Category: computer

Posted on

Curious. And interesting results… (with update)

Over in the discussion forum of GrapheneOS, there was an interesting topic, or so I thought, titled: “Brave vs Vanadium“. In it, someone asked about how the Brave browser did seemingly offer better protection against tracking and fingerprinting vs. the hardened Vanadium browser of GrapheneOS, tho this one might be more secure. Some others mentioned tests I hadn’t seen before, so my interest was piqued, I got curious myself, and wanted to see results. So here we go.

First, the Brave browser on my Arch Linux, with a test from fingerprint.com:

Aha. As expected, I saw my IP (that comes from the router, not my machine), the slightly false geolocation (our IPs always resolve way too far East for some reason), and a unique visitor ID. So there’s no “hiding”, trackers and advertisers always know exactly where you are as long as you don’t use VPNs or the onion routing network.

Second test, same browser, with EFF:

And yes, this is where Brave shines in my opinion. Randomized fingerprint plus ads and trackers blocked, that’s what I expected to see.

Third test, also found recently, the real blocking of ads:

Ouch. 72% or 108 of 150 tests blocked, here I expected something better…

Ok, someone in that discussion thread mentioned Edge, so same tests with that one:

Ouch again, this one’s definitely out. A unique fingerprint and no ad and tracker blocking whatsoever, this is one of the worst I’ve seen.

Onto my main operating system and browser of choice, Firefox (with uBlock Origin) on Debian:

Wow, far better than I had expected! A unique fingerprint according to EFF, okay, but that’s probably due to some extensions like WindowSizer and so on… but that it was 10% better than Brave in the real world ad & tracker tests, I must say that I’m impressed!

Ok, now it gets interesting – we’re on a phone operating system’s discussion forum, so let’s take phones into the equation, shan’t we? I have a Google Pixel 6a with stock Android from Google on which I normally use Firefox (also with uBlock Origin), so let’s see:

Cool… we’re down to “nearly unique”, and to 87% blocking of real ads & trackers… the best so far, isn’t it?

Wait, what about Vanadium? That I have on a Pixel 3a with GrapheneOS, so let’s see:

Also strong protection with a nearly unique fingerprint, but these 90% blockings of ads and trackers, that’s what I wanted to see, wow…

Subjectively, I see less ads in other browsers, so I guess I still have to continue reading and understanding it all – but kudos to the team over at GrapheneOS, you did a marvelous job!

As always, thanks for reading.

Update, from August 3rd, in the evening back at home:

Some people in the mentioned discussion forum over at GrapheneOS asked if I had an ad-blocking DNS provider configured in the Vanadium browser on that Pixel 3a phone, and another one asked to please also repeat a test using the Brave browser on a phone instead of a Linux machine.

Point 1: doh… (me silly, mea culpa, and so on) – of course I had set up a more or less secure environment with Graphene on that older Pixel phone, and that included setting up a secure DNS which also uses ad-blocking. So I had to repeat that test, could do it only today as I haven’t been home for a few days. So here you go, with:

Vanadium on GrapheneOS on a Pixel 3a, *without* an ad-blocking DNS configured:

Ouch! 4% block rate only, that wasn’t good… interestingly, with the same secure DNS configured again, at the first try it was raised to about 29 or 30% only, but that could have been session-related I guess; a later test with the browser newly opened went back to the 90% which I had before.

Point 2: the test with Brave on a phone. Did that while I was away, so here you go:

The fingerprint test, as you can see that was from a different location and IP address…

EFF’s Coveryourtracks test again, as good as before, and

The real world blocking test, exactly the same as on the desktop with Arch.

Now the *real* question was/is still unanswered, namely how both would compare under the same conditions, and from mobile phones. So to be fair to the Brave browser, I set up the same ad-blocking secure DNS provider in its settings, et voilร :

95%, and only 7 of the 150 tested “attacks” left unblocked, that’s the top position of my tests so far.

So how to answer that initial question about which one to choose? Hard to say, maybe I will install and leave both on that Pixel 3a with GrapheneOS, for me Vanadium will most likely always stay the default browser on Graphene (and its web view part anyway), but I will further test Brave when in doubt, or when I see something unusual and/or new.

I’m sorry that my first test attempt was a bit misleading, and I hope this additional one could clear up things a bit? In any case, and as usual, thanks very much for reading.

