Suramya's Blog : Welcome to my crazy life…

October 12, 2023

Someone got fired for not using Windows because the invasive workplace surveillance tool didn’t work well on Linux

Filed under: Linux/Unix Related,My Thoughts,Tech Related — Suramya @ 9:38 PM

There are a lot of reasons why I recommend people don’t use Windows but there are times when you have to use it because it is required for work, or for other reasons such as compatibility (though CrossOver by Codeweavers is a lifesaver for that). Over at HackerNews, there is a thread about a post over at Reddit (I guess people are still using it…) where a guy is claiming that “I Lost my job because I refused to use Windows, who is at fault?”)

I have been using Windows at work at almost every company I have worked with because that is the default and most corporate apps are designed for and work only with Windows systems. Since I personally prefer using Linux I have asked (and in some cases) gotten a Linux version of the desktop for my use. The main blockers for corporations to use something like CrossOver is the problem of support. If a company is running MS Office on Linux using crossover and they hit an issue, MS can and does blame it on the setup and asks you to revert to a standard setup. I have even heard folks claiming that they (MS) have blamed custom plugins that the company was running for the issues were being highlighted.

All that said and done I don’t think I would ever point blank refuse to use windows when my company asks me to run it and threatens termination if I don’t. Though to be honest I would have also started looking for other opportunities if I was in this persons shoes since as per their post the reason for the demand was that: “A software they use for time tracking didn’t support screenshots on Wayland and I refused to switch to Windows (xorg is just no for me) to support them.”.

Having a program running on my personal machine that constantly takes screenshots and uploads them to a remote server is not something I would agree to do. We don’t know what company they were working for but this kind of invasive surveillance might not be 100% legal in all locations. A company might get away with it on work systems if they have a contract and the user explicitly agrees to it but on a personal machine… If the user forgets it is running and accesses their health record, or bank account or other sensitive data their employer would have a copy of that data. Imagine if they got breached, how much sensitive & personal data might get exposed with this setup.

A lot of work has been put into these surveillance technologies and there is a whole industry around monitoring people at work to ensure they are actually working. In a previous company a team wanted to put software on all office computers that would track the time the person was actually typing/moving the mouse etc and use that to calculate their productivity and then rate them on that. After the system was demoed, I asked how it was accounting for time spent in face to face meetings, design discussions, calls etc that don’t necessarily need a computer, the answer was vague enough that the head of the department remarked that if it was implemented every single member of the management team would be rated as non-productive as a majority of their time was in meetings and discussions etc.

During covid a lot of people were worried that folks working from home would not actually work and started tracking mouse/keyboard activity. So people came up with ingenious solutions to ensure that the mouse was moved and text typed on the office systems. Some was done via software/scripts others used hardware and innovation such as taping the mouse to a desk fan amongst other methods.

This kind of monitoring is being routinely done on employees who don’t have much options and are not able to move easily. The end result is that the company is trying to maximize their profit by nano-managing their employees and using this tech to ensure they squeeze all possible work out of them while paying the minimum amount.

Now coming back to the original question, was it wrong to insist on using Linux when the job requires you to use Windows? If the company was giving me a laptop/computer running windows and I formatted it to run Linux then I would be in the wrong. If I am using my own computer then I can use whatever OS I want as long as the work gets done. However if I am insisting on using Linux on a Work computer when they require windows and even after multiple warnings they don’t switch back to Windows then the company is right to fire them. (Assuming that there are no other issues such as the invasive monitoring we talked about earlier.)

There are multiple people who will find this stance unacceptable but there is a rational behind this that not everyone thinks about. The company might be legally required to keep records/logs of work, mails sent etc and the audit requirements would not be met if a non-compliant system was in use. Similarly the default backup and archiving systems might not work with Linux and cause problems. There are a ton of issues that would need to be worked out before having a mixed use OS landscape and if no other considerations are there then the company can be justified in firing such a person who refuses to use Windows because they don’t like it.

Source: Hacker News: Lost my job because I refused to use Windows, who is at fault?

– Suramya

September 7, 2023

Youtube2Webpage: Create Websites with Text from Videos

In my last post, I had talked about preferring text content to videos and coincidentally my Hacker News feed happened to cover a tool that takes a video link and creates a webpage with a transcript generated from the video’s closed captions paired with screenshots of the video. The program is called Youtube-to-Webpage. It is a Perl script that uses yt-dlp & ffmpeg to do the processing.

