the stream

Links to articles, short comments on various topics - basically the sort of posts I would have put out on Google+ in previous years.

H.264/AAC in Vivaldi on arm64 Raspberry Pi OS

Alexander Bochmann Friday 01 of July, 2022
The Vivaldi web browser has an arm64 version that runs on the recently released arm64 port of Raspberry Pi OS. Unfortunately, out of the box, this version doesn't support a lot of media formats, and relies - same as Chromium, which Vivaldi is built on - on an external decoder library for some of them.

Now the Vivaldi distribution comes with a downloader script for that shared library at /opt/vivaldi/update-ffmpeg. As of right now, the script doesn't find a valid file for arm64 though. Looking at the code, it fetches a custom version of a Debian/Ubuntu package for chromium-codecs-ffmpeg-extra from Launchpad. As it turns out, Raspberry Pi OS ships an own version of exactly that deb, which installs a version of the required library to /usr/lib/chromium-browser/libffmpeg.so. This is great, except that it's not a place where Vivaldi looks for the file.

Vivaldi itself is started through an own wrapper script that's installed to /usr/bin/vivaldi. The wrapper has a few places where it tries to LD_PRELOAD a matching libffmpeg.so from, one of which is a custom location below the current user's ~/.local/ directory, involving the checksum of the expected library version. Luckily, the checksum is not actually checked - it's just used as part of the directory name.

So I came up with the following one-liner to create that directory for the current user and drop a symlink to Raspbian's chromium codec file:

grep -A1 arm64 /usr/bin/vivaldi | awk -F'=' '/FFMPEG_SUM_DEB/ { cmd="mkdir -p ~/.local/lib/vivaldi/media-codecs-"$2" ; ln -s /usr/lib/chromium-browser/libffmpeg.so ~/.local/lib/vivaldi/media-codecs-"$2"/libffmpeg.so" ; system(cmd) }'

This fetches a few candidate lines from the Vivaldi startup wrapper, finds the one that has the required checksum, and runs it through awk to create directory and symlink.

I have not yet tried to find out if the expected checksum changes between Vivaldi versions, but unless there's a major change in /usr/bin/vivaldi, I can just run the command again to create a new directory in the required location.

Note this doesn't provide Widevine or other DRM codecs, but at least I can now play back videos that have been reencoded to H.264/AAC by Mastodon.

(I have pretty much the same information over in a Fediverse thread.)

Mac Mini early 2009 temperature sensor placement

Alexander Bochmann Wednesday 11 of August, 2021
I noticed that the old Mac Mini I reinstalled with Linux (a longer story involving the rEFInd Boot Manger) was running quite hot as soon as it got a bit busy. After installing and (auto-)configuring lm-sensors it turned out the fan was running at low speed despite the high temperatures.

I had at some point replaced the SSD I had in there (instead of the original SATA disk) with a different model. There's a temperature sensor glued to the front of the disk, which is a feed to the automatic fan speed management. The original disk (and the older SSD) had a metal casing, which acted as a heat transport to the sensor. The new SSD is enclosed in plastic instead, and while I put the sensor to the same position, it never measured the temperatures required to spin up the system fan.

For now, I ended up placing the sensor to the rear on top of the shielding of the Wifi module instead (the chipset heat sink didn't seem like a good idea). This seems to work well enough, and the fan now actually turns up when required:

$ sensors
Adapter: ISA adapter
Master :     2424 RPM  (min = 1500 RPM, max = 5500 RPM)
TC0D:         +46.2°C  
TC0H:         +45.8°C  
TC0P:         +47.0°C  
TH0P:         +59.5°C  
TN0D:         +68.8°C  
TN0P:         +57.5°C  
TW0P:         +56.5°C  
Tm0P:        -128.0°C  

Adapter: PCI adapter
temp1:        +68.0°C  (high = +95.0°C, hyst =  +3.0°C)
                       (crit = +100.0°C, hyst =  +2.0°C)
                       (emerg = +135.0°C, hyst =  +5.0°C)

Adapter: ISA adapter
Core 0:       +44.0°C  (high = +105.0°C, crit = +105.0°C)
Core 1:       +46.0°C  (high = +105.0°C, crit = +105.0°C)

hiding device type from the user agent in Vivaldi on Android

Alexander Bochmann Sunday 02 of May, 2021
I recently noticed that the Vivaldi browser for Android adds the OS version and the type of the device being used to the user agent string sent to web servers.

It is possible to disable this behaviour in one of the advanced flags though, by opening vivaldi://flags from the address bar, and searching for the freeze-user-agent flag. When this setting is enabled, Vivaldi will always use "Android 9; Unspecified Device" in the browser user agent.



Alexander Bochmann Monday 14 of September, 2020
A few years ago, I set up a copy of Shaarli, but ended up never using it. My initial idea was to have it as a central repository for bookmarks, but then Floccus showed up as a way more convenient solution for bookmark sync. I also thought about using it for sharing links with short summaries (similar to the posts on here, or on G+ before), but then the Fediverse came along and soaked up most up my online activity.

