💾 Archived View for perso.pw › blog › rss.xml captured on 2024-03-21 at 15:08:02.

View Raw

More Information

⬅️ Previous capture (2024-02-05)

➡️ Next capture (2024-05-10)

🚧 View Differences

-=-=-=-=-=-=-

<?xml version="1.0" encoding="UTF-8"?> 
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Solene'%</title>
    <description></description>
    <link>gemini://perso.pw/blog/</link>
    <atom:link href="gemini://perso.pw/blog/rss.xml" rel="self" type="application/rss+xml" />
    <item>
  <title>Cloud gaming review using Playstation Plus</title>
  <description>
    <![CDATA[
<pre># Introduction

While testing the cloud gaming service GeForce Now, I've learned that PlayStation also had an offer.

Basically, if you use a PlayStation 4 or 5, you can subscribe to the first two tiers to benefit some services and games library, but the last tier (premium) adds more content AND allows you to play video games on a computer with their client, no PlayStation required.  I already had the second tier subscription, so I paid the small extra to switch to premium in order to experiment with the service.

=> https://www.playstation.com/en-us/ps-plus/ PlayStation Plus official website

# Game library

Compared to GeForce Now, while you are subscribed you have a huge game library at hand.  This makes the service a lot cheaper if you are happy with the content.  The service costs 160$€ / year if you take for 12 months, this is roughly the price of 2 AAA games nowadays...

# Streaming service

The service is only available using the PlayStation Plus Windows program.  It's possible to install it on Linux, but it will use more CPU because hardware decoding doesn't seem to work on Wine (even wine-staging with vaapi compatibility checked).

There are no clients for Android, and you can't use it in a web browser.  The Xbox Game Pass streaming and GeForce now services have all of that.

Sadness will start here.  The service is super promising, but the application is currently a joke.

If you don't plug a PS4 controller (named a dualshock 4), you can't use the "touchpad" button, which is mandatory to start a game in Tales of Arise, or very important in many games.  If you have a different controller, on Windows you can use the program "DualShock 4 emulator" to emulate it, on Linux it's impossible to use, even with a genuine controller.

A PS5 controller (dualsense) is NOT compatible with the program, the touchpad won't work.

=> https://github.com/r57zone/DualShock4-emulator DualShock4 emulator GitHub project page

Obviously, you can't play without a controller, except if you use a program to map your keyboard/mouse to a fake controller.

# Gaming quality

There are absolutely no settings in the application, you can run a game just by clicking on it, did I mention there are no way to search for a game?

I guess games are started in 720p, but I'm not sure, putting the application full screen didn't degrade the quality, so maybe it's 1080p but doesn't go full screen when you run it...

Frame rate... this sucks.  Games seem to run on a PS4 fat, not a PS4 pro that would allow 60 fps.  On most games you are stuck with 30 fps and an insane input lag.  I've not been able to cope with AAA games like God of War or Watch Dogs Legion as it was horrible.

Independent games like Alex Kidd remaster, Monster Boy or Rain World did feel very smooth though (60fps!), so it's really an issue with the hardware used to run the games.

Don't expect any PS5 games in streaming from Windows, there are none.

The service allows PlayStation users to play all games from the library (including PS5 games) in streaming up to 2160p@120fps, but not the application users.  This feature is only useful if you want to try a game before installing it, or if your PlayStation storage is full.

# Cloud saving

This is fun here too.  There are game saves in the PlayStation Plus program cloud, but if you also play on a PlayStation, their saves are sent to a different storage than the PlayStation cloud saves.

There is a horrible menu to copy saves from one pool to the other.

This is not an issue if you only use the stream application or the PlayStation, but it gets very hard to figure where is your save if you play on both.

# Conclusion

I have been highly disappointed by the streaming service (outside PlayStation use).  The Windows programs required to sign in twice before working (I tried on 5 devices!), most interesting games run poorly due to a PS4 hardware, there is no way to enable the performance mode that was added to many games to support the PS4 Pro.  This is pretty curious as the streaming from a PlayStation device is a stellar experience, it's super smooth, high quality, no input lag, no waiting, crystal clear picture.

No Android application? Curious...  No support for a genuine PS5 controller, WTF?

The service is still young, I really hope they will work at improving the streaming ecosystem.

At least, it works reliably and pretty well for simpler games.

It could be a fantastic service if the following requirements were met:


</pre>
    ]]>
  </description>
  <guid>gemini://perso.pw/blog//articles/playstation-plus-streaming-review.gmi</guid>
  <link>gemini://perso.pw/blog//articles/playstation-plus-streaming-review.gmi</link>
  <pubDate>Sat, 16 Mar 2024 00:00:00 GMT</pubDate>
</item>
<item>
  <title>Cloud gaming review using Geforce Now</title>
  <description>
    <![CDATA[
<pre># Introduction

I'm finally done with ADSL now as I got access to optical fiber last week!  It was time for me to try cloud gaming again and see how it improved since my last use in 2016.

If you are not familiar with cloud gaming, please do not run away, here is a brief description.  Cloud gaming refers to a service allowing one to play locally a game running on a remote machine (either locally or over the Internet).

There are a few commercial services available, mainly: GeForce Now, PlayStation Plus Premium (other tiers don't have streaming), Xbox game pass Ultimate and Amazon Luna.  Two major services died in the long run: Google Stadia and Shadow (which is back now with a different formula).

A note on Shadow, they are now offering access to an entire computer running Windows, and you do what you want with it, which is a bit different from other "gaming" services listed above.  It's expensive, but not more than renting an AWS system with equivalent specs (I know some people doing that for gaming).

This article is about the service Nvidia GeForce Now (not sponsored, just to be clear).

I tried the free tier, premium tier and ultimate tier (thanks to people supporting me on Patreon, I could afford the price for this review).

=> https://www.nvidia.com/en-us/geforce-now/ Geforce Now official page

=> https://play.geforcenow.com/mall/ Geforce Now page where you play (not easy to figure after a login)

# The service

This is the first service I tried in 2016 when I received an Nvidia Shield HTPC, the experience was quite solid back in the days.  But is it good in 2024?

The answer is clear, yes, it's good, but it has limitations you need to be aware of.  The free tier allows playing for a maximum of 1 hour in a single session, and with a waiting queue that can be fast (< 1 minute) or long (> 15 minutes), but the average waiting time I had was like 9 minutes.  The waiting queue also displays ads now.

The premium tier at 11€$/month removes the queue system by giving you priority over free users, always assigns an RTX card and allows playing up to 6 hours in a single session (you just need to start a new session if you want to continue).

Finally, the ultimate tier costs 22€$/month and allows you to play in 4K@120fps on a RTX 4080, up to 8h.

The tiers are quite good in my opinion, you can try and use the service for free to check if it works for you, then the premium tier is affordable to be used regularly.  The ultimate tier will only be useful to advanced gamers who need 4K, or higher frame rates.

Nvidia just released a new offer early March 2024, a premium daily pass for $3.99 or ultimate daily pass for 8€.  This is useful if you want to evaluate a tier before deciding if you pay for 6 months.  You will understand later why this daily pass can be useful compared to buying a full month.

# Operating system support

I tried the service using a Steam Deck, a Linux computer over Wi-Fi and Ethernet, a Windows computer over Ethernet and in a VM on Qubes OS.  The latency and quality were very different.

If you play in a web browser (Chrome based, Edge, Safari), make sure it supports hardware acceleration video decoding, this is the default for Windows but a huge struggle on Linux, Chrome/Chromium support is recent and can be enabled using `chromium --enable-features=VaapiVideoDecodeLinuxGL --use-gl=angle`.  There is a Linux Electron App, but it does nothing more than bundling the web page in chromium, without acceleration.

On a web browser, the codec used is limited to h264 which does not work great with dark areas, it is less effective than advanced codecs like av1 or hevc (commonly known as h265).  If you web browser can't handle the stream, it will lose packets and then Geforce service will instantly reduce the quality until you do not lose packets, which will make things very ugly until it recover, until it drops again.  Using hardware acceleration solves the problem almost entirely!

Web browser clients are also limited to 60 fps (so ultimate tier is useless), and Windows web browsers can support 1440p but no more.

