KDE SC | Plasma KIOSK Framework – far from perfect but functional

Friday, 13. December 2013

Did you install a kde-centric distribution on your parents pc? do you want to set up an internet terminal in a public area or in your office and you are tired of being called because a toolbar or an important widget has suddenly disappeared ?

the solution seems easy..  lock down plasma-desktop !

there is one preferred way to do so..  the kiosk framework



Create a file called  /etc/kde4/kdeglobals (or add your options to ~/.kde/share/config/kdeglobals) and write something like the following in it:  (there was a GUI for that in development but it seems dead by now)

[KDE Action Restrictions][$i]
action/lock_screen=false #hide rightclick unlock option
movable_toolbars=false #lock toolbars
run_command=false #disable krunner (alt-f2)
action/run_command=false #disable krunner (rightclick)
plasma-desktop/add_activities=false # not working right now
action/kwin_rmb=false # disable kwin context menu
action/logout=false # disable logout option
plasma/allow_configure_when_locked=false #no rightclick on plasmoids
plasma/plasma-desktop/unlockedDesktop=false #this is new

The [$i] will make the whole section immutable – that means it will not be overwritten by any user config-files read afterwards. (the given example will remove the lock-screen option, disable the run-command interface (krunner), lock application toolbars and (maybe in the future) disable the add activities feature, also the option to remove the logout entry and completely disable the context menu on kwin’s titlebar is working in 4.11  yay!!!)


Unfortunately some of the options in the kiosk documentation (especially the plasma specific ones) are not up2date therefore you will not be able to lock down plasma completely (at least not right now) but there is another solution to lock down plasma and make the “unlock widgets” entry disappear !

just write a single [$i] in the first line of  ~/.kde/share/config/plasma-desktop-appletsrc  -and- ~/.kde/share/config/plasma-desktoprc this will make the whole file immutable and hide the unlock widgets context menu entry.

Of course [$i] can be used to lock down specific widgets(sections) or just single options like height or width of the folder view widget for example.

Be aware that anybody who knows how to find those config files is still able to alter them e.g. remove the [$i]! 

In order to secure the desktop completely you’ll have to copy those files  to /etc/kde4  and go one step further…. disable rightclick on the plasma desktop containment: rightclick on the desktop – Mouse Actions – remove “Right-Button”


It is really hard to lock linux/plasma down..  there are still several ways to get control of the system when you know your way around keyboard shortcuts..  you could change to a new tty for example.. or just invoke any suitable keyboard shortcut. In my special case there is actually no need for a keyboard so i managed to lock down almost everything …  only the cashew with it’s “add activities” feature remains..  since there is no reliable way to remove the cashew and no way to remove the activities feature this leaves plenty of space to mess around with the desktop and make it unusable for the next user at the KIOSK PC.   (activities can be added but interestingly you can’t remove them afterwards in the locked state ^^)

 for now the only way i found to restrict everything was to remove the cashew completely by setting the rights of the cashew library to forbidden:

sudo chmod 600 /usr/lib/kde4/plasma_toolbox_desktoptoolbox.so 


So after all i got this totally locked down system where the only thing a user is allowed to do is to start one single task ( a unique one click live-linux-usb installer based on kubuntu 😉  http://life-edu.eu/


With a keyboard attached i’m able to administer the complete system thx to “krunner” (the only shortcut left alive) and with the two scripts i wrote, “desktop-lock” and “desktop-unlock”, im able to toggle the KIOSK mode in seconds ^^



KIOSK.zip  (bash scripts – you should know what you are doing)






Create *ubuntu LIVE-USB from the command line

Thursday, 14. November 2013

You can hack usb-creator to do this.  (special thx to  Jay _silly_evarlast_ Wren who wrote about this at askubuntu.com)

You should already have a single vfat partition as partition 1 on the usb device and it should be marked bootable.

You could do this with a simple shellscript:

sudo sfdisk -R $SDX
sudo sfdisk $SDX -D -uM << EOF
sleep 4
sudo sfdisk $SDX -A 2
sudo sfdisk --id $SDX 2 b
sudo sfdisk -R $SDX
sudo mkfs.vfat -F 32 -n winshare ${SDX}1
sudo mkfs.vfat -F 32 -n system ${SDX}2
sudo mkfs.ext4 -L casper-rw ${SDX}3
sleep 1
sudo sfdisk -R $SDX

(this would create 3 partitions on sdb (winshare/system/casper-rw) casper-rw would come in place if you chose to add persistent to the syslinux.cfg file and store all the changes and  “system” would be the bootable installation target (sdb2) – winshare speaks for itself)

