Wireguard & OpenWRT

Goal: setup my Android handset so that it can connect remotely to hosts on my home network Follow the OpenWRT Wiki guide for general Wireguard setup. Addressing My handset typically doesn’t have IPv6 Internet connectivity, so Wireguard traffic will be over IPv4. However traffic inside the tunnel can be over IPv6. Name IP Home IPv6 ULA 1 fd2c:cfce:c1ce::/48 Home WAN IP 203.123.xx.xx Home LAN IP, fd2c:cfce:c1ce::1/60 Home WG IP fd2c:cfce:c1ce:10::1/64 Android WAN IP (dynamic IPv4) Android WG IP fd2c:cfce:c1ce:10::2/64 Wireguard Android Wireguard config:

TrueNAS Scale data recovery

My TrueNAS Scale server recently started throwing the following zfs module kernel panic 1 on boot: PANIC at space_map.c:405:space_map_load_callback() What follows are the steps I took to retrieve the data from the corrupted zfs pool. Getting setup boot from a Ubuntu 22.04 Live USB disk. Ubuntu (unlike Fedora) supports zfs without needing to compile kernel modules. install the zfsutils-linux package: $ apt install zfsutils-linux import the pool as readonly (attempting to import read/write causes the kernel to panic!

Australia and The Voice To Parliament

Australia is about to vote via referendum on whether we should amend the constitution to include a requirement for a body called ‘The Aboriginal and Torres Strait Islander Voice’ which would advise parliament on matters relating to those first people groups (I will refer to those people as ATSI). I will be voting ‘No’. What follows is some of the reasons I’m taking this position. The ‘No’ vote argument can be summarized by 1:

VSCode Notes

Future note to self regarding VSCode/VSCodium

I use VSCode on my Windows work machine and VSCodium on my personal Linux machine.




Decent Sampler on Linux

I recently stumbled upon the Decent Sampler Plugin and excellent free sample library available from Pianobook. Keen to try out some of the samples, I downloaded the plugin for Linux. There are 3 options for using Decent Sampler (which all come in the download package) - standalone player or VST2 and VST3 plugins. I didn’t have a DAW installed and didn’t really want to use one just to try a few samples out, but quickly discovered that the Decent Sampler standalone player is quite limited and seems to be a bit buggy too.

NetworkManager and DHCPv6

tl;dr NetworkManager method=dhcp is deprecated and should not be used. I recently had an issue with a host on my network not getting a IPv6 default route when using DHCP. The host is running Fedora 36 which uses NetworkManager to manage network connections. I wanted the host to have a static IP, but configured via a DHCP static lease rather than manually. I ended up configuring the network connection with option method=dhcp after finding a post online with example config.

Surface Laptop 3 and Linux

I recently acquired a Microsoft Surface Laptop 3 and installed Fedora 36 on it. Everything works by default except touchscreen. For touchscreen support you need the surface-laptop kernel. Tips Keyboard + Mouse I found that Fedora Beta was missing drivers for keyboard and touchpad on first boot so I had to use keyboard and mouse attached via USB port. After I ran an update to get latest available kernel and did a reboot, they worked fine.


I recently installed TrueNAS and setup an NFS share for my Linux backups and an SMB share for my wife’s Mac backups. Here are some notes that may be of use to others or my future self 😄 NFS My use case is to mount the NFS share on demand, backup my home directory, then immediately unmount. Create a TrueNAS user with the same UID as the user that will be using the NFS share Under Datasets:

Split Tracks and Pulseaudio

I’m learning to play the drums. Something I’m trialling is split tracks, where the mix of the recording is separated into left and right, with left being only drums and vocals, and right being everything except drums and vocals. This is great except when played through stereo headphones, the mix sounds odd and is uncomfortable to listen to. The solution is to convert the stereo output to mono, however most home setups won’t have the kind of gear required for this.

Sam Harris & Trump

NOTE: work in progress UPDATE Sept 5th 2022: Recent comments by Sam Harris on Trump would suggest that it is Sam Harris who is unhinged! “At that point Hunter Biden literally could have had the corpses of children in his basement, I would not have cared,” – Sam Harris is a brilliant thinker, and has an amazing ability to articulate his thoughts to a broad audience. I should say I’m no expert on Harris’ past work.