On Windows and Android you can install a native Geforce Now application, and it has a LOT more features than in-browser.  You can enable Nvidia reflex to remove any input lag, HDR for compatible screens, 4K resolution, 120 fps frame rate etc...  There is also a feature to add color filters for whatever reason...  The native program used AV1 (I only tried with the ultimate tier), games were smooth with stellar quality and not using more bandwidth than in h264 at 60 fps.

I took a screenshot while playing Baldur's Gate 3 on different systems, you can compare the quality:

=> static/geforce_now/windows_steam_120fps_natif.png Playing on Steam native program, game set to maximum quality
=> static/geforce_now/windows_av1_120fps_natif_sansupscale_gamma_OK.png Playing on Geforce Now on Windows native app, game set to maximum quality
=> static/geforce_now/linux_60fps_chrome_acceleration_maxquality_gammaok.png Playing on Geforce Now on Linux with hardware acceleration, game set to maximum quality

In my opinion, the best looking one is surprisingly the Geforce Now on Windows, then the native run on Steam and finally on Linux where it's still acceptable.  You can see a huge difference in terms of quality in the icons in the bottom bar.

# Tier system

When I upgraded from free to premium tier, I paid for 1 month and was instantly able to use the service as a premium user.

Premium gives you priority in the queues, I saw the queue display a few times for a few seconds, so there is virtually no queue, and you can play for 6 hours in a row.

When I upgraded from premium to ultimate tier, I was expecting to pay the price difference between my current subscription and the new one, but it was totally different.  I had to pay for a whole month of ultimate tier, and my current remaining tier was converted as an ultimate tier, but as ultimate costs a bit more than twice premium, a pro rata was applied to the premium time, resulting in something like 12 extra days of ultimate for the premium month.

Ultimate tier allows reaching a 4K resolution and 120 fps refresh rate, allow saving video settings in games, so you don't have to tweak them every time you play, and provide an Nvidia 4080 for every session, so you can always set the graphics settings to maximum.  You can also play up to 8 hours in a row.  Additionaly, you can record gaming sessions or the past n minutes, there is a dedicated panel using Ctrl+G.  It's possible to achieve 240 fps for compatible monitors, but only for 1080p resolution.

Due to the tier upgrade method, the ultimate pass can be interesting, if you had 6 months of premium, you certainly don't want to convert it into 2 months of ultimate + paying 1 month of ultimate just to try.

# Gaming quality

As a gamer, I'm highly sensitive to latency, and local streaming has always felt poor with regard to latency, and I've been very surprised to see I can play an FPS game with a mouse on cloud gaming.  I had a ping of 8-75 ms with the streaming servers, which was really OK.  Games featuring "Nvidia reflex" have no sensitive input lag, this is almost magic.

When using a proper client (native Windows client or a web browser with hardware acceleration), the quality was good, input lag barely noticeable (none in the app), it made me very happy :-)

Using the free tier, I always had a rig good enough to put the graphics quality on High or Ultra, which surprised me for a free service.  On premium and later, I had an Nvidia 2080 minimum which is still relevant nowadays.

The service can handle multiple controllers!  You can use any kind of controller, and even mix Xbox / PlayStation / Nintendo controllers, no specific hardware required here.  This is pretty cool as I can visit my siblings, bring controllers and play together on their computer <3.

Another interesting benefit is that you can switch your gaming session from a device to another by connecting with the other device while already playing, Geforce Now will switch to the new connecting device without interruption.

# Games library

This is where GeForce now is pretty cool, you don't need to buy games to them.  You can import your own libraries like Steam, Ubisoft, Epic store, GOG (only CD Projekt Red games) or Xbox Game Pass games.  Not all games from your libraries will be playable though!  And for some reasons, some games are only available when run from Windows (native app or web browser), like Genshin Impact which won't appear in the games list if connected from non-Windows client?!

If you already own games (don't forget to claim weekly free Epic store games), you can play most of them on GeForce Now, and thanks to cloud saves, you can sync progression between sessions or with a local computer.

There are a bunch of free-to-play games that are good (like Warframe, Genshin Impact, some MMOs), so you could enjoy playing video games without having to buy one (until you get bored?).

# Cost efficiency

If you don't currently own a modern gaming computer, and you subscribe to the premium tier (9.17 $€/month when signing for 6 months), this costs you 110 $€ / year.

Given an equivalent GPU costs at least 400€$ and could cope with games in High quality for 3 years (I'm optimistic), the GPU alone costs more than subscribing to the service. Of course, a local GPU can be used for data processing nowadays, or could be sold second hand, or be used for many years on old games.

If you add the whole computer around the GPU, renewed every 5 or 6 years (we are targeting to play modern games in high quality here!), you can add 1200 $€ / 5 years (or 240 $€ / year).

When using the ultimate tier, you instantly get access to the best GPU available (currently a Geforce 4080, retail value of 1300€$).  Cost wise, this is impossible to beat with owned hardware.

I did some math to figure how much money you can save from electricity saving: the average gaming rig draws approximately 350 Watts when playing, a Geforce now thin client and a monitor would use 100 Watts in the worst case scenario (a laptop alone would be more around 35 Watts).  So, you save 0.25 kWh per hour of gaming, if one plays 100 hours per month (that's 20 days playing 5h, or 3.33 hours / day) they would save 25 kWh.  The official rate in France is 0.25 € / kWh, that would result in a 6.25€ saving in electricity.  The monthly subscription is immediately less expensive when taking this into account.  Obviously, if you are playing less, the savings are less important.

# Bandwidth usage and ecology

Most of the time, the streaming was using between 3 and 4 MB/s for a 1080p@60fps (full-hd resolution, 1920x1080, at 60 frames per second) in automatic quality mode.  Playing at 30 fps or on smaller resolutions will use drastically less bandwidth.  I've been able to play in 1080p@30 on my old ADSL line! (quality was degraded, but good enough).  Playing at 120 fps slightly increased the bandwidth usage by 1 MB/s.

I remember a long tech article about ecology and cloud gaming which concluded cloud gaming is more "eco-friendly" than running locally if you play it less than a dozen hours.  However, it always assumed you had a capable gaming computer locally that was already there, whether you use the cloud gaming or not, which is a huge bias in my opinion.  It also didn't account that one may install a video games multiple times and that a single game now weights 100 GB (which is equivalent to 20h of cloud gaming bandwidth wise!). The biggest cons was the bandwidth requirements and the whole worldwide maintenance to keep high speed lines for everyone.  I do think Cloud gaming is way more effective as it allows pooling gaming devices instead of having everyone with their own hardware.

As a comparison, 4K streaming at Netflix uses 25 Mbps of network (~ 3.1 MB/s).

# Playing on Android

Geforce Now allows you to play any compatible game on Android, is it worth?  I tried it with a Bluetooth controller on my BQ Aquaris X running LineageOS (it's a 7 years old phone, average specs with a 720p screen).

I was able to play in Wi-Fi using the 5 GHz network, it felt perfect except that I had to put the smartphone screen in a comfortable way.  This was drawing the battery at a rate of 0.7% / minute, but this is an old phone, I expect newer hardware to do better.

On 4G, the battery usage was less than Wi-Fi with 0.5% / minute.  The service at 720p@60fps used an average of 1.2 MB/s of data for a gaming session of Monster Hunter world.  At this rate, you can expect a data usage of 4.3 GB / hour of gameplay, which could be a lot or cheap depending on your usage and mobile subscription.

Globally, playing on Android was very good, but only if you have a controller.  There are interesting folding controllers that sandwich the smartphone between two parts, turning it into something looking like a Nintendo Switch, this can be a very interesting device for players.

# Tips

You can use "Ctrl+G" to change settings while in game or also display information about the streaming.

In GeForce Now settings (not in-game), you can choose the servers location if you want to try a different datacenter.  I set to choose the nearest otherwise I could land on a remote one with a bad ping.

GeForce Now even works on OpenBSD or Qubes OS qubes (more on that later on Qubes OS forum!).

=> https://forum.qubes-os.org/t/cloud-gaming-with-geforce-now/24964 Qubes OS forum discussion

# Conclusion

GeForce Now is a pretty neat service, the free tier is good enough for occasional gamers who would play once in a while for a short session, but also provide a cheaper alternative than having to keep a gaming rig up-to-date.  I really like that they allow me to use my own library instead of having to buy games on their own store.

I'm preparing another blog post about local and self hosted cloud gaming, and I have to admit I haven't been able to do better than Geforce Now even on local network...  Engineers at Geforce Now certainly know their stuff!

