Read on for the solution https://cynici.github.io/2022/12/08/slow-screen-unlock.html

dmesg output would show this error:

[    2.984796] i2c_hid i2c-UNIW0001:00: HID over i2c has not been provided an Int IRQ
[    2.984864] i2c_hid: probe of i2c-UNIW0001:00 failed with error -22

When this happened, I had to reboot repeatedly until I could move the pointer on the login screen using the touchpad.

Laptop hardware

WootBook Metal II PF4NU1F AMD Ryzen 7 4800H 2.9GHz Octa Core 14” Full HD (1920×1080) IPS Space Black Laptop rebranded from Tongfang PF4NU1F made by a company in China.

This hardware is also sold with different names in other markets, https://www.reddit.com/r/AMDLaptops/comments/hzlcjo/all_of_the_vendors_that_are_offering_the_tongfang/ E.g.:

• Eluktronics THINN-15
• Schenker VIA 15 Pro
• TUXEDO Pulse 14”/15”
• PCZ 14” Fusion Pro
• Juno Computer (Linux) Aurora 15
• Slimbook (Linux) Slimbook Pro X 14”/15” (AMD)
• Slimbook (Linux) KDE Slimbook 14”/15”
• LaptopwithLinux PF4NU1F (14”) / PF5NU1G (15”)
• Skikk 15GRR1
• Laptopparts4less Tongfang PF4NU1F (14”) / PF5NU1G (15”)
• RaionTech RaionBook UB1R (14”)
• Mechrevo Mechrevo S2 Air (14”)
• Mechrevo Mechrevo Code 01 (15”)
• Monsterlabs/Hansung TFX44-0H (14”)
• Monsterlabs/Hansung TFX54-0H (15”)
• Illegear Ionic 15 Ryzen
• Commandos Helium 5 Ryzen

Solution

Thanks to Jeroen Jeurissen sharing his solution on linux kernel bugzilla

I saved and compared lsmod output in both cases – fell back to terminal using Control+Alt+F2 hotkey when the touchpad malfunctioned. The kernel modules hid_i2c and hid_generic were absent when the touchpad didn’t work.

Based on Jeroen’s solution for Elan touchpad, I created /etc/modules-load.d/99_touchpad.conf

softdep hid_i2c pre: pinctrl_amd
softdep hid_generic pre: pinctrl_amd

Didn’t work unfortunately. Second attempt,

sudo rmmod i2c_hid
sudo modprobe i2c_hid

2020-10-25 update

So, my final solution on openSUSE Tumbleweed:

1. Enable rc.local
2. Create /etc/rc.local

#! /usr/bin/env bash

if lsmod | grep -q i2c_hid ; then
    echo "Touch pad detected."
else
    rmmod i2c_hid
    modprobe i2c_hid
fi

Parameterized query is the recommended way to modify your SQL statement programmatically where you could sprinkle your SQL statement with variable placeholders like %s or %(myvar)s. But, if the statement happens to use any ILIKE operator e.g. '%pattern%', you must escape every occurrence of % in your operand with %%, i.e. '%%pattern%%'. Otherwise psycopg2 will throw the exception error message “argument formats can’t be mixed”.

This feature is actually mentioned in the documentation, http://initd.org/psycopg/docs/usage.html#passing-parameters-to-sql-queries

When parameters are used, in order to include a literal % in the query you can use the %% string

Took me a roundabout to learn that the screensaver settings is hidden in Xfce Power Manager (Preferences / Power Manager).

If you have replaced the default Desktop Manager with something else, you might need to download and install the following packages to customize its settings.

sudo apt install python-gi light-locker-settings

From http://www.postfix.org/SMTPD_ACCESS_README.html

By default, Postfix has a moderately restrictive approach to mail relaying. Postfix forwards mail only from clients in trusted networks, from clients that have authenticated with SASL, or to domains that are configured as authorized relay destinations.

It took me awhile to figure out how to get Postfix on my CentOS 7 box to support SMTP AUTH over TLS and authenticate SMTP users via LDAP. In this setup, I am using SSL certificate issued by LetsEncrypt.

Initially, I had wanted to configure saslauthd (provided by cyrus-sasl) to authenticate against LDAP directory server but couldn’t get it to work. I ended up letting saslauthd authenticate via PAM-LDAP (nslcd provided by nss-pam-ldapd).

