10.16.21

Why You Shouldn’t Use SteamOS, a Really Incompetent GNU/Linux Distribution With Security Pitfalls (Lutris is a Great Alternative)

Posted in GNU/Linux at 4:20 am by Guest Editorial Team

Guest post by Ryan, reprinted with permission from the original

It was bowling night on Wednesday, and between frames, I was reading about SteamOS.

Michael Larabel on Phoronix and plenty of others have blogged about it over the years, and Richard Stallman gave some vague opinions about relativistic harms vs. good that it may do for the Free Software community.

While I don’t think there’s anything wrong with proprietary games, in particular, one of the issues I do have with them is DRM, or Digital “Rights” Management. A better name for this is Digital Restrictions Management, or just “digital handcuffs”.

The industry has tried it on everything from movies, music, video games, and books, but it never stops people from attacking it and eventually winning. On a good day, DRM flakes out and causes problems for people who went and paid for a licensed copy of the program, on a bad day, it makes what they’ve “purchased” completely unusable and worthless.

It also causes perfectly good TVs to malfunction because you tried to plug them into your computer to watch Amazon Prime Video or something, and instead it tells you the screen doesn’t support the latest HDCP DRM version.

In another example, when Borderlands 3 released with that horrible DRM that ran in a virtual machine and caused the game to chug along and crash, and finally (after it was pirated), the publisher removed that form of DRM. Or when Microsoft’s Activation servers occasionally glitch and start telling the user they’re running “counterfeit Windows”.

When a person pays for something, and then gets this, it’s not just an insult, it’s an outrage.

But there are some people, like the fools who used iTunes, and then spent years having Apple telling them how and when and where they could use their music files, then finally could PAY THEM AGAIN for a clean copy, and THEN had Apple delete all of their files without asking and tell them to subscribe for $12.99 a month to Apple music.

These fools may or may never learn that DRM is, at a fundamental level, just a way to cheat them out of their money over and over again.

It sucks to be them, but we shouldn’t join them just because a computer seems “easy to use” or “pretty to look at”. I mentioned earlier, we can make Free Software easy to use and pretty to look at too.

All of these issues aside, Valve, the company that makes Steam, also made “SteamOS”, which is a GNU/Linux distribution pitched as “really optimized for gaming”.

However, when you look at what Reddit users say about it, you quickly find complaints that Valve has committed the horrendous security practice of logging in everyone as the same “user”, meaning even if you have different passwords, it’s really the same Linux account, and none of your files or browsing history or anything is off limits.

You’re all using this same account, which is bad for privacy, and you end up stepping on each other’s toes due to the organizational mess.

They’ve essentially re-invented Windows 98’s concept of “users” for some godforsaken reason.

Moving right along, we see that Valve also sometimes goes more than a year and a half without even patching it for security issues. Nothing wrong with using an OS that hasn’t gotten a security patch in 18 months, right?

Then they complain that while it includes the proprietary Nvidia drivers, they’re usually much older than the ones you could install yourself if you have an Nvidia card and some other GNU/Linux distribution, and due to the unpredictable releases and long periods without any patching, the open source AMD and Intel drivers which are bundled with the OS in every GNU/Linux distro have fallen far behind and may not be up to the task of running current software or hardware.

Then what really made me go “OMGWTF” was when Valve switched the underlying system away from Debian (because $@%@ stability, I guess?) and towards Arch Linux. I still don’t know if they release security updates or not, but it was at this point where I just became completely disinterested in SteamOS. Even for amusement.

But the list of reasons why you shouldn’t use Steam OS isn’t just that Valve designs shitty software that doesn’t give a damn about your Freedom or your security, it’s that there’s a million ways to get things done and this is a classic example of “If you want something done right, do it yourself!”.

These days, it’s not particularly hard to install and configure a GNU/Linux system like Debian or Mageia or the others.

Even if you want to install Steam, it’s not like it’s a “SteamOS” exclusive. There is a Debian package, and a Flatpak.

But what I’ve recently taken a liking to is Lutris, it has concepts like “Runners” and makes installing video games from all kinds of sources (and classic consoles) a breeze.

It’s not _just_ Wine that Lutris makes dead simple to use, either, but my favorite feature is definitely that it can configure and manage games and other programs in Wine for you, without you having to worry about mucking up settings and trying to figure out DLL overrides to make things like DXVK or VKD3D work.

In my Debian 11, I’ve been having a lot of fun playing games when before it was more of a pain in the ass trying to set up Wine in order to do something the right way. In fact, the biggest trouble I’ve had out of a game lately, and I blogged about it, was Fallout New Vegas crashing all of the time, and the NVSE/New Vegas Anti Crash mods are something you’d need to screw around with on Windows as well.

While Steam is proprietary software under a proprietary license which brings in tons of crap and garbage and still often doesn’t work right, Lutris is licensed under the GNU GPLv3.

I’ve installed the latest version for Debian according to the Lutris instructions and paired it with the Wine Development Branch for my “System Wine”, which is currently sitting at 6.19 as of the time I’m writing this.

Every two weeks, WineHQ pushes the latest version into my copy of Debian and I get all of their latest improvements.

But how did SteamOS go so wrong?

Well, it’s not hard to imagine why, for me at least. Gabe Newell is a former Microsoft employee, and everyone there had nothing but Windows development experience when they ported Steam over, and that almost never ends well because they take an attitude of “Whatever gets it working now, just toss it in there.” that they learned from Windows, and well, gross.

Then they decided to do an entire GNU/Linux distribution.

Luckily, their Wine fork, Proton, ends up seeing most of the genuine improvements code reviewed and then merged back into Wine itself.

Years ago, we had a different problem. Wine had been licensed under the MIT X11 license, which is basically one of those “Do whatever the hell you want with it.” ones. A company called “Transgaming” came along and forked it and made “Cedega” for GNU/Linux, and “Cider” for the Apple Mac.

When the Wine project realized that they had made a huge mistake and that this hostile closed fork was competing with them, Wine changed its license to the LGPL v2.1 going forward. Then, Transgaming’s days were numbered. They no longer had any Wine code to swipe, so they did a “go it alone” version of Direct3D and some other things.

For a short while, it worked better than upstream Wine did, but eventually they couldn’t keep up and went out of business.

If Wine was still under the MIT license, Proton would have been another Cedega/Cider. But since it’s copyleft, we get to benefit from any improvements Valve makes. And like I’ve pointed out before, we don’t particularly need any Valve software on our computers.

There are other companies that have treated their customers better over the years, such as Gog.com, and they’re supported in Lutris.

In closing, if you like gaming on GNU/Linux and don’t want to tear your hair out, avoid Valve entirely if you can, or at least ignore “Steam(ing Pile)OS” and install a real GNU/Linux distribution, for crying out loud.

The security mess alone reminds me of Linspire, years ago (original company, under Michael Robertson) saying it logged everyone in as root because security would confuse Windows users, and Hans Reiser’s new file system would have ACLs that made UNIX permissions obsolete soon anyway.

I tried to reach out to Mr. Reiser to see how that’s coming along, but he’s still really really in prison in California for murdering his wife with a knife.

