skullgiver

skullgiver, 5 months ago

Samsung is quite terrible at this. Even when you tell it to just show what’s on the HDMI input, it’ll do some kind of smart device detection on the HDMI signal with an infinite progress spinner before it’ll actually display anything. You can disable it per device by manually assigning a device type, but the damn thing has amnesia.

The basic mode of Google TV and LG’s WebOS seem fine to me, though.

skullgiver, 6 days ago

Arch people (and people using Arch derivatives) may also be stuck on 6.8. I believe some GPUs have issues with 6.9, so those users need to downgrade to the last LTS (6.6 I believe?) or risk instability.

Most Linux users aren’t affected, but plenty of people still are. Then again, they probably already knew.

skullgiver, 6 days ago

In modern processors, using performance can save power. By only powering up one core for a little while, even though it’s at a higher clock speed, some CPUs save energy by going back to sleep as soon as possible.

In my own experiments, powersave often did the opposite, keeping six or seven cores moderately active with light usage (because of the low clock speeds) and using more power than when I used performance.

Real life will vary by CPU and motherboard, of course.

skullgiver, 11 days ago (edited 8 hours ago)

[This comment has been deleted by an automated system]

skullgiver, 11 days ago

There’s no reason fax couldn’t be authenticated, it just isn’t. Modern fax is just a JPEG in a weird wrapper format. Email would arguably be worse, because email leaks tons of metadata in the wrapper.

Fax was pretty secure in the day of circuit switched analogue phone lines these days it’s all digital, though. There was an almost direct physical electrical connection between your fax machine and the recipient, something that we never get anymore. Your carrier and the government could listen in on the connection, of course, but that’s not really part of most people’s threat model.

There’s no reason to use fax today, but up to the mid-2000s there was a good reason to use fax over email.

Today, encrypted email is only used by privacy nerds and big businesses. Privacy nerds use PGP, big businesses use S/MIME. The latter is much easier to work with and is supported by basically every mail client out there, the former is free. Neither are usable safely by general consumers, they’re both full of technical details and concepts that very few people care about. L

The most infuriating part is that various governments use smart cards for digital ID that could be used to sign and encrypt emails like these (what’s better proof of ownership of a government ID than an email that can only be signed by the ID in question?), but the technology remains woefully underused.

skullgiver, 10 days ago

To break TOTP, the attacker would need to have the victim open up a phishing page. If someone enters their password at fakegoogle.com, they’ll also enter their TOTP tokens. TOTP only protects against your password leaking.

Microsoft Authenticator has a bunch of security checks, like checking if your device is in the same physical vicinity.

The current iteration of the app is moving to leveraging passkeys, something not just Microsoft can do. For businesses, there are still good reasons to use MS authenticator passkeys (control over policies like requiring passkey devices with certain security updates), but in practice I find a lot of 2FA passkey implementations sorely lacking at the moment. Scanning a QR code on your phone is annoying, even if it is phishing resistant.

skullgiver, 10 days ago

MS authenticator has a bunch of security features that make it better.

From a technical standpoint, it’s possible to bring those same features to independent software implementations, but nothing of the sort has been implemented yet. Best we have is cross device passkeys.

TOTP has serious flaws if you need strict security (easily phished, for instance) so a company can have good reasons for not trusting it. However, they can fuck off if they want to try to force that shit onto my personal device.

skullgiver, 6 days ago

With ARM chips, you can’t assume they use UEFI. Semi-hardcoded bootloader paths are par for the course on many ARM SoCs, especially by Qualcom.

I believe Microsoft prefers UEFI so perhaps they’ve implemented it to please them, but on a Linux model I wouldn’t be surprised if there’s a hardcoded vendor signing key in there with a uBoot fork that’ll load a kernel from a magical offset instead of presenting a management UI or options.

Booting on ARM is a real pain (even with UEFI because not all devices allow user specified keys to be loaded or secure boot to be turned off).

skullgiver, 11 days ago

I still enjoy the comics, but I have no idea how they got an animated series. The jokes are fine for a once-a-day thing, but minutes of this stuff at a time? I barely managed to get through the first episode.

I guess Apple must’ve been desperate for content.

skullgiver, 11 days ago

Yes I have! It was a terrible idea and I had to flash the ROM again. Good learning experience, not great for daily drivers. 5/7.