Posted on

building as we “speak”…

I’ve read about Bill’s attempt to install and run DaVinci Resolve 18.5 beta on his Mint Linux machine which failed for the moment (not yet clear why). And although I’m not that much into video, I had also tried to install OBS Studio on my latest Arch partition, which also didn’t run (it had been complaining about some missing qt6 stuff or so, forgot). But I was curious – this Arch partition is kind of a testbed for me, and also a gaming environment for Zuleikha (using Steam), so I thought “Why not?” and found a script in Arch’s AUR (user repository) to install DaVinci Resolve 18.5 beta. Looks like this when it’s ready like on Bill’s MacBook Pro 13″:

So at the moment my installation with yay is building the package, 19% at the time I write this. Curious if this will run, I also have an AMD processor with built-in graphics, so let’s see… although this might be overkill for me, I’m still interested in that stuff. I’ll let you all know more…

Edit:

Didn’t run as well. I think some URLs might have changed since this was scripted, so the program wasn’t found on Blackmagic’s site… I might try again later, but like I wrote, I’m not that much into video… for the moment, kdenlive and OBS Studio work very well for me (after installing qt6-wayland manually for the latter)…

Update 2:

After downloading DaVinci Resolve from Blackmagic’s site and installing it, I first got the same error message which Bill had. See here:

So I was about to give up, but the remembered that I had read something about the program and needed proprietary OpenCL and OpenGL drivers in the Arch Wiki. So using yay I installed both https://aur.archlinux.org/packages/amdgpu-pro-oglp and also https://aur.archlinux.org/packages/opencl-amd like this:

[wjl@handa-6-arch ~]$ yay -S amdgpu-pro-oglp opencl-amd

This downloaded a lot of .deb packages (funny that Debian has them), and installed them without errors. And bingo:

DaVinci Resolve 18.5 beta5 running on my system. Success!

Update 3: still didn’t have pictures, only the sound from the videos worked, and only the one directly from the camera, no m4v or mp4 or whatever other containers. So I deinstalled the whole shebang again, this *is* way too complex for me and my primitive needs. I’m no film maker, so using kdenlive and/or handbrake I have more than I need…

But like always, thanks for reading.

Posted on

How to avoid double conversions

My computer normally runs with a 48000Hz sampling rate for audio, that’s the one you would also use for most video productions like when producing something for the ‘tubes and such.

But CDs had 44100Hz which is also perfectly fine, and which saves some space if you record with that frequency – and so some (or even most?) of my friends over at Wikiloops use that sampling rate for their music.

No problem; Ardour checks when importing, and would normally automatically convert the imported 44.1kHz files to 48kHz ones. But that would mean that I’d make it harder for others who would probably like to add my single tracks to the rest (with 44.1Khz). And also, each conversion diminishes the quality just a tiny bit, so it’s always best if/when you can avoid these and use the material as it comes. Even Ardour says so:

But how to temporarily set Ardour to 44.1kHz? Easy in case you’re using the new pipewire! I just wrote the following short shell script which I named ‘ardour44k.sh’:

pw-metadata -n settings 0 clock.force-rate 44100
PIPEWIRE_LATENCY=128/44100 pw-jack ardour
wait
pw-metadata -n settings 0 clock.force-rate 0

So if I start Ardour using that, I can use 44100Hz just perfectly fine – and when Ardour ends, the system will be set back to 48000Hz; just what I wanted. Here are some screenshots from Ardour’s Edit and Mixer windows while it ran with 44100Hz:

And when I stop Ardour, the script ends with:

set property: id:0 key:clock.force-rate value:0 type:(null)

Just what I always wanted, as Tigger would say ๐Ÿ™‚ Thanks to the pipewire crew, and thanks also to my friends over at Wikiloops ๐Ÿ™‚

Oh, and what I’m also using with pipewire (which is now the standard audio “engine” on Debian and most other Linux distributions) is a program called qpwgraph, and that is a graphical patchbay like the older tools (qjackctl, Carla, Catia & Co). Looks like this:

Here you see three inputs for my upright bass on the left, which go into Ardour. The right side shows Ardour’s monitor section and its metronome going out into my sound interface, and from there, into my headphones. The outputs of individual tracks go back into Ardour’s master track, which gives you this figure 8 shape. Easy peasy, isn’t it? Virtual cabling, so to say…

Thanks to you for reading.

Posted on

Looking good…

In two days from now, Debian 12 “Bookworm” (like always, code-named after a character from Toy Story) will be released. The Bits from the Release Team are promising, and like Liam Proven from The Register, I also want a “boring”, or as he put it, “excitement-free” operating system on my computer ๐Ÿ˜‰

What I could *not* reproduce here were his problems with pipewire, maybe because I had used that on Arch before, but on my installation (a fresh one on a new partition), everything worked out of the proverbial box. What I did install additionally were things like pw-jack or qpwgraph, because I wanted to use it together with Ardour to record music – also works fine.

