The small linux problem thread

Operating Systems & Open Source Linux
,
5358

Thank you, that was very helpful.

5359

Hi all,

where is my 7? :sweat_smile: ^123456890Ɵ

i can not type the number 7 in many* flatpak apps (elements, mattermost, firefox,ā€¦) when trying to do this from the regular ā€œnumber barā€ above the chars, it works with the numpad though.

the 7 in the ā€œnumber barā€ (no clue how this shall be called) works in terminal, RPM apps (like firefox) so the switch itself is working fine.
If i press the 7 key here the textfield frame is ā€œblinkingā€ as it would be selected or something like that.

fedora silverblue 36
qwertz (cherry mx-board 3.0)
german (austria)

  • it also does not work in e.g. Star Citizen running via Wine in a toolbox, so it is not only flatpaks but also some containerized stuff.

any ideas? :smiley:

5360

Does your keyboard have a switch underneath (or side)? Maybe try fiddling around your keyboardā€™s settings a bit.

5361

It sounds like your keyboard settings for some libraries are borked. Since you are running Silverblue this will be quite hard to fix, as Silverblue does not allow editing of system configuration files (it is a feature of the system).

I would file this as a bug to the Silverblue developers and ask them if they know anything about this, if not they would probably be willing to host a discord session to figure out whatā€™s wrong.

2 Likes
5362

This question deserves its own thread, but maybe someone here knows of an easy fix or some troubleshooting steps. tl;dr I have 2 networks connected to each other via a wireguard tunel. Site A = master peer (all traffic goes through it), site B = client per (the peer connects to it and redirects all traffic including the other subnets to wireguard). Site A wg server can ping the client and other hosts from site B. Site B can ping the network from site A, but it is NAT-ed to site Aā€™s network.

The problem: TLS handshakes and other websites work on the wg peer (the client router), TLS handshakes fail on any clients from the network behind the wg peer.

Here's an output of curl duckduckgo on client wg: 
* Connected to duckduckgo.com (40.114.177.156) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2977 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
Here's an output of curl duckduckgo on host behind client wg / site B network: 
*   Trying 40.114.177.156:443...
* Connected to duckduckgo.com (40.114.177.156) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: Connection reset by peer in connection to duckduckgo.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to duckduckgo.com:443

IPv6 is completely disabled. The weird part is that I am behind said wireguard tunnel, many websites, including level1techs work flawlessly. There are certain websites, like duckduckgo, stackoverflow and other stack exchanges and server fault and so on that refuse to return a TLS handshake to my client, which if I curl on my router, works absolutely perfectly.

This thing has been plaguing me for a long time, but I just lived with it. Help please?

5363

Even worse, TLS 1.2 doesnā€™t work, but if I force max 1.1, it gawdang returns a TLS version alert:

This should not be happening, I should never receive any packet back, but this bug is making me go bald. 
curl -v --tls-max 1.1 https://duckduckgo.com
*   Trying 40.114.177.156:443...
* Connected to duckduckgo.com (40.114.177.156) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.1 (OUT), TLS handshake, Client hello (1):
* TLSv1.1 (IN), TLS alert, protocol version (582):
* error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
* Closing connection 0
curl: (35) error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version

Why would tls 1.1 give an error and 1.2 and 1.3 not work at all? I donā€™t get it!

5364

Do you have latest drivers / software / firmware installed on everything that traffic does thru? Is PPPoE used? Wired and/or Wireless? Do you block ICMP? Does your firewall ā€œfilterā€ packets on each side of the wg interface? I spent a good 3 hours tracking down an issue where just SSH sessions would randomly hang after 10-30 secs, turned out that the wifi driver for my driver was causing it and needed an upgrade. Have you tried restarting network equipment between these hosts? Modems and/or switches/gateways? Iā€™ve seen modems starting to drop random packets after being for long periods of time so it might be worth a shot.

I guess this might be a tuning issue but this looks ā€œfunā€ btwā€¦
Wireguard Optimal MTU Ā· GitHub :wink:

5365

Restarted services and both routers plenty of times (I update everything at least monthly, this problem being present for half a year or so). This is not just a random issue, the websites affected are always the same, while the other websites that work, always work. Running up-to-date everything.

I have a firewall on the site B side, I already tried to allow all traffic between the interfaces (allows all from LAN to wg0, allow all from wg0 to LAN), did not work. No firewall on site A side.

Worth noting is that when I use OpenVPN on site B to connect to site C and redirect all traffic, everything works flawlessly, even these sites. From site B to A via wg, only partially. Both tunnels use the same interface name, so they use the same firewall rules on site B.

I thought it could be a MTU problem, but then, would it not make sense for all packets to be dropped instead of just some very specific websites? The behavior is constant and easily replicable. Websites that donā€™t work are duckduckgo, all stack exchanges and server faults, reddit and some others I donā€™t remember off the top of my head (I rarely ever go to those sites, so I never complained, but there seems to be more sites, like the download page for nixOS iso that fails TLS handshake).