10.13.21

GNOME (and Debian) Infringe Human Rights by Shipping Parental Control Software (Internally Called “Malcontent”)

Posted in Debian, GNOME, GNU/Linux at 7:50 pm by Dr. Roy Schestowitz

Guest post by Ryan, reprinted with permission from the original

GNOME Parental Control Software

This isn’t easy to say, but it’s true, and I’ve been meaning to write about it for several days now.

In the 1990s, when the Internet at home was becoming more of a thing, Helicopter Parents began to fret that there was a growing “information superhighway” where their kids wouldn’t be “safe”.

In response to this, many corporations appeared on the scene such as Net Nanny and Cybersitter to claim that they would safeguard the PC for parents, so their children wouldn’t be able to access “inappropriate” content on the Web.

Unfortunately, for the stupid people who shelled out money for this crap, Windows 9x/Me had no security mechanisms whatsoever, and a child with even moderate levels of knowledge on how to reboot the machine into MS-DOS mode and run the system from there could disable it, reboot into Windows, do whatever they wanted, and then reboot back into DOS and configure it to turn back on to make their parents think that it was on the entire time. Windows was even worse then than it is now, because it didn’t even pretend at having access control lists, security labels, multiple user accounts (not real ones).

At its core, it was a fancy DOS shell that happened to implement some of the Windows NT APIs.

Most proprietary operating systems now have built-in “Parental Controls” (censorship software).

I couldn’t tell you how well they work, but it’s funny that Microsoft has one, since Bill Gates was palling around with one of the most prolific child rapists of the century, Jeff Epstein.

(As if one affiliation wasn’t bad enough, an engineer named Rick Allen Jones was arrested inside the Gates Mansion for possession of a child pornography trove. And it only barely made the news, and the courts quickly covered it up and the guy even had an illegal handgun, and somehow that went away, and he’s not on the sex offender list, and he’s living in Flagstaff, Arizona with his mother now.)

Even on a much better designed operating system than Windows, like GNU/Linux, one with real security features, one where security vulnerabilities are fewer and are legitimate mistakes in the code and not NSA backdoors like they are on Windows and the Mac, it’s impossible to “secure” or lockdown a computer when a person has physical access to it.

My guess is there will either be a misconfiguration somewhere or the child will just figure out a way to boot into Tails or something, and then there goes GNOME/FreeDesktop “Parental Controls”. (“Malcontent”)

In fact, putting this on the computer and then trying to remove the GNOME metapackage and Flatpak if you get rid of it is an insult on the part of Debian, which has already betrayed the ideals of Free Software by including Firefox, which now has a Surveillance Capitalism Keylogger malware component.

In the United Nations Convention on the Rights of the Child, an international law which along with (if I recall correctly) the prohibition on cluster bombs and land mines, only the United States has refused to sign, “acknowledges that children have the right to express their opinions and to have those opinions heard and acted upon when appropriate, to be protected from abuse or exploitation, and to have their privacy protected. It requires that their lives not be subject to excessive interference.”.

So, what GNOME and Debian are doing flies in the face of this Treaty as well. I wonder how the GNOME project feels in pushing this software that takes away people’s voices.

Parents can be every bit as autocratic, corrupt, and evil as a rogue state. And just saying “I pay the bills around here!” doesn’t give them an excuse to commit endless offenses against human rights.

In fact, the Treaty has optional protocols that require signatories to crack down hard on child abuse and to take measures to stop child prostitution.

Since the United States refuses to ratify it on account of some right-wing Christian nutcases rambling on about how they won’t be able to have their children “homeskeweled”, it can’t sign those protocols either.

If we, as a society, want to protect children, it needs to be tough punishment for abusers and the enablers of abusers of children.

No more of this trip to namby pamby land that Epstein and Jones got because they were rich, or Bill came to the rescue to avoid personal embarrassment.

But, you see, this is sort of what courts do. It’s not what you did, it’s who you know, how much money you have to fight back with, can you afford a lawyer that’s buddies with the judge.

For the most part, when I was a child, I had a tough time. I was bullied in school. Right after I turned 9 years old, my parents had another child and turned their focus to him, then I started to do poorly in school due to organizational problems and mental illness (which is also the reason why Michael O’Hare had to leave Babylon 5 after the first season…when it hits, it can hit hard).

Then my parents drifted apart and my mother started cheating on my dad with a truck driver.

They had each other in divorce court slinging mud back and forth. Between her cheating and the weird religious cults my dad has been in over the years, and me bouncing back and forth between their houses where my dad would psychologically abuse me and blame me for my mother leaving him, and my mom’s second husband’s house where he’d come home drunk and beat me to within an inch of my life, I’d say it’s amazing I even went back and completed school and did anything.

Was I exposed to Web pornography when I was a minor?

Yeah, I mean, I was curious and we had the internet in the house. My dad didn’t even know we had the internet. I hid an entire web browser in the C:\Windows subfolder mess and made a hidden folder in there where I shoved anything I wanted to keep. I had “free” dial up ISPs where I figured out how to crash the toolbars and then later to decipher my login credentials and use them ad-free on the (Mandrake) Linux partition.

Dad caught me browsing the news or something (so could have been worse, I guess) and reamed me out for getting the Internet without his permission, and he wouldn’t believe me when I said it was a local telephone call and there wouldn’t be any bills coming.

I guess that’s the long way of saying I was above average intelligence. I’d say I still am. Not a genius, but above average. The average is going down, btw.

And I figured out how to thwart my parents, install GNU/Linux in the 90s on an HP Pavilion from Walmart, freeload off some dotcom ISPs, find anything I wanted to on the internet, and use “BitchX” for IRC, which while Mandrake was installing, I said, “BitchX? What the hell is BitchX?”.

If it was still around, maybe Mitchell Baker would rename it BossX. Who knows.

Your kids, if you have them and you are reading this, are probably a lot craftier than you give them credit for. Than society gives them credit for. If I’ve learned a few things in life, one of those is that you underestimate people at your own peril.

In Chicago, right after I moved here with my ex, I was mugged, and I had to go to Juvenile Court to testify against my attacker. While I was waiting, I was reading some Democrat tripe about how “children aren’t just small adults”, except by the time they’re teenagers, they sort of kind of are.

The gangs in Chicago think they’re fine to use as child soldiers as soon as you can shove a gun in their hand and tell them to steal someone’s cars and cell phones and wallets.

The whole reason they can convince teenagers to start a life of crime is, basically nothing happens once they get to court. And they learn that nothing happens, and then they keep offending for life.

In closing, if anyone from GNOME, Debian, or FreeDesktop happens to read this, “Parental Control” software isn’t the answer.

Free and Open Source Software should empower users, including children, who use it.

We shouldn’t aspire to confine, deny information and ideas to, and help oppress people like Microsoft and Apple do.

They say they want to go after child abusers, and I say it takes some to know some.

10.12.21

A Tale of Two KDE Distributions: Kubuntu 21.10 and Debian 11 GNU/Linux

Posted in Debian, GNU/Linux, KDE, Ubuntu at 8:25 pm by Guest Editorial Team

Guest post by Ryan, reprinted with permission from the original

KDE screenshot
By KDE, GPL.

I recently tried out Debian 11 with KDE on my Lenovo Yoga 900 ISK2 laptop.

