SSD’s , booting too fast and clamd service fails

a brief post to serve as a reminder to myself in future (and hopfully help out others too)

** Edited on 1st July 2017 , the edit is below the original post, which I have kept intact. I may later repost a fully integrated edit.**

I recently got a second user SSD for what was a great price ( from PCBitz) , so I took time out to reinstall ArchLinux  all went smoothly and eventually I was booting up to my chosen DE (desktop environment) Plasma-Desktop by KDE  and I was booting very quickly


which is of course one of the reasons for having a SSD

There was one issue however, one of my services clamd which I use to scan downloads in Firefox with fireclam and email in Thunderbird using clamdrib

ERROR: TCP: getaddrinfo failed: Address family for hostname not supported

leading me to start the service manually at which case it woud work perfectly, this led me to the conclusion that although launching after the network services clamd was completing prior to my router issuing an address to my PC.

(and yes I switched back to Tunderbird after many months of using Evolution.)

quick recap The issue was I was booting too quickly and clamd was starting before the PC had received an address from the router.

the solution , my friend Andy over at suggested using chronie to delay the start up of the clamd service , which made sense as follows

However me being me… looked elsewhere for a solution

systemd ( yes obligatory boo hiss from some quarters) has a delay timer function built in all you need to do is set up a timer value and call for a .timer file instead of a .service file , all it takes is a small change to the .service file and save it as a .timer instead

first thing was to disable the systemd service file

sudo systemctl disable clamd.service

then edit the .service file adding


and as it is launching as a time , ther is no need for the instruction to launch after  the network service so comment out that line

so that the service file looks like


then save as


all that is then needed is to enable the timer service , using

sudo systemctl enable clamd.timer

and reboot , on all subequent boots the clamd service is sucessfull as it delays its start by a period of 10 seconds , long after the network has started.

I’m hoping this helps someone somewhere , and shoud it not , try Andy’s solution noted above.



EDIT: (Saturday 1st July 2017) troubleshooting addendum

Everything was working great , then I updated . not sure why but my solution presented started to fail to work.

inorder to get this solution working again I did the following

sudo systemctl disable clamd.timer

sudo mv /usr/lib/systemd/system/clamd.timer /etc/systemd/system/

cd /etc/systemd/system

sudo nano clamd.timer

change OnBootSec=10 to OnActiveSec=10 and uncomment the #After line

so that the .timer file looks like


Then enable the timer with

sudo systemctl enable clamd.timer

I wil leave this rather disjointed post as it is , as it may help troubleshoot an issue later on.











Gargoyle Router and PIA OpenVPN config

OK, its been quite sometime since by last post, lots has happened in the world , stupid is on the rise , evil continues to try to get in the way of our day today,and everyone seems to want to know what YOU are doing (google, crackers , governments, and others)

One way to mitigate this is to use a VPN service , like PIA (Private Internet Access) and the most useful way to do this is by using a router configured to use the service exclusively.

There are many 3rd party router firmwares , however not all routers are compatible, so do check compatibility if you choose to use DD-Wrt , Advanced Tomato, Tomato – by Shibby, OpenWrt, LEDE or as I have for my TP-Link router Gargoyle.

OK for the most part it is REAL easy to set up Gargoyle-Router as a VPN client. the following assume you have Gargoyle-Router  set up and in use ( my network uses the Gargole-Router as a Subnet to another router that handles the ISP connection) . It also assumes that you have ssh access to the router.

before doing anything with the GUI , first ssh into the router and get to the OpenVPN folder

ssh root@192.168.x.x

root@Gargoyle:~# cd /etc/openvpn


then use the echo command to create the auth.txt file ( contains username and password) and confirm it using the cat command.

root@Gargoyle:/etc/openvpn#echo “<username>” >> auth.txt

root@Gargoyle:/etc/openvpn#echo “<password>” >> auth.txt

root@Gargoyle:/etc/openvpn#cat auth.txt



It then get s little tedious as you also have to have a “cat crl.rsa.XXXX.pem” file, if you know how to use vim, good on you , cuz do not except how to delete lines and then save ( see later)

to set up the .pem file , I used the echo command with the >> switch to add each of the 15 lines individually like

root@Gargoyle:/etc/openvpn#echo “—–BEGIN X509 CRL—–” >> crl.rsa.2048.pem
root@Gargoyle:/etc/openvpn#echo “MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI” >> crl.rsa.2048.pem
root@Gargoyle:/etc/openvpn#echo “HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0” >> crl.rsa.2048.pem
root@Gargoyle:/etc/openvpn#echo “each line in turn” >> crl.rsa.2048.pem

ending with:
root@Gargoyle:/etc/openvpn#echo “—–END X509 CRL—–” >> crl.rsa.2048.pem

then confirming it with

root@Gargoyle:/etc/openvpn#cat crl.rsa.2048.pem

now you can ( for a while go to the GUI and log in.

Once logged in, go to Connections >OpenVPN  and select OpenVPN client. then complete all the required boxes.


One this is done Save changes, on doing so it will advise that the configuration has been saved but failed to connect (bummer) , at which point go back to your terminal that you ssh’d into the router with.

