All posts by cen

resize Fedora root partition

30. 1. 2019 cen

Default root partition size on my Fedora installs usually becomes too small down the line to the point I can no longer install packages or perform the upgrades without removing packages or clearing dnf cache.

Therefore I wanted to shrink my home partition and add that space to root.

We can't perform the resize while partitions are mounted so we need to boot in emergency or rescue mode. I first tried the emergency mode but the boot would lock up at Fedora logo so I decided to go with rescue instead.

Once in grub menu, press e to edit. At the end of the line of linux16 or linuxefi entry, add

systemd.unit=rescue.target

1	systemd.unit=rescue.target

Press Ctrl+x to boot with modified parameters. Once in rescue mode, perform the resize:

lvresize -L -10G --resizefs /dev/fedora/home
lvresize -L +10G --resizefs /dev/fedora/root

1 2	lvresize -L -10G --resizefs /dev/fedora/home lvresize -L +10G --resizefs /dev/fedora/root

Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Programming

That moment when you need to look up definition of C++ for loop

18. 11. 2018 cen

I was getting a segfault on an old piece of code which I maintain. The culprit was pinpointed to this:

bool found = false;
vector<string> :: iterator i;
for (i = v.begin(); !found && i != v.end(); ++i) {
    if (name == *i) {
        found = true;
    }
}
if (found) {
   v.erase( i ); // <-- segfault here
}

bool found = false;

vector<string> :: iterator i;

for (i = v.begin(); !found && i != v.end(); ++i) {

if (name == *i) {

found = true;

}

if (found) {

v.erase( i ); // <-- segfault here

}

I went through this piece if code at least 10 times without noticing the problem. The snippet is simple enough.. when match is found, set found to true and that breaks the loop since loop condition now evaluates to false. The iterator remains at the position of matched element.

WRONG.

What we are actually getting is iterator+1.

What we don't see directly from the code is that increment happens before the condition is evaluated for the next loop, giving us iterator+1 which causes a segfault if match is found on last element.

Moonie Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Other

Tenant resource authorization in JAX-RS

7. 9. 2018 cen

You have a book REST resource and each book has an owner. Only the owner of the book can access an owned book. JAX-RS specification has no answer to this problem since it only provides a role based security with @RolesAllowed annotation. It is unfortunate JavaEE spec does not offer at last some interfaces which we could then imlement for this purpose.. we need to roll our own. There are many ways this can be achieved, I will present one way of doing it.

Owned JPA entities extend a common class

All owned entities should extend a common class, let's call it OwnedEntity.

@Entity
@Table(name = "books")
public class BookEntity extends OwnedEntity {}

@Entity

@Table(name = "books")

public class BookEntity extends OwnedEntity {}

@MappedSuperclass
public class OwnedEntity {

    @Nullable
    @Column(name="owner_id")
    protected String ownerId;

}

@MappedSuperclass

public class OwnedEntity {

@Nullable

@Column(name="owner_id")

protected String ownerId;

}

Protect owned resources with an interceptor

Create an interceptor which we will use on each owned resource that will check the owner of the entity against the authorized user. We pass the owned entity as a parameter. We will need this information to be able to fetch the correct JPA entity in the interceptor implementation.

@InterceptorBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface AuthorizeOwner {

    @SuppressWarnings("rawtypes")
    @Nonbinding Class<? extends OwnedEntity> type() default OwnedEntity.class;
}

@InterceptorBinding

@Retention(RetentionPolicy.RUNTIME)

@Target({ElementType.TYPE, ElementType.METHOD})

public @interface AuthorizeOwner {

@SuppressWarnings("rawtypes")

@Nonbinding Class<? extends OwnedEntity> type() default OwnedEntity.class;

}

We protect an owned resource with this interceptor

@GET
@Path("/{id}")
@AuthorizeOwner(type = BookEntity.class)
public Response findBookById(@PathParam("id") UUID id) {}

@GET

@Path("/{id}")

@AuthorizeOwner(type = BookEntity.class)

public Response findBookById(@PathParam("id") UUID id) {}

Interceptor implementation

@AuthorizeOwner
@Interceptor
@Priority(2001)
public class AuthorizeOwnerInterceptor {