This is my older system and I feel more comfortable playing around with it because it’s not being used that much. Regardless, it allows me to see where things are at in other distributions.

While Debian 11 is generally a fine GNOME desktop experience, it’s hardly an ideal one for KDE users with HiDPI displays, because the version that they put in is far too old for the KDE on Wayland session to work properly.

While the X11 session probably works fine on lower resolution screens and can remain serviceable for the foreseeable future, both sessions are a complete scaling mess no matter what you do on a HiDPI monitor.

So I grabbed a daily build of Kubuntu 21.10 (which is not yet released), and I think it’s shaping up to be a good release so far.

Some of that is later improvements to KDE, and the rest is just that Kubuntu’s setup program is more pleasant and even offers to install a “minimal” version of the desktop so that you can start out with some basic essential software and then add what you want later.

This, I think, will be more enticing to people with SSDs, or even more so to people who are trying to go into developer mode on a Chromebook to clobber Chrome OS, but need the OS and their files to fit comfortably on an eMMC drive.

One of the downsides of KDE is that it has some applications that almost nobody really uses (Konqueror, Akonadi, KMail…) and which are either badly maintained, use more resources than they’re worth, or just don’t work properly, but the Plasma desktop is generally a fine piece of software.

The minimal install provided by Kubuntu, giving the user a relatively clean slate, also gives them a chance to explore oft-overlooked native KDE software, like the Calligra Office suite.

LibreOffice is the default office program, and you basically need it if you plan to save any Microsoft files (eww), and has both GTK and Qt bindings, but those are essentially a mask it wears. And it can be a good mask, and it’s not a bad office program, but it’s still a very “cross platform” program, whereas KDE has an official office suite that’s quite good. If you don’t need to _save_ to Microsoft formats, it can, however, import them, and it’s quite pleasant to use.

In fact, according to top (although the KDE system monitor now seems to count disk cache as used memory now for some reason), only 637 MB of RAM (excluding the disk cache, which can be evicted if the system runs low) were in use on my laptop with an empty KDE desktop running aside from the terminal. This is easily several hundred MB less than GNOME.

So far, the only thing I had to do with the KDE Plasma Desktop on the Yoga 900 ISK2 was configure my touchpad the way I like it and then scale the display to 200%. It even took effect instantly in the Wayland session. Nice!

And when I shut the lid and reopened it, Kubuntu 21.10 even remembered that I had a touchpad.

(Did I mention that Debian’s KDE on X11 didn’t?)

One of the reasons I haven’t taken a serious look at KDE recently (despite being a huge fan of their 3.x series) is because their window manager has been a complete disaster on that laptop with different HiDPI scaling bugs and various levels of completeness.

Obviously, it has gotten much better recently, but Debian froze a version of it that just doesn’t work too well for the screen in that particular laptop.

Mine is a special case (and an evil laugh).

Other than the odd PC and some Macs, not many computers have these screens (and most people are better off spending their money on a better processor, more memory, nicer graphics, bigger SSD, or something important) and so it wasn’t a pressing development matter, obviously, outside of GNOME.

In general, this is just Debian being Debian.

In normal usage, for most people, Debian is going to hold up better than Ubuntu because the software in the Stable version of Debian, while older, is rigorously tested and with the goal of there being far fewer serious defects in the final product as a result.

I posted about using Flatpaks several times if you need a newer version of a particular program on Debian, but just want a stable OS core that isn’t moving around a lot, with the usual bug churn that goes along with that.

The most notable feature of Debian is probably that they are extremely conservative about official kernel versions (although you can certainly install a newer one through backports).

That is to say that the official Linux kernels tend to be drawn from the LTS branches where it will just get more and more reliable over its five years (ish) support lifecycle upstream, and if it runs your hardware okay, there’s really not a lot of reason to mess with it.

But the policy extends to just about everything on the system.

And in some cases, that’s a shame, because KDE’s latest stuff strikes me as overwhelmingly competent. It works, it works well, and it’s not bloatware. If there is one thing I absolutely hate, it’s software that uses more resources than it should for the job it’s doing.

I did run into a weird issue where booting Kubuntu 21.10 on this laptop caused the uEFI BIOS in my Lenovo ThinkBook 15 ITL Gen2 to say it was backing up the self-healing BIOS until I shut down and cold started the computer.

I have no idea how Ubuntu is building their kernels. Debian doesn’t do this.

If I was going to switch over to KDE on this, it would probably be on Debian 11, even though there have been improvements, just because it’s stable and the 1920×1080 display plays nicely with everything.

Nothing gets me hotter under the collar than software that doesn’t work, or is working one day and not the next, and now the problem is fixed, but there’s another problem. That’s what Fedora was like.

It’s worth repeating….. DO NOT buy a HiDPI display.

You will only live to regret it. They’re a power-hogging monstrosity that demands a lot of the GPU, and they’re not practical.

Leave them for Mac fanboys who are watching kiss anime at 240p on Safari.

I’m sad to say that I bought one because I liked how it looked in the store, and then I ended up getting snookered in and only able to run GNOME these last several years.

At this point, I know to ask for 1920×1080 displays. A nice one. But 1920×1080. No more, no less.

I definitely see why some underpowered ARM laptops in the $100 range are going with KDE.

It’s probably the only desktop environment that any sane person would use that still works on such a system. While GNOME is nowhere near as bad about leaking memory as it used to be, it’s still no spring chicken on old or cheap hardware, and KDE is fast and feature-packed.

KDE has had extreme ups and downs over the years, and if anything gives me a second thought at recommending it, it’s that.

In early 2008, I remember being excited that we were going to get KDE 4.0, and then I went to evaluate it and almost nothing worked right, for me anyway, until halfway into the KDE 4 development cycle, with version 4.5.

Kubuntu 8.04 LTS ended up releasing an unofficial patchjob of KDE 3.5.”12″ and saying that was the LTS, and if you wanted the KDE 4 packages, you were on your own. No LTS support at that point. The KDE project made some truly bizarre development choices and one of them was this thing called the “Phonon” API, which seemed great in theory.

They would no longer be beholden to some sound system that might get abandoned upstream like aRts did. Phonon is a smallish API, and programs can use it to play sound and perform other tasks, not caring what the actual media engine behind it all is.

The only problem is that the default gstreamer backend was so terrible (at the time, it works fine now) that I installed an unofficial VLC plug-in, so that everything that used Phonon would end up with VLC’s enormous codec library. But even forcing the user to think about things like this seems like a bother in this day and age.

I mean, I’m willing to entertain some post-setup dotting of the i’s, crossing of the t’s, but an OS needs to work.

And KDE went on for years feeling half-baked with a bug system that was, at times, an echo chamber.

Along the way, they adopted this crazy versioning system that split everything out into three groups (not counting Qt itself!) and I’ve never taken to that, and I’ll always call Lake Shore Drive in Chicago by THAT name regardless of what the Democratic Party decides it is.

All while GNOME 3 (now 4x) just incrementally got better.

The KDE 5.x series is finally something I could install and use on my own computer as a daily driver… except that it’s been so long now that muscle memory for GNOME is built-up, but I can figure out pretty much anything fairly quickly, and would be comfortable changing over on a fresh install if I decided to.