The reason why it fails is that Gargoyle writes its own OpenVPN configuration , that points to two files that PIA does not use , some will get round this by making phantom config files ( although as the files are keys, and certs) , this does not seem wise to me.

When back at the terminal you can check the gaining config directly by using

root@Gargoyle:/etc/openvpn# openvpn grouter_client_<randonstringybit>.conf

which will confirm the error, to fix it we need to remove two lines from the .conf file, and the only editor onboard is .. vi

The two lines you need to remove are

cert /etc/openvpn/grouter_client_<randonstringybit>.crt
key /etc/openvpn/grouter_client_<randonstringybit>.keyroot

to do this use vi on the config file

root@Gargoyle:/etc/openvpn# vi grouter_client_<randonstringybit>.conf

then move the cursor to the fist line and tap d twice , it wil remove the line , and then repeat again for the second line, after removing both lines press <esc> :wq <enter>.

you can the retry the config manually again

root@Gargoyle:/etc/openvpn# openvpn grouter_client_<randonstringybit>.conf &

which should now get to the initialisation confirmation and start the VPN client.

when you  rebook you shoudl see a confirmation that the VPN is connceted on the login page , and on the Connections > OpenVPN page.

Mine has now been up for about 2 hours without issue, please post back if you have any success with this.






Evolution – unified inbox

This is a little bit of a OMG! moment for at least one person that will shit themselves that not only have I written an entry for WordPress , but two in one day ( gotta be the world is ending.. )

As noted before my recent past involved searching for the ideal Email client  and after trying Thunderbird ( great but potentially EOL and was becoming unstable for me ) , I tried (among other solutions) Sylpheed, Claws, Geary, Seamonkey,  the best alternative I found was Mailpile – which was fantastic , however it suffers from “Beta testing syndrome” – it will be ideal once its worked its kinks out , but for now its not for me.

I settled on Evolution as it has a good combination of  functionality and if you have “gnome-control-center” installed , uses Oauth for google accounts, and serves as a client for the google calendars also ( this for me was the selling point).

After setting up my 5 email accounts and messing about with the configuration , I realised it was lacking one vital function for anyone with multiple accounts , a unified inbox , or so I thought..

To configure a unified inbox you have to set up a search folder ( a virtual folder to see various mails within your email accounts that is filtered by rules). a search folder could be set up to see all the emails sent by a particular person over a specific period of time , or all emails that contain a phrase , I think (hope) you get the idea.

To set up a Search folder you need to navigate (within Evolution) to  Edit > Search folders which brings up a box like this ( I already have configured a unified inbox – yours will most likely be blank)


To set up a new search folder click “Add” which will present you with another box


It is then a matter to complete a Name for your search folder and use the rules set to narrow down the criteria of what you wish to look at.

I could make you guess what the rules for a unified inbox are , however as I am feeling nice, here you are


and there you go all sorted .

If you are wondering where your search folder is  in the GUI of Evolution you can arrange its location in Edit > Preferences > Mail Accounts by dragging and dropping it to the top

Hoping this helps someone, somewhere at sometime.


















of Plasma Fails and Gnome madness

First blog post in a LONG time , but I guess that as I am using it now , it must have some use.

This is mainly a reminder to myself so that I can roll back after trying out various applications and desktop environments .

As Thunderbird (email) and Lightning (calendar) were becoming unstable for me ( + the fact that Thunderbirds days are numbered) I decided to look at alternatives .

The native choice on plasma would be  KDE’s Korganizer and Kmail which after trying for a couple of weeks I realised were basically rubbish (oh yes they are!)  as they were unstable and did not theme nicely as the other KDE/Plasma5 applications

after looking at other options I decided to switch to using Evolution as my email and Gnome-Calendar as my… calendar ( yes there are lots of gnome dependencies and you need gnome-control-center too for Oauth2 on gmail accounts) , despite being Gnome apps , Plasma5 themes them nicely and garnishes them with matching window title bars ( and they look more native than Kmail and Korganizer).

This peaked my attention – the fact that Gnome apps were as good as this , so I thought “lets try Gnome”, having been burned in the past ( the fact that EVERY  time I try the Gnome3 DE that I get frustrated as to how user unfriendly it is)

So prior to doing anything else did the following

pacman -Qnq > before.txt


Then installed the remaining part of the Gnome3 environment with

sudo pacman -S gnome gnome-tweak-tool


which installed the Gnome3 environment, which I really wanted to get configured and even after about  3 hours , was no where near

Once again  Gnome3 proved to be a ghastly experience (for me) , even with the gnome-tweak-tool.

I will say that I like a traditional desktop which Gnome3 most certainly is not.

Having decided to ditch Gnome3 but keep the part of Gnome I was happy with ( Evolution and Gnome-Calendar) I did the following to make a list of the then -installed applications

pacman -Qnq > after.txt

Now all I needed to do extract the differences between before.txt and after.txt to create appstoberemoved.txt

comm -13 <(sort before.txt) <(sort after.txt) > appstoberemoved.txt

and then use pacman to remove them and any other unneeded packages

sudo pacman -Rnu – < appstoberemoved.txt

once completed , I was left as if the installation of  Gnome3 was like a bad dream.

