Why Run A Tiling Window Manager?

 Computing  No Responses »
Jun 302024
 

The funny thing is that this post is not about window tiling but about conventional tiling window managers that to a great extent are “do it yourself” window managers. That is they kind of expect you to do a lot of configuration yourself.

This is not about specific tiling window managers even though I use Awesome and Hyprland.

Tiling vs Floating

In the earliest days of gooeys, windows tended to be tiled so that they didn’t overlap; if you added a new window to the screen, the existing windows would shrink to make room for the new window.

So-called (at least in tiling window managers) “floating” windows were hailed as a brilliant new feature where windows were independent and could overlap. Cool right?

And this is certainly the way that most conventional gooeys work – from Windows, MacOS, and even Linux, they all support floating windows by default. On the other hand, tiling window managers support tiling by default (most will support floating windows as well).

So why would you want to go back to the dawn of gooeys? And it is not just us weird geeks running minimalist window managers looking at tiling – many mainstream desktop environment have tiling features.

It maximises screen real-estate by automatically sizing windows so the whole desktop is covered. I can remember carefully dragging windows to resize them to maximise their size with conventional ‘floating’ window managers. Something that now happens automatically.

Customisation

So tiling can be done with conventional desktop environments – some of which allow support for tiling. KDE has Bismouth; GNOME has the Tiling Assistant, and even Windows has options. Now a tiling window manager does treat tiling as a first class feature, that’s not really why those who prefer them like them.

No, it’s the minimalism and customisation.

Most desktop environments carry with them lots of bonus features – which is fine for most. But if you don’t need those features and/or want to do things in a different way, then a full desktop environment isn’t what you want.

And tiling window managers tend to be minimalistic; even to the extent that some do not include a status bar requiring an optional status bar to be installed. The default configuration (if any) tends to be minimalistic requiring lots of tinkering to get the most out of it.

Which is a positive feature for tinkerers if a negative feature for those who just want to be up and running. But tinkering whilst it takes time, does tend to product a more productive environment – for example my Hyprland configuration includes a custom key binding to grab IP addresses and URLs from a highlighted section of the screen (and optionally “defangs” safely specified dangerous URLs which give you a hint about what I do).

Picture of a Raven
Who Are You Looking At?

Ubuntu Server: The Interactive Installer Sucks Big

 Computing, Linux  No Responses »
Jun 092024
 

So on Friday my workstation blew up … which goes some way to explaining why this server has been down for much of the weekend (it’s a container on my workstation). The operating system boot drive magically went read-only – which as some of us know is a clear indication that an SSD is on its last legs. Or a few steps beyond.

So I re-installed on a new drive, and for various reasons I chose Ubuntu Server again. An upgrade which made things a bit more interesting.

Now whilst I know that most servers are installed in ways other than interactively, but the interactive experience is bloody awful.

For a start, if the text console is a ridiculous large size – perhaps $COLUMNS is greater than 160, then change the bloody console font. It may be a rare case that someone is installing Ubuntu server on a screen where the resolution is so high, but it can (and in my case does) make the text far too small to read.

And secondly, do something about the logical volume manager creation; I wanted to create a logical volume with a name other than “ubuntu-vg” (the old drive was still readable and creating two VGs with the same name struck me as a dumb idea). The default method didn’t seem to offer a way to rename the VG; the custom method kept giving me an installation error.

The later could possibly be my mistake – I was reduced to using a magnifying glass.

And yes everything is working now.

But sort out that installer!

In The Crack

Upgrading the ASRock TRX50 WS Motherboard Firmware

 Computing, Working Notes  No Responses »
Apr 172024
 

Well that was interesting …

So I decided to upgrade the firmware on my ASRock TRX50 WS motherboard tonight. Partially because I had planned on trying it to sort out a mysterious crashing problem (which turned out to be the world’s worst SATA SSD ‘error’), and partially because I’d like to make sure I know how the process works. And funnily enough, finding ASRock’s instructions aren’t so simple.