Required packages

• postfix
• cyrus-sasl
• cyrus-sasl-plain
• nss-pam-ldapd
• openldap-clients    # optional, for testing LDAP configuration
• telnet    # optional, for testing postfix

Edit /etc/postfix/main.cf

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
# When TLS layer encryption is optional ("smtpd_tls_security_level = may"), 
# it may however still be useful to only offer AUTH when TLS is active 
# to avoid sending AUTH data over unencrypted channel.
smtpd_tls_auth_only = yes
smtpd_tls_cert_file=/etc/pki/tls/certs/fullchain.pem
smtpd_tls_key_file=/etc/pki/tls/private/privkey.pem
smtpd_tls_received_header = yes

smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination

Edit /etc/sysconfig/saslauthd

# Couldn't get this to work. Resort to PAM instead. :-(
#MECH=ldap
MECH=pam

Edit /etc/nslcd.conf, set variables where applicable

uri 
base
binddn
bindpw
scope
filter
map

Edit /etc/pam.d/smtp.postfix

#%PAM-1.0
auth required pam_ldap.so debug
account required pam_ldap.so debug

Procedure

1. Save LetsEncrypt fullchain.pem in /etc/pki/tls/certs/, owner root, mode 0444
2. Save LetsEncrypt privkey.pem in /etc/pki/tls/private/, owner root, mode 0400
3. sudo systemctl enable nslcd saslauthd postfix
4. sudo systemctl start nslcd saslauthd postfix
5. Check for service error with sudo journalctl -f
6. Test saslauthd-PAM-LDAP, testsaslauthd -u {ldap_mail_user} -p {ldap_mail_user_password} -s smtp
7. Test postfix STARTTLS, https://qmail.jms1.net/test-auth.shtml

Every so often, an external data provider needs to copy files from his server (A) to an internal server (C) which I manage through a SSH bastion host (B) which I do not manage. So, I want to restrict A to using rsync or scp to C via B, and nothing else, i.e.

• A must not get a shell on B or C
• A knows absolutely nothing about C
• A cannot change the destination server, i.e. no ProxyCommand

Solution

• Install and configure rssh on C
• Create a dedicated login account on C, e.g. joe, for receiving incoming files using rssh as the login shell
• Set password for C because on systems like Ubuntu, account is locked unless it has a password set.
• Ensure that AllowUsers or AllowGroups directives, if present in /etc/ssh/sshd_config, includes C
• Add a custom script on B to be run from authorized_keys of my login account on B, e.g. proxy@B
• Generate a dedicated SSH key pair for proxy@B and authorize this new key to ssh to joe@C

Install and configure rssh on C

• Follow instructions on https://ubuntuforums.org/showthread.php?t=1929414
• Slight deviation from the article
  • No need to set password for destination owner, joe
  • No need to configure rsyslogd
  • Edit /etc/rssh.conf to include these lines

    allowscp
    allowrsync
    user=joe:077:100110:/home/chroot
    

  • Out of the box, despite the configurable options in /etc/rssh.conf, rssh only actually works for scp and not rsync – rsync fails to run in chroot environment because it needs additional dynamic libraries not included by mkchroot.sh
• How to make rsync run in chroot environment?
  • Identify the libraries required by rsync using ldd /usr/bin/rsync and copy all of them to the corresponding directory in /home/chroot/…
  • Be sure to copy the actual file and its symlink are both copied over
  • On Ubuntu system, chmod 4755 /usr/lib/rssh/rssh_chroot_helper otherwise your SSH session will authenticate successfully but mysteriously abort with this error message logged to syslog rssh_chroot_helper: chroot() failed, 1: Operation not permitted (https://ubuntuforums.org/archive/index.php/t-1178391.html)

Add a custom script on B

Say my login username on the bastion host is called proxy

Generate a dedicated SSH key pair for this purpose, say

• /home/proxy/.ssh/copyfiles
• /home/proxy/.ssh/copyfiles.pub

Authorize the public key in /home/chroot/home/joe/.ssh/authorized_keys on destination server C.

Save the script as /home/proxy/sshcmd.sh and chmod ugo+x.