  @Context
  private SecurityContext sc;

  @Inject
  private EntityManager em;

  @AroundInvoke
  public Object methodEntry(InvocationContext ctx) throws Exception {

    Annotation t = ctx.getMethod().getAnnotation(AuthorizeOwner.class);

    Object[] params = ctx.getParameters();
    //ID must be first parameter and of type UUID
    if (params.length>0 && params[0] instanceof UUID) {
      String id = ((UUID)params[0]).toString();

      OwnedEntity object = em.find(((AuthorizeOwner) t).type(), id);
      if (object!=null && !object.getOwnerId().equals(sc.getUserPrincipal().getId()))             {
        throw new ForbiddenException();
      }
    }
    else {
      //Illegal use
      throw new InternalServerErrorException();
    }

    return ctx.proceed();
  }
}

@AuthorizeOwner

@Interceptor

@Priority(2001)

public class AuthorizeOwnerInterceptor {

@Context

private SecurityContext sc;

@Inject

private EntityManager em;

@AroundInvoke

public Object methodEntry(InvocationContext ctx) throws Exception {

Annotation t = ctx.getMethod().getAnnotation(AuthorizeOwner.class);

Object[] params = ctx.getParameters();

//ID must be first parameter and of type UUID

if (params.length>0 && params[0] instanceof UUID) {

String id = ((UUID)params[0]).toString();

OwnedEntity object = em.find(((AuthorizeOwner) t).type(), id);

if (object!=null && !object.getOwnerId().equals(sc.getUserPrincipal().getId())) {

throw new ForbiddenException();

}

else {

//Illegal use

throw new InternalServerErrorException();

}

return ctx.proceed();

}

Make sure the priority of this interceptor is lower than your security interceptor, since a valid authenticated user should already be present before it.

The limitation of this interceptor is that it can only protect ID based resources of type /resource/:id. For list resources, use seperate logic to insert an additional WHERE filter by owner ID to TypedQuery/Criteria query used for list fetching.

Second limitation is that the entity ID should always be declared first in resource method. Another way would be to enforce the name "id" as the parameter name representing the entity ID, but this requires additional reflection info to get method parameter names.

The example here uses SecurityContext to retreive the authorized user. You might need to inject your own context or parsed JWT token to retreive the needed identificator, depending on what you store in your database as owner ID (user UUID, email etc).

An improvement of this interceptor is to check the roles in security context and skip the owner check if role is an ADMIN or similar, since we probably want to allow admins to access all resources.

So how useful is this?

Good:

+protects owned resources with a simple annotation

Not so good:

-only protects ID based resources, you still need a seperate mechanism for lists
-only protects the base entity, not nested owned relations (/book/:id/somethingElse/:id2), which would mean child entity can have different owner than parent and client must be prevented from access of the child. I did not yet stumble upon such a requirement though.
-forcing method parameter position or consistent naming in resource methods Moonie Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Linux, Other, Script magic

Creating a new torrent and seeding with Transmission

23. 8. 2018 cen

You have setup a Transmission server on your Linux box together with Transmisison Web or something along those lines and now you are wondering.. how can I actually seed a NEW file?

I couldn't find a straightforward answer on the web so here is the short tutorial:

Upload your file to your transmission download directory
cd to that directory and create a torrent file (lets say the file you uploaded was called myfile.rar):

transmission-create -o myfile.torrent -c "this is my file comment" -t tracker1 -t tracker2 -t tracker3 myfile.rar

1

transmission-create -o myfile.torrent -c "this is my file comment" -t tracker1 -t tracker2 -t tracker3 myfile.rar

Replace tracker1, tracker3, tracker3, …trackerN with a bunch of trackers. Better specify more than one in case they go down. Here is a cool little list of public trackers.
Download the new .torrent file you just created, open Transmission Web and add the torrent. Since the file already exists in download directory, Transmisison will just revalidate the data and start seeding. *mind blown*
Distribute the torrent file to your people or generate a magnet link with

transmission-show -m myfile.torrent

1

transmission-show -m myfile.torrent

Moonie Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Hardware, Linux

Ubuntu 18.04 on MacBook Pro 11.5 – a sad state of affairs

4. 7. 2018 cen

There was an extra MacBook Pro 11.5 lurking around so I decided to install Ubuntu 18.04 on it and try to setup a usable workstation.