The experience was solid even on a 10 years old laptop, and enjoyable.  A "cool" feature when playing is the surrounding silence, as no CPU/GPU are crunching for rendering!  My GPU is still capable to handle modern games at an average quality at 60 FPS, I may consider using the premium tier in the future instead of replacing my GPU.
</pre>
    ]]>
  </description>
  <guid>gemini://perso.pw/blog//articles/geforce-now-review.gmi</guid>
  <link>gemini://perso.pw/blog//articles/geforce-now-review.gmi</link>
  <pubDate>Sat, 09 Mar 2024 00:00:00 GMT</pubDate>
</item>
<item>
  <title>Script NAT on Qubes OS</title>
  <description>
    <![CDATA[
<pre># Introduction

As a daily Qubes OS user, I often feel the need to expose a port of a given qube to my local network.  However, the process is quite painful because it requires doing the NAT rules on each layer (usually net-vm => sys-firewall => qube), it's a lost of wasted time.

I wrote a simple script that should be used from dom0 that does all the job: opening the ports on the qube, and for each NetVM, open and redirect the ports.

=> https://git.sr.ht/~solene/qubes-os-nat Qubes OS Nat git repository

# Usage

It's quite simple to use, the hardest part will be to remember how to copy it to dom0 (download it in a qube and use `qvm-run --pass-io` from dom0 to retrieve it).

Make the script executable with `chmod +x nat.sh`, now if you want to redirect the port 443 of a qube, you can run `./nat.sh qube 443 tcp`. That's all.

Be careful, the changes ARE NOT persistent. This is on purpose, if you want to always expose ports of a qube to your network, you should script its netvm accordingly.

# Limitations

The script is not altering the firewall rules handled by `qvm-firewall`, it only opens the ports and redirect them (this happens at a different level).  This can be cumbersome for some users, but I decided to not touch rules that are hard-coded by users in order to not break any expectations.

Running the script should not break anything.  It works for me, but it was only slightly tested though.

# Some useful ports

## Avahi daemon port

The avahi daemon uses the UDP port 5353.  You need this port to discover devices on a network.  This can be particularly useful to find network printers or scanners and use them in a dedicated qube.

# Evolutions

It could be possible to use this script in qubes-rpc, this would allow any qube to ask for a port forwarding.  I was going to write it this way at first, but then I thought it may be a bad idea to allow a qube to run a dom0 script as root that requires reading some untrusted inputs, but your mileage may vary.</pre>
    ]]>
  </description>
  <guid>gemini://perso.pw/blog//articles/qubes-os-nat.gmi</guid>
  <link>gemini://perso.pw/blog//articles/qubes-os-nat.gmi</link>
  <pubDate>Sat, 09 Mar 2024 00:00:00 GMT</pubDate>
</item>
<item>
  <title>Some OpenBSD features that aren't widely known</title>
  <description>
    <![CDATA[
<pre># Introduction

In this blog post, you will learn about some OpenBSD features that can be useful, but not widespread.

They often have a niche usage, but it's important to know they exist to prevent you from reinventing the wheel :)

=> https://www.openbsd.org OpenBSD official project website

# Features

The following list of features are not all OpenBSD specific as some can be found on other BSD systems.  Most of the knowledge will not be useful to Linux users.

## Secure level

The secure level is a sysctl named `kern.securelevel`, it has 4 different values from level -1 to level 2, and it's only possible to increase the level.  By default, the system enters the secure level 1 when in multi-user (the default when booting a regular installation).

It's then possible to escalate to the last secure level (2), which will enable the following extra security:



This feature is mostly useful for dedicated firewall with rules that rarely change.  Preventing the time to change is really useful for remote logging as it allows being sure of "when" things happened, and you can be assured the past logs weren't modified.

The default security level 1 already enable some extra security like "immutable" and "append-only" file flags can't be removed, these overlooked flags (that can be applied with chflags) can lock down files to prevent anyone from modifying them.  The append-only flag is really useful for logs because you can't modify the content, but this doesn't prevent adding new content, history can't be modified this way.

=> https://man.openbsd.org/securelevel OpenBSD manual pages: securelevel
=> https://man.openbsd.org/chflags OpenBSD manual pages: chflags

This feature exists in other BSD systems.

## Memory allocator extra checks

OpenBSD's memory allocator can be tweaked, system-wide or per command, to add extra checks.  This could be either used for security reasons or to look for memory allocation related bugs in a program (this is VERY common...).

There are two methods to apply the changes:



The man page gives a list of flags to use as option, the easiest to use is `S` (for security checks).  It is stated in the man page that a program misbehaving with any flag other than X is buggy, so it's not YOUR fault if you use malloc options and the program is crashing.

=> https://man.openbsd.org/malloc OpenBSD manual pages: malloc (search for MALLOC OPTIONS)

## File flags

You are certainly used to files attributes like permissions or ownership, but on many file systems (including OpenBSD ffs), there are flags as well!

The file flags can be altered with the command `chflags`, there are a couple of flags available:



As explained in the secure level section above, in the secure level 1 (default !), the flags sappnd and schg can't be removed, you would need to boot in single user mode to remove these flags.

Tip: remove the flags on a file with `chflags 0 file [...]`

You can check the flags on files using `ls -ol`, this would look like this:

terra$ chflags uchg get_extra_users.sh

terra$ ls -lo get_extra_users.sh

-rwxr-xr-x 1 solene solene uchg 749 Apr 3 2023 get_extra_users.sh

terra$ chflags 0 get_extra_users.sh

terra$ ls -lo get_extra_users.sh

-rwxr-xr-x 1 solene solene - 749 Apr 3 2023 get_extra_users.sh


=> https://man.openbsd.org/chflags OpenBSD manual pages: chflags

## Crontab extra parameters

OpenBSD crontab format received a few neat additions over the last years.



It's possible to use a combination of flags like `-ns`.  The random time is useful when you have multiple systems, and you don't want them to all run a command at the same time, like in a case they would trigger a huge I/O on a remote server.  This was created to prevent the usual `0 * * * * sleep $(( $RANDOM % 3600 )) && something` that would run a sleep command for a random time up to an hour before running a command.

=> https://man.openbsd.org/crontab.5 OpenBSD manual pages: crontab

## Auto installing media

One cool feature on OpenBSD is the ability to easily create an installation media with pre-configured answers.  This is done by injecting a specific file in the `bsd.rd` install kernel.

There is a simple tool named upobsd that was created by semarie@ to easily modify such bsd.rd file to include the autoinstall file, I forked the project to continue its maintenance.

In addition to automatically installing OpenBSD with users, ssh configuration, sets to install etc...  it's also possible to add a site.tgz archive along with the usual sets archives that includes files you want to add to the system, this can include a script to run at first boot to trigger some automation!

These features are a must-have if you run OpenBSD in production, and you have many of them to manage, enrolling a new device to the fleet should be automated as possible.

=> https://github.com/rapenne-s/upobsd GitHub project page: upobsd
=> https://man.openbsd.org/autoinstall OpenBSD manual pages: autoinstall

## apmd daemon hooks

Apmd is certainly running on most OpenBSD laptop and desktop around, but it has features that aren't related to its command line flags, so you may have missed them.

There are different file names that can contain a script to be run upon some event such as suspend, resume, hibernate etc...

A classic usage is to run `xlock` in one's X session on suspend, so the system will require a password on resume.

=> https://dataswamp.org/~solene/2021-07-30-openbsd-xidle-xlock.html#_Resume_/_Suspend_case Older blog post: xlock from apmd suspend script

The man page explains all, but basically this works like this for running a backup program when you connect your laptop to the power plug:

mkdir -p /etc/apm

vi /etc/apm/powerup


You need to write a regular script:

!/bin/sh

/usr/local/bin/my_backup_script


Then, make it executable

chmod +x /etc/apm/powerup


The daemon apmd will automatically run this script when you connect a system back to AC power.

The method is the same for:



This makes it very easy to schedule tasks on such events.

=> https://man.openbsd.org/apmd#FILES OpenBSD manual page: apmd (section FILES)

## Using hotplugd for hooks on devices events

A bit similar to what apmd by running a script upon events, hotplugd is a service that allow running a script when a device is added / removed.