4K Disappointment

tl;dr - before going down the 4K path, make sure your graphics hardware is capable of driving your display at full spec. My old faithful Dell U2412 monitor recently started playing up. It is my main ‘work from home’ monitor and I needed to get work done, so I rather hastily found a replacement. I thought to myself “hey, 4K has been around for ages and prices are reasonable so may aswell grab one of those”.

Connecting to Internode with OpenWRT

Australian ISP Internode does not officially support OpenWRT. I recently connected HFC (hybrid fibre coaxial) with NBN & Internode. To get it working I needed to tag VLAN 2 on the WAN interface. Using the Luci web interface, navigate to Networks -> Switch and set the dropdown to Tagged next to VLAN 2 under WAN. Then setup the WAN interface like a standard PPPoE with <username>@internode.on.net for the username and my account password.

The Last Kingdom, a brief review

I just finished watching episodes 1-6 of the BBC historical drama The Last Kingdom. I enjoyed the first few episodes but found myself increasingly unsettled as the eposides went by. Something is very ‘off’ about this story. The TV series is based on the books, The Saxon Stories by Bernard Cornwell, so any criticism of the story and script are going to be primarily with the author. The Good Great Britain has a fascinating history, and there was much I learnt from watching TLK.

Morning Devotion

“The Lord’s portion is his people.” – Deuteronomy 32:9 How are they his? By his own sovereign choice. He chose them, and set his love upon them. This he did altogether apart from any goodness in them at the time, or any goodness which he foresaw in them. He had mercy on whom he would have mercy, and ordained a chosen company unto eternal life; thus, therefore, are they his by his unconstrained election.

FFmpeg Recipies

Any technology, no matter how primitive, is magic to those who don’t understand it. - Arthur C. Clarke / Mark Stanley

Here are some magical incantations that let me do help me do cool stuff with FFmpeg.

Selling a motor vehicle online

I recently sold a motorcycle via online classifieds. It was a learning experience - more accurately a re-learning experience. I’ve sold motor vehicles privately before and encountered many of the same things - it’s just that I do it so infrequently that I forget the tricks and the traps! What follows are some thoughts and advice to my future self, when next time I go to sell a motor vehicle:

Wireguard VPN

UPDATE 2020-03-30 Wireguard 1.0 was included in Linux Kernel 5.6. UPDATE 2018-08-06 Wireguard has been submitted for inclusion into the Linux Kernel source tree. I recently stumbled upon what I think may be the holy grail - a VPN method that is simple to configure, high performance, and (so I’m told) highly secure. Until now my experience of using VPNs was that you could choose any two of the above, but never expect to get all three!

OpenWRT Geofencing

Geofencing refers to allowing or blocking a connection based on country of origin. Unfortunately, OpenWRT / LEDE does not support geofencing out of the box. The way I’ve worked around this is described below. Shell script I created a shell script /root/bin/ipset-update.sh to pull Maxmind Geolite2 database periodically, and use that to populate an ipset set which I can then reference from iptables. The shell script is based on this one with a few tweaks for Openwrt: change bash to ash and change the paths of some of the utilities ipset, curl etc

Upload to S3 from URL

I recently had the need to transfer a large file from a remote host to S3 but had insufficient local storage to make a temporary local copy. Fortunately AWS command line tools allows for this by reading the piped output of curl as follows: curl https://remote-server/file | aws s3 cp - s3://mybucket/file

Mac Mini + Centos7

I recently had a need to install Linux on a 2014 Mac Mini. Naturally I chose Centos! 😄 I had some trouble finding a straightforward HOWTO to follow, so for the benefit of others wanting to do the same thing, here are the steps I took: download the latest Centos 7 minimal ISO, and transfer that to a USB stick using dd e.g. sudo dd if=CentOS-7-x86_64-Minimal-1708.iso of=/dev/sdb bs=8M insert the USB stick into the Mac Mini (re)boot the Mac Mini and hold the C key (or Alt/Option) down immediately after power on - this will take you to a boot disk selection screen select the USB stick (labelled ’efi’) and proceed to boot from it from here is a standard Centos install routine, with the exception of disk partitions: peform a manual disk partition setup.

Be your own tunnel broker: 6in4

The article describes how to configure a 6in4 service using your own VPS host. Tunnelling is done using protocol 41 which encapsulates IPv6 inside IPv4. Unfortunately my broadband provider does not offer IPv6. To work around that I tunnel to my VPS host over IPv4 and use IPv6 that way. I could use a tunnel broker such as Hurricane Electric, however their closest endpoint is far enough away that the additional latency makes it a pretty unattractive option.