Hope this helps others as it helped me.












More kmailservice5 misery?

hey all, most recent update for Plasma5 caused kmailservice5 to take over “mailto:” links in konsole (again) I tried my fix as noted here with with no success.

I did not give up, no indeed I was not gonna give up on Plasma5 and run scampering to Gnome3 (ok, so I was tempted for a few seconds , then I remembered my last try of Gnome3)

I eventually located the answer

I edited /usr/share/applications/kmailservice5.desktop

replacing the
Exec=kmailservice5 %u


Exec=thunderbird %u

and so that its not over written

chattr +i /usr/share/applications/kmailservice5.desktop

and now mail links work in Konsole.

Hope this helps

Migrating Back to ArchLinux from Parabola

migrate back to archlinux from parabola

OK these are notes (not full instructions) I generated on moving back to Arch from testing out Parabola If you mess your system up using these notes , its your own fault! dont use these and moan, I will laugh at you, you have been warned …

First chain yourself up again

 pacman -R your-freedom 

Disable signature verification manually by modifying the line in /etc/pacman.conf:

 RemoteFileSigLevel = Never 

Grab the arch keyring and mirrorlist packages

pacman -U
pacman -U 

Replace the Parabola mirrorlist

cp /etc/pacman.d/mirrorlist.pacnew /etc/pacman.d/mirrorlist

If the installation of the mirrorlist package does not generate a .pacnew you will need to extract the mirrorlist and place it /etc/pacman.d/ dont forget to edit /etc/pacman.d/mirrorlist to activate a mirror.
Remove the Libre repo from /etc/pacman.conf by removing the following two lines

Include = /etc/pacman.d/mirrorlist 

re-enable signature verification manually by modifying the line in /etc/pacman.conf:

 RemoteFileSigLevel = Required 

Clear the pacman Cache and force the database update

pacman -Scc
pacman -Syy 

remove conflicting firmware (or move them if you prefer)

rm /usr/lib/firmware/htc_7010.fw
rm /usr/lib/firmware/htc_9271.fw

update to arch pacman and update the system to non-libre

pacman -S pacman
pacman -Suu linux linux-firmware firefox thunderbird

before rebooting update your bootloader remove /boot/syslinux/syslinux.cfg

rm /boot/syslinux/syslinux.cfg
pacman -S syslinux
syslinux-install_update -iam 

reboot use pacman to identify non archlinux packages for removal

 pacman -Qem 

remove packages using pacman -R

VPN’s and Gmail acess via Thunderbird

I recently signed up for a PIA VPN – which is great – I added a second router to my network and end created a subnet, and configured the router to connect solely to  PIA VPN.

It means that any PC/Laptop/Device attached to that router – by wire or via wireless has a degree of anonymity on the net, this is great for surfing, but for an email less so, why ? you ask.

As soon as I fired up Thunderbird it started to connect to my email providers (gmail) and was blocked, at the same time , I received emails to my other devices advising that my email may be compromised  as someone had attempted to sign on in a different location to my other signons.. it was a PITA to sort as you have to confirm via multi-factor that it was indeed a legitimate logon.

So as I have a small network , I looked for various solutions to allow me to continue using Thunderbird while not causing teh alerts from gmail.

At first I spent a day setting up a nginx webserver to run roundcube on a remote machine on my network, this proved to not be suitable as I have more than one imap based email provider and more that 1 account with each of them .

So I started to look at proxy’s , long story short I selected TinyProxy which in Archlinux is started via systemd and has a simple-ish configuration file , located at /etc/tinyproxy.

my final configuration file looks like this

 changes from defaults are commented
User tinyproxy
Group tinyproxy
Port 8080   # <em><< the port that tinyproxy listens on</em>
Listen <em>#<< the address that is assigned to tinyproxy' physical interface</em>
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
Syslog On
LogLevel Info
PidFile "/var/run/tinyproxy/"
MaxClients 100
MinSpareServers 5
MaxSpareServers 20
StartServers 10
MaxRequestsPerChild 0
Allow   # client's network/subnet address
ViaProxyName "tinyproxy"
ConnectPort 443  # the port of SSL connections that are allowed
ConnectPort 563
ConnectPort 587
ConnectPort 993
ConnectPort 465

You also need to add rules to your firewall to allow both tcp and upd traffic on port 8080, I use shorewall so added the following to /etc/shorewall/rules

ACCEPT net fw tcp 8080 -
ACCEPT net fw udp 8080 -

and then restarted shorewall

shorewall restart

now that the proxy is ready to be used , we can tell Thunderbird about it, to do this open up Preferences> Advanced >network & disk-space > connect. and configure  a manual proxy for both HTTP ans SSL , leave SOCKS blank.

as the proxy on my network is on and port 8080 , I just entered in that detail to the spaces as required.

so now I have a VPN’d machine , where the email client connects in the same locality as the rest of my devices

so far its working ok, I have had no warnings/alerts from gmail

Hope this helps someone somewhere