#StackBounty: #gnome #firefox #fonts Firefox doesn't respect font hinting setting in Gnome? How to fix this?

Bounty: 50

I disabled font hinting in Gnome tweaks, but Firefox sometimes (for certain fonts I think) ignores that and tries to align glyphs to pixel grid, resulting in uneven spacing between letters and/or distorted glyphs. I’d like to force Firefox to never use hinting, if possible, are there ways to do so?

Font settings in Gnome tweaks:
Font settings in Gnome tweaks

An example of bad font rendering (this is a line from gmail web interface where it shows the list of threads; there are extra spaces between letters in some places where they should not be, in particular “release” reads as “relea se”):
An example of a problematic line

Same line after changing the zoom a bit (see how the bogus spaces are in different positions):
Same line after changing the zoom a bit

Firefox 64.0, installed from Ubuntu repositories via apt as usual, Ubuntu 18.04, with all recent updates. The display is not HiDPI, it has “regular” pixel density.

I tried to change font hinting by moving fontconfig files as described here https://askubuntu.com/a/29834/351113 (but used the /etc/fonts/conf.avail/10-hinting-none.conf as the source, of course) and it didn’t solve this issue (after clearing Firefox cache and reboot)

Just to check it with something really obvious, I tried to disable font antialiasing in Gnome tweaks (which makes fonts obviously hideous) and it doesn’t change font appearance in Firefox, so I’m pretty sure Firefox ignores Gnome font settings.

Creating ~/.fonts.conf with the appropriate contents also had no effect in Firefox.

As suggested in comments, I tried Firefox ESR and it is affected too.


Get this bounty!!!

#StackBounty: #gnome #firefox #fonts Firefox doesn't respect font hinting setting in Gnome? How to fix this?

Bounty: 50

I disabled font hinting in Gnome tweaks, but Firefox sometimes (for certain fonts I think) ignores that and tries to align glyphs to pixel grid, resulting in uneven spacing between letters and/or distorted glyphs. I’d like to force Firefox to never use hinting, if possible, are there ways to do so?

Font settings in Gnome tweaks:
Font settings in Gnome tweaks

An example of bad font rendering (this is a line from gmail web interface where it shows the list of threads; there are extra spaces between letters in some places where they should not be, in particular “release” reads as “relea se”):
An example of a problematic line

Same line after changing the zoom a bit (see how the bogus spaces are in different positions):
Same line after changing the zoom a bit

Firefox 64.0, installed from Ubuntu repositories via apt as usual, Ubuntu 18.04, with all recent updates. The display is not HiDPI, it has “regular” pixel density.

I tried to change font hinting by moving fontconfig files as described here https://askubuntu.com/a/29834/351113 (but used the /etc/fonts/conf.avail/10-hinting-none.conf as the source, of course) and it didn’t solve this issue (after clearing Firefox cache and reboot)

Just to check it with something really obvious, I tried to disable font antialiasing in Gnome tweaks (which makes fonts obviously hideous) and it doesn’t change font appearance in Firefox, so I’m pretty sure Firefox ignores Gnome font settings.

Creating ~/.fonts.conf with the appropriate contents also had no effect in Firefox.

As suggested in comments, I tried Firefox ESR and it is affected too.


Get this bounty!!!

#StackBounty: #callouts SharePoint Online Callout, show from left side only (beakOrientation: left)

Bounty: 50

I use SharePoint callouts with “beakOrientation”:”leftRight”. It sometimes show on the right, sometimes on the left. Can I set it only to the left? It works ok but breaks views on small laptops

Here is part of my code. Just for example – I dynamically add class to first callout (my divs and callouts are generated from list)

function addCalloutTip(id, tip, title, url, isFirst) {

    // get the launchpoint element of the callout
    var launchpoint = document.getElementById(id);

    // first callout has different css, so add class to launchpoint dynamically
    if (isFirst) {
        launchpoint.classList.add("first-callout-parent");
    }

    // configure Callout options
    var calloutOptions = new CalloutOptions();
    calloutOptions.ID = id;
    calloutOptions.launchPoint = launchpoint;
    calloutOptions.beakOrientation = "leftRight"; // want to deny 'Right' here..
    calloutOptions.content = tip;

    calloutOptions.openOptions = {
        event: "hover"
    };

    // call the CalloutManager to create the callout and then open
    var callout = CalloutManager.createNewIfNecessary(calloutOptions);
    callout.open();
}


Get this bounty!!!