HAProxy: rate limits + TLS SNI

At work we have been using AWS elastic load balancers for some time now and found it simple to use and reliable. Unfortunately, the tradeoff for that simplicity is lack of features & control. The main issue we’re facing is the need to implement basic rate-limiting controls on our web frontend to reduce the impact of abuse. I’m actually a little surprised that AWS do not offer some basic ratelimit functionality in ELB (maybe it’s coming?

Geotrust SSL chain + Zimbra

I recently ordered a RapidSSL SHA256 CA cert for one of my Zimbra servers. I had all sorts of trouble getting openssl to verify the complete SSL chain - intermediates, plus CA certs. The RapidSSL docs provides a link to an SSL bundle here, however that alone is not sufficient to allow Openssl to completely verify the chain. I downloaded the bundle and put that into file ca_chain.crt, then ran openssl verify but got this error:

Building LEDE / Openwrt for x86

EDIT: 2018-03-12, LEDE and Openwrt have merged. References to LEDE here can be substituted for Openwrt. I had a need to run LEDE on x86 hardware. Building a custom LEDE seemed a bit daunting at first, but turned out to be quite straight forward. The build described here is tailored for Qotom J1900 mini PC. Building the custom image I chose to build the LEDE x86_64 image within a Docker container like so:

Open source router

I recently went through the exercise of setting up a gateway router for one of my customers. The choices I had to make were two-fold: hardware & software Hardware I wanted to try and find the sweet spot between affordability, processing power, reliability. I could pickup an old desktop PC for next to nothing which would be more than adequate in terms of performance, however I wasn’t confident it would last the distance running 24x7 in a non air-conditioned storage room!

Docker and IPTables on a public host

NOTE: This post applies to Docker < 17.06 By default docker leaves network ports wide open to the world. It is upto you as the sysadmin to lock these down. Ideally you would have a firewall somewhere upstream between your host and the Internet where you can lock down access. However, in a lot of cases you have to do the firewalling on the same host that runs docker. Unfortunately, Docker makes it tricky to create custom iptables rules that take precedence over the allow-all ruleset that Docker introduces.

Git over HTTP with Apache

I had a requirement at work recently for our Git repo to be reachable via HTTP. I looked at Gitlab however came to the conclusion that it was probably overkill for our situation. I went with the following setup instead which can be run on the most minimal VM e.g AWS EC2 Nano instance. The instructions were intended for Centos7 however should work without much modification for other distros. Install required packages: yum install httpd git mod_ssl Ensure that ‘mod_cgid’ + ‘mod_alias’ are loaded in your Apache config Append the following config to /etc/httpd/conf/httpd.

Australia and Asylum Seekers

Australia’s Immigration Detention Situation Australia receives a lot of criticism from all sides, including from within, for its stance on illegal immigration. AFAIK, the current policy for anyone arriving illegally by sea is automatic detention in an offshore facility. The reason for this stance is deterrence - to discourage others from making the same journey. Automatic detention is pretty obvious, but the offshore component is not so obvious. Again, from what I understand the reason for that is due to legal issues.

White Australia, Blessing in Disguise

For approximately 100 years (c.1850-c.1950) Australia had a policy of preferring immigrants from Britain and European countries. The origins of the policy are rooted in the gold-rushes of the 19th century, and tensions between the majority white miners (both local and immigrant) and Chinese immigrant miners. In many cases the Chinese miners were more successful than their white counterparts due to their hard work ethic and ability to work cooperatively amongst themselves - traits that hold true today.

Map Area Measurement Tool

Today a created a tool for measuring areas on maps: http://pace7.com/utils/maparea/ Map tiles and data courtesy of Openstreetmap.

Garmin Contour Map

For anyone who’s interested, I’ve created a contour map of South East Queensland that is suitable for use with Garmin devices (I use a GPSmap 62s). You can download the .img file here. To install, copy the file onto your SD card under the Garmin folder/directory. On your device make sure the map is ’enabled’. The contour map will overlay contour lines over your main map. Have fun!


I’ve been using the Gumtree classifieds website a lot recently and have noticed some odd behaviour from people advertising their goods. No photo What’s the deal with so many ads not having a single photo of the item being advertised!? Isn’t it just common sense that an ad with a photo will be far more likely to get views than one without? Are these people really so lazy that they couldn’t be bothered to take a photo and upload it with their ad?