I tried it out using the curl video I talked about in the previous command as the input and the software did a decent job capturing the details. The output is very plain and looks like the following:

Transcription of Curl Training video
Transcription of Curl Training video

Since the program uses the built-in YouTube captions for getting the text from the video, the transcription is only as good as how good the captions are. One enhancement, that could make it better is to use a Speech-to-Text engine and use that text in the output. The slightly tricky part would be to match the screenshots with the audio/transcription timestamps.

Check it out if you prefer to read text instead of videos. I wonder how the output would look if we feed this to a LLM and ask it to make it like an article. That can be something we can explore for the next post ๐Ÿ™‚

– Suramya

September 6, 2023

Mastering curl using an interactive text guide

Filed under: Knowledgebase,Linux/Unix Related,My Thoughts — Suramya @ 10:09 PM

Curl is a program that has slowly percolated across the entire internet and in places where you wouldn’t believe. Folks have found it installed in inverters, it is running in outerspace etc. I mostly used to use wget earlier because my needs were quite simple and usually I just wanted to download a page or file from a website, then as I started working on more advanced use cases I found that curl was more powerful and versatile than wget, so I use curl more than wget now. (for the most part).

The curl command is extremely versatile and has over 250 commandline options, even seasoned users don’t know what all the tool can do so Daniel Stenberg who is the author of curl created a 3.5 hours long video on how to master curl. While the video is really useful and goes in depth, I personally don’t like to watch video tutorials. Instead I prefer to read text based tutorials as I read quite fast and can also search for specific stuff in a text tutorial which is not really possible in a video (at least not easily).

So, I was quite pleased to find that Anton Zhiyanov had taken the effort to create a text version of the video for future reference and as a cherry on top they even made the whole thing interactive so that you can try out the commands directly from the website and see how they would work.

Do check out the tutorial if you want to learn more about curl and how to use it more efficiently.

– Suramya

September 4, 2023

Mashing Enter can allow you bypass full disk encryption in certain scenarios

Filed under: Computer Security,Linux/Unix Related,My Thoughts — Suramya @ 12:30 PM

When folks think about hacking and people bypassing secure systems they have this mental image of folks writing complex code or physically reading the data byte by byte but that is not always true. Sometimes, it is as simple as just keeping the enter key pressed while the system is booting up. Yes, you read that right. A few days ago a vulnerability was found in a TPM-protected system that is configured to implement unattended unlocking for LUKS full disk encryption using RedHatโ€™s Clevis and dracut software along with systemd.

Generally, a Linux computer using TPM-protected unattended disk encryption will still allow a user to view the output of the boot process and optionally manually enter a decryption password with the keyboard. This allows for situations where the computer fails to boot and needs someone to troubleshoot the startup process. While the unattended TPM unlocking is taking place, the user is still presented with the password prompt and an opportunity to enter input.

Thereโ€™s a limited window of time before the TPM will unlock the disk and the boot process will proceed automatically to the login prompt, so how can we effectively fuzz this input opportunity? What if we could type faster than a human being? Using an Atmel ATMEGA32U4 microcontroller (such as youโ€™d find in an Arduino Leonardo development board) we can emulate a keyboard that sends virtual keypresses at essentially the maximum rate that the computer will accept. The following short Arduino program sets up a Leonardo as a keyboard emulator:

#include "Keyboard.h"
void setup() {
delay(1000);
Keyboard.begin();
}
void loop() {
Keyboard.press(KEY_RETURN);
delay(10);
Keyboard.releaseAll();
delay(10);
}

One second after being plugged in this program begins to simulate pressing the Enter key on a virtual keyboard every 10 milliseconds. This is about 10x faster than the usual keyboard repeat rate youโ€™d get simply holding down a key, and Linux seems to recognise around 70 characters per second using this method, or one keypress approximately every 15 milliseconds.

Sending keypresses this fast quickly hits the maximum number of password entry retries, while keeping the system from unlocking the disk automatically due to password guess rate limiting, and systemd eventually gives up trying to unlock the disk. It takes a minute or two but the recovery action in this failure scenario is to give us a root shell in the early boot environment

The simplest way to address the most immediate problem: Add rd.shell=0 and rd.emergency=reboot to the kernel command line. This ensures that if anything fails during the early boot process the computer will reboot immediately rather than dropping into a root shell.