So in case you haven’t tried Debian yet, from Saturday on I’d say give it another chance. This is the system I would recommend to friends and to family. Unlike Red Hat (and soon, its derivatives), it still provides things like LibreOffice in case you choose the “desktop” variant during installation, and unlike Ubuntu, it still provides Firefox (ESR) from its own repositories instead of only as a snap package. Clean & lean is the way to go, I’d much prefer that instead of endless redundancies with snaps, flatpacks, or docker or other “images”. So thanks to the sisters & brothers over at Debian for still doing all that work.

Like always, thanks for reading.

Posted on

… and back to a triple boot system

I had installed the new and upcoming Debian 12 (aka “Bookworm”) on my machine, parallel to the stable version (Debian 11 aka “Bullseye”) and Windows 11 – so I had a triple boot operating system again since a while.

The Windows part is a bit controversial – since I have this new self-built machine with the AMD Ryzen 7 5700G processor, my Windows 10 offered to upgrade itself to Win11 which I did. But in recent times, more and more reports arrive saying that Microsoft is forcing ads upon its clients all over the place – I’m running it with a local account and haven’t seen them yet. But the day I will, it’ll be a “goner” as they say.

Anyway, I was also looking at Arch Linux again since that is always the latest and greatest (like Debian unstable aka “Sid”, it’s what they call a “rolling release”). First I tried some things in virt-manager and QVM/KEMU, but then I decided to overwrite my old stable Debian 11 with Arch. Went fine, except that both Arch and Debian have different ideas about where their respective /boot folders are mounted. They’re both of the EFI partition alongside Windows, but still – anyway, maybe that’s a good thing; at least they won’t overwrite each others’ kernels and/or firmware. But both run fine, even if at the moment I can’t start Arch from Debian’s grub or vice versa; doesn’t matter.

Once I damaged my Debian 12 part, accidentally deleted the firmware, so it wouldn’t boot. Didn’t matter the slightest bit since for Debian I’ll always have my /home and system parts on different partitions – so wipe it with the latest (RC2 at this time) installer – and I just saw that since today there’s even an RC3 installer – and all is well. Except of course a bit of manual labour with reinstalling Ardour and all, but even that could be remembered and more or less automated when using Debian; have done so in the past with saving and later restoring its list of installed packages…

Anyway, here’s a screenshot where I newly registered the only commercial program I’m using on Debian, it’s Sonarworks’ Reference 4 headphone correction which I use in the monitoring bus in Ardour:

Haven’t installed Ardour in Arch (yet) since at this moment they’re close – with version 7.3 in Debian’s “unstable” and 7.4.1 (or so) in Arch.

The only programs which I still use in Windows from time to time are the OM Workspace from the former Olympus guys, and Nik’s Silver Efex Pro2 which you could get for free from Google for the time they’ve owned it (sold by now to DXO, not sure what they’re going to do with it…). So it’s kind of a jump-through-the-hoops for photography, but for music I’m on Debian alone since long, like for everything else as well.

And now, from time to time, I’ll have a look at/into Arch again. Normally when you read about new program versions with new features somewhere, looking into Arch means that you’ll have that newest version already. And Debian will stay my main and stable machine once that Debian 12 will be made official on June 10th.

Oh, by the way: Arch is slim, as they say on their homepage. Unlike Debian or other distributions, it doesn’t come with LibreOffice or any other programs pre-installed, so it’s *you* who has to decide what’s needed. Together with the Gnome desktop plus Firefox, Thunderbird and a few goodies, even with all my Wikiloops albums copied onto it, it’s still less than 10GB as you can see here – one third of that is my data so far:

That blue and purple stuff is all music (with the purple bits being published albums, and the outer blue one being raw and unpublished songs in .wav form)…

Like always, thanks for reading.

Posted on

LXQt on Arch is awesome!

We have that old Lenovo Thinkpad SL500 which we’ve got for Mitchie short before moving to our current home. That was in 2008/2009, Zuleikha was just 4 when this machine was brand new.

It came with a Windows version called “Vista”, for those of you who still remember that – something NT-like, just an in-between younger than XP but older than Windows 7. The machine has a sticker for it, as well as for its processor from the Pentium-M “Centrino” aera, it’s an Intel Core 2 Duo T5670, 1800MHz in 65nm and up to 100ยฐC, just two cores, nothing “hyper”threading on this one.

That machine was never really capable of running said “Vista” without throttling, it has only 2GB of main memory and was swapping even before the OS was fully loaded. So we installed Linux, and it ran just fine, for a while.

