Alien Pastures

My thoughts on Slackware, life and everything

Author: alienbob (Page 1 of 175)

Your input requested for DAW Live

December 15, 2024 / / 7 Comments

It has been a long time since I had a serious look at my audio software set, and the Slackware DAW Live ISO image which is meant to showcase all of that software.

Life interfered and priorities shifted.

Now I am looking at 2025 and the Christmas holiday week which precedes it, and am pondering where to put my energy and time. Considering the lack of clarity about the next stable Slackware release (something which really annoyed me in the few years leading up to Slackware 15.0) and the relative certainty that KDE Plasma 6 is not going to be included in that next release, I am not looking forward to kickstarting my obsolete ktown repository for Plasma 6. It would eat up a lot of my time and I am a happy Plasma 5 user.
So, I decided it would be more productive and rewarding to revive the DAW and audio software project.

I will not focus on a refresher of my Slackware 15 based DAW Live Edition. I want to switch to Slackware -current, realizing full well that this may cause new frustrations along the way when stuff breaks as a result of a Slackware update, but I really want to experiment with Pipewire – for sure as a replacement for Pulseaudio but perhaps also as a replacement for the Jack Audio Toolkit. Who knows.

However, I have not been playing/experimenting with Slackware’s sound system since 2022, the whole Pipewire adventure has passed me by. If I want to rebuild & refresh that large set of software, I need to start with the basics and that is to get a low-latency ‘pro’ sound subsystem off the ground that I can understand and adapt to the needs of a Live Edition.

HELP!

Therefore a request to you, blog regulars, to help me understand how to get rid of Pulseaudo in Slackware and replace it with Pipewire. How does Jack still fit in this configuration? Should it remain the main sound server? Should Pipewire replace it, providing the binary API to Jack-enabled applications? Should the choice to have Pipewire or Jack as the main sound server be something you would want to make after login?

Anything you have already mastered and all the bugs and nasties that you have already eradicated, will save me some precious time and give me more motivation to restart the project during my Christmas break.  Use the comments section below to describe your challenges, your solutions and your resulting setup; or link to pages / pastebins that contain Slackware-specific information.

And somewhat related, since I am not a musician or audio technician: I want to understand better how to connect the audio software to audio hardware: how do you link up a DAW like Ardour to an external USB sound card, a MIDI controller keyboard, hardware synths, microphones etc.
Some synths present themselves as another external USB sound card as well – how do you deal with that when you already route your audio through your FocusRite Scarlett? It boggles the mind when you have to try and make sense of it when you do not have music-making friends in physical proximity.

Eventually I want to have a working studio in my attic and be able to create music, not just create a music production enviroment like Slackware DAW Live.

I would love to read all your feedback and hopefully it will be enough already next weekend to help me startup when my off-week starts 🙂

Cheers, Eric

GNU Screen user? How to migrate hardstatus colors to screen5

December 9, 2024 / / 7 Comments

And no, don’t try to convince me that I should switch to tmux!

I have been using GNU Screen for ages. It’s a convenient and safe way to manage a remote Linux server. Screen enables me to have multiple ‘windows’ available in a terminal, running its processes independently. When I close screen (or when my ssh connection fails), the processes contained in the remote screen session keep running.
It’s how I can compile Chromium for instance – a package compilation can take up to 12 hours. I go to sleep and the next morning I reconnect the screen client to the remote socket of the still running screen daemon and continue as if I was never away.
Yes I know that tmux is supposed to be the successor of screen, but I simply don’t care.

I operate multiple Slackware servers in remote datacenters and run screen sessions over ssh connections. To avoid any confusion about the server that I am executing commands on, I have configured screen to show relevant information in the bottom line. This concept is called “hardstatus” in screen. Here’s an example showing the three active bash prompts, highlighting  that I am currently working in ‘Window 1‘, but it also shows the server’s hostname in green and the local time in blue.

Before typing anything, I first look at the green text to confirm that I am connecting to the right server.

Now, recently Slackware-current upgraded from GNU screen 4 to version 5 and with that, an old compatibility syntax was removed – a syntax that made it easy to define the colors in that status line. But the info page which describes the syntax is probably written for even more stubborn people than me.

It took me a while to get the look and feel of my screen 4.x status line reproduced in screen 5. In fact, I fixed the hardstatus definition only today (after 4 months of barely tolerating the junked colors and finally having enough of it), and I want to share it with you.

