Google’s monopoly on the APK trust chain

Tomáš has an interesting article on trusting APKs from third-party mirrors.

Since Google is the gatekeeper of the APK trust chain, it’s not easy to independently verify APKs; Google doesn’t even give you the package signatures. The article shows a nifty method for extracting them by (ab)using the εxodus privacy audit project.

Do you know of a better way?

Flickering UI when running Windows Steam through WINE

Okay, this one requires some explanation. There is one game I like that simply won’t work on Linux through Proton, and that’s Pinball FX3. The reason is probably some sort of weird anticheat mechanism the developers use; it just crashes on launch.

Now the problem isn’t the game itself: Once you crack the game, it runs perfectly fine. It must be something in the anticheat DLL that causes the crashes. The issue has been listed on Valve’s Proton issue tracker since 2018, so I’m not entirely sure there’s anything Valve can do about it. But several enterprising people in the Pinball FX3 discussion boards on Steam have discovered a solution: Just install the Windows version of Steam in WINE, then install Pinball FX3 in there. Works perfectly!

It seems WINE is good enough to offer whatever Windows syscalls the Pinball FX3 anticheat requires. The only problem I had when playing like this was that the Steam UI is flickering in and out of existence, and it’s hard to choose a game to start when you can’t see it half the time. But Redditor Lemonzest2012 has a nifty workaround:

wine steam.exe -no-browser +open steam://open/minigameslist

This not only works around the flickering, it also saves on resources and fixes another problem: steamwebhelper.exe randomly taking up 100% on entire CPU cores. Which is a thing. I swear.

What have we learned from this?

  1. Steam can be a dumpster fire.
  2. WINE does a bangin’ job implementing ye ole Windows syscalls.
  3. Zen Studios (the people behind Pinball FX3) should offer a native Linux port. They did sort of promise they’d look into it once Pinball FX2 (yes, two!) comes to Steam, but it’s been nothing but crickets since. That was in 2013. What’s almost a decade between friends, eh?

If you would like to support a digital pinball developer who hearts Linux instead, try Zaccaria Pinball. The newer “Deluxe” type tables are very good indeed, the thing runs smooth as butter even on moderately powerful hardware and the lighting in their engine is just delicious 👌

Fix for keyboard layout resetting to US on every login after installing Zoom

For several months now, my keyboard layout would reset to English (US) every time I log into Plasma. I’ve tried every possible way to force it to my preferred layout, EurKey, but nothing worked: xorg.conf snippets, localectl configurations, it seemed Plasma simply ignored these settings.

At first I blamed Plasma, but it’s innocent: The problem is Zoom! The Zoom package contains an unnecessary dependency on IBus, at least in the RPM that Zoom packages for openSUSE. IBus comes with its own keyboard handling and is useful if you want to type text in Chinese, Japanese, Korean or other languages using non-Latin characters. But it also means that if you don’t configure IBus, your Plasma session will start with English (US) no matter what XKB keyboard layout you have set in Plasma.

The solution, at least until Zoom fixes their package, is to tell IBus to use your XKB keyboard layout. Right-click the IBus widget in the system tray and go to advanced preferences:

Here, select “use system keyboard layout”. This will force IBus to use whatever is set via XKB.

No more Google Fonts here

Using Google Fonts on your site is a privacy problem because it allows Google to track your visitors even if you don’t use any other Google APIs or services. Why did you think Google so generously lets you use those fonts for free?

I asked the WordPress developers for an option to remove them (also in the admin panel) several years ago, but they were not really willing. It seems the situation hasn’t changed in the meantime, but there is now at least a third-party plugin that allows you to disable/remove Google Fonts in many popular themes.

It’s updated regularly and seems to work, so cheers for that!

Improving fan noise on AMD GPUs using software only

My RX 580 has been giving me trouble recently. There is now an audible clicking when its fans spin up from zero RPM, and unfortunately, this happens a lot in desktop use.

