33
submitted 6 months ago by jntesteves@lemmy.world to c/linux@lemmy.ml
[-] jntesteves@lemmy.world 13 points 6 months ago* (last edited 6 months ago)

rpm-ostree currently does not support DKMS, and it's unlikely that'll be implemented anytime soon, if ever. It does support akmods, though, which is the preferred way to build Kernel modules on Fedora. You could ask if the packager can build that way to support the Fedora Atomic editions.

If you need these Kernel modules now, I think your only option would be to build manually from source, but that has the downside of requiring a manual step every time the Kernel is updated.

Edit: there are a few issue reports already: https://github.com/pop-os/system76-dkms/issues/58 https://github.com/pop-os/system76-acpi-dkms/issues/16

13
submitted 9 months ago by jntesteves@lemmy.world to c/linux@lemmy.ml

Gordon Messmer on fosstodon:

CIQ built a community on an objection to subscriber-only services, only to build a new subscriber-only service. Will their community accuse them of betraying Open Source?

https://medium.com/@gordon.messmer/will-ciqs-new-support-program-alienate-the-community-it-built-on-an-objection-to-subscriber-only-fb58ea6a810e

[-] jntesteves@lemmy.world 16 points 9 months ago

you are vulnerable during pairing which is for like a minute.

I said this twice on the PSA: it's hard to tell if your device is in discoverable mode, and it's easy to forget it in that state, or start it accidentally. I've caught my devices accidentally in discoverable mode many times. You could have your PC a whole week in discoverable mode and never notice it, just by having a settings window left open.

It's more risk than most people should take, hence the warning.

Still, if you're comfortable with the risk, you're free to change the config and allow insecure devices.

[-] jntesteves@lemmy.world 22 points 9 months ago

The controller itself is insecure, it doesn't exactly conform to Bluetooth standard. There's no indication Sony ever planned cross-compatibility, the DualShock 3 was made to be used only on the PS3 console, where the lack of authorization supposedly wouldn't be a problem.

Of course, you can still use it on a system where you can accept the risk, as well as on the PS3, or wired. The controllers are not e-waste yet.

89
submitted 9 months ago* (last edited 7 months ago) by jntesteves@lemmy.world to c/linux_gaming@lemmy.world

PSA: Bluetooth vulnerability and PS3 Controllers on Linux in 2024

In late 2023 a Bluetooth vulnerability CVE-2023-45866 was discovered and patched in Bluez. By now, this vulnerability should be fixed on all Linux distributions. The fix has one compatibility implication: support for insecure legacy devices is now disabled by default. The Sony PlayStation 3 Controller (AKA DualShock 3 or DS3) is probably the most notable device affected by this change.

What to do if you have a PS3 Controller

The PS3 Controller should still be plug-and-play on Linux when used wired, this change only affects wireless use.

Wireless use is now disabled by default. It should still be possible to use the controller wirelessly with a configuration change, but that will make your PC vulnerable when Bluetooth is in discoverable mode — that's when you're pairing a device; in GNOME that's when you just have the Bluetooth settings open; easy to have on by accident.

It's painful for me to say this (I own several PS3 Controllers), but the DS3 is reaching its end-of-life, and we should start to consider moving on from it as a gamepad for PC.

How to re-enable Bluetooth support for the PS3 Controller

This is insecure: It will make your PC an easy target for remote code execution attacks from anyone in close proximity whenever your Bluetooth is in pairing/discoverable mode. It's usually hard to notice when Bluetooth is in discoverable mode, and it's very easy to accidentally leave it on. You have been warned.

TL;DR: The following commands should do it, tested on Fedora 39:

sudo sed -Ei~ -e 's/^#ClassicBondedOnly=.*/ClassicBondedOnly=false/' /etc/bluetooth/input.conf
sudo systemctl restart bluetooth

Long version: Use the configuration file at /etc/bluetooth/input.conf, under the [General] section, add the option ClassicBondedOnly=false, then restart the bluetooth service or reboot the computer. Your config file should look like the following:

# Configuration file for the input service

# This section contains options which are not specific to any
# particular interface
[General]

# Set idle timeout (in minutes) before the connection will
# be disconnect (defaults to 0 for no timeout)
#IdleTimeout=30

# Enable HID protocol handling in userspace input profile
# Defaults to false (HIDP handled in HIDP kernel module)
#UserspaceHID=true

# Limit HID connections to bonded devices
# The HID Profile does not specify that devices must be bonded, however some
# platforms may want to make sure that input connections only come from bonded
# device connections. Several older mice have been known for not supporting
# pairing/encryption.
# Defaults to true for security.
ClassicBondedOnly=false

# LE upgrade security
# Enables upgrades of security automatically if required.
# Defaults to true to maximize device compatibility.
#LEAutoSecurity=true

I'm posting this PSA on !linux@lemmy.ml and !linux_gaming@lemmy.world. Please forward this message to other interested Linux communities.