The first really rather obvious step is to download the firmware from the ASRock support site. This comes down as a ZIP file, which needs to be unpacked :-

  • TRX50-WS_9.03.ROM

This needs to be copied to a USB stick formatted as FAT32, but whilst you’re checking that make sure that the partition type is set to an appropriate value (0x0b is the value I used; the second time), because it turns out that the ASRock firmware won’t recognise a FAT32 filesystem just based on the actual filesystem – it checks the partition types.

But before you shut down and start the upgrade process, record any firmware settings you may have made … for better or worse, the upgrade will reset any changes you have made.

Starting the upgrade is fairly simple – go into Setup, move across to Tools and select the “Instant Flash” option. This will pop up a menu of different firmware version files it has found that are compatible with your motherboard. Select the version you want (in my case it was just one option), and press Return.

After a warning, it’ll start the upgrade process; this consists of :-

  1. A progress bar which slowly progresses to 100%
  2. A reboot which takes you back into the firmware.
  3. A second progress bar which also progresses slowly.
  4. At some point when this has finished, it’ll just sit there for a few minutes and finally start booting with the new firmware.

Of course in my case, the settings reverting to default values resulted in the SlimSAS controllers both being reset to “NVME” rather than “SATA” meaning half my storage array wasn’t present! But it all worked in the end :-

✓ root@pica» dmidecode -s bios-version
9.03

Of course ASRock claim you only do a “BIOS Upgrade” (I hate that word “BIOS” – it’s not really appropriate) when it is absolutely necessary, but an upgrade when it isn’t necessary isn’t a bad idea. Just to get practice.

It should be noted that the firmware should be update-able with fwupdmgr so any urgent updates may well come via that route.

The Missing Sign

Email: Why Aren’t You In The “To” Header?

 Computing, Email  No Responses »
Apr 062024
 

Just came across someone today who wasn’t aware of the “BCC” (Blind Carbon Copy) header, and was wondering how an email reached her when her address wasn’t in the “To” header. It’s all too easy to laugh at people who somehow missed learning this stuff, but how often does email get taught these days?

Headers Are Just Comments

Well that heading is a bit of an exaggeration but it’s a helpful exaggeration. It is perhaps more accurate to say the headers are hints to the underlying software. There is a chain of software “under the hood” that takes the email you have composed in some kind of email client (which includes a web mail interface which is the most common way these days), formats it into a suitable format for a “mail transport agent” which then determines the “mail transport agent” is closest to the recipients and sends it there.

You -> Mail client -> Your MTA -> Recipient’s MTA

In terms of headers that you populate to instruct that chain where emails should go, there is :-

  • The “To” header which is what is most commonly used.
  • The “Cc” (“carbon copy” – an archaic reference) header which allows you to specify additional recipients, but it implies that the additional recipients are included as a courtesy (“You might want to see a copy of this for information.”).
  • The “Bcc” (“Blind carbon copy” ) header, which allows you to specify additional recipients but when your client transfers your email to the mail transfer agent it will add the recipients to the “envelope” (which we will explain shortly) but remove the header.

There are two reasons for using “Bcc”. One is basic politeness – if you are sending to a lot of addresses, the recipients will see that header and it can take up valuable screen real estate distracting from the content of the email. The second is security – if you are sending an email to lots of third-party contacts it may well be appropriate (and even required) to hide their addresses from each other. Not everyone wants their relationship with an STD clinic to be “public”!

The “Envelope”

When a client communicates with the mail transport agent, it will use something called SMTP (simple mail transport agent) which is very simplistic and the MTA does not look at the contents to determine anything (or rather it does not need to; some do especially if they do anti-virus scanning) :-

Connected to peach.
Escape character is '^]'.
220 zonky.org ESMTP Exim 24.12 Sat, 06 Apr 2024 09:57:50 +0100
helo pica
250 zonky.org Hello pica.zonky.org [2001:8b0:ca2c:dead::b000]
mail from:<some-forged-address@zonky.org>
250 OK
rcpt to:<address1@zonky.org>
250 Accepted
rcpt to:<address2@zonky.org>
250 Accepted
data
354 Enter message, ending with "." on a line by itself
The email appears here including mail headers
.
250 OK id=1rt1ts-0001k8-MM
quit
221 zonky.org closing connection

That is a forged SMTP transaction with certain details changed. The important bits are in bold which are what your mail client would use to communicate with the mail transport agent. As you can see they are simple enough to be “faked” by a person. There is a great deal of trust going on here – far too much for the modern age – but there are additional controls in place to make forging things somewhat harder than this would imply.