Next, we will get usb-creator python code to assist us. (we need bzr to get the sourcecode)

$ sudo apt-get install bzr


$ bzr branch lp:usb-creator

create a file with this content and name it usb-creator-cli, place this file in the usb-creator directory (root of bzr branch)

#!/usr/bin/env python
from __future__ import print_function
from usbcreator.misc import sane_path, setup_gettext, setup_logging, text_type

from usbcreator.install import install


#/dev/sdb1 should be mounted on /mnt
#iso should be mounted to /iso

dev = '/dev/sdb2' source = '/iso' target = '/mnt' ugh = install(source, target, False, device=dev) ugh.success = print ugh.failure = print ugh.progress = print ugh.progress_message = print ugh.progress_pulse = print ugh.progress_pulse_stop = print ugh.retry = print ugh.run()

Make it executeable

$ chmod +x usb-creator-cli

Now mount your iso to /iso and mount your usb device to /mnt

$ sudo mkdir /iso ; sudo mount ubuntu-server-12.10-amd64.iso /iso
$ sudo mount /dev/sdb1 /mnt

If you want very verbose messages at your console you can tail ~/.cache/usb-creator.log

$ tail -f ~/.cache/usb-creator.log &

Now run that usb-creator-cli script

$ sudo ./usb-creator-cli

And watch all the messages scroll by.

When you return to the prompt, don’t forget to unmount /mnt before you yank your usb storage device.



how to start a simple (temporary) webserver in current directory (with php support)

Sunday, 10. November 2013

With python 2.4 and later you can use the SimpleHTTPServer module like this

python -m SimpleHTTPServer [port]

This will start a HTTP server on port 8000 (if no port is specified) serving the files and directories which are in the current working dir.

for Python 3 use


python -m http.server [port]


If you need the web server to parse php files you should use the php webserver instead of the python webserver:

php -S 

Dsniff / Arpspoof HowTo

Saturday, 2. November 2013


This is a direct copy of  http://failshell.io/hacking/dsniff-howto/

Thank you for this neat howto!



  • dsniff
  • arpspoof
  • the IP of your gateway
  • Linux machine (BSD would work too)
  • Enable IP forwarding (VERY IMPORTANT)

dsniff/arpspoof website

NOTE: On Debian/Ubuntu systems, both tools are packaged under ‘dsniff’.

Get your gateway’s IP

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   U     0      0        0 br0   U     0      0        0 virbr0         UG    0      0        0 br0

In this case, it would be

Enable IP forwarding


# echo 1 > /proc/sys/net/ipv4/ip_forward

To make it permanent, add this line to /etc/sysctl.confnet.ipv4.ip_forward = 1

NOTE: If you don’t do this, no one will be able to use the network as your machine will refuse to forward packets to the gateway. You have been warned!


This will make the clients on the network believe that your computer is the gateway. So make sure you enabled forwarding.

# arspoof


This tool will sniff the traffic for unencrypted login and passwords. When it finds one, it will print it to stdout.

# dsniff -i br0 -mc


Make sure you’re authorized to do this, because in many countries, that could be seen as hacking and/or spying. Laws differ in every country, but the results are often jail.

Share Internet Connection from GNU/Linux Systems

Saturday, 2. November 2013

this is a direct copy of http://saikatbasak.com/share-internet-connection/  Thank you for this neat howto!


Now, here we have,

A computer connected to the Internet via the eth0 port (if you have a mobile broadband it would be ppp0).

We want to share the connection via the eth1 port of the same computer.

What we need,

We need basic networking utilities that is, in most cases, comes pre-installed in your GNU/Linux distribution (iptablesifconfig to be precise).

Yes, we do need some Lan Cables (Crossover cable) to share the connection via the eth1 port of the above mentioned computer.

So, let us begin. Connect your computer to the Internet. If u have a dhcp connection you may use dhclient or dhcpcd. Just do, as root, ‘dhclient eth0′, without the quotes. For connecting to mobile broadband you may use wvdial.

Flush iptables rules:

# iptables -F
# iptables -t nat -F
# iptables -t mangle -F
# iptables -X
# iptables -t nat -X
# iptables -t mangle -X

Enable kernel routing mode:

# echo 1 > /proc/sys/net/ipv4/ip_forward

Also, you can make ip forward permanent by editing /etc/sysctl.conf and set net.ipv4.ip_forward = 1

Setup eth1:

# ifconfig eth1 netmask
# ifconfig eth1 up

( you may consider using a different ip address)

Set iptables rules for port forwarding:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

That’s it. Now connect one end of the cable to the eth1 port of your server. Connect the other end to any computer or device such as a router or a switch.