147
submitted 9 months ago* (last edited 7 months ago) by jntesteves@lemmy.world to c/linux@lemmy.ml

PSA: Bluetooth vulnerability and PS3 Controllers on Linux in 2024

In late 2023 a Bluetooth vulnerability CVE-2023-45866 was discovered and patched in Bluez. By now, this vulnerability should be fixed on all Linux distributions. The fix has one compatibility implication: support for insecure legacy devices is now disabled by default. The Sony PlayStation 3 Controller (AKA DualShock 3 or DS3) is probably the most notable device affected by this change.

What to do if you have a PS3 Controller

The PS3 Controller should still be plug-and-play on Linux when used wired, this change only affects wireless use.

Wireless use is now disabled by default. It should still be possible to use the controller wirelessly with a configuration change, but that will make your PC vulnerable when Bluetooth is in discoverable mode — that's when you're pairing a device; in GNOME that's when you just have the Bluetooth settings open; easy to have on by accident.

It's painful for me to say this (I own several PS3 Controllers), but the DS3 is reaching its end-of-life, and we should start to consider moving on from it as a gamepad for PC.

How to re-enable Bluetooth support for the PS3 Controller

This is insecure: It will make your PC an easy target for remote code execution attacks from anyone in close proximity whenever your Bluetooth is in pairing/discoverable mode. It's usually hard to notice when Bluetooth is in discoverable mode, and it's very easy to accidentally leave it on. You have been warned.

TL;DR: The following commands should do it, tested on Fedora 39:

sudo sed -Ei~ -e 's/^#ClassicBondedOnly=.*/ClassicBondedOnly=false/' /etc/bluetooth/input.conf
sudo systemctl restart bluetooth

Long version: Use the configuration file at /etc/bluetooth/input.conf, under the [General] section, add the option ClassicBondedOnly=false, then restart the bluetooth service or reboot the computer. Your config file should look like the following:

# Configuration file for the input service

# This section contains options which are not specific to any
# particular interface
[General]

# Set idle timeout (in minutes) before the connection will
# be disconnect (defaults to 0 for no timeout)
#IdleTimeout=30

# Enable HID protocol handling in userspace input profile
# Defaults to false (HIDP handled in HIDP kernel module)
#UserspaceHID=true

# Limit HID connections to bonded devices
# The HID Profile does not specify that devices must be bonded, however some
# platforms may want to make sure that input connections only come from bonded
# device connections. Several older mice have been known for not supporting
# pairing/encryption.
# Defaults to true for security.
ClassicBondedOnly=false

# LE upgrade security
# Enables upgrades of security automatically if required.
# Defaults to true to maximize device compatibility.
#LEAutoSecurity=true

I'm posting this PSA on !linux@lemmy.ml and !linux_gaming@lemmy.world. Please forward this message to other interested Linux communities.

[-] jntesteves@lemmy.world 51 points 9 months ago* (last edited 9 months ago)

Hi, I can answer about the PS3 controller issue. I thought about making a public announcement about this, but I forgot. I'll work on that now and then link to it here, but to sum up the situation: Support for insecure legacy devices is now disabled due to CVE-2023-45866, and that includes the PS3 controller. You can re-enable support, but that will make your PC vulnerable when Bluetooth is in discoverable mode — that's when you're pairing a device; in GNOME that's when you just have the Bluetooth settings open; easy to have on by accident.

I'll explain how to re-enable support in the PSA post. It's a one-liner, but I won't put it here because I think people should be well-informed of the risks before considering it.

Edit: PSA posted at https://lemmy.world/post/11498269

[-] jntesteves@lemmy.world 15 points 10 months ago* (last edited 10 months ago)

Wayland and X11 are protocols, they are essentially just documentation. You need an implementation to be able to actually run programs on it, called a compositor. People tend to think of X11 as a single software because historically Xorg became dominant as the main implementation of the specification, so most of us have only ever used Xorg (but Xorg is not the only implementation of X11, there are many others). Wayland, as a newer protocol, hasn't undergone such consolidation yet, there are many competing compositors implementing the protocol in their own way. GNOME has one such compositor, and KDE has their own, and there are many others. So it's not about "Desktop Environments" all running over the same compositor, as it was on Linux in the Xorg days. Instead, the Wayland features you get are the ones your choice of compositor has already implemented, and can vary between different compositors.