A culmination of several issues prompted me to not pursue this setup further. Linux drivers and MacBook hardware just don't play along very well.

Display flickering/corruption on main display

The bottom part of the HiDPI screen is experiencing some kind of flickering as tracked by this bug. Changing desktop environment, distros and X server configuration did not result in any improvements. For a moment Wayland seemed to have solved the issue only to reappear on next boot.

Since I also connected 3 external monitors this was not a deal breaker. External monitors did not display this issue.

Fan going at 100% most of the time

Even at idle or low load the fans would spin at 100%. Thermald was not doing it's job for whatever reason. It is hard to say why since most temperature sensors seem to be working fine and report acceptable temperatures.

I found a simple but great project called mbpfan which stopped the fans immediately after being started and still kept temperatures seemingly in check. I increased the minimum fan speed in mbpfan config just to avoid any potential overheating problems. With this setup I was getting 70-80 degrees with no overheating problems and a quiet fan.

CPU is in constant low frequency state (dealbreaker)

After installing cpufreq gnome extension I figured out that CPU is always at 800MHz. Mbpfan was not the cause since the same lack of scaling appeared when it was turned off.

First I tried to disable Intel p_state driver but the lack of scaling continued. Using userspace driver in cpufreq, I was unable to change min/max frequencies or force a specific frequency via cpupower.

As per ArchWiki, I gifured out that BIOS was enforcing this state via

cat /sys/devices/system/cpu/cpu0/cpufreq/bios_limit

1	cat /sys/devices/system/cpu/cpu0/cpufreq/bios_limit

After ignoring ppc via

echo 1 > /sys/module/processor/parameters/ignore_ppc

1	echo 1 > /sys/module/processor/parameters/ignore_ppc

the CPU instantly started to scale as expected. Unfortunately this was not the final solution since the low state would randomly reappear again for long periods of time with small time windows of scaling working as expected. Therefore, even with ignore_ppc I would still get 800MHz most of the time with temps reported around 70 degrees.

In this state Gnome Shell would lag and everything was half-usable.

Something in hardware was throttling CPU and I wasn't able to overcome it.

Bcmwl driver very spotty

WiFi bcmwl driver is very spotty. It would connect to Android hotspot no problem but it failed to connect to WiFi router. Small sample of 50% reliability.

Display positions not remembered after reboot

I had to rearrange the external monitors on each reboot since Gnome would not remember their positions. I had to come up with xrandr script to run after login to remedy this sad state of affairs.

No per-monitor scaling

Gnome still does not support setting the scale factors per monitor. Again, I had to come up with xrandr script to achieve 200% scaling on HiDPI and regular scaling on external monitors (1900×1200).

Broken scaling under Wayland

Apparently if you set the scale factor to default in Wayland session, things should "just work" across HiDPI and non-HiDPI displays. Don't believe these people, they are liars.

I set the scaling to default but that made HiDPI desktop tiny while external monitors were fine. Increasing the scaling to 200% made HiDPI fine while external monitors scaled also.

There is also no xrandr under Wayland so you can't help yourself with that.

Broken rendering of electron apps on external monitors

If using Postman on an external monitor, parts of the dialog boxes would simply disappear, making the tool unusable. Using Postman on main display did not have this issue. Weird.

The bottom line: get a Dell or a Lenovo for your Linux workstation needs. Moonie Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Linux, Script magic

Xrandr framebuffer and per-display scaling

23. 6. 2018 cen 2 Comments

Ubuntu 18.04 LTS came out recently with Gnome desktop as default. Unfortunately even in 2018, it won't remember the external monitor positioning after reboot and has no support in display settings to set per-display scaling. Year of the Linux desktop, anyone?

Xrandr is a powerful Linux tool to manipulate displays. Unfortunately, the man page is very sparse on information with badly explained flags and various Linux guides are no better.

This example will create a triple monitor setup with HiDPI laptop display at the bottom of the array.

