Google’s monopoly on the APK trust chain

Tomáš has an interesting article on trusting APKs from third-party mirrors.

Since Google is the gatekeeper of the APK trust chain, it’s not easy to independently verify APKs; Google doesn’t even give you the package signatures. The article shows a nifty method for extracting them by (ab)using the εxodus privacy audit project.

Do you know of a better way?

Flickering UI when running Windows Steam through WINE

Okay, this one requires some explanation. There is one game I like that simply won’t work on Linux through Proton, and that’s Pinball FX3. The reason is probably some sort of weird anticheat mechanism the developers use; it just crashes on launch.

Now the problem isn’t the game itself: Once you crack the game, it runs perfectly fine. It must be something in the anticheat DLL that causes the crashes. The issue has been listed on Valve’s Proton issue tracker since 2018, so I’m not entirely sure there’s anything Valve can do about it. But several enterprising people in the Pinball FX3 discussion boards on Steam have discovered a solution: Just install the Windows version of Steam in WINE, then install Pinball FX3 in there. Works perfectly!

It seems WINE is good enough to offer whatever Windows syscalls the Pinball FX3 anticheat requires. The only problem I had when playing like this was that the Steam UI is flickering in and out of existence, and it’s hard to choose a game to start when you can’t see it half the time. But Redditor Lemonzest2012 has a nifty workaround:

wine steam.exe -no-browser +open steam://open/minigameslist

This not only works around the flickering, it also saves on resources and fixes another problem: steamwebhelper.exe randomly taking up 100% on entire CPU cores. Which is a thing. I swear.

What have we learned from this?

  1. Steam can be a dumpster fire.
  2. WINE does a bangin’ job implementing ye ole Windows syscalls.
  3. Zen Studios (the people behind Pinball FX3) should offer a native Linux port. They did sort of promise they’d look into it once Pinball FX2 (yes, two!) comes to Steam, but it’s been nothing but crickets since. That was in 2013. What’s almost a decade between friends, eh?

If you would like to support a digital pinball developer who hearts Linux instead, try Zaccaria Pinball. The newer “Deluxe” type tables are very good indeed, the thing runs smooth as butter even on moderately powerful hardware and the lighting in their engine is just delicious 👌

Fix for keyboard layout resetting to US on every login after installing Zoom

For several months now, my keyboard layout would reset to English (US) every time I log into Plasma. I’ve tried every possible way to force it to my preferred layout, EurKey, but nothing worked: xorg.conf snippets, localectl configurations, it seemed Plasma simply ignored these settings.

At first I blamed Plasma, but it’s innocent: The problem is Zoom! The Zoom package contains an unnecessary dependency on IBus, at least in the RPM that Zoom packages for openSUSE. IBus comes with its own keyboard handling and is useful if you want to type text in Chinese, Japanese, Korean or other languages using non-Latin characters. But it also means that if you don’t configure IBus, your Plasma session will start with English (US) no matter what XKB keyboard layout you have set in Plasma.

The solution, at least until Zoom fixes their package, is to tell IBus to use your XKB keyboard layout. Right-click the IBus widget in the system tray and go to advanced preferences:

Here, select “use system keyboard layout”. This will force IBus to use whatever is set via XKB.

No more Google Fonts here

Using Google Fonts on your site is a privacy problem because it allows Google to track your visitors even if you don’t use any other Google APIs or services. Why did you think Google so generously lets you use those fonts for free?

I asked the WordPress developers for an option to remove them (also in the admin panel) several years ago, but they were not really willing. It seems the situation hasn’t changed in the meantime, but there is now at least a third-party plugin that allows you to disable/remove Google Fonts in many popular themes.

It’s updated regularly and seems to work, so cheers for that!

Improving fan noise on AMD GPUs using software only

My RX 580 has been giving me trouble recently. There is now an audible clicking when its fans spin up from zero RPM, and unfortunately, this happens a lot in desktop use.

Not wanting to invest in an aftermarket fan just yet, I looked for ways to manage the fan RPM curves while overriding the GPU BIOS and I found amdgpu-fan.

I prefer this to the other solutions out there for a few reasons:

  • Doesn’t need (or even have) a GUI
  • It’s just a small Python script
  • The config file format uses nice human-readable numbers (percentages, not absolute values)
  • The file’s a simple bit of YAML
  • The tool seems to rather smoothly calculate curves between the stop points you configure

To prevent the clicking noise when the fan engages, I set it to run at 35% RPM even as a baseline, and not ramp up until the GPU hits 60 degrees. At this setting, I can’t hear the fans during desktop use; goal accomplished.

My config for an XFX Radeon RX 580 GTS XXX Edition looks like this:

speed_matrix: - [0, 35] - [30, 35] - [45, 35] - [50, 35] - [60, 40] - [70, 45] - [75, 52] - [80, 78] - [92, 100]
Code language: YAML (yaml)

I also slapped a systemd service into /etc/systemd/system/amdgpu-fan.service to activate on boot:

[Unit] Description=amdgpu fan controller [Service] ExecStart=/usr/local/bin/amdgpu-fan Restart=always [Install] WantedBy=default.target
Code language: TOML, also INI (ini)

So far, I’m happy!