However, this goes to show us that the old statement about security is still absolutely valid: “Physical access is root access. You can’t spend thousands on protecting the cyber threat landscape and ignore physical security such that people can just walk up to your computer and stick things inside. That being said, having a physical security program doesn’t necessarily protect your from an insider threat so that is also something to keep in mind.

Source: Pulsesecurity: Mashing Enter to bypass full disk encryption with TPM, Clevis, dracut and systemd

– Suramya

August 22, 2023

Getting my Pocket C.H.I.P. to finally work

Filed under: Knowledgebase,Linux/Unix Related,My Thoughts,Tech Related — Suramya @ 11:59 PM

Way back in 2016, I backed the Pocket C.H.I.P on Kickstarter opting to get 2 CHIP’s and one PocketChip. The C.H.I.P (or CHIP) was a single single-board computer costing $9 launched by Next Thing Co. It used open-source hardware running open-source software and was advertised as world’s first $9 computer as a direct competitor to the RaspberryPi . The device boasted the following configuration:

  • 1 GHz R8M/R8 (ARMv7)SoC processor
  • 512 MB DDR3 SDRAM
  • Built-in Wi-Fi 802.11b/g/n, Bluetooth 4.0
  • One USB host with type-A receptacle, one USB On-The-Go port
  • Composite video and stereo audio port via mini TRRS
  • Optional composite TRRS to RCA audio-video cable
  • Optional VGA adapter and HDMI adapter (I got both)
  • Up to 45 GPIO ports
  • Supports 1-Wire and I2C protocols, PWM output
  • Serial console and Ethernet via USB for quick headless operation
  • Power options include 5V via USB OTG, 5V via CHN pin, and by 3.7V battery
  • Onboard NAND storage, 4-8GB

The PocketChip was a handheld with a 4.3 inch 480ร—272 pixel resistive touchscreen, a clicky keyboard, GPIO headers on the top of the device, and GPIO soldering pads inside of the injection molded case powered by the CHIP processor. It looks clunky but is easier to connect to the device and setup using the PocketChip rather than doing it with just the CHIP.

Unfortunately the company shutdown in 2018 due to various issues. However, I was one of the lucky backers to receive the devices but once I received them I put them in a drawer and kind of forgot about them as life got busy and interesting. Over the years I did try to power on the device a couple of times but never really looked into getting it to work, so they just collected dust in my desk (literally).

Over the past weekend I decided to try getting it to work so I did some searching and with a lot of trial and error finally managed to get things to work and boot into a working OS. ๐Ÿ™‚ The main issue was that I was expecting it to work like the RaspberryPi where the OS was installed on an SD card but in this case the OS had to be flashed on to the onboard flash chip which was a bit more complicated process than installing to a SD card. I followed the instructions at NextThingCo Pocket C.H.I.P. Flashing Guide amongst other pages to get things to work. Here I will document some of the other things I had to do to get it to work. Please note that this was on a Debian setup, things might be a bit different for other OS’s

Install the Prerequisites

First we need to install the tools required by running the following command as root:

apt-get install git android-tools-fastboot sunxi-tools u-boot-tools

Download the CHIP SDK

Download the CHIP-SDK.zip from one of the following links:

Download and extract the CHIP Tools

Download CHIP-tools.zip from one of the following sites:

Download CHIP OS Images

Download the CHIP OS image from one of the following links:

Extract flash-collection.zip

When I tried extracting the contents of the zip file I got from the first link, I got an error that the file is not a Zip file. After a lot of searching I found out that you can run the following command to extract the file instead:

jar xfv flash-collection.zip

Since that seems unnecessarily complicated. I have extracted and re-compressed the file and shared it at the second link. You can extract it using the standard zip tools.