The importance of KDE, to me, is that it’s now one more option.

If GNOME does something that just flat out makes their software useless and terrible, in my opinion, or KDE just keeps getting better, I can easily switch to it.

That’s important. I doubt either will ever get proprietary software-bad, but still….choice is nice.

In Windows, there have been other shells besides “Exploder” (Explorer), but very few people ever installed them, and just muddled through trying to figure out where everything was every couple of years when Microsoft decided to rearrange the deck chairs on the Titanic. Most of the projects that even tried to bring some (UI-level) sanity to Windows are now dead. Most were better-written than Microsoft’s, not that that’s much of a hill to climb, but most of the developers themselves probably gave up trying to make the best out of the situation and fled to GNU/Linux and just didn’t have anything left to develop and test on.

Remember how awful that Windows 8 thing was? Remember them giving you the start button back and then having it lead to that second desktop you were trying to ignore? That’s how GUI developers give you a proper middle finger.

That’s one in a particularly long line of cruel manipulations from Microsoft. I hear that now with Windows 11 you have to set your default browser in like 23 different places, and it’s still hardwired to ignore you and do whatever the hell Microsoft wants.

This is just not how you’d treat a friend, and it’s not the way Free Software treats its users.

10.04.21

Windows Vista Service Pack ’11′ Will Have “Virtualization Based Security” Theater That Slows Down Games Almost 30% and Enables Security Vulnerabilities on Intel Tiger Lake CPUs (Probably Others Too)

Posted in Deception, GNU/Linux, Microsoft, Windows at 2:15 pm by Guest Editorial Team

Guest post by Ryan, reprinted with permission from the original

Windows 11 will have “virtualization based security” theater that slows down games almost 30% and enables security vulnerabilities on Intel Tiger Lake CPUs (probably others).

According to PC Gamer, “Microsoft ‘will be enabling VBS on most new PCs over this next year’ and that can tank PC gaming performance by around 25%.”.

“Nothing Microsoft has ever done has slowed them down for long, and I suspect your svchost will still be svchosting malware in short order.”Where VBS is “Virtualization Based Security”. (Not to be confused with Visual Basic Scripting, which was their scripting language, and what the Melissa and I Love You viruses, along with countless others were written in.)

The interesting facts about VBS (the “security” thing, not the virus scripting language) is that it is designed to wall off “critical parts” of the Windows OS so that it’s harder for malware to inject malicious code into them. But I wouldn’t count out those industrious malware authors. Nothing Microsoft has ever done has slowed them down for long, and I suspect your svchost will still be svchosting malware in short order.

What it does do is cripple performance, at least gaming. Could be one reason why my games run so much better in Wine on Debian 11.

I had turned “VBS” on when I had Windows because it’s in Windows 10, and it didn’t mention anything about performance problems.

To get it to even turn on at all required uninstalling a useless incompatible driver meant for Windows 8 that Windows 10 had brought in from the manufacturer of my old WD EasyStore drive.

“So to enable VBS “security”, you have to make your system impossible to secure against a speculative execution attack, and then in exchange for this, you get to slow your video games down 28%. Wow, sign me up!”So it appears that pretty much all an attacker needs to do in order to shut it off is manage to get a driver that’s written for an earlier version of Windows installed somehow, which shouldn’t be difficult, and then at least in Windows 10 it’s gone and you don’t get an alert(?).

Also, buried in the details are that since this thing relies on Microsoft HyperV, it will stop other virtualization software from running correctly.

And if you look in the Event Viewer (sorry, I didn’t take a picture, I should have), you’ll see that Windows lists CVE numbers belonging to Spectre attacks that it isn’t mitigating because they want the “Hypervisor” to perform well and don’t want to get in the way of Intel’s Hyperthreading, which is being used to speed up HyperV, which is running VBS.

So to enable VBS “security”, you have to make your system impossible to secure against a speculative execution attack, and then in exchange for this, you get to slow your video games down 28%. Wow, sign me up!

“While we are not requiring VBS when upgrading to Windows 11,” explains the post, “we believe the security benefits it offers are so important that we wanted the minimum system requirements to ensure that every PC running Windows 11 can meet the same security the DoD relies on. 

Microsoft

It’s amazing what money can buy. Microsoft bought a Pentagon. Former President Trump was about to hand them “JEDI” to put in their Azure Clown, which has caused so many security disasters for other organizations that we don’t have all day for me to list them.

“Microsoft bribes and “lobbying” got the government to ditch them and weaken them so that Windows could get government contracts.”In the 1980s and 1990s, there were these security standards that the US government still used called the Rainbow Books, which pretty much only a UNIX system could provide. Microsoft bribes and “lobbying” got the government to ditch them and weaken them so that Windows could get government contracts.

Then in exchange for bringing Windows in, we got the “smart ship” stuck at port due to a Windows NT crash, worm mess on Windows 2000 and XP (which didn’t even enable the software firewall in the first release and logged everyone in as Administrator or apps broke, and had raw sockets for normal users), Vista LULZ (and their current operating systems are still basically Vista service packs), and everything else that Windows has brought with it but to name a few.

It’s time to bring real standards back to computing.

Microsoft is better at public corruption than they are with security, as you can no doubt see.

Matthew Garrett’s Twitter Log Shows Exactly Why We Need to Give Security Theater the Boot

Posted in Deception, GNU/Linux, IBM, Microsoft, Red Hat at 9:24 am by Guest Editorial Team

Guest post by Ryan, reprinted with permission from the original

Matthew Garrett put Security Theater Boot support into the Linux kernel some time ago, and he got a Free Software Treachery Award for it from the joke that the FSF has turned into.

“Bootkits just really aren’t much of a problem on desktop GNU/Linux…”Now on his Twitter log, he shows us some of the mess he has caused.

See, if you have “Secure” Boot turned on, and you shouldn’t, but if you do, you’ll see the Linux kernel complain that it is disabling hibernation support, and while that alone really isn’t a huge problem because as long as you can suspend and resume (which still is far from given these days even though we were lied to and told uEFI would be better, over ten years ago), it really shows where we’re at now.

Bootkits just really aren’t much of a problem on desktop GNU/Linux, and I doubt they were ever a real problem on much of anything involving a competently-administered GNU/Linux systems, except maybe embedded hardware, where they can lock it down all they want, but those people don’t care about security. If some asshole at Netgear can make a cable modem based on a Linux 2.6 kernel, you’d better believe they’ll do it. After all, you probably won’t know if your modem is compromised.

In reality, I strongly suspect that even on the Windows side, Security Theater Boot was implemented to make it harder to crack Windows using a boot activation exploit. While it’s true that Microsoft laid off the locking people out of their computer over activation failures, for now, the truth is that after Windows 11 requires Security Theater Boot, OEMs may just make it mandatory and stick you with it, and then Microsoft could decide at any time to stop signing shim, and there’s no way to boot GNU/Linux on a PC anymore. The minute they think they can, they will. The only reason you could turn it off up until now was that they had legacy software and hardware in support, but that’s going away.

“But in exchange for false security which doesn’t gain us anything, we’re forced to deal with no hibernation…”It’s part of the “Up yours, buy new stuff!” theme of Windows 11 where lots of expensive computers won’t run it because they’re 36 months old. (But switching to GNU/Linux on these is probably an option for you.).