On modern Android, part of the launcher is also in control of the recents menu/app switcher. I found this out when my current ROM had a bugged out Pixel launcher that was easily replaced by Nova… except the recents and home gestures just didn’t work.

skullgiver, 11 days ago

Picard shaves his head, while Riker puts on a fake beard. Really shows who’s boss on the bridge.

skullgiver, 9 days ago

By default, an ext4 partition will have its root folder be owned by root. You can bypass this with certain mount options, but you should probably go and edit the owner of the root directory for your new drive. You can either change the owner to your normal user account, or change the permissions to permit any user of any group to read, write, and browse (also called “execute”) the directory. In most file managers, you can do this by right clicking an empty spot within the mounted directory and clicking “properties”. If you’re using the command line, you’re probably looking for chown $USER:$USER /path/to/mounted/drive/ or chmod 777 /path/to/mounted/drive.

There’s also a special “sticky bit” that directories can have in their permissions that make it difficult to write files to them, though I don’t think this applies in your case.

If you have done this already, make sure the disk is mounted somewhere your normal programs can access. If you mount it in /some/directory/drive, programs will throw up errors if they don’t have permissions to access /some or /some/directory.

If none of this works, we’ll need more information to help you. What mount options do you use, what directory are you mounting it in, who’s the current owner of the drive, what are the permissions like at the moment, what programs are failing to write, etc.

skullgiver, 4 days ago

Based on this Zen3 benchmark, I’d say somewhere between 40 and 77% for the most impacted workloads tested.

Some tests also run faster without SMT (mostly graphics/AI-on-CPU ones I think) so it really depends on your workload.

On a gaming computer, results seem to vary between -10% to +10% FPS for a Ryzen 9 chip, probably because very few games make good use of that many CPU threads.

If you’re running a small home server or desktop, I’d expect you to throw out a bit less than half the CPU capacity. You do get some of that back in power savings, so if your server is overspecced for your workload, disabling SMT may be interesting regardless of the security aspects.

skullgiver, 5 days ago

Xen has a much smaller attack surface so it’s probably better for security. It doesn’t really do much other than enable creating virtual machines. KVM is much easier to use, but usually comes with a full Linux installation.

I used KVM in my last Hackintosh attempt and while Arch ran KVM quite happily with something like 512MB of RAM and all hardware I could think of forwarded, that’s still a full Arch install I needed to kept updated separately.

Unfortunately, Xen kernels didn’t work on two of my devices. I assume something was being logged to some display that wasn’t connected to the Xen kernel, but I couldn’t get it to work.

Both do attempt to block virtual machine escapes, and both have been victims of successful VM escapes in the past. You can prevent a lot of them by disabling hyperthreading in the UEFI config, but every year a new Intel/AMD/ARM hardware bug seems to be discovered that allows breaking the boundaries of the VM. Perhaps AMD’s encrypted memory can help, but I believe it didn’t last time (as the memory leaked was already decrypted inside the CPU).

I haven’t seen many KVM exploits, but if you want to be as secure as possible, I’d stick with Xen, as that’s what all the security professionals seem to be using. Generic virtualisation (proxmox etc.) seems to use KVM just fine as well, so if you’re just hosting normal VMs, I don’t think you need to particularly worry about security at this level.

skullgiver, 4 days ago

The biggest problem for paranoid virtualisation is that you need to disable the cores on those host, or other VMs will still be able to access memory if your CPU is affected by the next speculative execution bug. That goes for both KVM and Xen, as the problem lies within the hardware.

You’d lose half your threads. It’s not an exact 50% performance loss, but it’d definitely have a sizable impact.

Personally, I trust my CPU enough to work well as long as I install all the firmware updates and kernel patches, but speculative execution bugs have proven so common that I doubt they’ve all been discovered. If you’re afraid of getting exploited by bugs like these, disabling SMT seems to be the only effective preventative measure you can take (and even then there are potential security threads!)

skullgiver, 4 days ago

On the Apple side, all development is done by people outside of Apple. Apple themselves don’t even support Vulkan, you need MoltenVK for that on macOS.

On the Nvidia side, Nvidia hired one of the main devs behind Nouveau and he’s been making some pretty sweet changes to the way the Linux driver is being developed. It’s still not AMD levels of openness, but at least they’ve opened up their driver source code. Unfortunately, just like on AMD, CUDA programs don’t run on the open source driver and you need a relatively recent card for the open driver to work in the first place.