Client side configuration example:

Ip address:
DNS server address: Same as the server (you may also use Google DNS or any other DNS of your preference)

# ifconfig eth0 netmask
# ifconfig eth0 up
# route add default gw eth0
# echo "nameserver" > /etc/resolv.conf

Happy surfing.



KDE SC – KMix – Change Volume Percentage Step and add Audio Feedback

Sunday, 31. March 2013

While hovering over the KMix systray-icon using the mousewheel will increase (or decrease) the volume by min. 12% .. so the sound volume becomes “just too loud” or “just too soft”

The following change in the KMix config file will change that behaviour. The mouse wheel (or volume buttons) will increase the volume by approximately 4% instead of 12% after the change.

  1. Stop KMix  (right-click on the kmix icon in the systray and select “exit”)
  2. Edit the config file ( nano ~/.kde/share/config/kmixrc )
  3. Add the following line to the [Global] section:   VolumePercentageStep=1.2
  4. Set the value for VolumeFeedback to true
  5. Save the config file
  6. Start KMix
  7. Enjoy your fine granied KMix control with audible feedback! 

thx to eric hameleers for the percentage step – tip 🙂


EDIT:   (audiofeedback)

or.. you can just enable the audio feedback in the GUI 🙂








Wednesday, 21. November 2012

based on meego, sailfish is the first real open source mobile operating system that also runs android apps thanks to myriads alien dalvik.  the Qt swipe UI allows to swipe away apps and push them to the multitasking homescreen where the app will act as interactive widget. an application drawer lives underneath the homescreen and can be accessed via swipe up. as seen in meego, the lock screen shows notifications and allows quick-access to the camera, phone, profiles and more with a swipe down. swiping away an app half way allows a glance at the homescreen and whats going on there without leaving the app.  

jolla plans to launch the first sailfish phones in the second quarter of 2013.

>  sailfishos.org 



Presenting Jolla

Jolla Sailfish OS Keynote at Slush Event in Helsinki

Hands On – UI Preview



Detailed UI Preview

relinux & (k)ubuntu 12.04 – custom username/hostname and other obstacles

Thursday, 12. April 2012

it seems that relinux needs a major rework to function properly on 12.04 ( afaik the team knows about this and is already working)


for relinux “iso” to work i had to write the following lines into a terminal first:

sudo bash
rm -rf $WORKDIR
mkdir -p $WORKDIR/ISOTMP/casper
mkdir -p $WORKDIR/ISOTMP/preseed
mkdir -p $WORKDIR/dummysys/dev
mkdir -p $WORKDIR/dummysys/etc
mkdir -p $WORKDIR/dummysys/proc
mkdir -p $WORKDIR/dummysys/tmp
mkdir -p $WORKDIR/dummysys/sys
mkdir -p $WORKDIR/dummysys/mnt
mkdir -p $WORKDIR/dummysys/media/cdrom
mkdir -p $WORKDIR/dummysys/var
chmod ug+rwx,o+rwt $WORKDIR/dummysys/tmp


because of a recent change in CASPER it tries to determine username and hostname in a really bad way that leads to errors .. (it takes the livecd lable for username AND hostname or something like that)

 i therefore had to hardcode USERNAME and HOST in 

/usr/share/initramfs-tools/scripts/casper (lines 692-693)


today i encountered a new problem :  

vesamenu.c32: Not a COM32R image

in order to solve this problem i had to overwrite the file “vesamenu.32”  located in /syslinux/  on the usb thumbdrive with the original file located in  /usr/lib/syslinux/  on my “relinux” system. 



Unity? No it’s not – it’s KDE Plasma Desktop

Saturday, 24. March 2012

This is just a little bit of unity in kde but since kde is configurable to the max you may choose the level of similarity on your own…  There even is “takeoff” launcher, krunner and a HUD – like plugin in development. (And a bunch of other useful widgets for your enjoyment )

I still don’t understand why canonical is using gnome as their base instead of kde..  here is just an other video that shows off kde’s capabilities to mimic unity right out of the box. (but rockstable 😉 )


Help them to exceed their goal

Wednesday, 21. March 2012



Kdenlive is one of the greatest video editors out there… its free… its open source.. it just..  great!

The kdenlive team is collecting money for being able to work on their video editing software fulltime..  all you need is a paypal account or a credit card and you are ready to help.

If you love kdenlive as much as i do..  spend at least a few beers or a pizza to make the coding more fun 🙂



ps:  had some problems with paypal but there it is .. wow… they already have more than 5000.–