#StackBounty: #fedora #system-installation #intel #intel-graphics #matrox Fedora 28 server install failure

Bounty: 50

My goal is to install the Server version of Fedora 28.1.1, on a second Intel S1200SPLR server (after the first was proved to have a hardware problem) with a Xeon E3-1275 v5 CPU, 16GB of 2133 Unbuffered ECC DDR4, the onboard Intel P530 integrated HD Graphics, and a 480GB SSD, all components approved by the server board manufacturer. There are no cards in the system.

I am using the directly connected monitor on the only VGA port (back panel) and have specified that in the BIOS/Settings; IPMI is not available to me. I am not familiar with dracut.

First, I tested with Ubuntu 18.04.1 LTS, which installed AOK from its checksummed LiveUSB. There was no lag.

Next, I tried Fedora Server 28.1.1, from a LiveUSB generated by the Fedora LiveUSB Writer. The terminal window went blank shortly after booting from its checksummed LiveUSB. I got the same result with Fedora Workstation 29.1.2. I repeated the attempts with an ISO written onto different flash drives with Rufus.

Pressing e in GRUB2 to replace quiet with nomodeset did not help. Neither did adding inst.text, vga=790, or vga=793 (ref. http://blog.fpmurphy.com/2009/09/project-plymouth.html). Every time, Server 28 stalled at fb: switching to mgag200drmfb from EFI VGA.

Then, to try to get some information about what’s happening, I tried Fedora Spin Workstation 29.1.2 with Cinnamon, having remembered something about GNOME problems. It installs, but Cinnamon repeatedly crashes every minute, both in LiveUSB mode and after installation and reboot. Cinnamon reports it is rendering in software mode. The 28.1.1 Spin with Xfce (which uses lightdm) installs and runs OK, which does suggest something in the GNOME package is trouble.

I opened a terminal, and copied dmesg from the Fedora 29.1.2 Workstation Cinnamon install for your review. The results of lspci-k can be seen here, and it appears there’s a Matrox display adapter as well as the Intel Integrated HD Graphics on the motherboard..

I have also, as per https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/blacklisting_a_module, created /etc/modprobe.d/blacklist.conf which contains one line

blacklist mgag200

and rebooted, but lspci -k still shows the Matrox in use.


I also edited /etc/default/grub to remove quiet rhgb (the call to Red Hat Graphical Boot) and replaced that with inst.text then ran grub2-mkconfig -o /boot/grub2/grub.cfg and rebooted. When I did, I opened up grub with e and found its next to last line read

GRUB_CMDLINE_LINUX="resume=/dev/mapper/fedora-swap rd.lvm.lv-fedora/root rd.lvm.lv=fedora/swap rhgb quiet"

I changed that to

GRUB_CMDLINE_LINUX="resume=/dev/mapper/fedora-swap rd.lvm.lv-fedora/root rd.lvm.lv=fedora/swap inst.text"

but the problem persisted.

Again, my objective is to install Fedora 28.1.1 Server, and the Workstation installs are just an attempt to gather information for troubleshooting.


Get this bounty!!!

#StackBounty: #amazon-web-services #amazon-ec2 #amazon-iam #aws-systems-manager AWS Systems Manager Linux Instance Patching – "The…

Bounty: 50

I’m trying to set up AWS Systems Manager (SSM) to patch a production Amazon Linux 1 instance. I’ve tried setting SSM tasks up from scratch a few times but I keep getting the error message “The specified service role is invalid”. This is an area I’m a bit weak in, I need a bit of help to work out how to get automatic Linux patcing working.

I know the agent is working ok. When I go into “Managed Instances” I can see the instance is online and I have a software inventory.

SSM Setup

Here’s screen shots of everything I can think would be relevant.

Maintenance Window

Window Details

Note that tasks shows the task it’s running – “AWS-RunPatchBaseline”

Tasks

This shows the service role in use

Service Role

This shows the service role in IAM

IAM

Here’s the service role trust relationships.

IAM

Here’s the access log for the IAM role.

IAM

I’m happy to add more info / share more if it would help. I note that I’ve set up S3 logging and SNS notifications and neither of those are happening.