This is what defines the status line in my Linux computers with screen 4:

# Tabbed colored hardstatus line:
hardstatus alwayslastline
hardstatus string '%{= Kd} %{= Kd}%-w%{= Kr}[%{= KW}%n %t%{= Kr}]%{= Kd}%+w %-= %{KG} %H%{KW}|%{KY}%101`%{KW}|%D %M %d %Y%{= Kc} %c%{-}'

And this is how the definition had to change for screen 5 in order to show the exact same status line:

# Tabbed colored hardstatus line:
truecolor on
hardstatus off
hardstatus alwayslastline '%{= .;#999999} %{= .;#999999}%-w%{= #ff0000;#999999}[%{= #ffffff;#999999}%n %t%{= #ff0000;#999999}]%{= .;#999999}%+w %-= %{#00ff00;#999999} %H%{#ffffff;#999999}|%{#ffff00;#999999}%101`%{#ffffff;#999999}|%D %M %d %Y%{= #00ffff;#999999} %c%{-}'

In case you are curious about my full ~/.screenrc definition file, you can find it in liveslak: https://git.liveslak.org/liveslak/tree/make_slackware_live.sh?h=1.8.1.2#n2053 – I still have to fix the hardstatus definition there though.

I hope that this helps some of you old guys.
In the comments section below, I won’t tolerate GNU haters, screen haters or other evangelists. Keep it civil.

Cheers, Eric

Mastodon FollowPacks and more

November 24, 2024 / / 26 Comments

I recently quit using Twitter altogether. Its owner has been abusing the platform for political gain and profit. It made no sense to keep supporting that. I am more active on Mastodon anyway, the friendly federated social platform that all of you should prefer over Twitter, BlueSky or Threads 😉
I wrote an article about switching to Mastodon a while ago, check out Migrating from Twitter to Mastodon. But after the recent mass-exodus from Twitter after the US elections, I thought it would be a good idea to write an update for those people who recently found their new home on a Mastodon instance.
When you are new to Mastodon, it can be a bit of a daunting task to get the information to flow. Unlike the other aforementioned platforms where the ‘algorithms’ ensure that your feed is constantly populated, you actually need to subscribe to one or more topics and/or start following actual people, to kickstart your federated timeline and see stuff worth reading.

Coming up with topics is not hard – just type something that comes into your mind in the search field of your client, and you will be able to look for hashtags, posts or people matching or containing that text string. Start following a hashtag is enough to start the flow of posts to read.
But finding people may be harder. Not everyone posts on Mastodon using their own name or with a recognizable nickname. How to find interesting people to follow? Here are some options.

Also called a ‘Starter Pack‘, the FollowPacks are a concept that was actually born on the BlueSky platform. Now they are also created for Mastodon and boosted by the MastodonMigration account. FollowPacks are a convenient way for new users of Mastodon to quickly populate their list of people to follow in the Fediverse.
In essence, a FollowPack is a CSV file containing the listname and Mastodon addresses of up to 35 people who have a relevance to a certain topic area. An example line in such a CSV file for an “OpenSource” list could be a reference to myself:

OpenSource,@alien@fosstodon.org

The MastodonMigration blog has a instructional article about FollowPacks and how to use/import them into your Mastodon account: the Mastodon Follow Pack FAQ, as well as a page with a directory of these packs that they themselves maintain – on topics of ‘Astronomy and Space‘, ‘Climate‘, ‘US Politics‘ and ‘Miscellany‘ and hopefully more to come: the Mastodon Follow Pack Directory.

Instructions for obtaining and importing the packs are simple: download the pack’s .csv file and import into Mastodon to follow all accounts contained in there. As the list content grows, you will be able to merge new names into existing lists. In more detail:

  • Click on a FollowPack’s .csv file link to download it
  • Click on the ‘Preferences‘ (gear) icon at the bottom right of your Mastodon homepage
  • On a mobile or narrow desktop click the  “hamburger” button located at the top right of the page
  • Click ‘Import and Export‘ > ‘Import
  • As the ‘Import type‘ in the dropdown: Select ‘Lists’ (NOT ‘Following list’)
  • Verify that ‘Merge’ is selected (IMPORTANT)
  • Click the ‘Browse…’ button and select your previously downloaded “[file name] – list.csv”
  • Press ‘Upload‘ > ‘Confirm

You can create such a FollowPack yourselves too of course, and share it with your friends.

What else is there? If you are in need of expansion of your personal ‘following‘ list, you could look at the accounts that someone else is following. For instance, here is the list of people I am following: https://fosstodon.org/@alien/following . In general, add “/following” to the Mastodon homepage of any person.

To broaden your search, look for people who are actively posting. The Mastodon server instance where I have my home, Fosstodon, is a place whose users have an affinity with Open Source. That may lead to the discovery of some interesting people. If you want to know who posted most recently on Fosstodon, check out the server’s directory like this: https://fosstodon.org/directory?order=active&local=true .
Mind you, Fosstodon is just one of many servers in the Fediverse, so everything that gets posted there will find its way to your own Mastodon home if you or other people on your server instance are following the topics mentioned in their posts. You will find more people to follow, if you visit other instances’ directories. Lists of Mastodon servers can be found here or here, or find them via a convenient search form here.

