Jarkko Sakkinen
Posts
5043Following
329Followers
504OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
Edited yesterday
If ever have to use Windows machine, 'gopass' seems to working replacement for pass (and gpg4win enables yubikey).
0
0
0
Jarkko Sakkinen
jarkko
cool i did not know this but noticed by accident that gpu-screen-recorder seems to capture also audio from DAW flawlessly :-)
0
0
2
Jarkko Sakkinen
jarkko
apparently wine 10 uses ntsync out-of-the-box:
❯ lsof /dev/ntsync
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
start.exe 6512 jarkko 12r CHR 10,261 0t0 1155 /dev/ntsync
wineserve 6514 jarkko 9r CHR 10,261 0t0 1155 /dev/ntsync
services. 6518 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
explorer. 6524 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
winedevic 6533 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
svchost.e 6605 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
plugplay. 6611 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
winedevic 6623 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
conhost.e 6641 jarkko 11r CHR 10,261 0t0 1155 /dev/ntsync
winecfg.e 6643 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
This happends after creating /etc/modules-load.d/ntsync.conf and "sudo systemctl restart systemd-modules-load.service":
❯ systemctl status systemd-modules-load.service
● systemd-modules-load.service - Load Kernel Modules
Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service; static)
Active: active (exited) since Fri 2025-12-19 03:31:20 EET; 4min 26s ago
Invocation: 367aac34988a4ed491f826a5670acf94
Docs: man:systemd-modules-load.service(8)
man:modules-load.d(5)
Process: 5939 ExecStart=/usr/lib/systemd/systemd-modules-load (code=exited, status=0/SUCCESS)
Main PID: 5939 (code=exited, status=0/SUCCESS)
Mem peak: 2.7M
CPU: 6ms
Dec 19 03:31:20 sysdarch systemd[1]: systemd-modules-load.service: Deactivated successfully.
Dec 19 03:31:20 sysdarch systemd[1]: Stopped Load Kernel Modules.
Dec 19 03:31:20 sysdarch systemd[1]: systemd-modules-load.service: Consumed 445ms CPU time, 89.5M memory peak.
Dec 19 03:31:20 sysdarch systemd[1]: Stopping Load Kernel Modules...
Dec 19 03:31:20 sysdarch systemd[1]: Starting Load Kernel Modules...
Dec 19 03:31:20 sysdarch systemd-modules-load[5939]: Inserted module 'ntsync'
Dec 19 03:31:20 sysdarch systemd[1]: Finished Load Kernel Modules.
❯ lsof /dev/ntsync
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
start.exe 6512 jarkko 12r CHR 10,261 0t0 1155 /dev/ntsync
wineserve 6514 jarkko 9r CHR 10,261 0t0 1155 /dev/ntsync
services. 6518 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
explorer. 6524 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
winedevic 6533 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
svchost.e 6605 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
plugplay. 6611 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
winedevic 6623 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
conhost.e 6641 jarkko 11r CHR 10,261 0t0 1155 /dev/ntsync
winecfg.e 6643 jarkko 10r CHR 10,261 0t0 1155 /dev/ntsync
This happends after creating /etc/modules-load.d/ntsync.conf and "sudo systemctl restart systemd-modules-load.service":
❯ systemctl status systemd-modules-load.service
● systemd-modules-load.service - Load Kernel Modules
Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service; static)
Active: active (exited) since Fri 2025-12-19 03:31:20 EET; 4min 26s ago
Invocation: 367aac34988a4ed491f826a5670acf94
Docs: man:systemd-modules-load.service(8)
man:modules-load.d(5)
Process: 5939 ExecStart=/usr/lib/systemd/systemd-modules-load (code=exited, status=0/SUCCESS)
Main PID: 5939 (code=exited, status=0/SUCCESS)
Mem peak: 2.7M
CPU: 6ms
Dec 19 03:31:20 sysdarch systemd[1]: systemd-modules-load.service: Deactivated successfully.
Dec 19 03:31:20 sysdarch systemd[1]: Stopped Load Kernel Modules.
Dec 19 03:31:20 sysdarch systemd[1]: systemd-modules-load.service: Consumed 445ms CPU time, 89.5M memory peak.
Dec 19 03:31:20 sysdarch systemd[1]: Stopping Load Kernel Modules...
Dec 19 03:31:20 sysdarch systemd[1]: Starting Load Kernel Modules...
Dec 19 03:31:20 sysdarch systemd-modules-load[5939]: Inserted module 'ntsync'
Dec 19 03:31:20 sysdarch systemd[1]: Finished Load Kernel Modules.
0
1
0
Jarkko Sakkinen
jarkko
Edited 4 days ago
Audio is still a niche in Linux but one can already see the uprising commercial potential due recent years development of e.g., Pipewire, improvements in kernel and projects like yabridge, which is like "Proton for audio plugins".