Inventory Problem

I also noticed that my inventory is reporting an error. It must have run once because I can see what software is on the instance, but it seems stuck now.

I can’t work out how to remove the unnecessary inventory tasks.

Inventory Problem

The error message is: “1 out of 1 plugin processed, 0 success, 1 failed, 0 timedout, 0 skipped. The operation collectSoftwareInventoryItems failed because aws:softwareInventory detected multiple inventory configurations associated with one instance. Each instance can be associated with just one inventory configuration”


Get this bounty!!!

#StackBounty: #wifi #networkmanager Trouble connecting to open wifi networks in Arch Linux

Bounty: 100

I apologize about the lack of useful information on this question, but I’m kind of lost since it’s outside my expertise.

I have two open WiFi networks in my building, call them A and B. I have lived here for over two years and they have always worked, but now (after being away for a while) I’ve been experiencing problems that I can’t diagnose.

The problem is that after a while (sometimes 5 min, sometimes an hour) the network I’m connected to stops and then I have to change to the other one. And this goes on indefinitely, where I have to keep changing between networks A and B.

I’m pretty sure this is a problem with my computer because when I connect to the same networks with my phone they work perfectly. Also I have called the IT people here and they assured me that the network is working fine. The thing is that this doesn’t happen with other networks (that I’ve noticed).

The problem is that I don’t even know how to diagnose the problem, let alone fix it. I’ve tried resetting these connections and restarting the computer, I’ve installed all the updates (because maybe it’s a bug on network manager introduced by an earlier update…).

How do I go about diagnosing this problem (and subsequently solving it)?

PS: I have Arch Linux (up-to-date) on a Samsung 9 laptop.

PS2: When issuing ping 8.8.8.8 I get normal results for a while and eventually it prints out:

From 000.00.000.00 icmp_seq=1311 Destination Host Unreachable

where the zeros above represent my current IP.


Get this bounty!!!

#StackBounty: #angular #nginx Nginx routing to multiple locations with multiple roots in angular ssr build

Bounty: 50

I have my website running and hosted on the server. Let’s say my website is http://example.com. It built in angular and I built and deployed the dist folder which contains the code on the server, let’s say, at /opt/example_web/dist/browser. Now when I hit the site, it redirects and loads fine.

I have another two builds (can say) running on the same server, one http://example.com/api which is build on Node.js and another angular based http://example.com/admin. API works fine but the problem is coming up with admin. The home page loads but it isn’t able to find the styles and javascript files which are located at /opt/example_admin/dist/browser. Error it displays in console is –

2019/01/13 10:04:57 [error] 5474#5474: *6 open() "/opt/example_web/dist/browser/admin/styles.3397081055411503ca7a.css" failed (2: No such file or directory), client: 103.82.102.67, server: edupeeth.com, request: "GET /admin/styles.3397081055411503ca7a.css HTTP/1.1", host: "edupeeth.com", referrer: "https://edupeeth.com/admin"
2019/01/13 10:04:57 [error] 5474#5474: *6 open() "/opt/example_web/dist/browser/admin/runtime.c65c5993662350a7e065.js" failed (2: No such file or directory), client: 103.82.102.67, server: edupeeth.com, request: "GET /admin/runtime.c65c5993662350a7e065.js HTTP/1.1", host: "edupeeth.com", referrer: "https://edupeeth.com/admin"
2019/01/13 10:04:57 [error] 5474#5474: *6 open() "/opt/example_web/dist/browser/admin/polyfills.0e3ee22c9a47318954a0.js" failed (2: No such file or directory), client: 103.82.102.67, server: edupeeth.com, request: "GET /admin/polyfills.0e3ee22c9a47318954a0.js HTTP/1.1", host: "edupeeth.com", referrer: "https://edupeeth.com/admin"
2019/01/13 10:04:57 [error] 5474#5474: *8 open() "/opt/example_web/dist/browser/admin/main.0008150f761fd2143e37.js" failed (2: No such file or directory), client: 103.82.102.67, server: edupeeth.com, request: "GET /admin/main.0008150f761fd2143e37.js HTTP/1.1", host: "edupeeth.com", referrer: "https://edupeeth.com/admin"

I think I am doing something wrong in nginx config. I am copying below my configuration for nginx. Please suggest the mistake I am doing here.