Yet another way to quickly find people that fall in certain categories is to use fediverse.info. For instance, this search string leads to a directory of accounts that are tagged with “OpenSource”: https://fediverse.info/explore/people?t=OpenSource .

Found anything else to boost your ‘following‘ list? Let us know in the comments section below!

Have fun! Eric

 

Passkey to replace password plus 2FA

November 24, 2024 / / 3 Comments

Are passkeys the future?

Increasingly, applications and web sites pop up the suggestion that you should create a passkey to make the login process easier for you.
Hmm, you think. I just enabled two-factor authentication to make the login more secure, and now I need to change methods again to make my life easier? What about the security aspect?
What is a passkey? How does it differ from a password? How does it make your logins easier? And more secure?
Questions that I will answer in this article. Some of what I write will be Slackware specific of course, but I will try to paint a general picture.

What is a passkey?

Passkeys are the product of a collaboration between Apple, Google, and Microsoft in order to improve online security for their users; commonly referred to as the “consumerization” of the two established security standards FIDO and WebAuthn.

Passkey technology is based on asymmetric key encryption; using a pair of private and public encryption keys. When you access a server or service and it suggests that you create and use a passkey instead of using a password to authenticate, what happens is that your own local device (your computer or your smartphone) generates a random private/public keypair, stores the private key on your local device and sends a copy of the public key to the remote server.
When you next want to login to that service, the remote server will generate a challenge, encrypted with your public key, and your local device is the only one that can decrypt that message, proving to the remote server that it is really you.
Your private key will never leave your local device. If you think that is a risk (what happens if you lose your device or it crashes and burns) look below for remote sync options.

On the other hand, when you use a password to create an account on a remote server, you first need to think of a string that is not too predicable and you haven’t used before. After you type the new password, the remote service creates an encrypted ‘hash‘ out of your password string and some random characters (the ‘seed‘) and stores that hashed value – not the plaintext string. This is a one-way encryption: a hacker will not be able to retrieve the original password from that hash. When later, you need to authenticate against that server, you send it your password string again (this hopefully uses an encrypted ‘https‘ connection). The remote server applies the exact same hashing algorithm and then compares the resulting hashed value against the stored value. When the two match, you have successfully authenticated.

Summarizing:
Passkeys make the login process (authentication) seamless and convenient: you do not have to manually create them, you do not have to remember them. They are unique for every service you use. They are never “weak”.
And it’s secure. Mind you, passwords are always sent to the remote server!  That is why you’re urged to use a second authentication factor (a 2FA app) like Ente Auth to make it harder for hackers to steal and abuse your credentials.
A passkey still requires an unlock via PIN or biometric data (fingerprint, face recognition) similar to any 2FA app.

How does the server recognize my passkey?

The remote server will of course have to support passkeys in the first place.

Passkeys are so-called discoverable FIDO credentials. A passkey is a blob of data which not only contains a private/public key pair but also stores your login ID (usually your loginname) as well as the ID (usually the website URL) for the relying party aka the remote service that you want to login to.
That is why you do not have to type your username or email when you use a passkey – the browser detects that it stores a passkey for the remote server based on the ‘relying party‘ ID and asks you if that passkey should be used for authenticating to the remote server. Subsequently all required information is extracted from the passkey and passed automatically and securely between your local device and the remote service. If you have multiple identities on the remote server, your browser stores multiple passkeys and will popup a selection prompt to let you pick the correct one.

Passkey support

Passkeys are used in online transactions, commonly browser-based. In order to be able to use passkeys, you will need a supported browser.  Chrome/Chromium and Firefox allow you to use passkeys. That’s good, but the Operating System then still needs to support the storage and protection of your passkeys – in an encrypted vault protected for instance using a PIN or biometric data.
Some Operating Systems do not yet contain a ‘platform passkey provider‘. Microsoft Windows and Apple’s iOS do, but Linux based OS’es don’t. So what do we Slackers do?

On Linux (Slackware for instance) you will need a bit of extra support if you want to create and store a passkey.

If you are in possession of a hardware security key such as a Yubikey or a Nitrokey (my personal choice because of the open source hard- and software), you can store passkeys on these devices and unlock them using a PIN. If you use the NFC version of such a hardware USB key, it makes the authentication easier because touching the USB key will trigger the approval to use the passkey.
This works nicely on Slackware if you install pcsc-lite and have its daemon running when you insert the USB key into your computer.

If you do not possess a hardware security key, you need to install a software-based password vault manager like KeepassXC (alternative suggestions below) along with its associated browser plugin to manage the creation and secure storage of your passkeys.

Storing and syncing passkeys across all your devices

A passkey by nature gets generated and stored on your local device.