Fix fastboot

The version of fastboot in the Debian repositories is newer than the one used in the setup scripts and if you try to flash with the version installed then fails with the following error message:

..
..
== Cached UBI located ==
Image Name:   flash server
Created:      Sun Aug 20 19:29:14 2023
Image Type:   ARM Linux Script (uncompressed)
Data Size:    1784 Bytes = 1.74 KiB = 0.00 MiB
Load Address: 00000000
Entry Point:  00000000
Contents:
   Image 0: 1776 Bytes = 1.73 KiB = 0.00 MiB
waiting for fel...OK
waiting for fastboot...fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'

The easiest fix for this is to rollback to a previous version of the software that supports the -i parameter. You can try to search and download the older version from Debian’s repositories, but I found it easier to download the software from platform-tools_r26.0.0-linux.zip (as I was too tired to go search for it in the archives)

Once you download the file and extract the contents, follow these steps to rollback to the previous version of fastboot:

  • Backup the existing binary for fastboot
  • mv /usr/lib/android-sdk/platform-tools/fastboot /usr/lib/android-sdk/platform-tools/fastboot_old
  • Copy the extracted file from the zip file to the correct location
  • mv platform-tools/fastboot /usr/lib/android-sdk/platform-tools/fastboot

Put the CHIP in FEL mode

The FEL mode allows the software to flash the CHIP with a new firmware. This can be done by putting a jumper wire between GND and FEL. It will look something like the following:


Connecting a jumper wire between GND and FEL to enter FEL Mode

Once you have entered the FEL mode, connect the CHIP to the computer using the microUSB port on the CHIP, not the fullsize USB port.

Flashing the OS to CHIP

Once you have downloaded all the files and unziped them. Follow these steps to Flash the OS to CHIP.

  • Move the CHIP-tools directory to the CHIP-SDK directory
  • mv CHIP-tools CHIP-SDK/
  • Select the Image you want to install and move it into the CHIP-SDK directory. There are 8 Images to choose from, I tested with the testing-server-b543 and testing-pocketchip-b667 images as I have 2 CHIPS to play with. ๐Ÿ™‚
  • The original instructions on the site ask you to run the ./setup_ubuntu1404.sh script located in the CHIP-SDK directory but it failed most commands on my system. I think that you should be able to proceed without running it but haven’t tried it.
  • Switch to the CHIP-tools directory
  • cd CHIP-SDK/CHIP-tools
  • Run the firmware upgrade script, replacing Path/To/Chip/Image with the location where you extracted the Image you want to install
  • ./chip-update-firmware.sh -L ../../flash-collection/testing-server-b543/

    If you have done everything correctly and nothing is broken, you will get an output similar to the following:

    suramya@StarKnight:~/Media/Downloads/CHIP/CHIP-SDK/CHIP-tools$ ./chip-update-firmware.sh -L ../testing-pocketchip-b667/
    == Local directory '../testing-pocketchip-b667/' selected ==
    == preparing images ==
    == Local/cached probe files located ==
    == Staging for NAND probe ==
    Image Name:   detect NAND
    Created:      Sun Aug 20 20:24:50 2023
    Image Type:   ARM Linux Script (uncompressed)
    Data Size:    97 Bytes = 0.09 KiB = 0.00 MiB
    Load Address: 00000000
    Entry Point:  00000000
    Contents:
       Image 0: 89 Bytes = 0.09 KiB = 0.00 MiB
    waiting for fel...OK
    waiting for fel......OK
    NAND detected:
    nand_erasesize=400000
    nand_oobsize=680
    nand_writesize=4000
    == Cached UBI located ==
    Image Name:   flash server
    Created:      Sun Aug 20 20:24:58 2023
    Image Type:   ARM Linux Script (uncompressed)
    Data Size:    1784 Bytes = 1.74 KiB = 0.00 MiB
    Load Address: 00000000
    Entry Point:  00000000
    Contents:
       Image 0: 1776 Bytes = 1.73 KiB = 0.00 MiB
    waiting for fel...OK
    waiting for fastboot...................OK
    target reported max download size of 33554432 bytes
    sending sparse 'UBI' 1/23 (28672 KB)...
    OKAY [  2.016s]
    writing 'UBI' 1/23...
    OKAY [  2.069s]
    sending sparse 'UBI' 2/23 (28672 KB)...
    OKAY [  2.007s]
    writing 'UBI' 2/23...
    OKAY [  5.484s]
    ..
    ..
    
    sending sparse 'UBI' 22/23 (28672 KB)...
    OKAY [  1.916s]
    writing 'UBI' 22/23...
    OKAY [  9.079s]
    sending sparse 'UBI' 23/23 (16384 KB)...
    OKAY [  1.105s]
    writing 'UBI' 23/23...
    OKAY [  4.981s]
    finished. total time: 300.744s
    resuming boot...
    OKAY [  0.000s]
    finished. total time: 0.000s
    
    
    FLASH VERIFICATION COMPLETE.
    