#! /bin/sh
#
# Used by specific SSH authorized_keys as command
# Restrict to commands literrally beginning with 'scp' or 'rsync'
#
echo "${SSH_ORIGINAL_COMMAND:-}" | grep -qE '^(scp|rsync) '
if [ $? -eq 0 ] ; then
    ssh -i ~/.ssh/copyfile joe@C $SSH_ORIGINAL_COMMAND
else
    echo Access Denied
fi

Get the SSH public key from the data provider. The provider will use the corresponding SSH private key on A to initiate rsync or scp.

Append into /home/proxy/.ssh/authorized_keys where ellipsis below denotes the content of the SSH public key file.

command="./sshcmd.sh",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding ...

Gotcha

When specifying the destination in the scp/rsync argument, the data provider should not use ‘~’ because it gets expanded incorrectly as /home/chroot/home/euracedu.

Let’s say the SSH key on A is named akey and the file to copy over is named XXX:

rsync -aruv -e "ssh -i akey" XXX proxy@B:./
scp -i akey XXX proxy@B:./

If SSH key authentication works fine, scp/sftp shows “lost connection” or rsync shows something like the following, double check that you have copied all libraries and symbolic links shown as dependencies by scp, sftp, rsync, etc. to the chroot subdirectory.

sync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.2]

After rebooting this server, it became dissociated from the swarm.

docker node ls output:

Error response from daemon: rpc error: code = Unknown desc = The swarm does not have a leader. It’s possible that too few managers are online. Make sure more than half of the managers are online.

Rebooting the server and restarting docker service didn’t help.

Here’s what I finally worked for me:

1. On any of the healthy manager node,

   docker node update --availability drain foobar
   docker node rm foobar

2. On foobar,

   docker swarm leave --force
   docker swarm join --token {swarm_manager_token} {swarm_leader_ipaddr}
   

Both Chrome and FireFox won’t playback any video on Youtube. Only a message to the effect of restarting device is shown.

I did the following to solve the problem:

• Changed the VM Audio Controller from ICH 97 to Intel HD [link]
• Increased the Video Memory from 16MB to the maximum, 128 MB [link]

Well, I was foolish enough to order from GearBest without realizing that the set comes with a ROM intended for the Chinese market where Google is banned. In short, the phone is 90% Xiaomi and 10% Android. All apps are to be downloaded not from Google Play Store but MiStore, and the keyboard is quite insistent in wanting Chinese input despite having selected English in the phone setting. Enough reasons to force me to take drastic measures to replace the ROM to the one intended for international market at the risk of bricking my new phone. I did brick the phone once in the process of trying out various methods.

Bottom line, I succeeded with the help of plenty of indispensable advice on the web. Phew! Here’s how I did it. A Windows PC is necessary because all the software are for Windows only.

• Register to create a MI account
• Submit a unlock request and unlock using the Mi Unlock program
• Having unlocked successfully, enable developer mode
• Download the latest Xiaomi Mi Flash Tool from https://androidmtk.com/download-xiaomi-mi-flash-tool
• Download the correct 1.2 GB fastboot tgz file for my phone, i.e. Redmi Note 4 MTK Latest Global Stable Version Fastboot
• Use the “Fastboot” method to flash the ROM but use the latest Mi Flash and not following the link given on the Miui page

Foot note

• The MIUI web site offers three methods of replace the ROM but both System Update and Recovery Update methods did not work for me.
• System Update simply aborted with “Cound’t verify update package” error. I don’t know if it was because the version on the phone was 8.0.9 while the global ROM was 8.0.3.
• The phone won’t boot into recovery mode. It displayed this instead.
• If you live in South Africa, do not buy from GearBest unless they switch their courier service provider from ARAMEX. I paid GearBest about R3200 for the phone but ARAMEX made me paid additional R2200 for dubious custom levy and they won’t show me the official invoice.issued by the custom department.

With Win 7, booting up and logging in were a breeze; system ready in less than 15 seconds.

After upgrade, the same process took over 3 minutes, extremely slow both in booting to the login screen and getting desktop ready after login.

I googled and tried the most promising approach suggested by Joe on AskWoody but it didn’t help.

Then I noticed that my login account (carried over from the upgrade) strangely belonged to “Device Administrators” and not “Administrator”. I changed the group membership to the latter and rebooted. Voila, problem solved.

I don’t know enough about Windows to understand the underlying causes. So, your mileage may vary.