When you login to your Google account on Chrome on Windows, the passkeys you generate are stored in your Chrome vault and synced across all your Chrome instances so that you can then also use that passkey on a Linux OS. I don’t use Firefox but I assume it uses a similar distribution mechanism if you are logged in to your Firefox account.
If you use Chromium (ungoogled or regular) you will not be able to use Google’s cloud services; the passkey will only be stored locally (on a hardware key or a software vault).

If you appreciate the value of passkeys that are synced across devices (making it harder to accidentally lose them when your device crashes) there are options you can explore. Several password database solutions exist that are able to store passkeys end-to-end encrypted and sync them via the cloud. Have a look at Bitwarden or 1Password for instance, they both have free plans that allow you to store passkeys. Or use the fully open source KeepassXC for which I will share usage examples below.

Note that when you use a hardware security key, you personally are the mechanism by which the passkey becomes usable across devices!

Passkeys and KeepassXC

I prefer Open Source solutions above all else. Higher up I already linked to Ente Auth, a 2FA app and backend which you can run self-hosted and under your control. Similarly, you can create, store, use and synchronize your passkeys using only Open Source technology.

First, install KeepassXC (any version later than 2.7.7, as I write this I have version 2.7.9 installed) for which I have a Slackware package available. Take care of its dependencies botan, minizip and pcsc-lite for which I also have packages on http://slackware.com/~alien/slackbuilds/ . You’ll find more info about KeepassXC’s initial configuration in one of my previous articles.

Once KeepassXC is up and running and you have opened an encrypted database, install the KeepassXC browser extension for your Chrome/Chromium or Firefox browser. Open the extension’s configuration dialog and connect it to the KeepassXC database. From that moment on, you can already use its capabilities for storing credentials (username/password) securely and let it autofill the login fields on web sites that you visited before.

But we go one step further and enable full support for passkeys: in the Settings page of the KeePassXC browser extension, there’s a ‘Passkeys‘ section in the ‘General‘ tab. Enable passkey support by checking  both

  • Enable Passkeys (disabled by default)
  • Enable Passkeys Fallback (enabled by default)

Now you are ready to start creating passkeys, to be stored in the KeepassXC vault. Full documentation for that can be found in the KeepassXC User Guide. The passkeys will be stored in the section “KeePassXC-Browser Passwords” of the database which you can access from the KeepassXC program via the menu ‘Database > Passkeys‘:

You’ll notice the ‘Import‘ and ‘Export‘ buttons in the above picture. KeepassXC allows you to im- or export passkeys. Please note that the exported passkey (a JSON file with extension ‘.passkey‘) contains your credential data unencrypted! Therefore, keep that file for just as long as you need for an import into another KeepassXC database and then shred (1) it!

Let’s re-use the example in the User Guide and login to GitHub using the passkey which I already created there. When you browse to a web site, for instance github.com and have an existing passkey, you will get a popup from KeepassXC asking you whether you want to use it. Click ‘Allow Selected’ and if you want it to be used by default in future, also check the box ‘Remember‘.

 

The web site offers the login prompt and has a button ‘Sign in with a passkey‘ which you click of course:

KeepassXC will open a modular popup asking you whether to use the stored passkey. You have 60 seconds to press ‘Authenticate‘. That’s it! You are logged in.

If you press ‘Cancel‘ or let the dialog time-out, the fallback mechanism will kick in and the browser will allow you to pick another means of login.

So far, so good. But this only covers the creation and storage of your passkeys, not the synchronization across devices.
I have good news: I have already written the instructions on how to sync the KeepassXC database with a cloud storage provider like Nextcloud or Dropbox. Instead of repeating that here, I encourage you to read the “Syncing your browser’s online passwords” section in Sync and share your (Chromium and more) browser data among all your computers.

I hoped you liked this topic. Please use the comment section below to point out flaws in the article or give feedback (or have a discussion on merits).
Have fun! Eric

Chromium source tarball availability

November 16, 2024 / / 12 Comments

Someone asked how I am creating Chromium (also -ungoogled) packages these days? When you download my SlackBuild script and attempt to build the package yourself, the script will error out because it cannot download the sources.

For weeks now, the Google automation is broken with regards to creating Chromium source tarballs. Apparently some bug prevents their CI/CD pipelines from succeeding. This is reportedly fixed for the Chromium 132.x releases (currently their Beta versions) but Chromium 130 and now also 131 releases are announced without their accompanying source tarballs.
I have therefore created a script which fetches the needed stuff from git and packs that into a “chromium-$VERSION.tar.xz” tarball. You will find it in the “build” directory and it’s called “fetch-chromium-release.sh“. You run that script with a Chromium official version number, wait a long long time, and you end up with the 6+ GB source tarball which you can then move into your local “build” directory.

Hope that clarifies things and helps you compile chromium or chromium-ungoogled yourself.
Have fun! Eric

« Older posts

© 2024 Alien Pastures

Theme by Anders NorenUp ↑