    
       #  #  #
      #########
    ###       ###
      # {#}   #
    ###  '%######
      #       #
    ###       ###
      ########
       #  #  #
    
    
    CHIP is ready to roll!

    If you see the message that “FLASH VERIFICATION COMPLETE.” and that “CHIP is ready to roll!”, then the OS installation has completed successfully. Now you can disconnect the CHIP from the computer and remove the jumper cable.

    Booting into CHIP

    If you have the PocketCHIP, then you can just power up the device by pressing on the power button for a second (pressing it for 10 seconds shuts it down forcefully). If you just have the CHIP, you will need to connect it to a monitor and connect a keyboard as well. (I used the PocketCHIP to configure everything and then used it separately).

    The boot up process can take a minute or two, and assuming everything went well you should see the standard boot messages on the screen. Once you get to the login prompt you can log in using the username ‘chip’ (without the quotes) and ‘chip’ (without the quotes) as the password. The root account password is also ‘chip’ (without the quotes).

    Connecting to WiFi and configuring the CHIP

    The first thing that you should do now is connect the device to a WiFi network so that you can SSH into it for ease of configuration. The second thing should be to change the default passwords ๐Ÿ™‚

    The easiest way to configure WiFi is to use the nmcli tool. Run the following command as root to connect to the WiFi. More details on the command are available at How to Connect Wi-Fi from Linux Terminal Using Nmcli Command

    nmcli dev wifi connect <SSID of The Network to Connect With> password <password for the Wifi Network> 

    Once the device is connected to the WiFi, get your IP address using the following command:

    ip address

    Then you can SSH into the device from any system using the IP address.

    CHIP is working!!!


    Running Debian 8 Testing


    Running the PocketCHIP customized version (Debian 8)

    Updating the OS to the latest version

    The system is running Debian 8 by default and you should upgrade it to the latest version. Unfortunately, I keep getting errors when I try to upgrade to the latest Debian version and haven’t yet fixed the problem. Basically, I think you need to update the /etc/apt/sources.list with the correct mirror details and then upgrade. Once I get some time to revisit the setup and resolve the issue I will post the fix on the blog as a followup post to this one.

    – Suramya

May 17, 2023

Request to advertise ‘Men’s Beauty’ topics on Linuxgazette.net

Filed under: Humor,Linux/Unix Related — Suramya @ 7:18 PM

As some of you might know, I host a mirror for Linuxgazette.net and this usually results in an email every couple of months for changes to the existing articles and requests to advertise. I recently received an email requesting information about linuxgazette.net for advertising. Now there are a few problems with this, firstly I don’t host linuxgazette.net I just host a mirror of the site. Second problem was the content/topic they want to advertise on the site:

Beards seem to have become popular again, but do you think they will stick? Time will tell, but personally, I wouldn’t mind seeing more men with a cleanly shaven face 😍

I’m getting in touch today because I have some clients looking for advertising opportunities that are related to Men’s Beauty (Should I call it Men’s “Beauty”). After I stumbled across linuxgazette.net I figured I’d reach out and see if you ever work with brands, or have a media kit available.

I mean historically Linux admins do have a reputation of keeping big beards but this is ridiculous. Of course I know that this mail was probably sent out by an automated bot but it did make me laugh .

– Suramya

March 11, 2023

Thoughts about a list explaining how Linux users are characterized by these properties

Filed under: Linux/Unix Related,My Thoughts — Suramya @ 10:44 PM

It is always amusing to me when I read these lists that claim to characterize people, in this case while I was researching about companies acquired by Microsoft I ended up at Rational Wiki: OS Wars section where there is a section that claims that “Linux users are characterized by the following properties: I found it amusing so I am going to list them out here with my comments and thoughts about each of them.

An unhealthy desire to recompile the kernel at every opportunity.

[ST] Compiling a kernel was something that we had to do in Linux back in early 2000’s, but even then I never really had to compile the kernel to get things to work. I did do it to understand the process, but was never forced to do so. In fact I can’t remember the last time I had to compile the kernel on my system.

