When using TPM 2.0 with a Alpine Linux based host in order to generate certificates, specifically certificate sign requests (CSR’s), one will inevitably stumple upon tpm2-tss and its tpm2-tss engine for OpenSSL to generate a private key which resides in the TPM 2.0 module and a CSR that can be used to generate a signed certificate by any certificate authority.
Continue reading Compile tpm2-openssl on AlpineAll posts by Malte
Quantum Spark 1570: dynamic object in the translated source column cannot be resolved. for more details see sk166457
When operating CheckPoint’s Quantum Spark 1570 and similar appliances, it is a common practice to port-forward services that should be exposed to the internet. One could create a “server”, lets say for WireGuard VPN on port 51820 and forward this specific port to one specific machine on the local network.
The Quantum Spark appliance will do the rest, like adding a firewall rule to actually allow the traffic. Et voila, you can connect to your WireGuard VPN.
However when using the dynamic NAT feature, which is the default, at some point your service, in my case WireGuard, could be blocked again. Specifically after restarting the appliance when using IPv4+IPv6.
Why is that? Dynamic NAT rules on the 1570 use Dynamic Objects (objects that reference the current IP of an interface). After reboot, especially with IPv6 auto-configuration (SLAAC/DHCPv6), the interface’s IPv6 address or prefix changed. NAT rules referencing the old dynamic object no longer match the new interface address. The firewall throws the SK166457 error.
Solution? Use a non-changing IPv6 network or set the NAT to static. Likely the NAT will be IPv4 only, so it is perfectly fine to statically bind to a single, external IPv4.
So far I had a mixed experience with CheckPoint and Quantum Spark devices. Sometimes things are overcomplicated. But the worst part: Pretty much all of CheckPoints Knowledge Base (also the sk166457 article) is behind a login wall. That would not pose a problem, but even after creating a private account, the information stays hidden to authorized personnel with some kind of special permission. Solutions therefore must be found manually. Thats bad…
GLKVM: Enter AMI-BIOS setup of connected device
I recently got to use a GLKVM device to remote control a SFF computer that runs as a server. It features a normal mainboard with an AMI-BIOS. The default of the splash screen of the AMI-BIOS was 1 second.
After trying a couple times to enter the BIOS for WOL and other settings, I failed trying Esc, F1, F2, Del, F10, F11. None of them worked. Supposedly because the time to input was so short and the delay of the remote console just made finding the right moment even more difficult.
The solution I had not heard of before: Keep the right button pressed throughout the whole boot process until you entered the BIOS setup.
And that worked. I kept pressing F2 throughout the whole boot process and suddenly entered the BIOS setup successfully. Afterwards I changed the splash screen timeout from 1 to 5 and retried with a normal button press while the AMI BIOS splash screen kept waiting: Success. A normal short button press worked now due to the updated timeout.
ThinkBook G13/G13s G4 IAP and similar microphones not working recently
I just experienced a strange behaviour with the named ThinkBook’s, that affects G13 G4 books and similar devices. After an upgrade of “Elevoc AudioProcessingObject” to (in my case) 4.0.5.199 via Windows Update, the microphone just stopped working.
After finding a thread on reddit about this, I installed the latest 5.0.5.238, which also did not work. Scrolling through the thread revealed that a user had this exact problem even with the latest 5.0.5.238 version. Installing 5.0.5.234 manually via device manager fixed the problem immediately, even without a restart.
https://catalog.update.microsoft.com/Search.aspx?q=Elevoc
Shows the available packages as .cab. They can be extracted manually and then installed via the device manager. Downgrade works by uninstalling or downgrading to a previous version, then rolling forward as much as needed.
Problems with Ubuntu 24.04 in VirtualBox 7.0.20 VM on a Windows 10 host
I recently had the bright idea to upgrade to Ubuntu 24.04 inside my Ubuntu VM that is running with VirtualBox 7.0.20 on Windows 10.
As you propably guessed: Its a catastrophy.
Not only is there problems with the vmwgfx driver that comes with newer kernels but also Xorg fallback mode is not working anymore. There was regular stack traces at boot that could be to some part fixed by enabling hpet mode.
It also shows regular boot delays or fully gets stuck related to systemd-resolved, oomd or timesyncd.
At this point I would like to show you possibilities to prevent these problems, but I got no advice more than the things mentioned above and disabling 3D acceleration in the settings + using the VMSVGA graphics mode.
I have also tried the VirtualBox 7.1 Beta 1, with no improvements.
Running Dell C1660w/Xerox Phaser 6000B on Ubuntu 24.04
No matter if you are a Windows-, Linux- or Mac-Person, the way some producers of peripheral devices such as printers, plotters, scanners, sensors, diagnostics tools handle their software support, frankly, sucks.
I want to try to supply you with some instructions on how to get a Dell C1660w, a Dell branded version of the Xerox Phaser 6000B, running on your latest Linux distro with a 100% satisfaction guarantee1.
Continue reading Running Dell C1660w/Xerox Phaser 6000B on Ubuntu 24.04