In this case, Nvidia’s open source code was actually the part that helped the independent dev make Apple’s hardware work. Feels weird, but I hope Nvidia keeps improving!

skullgiver, 4 days ago

Who would’ve thought that Nvidia’s Linux driver would be driving new GPU hardware support in Linux!

skullgiver, 10 days ago (edited 7 hours ago)

Know any good AR/VR display environments for Linux? I like the idea of using lightweight AR/VR but I haven’t heard of anything open source that’s even close to production ready on devices like these.

skullgiver, 10 days ago

They don’t! ChromeOS is a partially closed source Linux distro, after all. I just don’t know of any good pieces of software that aren’t part of proprietary products like the Quest or this thing.

I don’t expect a closed source window manager to get much attention on Linux, but I guess it’s possible. Do you know any, perhaps?

skullgiver, 4 days ago (edited 8 hours ago)

I hate the “just use the terminal” internet advice. Sometimes it’s necessary, but it really shouldn’t be on modern GUI distros. However, on the non-extremist distros (no Arch bleeding edge stuff, no Debian “free software is more important than working drivers” mentality), things aren’t as bad as you’d think they are reading guides online.

If you use a general consumer focused Linux distroa and stick with tools with official support, sure, Linux can be used through the GUI. Pick Ubuntu or maybe Mint, install Steam for games, use whatever app store program these things come with these days. The hardest part is ignoring the people online who tell you to sudo doas run0 awk grep sed for minor changes that you can just as well do in your distros Notepad alternative or a command line tool with names like “Disks” or “Backups”.

Instead of regedit, you can install dconf editor on Gnome or a text editor in KDE (in the few places the normal settings screen doesn’t have a button). Instead of sudo nano, open text files in the text editor.

The Wayland thing should no longer be necessary. Even if you don’t provide the flag, Xwayland will take over and Firefox will still work fine if you don’t know any better

To use nautilus as an admin, there’s a secret trick that Gnome should make a menu button for already: edit the path (ctrl+L) and turn /home/user into admin:///home/user. This will allow you do to root operations. In KDE, this is easier.

In KDE, flatpak support can be added to Discover through the GUI as well. Simply go to the settings, enable Flatpak, and add the default repository, all clickable buttons. I think this should be done by default, but whatever.

Making the boot process prettier is something every OS I know of requires command line tooling for. Unless you use systemd-boot, which hates themes or colours or anything nicer than an 80s prompt really, every major OS I know of comes with a background picture and an animated boot logo by default. If you want to edit those, you’re venturing into the “do it yourself or run some shady program off Github” area similar to that if modding Windows. Similar to modding Windows, you’ll probably break your boot as well.

In Ubuntu, the Nvidia driver can be installed through the “additional drivers” control panel option. Debian is against proprietary software, so they make it very difficult. If you don’t mind proprietary stuff, Debian may not be for you.

I’m not sure if Canonical also broke Flatpak support in Discover, but the important steps are all doable in the GUI on Kubuntu. I think Zorin has a Kubuntu version that may also work. Pop is moving to their own GUI, but that’s still not finished, so that’ll probably require more terminal work for a while. I’m pretty sure Mint will also work out of the box for most of this stuff.

What I’ve noticed is that more and more settings and guides for Windows these days are all done through Powershell. While Linux is (slowly) moving to a GUI oriented desktop, Microsoft seems to be ditching settings for command line tools because they’re afraid general users will break something.

skullgiver, 4 days ago

For normal system administration, Gnome, KDE, Cinnamon, Mate, XFCe, and the others should be making those GUIs. And they do, most of the time, or they reuse tools from other environments.

Programs in general will work on all of those desktop environments.

skullgiver, 3 days ago

I don’t understand the BTRFS internals, but balancing my drive has cleared up a few gigabytes a few times. I think reallocation allows the FS to allocate disk space more efficiently, as long as you have the scratch space to store the files temporarily.

skullgiver, 3 days ago

df reporting gigabytes of free space while balance reports a lack of free space seems to indicate that the filesystem is very unbalanced. This can happen on btrfs (though I’m not sure how).

Best way to clean this up may be deleting a few gigabytes of stuff and trying the balance again. Defragmenting (btrfs filesystem defrag) may also help but you need free space to do it.

There are graphical tools to do this for you with one click, but you’re stuck unable to install anything, so that won’t help you after the fact…

skullgiver, 4 days ago

Tools I use:

• Timeshift for snapshots (and automatic snapshots after package upgrades)
• BTRFS assistant for helping with BTRFS maintenance

skullgiver, 4 days ago

Timeshift uses BTRFS snapshots (CoW subvolumes). It also does some hardlinking stuff for other filesystems, but on BTRFS the entire thing just works a bit better.

More tools I forgot to mention: duperemove to deduplicate extents, and compsize to show how effectively filesystem compression is working.