A disdain for newcomers who don’t know how to recompile the kernel.
Constantly rebuilding their machines because a kernel recompile failed.

[ST] Since I never had to compile it, I don’t expect others to do so. If you want to do it then its your prerogative but I don’t care one way or another.

Thinking those who don’t compile on their own computers or don’t use shell scripts and terminals on a daily basis are not real Linux users.

[ST] Unfortunately, there are idiots who think this, and attempt to gatekeep others and put them down just because they don’t use the ‘proper tools’/command line etc. I did write about this earlier: Stop hating on people because they donโ€™t use the same tools as you because everyone has a different way of working and what works for you might not work for them and vice-versa. For example, I really dislike video tutorials and prefer text but I know plenty of folks who like video because it shows them what to do instead of having them imagine it. There is no one true way…

Constantly having incidents reported for not being in the sudoers file, but not being sure who they’re being reported to.

[ST] I don’t have incidents being reported constantly but did have to look up where the incidents are reported, which as expected was in the log files that an admin/root can audit.

Believing vowels are over rated, especially when it comes to naming important programs you expect to use every day.

[ST] Nope. I like my program names to be descriptive and really dislike SMS talk.

Cursing at Mac users for the number of shiny devices they can connect their computers to.

[ST] Again a nope. I can connect more things to my Linux machine and have them work off the bat than I could on a Mac. Sure some of the software is more polished on a Mac but from a connectivity perspective my Linux machine can connect to pretty much anything (sometimes a bit of tinkering might be required).

Either cursing that they need root, or cursing because they ran something as root that they really shouldn’t have.

[ST] Had this issue only when I was first starting out. After a little while things become automatic, if I run a root command as a non-root user, I just have to prepend sudo to it (or copy it to the root terminal). Accidentally running a command as root on the other hand is a much bigger issue. Haven’t done it in a while now but it is something to be careful of. I set the prompt to let me know what machine I am connected to and as what user so it makes it easier to spot if you are in the wrong window.

Believing a windowing system is a very clever way of having lots of command lines on screen at the same time. Like screen only less clever.

[ST] I really don’t get people who think like this and unfortunately there are folks who are like this. They think they are cleverer than everyone else and love putting others down.

Arguing with each other over which distribution to use.
Arguing with BSD users over their OS of choice.

[ST] This is a fight that I still see every once in a while but things have calmed down quite a bit from the earlier days where a question about which is the best distribution would ignite a flame war.

Arguing over whether to use a GUI or command line.

A lot of people think that using a command line makes you superior to other users, I think that you should use whatever works best for you at that point in time for the task you are doing. For example, if I am editing a video or sorting images I will prefer to use a GUI but for other tasks I prefer using the commandline. At the end of the day the idea is to get the work done, not argue about what is the best interface to do the work in.

Arguing about whether Emacs or vi is better. (Obviously vi is way better. No question. Unless you’re Richard Stallman or another member of the Church of Emacs.)

[ST] I prefer vi because it is installed by default on all Linux systems so if I ever have to recover from a crashed system I have an editor that I can use to edit files. Emacs is fine but I prefer vi / Notepad++ / kwrite for general editing.

Arguing about which language is the best for writing scripts (essentially the modern-day equivalent of the Tcl Wars between Tcl and GNU Guile’s implementation of Scheme).

[ST] I have no idea about the TCL wars and don’t really care what language you use for writing scripts. I have written scripts in Bash, Perl and Python for the automation and scripting I had to do and the language was chosen based on 1) What I was trying to do and how complicated the logic was 2) If I was trying to learn a new language the script was written in that language.

Complaining that we’re calling it Linux and not GNU/Linux.
Interjecting for a moment to explain why it’s actually GNU/Linux
Complaining that we’re calling it Open Source and not Free Software.

[ST] Complaining about the fact that someone calls it Linux and not GNU/Linux is just annoying and doesn’t make you look knowledgeable it makes you annoying. Technically they are correct but Linux is the expected usage and no, I am not about to start calling it GNU Linux just because some idiot thinks I should do so.

Constantly complaining about virtually all sorts of random, obscure problems such as their computer randomly shutting itself off at 9 pm on Mondays.

[ST] This is not just Linux users, any person who is a power user will face these kinds of issues and will ask around on how to fix them. General users will just get the helpdesk to come fix their systems for them.