A typical use is to automatically mount an USB memory stick when plugged in the system, or start cups daemon when powering on your USB printer.

The script receives two parameters that represents the device class and device name, so you can use them in your script to know what was connected.  The example provided in the man page is a good starting point.

The scripts aren't really straightforward to write, you need to make a precise list of hardware you expect and what to run for each, and don't forget to skip unknown hardware.  Don't forget to make the scripts executable, otherwise it won't work.

=> https://man.openbsd.org/hotplugd OpenBSD manual page: hotplugd

## Altroot

Finally, there is a feature that looks pretty cool. In the daily script, if an OpenBSD partition `/altroot/` exists in `/etc/fstab` and the daily script environment has a variable `ROOTBACKUP=1`, the root partition will be duplicated to it.  This permit keeping an extra root partition in sync with the main root partition.  Obviously, it's more useful if the altroot partition is on another drive.  The duplication is done with `dd`.  You can look at the exact code by checking the script `/etc/daily`.

However, it's not clear how to boot from this partition if you didn't install a bootloader or created an EFI partition on the disk...

=> https://man.openbsd.org/hier OpenBSD manual pages: hier (hier stands for file system hierarchy)
=> https://man.openbsd.org/daily OpenBSD manual pages: daily
=> https://www.openbsd.org/faq/faq14.html#altroot OpenBSD FAQ: Root partition backup

## talk: local chat in the terminal

OpenBSD comes with a program named "talk", this creates a 1 to 1 chat with another user, either on the local system or a remote one (setup is more complicated).  This is not asynchronous, the two users must be logged in the system to use `talk`.

This program isn't OpenBSD specific and can be used on Linux as well, but it's so fun, effective and easy to setup I wanted to write about it.

The setup is easy:

echo "ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd" >> /etc/inetd.conf

rcctl enable inetd

rcctl start inetd


The communication happens on localhost on UDP ports 517 and 518, don't open them to the Internet!  If you want to allow a remote system, use a VPN to encrypt the traffic and allow ports 517/518 only for the VPN.

The usage is simple, if you want alice and bob to talk to each other:



This is a bit archaic, but it works fine and comes with the base system.  It does the job when you just want to speak to someone.

# Conclusion

There are interesting features on OpenBSD that I wanted to highlight a bit, maybe you will find them useful.  If you know cool features that could be added to this list, please reach me!
</pre>
    ]]>
  </description>
  <guid>gemini://perso.pw/blog//articles/rarely-known-openbsd-features.gmi</guid>
  <link>gemini://perso.pw/blog//articles/rarely-known-openbsd-features.gmi</link>
  <pubDate>Sat, 24 Feb 2024 00:00:00 GMT</pubDate>
</item>
<item>
  <title>Mounting video ram on Linux</title>
  <description>
    <![CDATA[
<pre># Introduction

Hi, did you ever wonder if you could use your GPU memory as a mount point, like one does with tmpfs and RAM?

Well, there is a project named vramfs that allows you to do exactly this on FUSE compatible operating system.

In this test, I used an NVIDIA GTX 1060 6GB in an external GPU case connected with a thunderbolt cable to a Lenovo T470 laptop running Gentoo.

=> https://github.com/Overv/vramfs vramfs official GitHub project page

# Setup

Install the dependencies, you need a C++ compiler and OpenCL headers for C++ (the package name usually contains "clhpp").

Download the sources, either with git or using an archive.

Run `make` and you should obtain a binary in `bin/vramfs`.

# Usage

It's pretty straightforward to use, as root, run `vramfs /mountpoint 3G` to mount a 3 GB storage on `/mountpoint`.

The program will stay in foreground, use Ctrl+C to unmount and stop the mount point.

# Speed test

I've been doing a simple speed test using `dd` to measure the write speed compare to a tmpfs.

The vramfs mount point was able to achieve 971 MB/s, it was CPU bound by the FUSE program because FUSE isn't very efficient compared to a kernel module handling a file system.

t470 /mnt/vram # env LC_ALL=C dd if=/dev/zero of=here.disk bs=64k count=30000

30000+0 records in

30000+0 records out

1966080000 bytes (2.0 GB, 1.8 GiB) copied, 2.02388 s, 971 MB/s


Meanwhile, the good old tmpfs reached 3.2 GB/s without using much CPU, this is a clear winner.

t470 /mnt/tmpfs # env LC_ALL=C dd if=/dev/zero of=here.disk bs=64k count=30000

30000+0 records in

30000+0 records out

1966080000 bytes (2.0 GB, 1.8 GiB) copied, 0.611312 s, 3.2 GB/s


# Limitations

I tried to use the vram mount point as a temporary directory for portage (the Gentoo tool building packages), but it didn't work due to an error.  After this error, I had to umount and recreate the mount point otherwise I was left with an irremovable directory.  There are bugs in vramfs, no doubts here :-)

Arch Linux wiki has a guide explaining how to use vramfs to store a swap file, but it seems to be risky for the system stability.

=> https://wiki.archlinux.org/title/Swap_on_video_RAM#FUSE_filesystem ArchWiki: Swap on video

# Conclusion

It's pretty cool to know that on Linux you can do almost what you want, even store data in your GPU memory.

However, I'm still trying to figure a real use case for vramfs except that it's pretty cool and impressive.  If you figure a useful situation, please let me know.
</pre>
    ]]>
  </description>
  <guid>gemini://perso.pw/blog//articles/mount-vram-on-linux.gmi</guid>
  <link>gemini://perso.pw/blog//articles/mount-vram-on-linux.gmi</link>
  <pubDate>Mon, 12 Feb 2024 00:00:00 GMT</pubDate>
</item>
<item>
  <title>Hosting Shaarli on OpenBSD</title>
  <description>
    <![CDATA[
<pre># Introduction

This guide explains how to install the PHP web service Shaarli on OpenBSD.

Shaarli is a bookmarking service and RSS feed reader, you can easily add new links and associate a text / tag and share it with other or keep each entry private if you prefer.

=> https://github.com/shaarli/Shaarli Shaarli GitHub Project page

# Setup

The software is pretty easy to install using base system httpd and PHP (included latest version available as of time of writing).

## Deploy Shaarli

Download the latest version of Shaarli available on their GitHub project.

=> https://github.com/shaarli/Shaarli/releases Shaarli releases on GitHub

Extract the archive and move the directory `Shaarli` in `/var/www/`.

Change the owner of the following directories to the user `www`.  It's required for Shaarli to work properly.  For security’s sake, don't chown all the files to Shaarli, it's safer when a program can't modify itself.

chown www /var/www/Shaarli/{cache,data,pagecache,tmp}


## Install the packages

We need a few packages to make it work, I'm using php 8.3 in the example, but you can replace with the current version you want:

pkg_add php--%8.3 php-curl--%8.3 php-gd--%8.3 php-intl--%8.3


By default, on OpenBSD the PHP modules aren't enabled, you can do it with:

for i in gd curl intl opcache; do ln -s "/etc/php-8.3.sample/${i}.ini" /etc/php-8.3/ ; done


Now, enable and start PHP service:

rcctl enable php83_fpm

rcctl start php83_fpm


If you want Shaarli to be able to do outgoing connections to fetch remote content, you need to make some changes in the chroot directory to make it work, everything is explained in the file `/usr/local/share/doc/pkg-readmes/php-INSTALLED.VERSION`.

## Configure httpd

This guide won't cover the setup for TLS as it's always the same procedure, and it may depend on how you prefer to generate the TLS certificates.

Create the file `/etc/httpd.conf` and add the following content, make sure to replace all the caps text with real values:

server "YOUR_HOSTNAME_HERE" {

listen on * port 80

# don't rewrite for assets (fonts, images)

location "/tpl/*" {

root "/Shaarli/"

}

location "/doc/*" {

root "/Shaarli/"

}

location "/cache/*" {

root "/Shaarli/"

}

location "*.php" {

fastcgi socket "/run/php-fpm.sock"

root "/Shaarli"

}

location "*index.php*" {

root "/Shaarli"

fastcgi socket "/run/php-fpm.sock"

}

location match "/(.*)" {

request rewrite "/index.php%1"

}

location "/*" {

root "/Shaarli"

}

}


Enable and start httpd

rcctl enable httpd

rcctl start httpd


## Configure your firewall

If you configured PF to block by default, you have to open the ports 80 and also 443 if you enable HTTPS.