Dishwasher vs Hand Wash

At the end of a dinner party recently I got up and offered to help ‘wash the dishes’. Some of the other guests responded in somewhat astonished tone ‘oh, no need - she has a dishwasher!’ (she being the hostess) as if the dishes would somehow put themselves in the machine. This got me thinking, just how much more time, effort, energy, water does a dishwasher actually save? The benefits of a washing machine (for washing clothes) is abundantly obvious to me.

Ad Blockers and the Web

With the recent announcement that iOS9 Safari will enable the blocking of web ads, has come much weeping and gnashing of teeth from those on the web who’ve come to rely on ad-based revenue. If Apple deliver on the ad blocking, then many of these ad-supported sites will be severly impacted. I, for one, have no sympathy whatsoever. The writing has been on the wall for a very long time now.

OpenWRT and IPv6

I just configured my home network to use IPv6. My router runs OpenWRT ‘Barrier Breaker’ which supports IPv6, so it was just a matter of switching on and configuring the functionality. Unfortunately, my ISP does not provide native IPv6 so I’m using an IPv6 tunnel courtesy of Hurricane Electric Tunnelbroker service. Configuring my router The 6in4 tunnel Hurricane Electric provide a handy auto-generated config snippet specifically for OpenWRT, so it was a simple matter of:

AngularJS: Form Validation

A common scenario when validating form input is to call back to the server to check some detail or other before the final submission. For example, where the user has been asked to select a username, we might choose to verify that the username is available ahead of time. Rather than creating scope variables to keep track of whether or not a form is valid, we are better off using the built-in validation facility that AngularJS provides out of the box!

Go: too many open files

Recently while creating a basic HTTP/HTTPS monitoring app, Pingo2, I started seeing too many open files error. This error was thrown after the app had been running for some time, and I attempted to open a new network connection. Of course, in Unix/Linux network sockets are just files, so this error message actually makes sense in that context. First thing to do was run lsof to see exactly which files the process had open:

AWS: Custom Centos Image

I recently had a need to deploy a t2.micro instance on EC2 running Centos. Unfortunately, there are no official Centos AMIs available that will run on the newer HVM instance types. The AWS marketplace has several 3rd party Centos AMIs that support HVM. I used one of these as a basis for the new install. Centos has the ability to boot up into a VNC server from which a network install can be done.

CoreOS install to a VPS

I’ve just spun up my first install of CoreOS. I found the process a little confusing at times as the doco isn’t terribly clear in places. CoreOS is a work in progress, so doco will improve I’m sure. In the meantime, hopefully this post will be of some help to others. The host machine I used was a standard VPS from my hosting provider running on top of KVM. My hosting provider provides a console facility using NoVNC and the ability to attach bootable ISO media.

Wake your Linux box

I have one of the original Asus Eee PCs - the 701. I’ve put it to work monitoring the solar array on top of my house. There’s no point in it running all night when the solar panels are idle, so it may aswell sleep too. I found an article on the MythTV wiki which goes into great detail about auto shutdown / wakeup using ACPI….unfortunately none of it worked for me!

AngularJS + Martini: html5mode

By default AngularJS displays URL paths prefixed with a # symbol. This enables backwards compatibility with browsers that don’t support HTML5 history API. The AngularJS guide explains this in detail here To remove the # symbol and display more normal-looking URLs requires the use of html5mode in AngularJS. This is enabled via $locationProvider, for example: app.config(['$routeProvider', '$locationProvider', function($routeProvider, $locationProvider) { $locationProvider.html5Mode(true).hashPrefix('!'); $routeProvider. when('/signin', { templateUrl: 'components/signin.html', controller: 'SigninCtrl' }). when('/', { templateUrl: 'components/home.

Fedora Linux as a DAW pt1

I recently acquired an Alesis iO2 Portable, 2-channel USB audio interface for hooking up my MIDI keyboard to a soft synth. I had been using my onboard sound card but was finding that latency was unacceptably high. Linux is a rather unique beast when it comes to audio (as with many things) and to the uninitiated can be quite a bewildering experience. Choosing Linux as the basis of a DAW is a bit of tradeoff.

Gorp, sql.NullString and JSON

Using the Gorp package provides the ability for a struct to be populated directly from an SQL backend. Go also provides the ability for this same struct to be populated directly from JSON data. It’s a nice combination but has some gotchas to watch out for. Recently I struck a problem where a column in my database that was NULL was causing me some grief. I was unsure at first how to handle the database constraints while continuing to be able to unmarshall JSON the way I had been.