But in exchange for false security which doesn’t gain us anything, we’re forced to deal with no hibernation, an entire “kernel lockdown” (unauthorized access… by you, the owner of the machine) patch set whose entire goal was to remove the user’s control over kernel settings from userspace (which Microsoft didn’t even publicly demand in exchange for signing the shim bootloader after Red Hat and Canonical bent the knee instead of filing lawsuits), and has left us unable to extend the kernel that runs our own machines with out-of-tree drivers that we feel like running.

Since people can delete tweets and make them unavailable for critical comment, here’s what this sanctimonious asshole has been up to lately.

UEFI troll tweet

UEFI troll tweet

UEFI broken
Yes, that FAMOUS GNU/Linux bootloader, “Windows Bootloader”. There it is, under P:\EFI\Microsoft\Boot\en-us. I’d recognize it anywhere!

He guesses and gets it into the kernel, and you get to wonder if your OS will work later. He also exaggerates, misdirects, and misleads. (see above) But that’s what carnival barkers do.

That is sort of what happens when you have a failed biologist implementing Security Theater from Microsoft. Getting money from them by proxy to do it with.

The company that brought you Windows.

The operating system that goes “Herr! Derr! Here you go, have some files dumped on this here flash drive because the letter belonged to your portable hard disk earlier! Here’s some Microsoft Defender, don’tcha know!?”.

Anyway, I really do wish I had all day to read his Twitter blogs where he pontificates about how the police who protect him from the rioters are evil murderers. But I’ve thought about him too much for one day just for this post.

Anyway, enjoy Windows 11. I’m sure it’ll be great.

10.03.21

On Nvidia Cards and GNU/Linux: Why You Should Make Sure Your Next PC Doesn’t Have an Nvidia Card

Posted in GNU/Linux, Hardware at 8:05 am by Guest Editorial Team

Guest post by Ryan, reprinted with permission from the original

Back in the days, nobody made a good GNU/Linux graphics solution that had an open source driver stack.

In fact, even today 15 or 20 years later, AMD and Intel do not have drivers that are fully open or Free (as in Freedom). All of the big three require at least signed binary-only firmware modules to be downloaded into the cards, or else they don’t expose their 3d engines to the operating system, and without that, you won’t be doing much of anything.

But Nvidia has been a longtime thorn in the side of the GNU/Linux desktop user. On one hand, there’s the argument that when you load their proprietary driver, you get great performance. I’m not here to argue this point because nobody is saying you won’t.

“Since Nvidia’s driver is not supported by Linux, it may run, but nobody will know how to help you when it causes problems.”What I will argue, instead, is the maintainability problems and the ethical side of the debate.

When you choose Nvidia, instead of funding hardware companies that put working drivers into the Linux kernel, X11, Wayland, and Mesa3d (an open source implementation of OpenGL and Vulkan 3d graphics APIs), you give money to a company that bypasses the GNU/Linux driver stack and tosses a large “blob” of code that’s literally just a Windows driver that they ported over with a “kernel glue layer”.

Many people consider it to be illegal to ship an operating system with this driver included, which is why most of them make you go get it somehow, and bolt it on after the fact. The process isn’t even consistent because there’s as many ways to do it as there are distributions you could install it on.

Although Nvidia’s license doesn’t disallow it, Linux is under the GNU General Public License, which says that anything that is linked to the kernel and distributed with it is a derived work.

“Nvidia likes to refuse to implement standard programming interfaces and then demand that unpaid (by Nvidia, at least) Free Software developers instead port their project to Nvidia’s alternative facts.”Therefore, if a distribution ships Nvidia’s proprietary driver in a way that you don’t have to do anything in order to get it, they’re a GPL violator. Plain and simple. The Linux maintainers probably won’t enforce it, but it’s still wrong.

Debian and many other distributions warn (in neutral language, but most people have no reason to use the proprietary AMD driver since the open source one is fine) that if you get the Nvidia driver straight from Nvidia’s website, and install it, it will only work for the kernel you installed it with.

As soon as your distribution ships a new kernel, it will have a different application binary interface, and even if somehow it does not, Nvidia’s generic installer package isn’t set up to where it would place a new module into the new kernel. In fact, even if you do get Nvidia’s driver from a source that rebuilds it automatically, you have to wait until dkms rebuilds it each time you get a new kernel. That doesn’t happen a lot with Debian, but new kernels arrive all the time in Fedora. It also adds complexity, and something that might fail.

Also, I think that with Microsoft’s “Security Theater Boot” turned on, you can’t actually install Nvidia’s package directly. It needs to be from your distribution so they can sign it. Not that this will stop Nvidia’s installer from saying it succeeded, but when you reboot you’ll see a security policy violation instead of your OS booting. Lovely.

I don’t know exactly how badly this would break these days, because I got tired of Nvidia and was one of the earliest adopters of AMD’s Evergreen series (Radeon HD 5xxx) when they announced an open source solution. At the time I last saw, the kernel would boot the broken configuration Nvidia left it in and then X11 wouldn’t start because the settings referenced a driver setup that no longer existed.

Further, Nvidia would overwrite the system’s OpenGL drivers, so if you removed their driver and installed a competitor’s product, it wouldn’t function properly if it used Mesa3d to provide OpenGL, at least unless you knew how to fix it, or until your operating system installed an update that replaced Mesa3d’s missing libGL.so library. It also left behind deliberately misconfigured settings files all over the OS.

The Romans used to call this “poisoning the well”. If they couldn’t hold territory that they invaded, nobody else could have it either.

Since Nvidia’s driver is not supported by Linux, it may run, but nobody will know how to help you when it causes problems.

Loading the Nvidia module “taints” the kernel, so that you can’t file bug reports. Every kernel developer I’ve talked to was fed up with wasting their time when the Nvidia driver causes bugs all over the kernel tree, including sometimes in the printing system, the file system, and the input devices, or causes an internal structure to become corrupt resulting in a system crash.

Hey, why would you want stability anyway?

So they fixed the problem on their end by ignoring bug reports from people with this driver loaded. Since they can’t fix the driver, and you can’t ask them to, go talk to Nvidia. But Nvidia doesn’t always care. Like most companies, if they can hide behind the fact that you can’t “prove it” or at least that you have no power to compel them to fix it, they will, and things stay broken.

Since Nvidia doesn’t implement standard GNU/Linux, X, Wayland, and Mesa interfaces, sometimes their users don’t get features that the rest of us do for years, or at all.

Nvidia likes to refuse to implement standard programming interfaces and then demand that unpaid (by Nvidia, at least) Free Software developers instead port their project to Nvidia’s alternative facts.

This is sleazy because it abuses the Free Software developers and forces them to do unpaid work for Nvidia to keep their users happy. In the case of GNOME, you couldn’t use the Wayland session at all on Nvidia cards for years. Then it loaded but was too broken to use for years. And I think you can use it now.

Not because Nvidia fixed anything, but because Red Hat implemented a nasty hack that got “XWayland” to run, and you need that for a ton of software, even today, including Wine (to run Windows programs).

