Infosec Scribbles

October 14, 2017

Linux Woes and 4K Hell

Recently I got a new Dell Precision 5520 and a TB16 dock. It came with Windows 10, and as I was quick to learn, “10” is the number of minutes it took me to decide that I would rather use anything else. This is coming from someone who has been using Windows on all non-server machines since age 7. Given the available options, I went for Ubuntu Linux.

As it turned out, Linux came with its own set of problems, and 4K or HiDPI has below usable support no matter which OS you choose.

I will maintain this post with status updates on the issues listed so that others can reuse my solutions. Another reason is that a bunch of my coworkers have decided to follow suit upon seeing Windows 10 and this is the most efficient way of helping them with the issues they are about to face.

Current setup: Ubuntu GNOME 16.04.3 LTS, 4.13 kernel.

Note: Previously this post was mentioning an -edge kernel. That was prior to 4.13 making it to LTS repos, when 4.10 used to be the default.

For the purposes of this page, a solution fixes the problem fully, a workaround fixes it partially and unwanted side effects can be introduced in both cases.

Disk Detection

In order for Linux to detect your disk, set SATA mode in BIOS to AHCI.

Secure Boot

VMware and Nvidia are two offenders that require you to turn off Secure Boot, because their code is not signed.

Solution: (not tested yet) sign nvidia and vmware kernel modules manually for every kernel update.

HiDPI Support

The laptop comes with a 4K UHD screen. Overall, HiDPI support on Linux exists. As long as you don’t mix DPI on monitors and only use GTK3 applications.

As soon as you connect 1080p monitors, you are in trouble. X Org does not support different DPI settings for different screens. Where it does, support varies per application. Pretty much anything based on GTK2, QT4, Mono/DotNET or Java won’t work or will give you partially/fully broken UI. Examples: KeePass, VMware, Burp Suite, HipChat to name a few.

If it makes you feel any better, Windows is just as much hit and miss. 4K technology is just not ready for daily use.

Workarounds:

1. Run all screens at their native resolutions

Unwanted side effect: DPI setting for the UI remains the same across screens. If your external monitors are not 4K and you set DPI based on your laptop monitor, everything will be massive on them. If you set DPI based on your external monitors, everything will be tiny on your laptop monitor.

2. XRandR-based downscaling of external monitors

Unwanted side effect: increased GPU load. Applications will be rendered in 4K and scaled down, so all 4K support issues remain.

3. Run laptop screen at 1080p

Unwanted side effect: in theory, this should work without problems. 1080p is exactly half of 2160p and scaling should not introduce any artifacts. In practice, for whatever reason Dell decided that the laptop monitor should use interpolation instead, so everything is blurry.

I currently use the latter option and only use the laptop screen for chats and other rarely used applications. I tried using it on the go and it gave me a splitting headache within an hour. Too much eye strain. For on the go use, I have to switch to 2160p and restart all graphical applications. Applications that are not based on GTK3 (majority) require workarounds that I will list in separate blog posts. The counter-intuitive thing with this option is to not touch the HiDPI window scaling setting in GNOME Tweak Tool! By default it is set to auto-adjust to your selected resolution. The moment you touch it, it will become fixed in the value you set it to.

UPDATE 1017: I am currently attempting to get the newly released nearest neighbour rendering option to work.

UPDATE 1020: nearest neighbour scaling is not supported for hybrid graphics devices.

Docking Station / Linux Kernel

Support for Thunderbolt docking stations in Linux kernels available in Ubuntu is sub par.

Ethernet

Ethernet connector on the dock is supposed to be working at 1 Gbit speed. It does so for a couple of minutes, and then it becomes unresponsive. When this happens, you have a 5050 chance of your kernel freezing up indefinitely and you having to hard reboot.

Workaround: use tc to limit the bandwidth on it to 100 Mbps until Dell fixes their drivers and/or BIOS.

Unwanted side effect: wired slower than WiFi.

