S.E.L.F. 2023

I attended Southeast Linux Fest this weekend. They had a 2-year hiatus during the pandemic and only resumed in 2022 (with restrictions). For this year’s return to normalcy, they went all out - both the venue itself and the production setup. Even better it was free to attend (with optional donations and a few sponsors (including Rocky Linux and TrueNAS who both had booths at the event)).

I had an amazing two days meeting so many people from all over the US and Canada (including Amolith from Linux Downtime and the legendary Cathedral and the Bazaar author Eric Raymond).

1

I was able to attend 7 talks but many of the ones I wanted to go to were concurrent with each other (the schedule was jam-packed with 3 sessions going on at the same time). Fortunately, the organizers had incredible production gear in each of the rooms, and all of the talks (along with their Q&A portions) were recorded and posted to youtube for later viewing.

Below are the RAW notes I took from the talks that I attended (and had my laptop open in):

2

Optimizing Linux for Gaming Performance

Learned about ProtonQT a nice graphical UI for managing proton versions.

  • Disable spec bypass mitigations - great for older than Ryzen and older than 9th Intel. Sometimes 25%. Add mitigations=off to kernel (bootloader?)
  • Enable XeSS/FSR/DLSS - DLSS only for older than 2xxx GPUs, XeSS only for Intel GPUs
  • Install a wayland specific window manager - since gnome slow. One is gamescope that the steam deck uses.
  • Other optimization tips for config.
  • Finished up with demo of building a kernel yourself.

De-googling your phone

  • Interesting look at some of the features on the grapheneOS: Storage scope, contact scope, preventing network access for individual applications.
  • Intro on how to get sandboxed googple play services to work for apps that require it.
  • auto-reboot, if phone isn’t unlocked for X time will auto-reboot in encrypted mode, so no-one can pull things from drive until you unlock
  • List of bank apps that work on grapheneOS: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
  • Aegis 2FA app - good alternative to google authentication
  • grapheneOS backup feature - broken-ish state right now, most apps don’t let you backup anyway
  • you can spoof the GPS (turned on in developer options) so can watch video streaming platforms
  • Never heard of this site: endoflife.date - really good reference for end-of-[life / support] for a bunch of software, not just android

Make Ansible Suck Less with Custom Modules and Saltstack

  • Ansible uses jinja templating
  • python generators
  • all the things that are a pain in jinja that would be concise and only in python
  • Salt stack [salt master] => [salt minions]
  • Ansible [controller] => [hosts]
  • ansible templating requires using jinja, but with module can use python itself.
  • Painpoints of ansible templating, then onto writing our own module converting that huge peice of ugly jina to a ansible module (using python, instead of jina) - a lot less clunky because can actually use all features of python
  • Overview: If you have a choice, don’t use ANsible, use Saltstack.

Bulletproof Bash

  • Great tips of making scripts more robust. Improving readability, increasing maintainability.
  • use umask instead of chmod-ing bash files
  • set -xv
  • set -e : bailout if non-0 exist code
  • trap ___ <signal> - code that will run when bash exists (no matter for what reason): e.g.:trap "rm -f /tmp/output.txt" EXIT
    • Also way to disable trap (untrap): trap -
  • flock - creates lock around file (can use -n for non-blocking, but usually want script to exit immediately if it can’t get the lock). Lock exit when bash script is closed. Good for scripts called by cronjobs, can make sure another job can’t start on same script while one if working.
  • readonly - const/final for bash: readonly PI=3.14
  • Don’t need to quote everything (to remove work splitting etc.), you can just use double brackets [[ (instead of single [ ) for conditionals. You can also disable wordsplitting for some code by seting IFS to null and then unset it (unset will put it back to default (\t, space, \n) for a piece of code or function).
  • ERR vs. EXIT trap:   ERR only runs on same condition as set -e (but it’s not inherited by shell functions etc.) - Recommend don’t use, instead only use EXIT trap
  • shellcheck - will catch a lot of issues but will also lead you down path of double-quoting **everything - **it’s an old-fashioned linter. Website but also most distros it’s available as package.
  • Useful:
    • set -o pipefail
    • shopt -s nullglob
    • shopt -s failglob
  • Speakers blog