But you’ll get used to nasty hacks soon enough if you use proprietary drivers. In fact, most vendors aren’t even as “good” as Nvidia about ever updating them again.

Did I tell you the story about my Avermedia TV Tuner Card that only worked on 32-bit Ubuntu 8.04 and never got updated again? It crashed the kernel too. Cool story, right? I know.

In the past, Nvidia wrote a very slow 2d-only driver called NV.

The only reason it existed was so that X11 would have something to load so you could load the proprietary driver. Today, the “stub” (although on older cards it usually works well enough to keep) usually ends up being nouveau.

If you have an old Nvidia card, nouveau (a reverse engineered open source driver) might run it satisfactorily, but almost certainly won’t if the card is new.

Early on, I was excited for nouveau because they were reverse engineering the card’s firmware too, which meant you didn’t need anything from Nvidia to make the supported cards work.

Then Nvidia announced that they would enforce firmware signing. Allegedly for security reasons, but really because they don’t want anyone to know how their cards work. At all. Not on the driver level, but especially not in firmware.

So they made their binary-only firmware redistributable, but mostly don’t contribute to the nouveau driver. So you would have the same firmware situation (binary-only, redistributable) as with the other drivers, only without an open source operating system-level driver to run the card correctly once it was initialized. The worst possible outcome.

If you need high performance graphics, the AMD open source driver is good. If you just need acceptable graphics in a laptop, Intel’s graphics are at least alright, and both have open source drivers you don’t ever have to configure or think about.

If you install a new operating system component that relates to the drivers, you get a newer version of that component, and it all happens behind the scenes while you use the computer normally.

In software development, there’s a term called technical debt, where a solution that is “fast and easy” at first becomes a snowballing burden that causes more work for you to maintain than having just done things right the first time.

Nvidia will cause you more work and problems than they are worth, even if their products are a bit faster than the competing ones in the lineup.

Right, but how bad can Nvidia be?

I gave away my last Nvidia card and forked the Linux kernel and brought in updated Mesa3d packages before there was a proper release working with my AMD Evergreen card to get early access to AMD’s code. This was somehow more pleasant than dealing with a crashing unstable system due to the Nvidia driver.

Today, over a decade later, you obviously wouldn’t even need to do that, if you want an AMD card, because the infrastructure is mature.

Nvidia does nasty things to Windows users too.

They do market segmentation and use their driver to selectively cripple the hardware. At one point, last year I think, they used the driver to limit bitcoin mining, but Nvidia ultimately proved themselves to be too stupid to enforce that when they accidentally leaked a driver that didn’t enforce the hash rate limiter.

Most of the “updates” to make particular applications work “better” just disable features in the program that their hardware doesn’t get along well with and which is making them look bad. Then the framerate goes up. It doesn’t actually make the game or application any better.

In fact, it may look worse. Speed cheats have been around in proprietary video drivers for a long time. ATI even did it with Quake. At that point in time, it was so crude that if you wanted to cause the driver not to load the hacks, I believe you just needed to rename the executable file for the game.

Nvidia has a history of killing companies that do innovate.

When they bought 3dfx and shut them down, for example. 3dfx had better products, but had run into financial dire straits, and so Nvidia bought them simply to acquire patents, eliminate a competitor, and then keep pushing Nvidia junk on us.

Like most companies, they use others, but they don’t contribute.

Like Microsoft not paying taxes, but getting government contracts anyway, Nvidia treats the organizations that make it possible to run their products at all on GNU/Linux badly.

Recently, the Xorg maintainers have lamented the fact that nobody in the industry wants to step up and even be a stable release branch maintainer. For a long time, the stable release branch maintainer was Apple, which at least needed a working X Server, for XQuartz (similar to XWayland in concept), but now Xorg is basically bit rotting, while companies that make serious bank off of GNU/Linux business, such as Nvidia, let it happen, and won’t even lift a finger to assist in making bugfix releases to this thing that’s almost in mothball development mode.

IBM/Red Hat’s solution to Xorg rotting away is to try to take the next step away from it on GNU/Linux and just abandon the pieces that Wayland doesn’t use. Even Debian 11 with GNOME doesn’t strictly need all of Xorg in order to run properly these days. With Wayland-compatible graphics, you could run a system with no Xorg, only XWayland, but I think we’re still a couple of years off from ditching Xorg. Ubuntu still defaults to it for reasons, and some of those reasons are Nvidia won’t help make their cards work well in Wayland, but also won’t help maintain Xorg.

Giving money to Nvidia helps them harm us and set us back.

Funding Nvidia is similar in concept, I think, to funding hostile countries that have oil that sponsor terror and politicians who deny global warming instead of having public transportation.

Okay, well, maybe it’s not THAT bad, but you get my point. That it takes money that could go to a company that actually supports us and minimizes the overall harm to the computing ecosystem that we all benefit from, and sends it to a company hostile to all things Free and Open Source, which makes massive profits, and then won’t support the infrastructure.

Nvidia is riding high on a Bitcoin Bubble.

I really hope, for many reasons, this crashes, hard and fast, someday soon, and that it completely hoses Nvidia when it does. We would be better off with Nvidia in bankruptcy than churning out products that are this harmful and corrosive to our cause.

But you can help, a little, in your individual capacity, by not buying anything that has an Nvidia logo on it.

When I was critical of Nvidia in the Fedora support channels, I was warned that I violated their Code of Conduct by “insulting” a company. This is just one of the many reasons I won’t use Fedora anymore. Their community is gone, their other desktop spins are horrible, their main spin doesn’t work all that well these days and the people making the decisions do bizarre and incomprehensible things, but the idea that you can’t speak openly, and honestly, and not even in a profane manner about Nvidia… And how do you insult a company anyway, and why would anyone honestly care if you did?

Fedora’s position is “These Nvidia devices are out there and you can’t avoid them, especially on laptops.”. I have three laptops and zero Nvidia chips in them. It must be because that’s impossible.

Lenovo Ships ThinkBook 15 Gen2 ITL Series Full of UEFI BIOS ACPI Bugs, Releases Half a Dozen BIOS Updates, and Doesn’t Fix the Bugs

Posted in GNU/Linux, Hardware, Lenovo, Microsoft at 5:28 am by Dr. Roy Schestowitz

Guest post by Ryan, reprinted with permission from the original

For those who wonder what an OEM like Lenovo actually ships in their uEFI firmware, and what Microsoft Windows simply works around and helps them hide, take a gander at the Linux kernel’s log below.

Linux works around the bugs too, but Windows actually hides them from you!

Here’s a Google search from some of LOL NO VO’s other satisfied customers, with their “business grade” solution.

Lenovo’s “support” people in the forums don’t know anything, but they mostly deal with crap like Windows and tell people how to turn it off and back on again.

Here’s an Ubuntu bug and what a Ubuntu developer has to say about at least some of this. (The person in question has a Lenovo Legion Y540-15IRH according to his DMI Decode dump. Which suggests these errors affect more than one of their product lines.)

But they slapped an Ubuntu Certified label on this ThinkBook 15 Gen2 ITL model I use, and other than this damned mess I had to sort out with the AX210 Wifi chip, it’s an okay laptop.