Complaining that this list is not indexed from 0.

No, I don’t number my lists from 0. Just because Arrays are indexed from 0 doesn’t mean that I have to number everything starting from 0. However, I do prefer that the ground floor (1st floor in the US) be called the 0th Floor (or G Floor) instead of 1st floor like they do in the US because that’s how they do it in the rest of the world.

Believing that time started on January 1970.

๐Ÿ™‚ No comments ๐Ÿ™‚

Being able to understand this list.

Ha ha… I think any person actively working with computers like a sysadmin/programmer would understand this list.

I think the list should be updated but it did make me smile so I guess that is a win ๐Ÿ™‚

– Suramya

February 21, 2023

Fixing problems with nvidia-driver on Debian Unstable after latest upgrade

Filed under: Computer Software,Linux/Unix Related,Tech Related — Suramya @ 10:54 PM

Earlier today I ran my periodic update of my main desktop that is running Debian Unstable. The upgrade finished successfully and since a new kernel was released with this update I restarted the system to ensure that all files/services etc are running the same version. After the reboot the GUI refused to start and I thought the problem could be because of a NVIDIA kernel module issue so I tried to reboot to an older kernel but that didn’t work either. Then I tried running apt-get dist-upgrade again which gave me the following error:

root@StarKnight:~# apt-get dist-upgrade 
Reading package lists...
Building dependency tree...
Reading state information...
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 nvidia-driver : Depends: nvidia-kernel-dkms (= 525.85.12-1) but 515.86.01-1 is installed or
                          nvidia-kernel-525.85.12 or
                          nvidia-open-kernel-525.85.12 or
                          nvidia-open-kernel-525.85.12
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

So I ran the apt –fix-broken install command as recommended and that failed as well with another set of errors:

root@StarKnight:/var/log# apt --fix-broken install
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Correcting dependencies... Done
0 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
dpkg: dependency problems prevent configuration of nvidia-driver:
 nvidia-driver depends on nvidia-kernel-dkms (= 525.85.12-1) | nvidia-kernel-525.85.12 | nvidia-open-kernel-525.85.12 | nvidia-open-kernel-525.85.12; however:
  Version of nvidia-kernel-dkms on system is 515.86.01-1.
  Package nvidia-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.

dpkg: error processing package nvidia-driver (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 nvidia-driver
E: Sub-process /usr/bin/dpkg returned an error code (1)

Looking at the logs, I didn’t see any major errors but I did see the following message:

2023-02-21T19:48:27.668268+05:30 StarKnight kernel: [    3.379006] NVRM: loading NVIDIA UNIX x86_64 Kernel Module  515.86.01  Wed Oct 26 09:12:38 UTC 2022
2023-02-21T19:48:27.668286+05:30 StarKnight kernel: [    4.821755] NVRM: API mismatch: the client has the version 525.85.12, but
2023-02-21T19:48:27.668287+05:30 StarKnight kernel: [    4.821755] NVRM: this kernel module has the version 515.86.01.  Please
2023-02-21T19:48:27.668287+05:30 StarKnight kernel: [    4.821755] NVRM: make sure that this kernel module and all NVIDIA driver
2023-02-21T19:48:27.668288+05:30 StarKnight kernel: [    4.821755] NVRM: components have the same version.

Searching on the web didn’t give me a solution but since I am running the Debian Unstable branch it is expected that once in a while things might break and sometimes they break quite spectacularly… So I started experimenting and tried removing and reinstalling the nvidia-driver but that was failing as well because the package was expecting nvidia-kernel-dkms version 525.85.12 but we had 515.86.01-1 installed.

root@StarKnight:~# apt-get install nvidia-driver
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  nvidia-driver
0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded.
Need to get 0 B/494 kB of archives.
After this operation, 1,398 kB of additional disk space will be used.
Selecting previously unselected package nvidia-driver.
(Reading database ... 439287 files and directories currently installed.)
Preparing to unpack .../nvidia-driver_525.85.12-1_amd64.deb ...
Unpacking nvidia-driver (525.85.12-1) ...
dpkg: dependency problems prevent configuration of nvidia-driver:
 nvidia-driver depends on nvidia-kernel-dkms (= 525.85.12-1) | nvidia-kernel-525.85.12 | nvidia-open-kernel-525.85.12 | nvidia-open-kernel-525.85.12; however:
  Version of nvidia-kernel-dkms on system is 515.86.01-1.
  Package nvidia-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.