# Installing Shaarli

Now you should have a working Shaarli upon opening `http://YOUR_HOSTNAME_HERE/index.php/`, all lights should be green, and you are now able to configure the instance as you wish.

# Conclusion

Shaarli is a really handy piece of software, especially for active RSS readers who may have a huge stream of news to read.  What's cool is the share service, and you may allow some people to subscribe to your own feed.
</pre>
    ]]>
  </description>
  <guid>gemini://perso.pw/blog//articles/shaarli-openbsd.gmi</guid>
  <link>gemini://perso.pw/blog//articles/shaarli-openbsd.gmi</link>
  <pubDate>Tue, 23 Jan 2024 00:00:00 GMT</pubDate>
</item>
<item>
  <title>This blog is AI free</title>
  <description>
    <![CDATA[
<pre># Introduction

Hi!  This is a short informative blog post about Artificial Intelligence.

I just got approached by a company who wants to help me to add some generative AI in my blog workflow to "boost the quality" of my content.

I like generative AI and I think it's an interesting tool, but I have just no interest using it for my blog.

# This blog content is made by a human

We need some kind of label "not AI powered" :D I'll add something like that on my template

There is one exception as I wrote one blog post about machine learning, and obviously the pictures in it were generated/colored by a program to demonstrate the tools.

# Why no AI?

I have no incentive adding an AI in the process of writing, I do mistakes, I may make poor sentences and I have my own style for the best of the worst.  I think throwing an AI into this would just make the result bland.

For a pretty similar reason, I keep my custom website generator and template instead of using a program like Hugo with an awesome template because I need to have this "authentic" feeling for my blog.

This blog is my own space, it represents who I am.</pre>
    ]]>
  </description>
  <guid>gemini://perso.pw/blog//articles/no-ai.gmi</guid>
  <link>gemini://perso.pw/blog//articles/no-ai.gmi</link>
  <pubDate>Thu, 18 Jan 2024 00:00:00 GMT</pubDate>
</item>
<item>
  <title>Overcoming imposter syndrome in IT</title>
  <description>
    <![CDATA[
<pre># Introduction

You certainly know about the Imposter Syndrome (I'll refer to it as IS), unfortunately it's a very common problem in IT.

=> https://en.wikipedia.org/wiki/Impostor_syndrome Wikipedia: Imposter Syndrome

=> static/impostersyndrome.png Imposter Syndrome explained in picture

The picture above was downloaded from https://mrscliffnotes.com/2021/03/02/on-the-imposter-syndrome/

As I finally (almost) got rid of my own Imposter Syndrome, I wanted to share my experience and tips that helped me overcome it.

# Keeping track of your work and knowledge

It's hard to stay confident in your own skills when you feel you accomplished nothing in your life or career.  I would recommend everyone to always keep a very detailed CV/Résumé up-to-date, with all the projects you worked on.  When you feel in doubt about your own skills, just check this list, and you will certainly be surprised about what you achieve in the past.

If you are a developer, looking at your projects histories in git/mg/svn/whatever is also a nice way to review your own past work.  There are dedicated git tools to write such nice reports, even across multiple repositories.

When I look back at my blog index, I realize how many things I learned.  I forgot about most of the previous content and topics I wrote about!  This is my own list, it's really helpful to me.

# Meet other professionals

It seems IS exists because it's hard to differentiate "low value general knowledge" and what we know and should know as a technician, knowledge that makes us a professional in our job.  In IT it's really hard to evaluate a work/product/service, compared to let's say, a sculpted piece of wood.  I'm not saying sculpting wood is easy, but at least it doesn't require an audit by a dedicated team to know if it was nicely done in the state of the art.

My confidence got better when I started spending time with the new colleagues when joining a new company.  Being able to know how the other worked helped me to evaluate my own work, it was also the opportunity to ask them to review my work and methods.  Honest feedback from a competent person is invaluable.

By spending more time with my colleagues, I was finally able to establish some kind of reference to auto-evaluate my work more accurately.

Moving to a new job is also the opportunity to meet real slackers with poor skills, and in most cases you will notice they don't even care.  After all, if they got a job and their boss is happy, your work will just be better, so there is no reason to not stay confident in yourself.

# Stay confident

This seems boring and obvious, but you need to stay confident in yourself to start building some confidence.  If you succeeded in a project in the past, there is no reason for you to fail in another project later.

Being able to overcome failures is an important part of the process.  It's common for anyone to fail at something, but instead of lamenting about it, see it as the opportunity to improve yourself for the next time.  There is a lot more to learn from failures than from successes.

# Tip of the Iceberg

When you see someone's work/article/video, you may be impressed by it and feel bad that you would never be able to achieve something similar because it's "too hard".  But did you ever think that you only saw the tip of the iceberg, and that you dismissed all the hard work and researches done in order to succeed?

For instance, maybe that person spent hundreds of hours making a two minutes video: the result looks incredible to you, and it's only two minutes, so you immediately think "I would never be able to do this myself", but what if you had hundreds hours and the skills to do it?  Could you?

# Do they know?

If you ever feel bad listening to someone's story that makes you feel incompetent and useless, you could think: "do they know how to do [this], and [this]?". ([this] being someone you know)

> Yes, they are a programming compiler expert, but do they know like me how to cook?  Do they know how to change a car wheel?  Do they know how to grow vegetables?

# Conclusion

I'm not a psychologist, a personal coach or an imposter syndrome specialist.  But I've been able to work around it, and I'm now gradually getting rid of it for good.  It's really refreshing!

It's important to not feel over-confident in the process, there is a balance to keep, but don't think about it too early ;)

Have fun, you are awesome in your own way, like everyone else!
</pre>
    ]]>
  </description>
  <guid>gemini://perso.pw/blog//articles/dealing-with-imposter-syndrome.gmi</guid>
  <link>gemini://perso.pw/blog//articles/dealing-with-imposter-syndrome.gmi</link>
  <pubDate>Sun, 14 Jan 2024 00:00:00 GMT</pubDate>
</item>
<item>
  <title>2024 plans and 2023 retrospective</title>
  <description>
    <![CDATA[
<pre># Hello!

It happens that I occasionally write a blog post to give some news about my own projects and life(style), this is such a blog post!

# 2023's projects

2023 was a special year for me, I've been terribly sick early January, and this motivated me to change a lot of things in my life.  I stuck to this idea the whole year and I still continue to lurk for changing things in my life.

## Work

I left the company I was working for, and started to work as a freelance DevSecOps/DevOps. The word "Sysadmin" would be the best job title for me, but people like buzzwords and nobody talk about system administrators anymore.

Since the end of the year, I also work as a technical writer for a VPN provider (that I consider ethical), and it makes me think that in the future, I may have a career shift to being a technical writer "only".

## The blog

Since 2023, I have a page on Patreon allowing my readers to support me financially, in exchange for a few days of early access for most blog posts.  This is an advantage to reward my supporters without being a loss for all other readers.  Patreon helps me a lot as it allows me to plan on a monthly income and spend more time on my blog or contributing to open source projects. I also added other payments option as some wanted to support me using more free (as in freedom) methods like liberapay, BTC or XMR.

The blog also received a few technical changes, mostly in the HTML rendering like captions on pictures or headers numbering.  I'm quite pleased with the result right now, and the use of GemText (from Gemini) markup was a right choice a few years ago as it gives a simple structure enforcing clarity (of course it's bad if you need a complex layout).

The content finally got a proper license: CC-BY-4.0, I'm an open source person, but my own content was under no license, what a shame for all this time...

## Open Source

Last year, I started using Qubes OS as it's the best operating system for my needs (a blog post will cover this "soon") and I got involved into the community and in testing the 4.2 release that got out a few weeks ago by now.

I'm still contributing to OpenBSD, but not as much as I want, simply because of lack of hardware (and a bit of time), but this is now solved after my deal with NovaCustom.  I still maintain the packages updates build cluster.

In 2023, I entirely dropped NixOS, but I preferred to not write a blog post about it to avoid a flame war, but maybe I'll write one.  In a few words, I didn't like the governance issues of the project, it seems company driven to me and from my point of view it's harmful for the open source project.  The technology is awesome, but the "core team" struggles to get somewhere.  I'll investigate more Guix as I always enjoyed this project, and they proved they are a reliable and solid project able to maintain their pace over time.