Not wanting to invest in an aftermarket fan just yet, I looked for ways to manage the fan RPM curves while overriding the GPU BIOS and I found amdgpu-fan.

I prefer this to the other solutions out there for a few reasons:

  • Doesn’t need (or even have) a GUI
  • It’s just a small Python script
  • The config file format uses nice human-readable numbers (percentages, not absolute values)
  • The file’s a simple bit of YAML
  • The tool seems to rather smoothly calculate curves between the stop points you configure

To prevent the clicking noise when the fan engages, I set it to run at 35% RPM even as a baseline, and not ramp up until the GPU hits 60 degrees. At this setting, I can’t hear the fans during desktop use; goal accomplished.

My config for an XFX Radeon RX 580 GTS XXX Edition looks like this:

speed_matrix: - [0, 35] - [30, 35] - [45, 35] - [50, 35] - [60, 40] - [70, 45] - [75, 52] - [80, 78] - [92, 100]
Code language: YAML (yaml)

I also slapped a systemd service into /etc/systemd/system/amdgpu-fan.service to activate on boot:

[Unit] Description=amdgpu fan controller [Service] ExecStart=/usr/local/bin/amdgpu-fan Restart=always [Install] WantedBy=default.target
Code language: TOML, also INI (ini)

So far, I’m happy!

Automatically unlock kwallet after KDE/Plasma login on openSUSE Tumbleweed

There’s a reason for the very specific title: It seems this feature is configured a little differently on Tumbleweed than on openSUSE Leap and I haven’t found any up-to-date information on this. So I’m writing this down as a note to myself.

A default Plasma desktop will use kwallet to save passwords for various desktop services (802.11x passwords, Nextcloud/ownCloud logins, SSH key passphrases, etc.). This can get inconvenient when e.g. Nextcloud wants to access the Internet, but the wallet isn’t unlocked yet, so Plasma can’t decrypt the WLAN PSK.

One solution is to:

  • Make your kwallet password the same as your user password
  • Ensure kwallet’s default wallet is called “kwallet” and that it’s the one that contains the keys you want unlocked on login
  • Make sure this wallet is using Blowfish encryption (this will not work in gnupg mode)
  • Install the require PAM modules

The package on openSUSE Tumbleweed is “pam_kwallet”, so:

sudo zypper in pam_kwallet

Log out from your desktop session, log back in and it should immediately work. In the past, you would have had to add the pam modules to /etc/pam.d/common-session or /etc/pam.d/sddm,but this is now done automatically.

The elegance of this is that you can still store more precious passwords in a separate wallet in Wallet Manager (just call that one something other than “kwallet”). That wallet can then be set to decrypt only on demand. This should save a lot of passphrase typing on a typical day.

Fix AMD Vega GPU resets

Update, 2020-04-29: Since upgrading to kernel 5.6.6 and Mesa 20.0.4 I haven’t had any GPU resets anymore even without this workaround. It seems the reclocking issue is fixed. Keeping the article for reference:

If you have an AMD Vega 56 or 64 you may have had some issues using the amdgpu driver, namely random GPU resets leaving you with a blank or colored screen and freezing the computer after a few minutes. It seems that too aggressive memory reclocking is the culprit, but I found a solution in the Freedesktop issue list on their GitLab instance:

Stick this in your systemd, e.g. to /etc/systemd/system/amdgpu-pp.service:

[Unit] Description=AMD PP adjust service [Service] User=root Group=root GuessMainPID=no ExecStart=/opt/amdgpu-pp.sh [Install] WantedBy=multi-user.target
Code language: TOML, also INI (ini)

Then in /opt/amdgpu-pp.sh:

#!/bin/bash echo "manual" > /sys/class/drm/card0/device/power_dpm_force_performance_level echo "1 2 3" > /sys/class/drm/card0/device/pp_dpm_mclk
Code language: Bash (bash)

chmod +x that bugger and enable/start the service:

systemctl enable amd-pp.service systemctl start amd-pp.service
Code language: Bash (bash)

There, done! I have never had any GPU resets after this. Thank you, haro41, for this workaround.