Now I had a couple of options, first was to wait for a couple of days (if I am lucky) for someone to upload the correct versions of the packages to the channel. The second option was to remove the package and installed the Open Source version of the Nvidia driver. I didn’t want to do that because that package is a memory hog and doesn’t work that well either. The last option was to try to manually install the older version (525.85.12) of the nvidia-kernel-dkms package and this is what I decided to go with, a search on the Debian Packages site gave me the .deb file for nvidia-kernel-dkms and firmware-nvidia-gsp (a dependency for the dkms package). I downloaded both the packages and installed them using the following command:

root@StarKnight:/home/suramya/Media/Downloads# dpkg -i firmware-nvidia-gsp_525.85.12-1_amd64.deb 
root@StarKnight:/home/suramya/Media/Downloads# dpkg -i nvidia-kernel-dkms_525.85.12-1_amd64.deb 

Once the packages were successfully downgraded I rebooted the system and the GUI came up without issues post the reboot.

Moral of the story is that you need to be prepared to have to troubleshoot your setup if you are running Debian Unstable or Debian Testing on your system. If you don’t want to do that then you should stick to Debian Stable which is rock solid or one of the other distributions such as Ubuntu or Linux Mint etc.

– Suramya

February 20, 2023

Fixing SSL error 61 on Citrix Workspace on Debian

Was trying to connect to a Citrix Workspace and kept getting the following error “You have not chosen to trust “Entrust Root Certification Authority – XX”, the issuer of the security certificate (SSL error 61)“. I have hit this error in the past and had fixed it but couldn’t find my notes from how I had fixed it back then, so I had to resort to searching on the web based on vague memories of how I had fixed. After a bit of effort I found two solutions that people had suggested:

Solution 1:

Create a symbolic link pointing the /opt/Citrix/ICAClient/keystore/cacerts directory to /usr/share/ca-certificates/mozilla/ , using the command below as root:

mv /opt/Citrix/ICAClient/keystore/cacerts /opt/Citrix/ICAClient/keystore/cacerts.bak
ln -s /usr/share/ca-certificates/mozilla/ /opt/Citrix/ICAClient/keystore/cacerts 

Unfortunately, this didn’t resolve the problem for me.

Solution 2:

The second solution people recommended was to link /opt/Citrix/ICAClient/keystore/cacerts directory to the /etc/ssl/certs/ directory, using the command below as root:

mv /opt/Citrix/ICAClient/keystore/cacerts /opt/Citrix/ICAClient/keystore/cacerts.bak
ln -s /etc/ssl/certs/ /opt/Citrix/ICAClient/keystore/cacerts 

After I linked the directory to /etc/ssl/certs things immediately started working without errors. This time I am blogging about it so that the next time I don’t waste time trying to find the solution.

– Suramya

December 21, 2022

“Linux is a meme and only autistic people use it” brainstorm from an anonymous coward

Filed under: Humor,Linux/Unix Related,My Thoughts — Suramya @ 8:28 PM

It is funny how people will make up stuff to explain why Linux (or any other OS) is difficult and why the person making the pronouncements can’t get it to do what they want it to do. Recently, the screenshot below came up in my feed and it made me laugh. As per the author only autistic people use Linux and everyone else “has just fallen for the meme”.


Linux is only for Autistic People

I have been using Linux almost full time since 2001 and am definitely not autistic. I can’t identify trains by their sounds and instead of not being able to talk to girls, according to some I sometimes talk too much. I have no interest in learning the names of the cast for any TV show and as far as I can tell I am leading a pretty normal life.

The genius who penned this (and I am of half a mind that this is just someone trolling Linux users) doesn’t seem to know that it is used to power 96.3% of the world’s top web servers and Android is based on Linux as well. It is the world’s 3rd most popular OS (after Windows and Mac) and while it has its own quirks it def doesn’t need you to know the in’s and out of the computer in order to use it. In fact in my experience, it is easier to install Linux and have a functional setup than it is to install Windows as Windows requires a lot of extra stuff to be installed in order to be productive while in Linux most of that is already pre-installed or built-in.

This was good for a laugh so I wanted to share it here.

– Suramya

Older Posts »

Powered by WordPress