[-] jntesteves@lemmy.world 6 points 10 months ago* (last edited 10 months ago)

I'm using GNOME Wayland on Fedora 39 and I don't have the problem you describe. I just go to settings and select my keyboard layouts:

  • English (US, intl., with dead keys)
  • English (intl., with AltGr dead keys)

And everything just works. I specially like the second one because it doesn't interfere with keybindings in games, which can be a problem in GNOME Wayland.

Oh, I think I get the issue you're having, you can't find the Çç character on the Linux layout 😅 I always have to explain this to people migrating from Windows, it's AltGr+, (right Alt key plus Comma). I like this shortcut better than the Windows layout, but I understand some people might not like it. Unfortunately, I can't answer your question, as I too don't know how to customize the keyboard layout. I just got used to the Linux layout.

101
submitted 11 months ago by jntesteves@lemmy.world to c/linux@lemmy.ml

With PIpeWire hitting its 1.0 release we speak with project lead Wim Taymans about what has been achieved and where we go from here.

[-] jntesteves@lemmy.world 5 points 1 year ago

Although that link exists, that's not what is being used by default. [[ is a shell builtin in ash/busybox, so that takes precedence.

On Alpine:

❯ which [[
/usr/bin/[[

❯ command -V [[
[[ is a shell builtin
[-] jntesteves@lemmy.world 32 points 1 year ago

This article lacks focus and mixes unrelated security concepts in questionable ways. It ends like just an ad for Wolfi. Don't get me wrong, Wolfi is neat, it's probably deserving of being talked up. But it doesn't solve the supply-chain issues pointed out by the article (it doesn't even try). Supply-chain attacks are currently not a major issue in Linux distributions, and enterprises are already tackling the issue of provenance elsewhere, and the article itself notes that. Dependency management for enterprise software is NOT the responsibility of Linux distros. So what is the point of the article? To me, this article is security mumble jumbo.

[-] jntesteves@lemmy.world 11 points 1 year ago* (last edited 1 year ago)

I believe the platform power profiles are standard nowadays and coded in the bios, so Linux should have access to them just like Windows does. You can use the powerprofilesctl command to list and change power profiles. Gnome also has a Power Mode switcher on the top menu, it's the same thing.

I can talk of my experience with the 2021 Asus ROG Strix G15, I have 3 power profiles:

  • performance: Power limits to max; Aggressive fan curve with speed limit to max. Generally loud fans. I need this to play demanding games in the summer.
  • balanced: Power limits to max; Moderate fan curve with a medium limit. Great perf (under sane ambient temp), while not too loud.
  • power-saver: Lowered power limits; Quiet fans.

Those seem to correlate exactly with the power profiles in Armoury Crate: Turbo, Balanced and Silent respectively. I don't think there's any performance being left on the table.

Gaming laptops with AMD CPU + AMD dGPU are a great suit for Linux gaming.

Also, AMD GPUs benefit a lot from undervolting, which is safe to do. It's free performance. I've made a simple systemd service to keep the undervolt always active: https://codeberg.org/jntesteves/amdgpu-tune

[-] jntesteves@lemmy.world 9 points 1 year ago

Thanks for the report. This issue was supposed to have been fixed in the Flatpak package, but you just brought to my attention that part of the fix was accidentally reverted. I'm sending a new PR right now to try to fix the issue again.

[-] jntesteves@lemmy.world 5 points 1 year ago

Itch has its own launcher which has a native Linux version, you can find it on Flathub: https://flathub.org/apps/io.itch.itch

Although it doesn't get many updates anymore, feels like it's on maintenance mode. It supports installing both Linux and Windows versions of games and even launching the Windows version with Wine, although without any DXVK/VKD3D options, it's kinda bare-bones, but for the generally simple indie games on the platform it usually works fine.

[-] jntesteves@lemmy.world 5 points 1 year ago

You shouldn't generalize your bad experience with NVIDIA's proprietary driver to Mesa. Graphics device switching just works on Mesa, hence laptops with an AMD dGPU are great on Linux.

Typing this from a 2021 Asus ROG Strix G15 Advantage Edition

view more: next ›

jntesteves

joined 1 year ago