Xrandr command:

xrandr --fbmm 11520x4200 --output eDP --pos 4320x2400 --mode 2880x1800 --scale 1x1 --primary --output DisplayPort-1 --pos 0x0 --mode 1920x1200 --scale 2x2 --output DisplayPort-0 --pos 3840x0 --mode 1920x1200 --scale 2x2 --output HDMI-0 --pos 7680x0 --mode 1920x1200 --scale 2x2

1	xrandr --fbmm 11520x4200 --output eDP --pos 4320x2400 --mode 2880x1800 --scale 1x1 --primary --output DisplayPort-1 --pos 0x0 --mode 1920x1200 --scale 2x2 --output DisplayPort-0 --pos 3840x0 --mode 1920x1200 --scale 2x2 --output HDMI-0 --pos 7680x0 --mode 1920x1200 --scale 2x2

Gnome scaling is set to 200% so our HiDPI native display looks normal. Unfortunately this also means non-HiDPI displays have this scaling applied which is not what we want.

Framebuffer is the full outer rectangle which must be able to contain our display setup as a whole.

Since external displays are scaled 2×2 (zoom out), they take twice the size of their actual resolution in our framebuffer. Meaning their sizes in fb are actually 3840×2400.

Y of the framebuffer is therefore 2400+1800=4200 (HiDPI display is scaled 1×1 so it takes the same amount of space in the framebuffer as it's resolution).

X of the framebuffer is 3*3840=11520.

–fbmm specifies the full framebuffer size

–pos specifies the position of the display in the buffer. 0x0 position starts on top-left corner.

–mode sets the actual display resolution

–output specifies the display output (run xrandr to list all available)

–scale specifies "zooming" in (<1) or out (>1)

The end result has some invisible area on the bottom-left and bottom-right corners so it is not ideal. I have yet to figure out if it is possible to specify fencing around that area.

The HiDPI display is also not perfectly aligned with the top display but that could be corrected with fractional scaling. It didn't really bother me to fiddle with that.

Finally, you should run this command with a startup script so you get the correct monitor positioning and scaling after login. Moonie Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Programming

Can JPA @Version column be nullable?

23. 6. 2018 cen

When using @Version with yor JPA entities you might be wondering, should you make the column nullable or not? There is no answer to this question in the documentation or the internet in general. The only way to find out was to test it.

The answer is: column has to be not-null, at least for EclipseLink. Null values caused EL exceptions. Moonie Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Linux, Script magic

Running multiple PHP versions and compiling from source

23. 3. 2018 cen

We had a peculiar situation where both PHP5 and PHP7 were needed at the same time on a FreeBSD server. It was also prohibitive to get root or sudo access on the managing account. The solution was to compile PHP from source with fpm, run fpm on a UNIX socket and wire the specific domain which needed PHP7 through Nginx.

Compiling from source

Compiling PHP is pretty straightforward but you can easily forget crucial configure flags. First get the source archive. After trial and error, this appears to be "good enough" for Laravel 5.6 requirements.

./configure -prefix=/home/foo/php7 --with-openssl --enable-mbstring --with-pdo-mysql --enable-fpm --with-config-file-path=/home/foo/php7 --with-config-file-scan-dir=/home/foo/php7 --with-iconv --with-gmp --with-gd

1	./configure -prefix=/home/foo/php7 --with-openssl --enable-mbstring --with-pdo-mysql --enable-fpm --with-config-file-path=/home/foo/php7 --with-config-file-scan-dir=/home/foo/php7 --with-iconv --with-gmp --with-gd

Followed by

make && make install

1	make && make install

copy php.ini-development file from source to the –with-config-file-path directory and call it php.ini. In PREFIX/bin confirm that php binary is loading your ini file by running

./php --ini

1	./php --ini

If you made a mistake in your configure run, you have to make clean first or the changed options won't be picked up.

Configuring fpm

In your PREFIX/etc folder, check php-fpm.conf. The only lines I bothered to verify and edit were pid, error_log and include, the rest can be left as is.