Angularjs: form data

There are several possible ways to submit form data to a web server: urlencoded parameter string appended to the URL e.g ?param1=foo&param2=bar urlencoded parameter string contained in the body of the request, and header set to Content-Type: application/x-www-form-urlencoded multipart form data contained in the body of the request, and header set to Content-Type: multipart/form-data; boundary=... JSON encoded string contained in the body of the request, and header set to Content-Type: application/json;charset=utf-8 The last one is the method that AngularJS’s $http service uses by default when POSTing data payloads to the server.

Eonon D2107 Car Stereo Review

I’ve recently replaced the OEM head unit from my 2007 Subaru Forester with an Eonon D2107 head unit. The D2107 is a 2 DIN unit with an 800x480 pixel touch screen, CD/DVD drive, USB + iPod support and Bluetooth. There are several comparable models out there, but I ended up going with the D2107 mainly because it has rotary knobs for volume control and navigation. What follows is certainly not a comprehensive review, but just highlights some things that may be of interest to others.

Evolution vs Creation - same evidence, different interpretation

It was with great interest that I observed the buzz around the recent Creation vs Evolution debate between Ken Ham and Bill Nye. This is the first time I can recall such a debate taking place where the secular media have taken more than a passing interest. The draw card of course was Bill Nye - the well liked and respected US television personality, public speaker who to many ordinary folks is the approachable face of science.


Another truly beautiful trance track by Norwegian artist Malu Shimmering pacific blue water_s_

Openvswitch and Fedora 19

I’ve just setup my Fedora19 to use Openvswitch . There are many howtos out there but the ones I read either didn’t cater for RHEL/Fedora or were not reboot safe. My aim was to create a bridge interface with 2 member interfaces:_ an interface for my host _ IP (mgmt0) and the physical NIC (em1). Later, my VMs will also connect to the same virtual switch. Install Openvswitch: $ yum install openvswitch -y

The stupidity of TFL

Transport for London take money from you even when you DON’T use their service. It has happened to me twice now. The first time I went to catch the tube at peak hour, walked down to the platform, watched as 3-4 full trains went past, then walked out again. I paid several pounds for the privilege. On the second occasion, the particular line I wanted to catch was shut for maintenance.

Dishonest statistics

Reading the latest Harpers Index I came across these 2 little gems: Year in which the Iowa Supreme Court legalized same-sex marriage : 2009 Portion of Iowans who say the decision has had either no impact or a positive impact on their lives : 3/4 The intention being, of course, that the reader will conclude that a high proportion of the Iowan population agree with changing the definition of marriage, and if so, why has Iowa held out for so long?

Node.js vs Go

Following on from my previous post on Go I thought I’d write some thoughts down on why I think Go has an edge over its competitors, in particular Node.js I’m not so interested in raw performance comparisons, as for many if not most real-world use cases these metrics are not particularly relevant. What interests me more are aspects such as developer productivity, code maintainability, scalability For several years now, Node.js has been filling the role of a low barrier for entry tool for rapid development of networking apps.


Another killer track to lift your soul: Spellbound by Darren Porter. I love that swelling choir sound with the bass drum underneath, reminiscent of an Enya track or the Gladiator film score.

Flying Blue

I enjoy listening to electronic dance music; more specifically, the sub genres Uplifting Trance or Progressive Trance. Trance tends to be packaged up into long mix tracks which transition from one song to the next in such a way that, when played at background levels, you’re often not aware of the change - just a continual stream of sound. I often just have it playing this way, not paying much attention to it but, very occasionally, music will play that grabs my attention.

And the winner is, Go!

I’ve just started playing around with Google’s language, Go (informally Golang). I’ve quickly become a fan and am already looking for opportunities to use it in a real-world application. I’d heard about Go when it first came out but never really bothered to look into it until now. Since I’ve been learning more about it, I’ve had several of those aha! moments where I’ve felt like a an itch has just been scratched; something that’s bugged me about other languages has been implemented the right way with Go.

RHCE Certification

I just became recertified as a ‘Redhat Certified Engineer’ . I held the certification up to RHEL5, however the cert expired once RHEL6 came out. I’ve been doing a senior sysadmin role for quite a few years now and so employment-wise, having the certification is perhaps less relevant, but felt it would be good to test myself out to make sure I still ‘had what it takes’. Due to a non-disclosure agreement every exam taker has to sign, I won’t be discussing details of the exam but just giving some general thoughts.