Fix Popping with Pulseaudio when Playing Audio After a Period of Silence

When I got all fancy and moved to the 5.x kernel and Pulseaudio 12.2, I had one big new problem: My sound card would make an ugly popping noise every time it started playing sound again. Very, very 90s.

Fortunately, this can be fixed. Thanks to hateball for this solution. Stick this in your ~/.config/pulse/default.pa:

.include /etc/pulse/default.pa
unload-module module-suspend-on-idle

And kill/restart pulseaudio with pulseaudio -k.

Stolen from the Arch wiki.

A Quick Look at openSUSE For Gaming

I’ve been trying SUSE as my main distribution and that’s something that hasn’t happened in my life since 1996. Even worse, this distro impressed me, a hardcore Debian nerd, quite a lot.

The reason for distro-hopping is Canonical’s bold decision to drop support for using 32-bit executables (and libraries) in Ubuntu starting as early as October 2019. That means that potentially thousands of games will no longer work, and it prompted Valve to drop support for Ubuntu in Steam. Valve is arguably the most important contributor to Linux gaming, so this is a big deal and a good enough reason to look at distros other than Ubuntu.

Continue reading “A Quick Look at openSUSE For Gaming”

Recipe: Filled zucchini au gratin

A friend asked me to post the recipe for this, so here we go. I never measure my things, so take the measurements with a grain of (haha) salt.

Note the lakes of juice and cheese fat.

Preparation time: 30 minutes. Cooking time: 30 – 40 minutes. Oven required

What you’ll need:

  • 2 – 3 medium-sized zucchini
  • 200 – 300 grams of cherry tomatoes
  • 20 – 30 grams of parmesan cheese, roughly grated (or vegan alternative, Daiya shreds, etc.)
  • 4 – 6 slices of goat cheese (or vegan alternative)
  • 4 cloves of fresh garlic, finely sliced. Not dried, those taste like arse. Alternatively, freeze-dried fresh garlic
  • 2 – 3 medium-sized onions, finely chopped
  • 2 – 3 peperoncini (hot chilli peppers), to taste
  • 4 tbsp olive oil
  • 1 tbsp dried oregano (flakes or powder)
  • 1 tbsp dried basil (flakes or powder)
  • 1 tbsp mild paprika powder (or 1 tsp hot paprika powder)
  • 2 tsp salt
  • A little pepper

Cut the zucchini lengthwise and hollow them out as best you can by scraping out the flesh using a sharp spoon. Make the zucchini walls as thin as possible without breaking them, so baking won’t take forever later. Keep the zucchini flesh and chop it into small pieces. Cut the cherry tomatoes in half. Chop the garlic finely. Grate the cheese(s).

Chop the onions into small bits. Heat olive oil to slightly less than medium heat. Add the onions, fry very slowly for 5 – 10 minutes without letting them get too brown or black.

Add the garlic, paprika powder, peperoncini, salt, pepper, oregano and basil. Mix with the onions for 30 seconds to make the flavors come out. Then add the zucchini flesh and cherry tomato halves. Raise heat to medium-high. Cook while stirring occasionaly until the tomatoes have broken down and the mixture has a thick, jammy texture.

Preheat the oven to 180ºC. Put the zucchini halves on a baking tray, on top of baking paper. Fill each halved zucchino roughly to the brim with the cooked mixture and sprinkle parmesan and goat cheese on top. Bake at 180ºC in the middle of the oven for 30 – 40 minutes. Keep an eye on the cheese, don’t let it get too dark.

Serve with dry white rice, rösti, pan-cooked potatoes, hash browns, that kind of stuff. Enjoy!

(License: CC-By-SA 3.0; Creative Commons share-alike 3.0. It’s not rocket science but I don’t want recipe crawling sites copying it without attribution.)