I didn't really pick up the link sharing habit over there - wasn't shure about how to blend it in with my other posts. I thought about creating a second account just for that, but keeping multiple accounts is too much of a hassle for me (which also sunk the idea to use language-specific alts or fan out by general topics). Didn't go back up using Tiki either, as I do much of my reading on mobile devices nowadays, and writing Tiki posts from there is kind of annoying. With Shaarli, I can use the Shaarlier app to quickly drop links and a short description.

Not sure how this will end up in the longer run, but it's a try.

My Shaarli is over here, and also has an own separate RSS feed.

ETL2PCAPNG - convert Windows netsh trace files to PCAP

Alexander Bochmann Saturday 29 of February, 2020
After Microsoft had deprecated the Microsoft Message Analyzer (cache) tool last year, there was no good way to work with network traces generated on Windows systems with the netsh trace ... command.

Microsoft has now released ETL2PCAPNG (cache), a small program that converts ETL files to PCAPNG, see this announcement on the Microsoft Core Infrastructure and Security blog (cache), so trace files can now be processed with standard utilities like Wireshark.

Android: Qualcomm® aptX™ bluetooth notification

Alexander Bochmann Friday 01 of February, 2019
On my new Blackberry Key2 LE, I have run into a system notification when certain bluetooth headphones are connected:

using  Qualcomm® aptX™
using Qualcomm® aptX™

Great. What do I care? Let's disable this notification.

Notifications from this app can't be turned off
Notifications from this app can't be turned off

Helpfully, the message shows the name of the Android component, com.qualcomm.qtil.aptxui

So I enabled developer mode on the phone, connected from the PC via adb shell, and killed off the whole thing:

bbe100:/ $ pm disable-user --user 0 com.qualcomm.qtil.aptxui
Package com.qualcomm.qtil.aptxui new state: disabled-user

I have not noticed any negative consequences.

But, really, what is this idiocy with hardware vendors injecting ads into the system? Qualcomm has 37 packages on the system, according to a pm list packages | grep qualcomm. I'm not inclined to trust them very much, but unfortunately there's little to no documentation on this kind of vendor crap on Android.

I took the opportunity to disable another obvious one, ''com.qualcomm.qti.haven.telemetry.service".

Blackberry Key2 LE vs. FRITZ!WLAN Repeater 310 with FritzOS 7.01

Alexander Bochmann Friday 25 of January, 2019
Last night, my 2.4GHz FRITZ!WLAN Repeater 310 upgraded to the new FritzOS release 7.01. The repeater is configured as FRITZ Mesh device (connected to a FRITZ!Box 7490 as mesh master). I'm currently tinkering with a Blackberry Key2 LE that I bought to replace the aging S4 mini that I used up to now (more on that later, maybe). After upgrading the repeater, the Key2 LE couldn't connect to the wifi network anymore. In an area only covered by the repeater, it didn't even see the SSID anymore. It was still possible to connect directly to the base station though, when moving into range. All the other devices I had available had no problems connecting through the repeater either.

As AVM doesn't currently provide downgrade images for the Repeater 310, I tried a factory reset and re-establishing the mesh connection, to no avail.

I then started playing with wifi network settings, and as it turns out, there's a simple fix: Don't use channel 13 on the repeater.

After excluding channels 12 and 13 from the wifi channel selection on the FRITZ!Box, the system switched down to channel 11, and suddenly the network appeard back in view on the Blackberry device. Also tried manually setting channel 6, which worked too.

Not sure what to make of that. Channel 13 was fine with this device before the FritzOS upgrade (yes, I know using it is not recommended, but this is the first time that created a problem for me).

RFC 6762 reserved the .local TLD in 2013 for Multicast DNS!

Alexander Bochmann Monday 06 of August, 2018
I was not aware that RFC6762 (cache) reserves the ".local" TLD for exclusive use for Link-Local addresses with Multicast DNS:

RFC6762 wrote:
This document specifies that the DNS top-level domain ".local." is a special domain with special semantics, namely that any fully qualified name ending in ".local." is link-local, and names within this domain are meaningful only on the link where they originate.

Lutz Donnerhacke points to this in a German language article that explains how this leads to problems accessing a CIFS mount in a Windows domain that uses the .local TLD.

OpenSSH uses MD5 with salt to encrypt the passphrase for RSA keys by default

Alexander Bochmann Saturday 04 of August, 2018
Details here: The default OpenSSH key encryption is worse than plaintext (cache)

@latacora wrote:
The punchline is that the AES key is just MD5(password || IV[:8]). [..] MD5 is very cheap to compute. The only thing this design has going for it is that the salt goes after the password, so you can’t just compute the intermediate state of MD5(IV[8:]) and try passwords from there. That’s faint praise, especially in a world where I can rent a machine that tries billions of MD5 calls per second.