5366

Blocking ICMP breaks PMTU(D) which may be causing issues

If you scrub traffic you might also get some packets dropped to due packet flags

Iā€™d would first check those and afterwards fire up tcpdump and use wireshark to dig deeper.

5367

The only ones who have ICMP disabled are those guys at MS, where the traffic stops responding back to tracepath or mtr.
ae22-0.rwa03.vie.ntwk.msn.net

The problem is that these sites work on the router wg client, which is using the same VPN as the clients behind the router. The tracepath works on none until that over there.

I will look over the MTU on the clients and lower it, but I doubt it will change anything.

5368

This might be a big Linux problem so I made my own thread for it, but I am at a loss right now

1 Like
5369

not necessarily a problem but, Iā€™ve been on ubuntu a while and i think i want to go to just straight debian or venture into fedora - but i really like the ubuntuā€™s spin of gnome 3.36.

How difficult is it to replicated or is there a way to side install it.

5370

Not sure what exactly youā€™re referring to here, i.e. whatā€™s different compared to ā€œstockā€ GNOME. Not to mention 3.36 like whatā€¦ 3 years old? So you wonā€™t find that in Fedora. F36 is on GNOME 42 I believe, F37 on 43.
If Ubuntu is using a custom theme you should be able to just install it from the theme store? I donā€™t use GNOME so not sure what the right name or place for that is.

5371

IIRC Ubuntu GNOME now has accent colors, something that I wanted as well because all other GNOME isnt really customizable by design

5372

Is there a linux command to see empty m.2 or pcie slots on your motherboard?

5373

Hi all,

I want to switch from PopOS to Mint 21. PopOS uses systemd-boot and Linux Mint still uses grub2. What do I need to do to prepare for the transition? Iā€™m going to stick with Mint so ideally Iā€™d like to switch to grub so its what mint is expecting.

5374

Not directly. You would have to do a dmidecode or a lspci to see what is there and piping to a clever grep will net you the empty ports.

1 Like
5375

Ugh, OK soā€¦ I think I asked this ages ago but didnā€™t get an answer and I never followed up on it. But now with 3 monitors + a TV this is getting really annoying.

Iā€™m on Fedora KDE on X11 (canā€™t go Wayland for a variety of reasons), and my monitors are driving me insane. I have 3 Monitors: 2 (Gigabyte AD27QD + FI27Q) are connected via DP, 1 (second FI27Q) is connected via HDMI, and the TV (some LG OLED) is of course also HDMI.
This issue affects all 4 displays at this point. When I turn them off, everything behaves normally (-ish, see below). However when I turn them on, the displays are disconnecting for a split-second and then getting reattached (I assume this is the handshake to read the EDID).

That in itself wouldnā€™t be a big deal, but more often then not this rearranges the displays in either KDE or X11 or I donā€™t know where and it messes with the screen layout. In addition to that, due to the monitor ā€œdisconnectingā€, it moves all the programs over to another desktop and sometimes it moves them back, but usually it doesnā€™t. So I end up rearranging my windows again.
Iā€™d get if it was doing that when I turned the display off (becauseā€¦ well, itā€™s hard to see anything on it), but not when itā€™s turning it on.

Is there any solution to this other then waiting and hoping Wayland magically fixes that issue when Iā€™m able to use it in like 5 years? Some kind of X11 configuration (like IDK a higher timeout for registering the disconnect or something), or a setting in KDE itself?
Itā€™s getting really frustrating and I donā€™t get how this is even a thing with standard connectors and protocolsā€¦ but I canā€™t be the only one with this issue, right? How are people like Wendell dealing with that when they are using like 8 Monitorsā€¦ :confused:

5376

i3 / Sway are the only two WM environments that handles multiple monitor setups in a sane way IMO.

Every screen is treated as itā€™s own virtual desktop, basically.

How this is not default across every Linux WM at this point boggles my mind. I understand you do not want decorations such as start menu or gnome bar on everything, well, allow for turning it on/off on a per Screen basis then, but otherwise keep the virtual desktops intact.

By treating each screen as itā€™s own virtual desktop it becomes trivial to assign a default VD to a certain screen. If it exists, cool, put it there. If not, hide it under the main screen if nothing else is assigned. And then have a presentation VD for things like Powerpoint and demos.

This approach is not only sane, it is easy to implement, the only thing you need to take into account is whether or not screen decorations like the Gnome sidebar or top bar is a part of the desktop and which desktop any given screen should show as default. You could even mirror the screens easily, just assign the same VD to two screens!

To answer your question though, got the same problem and annoyance, no way to solve it yet.

3 Likes
5377

Has anyone run into flakyness with hitting the set critical power level not always triggering the system to power down (or sleep in my case)? Sleep itself has been working great (a welcome change) and the trigger goes off sometimes but not always. Iā€™ve noticed this in Ubunto 20.04, MX 22.2.1 KDE, and Kubuntu 22.04.1. I tend to have music playing when it fails as well.