How to get rid of ugly GTK when using a slim window manager like i3

Todays window managers like GNOME, KDE, Xfce4, normally look nice and clean with many effects included. Well, console loving nerds might not bother that much about nice looking GUIs, but using libraries, that make others believe you're running Windows 95... However most computer users, advanced or not, like nice clean looking interfaces. Generally it shouldn't be such a problem to achieve this, just install one of the previous mentioned window managers or choose Windows or OSX instead. But if you're trying to keep your system slim, it might be very painful to make your applications looking clean, consistent and maybe a bit modern. This guide shows how to get rid of ugly GTK when using i3wm on Gentoo Linux.

Packages required

The most difficult thing is to have all necessary packages installed. You might browse through forums for hours trying tonnes of configuration but neither would work, since your missing a single library. Since I like the Greybird theme from xubuntu, I will use it as placeholder during the entire post.

/etc/portage/make.conf

USE="... gtk gtk3 libnotify ... "

emerge necessary packages

# Note: some of the packages listed below might not have to be in your world file
emerge -avq x11-libs/gtk+ x11-themes/greybird x11-themes/gtk-engines

Configuration required

You may have mentioned, that since there are different versions of GTK, some applications might look nice and others don't. To make GTK looking consistent, I recommend to choose a theme, such the Greybird theme, that includes both. To figure out which themes are currently installed on your system and which supports both, just have a look at /usr/share/themes, where the GTK themes are located.

/home/phgamper/.gtkrc-2.0

Below a sample configuration for gtk-2 ...

# include the GTK theme
include "/usr/share/themes/Greybird/gtk-2.0/gtkrc"
gtk-font-name = "Sans 10"

/home/phgamper/.config/gtk-3.0/settings.ini

... and the configuration for gtk-3.

[Settings]
gtk-theme-name = Greybird
gtk-font-name = Sans 10

Of course there are many more configurations, but the important one is the include in version 2 respectively the gtk-theme-name in version 3.

/root

Some applications like gpared must run as root. Since GTK is configured per user, programs running as root will still look ugly. To avoid this, you could either copy the config-files into /root or create two symlinks. I personly prefer the latter, because this way I don't have to care about root, if one day I'm going to change the theme.

su && cd
ln -s '/home/phgamper/.gtkrc-2.0'
cd .config
ln -s '/home/phgamper/.config/gtk-3.0'

Notification Daemon

If you like a nice notification daemon without installing millions of packages the Xfce's notifyd might be of your choice.

emerge -avq x11-misc/notify-osd xfce-extra/xfce4-notifyd

You might find the notifications being showed as an ugly blue bar on top left, this is because i3wm might come with dunst. Unmerging it will do the trick.

emerge -avC dunst

To test whether the notification daemon is working properly or not, just open a terminal and type the following command.

notify-send "Hallo Welt"

You might want to change the position of where notifications are being showed. This could be done easily by using xfce4-notifyd-config.

PHP is watching you

I just received an email with the subject Serious Vulnerability in your Blog and my /etc/passwd attached. WTF..?! Well, I've just started my security master, thus I wouldn'd dream of claiming I'm absolutely an expert at all, but however it's kinda reassuring to realize, it's that easy to browse ones filesystem over the net, if there are bugs in your code, even if you're running Apache more or less with its recommended security configuration ...

The Vulnerability

Soon after I learn about how my mate was able to download the /etc/passwd without any permissions. It was rather simple. All he did, was to use the wget command, ignoring the certificate check, since my website is running with ssl only, and request what ever he wanted as follows.

 wget --post-data 'post=/etc/passwd' --no-check-certificate 'https://phgamper.ch'

I tried to download some other files and succeed in getting /etc/fstab but failed in getting /root/hallo.txt. By a closer look at the ACL I mentioned, that the root's home directory is restricted to the owner but not the /etc, i.e.

...
drwxr-xr-x 111 root root       4096 Oct 23 21:29 etc
...
drwx------   8 root root       4096 Oct 24 13:21 root
...

I concluded that the issue must lie somewhere in the PHP code, not least because of the fact, that trying to download from the root's home directory results in PHP throwing a permission denied warning.

<b>Warning</b>:  include(/root/hallo.txt): failed to open stream: Permission denied in <b>/home/phgamper/www/public/index.php</b> on line <b>41</b><br />
<br />
<b>Warning</b>:  include(): Failed opening '/root/fancy.pwd' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in <b>/home/phgamper/www/public/index.php</b> on line <b>41</b><br />

The Fix

I spent some time in looking at the code and found the following code fragment. Ahead removing it did the trick.

if (isset($_POST['post']))
{
    $include = $_POST['post'];
    unset($_POST['post']);
    include ($include);
}

Well, as I built this blog, I just copied an old project, deleted everything unnecessary, changed some functionalities and added some other features. Thereby I've changed the way of how PHP dynamically includes the content, since it was not that easy to use. Indeed using $_POST directly to load files is a stupid idea at all, but back then, when I've built the old project, I didn't realy care about. Normaly PHP is running on a Webserver, often on Apache, and thus with the webservers priviledge. Since apache is a user on the system, PHP is able to access all files that either belongs to apache, its group or is accessible by nobody.

Lesson learned

Once more the reality have shown, it is hard to write bug free software, and it's not always a good idea to copy old code and modify it to ones needs without worring about...

Using Raspberry Pi as Airplay

Although I'm a Linux fan, I currently prefer iOS over Android, not at least I like Apple's AirPlay feature. Since I own a Raspberry Pi but no AirPort I bump into the idea of using my Pi as AirPort instead. There are some implementation for Linux available on GitHub but most of them doesn't leads to satisfactory results. However one of them I've tried seems to do their job pretty well: ShairPort by James Laird

Clone and Install

We start by creating a new user called shairport which is allowed to use the audio output. This because we want shairport to run as a daemon with minimal rights due to security reasons. Unfortunately there is an open issue regarding using ShairPort with Pulseaudio on Raspberry Pi. Therefore we have to use Alsa instead, what requires some modification in the /etc/asound.conf for Alsa being mapped to Pulse. More on this later.

sudo -i
# no need to create the home directory
useradd -r -U --no-create-home -G audio shairport

The next few steps clone and installs shairport on our system and should be pretty self explanatory.

cd /usr/local
git clone https://github.com/abrasive/shairport.git
chown -R root:shairport shairport
cd shairport
# configure and build
./configure
make
cd ../bin
# create symlink in /usr/bin to link shairport to your path
ln -s ../shairport/shairport shairport
exit

Testing

To test if everything works fine, one could simply start shairport with the following command. As already mentioned, the user, who runs shairport, must be in the audio group and the alsa to pulse mapping enabled.

shairport -a 'My Shairport Name'

Start ShairPort automatically at boot

To start ShairPort automatically at boot, the developers provide the necessary scripts, so that we just have to put them to the right place.

sudo -i
cd /usr/local/shairport/
cp scripts/debian/init.d/shairport /etc/init.d
cp scripts/debian/default/shairport /etc/default
cd /etc/init.d
chown root:root shairport
update-rc.d shairport defaults
exit

/etc/asound.conf

As mentioned above we need to tell Alsa to make use of Pulse to output audio. This is done by modifying the /etc/asound.conf as root.

pcm.!default {
    type hw
    card 0
}
ctl.!default {
    type hw
    card 0
}