Blog

Blog

XRDP login with error related to color policies

Table of Contents

XRDP login with error related to color policies

XRDP is the service service for Microsoft Remote Desktop Connection.

Note: XRDP desktop isn't the desktop of console, and it is also impacting the console login. So, don't use console and XRDP at same time.
Note: when I used VNC based software, the screen didn't refresh correctly.

Error

Following errors occurred, these error message can be bypassed by key in password or click on Cancel button and these are only appearing one the first connection established

Authentication is required to create a color profile
Authentication is required to create a color managed device

Reason

The authorization was not granted by Polkit on color management features to user remote login user. The errors are shown as below in file /var/log/auth.log, and the first line is for failed login.

Jan  2 08:07:56 baidu-ubuntu polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.freedesktop.color-manager.create-profile for system-bus-name::1.107 [/usr/libexec/gsd-color] (owned by unix-user:xxxxx)
Jan  2 08:08:36 baidu-ubuntu polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:xxxxx to gain ONE-SHOT authorization for action org.freedesktop.color-manager.create-profile for system-bus-name::1.107 [/usr/libexec/gsd-color] (owned by unix-user:xxxxx)
Jan  2 08:08:54 baidu-ubuntu polkitd(authority=local): Operator of unix-session:c2 successfully authenticated as unix-user:xxxxx to gain ONE-SHOT authorization for action org.freedesktop.color-manager.create-device for system-bus-name::1.107 [/usr/libexec/gsd-color] (owned by unix-user:xxxxx)

Fix

Create file called /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla as below

/etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla

[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes

References

How to Fix “Authentication is required to create a color profile/managed device”

Changing IP address for all nodes in Proxmox Cluster

Changing IP address for all nodes in Proxmox Cluster

Steps

  • Change IP in all nodes in following files /etc/network/interfaces and /etc/hosts
  • Change all IP address in /etc/pve/corosync.conf
  • Reboot all nodes.

Troubleshooting

If above failed during the synchronization, use following commands to fix it.

  • Stop cluster services on the node that wasn't synchronized
systemctl stop corosync.service
systemctl stop pve-cluster
  • Update the corosync.conf file manually
vi /etc/corosync/corosync.conf
  • Restart cluster services
systemctl start corosync.service
systemctl start pve-cluster

Verify configuration file again and cluster status

cat /etc/corosync/corosync.conf
pvecm status

Garmin Fenix – useful features

Garmin Fenix - useful features

Pause and Resume

Press start/stop button during activity is on.

  • To resume your activity, select Resume.
  • To save the activity and view the details, select Save, press Start button, and select an option.
  • To suspend your activity and resume it at a later time, select Resume Later.
  • To mark a lap, select Lap.
  • To navigate back to the starting point of your activity along the path you traveled, select Back to Start > TracBack.
  • To navigate back to the starting point of your activity by the most direct path, select Back to Start > Route.
  • To measure the difference between your heart rate at the end of the activity and your heart rate two minutes later, select Recovery HR, and wait while the timer counts down.
  • To discard the activity, select Discard.

Garmin Edge 1030 – useful features during cycling

Garmin Edge 1030 - useful features during cycling

Split long course

Garmin got bug when the Course is longer than 180 KM as my experiences, and it caused self reboot during recalculating. So I have to split the course into smaller segments, and this is also improve the loading time. Anyway, Garmin Edge isn't a fast computer.

Change Course during cycling

In order to load the next Course into Edge without stopping the activity, the following steps can be used

  • Touch the screen
  • Tap on Home icon
  • Tap on Navigation
  • Tap on Courses
  • Tap on the Course to load
  • Return to Home page
  • Tap on the round activity icon on top of screen to back to activity screen if needed

Pause/Resume activity

If the activity is on, the power button will lock the touch screen. Otherwise, will off the screen.

To Pause activity for lunch

  • Press start/stop button
  • Press power button to off the screen

Resume activity

  • Press power button
  • Press start/stop button

Merge activities

If the activity was stopped and saved, then the only way I know to merge with previous activity is using following online tool, but some useful information will be lost too, such as activity type, category, calories, etc.

https://gtt.feub.net/merge-activities/

Differences and Benefits Between i440fx and q35 in Proxmox

Differences and Benefits Between i440fx and q35 in Proxmox

My view

For application i440fx is enough, and it is simple, for hardware related, such as GPU passthru, then Q35 is better.