What does it mean to act professionally in the modern work place? A lot of the frustrations I have had with my work colleagues over the years boils down to this question. Mostly, it’s just about being a decent person. What follows is what I’d say to younger version of me, or anyone I had the opportunity to mentor: Keep your word If you’ve said you’ll do something, then make sure you make every effort to make it happen.

Things that suck about working in IT

Surfing the web, I stumbled upon one of those ‘things that suck about’ articles relating to IT. I found myself nodding and smiling as I went through the list, but it struck me when I reached the end that they’d overlooked, what is for me, the #1 thing: good manners (or the lack thereof). It never ceases to amaze me how people forget their manners when going to IT support to ask for something, especially when that support is one level removed i.

Ubuntu vs Redhat

I prefer Redhat. My work colleagues prefer Ubuntu. At work we have a mix of both distros, with perhaps a little more Ubuntu. This leads to some inevitable friction - nothing major, just little niggles from time to time. One of my colleagues, in addition to being a Ubuntu fan, is also a bit of a Redhat hater in that he likes to verbalise to me why Redhat sucks and Ubuntu is superior.

Digital Spring Clean

Today I decide to ‘dedup’ my external hard disk. I tend to dump random stuff on the disk and overtime a lot of doubling up has occured so I reckoned quite a bit of room could be made. My tool of choice was the creatively named ‘Duplicate Files Finder’ which is free/libre open-source application available for Win/Mac/Linux. The whole process took around 20mins to run, processing 465GB of data / 52296 files.

Shells within shells

As a *nix admin I spend most of my time on the command line which means I want to optimise that experience as much as I can. When editing files with vim I find I often need to drop into a shell to do some tasks before resuming the edit, but rather than quit vim I just spawn a subshell. The trouble is I often forget that I’m in a subshell and go to open the same file again.

Seoul layover

I just had a one night layover in Seoul Korea on my way back from Christmas holidays with family. I flew with Korean Air and normally they include accommodation in the ticket price but I was disappointed to learn that during the peak Christmas season hotel is not included. As I was having to arrange my own accommodation, I thought I’d take the opportunity to try staying in Seoul city itself and have a bit of a look around.

SOAP Server with PHP

I had a need to build a SOAP server, and after reviewing implementations in different languages decided that PHP using the Zend Framework would best suit my needs: minimal code required supports auto generation of WSDL by performing ‘autodiscovery’ on the PHP code PHP is widely deployed and well suited to web/cgi environments The examples below is an adaptation of the example found on this post - extended to support the Document/Literal style My development environment is PHP 5.

Shoei XR-1100 Motorcycle Helmet

Last week I purchased the Shoei XR-1100 helmet to replace my old helmet: a 4-month old Arai Axces I which had been stolen (b@$tards took a bolt cutter to my garage door). Rather than go and get the same helmet again, I thought I’d try something different, having never owned a Shoei before. The Axces and XR-1100 are both the entry level helmet for each brand, and have similar specs - both made in Japan, both fibreglass composites - and comparable pricing (Shoei was £70 more expensive) - .

mysterious high load

We had an issue recently where a server started reporting high load for no apparent reason. Running top on the server revealed that there was no process hogging cpu. The only other thing it could be was IO wait (kernel waiting for IO read/write operation to complete) and this most commonly relates to disk operations. _When IO is slow, processes take longer to run and tend to pile up on each other causing the overall load to rise.

How to lock xscreensaver on suspend

I’m running Fedora 17 with Gnome3 and xscreensaver. One small problem I had is that resuming from suspend did not automatically lock the screen. Thanks to a helpful post on askubuntu.com, came up with this solution: Create file /etc/pm/sleep.d/10-xscreensaver containing the following: #!/bin/bash case "$1" in suspend) export DISPLAY=":0" su myuser -c "(xscreensaver-command -lock)" ;; *) ;; esac Replace ‘myuser’ with your username. You may also need to adjust the DISPLAY variable depending on your screen setup ( ‘:0’ should work for most setups)

Copying files a different way...

I’ve just been sorting through my digital music collection and found a bunch of mp3 files mixed together with other formats. As my car stereo only plays mp3 files, I wanted to copy all the mp3 files and maintain the directory heirarchy (album/artist/song). The following allows me to achieve this: cd /inputdir; find . -name '*.mp3' -print0 | xargs -0 tar -cvf - | (cd /outputdir; tar -xvf - )