The key commands are as follows :-

  1. mail from:<some-forged-address@zonky.org>: This specifies the address the email is apparently from. Normally this would be a setting in your mail client (whether you can change this or not), but there is nothing here to stop you setting any address you want. Although there are almost always additional controls in place to make this harder.
  2. rcpt to:<address1@zonky.org>. This specifies what email address the email should go to. It is usually pulled from the headers you filled in whether that was the To, CC, or BCC headers. At this stage there is no difference. However you can put in addresses that don’t appear in the email at all.
  3. data. This is where your mail client copies the email that has been composed including all the headers. It will remove the “BCC” header and add some additional ones (such as “Date”). This body may or may not be examined by the mail transport agent; it isn’t necessary to send the email onwards.

So the mail transport agent now has the necessary information it needs to route your email to the required destinations – without looking inside the body. Which is analogous to a letter – the Royal Mail doesn’t open your letter to see where it needs to go, they will just use the address on the envelope.

And so we have the explanation for an email envelope – it is the addresses specified in the SMTP transaction allowing the mail transport agent to route email without looking at the contents. In normal circumstances the mail transport agent for the recipient will discard the envelope before it is placed in the recipient’s mailbox.

Opening The Envelope

Just like real post where you have to trust that nobody along the route between the original writer and the recipient will open the envelope to peruse the contents, the same applies to email. Which all the ‘agents’ along the path can normally be trusted, there is nothing to stop a rogue agent examining the contents of email – whether that’s a snoopy system administrator, an employer with an overly suspicious nature, or law enforcement.

Which explains why it is strongly advisable not to use email for anything secret; or to investigate encrypting emails.

Rusty Handrail
Rusty Handrail

SSH And The “Chinese Bots”

 Computing, Security, Working Notes  No Responses »
Apr 012024
 

So I was reading 𝕏 and came across one of those memes showing “Chinese bots” making connections to “open” SSH ports to Internet accessible servers. The suggestion to turn off password authentication in favour of public/private key authentication was certainly a sensible suggestion (on a very simplistic level it effectively makes a very strong “password”).

But the “Chinese bots” thing sort of irritated me a bit, so I decided to trawl my personal firewall logs looking for attempts to connect to my ssh port(s). Even ignoring the IPv6 probes, there were 1251 different addresses probing my network (just one public IPv4 address) in the months of March so far.

Why is this irritating? Because the addresses of the machines attempting to break into a non-existent ssh service here are those of compromised machines. They may be in China, or the USA, Russia, etc. but that in no way betrays who is controlling those “bots”.

Anyway, for some data :-

CountCountry
502,US USA 840 United States
128,CN CHN 156 China
97,KR KOR 410 Korea, Republic of
33,SG SGP 702 Singapore
27,BG BGR 100 Bulgaria
26,RU RUS 643 Russian Federation
22,HK HKG 344 Hong Kong
22,GB GBR 826 United Kingdom
20,DE DEU 276 Germany
16,SE SWE 752 Sweden

And “China” isn’t even in the lead in this case! I have included just the top 10 as a long list of random countries with one or two robots isn’t very enlightening.

The key point here is that the national identity of the compromised host attacking tells you nothing about where the true attacker is from. Russia is quite a likely candidate given it’s status as a rogue nation with a known tolerance for cyber criminals (as long as they co-operate with the state when the state needs their skills), but that is just background knowledge.

 Older Entries  Newer Entries