Switch between them

After switch between, the network interface name will be changed.

Q35

Q35 supports PCIe

  • Extended configuration space (MMCFG)
  • PCIe native hotplug
  • Advanced Error Reporting (AER)
  • Alternative Routing-ID Interpretation (ARI)
  • Native Power Management
  • Function Level Reset (FLR)
  • Address Translation Services (ATS)
  • AHCI storage controller
  • vIOMMU emulation
  • Secure Boot

Q35 limitations

  • No support for legacy guests (Windows XP/2000).
  • Questionable support for legacy QEMU devices.
  • Limited IO space can affect the number of devices used by a single Q35 machine

References

Differences/benefits between i440fx and q35 chipsets?
Q35 - QEMU
PCI vs PCI Express
PCI EXPRESS GUIDELINES

Escape Percent-signs(%) in crontab

Escape Percent-signs (%) in crontab

In order to input % character as command parameter in cron task, it needs to be escaped using backslash ().

man (5) crontab:

Percent-signs (%) in the command, unless escaped with backslash (\), 
will be changed into newline characters, and all data after the 
first % will be sent to the command as standard input.

Run script after interface up when using NetworkManager

Run script after interface up when using NetworkManager

Create a script as below in folder /etc/NetworkManager/dispatcher.d called 10-openvpn-tun0-up, change the permission to executable

#!/usr/bin/env bash

interface=$1
event=$2

if [[ $interface != "eth0" ]] || [[ $event != "up" ]]
then
  return 0
fi

# place your commands bellow this line

References

Network Manager script when interface up?

Systemd-resolved DNS configuration for VPN

Systemd-resolved DNS configuration for VPN

VPN GUI

When using ubuntu GUI VPN connection, the DNS might not be updated correctly. Following command can be used to update search domain and DNS server.

sudo systemd-resolve --interface tun0 --set-dns <dns_server> --set-domain <domain>

Note: The latest test in VPN GUI, the DNS setting is working as expected.

VPN CLI

For openvpn command line,

openvpn --config client.ovpn --script-security 2 --up ./manual-config

The manual-config script can be as follow

#!/bin/sh
set -e
resolvectl dns $dev 192.0.2.53 192.0.2.54
resolvectl domain $dev "~foo.example.com" "~bar.example.com"
resolvectl dnssec $dev off

or

#!/bin/sh
systemd-resolve -i $dev \
  --set-dns=192.0.2.53 --set-dns=192.0.2.54 \
  --set-domain=foo.example.com --set-domain=bar.example.com \
  --set-dnssec=off  # <- Not super nice, but might be needed.

Another method is to use /etc/openvpn/update-systemd-resolved script, which is in openvpn-systemd-resolved package,

openvpn \
  --config client.ovpn \
  --up /etc/openvpn/update-systemd-resolved \
  --down /etc/openvpn/update-systemd-resolved \
  --down-pre \

NetworkManager Integration

To allow DNS and other options applied to new interface, a dispatcher file can be created, for example, /etc/NetworkManager/dispatcher.d/10-openvpn-tun0-up. The content can be as follows

#!/usr/bin/env bash

interface=$1
event=$2

if [[ $interface != "tun0" ]] || [[ $event != "up" ]]
then
  return 0
fi

# place your commands bellow this line

resolvectl dns tun0 192.168.1.1 192.168.1.2
resolvectl domain tun0 "~new.com"

References

Systemd-resolved DNS configuration for VPN
Network Manager script when interface up?

Only pipe STDERR output in `bash` with timestamp

Only pipe STDERR output in bash with timestamp

bash

In order to discard standard output and only log the standard error, following command can be used. The second part of command is to prefix the current timestamp in the output

sh monitor 2>&1>/dev/null | ts '[%Y-%m-%d %H:%M:%S]'

dash

If need to run in dash, such as running in crontab, above syntax is wrong, use following command instead

sh monitor 3>&1 1>/dev/null 2>&3 3>&- | ts '[%Y-%m-%d %H:%M:%S]'

Note: This command can be run in bash too

References

Prepending a timestamp to each line of output from a command
Pipe only STDERR through a filter