Ssh keypairs for Ed25519 use a new format to encrypt the passphrase. Since 2013, it's been possible to create RSA keys with new-format passphrase encryption using ssh_keygen -o, but since that's not been the default, I don't assume anyone has ever used that (I haven't).

Might be worth replacing all RSA keypairs for pubkey authentication (and remove the corresponding public key from any authorized_keys files on all destination systems) - and all Ed25519 keys that use the same passphrase. Unless you're absolutely certain no one ever had access to the private key, in which case just upgrading the passphrase encryption using ssh-keygen -p -o -f <PRIVATEKEY> might be good enough.

Mastodon embeds on the blog...

Alexander Bochmann Saturday 14 of July, 2018
I've been pulling in some posts from my Mastodon instance to the blog, using iframes to directly show the embed view provided my Mastodon.

There's two problems with that:

One is, that someone who is using a content blocker like uBlock Origin or uMatrix likely won't see anything in these posts when they're blocking third party content by default. The other is - what happens when my Mastodon instance is down?

So I've now added direct links to each of the embedded posts, serving a dual purpose: There's first party content (the link), and also the Tiki engine creates a cache entry that can be accessed when the Mastodon server is unreachable.

I've also tagged all affected posts as mastodon embed, so I can easily find them and replace the content should I ever plan to shut down my Mastodon system.

Windows 10 1803 annoyances

Alexander Bochmann Wednesday 06 of June, 2018
So far, I've run into two major annoyances with Windows 10 1803...

First is that the mobile hotspot function (sharing a cellular data connection to other devices via Wifi) has been gimped, and trying to activate it just results in an "To share your connection, you need to add this feature to your cellular data plan first." - message:

Information around this is very scarce at this time - just a handful of search engine hits. From a post on the italian Microsoft forums, it seems you now need a Store app published by your mobile phone provider to use this feature. WTF, really? I've been tinkering for quite some time to find out where Windows looks up if using the hotspot is allowed or not, to no avail. Also see over here on Mastodon.

The other problem is that powersaving for the first gen switchable graphics in my old notebook doesn't seem to work anymore. In previous versions of W10, the integrated Intel graphics would be used on battery, using a lot less power than the AMD graphics chip.

As for minor niggles, it's not possible anymore to unconditionally set a network connection as "metered" to restrict Windows updates and background data - you'll have to set a daily or monthly data limit for the network, and then tell the system to always restrict background data (instead of within 10% of reaching the limit).

It really seems that W10 1709 was the sweet spot for this old notebook, but after I didn't see any immediate problems with the new version in the week directly after upgrading, I already deleted to rollback version...

converting animated GIFs to video...

Alexander Bochmann Sunday 15 of October, 2017
...is a major pain, since animated GIFs don't have a fixed frame rate: The animation can define a variable pause after each individual frame.

jzw has updated his resize.pl script (cache) with a new function to get around that limitation:

jwz wrote:
I'm converting them using the all-singing all-dancing image-and-video resizer that I wrote, resize.pl, which uses ImageMagick to extract each frame as a PNG then constructs an incredibly hairy ffmpeg command to put it all back together with the proper frame timing.

(via tedu)

old Acer Launch Manager on Windows 10

Alexander Bochmann Friday 22 of September, 2017
I'm still using the same Acer Aspire 3820G laptop that I bought over six years ago, though I've switched to Windows 10 during the "free upgrade" time. Mostly everything works, despite missing vendor drivers. The function keys (sleep, sound volume, etc.) have basic support, but I recently noticed that the wireless switch only toggles through a handful of states, none of which have both Wifi and Cellular modem enabled.

For Windows 7, Acer provided Dritek Launch Manager to enable or disable wireless functions (Wifi, Bluetooth, Cellular), but version 4.0.5 doesn't install successfully on Windows 10 - and newer releases don't support the 3820G hardware.

After some experimentation it turns out that just starting the Launch Manager Setup.exe in compatibility mode for Windows 7 (right-click, select "Troubleshoot compatibility") surprisingly does the trick - installer completes, and after a reboot the wireless function key actually starts Launch Manager instead of driving the Win10 builtin toggle.

Acer Launch Manager Win10
...so now I can use the Cellular modem and provide a Wifi hotspot at the same time.

more downtimes

Alexander Bochmann Sunday 20 of August, 2017
Ever since upgrading to OpenBSD 6.1 (and newer ports of everything), the web server seems to run out of file descriptors after some time, even though I have moved some of the older PHP applications over to a web hosting service.

Couldn't find out what that is caused by, up to now.

site's been down for over a week...

Alexander Bochmann Saturday 15 of July, 2017
...and I didn't even notice since I spent most of my online time on my Mastodon instance.

Somehow I managed to lose the p5-Time-TimeDate package on the OpenBSD web server, which in turn made vlogger fail to start up, and that resulted in all kinds of followup problems for the web service.

Unfortunately I have no memory of removing the package, so I'm not quite sure what happened there (but the date matches a day where I started moving some web sites off this server, so maybe I did some misguided cleanup)...