatever censorship their ISP/government might try to enforce on them. They don’t expect OpenDNS DNS servers to perform their own censorship too. OpenDNS acts pretty much like a “partial ISP” (the part that resolves DNS), but a particularly non-neutral one as I don’t know of any ISP that censors domain names without a proper government request to do so.
    And there is more: they were actually a victim of the lack of net neutrality a while back. Apparently they don’t mind doing to others what they suffered from in the past.
    Update (2017-08-30): OpenDNS now seems to resolve DS domain name properly. No idea if the temporary blackout was intended or not…
  • Network Solutions, LLC: held Stormfront’s domain name hostage (source). I didn’t find anything about their stance on net neutrality, they seem to be a pretty small company so I assume they didn’t make a lot of noise on the subject.
  • Protonmail: deactivated the e-mail account of Lee Rogers (DS staff member) (source). They too have very vigorously campaigned for net neutrality.

And a few ones who really can’t be qualified as posing an issue of net neutrality, but are still an illustration of the political correctness censorship in large/dominant tech companies:

Update (2017-09-05 and later): some more, with fewer details because the list is really getting too long:

Okay, there is just a problem with this post: I was only able to find censorship targeting the right. I wish I could find some targeting the left, in order to show that I don’t care which side of the political spectrum is targeted but I only care about the web having a censorship problem, but I just couldn’t find any… If you do have some of such examples, which do not involve obviously illegal stuff, please do let me know in the comments.

Posted in web filtering.

Why Tomtop’s products all have high ratings

For those who don’t know it, Tomtop is one of those sites that will ship you products straight from China, at pretty competitive prices. I recently bought a Xiaomi phone there, simply because Xiaomi still doesn’t bother to sell locally so buying abroad was my only option.

After browsing around the products a bit, I have yet to see a single product with an average rating below 4/5 stars. But I think I found the reason why.
That Xiaomi phone I bought, well it’s pretty bad. I mean, sure it works and it’s (very) cheap considering the hardware specs. However, I bought it primarily to experiment with LineageOS (RIP Cyanogenmod), and the bootloader is locked, and I spent almost 2 weeks trying to unlock it, with no success, and I eventually gave up. Xiaomi’s unlocking procedure, while straightforward on paper (request “permission” – I guess that’s the Chinese way of life -, download official tool, run said tool), is actually horrible and broken. If it works, good for you. If it doesn’t, you are screwed. They have no notion of what customer support means. The “support” is the forums, period. Forums where official staff barely ever intervene and lots of clueless people like to post their non-working solutions to your issues.

Anyhow, so of course I posted a negative review on Tomptop, precising that the phone was a PITA to unlock. And over a week later, said negative review is still not published. The review is in the system, I can view it in my member area (but not modify it), but it doesn’t appear publicly and isn’t counted in the rating or review count. The phone still has almost 5 full stars, with a bit less than 10 reviews. How many negative ones where kept in limbo? Only Tomtop knows…

So, don’t trust Tomtop’s ratings: the negative ones seem to be missing. And be also wary of the reviews: don’t get me wrong, I have no reason to believe they are fake, but since you only get the positive reviews you are only getting a very incomplete picture.

Posted in reviews.