The last OS I had on it (Mitchie has a much newer machine by now which is pretty much taken over by Zuleikha tho) was Debian 11 with the XFCE desktop. That ran pretty well unless you tried to start a few tabs in Firefox and at the same time have Thunderbird open – these programs are getting bigger like our average cars do, so I was looking for something slimmer again.

I first tried LXQt on the new and soon to be released Debian 12ยน, and while it installed just fine (thanks to the Debian developers now allowing “non-free” firmware for the WiFi and so on), it had a few issues. First it also installed lots of stuff from the KDE Plasma desktop which I didn’t really want or need. Plus some things like screengrab didn’t even work at all, so for a screenshot I had to take my camera! Excuse the bad quality and lighting, but it looked like this:

I know – I should have issued a bug report to the Debian devs, but I just wanted to try and see LXQt, and while even Debian unstable didn’t have the current version 1.3.0 (both have 1.2.0 instead), I assumed that that bug was probably dealt with “upstream” as they say in dev circles, so I didn’t bother.

I looked at Fedora again which has a LXQt spin of their current version 38 – but that one’s a “Live Image”, and guess what? Wouldn’t even boot on a machine with only 2GB of RAM! So much for “Enterprise-class” (and -developed) Linux; nothing is really tested for end users like us… so if you’re a private person like me, don’t bother with anything “Enterprise” – it’s a waste of time in my (repeated) experience.

In the end I decided to go the slim route, and installed Arch with LXQt as its only desktop. And that one’s a thing of beauty, with its Clearlooks theme:

And as you can see, screengrab worked just fine on LXQt 1.3.0 and on Arch.

Using pacman I then installed both Firefox and also Chromium, and while Firefox got the CPU fan spinning again, Chromium seems to be a little slimmer (tho bigger in download size).

Anyway, just trying to figure out how to keep old machines working, and this one surely looks and feels quite wonderful.

Like always, thanks for reading.

ยน In fact on Debian 12 I tried a combination of LXQt, XFCE, and Cinnamon to make first choices – but while the installation went well (kudos), they all influenced each other with placing desktop icons around on each others’ desktops, so that wasn’t any kind of ‘pure’ experience. And since Arch gave me lots of options as well (the Budgie desktop for instance), I looked at these in a virtual machine on my desktop later. Nice but not as lightweight was my impression…

Posted on

Containers are good, but…

Recently I have been reading a lot about computer and other hardware (phones for instance) security, and believe it or not, at this moment I think that GrapheneOS on a recent Android phone (it only supports Google’s Pixel devices because of their Titan M chips) is the most secure environment you can run right now – at least as a private person.

The problem with computers start at the kernel, and though Linux or the BSD family of operating systems are better than anything Microsoft or Apple, they are not without faults. A recent Linux kernel has probably thousands of kernel bugs, and the BSDs are only slightly better in that regard.

So what is the solution? The already mentioned GrapheneOS takes the Android approach of process and syscall isolation, with “sandboxing” as much as possible, and in this regard it might even beat Apple’s iPhones which are also quite good. On desktop and notebook computers, it’s the monolithic kernels which are the base of the problem; if an “application” (a program as we called them during my time) gets affected by an attacker, it’s relatively easy for them to break out of the program’s environment, and to take over everything, often with root rights (especially on Windows, tho it’s getting better).

When a few years ago Docker was the next big thing, my reply to it was that this wasn’t anything new – Solaris or the BSD family had containers or “jails” since I could think, so what was the fuzz about? Big Tech wants people and companies to move back to the “cloud”, and there these concepts are really needed, and so Docker and Kubernetes are now really big.

And what about the home desktops and notebooks?

Well there are interesting developments like for instance gVisor or Google’s “Fuchsia” operating system with its “Zircon” microkernel, and Daniel Micay – head of GrapheneOS – thinks that this is the future. But they’re not ready for everything yet, each isolation layer takes its toll (and will probably introduce more and newer bugs as well), and so for realtime processing like we need it for making (recording) music for instance, that’s a no go – maybe we’ll have to really separate the whole (“bare metal”) machines from the internet for these tasks?

Whatever it will be, that will be interesting to follow. Oh, and in the meantime, I’ll have it all, like a Windows 10 *and* a FreeBSD 13.2 on my Debian 12, like here:

At the same time, on another screen:

And while writing this, these “throw away” virtual machines you see in my first screenshot are history already – don’t need them anymore…

As always, thanks for reading.

Posted on

Microsoft = Suicide Squad?

Read this. Or that. Or some users’ reactions here.

I’m not really using Windows since 20+ years now, and can do well without. But I swear, the moment *I* see these ads, it’ll get kicked off of my SSD for good.

Loved the design of Win11, so keep those guys – but fire your decision makers is my advice.