UPDATE: the issue is actually much worse. You can stop the dropouts by forcing 100 Mbps mode, but there is a bonus level here with corrupted packets making it through. As a result, you end up with corrupted data: http://en.community.dell.com/techcenter/os-applications/f/4613/p/20018487/21025545#21025545. You could use an external USB-C Ethernet adapter, but that causes a parade of other bugs and compatibility issues thanks to a non-configurable “MAC passthrough” feature giving the same MAC address to all Ethernet adapters connected to the laptop. For example, you will end up with different physical devices on eth0 and eth1 depending on what you had plugged in at boot time. In turn, this will break iptables.

UPDATE 02/27: packet corruption issue is being worked on in this launchpad ticket.

UPDATED WORKAROUND:

$ sudo ethtool -s eth0 speed 100 duplex full autoneg on
$ sudo ethtool --offload eth0 tx off
$ sudo ethtool --offload eth0 rx off

Hot-plugging

Hot-plugging devices into the dock works if you disable Thunderbolt Security and use either nouveau drivers or only the Intel GPU via nVidia PRIME.

UPDATE 1226: as of kernel 4.13, booting up with the dock, disconnecting it (e.g. for a meeting) and plugging it back in again causes the entire system to freeze. You can unfreeze it by unplugging the dock again, but even if it does come back to life, save all your work and reboot because sometimes it will crash shortly after.

Solution: none. This was reported on launchpad

Thunderbolt Security

By default, devices plugged into the dock won’t work. Or so says the concept of Thunderbolt security. In reality, you still get a 5050 chance of it working without this hack. But if you want devices plugged into the dock at boot to work, you should disable Thunderbolt Security in BIOS. Support for this feature is coming was introduced in kernel 4.13, but I haven’t tested it yet.

Solution: disable Thunderbolt security in BIOS.

Unwanted side effect: no Thunderbolt security.

Middle Click Paste

In X Org, middle click pastes from “Selection Buffer”. This buffer holds whatever your last selection was. The functionality is hard coded with no switch.

Workaround: some apps allow you to disable this for them. For me, this is Firefox and Sublime Text.

Unwanted side effect: doesn’t help apps that don’t support this.

Solution: patch and recompile X Org.

Unwanted side effect: can’t get automatic updates for X Org. You will have to make it part of your daily routine to check for new versions, recompile them and install them manually.

GNOME Bugs

GNOME has a number of problems where settings from the GUI get completely ignored by the system. Some examples:

  • “Show All Input Sources” does nothing.
  • “Middle Click Paste” does nothing.
  • “Show Location of Pointer” breaks hotkeys.
  • Touchpad/mouse are treated the same in terms of GUI settings.

Whereas I can understand having issues with HiDPI and Thunderbolt, them being new technology, I came in with the expectation that the basic input/output is fully supported. The year is 2017 2018 and we still can’t get the basics right.

Window Focus Glitches

Window focus logic in GNOME (or maybe X Org, I haven’t bothered testing KDE to confirm yet) is weird.

Say I have a text editor full-screened on one of my monitors. If I focus a different window on a different monitor and move it to that screen, I expect it to retain focus and appear on top of the full screen window. The full screen window should stay in the background until focused.

What happens in reality is that full screen windows bully all other windows. When you move something onto a screen with a full screen window, you will not see it until you Alt+Tab into it. The moment you unfocus that window by calling up a drop-down terminal or clicking on the task bar or clicking on anything that is not the window you just Alt+Tabbed into, the full screen window gains focus. This makes no logical sense at all: clearly the full screen window should stay quiet until called upon.

Solution: none.

Fonts

All fonts are fat. Sub-pixel aliasing is dirty on all settings. Decimal point font sizes, i.e. 13.4 get rounded up to .5 and render incorrectly. Standard fonts are not the same as on Windows, resulting in incorrect wildly different rendering of a large portion of websites.

Solution: this and manually setting up the fonts that you are used to.

Invisible Key Bindings

Some key bindings are not exposed in the key bindings UI. For example, Ctrl+Alt+Arrow will switch workspaces, but does not show up in the keyboard UI. I am used to having this hotkey reserved for expanding vertical selections in my text editor.

Solution: manually edit dconf.

Mouse Acceleration

The cursor will accelerate when you don’t expect it to and will refuse to accelerate when you do want it to do so: 1, 2, 3.