## The OpenBSD Webzine

It's my favorite pet project, even though it's a lot of work to publish a single issue.

Working with Prahou for the special Halloween issue was really fun as instead of writing the content, I had to give some direction to keep the issue on rails for being a Webzine issue, while being able to enjoy it like any other reader as I didn't make the content itself.

# 2024's project

## Lifestyle

For no reasons, I decided to experiment vegetarian diet up to end of February (I still eat eggs, milk, butter, cheese or rarely fish).  I'm bad at cooking, I don't enjoy it much but mostly because I have no idea what to cook.  This forces me to learn about new food and recipes I was not aware of.  Buying a recipes book is definitely a must for this :-).  I never really enjoyed meat, and it's possible that I may keep the vegetarian diet for a longer time.

## Open source

This is the year of the comeback on OpenBSD, I really enjoy contributing to it, helping the community and reviewing some ports I care of.

I'll also continue contributing to Qubes OS, this niche operating system deserves some more contributors.

## The blog

I'll try to stick to a weekly blog post schedule.  Of course, I also need to work in parallel, and sometimes I'm just out of ideas :-)

## Work

Let's see what 2024 will bring for me!

# Best wishes!

I'd like to thank all my readers.  I regularly receive emails about your enjoyments, or typos reports, or suggestions to improve the content, this really drives me continuing writing.
</pre>
    ]]>
  </description>
  <guid>gemini://perso.pw/blog//articles/plans-for-2024.gmi</guid>
  <link>gemini://perso.pw/blog//articles/plans-for-2024.gmi</link>
  <pubDate>Tue, 09 Jan 2024 00:00:00 GMT</pubDate>
</item>
<item>
  <title>NovaCustom NV41 laptop review</title>
  <description>
    <![CDATA[
<pre># Disclaimer

Hello!  Today, I present you a quite special blog post, resulting from a partnership with the PC Manufacturer NovaCustom.  I offered them to write an honest review for their product and also share my feedback as a user, in exchange for a NV41 laptop.  This is an exceptional situation, I insist that it's not a sponsorship, I actually needed a laptop for my freelance work, and it turns they agreed.  In our agreements, I added that I would return the laptop in the case I wouldn't like it, I don't want to generate electronic wastes and company's money for nothing.

I have no plans to turn my blog into an advertisement platform and do this on a regular basis.  Stars aligned well here, NovaCustom is making the only modern laptop Qubes OS certified, and the CEO is a very open source friendly person.

# Introduction

The real introduction now :-)

In this blog post, I'll share my experience using a NV41 laptop from NovaCustom, I tried many operating systems on it for a while, run some benchmarks, and ultimately used Qubes OS on it for a month and half for my freelance work.

=> https://novacustom.com/ NovaCustom official website
=> https://novacustom.com/product/nv41-series/ NV41 Laptop store webpage

# The machine itself

=> static/review/laptop-stand.jpg The laptop on a stand, running Ubuntu 23.10

This is a 14-inch laptop, the best form factor in my opinion for being comfortable when used for a long time while being easy to carry.

It looks great with its metal look with blueish reflection and the engraved logo "NV" on the cover (logo can be customized).

The frame feels solid and high-end, I'm not afraid to carry it or manipulate it.  Compared to my ThinkPad T470, that's a change, I always fear to press its plastic frame too much when carrying with a single hand.

The power button is on the right side, this is quite unusual, but it looks great, there are LED around the power plug near the power button that tells the state of the system (running, off, sleeping) and if the battery is running low or charging.

It's running the open-source Firmware Dasharo coreboot, and optionally the security oriented firmware Heads can be installed.

=> https://dasharo.com/ Dasharo coreboot official website
=> https://osresearch.net/ Heads open source firmware official website

## Packaging and unboxing

The machine came in a box containing a box containing the actual box with the laptop inside, it was greatly packaged.

=> static/review/laptop-package.jpg Laptop still wrapped in the protections, all the boxes are in the background

The laptop screen had a removable sleeve that can be reused, I appreciated this as it's smart because it's possible to put it back in case you don't use the laptop for a long time or want to sell it later.

The box contained the laptop, the power supply and the power plug, the full length of the power supply is 2 meters which is great, I hate laptops chargers that only have 1 meter of cable.

=> static/review/laptop-unbox.jpg The laptop, power supply, power plug and other (manual, screen cleaner…)

## Hardware

The specifications of the hardware I received are the following:



The default wireless card is an Intel AX-200/201 compatible with Wi-Fi 6 and Bluetooth 5.2, but I received the blob-free card which was convenient for most operating systems as it doesn't need a firmware (works out of the box on Guix for instance).

There are options to remove the webcam or add a slider to it, a screen privacy filter or secure screws+tape for the packaging to be sure the laptop hasn't been intercepted during transit.

You can also choose the keyboard layout from a large list, or even have your own layout.

Kudos to NovaCustom for guaranteeing the sell of replacement parts for at least 7 years after you buy them a laptop!  They also provide a PDF will full details about the internals.

### Hybrid CPU

This is my very first Hybrid CPU, it has 4 Performance cores capable of hyperthreading, and 8 Efficient cores that should draw less power at the expense of being slower.

I made a benchmark, only on Qubes OS, to compare the different cores to a Ryzen 5 5600X and my T470 i5-7300U.

=> https://openbenchmarking.org/result/2311253-NE-2311251NE63&hni=1&hlc=1&ppt=D Phoronix benchmark link
=> https://forum.qubes-os.org/t/hybrid-cpu-benchmarking-performance-when-pinning-to-specific-cores/22251 Qubes OS forum: Hybrid CPU benchmarking performance when pinning to specific cores

If your operating system doesn't know (Linux does) how to make use of E/P cores (like OpenBSD or FreeBSD), it will use them like if they were similar, so no worry here.  However, the performance and battery saving aren't optimized because the system won't balance the load at the right place.

TL;DR: the P cores compete with my desktop Ryzen 5 5600X! And the E cores are faster than the i5-7300U!  Linux and Xen (in Qubes OS) does a great job at balancing the workload at the right place, so you don't have to worry about pinning a specific task to a P or E core pool.

### Coil whine noise

I think this deserves an entry because it's a plague on many modern computers.  If you don't know about it, it's an electric noise that happens under certain conditions.  On my T470, it's when charging the battery.

I've been able to get some coil whine noise, only if I forced the CPU frequency to the maximum in the operating system, instead of letting the computer scaling the frequency.  This resulted in no performance improvement and some coil whine noise.

In my daily "normal" use with Linux or Qubes OS, I never heard a coil whine.  But on OpenBSD for which the frequency management is still not good with these modern CPUs (intel p-state support isn't great) there is a constant noise.  However, using obsdfreqd reduced the noise to almost nothing, but still appeared a bit on CPU load.

There is a specific topic where coil whine on this laptop was discussed, a fix was provided by NovaCustom using heat pads (sent for free for their customers) placed at a specific place.  I don't think this should be required except if your operating system has a poor support for frequency scaling.

=> https://forum.qubes-os.org/t/otherss-who-bought-a-nv41-and-have-noise-issues/20436 Qubes OS forum: NV41 coil whine topic

### Screen

The screen coloring is excellent, which is expected as it covers 98% of sRGB palette, it's really bright, and I rarely turn the brightness more than 50%. I didn't try to use it outdoor, but the brightness at full level should allow reading the screen.

However, it has a noticeable ghosting which make it annoying for playing video games (that's not really the purpose of this model though), or if you are really sensitive to it.  I'm used to a 144 Hz display on my desktop and I became really sensitive to refresh rate.  However, I have to admit the ghosting isn't really annoying for productivity work, development or browsing the web.  Watching a video is fine too.

One slightly annoying limitation is that it's not possible to open the screen more than a 140° angle, this sounds reasonable, but I got used to my T470 screen able to open at ~180°.  This is not a real issue, but if you have a weird setup in which you store your laptop vertically against your desktop AND with the screen opened, you won't be able to use the screen.

### Sound system

I've been surprised by the speakers, the audio quality is good up to ~80% of the max volume, but then the quality drops when you set it too high.

I have no way to measure it, but the speakers appear to be quite loud compared to my other laptops when set to 100%, I don't recommend doing it though due to quality drop, but it can be handy sometimes.

The headphones port works fine, there are no noises, and it's able to drive my DT 770 Pro 80 ohm.