It's also pretty nice to open audio projects in properly tuned Linux distribution thanks to overall feel of stability and steady response, and off-shelf routing network (thanks to pipewrite), even more so than e.g. in macOS. It's only the smaller plugin ecosystem that really counts.
And this all is fairly recent, happened only during last few years. E.g. in 2019 audio situation was still quite horrible :-) When you make a song, you don't want start your creative process by adjusting audio buffer sizes for fucking Jack init.
It's also pretty nice to open audio projects in properly tuned Linux distribution thanks to overall feel of stability and steady response, and off-shelf routing network (thanks to pipewrite), even more so than e.g. in macOS. It's only the smaller plugin ecosystem that really counts.
And this all is fairly recent, happened only during last few years. E.g. in 2019 audio situation was still quite horrible :-) When you make a song, you don't want start your creative process by adjusting audio buffer sizes for fucking Jack init.
0
0
2
Jarkko Sakkinen
jarkko
a bit over 18 years working from home :-) could not imagine myself working in an office
0
0
2
Jarkko Sakkinen
jarkko
sysdarch is also arch install optimized for latency instead of throughput (from those grounds inhreits the choice of using ext4 instead of btrfs). making sure that full pre-emption is always turned on, threaded irqs are enabled (for the benefit of USB audio interfaces), default user is added to 'realtime' group etc.
It differs from audio/studio distributions in the sense that I use balanced decisions and choices but don't break the whole system for questionable benefits :-)
It runs Bitwig Studio with yabridge or FL Studio with wineasio really well and that's like the stimuli in the first place ;-)
I think I slowly make it more generic and polished over time because it has sort of its own nice as per use case...
It differs from audio/studio distributions in the sense that I use balanced decisions and choices but don't break the whole system for questionable benefits :-)
It runs Bitwig Studio with yabridge or FL Studio with wineasio really well and that's like the stimuli in the first place ;-)
I think I slowly make it more generic and polished over time because it has sort of its own nice as per use case...
1
2
0
Jarkko Sakkinen
jarkko
My Arch install scripts soon will almost configure Niri and Noctalia (there's only a single bug in the install script that i need to fix).
I maintain the script proactively so that they retain close proximity to my live install because this can be toolized in kernel debugging situations (e.g., reproduce the same environment to a VM).
Maybe I even distro-name this some day. The first name that came to mind was "Idiocracy'. I have no idea where from that spun off ;-)
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/sysdarch.git
I maintain the script proactively so that they retain close proximity to my live install because this can be toolized in kernel debugging situations (e.g., reproduce the same environment to a VM).
Maybe I even distro-name this some day. The first name that came to mind was "Idiocracy'. I have no idea where from that spun off ;-)
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/sysdarch.git
0
0
1
Jarkko Sakkinen
jarkko
I've recently started to use Niri in my main desktop PC. First tiling wm where that some how intuitively works for me, and does not require too much configuration :-)
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/sysdarch.git/commit/?h=main&id=7484242542d5bdd97a507c47959d2117faf6a170
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/sysdarch.git/commit/?h=main&id=7484242542d5bdd97a507c47959d2117faf6a170
0
0
0
Jarkko Sakkinen
jarkko
a "one line change moment" ;-)
https://lore.kernel.org/linux-integrity/20251215231438.565522-1-jarkko@kernel.org/T/#u
Somehow these types of patches give more kicks than more complex ones.
https://lore.kernel.org/linux-integrity/20251215231438.565522-1-jarkko@kernel.org/T/#u
Somehow these types of patches give more kicks than more complex ones.
1
0
2
Jarkko Sakkinen
jarkko
Some news outlets etc. seem to translate making translate making support non-experimental into "Rust support getting official". I guess Rust has been "official" past 5-6 years but marked as experimental. I don't understand this type of reporting, or what it meant by "official" to begin with.
0
0
0
Jarkko Sakkinen
jarkko
Glad previous stuff was merged but new stuff for further streamlining hmac sessions and code around has piled up:
https://lore.kernel.org/linux-integrity/20251214153808.73831-1-jarkko@kernel.org/
Improving hwrng, the prime source of latency issues, has some groundwork laid out, and latency hit should be now stable (as per small variance in expected latency).
After those have been merged it is easy to further to improve hwrng (probably by making it to pool random bytes with fixed size chunk pulls of new data, and serve caller from the pool).
https://lore.kernel.org/linux-integrity/20251214153808.73831-1-jarkko@kernel.org/
Improving hwrng, the prime source of latency issues, has some groundwork laid out, and latency hit should be now stable (as per small variance in expected latency).
After those have been merged it is easy to further to improve hwrng (probably by making it to pool random bytes with fixed size chunk pulls of new data, and serve caller from the pool).