I just wish it wouldn’t shove all of this garbage in my face every time I boot it up. It appears right before the Debian bootsplash, and although LOL NO VO Ubuntu Certified this thing with some sort of Linux 5.6-OEM kernel that Ubuntu 20.04 autodetects, I can’t imagine that it could work very well with that kernel. The Wifi is still touch and go and you have to put it in AC only mode and cherry pick Linux 5.10.70 out of Debian-Proposed (or wait until Debian 11.1 to install it, but you can probably make it work okay until you can cherry pick the newer kernel. Just remember to turn off fast boot in Windows and shut the system down to fully clear the Windows driver out of the chipset’s memory first!).

Now, I will directly quote the Ubuntu developer, Alex Hung:

“There are two types of ACPI errors observed: AE_ALREADY_EXISTS and AE_NOT_FOUND

The former, AE_ALREADY_EXISTS, usually happens

1) when BIOS loads multiple SSDTs (in /sys/firmware/acpi/tables) that contains the objects with the same names (and usually the same functions too). Naming conflicts prevent kernel to load all of them correctly.

2) BIOS’s ACPI methods are not serialized and multiple calls the same methods occur.

I would guess we are seeing scenario 1 here. They are usually harmless because a copy of working SSDT is loaded while duplicated ones are discarded.

The later, AE_NOT_FOUND, is the opposite. This occurs when BIOS does NOT load SSDTs and therefore kernel is not able to get information and perform accordingly.

Neither types of error messages can be fixed without BIOS fixes.

Fortunately, all of the failing ACPI methods are optional, and there are good chances that Linux / Ubuntu will work without them. There are three types of devices *might* be affected according to the error messages:

1. USB (\_SB.PCI0.XHC.RHUB…)- but USB ports and devices should just-work without BIOS code, which are usually for OEM customization.

2. Touchpad (\_SB.PCI0.I2Cx…) – error messages are reported for i2c-2 and i2c-3, but it is likely the touchpad is connected to i2c-1. Please check whether you are experience problems with your touchpad.

3. Switchable graphics (\_SB.PCI0.PEG0…)- but error messages are “AE_ALREADY_EXISTS”. lspci also shows no discrete VGA present on this system, and nothing to worry about.”

In other words:

Lenovo has made a damned mess, but left it there because of reasons, including the fact that operating systems don’t generally use uEFI drivers for anything because operating systems have their own, they perform better, and if I’m remembering the gist of this, once you exit boot services, you can’t use the ones from the system firmware anyway. Everything on this laptop works fine, including the HDMI port. The only exception is the fingerprint scanner built into the power button, but who cares?

Errors for touchpad devices that don’t even exist where it’s printing the error message for? My touchpad works fine. So, whatever I guess. I use a bluetooth mouse anyway.

“Regardless, I think Techrights needs to add this to why uEFI is no good.”Switchable (hybrid) graphics errors. I don’t have hybrid graphics on this system. In fact, when laptops usually ship with that, they tend to use an Nvidia “card” for the high performance chip, and I’ve had enough of Nvidia’s proprietary driver for 10 life times already. In fact, there _may_ be a BIOS option regarding hybrid graphics in my firmware setup. I may look there at some point and see if I can shut it up. Lenovo may have just left the setting on/off for laptops they ship like that?

Of course, some people on Gigabyte motherboards, as well as Dell and Acer laptops, seem to have these problems and some that actually affect the operation of the computer. So I guess Lenovo isn’t the absolute worst.

Regardless, I think Techrights needs to add this to why uEFI is no good. These are the same class of problems, and then some, that the buggiest of Legacy PC BIOS systems were known to sometimes have, and we were lied to and told that Microsoft and Intel would clean up that mess with uEFI, and they obviously didn’t. Windows is just the fridge that the equally proverbial cockroaches hide under.

However harmless some of these errors are, in practice, to a person who didn’t know better, they make Linux appear broken when it’s not.

But this behavior isn’t new at Microsoft.

What the user is supposed to do is feel uncomfortable, and when he has bugs, suspect that the problem is [the competitor’s product], and then go buy [our product].

Former Microsoft Senior Vice President Brad Silverberg

Regardless, here’s the eyesore I get to read about on my screen when my system is booting. Thanks, Lenovo.


[ 0.175571] ACPI: Added _OSI(Module Device)
[ 0.175571] ACPI: Added _OSI(Processor Device)
[ 0.175571] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 0.175571] ACPI: Added _OSI(Processor Aggregator Device)
[ 0.175571] ACPI: Added _OSI(Linux-Dell-Video)
[ 0.175571] ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio)
[ 0.175571] ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics)
[ 0.223165] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.TXHC.RHUB.SS01._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223171] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223173] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223174] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.TXHC.RHUB.SS01._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223177] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223178] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223180] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.TXHC.RHUB.SS02._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223183] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223184] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223185] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.TXHC.RHUB.SS02._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223187] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223188] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223190] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.TXHC.RHUB.SS03._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223192] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223194] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223195] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.TXHC.RHUB.SS03._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223197] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223198] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223200] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.TXHC.RHUB.SS04._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223202] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223204] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223205] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.TXHC.RHUB.SS04._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223207] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223208] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223210] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS01._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223212] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223213] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223214] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS01._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223217] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223218] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223337] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS02._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223340] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223341] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223342] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS02._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223344] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223346] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223347] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS03._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223349] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223351] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223352] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS03._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223354] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223355] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223407] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS04._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223409] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223411] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223412] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS04._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223414] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223415] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223417] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS05._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223419] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223421] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223422] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS05._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223424] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223425] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223427] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS06._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223429] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223430] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223431] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS06._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223433] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223435] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223436] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS07._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223438] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223440] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223441] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS07._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223443] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223444] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223446] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS08._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223448] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223450] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223450] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS08._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223453] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223454] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223572] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS09._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223574] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223576] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223577] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS09._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223579] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223580] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223698] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS10._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223700] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223702] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223703] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.HS10._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223705] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223706] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223824] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS01._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223826] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223827] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223828] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS01._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223830] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223832] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223833] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS02._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223836] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223837] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223838] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS02._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223840] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223842] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223843] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS03._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223845] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223847] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223848] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS03._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223850] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223851] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223853] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS04._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223855] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223856] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223857] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS04._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223859] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223861] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223862] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS05._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223864] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223866] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223867] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS05._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223869] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223870] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223872] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS06._UPC], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223874] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223875] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.223876] ACPI BIOS Error (bug): Failure creating named object [_SB.PC00.XHCI.RHUB.SS06._PLD], AE_ALREADY_EXISTS (20200925/dswload2-326)
[ 0.223878] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-220)
[ 0.223880] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0014)
[ 0.224477] ACPI BIOS Error (bug): Could not resolve symbol [_SB.PC00.I2C0.TPD0], AE_NOT_FOUND (20200925/dswload2-162)
[ 0.224480] ACPI Error: AE_NOT_FOUND, During name lookup/catalog (20200925/psobject-220)
[ 0.224481] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0010)
[ 0.224500] ACPI BIOS Error (bug): Could not resolve symbol [_SB.PC00.I2C0.TPL1], AE_NOT_FOUND (20200925/dswload2-162)
[ 0.224502] ACPI Error: AE_NOT_FOUND, During name lookup/catalog (20200925/psobject-220)
[ 0.224503] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0010)
[ 0.225016] ACPI BIOS Error (bug): Could not resolve symbol [_SB.PCI0], AE_NOT_FOUND (20200925/dswload2-162)
[ 0.225018] ACPI Error: AE_NOT_FOUND, During name lookup/catalog (20200925/psobject-220)
[ 0.225020] ACPI: Skipping parse of AML opcode: OpcodeName unavailable (0x0010)
[ 0.225234] ACPI: 19 ACPI AML tables successfully acquired and loaded
[ 0.225830] ACPI Error: AE_NOT_FOUND, While resolving a named reference package element – ^SPI1.SPFD.CVFD (20200925/dspkginit-438)
[ 0.225833] ACPI Error: AE_NOT_FOUND, While resolving a named reference package element – ^SPI1.SPFD.CVFD (20200925/dspkginit-438)
[ 0.225836] ACPI Error: AE_NOT_FOUND, While resolving a named reference package element – ^XHCI.RHUB.HS04.VI2C (20200925/dspkginit-438)
[ 0.225845] ACPI Error: AE_NOT_FOUND, While resolving a named reference package element – ^XHCI.RHUB.HS04.VI2C (20200925/dspkginit-438)