I’ve been able to figure an equalizer setting improving the audio to be pretty good (that's subjective). I’m absolutely not an audio expert, but it sounded a lot better for pop, rock, metal or piano.



The idea is to lower the trebles instead of pushing the bass which quickly saturate.  Depending on what you listen to and your tastes, you could try +1 or +2 db for the four first settings, but it may produce saturated sounds.

### Cooling

I think the cooling system is one of the best part of the laptop, it's always running at 10% of its speed and is inaudible.

=> static/review/laptop-under.jpg Laptop view from below

Under a huge load, the fan can be heard, but it's still less loud than my idling silent desktop...

There is a special key combination (Fn+1) that triggers the turbo fan mode, forcing them to run at 100%, it is recommended if the laptop is used to run at full CPU 24/7 or for a very long period of time, however, this is as loud as a 1U rack server! For a more comprehensive comparison, let's say it is as annoying as a microwave device.

I was surprised that the laptop never burned my knees, although under heavy load for 30 minutes it felt a bit too hot to keep it on my bare skin without fabric between, that's a genuine lap-top laptop, compatible with short skirts :D.

### Keyboard

The keyboard isn't bad, but not good either.  Typing on it is pleasant, but it's no match against my mechanical keyboards.  The touch is harder than on my Lenovo T470 laptop, I think it feels like most modern laptop keyboards.

Check the layout for the keys like "home", "end", "page up/down", on mine they are tiny keys near the arrows, this may not be to your taste.

The type is quite silent, and there are 5 levels of back-light, I don't really like this feature, so I turned it off, but it's there if you like it.

There are NO indicators for the status of caps lock or num lock (neither for scroll lock, but do people really use it?), this can be annoying for some users.

### Touchpad

The touchpad may be a no-go for many, there are no extra physical buttons but you can physically click on the bottom area to make/hold a click.  It also features no trackpoint (the little joystick in the middle of the keyboard).

However, it has a large surface and can make use of multitouch clicks.  While I was annoyed at first because I was used to ThinkPad's extra physical buttons, over time I got used to multitouch click (click is different depending on the number of fingers used), or the "split-area" click, where a click in a bottom left does a left click, in the middle it does a middle click, and in the bottom right it does a right click.

It reacts well to movements and clicks and does the job, it's not the greatest touchpad I ever used, but it's good enough.

Unfortunately, it's not possible for NovaCustom to propose a variant touchpad featuring extra physical buttons.

### Suspend and Resume

The suspend/resume feature works as expected on Linux and Qubes OS.

Closing the lid correctly triggers the suspend function, opening it resumes the system.

### Webcam

Nothing special to say about it, it's like most laptop webcams, it has a narrow angle and the image quality is good enough to show your face during VoIP meetings.

### Battery life (short version)

I tested the battery using different operating systems (OpenBSD, Qubes OS, Fedora, Ubuntu) and different methods, there are more details later in the text, but long story short, you can expect the following:



### I/O ports

On the I/O, the laptop is well-equipped.  I appreciated seeing an Ethernet port on a modern laptop.

On the left side:



=> static/review/laptop-left.jpg Left side of the laptop

On the right side:



=> static/review/laptop-right.jpg Right side of the laptop

The rear of the laptop is fully used for the cooling system, and there are nothing on the front (Hopefully! I hate connecting headphones on the front side).

=> static/review/laptop-rear.jpg Back of the laptop
=> static/review/laptop-front.jpg Front of the laptop

## Dasharo coreboot firmware

The laptop ships by Dasharo coreboot firmware (that's the correct name for nowadays devices when we speak of the BIOS), it's an open-source firmware that allows to manage your own secure boot keys, disable some Intel features like "ME"

I guess their website will be a better place to understand what it's doing compared to a proprietary firmware.

=> https://www.dasharo.com/ Dasharo official website

## NovaCustom

NovaCustom is building laptops based on Clevo (a manufacturer doing high-end laptop frames, but they rarely sell directly) while ensuring compatibility with Linux systems, especially Qubes OS for this specific model as it's certified (it guarantees the laptop and all its features will work correctly).

They contribute to dasharo development for their own laptops.

They ship their product worldwide, and as I heard from some users, the custom support is quite reactive.

=> https://novacustom.com/ NovaCustom official website

# Operating system support

Now I shared about the hardware part, let's see how it behaves with many operating systems!

## Linux distributions

I guess most users will use a Linux system on this laptop, so let's start by testing some popular distributions:

### Fedora

=> https://fedoraproject.org/ Fedora project official website

=> static/review/fedora-fs8.png Screenshot of Fedora 39 running GNOME

Fedora Linux support (tested with Fedora 39) was excellent, GNOME worked fine.  The Wi-Fi network worked immediately even during the installer, Bluetooth was working as well with my few devices.  Changing the screen brightness from the GNOME panel was working.  However, after a Dasharo update, the keyboard slider in GNOME stopped working, it's a known bug that also affects System76 laptops if I've read correctly, this may be an issue with the Linux driver itself.

The touchpad was working on multitouch out of the box, suspending and resuming the laptop never produced any issue.

Enabling Secure Boot worked out of the box with Fedora, which is quite enjoyable.

### Ubuntu

=> https://ubuntu.com/ Ubuntu company official website

Ubuntu 23.10 support was excellent as well, it's absolutely identical to the Fedora report above.

Note: if you use VLC from the Snap store, it won't have hardware decoded acceleration and will use a lot of CPU (and draw battery, and waste watts for nothing), I guess it's an Ubuntu issue here.  VLC from Flatpak worked fine, as always.

### Alpine Linux

=> https://www.alpinelinux.org/ Alpine Linux project official website

Alpine Linux support (tested with Alpine 3.18.4) was excellent, I installed GNOME and everything worked out of the box.  The Atheros card worked without firmware (this is expected for a blob free device), CPU scheduling was correctly handled for Efficient/Performance cores as the provided kernel is quite recent.

The touchpad default behavior was to click left/right/middle depending on the number of fingers used to click, suspend and resume worked fine, playing video games was also easy thanks to flatpak and Steam.

It's possible to enable Secure Boot by generating your own keys.

=> https://wiki.alpinelinux.org/wiki/UEFI_Secure_Boot Alpine Linux wiki: UEFI Secure Boot

### Guix

=> https://guix.gnu.org/ Guix project official website

=> static/review/guix-fs8.png Screenshot of Guix running GNOME

Guix support is mixed.  I've been able to install it with no issue, thanks to the blob-free atheros network interface, it worked without having to use guix-nonfree repository (that contains firmware).

However, I was surprised to notice that the graphical acceleration wasn't working, it seems that Intel Xe GPU aren't blob free.  This only mean you can't plan video games or that any kind of GPU related encoding/decoding won't work, but this didn't prevent GNOME to work fine.

Suspend and resume was OK, and the touchpad worked out-of-the-box in multi-tap mode.

Secure Boot didn't work, and I have no idea how a Secure Boot setup with your own keys would look like on Guix, but it's certainly achievable with enough Grub-foo.

### Trisquel

=> https://trisquel.info Trisquel GNU/Linux official project website

Trisquel is a 100% libre GNU/Linux distribution, this mean it doesn't provide proprietary software or drivers, and no device firmware.

I've been able to install Trisquel and use it, the Wi-Fi was working out of the box because of the blob-free Atheros card.

The main components of the system: CPU / Memory / Storage were correctly detected, the default kernel isn't too old, and it was able to make use of the Efficient/Performance core of the CPU.

When not using the laptop, I was able to suspend it to reduce the battery usage, and then resume instantly the session when I needed, this worked flawlessly.

The touchpad was working great using the "3 zones" mode in which you tap on the touchpad in the left/center/right bottom of it to make a left/middle/right click, this is actually as convenient as using 1, 2 or 3 fingers depending on the click you want to make, this is something that could be configured though.

Sound was working out of the box, the audio jack is also working fine when plugging in headphones.

There is one issue with the webcam, when trying to use it, X crashes instantly. This may be an issue in Trisquel software stack because it works fine on other OS.

A major issue right now is the lack of graphical hardware acceleration, I'm not sure if it's due to the i7-1260P integrated GPU needing a proprietary firmware or if the linux-libre kernel didn't catch up with this GPU yet.