Workaround: disable mouse acceleration by installing libinput and selecting flat acceleration profile in X Org config files.

Unwanted side effect: severely decreased accuracy. Your mouse pointer will be too sensitive when moving it slowly.

Input Devices Configuration

The OS does not allow you to configure your touchpad and mouse in the GUI. If you want tapping enabled, you have to edit dconf. If you want to configure gestures, you have to travel seven circles of hell with config files and different input drivers.

Solution: manual config using Xorg files and dconf.

VMware and KeePass

VMware has its own mechanism for handling keystrokes and as such will not allow you to auto-type your passwords from KeePass. They will all be typed in lowercase.

Copy and pasting is hit and miss, depending on whether or not the target field allows it fully functional as of VMware 14 as long as you do it through VMware context menu and not via shared clipboard.

Workaround: auto-type using VNC built into VMware. Keep it on a separate workspace when not in use.

Unwanted side effect: decreased responsiveness, extra rendering load, extra jumping back and forth between workspaces.

True Color in tmux

The version of tmux bundled in Ubuntu LTS repositories is old enough not to have true color support.

Solution: purge tmux if installed via apt-get and install it using snap in classic mode instead. Restart your terminal.

f.lux Not Working

To eliminate one of the big sleep disruption factors, for years I have been using f.lux to adjust the color of my monitors after sunset. On Linux, it does nothing due to still being behind changes to the kernel that were made in 4.4.

Solution: use redshift-gtk instead.

Random Things

These are things that have occurred more than once to me, but I could not reproduce them or did not have the time to hunt them down enough for a full write-up. They may get their own sections or blog posts in the future.

  • For secure RDP with TLS, build the latest FreeRDP and ditch rdesktop.

Bluetooth

Feb ‘18: A separate blog post on how to get Bluetooth to work, as this task is rather involved.

Linux

  • Sometimes the system freezes during use, with no ability to kill X or switch to text mode (kernel freeze). This has not happened once since I stopped using Ethernet on TB16 dock. Feb ‘18: This has not happened since kernel 4.13 was released.
  • Some time after startup GNOME forgets that it is running in HiDPI mode and stops scaling newly launched applications. I observe this most frequently with Wireshark and HipChat.
  • gnome-shell randomly crashes at least a dozen few times a day. Feb ‘18: This got much better recently.
  • Sometimes terminator randomly crashes. Feb ‘18: This got much better recently.
  • Sometimes the system freezes in text mode when shutting down and you have to hard reset it. Feb ‘18: still super annoying.
  • nautilus becomes unresponsive to mouse actions on right click. Comes back to life upon selecting an action from context menu or pressing Esc.
  • Hotplugging the dock can result in any amount of unpredictable consequences, from a harmless DPI change to USB drivers freaking out and requiring a reboot. Feb ‘18: The only remaining dock hotplug issue is associated with using nVidia drivers pointed out above.

Laptop

  • Audio on the laptop gets strong noise, both on Windows and Linux. This is really, really bad DAC design.
  • Sometimes audio on the dock cuts off or becomes semi-functional, i.e. only one ear working. When this happens, usually both channels sound in the left ear and become distorted. Feb ‘18: I have been using an external DAC/amp combo for the last few months and will not be tracking this issue further.
  • LibreOffice randomly crashes regularly. Feb ‘18: I am using a VM with Office 2016 when I need it and will not be tracking this issue further.

VMware

  • VMware Linux (Kali) guest screen becomes offset into blank space and unusable when guest 3D acceleration is enabled; mouse pointer becomes out of sync with screen in the guest.
  • VMware Windows 10 guest screen goes blank when forced into 1080p stretch mode on 4K host screen. Cycling between “Center Guest” and “Stretch Guest” resolves it. Feb ‘18: this as HiDPI support in general was resolved in VMware 14.
  • VMware often randomly crashes when different virtual machines are full-screened on different screens. Feb ‘18: I have not observed this behavior in VMware 14 yet. Admittedly, I haven’t been using multiple VMs on different screens recently, therefore I am not crossing this out yet.