0
0
1
Jarkko Sakkinen
jarkko
Edited 12 days ago
Iterating HMAC encryption steadily to be great again: https://lore.kernel.org/linux-integrity/20251210172027.109938-1-jarkko@kernel.org/
I don't think it has unsolvable issues but it will need some rework. Just needs a few iterations like this.
I think also that once it is functionally and quality wise significantly improved it makes sense to replace CONFIG_TCG_TPM_HMAC with kernel command-line parameters and set of parameters.
Other remarks that I put mostly here for myself as a remainder (I love Mastodon bookmarks):
1. One thing that was properly handled in the first iteration was also that despite ECC-NIST-P256/SHA256 might be de-facto and pratically everywhere in western countries, there's also large population in a distant country at Asia relyingon SM2/SM3. I.e. we eventually need SM2/SM3 to be univeral.
2. Initialization itself should be *conditional* i.e., it will complain if feature cannot be enabled but that's all. It can be then supplemented with "panic_on_warn" style parametr, if somone has a problem with this.
3. Relying only on null key generated at boot is a great for some systems (laptops/desktops) but for embedded systems especially it is a major performance hit. Thus also persistent root key should be an option.
4. During power on hwrng was the worst glitch. The patch set above already improves the situation by making read request "opportunistic" instead of committing to an amount. No grand plan for this but I do have a sack of ideas in my pocket. This will gradually improve over time with no grand plan tbh ;-)
#linux #kernel #tpm
I don't think it has unsolvable issues but it will need some rework. Just needs a few iterations like this.
I think also that once it is functionally and quality wise significantly improved it makes sense to replace CONFIG_TCG_TPM_HMAC with kernel command-line parameters and set of parameters.
Other remarks that I put mostly here for myself as a remainder (I love Mastodon bookmarks):
1. One thing that was properly handled in the first iteration was also that despite ECC-NIST-P256/SHA256 might be de-facto and pratically everywhere in western countries, there's also large population in a distant country at Asia relyingon SM2/SM3. I.e. we eventually need SM2/SM3 to be univeral.
2. Initialization itself should be *conditional* i.e., it will complain if feature cannot be enabled but that's all. It can be then supplemented with "panic_on_warn" style parametr, if somone has a problem with this.
3. Relying only on null key generated at boot is a great for some systems (laptops/desktops) but for embedded systems especially it is a major performance hit. Thus also persistent root key should be an option.
4. During power on hwrng was the worst glitch. The patch set above already improves the situation by making read request "opportunistic" instead of committing to an amount. No grand plan for this but I do have a sack of ideas in my pocket. This will gradually improve over time with no grand plan tbh ;-)
#linux #kernel #tpm
0
1
0
Jarkko Sakkinen
jarkko
Second Windows post of the day ;-)
What is the pass alternative for Windows that is fully compatible with pass' database?
What is the pass alternative for Windows that is fully compatible with pass' database?
0
0
0
Jarkko Sakkinen
jarkko
Edited 12 days ago
Microsoft has a multi-decade long history of features, which most people want to proactively disable: https://arstechnica.com/ai/2025/12/microsoft-slashes-ai-sales-growth-targets-as-customers-resist-unproven-agents/
Some things never change ;-)
I have one ThinkPad with Windows and in that when reinstalling the OS, the challenge is always to find out how to mitigate Microsoft's latest attempts to disable local (only) accounts. It's a forever-going puzzle game really.
#microsoft
Some things never change ;-)
I have one ThinkPad with Windows and in that when reinstalling the OS, the challenge is always to find out how to mitigate Microsoft's latest attempts to disable local (only) accounts. It's a forever-going puzzle game really.
#microsoft
0
0
0
Jarkko Sakkinen
jarkko
Edited 14 days ago
Now it hit me what I was doing wrong in TPM2 asymmetric keys.
Introducing new key types was a wrong strategy. Instead, pre-existing ECC and RSA key types should be layered i.e., you turn "TPM2 magic switch" on and kernel generates import blob etc. dance behind the curtains.
This has numerous benefits. E.g., there can be then also "TEE magic switch" depending on platform and generally speaking this is the best for users as they don't need to overturn their configuration.
#linux #kernel #tpm
Introducing new key types was a wrong strategy. Instead, pre-existing ECC and RSA key types should be layered i.e., you turn "TPM2 magic switch" on and kernel generates import blob etc. dance behind the curtains.
This has numerous benefits. E.g., there can be then also "TEE magic switch" depending on platform and generally speaking this is the best for users as they don't need to overturn their configuration.
#linux #kernel #tpm
0
0
1
Jarkko Sakkinen
jarkko
My friend Tuomo wrote a window manager called 'pwm' during early 00's. I liked the idea of attaching multiple client windows to a single frame much more than tiling window managers. I used that wm for quite a while and wish that someone would bring that concept back.
2
1
2