## Qubes OS

=> https://www.qubes-os.org Qubes OS project official website

=> static/review/qubes-os.png Qubes OS 4.2 desktop screenshot

Qubes OS support (tested with 4.1, 4.2-RC2 to RC5 and 4.2) is excellent, this is exactly what I expected for a Qubes OS certified laptop (the only modern and powerful certified laptop as of January 2024!).

=> https://www.qubes-os.org/doc/certified-hardware/#hardware-certification-requirements Qubes OS documentation: Hardware certification requirements

Qubes OS is my main OS as I use it for writing this blog, for work (freelancer with different clients) and general use except gaming, so I needed a reliable system that would be fast, with a pretty good battery life.

So far, I never experienced issues except one related to the Atheros Wi-Fi card (this is not the stock Wi-Fi device): 1 time out of 10 when I suspend and resume, the card is missing, and I need to restart the qube sys-net to have it again.  I didn't try with the latest Dasharo update though, it may be solved.

Watching 1080p videos x265 10 bits encoded is smooth and only draw ~40% of a CPU, without any kind of GPU accelerated decoding.

The battery life when using the system to write emails, browse the Internet and look at some videos was of 3 hours, if I only do stuff in LibreOffice offline it lasts 5h30.

I'm able to have smooth videoconferences with the integrated webcam and a USB headset, this kind of task may be the most CPU consuming popular job that Qubes OS need, and it worked well.

The 64 GB are very appreciated, I "only" have 32 GB on my desktop computer, but sometimes it lacks memory...  64 GB allows to not ever think about memory anymore.

The touchpad is working fine, by default on the split-area behavior (left/middle/right click depending on the touchpad area you click on).

There is a single USB controller that drives the webcam and card reader + the USB ports, including a USB-c docked that would be connected on either the thunderbolt or USB-c ports.  The thunderbolt device is on a separate controller, but if you attach it to a qube (that is not sys-usb), you lose all USB connectivity from a dock connected to it (there is still the other plain USB-c port).  The qube sys-usb isn't even required to run if you don't use any USB devices (this saves many headaches and annoying times).

Connecting a usb-c dock on the thunderbolt port allows to have USB passthrough with sys-usb, an additional ethernet port and external screen working with sound, it's also capable of charging the computer.  Whereas the simple usb-c port can only carry USB devices or the integrated ethernet port of my dock, it should be able to support a screen but I guess it's not working on Qubes OS.  I didn't try adding more than one screen on either ports, I guess it should work on the thunderbolt port.

## BSD systems

I tried OpenBSD and FreeBSD with the laptop.  I always have bad luck with NetBSD, so I preferred to not try it, and DragonFly BSD support should be pretty close to FreeBSD for which it didn't work well.

### OpenBSD

=> https://www.openbsd.org OpenBSD project official website

=> static/review/openbsd-fs8.png Screenshot of the OpenBSD 7.4 desktop using GNOME

I tried OpenBSD 7.4 and -current, everything went really well except the Atheros WiFi card that isn't supported, but this was to be expected.  If you want the NV41 with OpenBSD, you need to take the Intel AX-200/201 which is supported by the iwx driver.

=> https://man.openbsd.org/iwx OpenBSD manual page: iwx(4)

Suspend and resume works fine, the touchpad is using the "3 zones" behavior by default where you need to tap left/center/right bottom to make a left/middle/right click.  The webcam and sound card were working fine too.

The GPU is fully supported, you can use it for 3D rendering: I've been able to play a PSP game using PPSSPP emulator.  OpenBSD doesn't support hardware accelerated video encoding/decoding at all, so I didn't test it.

=> static/review/ppsspp-fs8.png WipeOut Pulse emulated in the PSP emulator PPSSPP

### FreeBSD

=> https://www.freebsd.org FreeBSD project official website

I installed FreeBSD 14.0 RC4 with ZFS on root and full disk encryption, the process went fine, I had Wi-Fi at the installer step (thanks to the blob free Atheros card).

However, once I booted into the system, I didn't succeed to get X to run, the GPU isn't supported yet and using VESA display didn't work for me.  Suspend and resume didn't work either.

I gave another try with GhostBSD 23.10.1 in hope I did something wrong on FreeBSD 14 RC4 like a misconfiguration as I never had any good experience with FreeBSD on desktop with regard to the setup.  But GhostBSD failed to start X and was continuously displaying its logo on screen, only booting in safe mode allowed me to figure what was wrong.

I was really surprised that the hardware is still "too new" for FreeBSD while OpenBSD support is almost excellent.

## Other

Some less known operating systems were tested as well.

### Haiku

=> https://www.haiku-os.org/ Haiku project official website

=> static/review/haiku.jpg Photography of the laptop running Haiku (live USB)

I booted Haiku revision 57370 live USB, I was actually surprised to have the desktop displayed, and the network interfaces recognized.

Unfortunately, the Atheros card was recognized, but I haven't been able to connect to a scanned network.

The display was using the correct resolution, but it was using software rendering.

The webcam and the touchpad didn't work, I had to connect my USB trackball.

I didn't go as far as installing it.

### OpenIndiana

I tried the freshly released OpenIndiana Hipster 2023.10 liveUSB.

After letting the bootloader display and start the boot process, the init process seemed stuck and was printing errors about CPU every minute.  I haven't been able to get past this step.

# Measurements

I had fun measuring a lot of things like power usage at the outlet, battery duration with many workloads and gaming FPS (Frames per Second, 30 is okayish depending on people, 40 is acceptable, 60 is perfect as it's the refresh rate of the screen).

## Power

I measured the power usage in watts using a watt-o-meter in different situations:



This is actually good in my opinion, to have a comparison point, a standard 24-inch screen usually draw around 40 watts alone.

The power consumption of the laptop itself is within the range of other laptop.  I was happy to see it use no power when the AC is connected but not to the computer, and on idling it's only 1 watt, I have another laptop idling at 7 watts!

## Battery life

I measured the battery life using different methods and sometimes multiple times to verify if it was reliable.

### Linux

One method was to play a 2160p x265 10 bits encoded video using VLC, 1h39 long, with full brightness and no network.



The other method was to play the video game "Risk of Rain Returns" with a USB PS5 controller, and at full brightness, for a given duration (measured at 20 25 minutes).



### OpenBSD

I played a PSP game for 25 minutes using PPSSPP in full screen at full brightness.



## Gaming performance

I did play a bit on the laptop on Linux using Steam on Flatpak.  I tested it on Fedora 39, Ubuntu 23.10 and Alpine Linux 3.18.3, results were identical.

A big surprise while playing was that the fans remained almost silent, they were spinning faster than usual of course, but that didn't require me to increase the moderate volume I used in my gaming session.



=> static/review/bg3.jpg Baldur's Gate 3 (2023)



=> static/review/cs2.jpg Counter Strike 2



=> static/review/rorr-fs8.png Risk of Rain returns



=> static/review/ror2.jpg Risk of Rain 2



I didn't try using an external GPU on the thunderbolt port, but you can expect way better performance as the games were never CPU bound.

# Conclusion

I'm glad I dared asking NovaCustom about this partnership about the NV41, this is exactly the laptop I needed.  It's reliable, no weird features, it's almost full open source (at least for the software stack?), very powerful, and I can buy replacement parts for at least 7 years if I break something.  It's also SILENT, I despise laptop having a high pitch fan noise.

I still have to play with Dasharo coreboot, I'm really new to this open-source firmware world, so I have to learn before trying weird and dangerous things (I would like to try Heads for its anti-evil maid features, it should be possible to install it on Dasharo systems "soon").

Writing this blog post was extremely hard, I had to stay mindful that this must be an HONEST and NEUTRAL review: writing about a product you are happy with leads to some excitement moments and one may forget to share some little annoyance because it's "not _that_ bad", but I did my best to stay neutral when writing. And this is the agreement I had with NovaCustom.

Honesty is an important value to me.  You, dear readers, certainly trust me to some point, I don't want to lose your trust.
</pre>
    ]]>
  </description>
  <guid>gemini://perso.pw/blog//articles/laptop-review-novacustom-nv41.gmi</guid>
  <link>gemini://perso.pw/blog//articles/laptop-review-novacustom-nv41.gmi</link>
  <pubDate>Wed, 03 Jan 2024 00:00:00 GMT</pubDate>
</item>

  </channel>
</rss>