Automatically unlock kwallet after KDE/Plasma login on openSUSE Tumbleweed

There’s a reason for the very specific title: It seems this feature is configured a little differently on Tumbleweed than on openSUSE Leap and I haven’t found any up-to-date information on this. So I’m writing this down as a note to myself.

A default Plasma desktop will use kwallet to save passwords for various desktop services (802.11x passwords, Nextcloud/ownCloud logins, SSH key passphrases, etc.). This can get inconvenient when e.g. Nextcloud wants to access the Internet, but the wallet isn’t unlocked yet, so Plasma can’t decrypt the WLAN PSK.

One solution is to:

  • Make your kwallet password the same as your user password
  • Ensure kwallet’s default wallet is called “kwallet” and that it’s the one that contains the keys you want unlocked on login
  • Make sure this wallet is using Blowfish encryption (this will not work in gnupg mode)
  • Install the require PAM modules

The package on openSUSE Tumbleweed is “pam_kwallet”, so:

sudo zypper in pam_kwallet

Log out from your desktop session, log back in and it should immediately work. In the past, you would have had to add the pam modules to /etc/pam.d/common-session or /etc/pam.d/sddm,but this is now done automatically.

The elegance of this is that you can still store more precious passwords in a separate wallet in Wallet Manager (just call that one something other than “kwallet”). That wallet can then be set to decrypt only on demand. This should save a lot of passphrase typing on a typical day.

Fix AMD Vega GPU resets

Update, 2020-04-29: Since upgrading to kernel 5.6.6 and Mesa 20.0.4 I haven’t had any GPU resets anymore even without this workaround. It seems the reclocking issue is fixed. Keeping the article for reference:

If you have an AMD Vega 56 or 64 you may have had some issues using the amdgpu driver, namely random GPU resets leaving you with a blank or colored screen and freezing the computer after a few minutes. It seems that too aggressive memory reclocking is the culprit, but I found a solution in the Freedesktop issue list on their GitLab instance:

Stick this in your systemd, e.g. to /etc/systemd/system/amdgpu-pp.service:

[Unit] Description=AMD PP adjust service [Service] User=root Group=root GuessMainPID=no ExecStart=/opt/amdgpu-pp.sh [Install] WantedBy=multi-user.target
Code language: TOML, also INI (ini)

Then in /opt/amdgpu-pp.sh:

#!/bin/bash echo "manual" > /sys/class/drm/card0/device/power_dpm_force_performance_level echo "1 2 3" > /sys/class/drm/card0/device/pp_dpm_mclk
Code language: Bash (bash)

chmod +x that bugger and enable/start the service:

systemctl enable amd-pp.service systemctl start amd-pp.service
Code language: Bash (bash)

There, done! I have never had any GPU resets after this. Thank you, haro41, for this workaround.

Fix Popping with Pulseaudio when Playing Audio After a Period of Silence

When I got all fancy and moved to the 5.x kernel and Pulseaudio 12.2, I had one big new problem: My sound card would make an ugly popping noise every time it started playing sound again. Very, very 90s.

Fortunately, this can be fixed. Thanks to hateball for this solution. Stick this in your ~/.config/pulse/default.pa:

.include /etc/pulse/default.pa
unload-module module-suspend-on-idle

And kill/restart pulseaudio with pulseaudio -k.

Stolen from the Arch wiki.

A Quick Look at openSUSE For Gaming

I’ve been trying SUSE as my main distribution and that’s something that hasn’t happened in my life since 1996. Even worse, this distro impressed me, a hardcore Debian nerd, quite a lot.

The reason for distro-hopping is Canonical’s bold decision to drop support for using 32-bit executables (and libraries) in Ubuntu starting as early as October 2019. That means that potentially thousands of games will no longer work, and it prompted Valve to drop support for Ubuntu in Steam. Valve is arguably the most important contributor to Linux gaming, so this is a big deal and a good enough reason to look at distros other than Ubuntu.

Continue reading “A Quick Look at openSUSE For Gaming”

Getting rtl8814au USB sticks like the ASUS USB-AC88 to actually connect

If you’re forced to use newer and more bizarre USB wifi sticks that rely on the rtl8812au/rtl8814au chipset, you need to do two things:

  1. Compile the driver yourself, since most distros don’t include one
  2. Tell NetworkManager to stop randomizing MAC addresses for that device

You can get the updated source from diederikdehaas’ project on GitHub. The build instructions there are great and the driver integrates with DKMS. However, you won’t be able to connect because NetworkManager is scrambling your MAC address. To make it stop, add this to /etc/NetworkManager/NetworkManager.conf:

[device]
wifi.scan-rand-mac-address=no

And restart NetworkManager (systemctl restart NetworkManager on e.g. Debian 9). With MAC scrambling enabled, the interface came up for me but failed to authenticate.

The solution is from this issue on GitHub.