Inside folder php-fpm.d create a config file like my.subdomain.conf and add something like

listen = /location/of/php-fpm.sock
user = foo
group = foo
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1
pm.max_requests = 200
listen.backlog = -1
pm.status_path = /status
request_terminate_timeout = 30s
rlimit_files = 131072
rlimit_core = unlimited
catch_workers_output = yes
env[HOSTNAME] = $HOSTNAME
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

listen = /location/of/php-fpm.sock

user = foo

group = foo

pm = dynamic

pm.max_children = 5

pm.start_servers = 1

pm.min_spare_servers = 1

pm.max_spare_servers = 1

pm.max_requests = 200

listen.backlog = -1

pm.status_path = /status

request_terminate_timeout = 30s

rlimit_files = 131072

rlimit_core = unlimited

catch_workers_output = yes

env[HOSTNAME] = $HOSTNAME

env[TMP] = /tmp

env[TMPDIR] = /tmp

env[TEMP] = /tmp

You can study fpm config in great details but this is enough to get you going.

Now you can run your PHP7 fpm process in PREFIX/sbin with

./php-fpm --fpm-config /prefix/etc/php-fpm.conf

1	./php-fpm --fpm-config /prefix/etc/php-fpm.conf

Since we don't have any init scripts in this case, we must be able to kill it also. Find it with

ps aux | grep fpm

1	ps aux \| grep fpm

and kill with

kill -QUIT pid

1	kill -QUIT pid

Make sure it says php-fpm: master process in the ps output, killing children doesn't do anything, just respawns them.

Now you just need to wire up your Nginx to use this fpm instead of the PHP5 system one by specifying

fastcgi_pass unix:/location/of/php-fpm.sock;

1	fastcgi_pass unix:/location/of/php-fpm.sock;

We now have PHP dualstack with some web apps running on system provided PHP5 and some on our own built PHP7. We did not need root for this process, except possibly for configuring Nginx.

One obvious downside is that you now have to take care of updating your PHP version on your own but that is one view we had to sacrifice. Updates should be relatively easy and fast since make install won't remove your config files in existing installation and compiling PHP takes just a few minutes.

Moonie Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Linux, Script magic

Centos Docker unable to unmount on stop/start

9. 3. 2018 cen

Error looks something like

Error response from daemon: driver "overlay" failed to remove root filesystem for 805c245dad451542b44bb1b58c60887fa98a64a61f2f0b8de32fa5b13ccc8ce4: remove /var/lib/docker/overlay/8f666b802f418f4a3dc4a6cafbefa79afc81491a5cb23da8084dd14e33afbea0/merged: device or resource busy

It usually appears when stopping and starting a container. It results in Docker container not being able to start or starts in a weird dead/removed state. Issue is presumably fixed in Centos 7.4 as per this github issue, but a workaround exists:

1. Grep by part of ID:

grep docker /proc/*/mountinfo | grep 8f66

1	grep docker /proc/*/mountinfo \| grep 8f66

it shows which process is holding up the mount in busy state

/proc/31415/mountinfo:…

2. Kill the process

sudo kill 31415

1	sudo kill 31415

Moonie Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Linux, Script magic

Lib packaging for your own repo

26. 2. 2018 cen

This is a note to self about the release procedure and distro packaging of a development library.

This instructions expect aptly and createrepo to be preinstalled on your repo server together with a valid GPG key.

Packaging a .deb

1. Checkout the release tag and build the deb according to README. Each build should be done on the same machine as the target distribution. If I am packaging for Centos 6 I am also building on Centos 6. If CMake and CPack are set up correctly it usually boils down to:

cmake -G "Unix makefiles" -H./ -B./build
cd build
make
cpack -G "DEB"

cmake -G "Unix makefiles" -H./ -B./build

cd build

make

cpack -G "DEB"

If the project is missing CMake, refuse to package it.

2. Check that deb info is correct:

dpkg-deb -I bncsutil-1.4.1-Linux.deb

1	dpkg-deb -I bncsutil-1.4.1-Linux.deb

3. Rename it to distro you are building on, then scp to your repo server

mv bncsutil-1.4.1-Linux.deb bncsutil-1.4.1-Debian9.deb

1	mv bncsutil-1.4.1-Linux.deb bncsutil-1.4.1-Debian9.deb

4. If aptly repo does not exist yet, create it

aptly repo create -comment="Debian 9 repo" -component="main" -distribution="bnetdocs-stretch" debian9

1	aptly repo create -comment="Debian 9 repo" -component="main" -distribution="bnetdocs-stretch" debian9

Ideally you only create the repo the first time, for future updates you create a snapshot of it, add a package, then switch the repo to new snapshot. See aptly docs for more.