GNOME Web 41 Flatpak Review and Bonus: You MUST Have a Web Browser in Debian! (Is This a Bug?)

Posted in Debian, GNOME, GNU/Linux at 5:08 am by Guest Editorial Team

Guest post by Ryan, reprinted with permission from the original

GNOME Web 41
GNOME Web 41 on Debian 11 GNU/Linux

Just several days ago, I gave a mostly favorable review of GNOME Web 3.38.2 as packaged by Debian 11 GNU/Linux.

While I think 3.38.2 was a good browser, I decided to move on and pull in the Flatpak version of GNOME Web 41.

“The YouTube Ad Block script mostly works. Sometimes you see a second or two of the ad, but it mostly gets rid of them, and they never interrupt a video.”Visually, the two versions are pretty similar, but there have been some improvements to stability, performance, minor UI tweaks, and a new AdGuard script that complements the built-in Webkit Content Blockers-based Ad Block feature.

When I got started, I made the mistake of pulling in the Flatpak without removing the DEB.

When you bring in the Flatpak of Firefox, it can be installed side-by-side with Firefox ESR from Debian, but GNOME Web does not get along well with its Debian package cousin, and the Debian version takes priority in the GNOME Shell overview.

So I ended up purging epiphany-browser and epiphany-browser-data with apt, and then deleting the local config and cache folders for “epiphany” under my Home folder (which are hidden behind the Ctrl+H hotkey to toggle invisible items).

This made way for the Flatpak, which now started.

The YouTube Ad Block script mostly works. Sometimes you see a second or two of the ad, but it mostly gets rid of them, and they never interrupt a video. Which is nice, because Google has gotten totally carried away to the point of making it unusable without this.

“Bill Gates was a liar when he swore up and down that IE was integrated deep, deep, into the guts of Windows 98, in court, under oath. So why can’t I remove Firefox ESR from Debian?”Performance of GNOME Web 41 has been improved, due to improvements in both the browser and in the newer version of WebkitGTK it brings in from the GNOME 41 platform Flatpak.

Today, I decided that I didn’t really need two Firefoxes, Firefoxen(?), whatever. 😉

So I went to apt-get purge the Firefox ESR from Debian to keep the Flatpak, only Debian told me that it would remove Firefox ESR and bring in Chromium. At first I thought something was broken, but then I found out that several of the metapackages require a Web browser, and they don’t recognize browsers from Flatpak, and when I decided I’d get clever and apt purge firefox-esr chromium … It told me it would get rid of a bunch of stuff, including the X11 server(!!!!) and bring in the DEB package for GNOME Web.

But that’s when it gets really strange.

I told it apt purge firefox-esr epiphany-browser chromium and now it wants to bring in Konqueror and half of KDE, including its Dolphin file manager.

So at this point, I became intrigued and told it apt purge firefox-esr epiphany-browser chromium konqueror, and it agreed to remove all browsers and not put a browser on the computer, if I would remove the X server, some fonts, all of LibreOffice, and the GNOME and desktop metapackages.

I think that this has to be some sort of a bug, because nothing should force you to have a Web browser, plus I still have Vivaldi installed, and alternatives recognizes that as one of the options for x-www-browser.

So I searched the problem, and a suggestion for how to hack around it came up suggesting to build an empty package that lies and says it’s a provider for “chromium” and dpkg -i it, and it would fool apt so that when you remove firefox-esr it doesn’t try to install anything.

I’m just not that sure Firefox ESR bothers me that much, but the idea that we “must” have a browser in a GNU/Linux OS is a bit nuts, isn’t it?

When I was 14, I set up Windows 98 and then used an unofficial script called Revenge of Mozilla, written by Bruce Jensen, and the Explorer shell from Windows 95 OSR 2.1 (FAT32 compatible), and it gave Windows 98 an enema and got it down to less than 100 MB.

It turned out that it ran pretty well after that, and that many patches no longer applied to you because you didn’t have the bloated and buggy code on your computer.

Bill Gates was a liar when he swore up and down that IE was integrated deep, deep, into the guts of Windows 98, in court, under oath. So why can’t I remove Firefox ESR from Debian?

Lastly, I finally got around to installing the email client, Geary, out of Flatpak. For privacy, I won’t post screenshots of that, but it’s pretty much as pictured on Flathub, except I use Adwaita Dark.

There’s no pesky guessing at how to set this thing up if you use GMail or Outlook Mail, which you can log into via OAuth through GNOME, in the Settings application.

In fact, this is VERY nice because I use two-factor authentication on all of my accounts and making app passwords is a hassle.

Technically, GNOME already has an email client called Evolution, and it has been around for a very long time (originally from Ximian, then Novell, and now “The Evolution Team”).

But Evolution is a big “Groupware” suite, and Geary is just an email client. If you’re like me and just need email, and want a fast and efficient workflow and a performant client, Geary fits the bill.

Microsoft’s Outlook Webmail occasionally gives GNOME Web an outdated version that’s a holdover for Internet Explorer 7 and earlier, and it looks like Hotmail.

It’s pretty gross. I asked Michael Catanzaro to look into using User Agent tricks to make it work, but we never found anything that reliably brought up the “modern” version that other browsers get.

It’s interesting, because Microsoft doesn’t do this to Safari.

They have done similar nasty things to Opera, back when it was really a company in Norway with a real browser. They had a very good rendering engine, better than anything else out there at the time, and Microsoft sabotaged MSN. So Opera released a Bork Edition of Opera, which translated Microsoft’s website into the language of the Swedish Chef.

Regardless, since Geary does what I need it to, and pairs well with GNOME Web, I won’t have to be using Microsoft’s nasty webmail interface. Even if you do get the “modern” one, it will take up a bunch of the screen with “Are you using an ad blocker? Click here to pay us and we’ll give you part of the screen back!”.

I really need to get everything over to one email service that Microsoft has nothing to do with. That won’t be easy. *sigh*

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts