Today's article is just me trying to turn a common answer/solution into an article...

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
11,498
Reaction score
9,993
Credits
95,326
I've wanted to write this article for a while. It's actually one of my more appreciated answers on StackExchange.

It's simply disabling hardware acceleration for Chrome//Chromium-based browsers. The problem is, that the list of problems this fixes is huge and varies. You never know for certain if it's going to work until you try it. So, I finally just said to heck with it and smashed buttons until it looked passable.


Yup...
 


Question: un-related to browser lockups.

Have you ever done any articles on AppArmor, or more specifically.. SElinux ?
 
Question: un-related to browser lockups.

Have you ever done any articles on AppArmor, or more specifically.. SElinux ?

One article to check if SELinux is running. One article telling folks how to disable AppArmor from Ubuntu.

I kinda want to delve into them more but haven't taken the time to. Also, I know more about AppArmor than I do about SELinux.
 
So, I finally just said to heck with it and smashed buttons until it looked passable.

Yup...
LOL, google probably just left it at the beta phase of development, and it's kinda interesting to think that your might convince the devs for google chrome to go in and fix the problems you describe. That approach to development reminds of Samsung Dex, it's a really neat form of software that allows you to turn your phone in a desktop computer [basically], but i think it is still in the R&D phase. It works though, i used it, was impressed, but decided not better than how i was already hooking up my phone to my tv.
 
and it's kinda interesting to think that your might convince the devs for google chrome to go in and fix the problems you describe.

Over the years, I've been responsible for scores of bug fixes and added features.

I'd not even try to effect change with Google's software. I don't think they'd listen and I don't think it'd be worth my time. Oddly, I do appear to have been (with my initial answer on StackExchange) the first one to tie it together and realize it was HA that was causing all the weird bugs. I don't think that carries any weight with Google.

Now, if I could tie it to a security issue, I'd report it and have hopes of them taking care of it. Like 'em or not, they're pretty good at opaque security fixes. Obviously they can't be completely transparent - and that's a good thing. It's not until after the fact that most of us know of the security holes. Well, unless you're into trawling the dark web trying to buy 0-day exploits...
 
Over the years, I've been responsible for scores of bug fixes and added features.

I'd not even try to effect change with Google's software. I don't think they'd listen and I don't think it'd be worth my time. Oddly, I do appear to have been (with my initial answer on StackExchange) the first one to tie it together and realize it was HA that was causing all the weird bugs. I don't think that carries any weight with Google.

Now, if I could tie it to a security issue, I'd report it and have hopes of them taking care of it. Like 'em or not, they're pretty good at opaque security fixes. Obviously they can't be completely transparent - and that's a good thing. It's not until after the fact that most of us know of the security holes. Well, unless you're into trawling the dark web trying to buy 0-day exploits...
Yeah i don't think of major bugs in major software are fixed by companies, the devs for steam games are constantly trying to fix bugs, yet chrome is an entirely different thing, maybe it would even better if they didn't fix it...im certainly more partial to firefox. Overtime it just became better.

And as far as 0-days are concerned, i think you should watch the "zero days" documentary about NSA making a virus to spin the Iranian nuclear centrifuges out of whack. How silly, as if that's good for "national security". There's also this fiasco about people in the US wanting to ban TikTock because it's china owned, that's probably even sillier. Malware developers tend to be these kids playing in the sandbox who don't even know what is going to come of what they are doing. Apparently the 0days sell for a lot of money...but whose to say you actually bought it at the right time? Were there any other customers?

The malware devs at the NSA even admitted in the doc that they did it, one guy said something like "It wasn't supposed to act so quickly like that, it was only supposed to wear down their technology slowly", but the virus was so fast and effective that Iran caught on that it was a nation state virus immediately. So much for building better relationships with enemies...

I have surfed the deep web several times, just to look at what kinds of things people on there sell. There's all these pdfs about committing fraud and lots of drugs, scams...but i think it's kinda crazy to try to buy drugs like that. You need to have bitcoin and PGP encryption keys (public and private exchange), i wouldn't ever want to search porn through the deep web because from hearsay, the only stuff on there is the absolute worst. One funny business proposition i saw was this site that claimed to sell you hundreds of thousands of dollars in damaged bills really cheaply. I wonder if anyone actually tried to do it! The comments were funny.
 
I've always disabled hardware acceleration in Chrome & the 'clones'. This is invariably linked to the GPU, and as you say is NOT supported, OOTB, under Linux. Google have long made it clear they won't do so, despite that all the options are there under chrome://flags. Their reasoning being that in Windows, they only need to make one, single set of modifications in the source code since everyone is 'singing from he same hymn-sheet'.....whereas under Linux, the variables are SO many and SO varied that it would be a nightmare trying to support every permutation.

It can be done under Linux, but it requires that support for hardware acceleration be enabled at compile time, that the VAAPI API that calls this be flagged via the appropriate "--switch" in the launch wrapper script, AND that libva be installed on your system. This often doesn't come by default, even with many mainstream distros.

(It's also pointless enabling it unless you've got a decently powerful GPU in any case. Even CPU-integrated GPUs require plenty of 'grunt' to be able to successfully pull this off, and to make it worth all the effort. Frankly, even with this feature enabled 99% of indivduals just don't possess great enough visual acuity to notice the "improvement" anyway....)


Mike. :(
 
It can be done under Linux, but it requires that support for hardware acceleration be enabled at compile time, that the VAAPI API that calls this be flagged via the appropriate "--switch" in the launch wrapper script, AND that libva be installed on your system.

Yup. You can cobble together a "fix" but, as I understand, it doesn't actually fix anything in those setups that have the problems to begin with. I'm not sure how true this is, but another thread I came across a while back mentioned that it still didn't work for HA purposes - it just made it look like it was working.

I dunno about that, 'cause I've never invested the time to test it. As I recall, there's a site you can visit to test/view (I think it's chrome://gpu/) certain browser capabilities and HA was not actually working and the author of the post also did a bit of A/B testing.
 
One article to check if SE-Linux is running. One article telling folks how to disable AppArmor from Ubuntu.

I kinda want to delve into them more but haven't taken the time to. Also, I know more about AppArmor than I do about SELinux.
The only time I've ever used SE-Linux is with an FTP server. It started out back around 2007 as a couple of our companies sites transferring data back and forth. It ended up as a global FTP server with 60+ vendors sending & receiving some pretty massive sized files. It used vsftpd with separate incoming/outgoing folders for each user. SE-Linux helped keep things tidy. I can't tell you how many vendors and internal users "tried" to create sub-folders. If they were allowed to, there's no way the back-end (written in ksh) could have kept track of which files went to whom.
 
The only time I've ever used SE-Linux is with an FTP server.

In the RedHat world, it's installed by default I do believe. I think it's active by default with settings for some applications? I don't recall spending any real time tinkering with it. I do believe that the NSA was involved at the early stages, the basis of which would be SELinux today. IIRC, it's just a RHEL project now, with no further NSA involvement. I'll do a bunch of reading and testing should I end up doing an article on the subject. I don't understand everything well enough to actually explain the mechanics in detail.
 
Talking of SELinux, the only app I've ever found that apparently requires it is the Openshot video editor..! I can't see HOW it can possibly want it, but if libselinux is not installed, it won't fire-up....

Perhaps it's a dependency of one of its other dependencies.

(shrug)


Mike. ;)
 


Top