Alternatively, you can just add more packages and update the repo with

aptly publish update bnetdocs-stretch debian9

1	aptly publish update bnetdocs-stretch debian9

5. Add package to repo

aptly repo add debian9 deb_archives/bncsutil-1.4.1-Debian9.deb

1	aptly repo add debian9 deb_archives/bncsutil-1.4.1-Debian9.deb

6. Publish repo

aptly publish repo debian9 debian9

1	aptly publish repo debian9 debian9

7. On target machine, add repo to /etc/apt/sources.list and fetch public key

deb http://apt.xpam.pl/debian8/ bnetdocs-stretch main

1	deb http://apt.xpam.pl/debian8/ bnetdocs-stretch main

wget -qO - https://apt.xpam.pl/xpam.pl-pubkey.asc | sudo apt-key add -

1	wget -qO - https://apt.xpam.pl/xpam.pl-pubkey.asc \| sudo apt-key add -

8. Update and then check if package info is correct

apt-cache show bncsutil

1	apt-cache show bncsutil

9. If big mistakes were made

aptly publish drop debian9 debian9

1	aptly publish drop debian9 debian9

..and start over. Repeat for Debian 8 etc.

Packaging an .rpm

1. See the previous #1. The only difference is

cpack -G "RPM"

1	cpack -G "RPM"

2. Check that rpm info is correct

rpm -qip bncsutil-1.4.1-Linux.rpm

1	rpm -qip bncsutil-1.4.1-Linux.rpm

3. Rename it to distro you are building on, then scp to your repo server

mv bncsutil-1.4.1-Linux.rpm bncsutil-1.4.1-Centos7.rpm

1	mv bncsutil-1.4.1-Linux.rpm bncsutil-1.4.1-Centos7.rpm

4. Make sure you have .rpmmacros file in home dir with uid of gpg signing key (check out your keys with gpg –list-keys). If you don't have one, generate it. Entry in the file should look like:

%_gpg_name <uid here>

1	%_gpg_name <uid here>

5. Sign rpm

rpm --addsign rpm_archives/bncsutil-1.4.1-Centos7.rpm

1	rpm --addsign rpm_archives/bncsutil-1.4.1-Centos7.rpm

4. Move to appropriate repo that was created by createrepo earlier (see createrepo docs)

mv rpm_archives/bncsutil-1.4.1-Centos7.rpm .createrepo-centos7/

1	mv rpm_archives/bncsutil-1.4.1-Centos7.rpm .createrepo-centos7/

5. Update repo metadata

createrepo --update ./.createrepo-centos7/

1	createrepo --update ./.createrepo-centos7/

6. Add your repo on the target machine

yum -y install yum-utils
yum-config-manager --add-repo https://centos7.rpm.xpam.pl
yum-config-manager --enable https://centos7.rpm.xpam.pl
rpm --import https://centos7.rpm.xpam.pl/xpam.pl-pubkey.asc

yum -y install yum-utils

yum-config-manager --add-repo https://centos7.rpm.xpam.pl

yum-config-manager --enable https://centos7.rpm.xpam.pl

rpm --import https://centos7.rpm.xpam.pl/xpam.pl-pubkey.asc

Since createrepo is pretty much just an http server you can simply delete an rpm and update the metadata in case things go south.

Repeat for Centos 6 etc. Moonie Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Owned JPA entities extend a common class

Protect owned resources with an interceptor

Interceptor implementation

So how useful is this?

Display flickering/corruption on main display

Fan going at 100% most of the time

CPU is in constant low frequency state (dealbreaker)

Bcmwl driver very spotty

Display positions not remembered after reboot

No per-monitor scaling

Broken scaling under Wayland

Broken rendering of electron apps on external monitors

Compiling from source

Configuring fpm

Packaging a .deb

Packaging an .rpm

Reviews and tutorials of my personal interest