upstream ssr_edu_web {
    server 127.0.0.1:4200;
}

upstream ssr_edu_admin {
    server 127.0.0.1:8081;
}

server {
    listen 443 ssl;

    server_name example.com www.example.com; # <--- Change this part

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
      ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    root /opt/example_web/dist/browser; # <-- Notice where we're point to    

    location / {

        try_files $uri $uri @backend; # <--- This looks for requests (statics i.e js/css/fonts)
                                      # in /ssr/dist/browser folder. If nothing found, calls @backend
    }

    location @backend {
        # NOTE THERE IS NO TRAILING SLASH AT THE END. NO TRAILING SLASH. NO SLASH. NO!
        proxy_pass http://ssr_edu_web; # <--- THIS DOES NOT HAVE A TRAILING '/'
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

      location /api {
         proxy_pass http://127.0.0.1:8080/api;
         proxy_redirect    off;
         proxy_set_header  Host            $host;
         proxy_set_header  X-Real-IP        $remote_addr;
         proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
       }

    location /admin {
        alias /opt/example_admin/dist/browser;
        proxy_pass http://ssr_edu_admin; # <--- THIS DOES NOT HAVE A TRAILING '/'        
       }       

}

  server {
      listen 80;
      server_name example.com;
      return 301 https://$server_name$request_uri?;
  }

Following is index.html

<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title>Admin</title>
  <base href="/">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="icon" type="image/x-icon" href="favicon.png">
  <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
  <link href="https://fonts.googleapis.com/css?family=Roboto:300,400,500" rel="stylesheet">
<link rel="stylesheet" href="/admin/styles.3397081055411503ca7a.css"></head>
<body>
  <app-root></app-root>
/admin/runtime.c65c5993662350a7e065.js/admin/polyfills.0e3ee22c9a47318954a0.js/admin/main.0008150f761fd2143e37.js</body>
</html>

If I do a curl after logging in to the server where I hosted my website, I am able to do so on http://127.0.0.1:8081.


Get this bounty!!!

#StackBounty: #dns #query #qnap DNS queries "DomainServer.dom.local.dev.null" by QNAP NAS

Bounty: 50

We encounter strange DNS queries intiated by a QNAP NAS:

DomainServer.dom.local.dev.null

DomainServer.dom.local (name is obfuscated here) is the valid name of the domain controller. But the NAS adds .dev.null to the name.

This looks to me as if a default DNS name is configured which is added automatically. But I can not find such a setting on the NAS.

Can someone explain this?


From the DNS log of the domain controller

Devices in the log

  • 192.168.0.1 = domain controller (DomainServer.dom.local)
  • 192.168.0.16 = QNAP NAS
  • 192.168.0.254 = Sophos UTM

15.01.2019 11:53:39 2728 PACKET  000000E796562170 UDP Rcv 192.168.0.16    4c9e   Q [0001   D   NOERROR] AAAA   (12)NameOfServer(3)dom(5)local(3)dev(4)null(0)
UDP question info at 000000E796562170
  Socket = 556
  Remote addr 192.168.0.16, port 56856
  Time Query=533586, Queued=0, Expire=0
  Buf length = 0x0fa0 (4000)
  Msg length = 0x0031 (49)
  Message:
    XID       0x4c9e
    Flags     0x0100
      QR        0 (QUESTION)
      OPCODE    0 (QUERY)
      AA        0
      TC        0
      RD        1
      RA        0
      Z         0
      CD        0
      AD        0
      RCODE     0 (NOERROR)
    QCOUNT    1
    ACOUNT    0
    NSCOUNT   0
    ARCOUNT   0
    QUESTION SECTION:
    Offset = 0x000c, RR count = 0
    Name      "(12)NameOfServer(3)dom(5)local(3)dev(4)null(0)"
      QTYPE   AAAA (28)
      QCLASS  1
    ANSWER SECTION:
      empty
    AUTHORITY SECTION:
      empty
    ADDITIONAL SECTION:
      empty

15.01.2019 11:53:39 2728 PACKET  000000E7932A4220 UDP Snd 192.168.0.254   4eb1   Q [0001   D   NOERROR] AAAA   (12)NameOfServer(3)dom(5)local(3)dev(4)null(0)
UDP question info at 000000E7932A4220
  Socket = 11688
  Remote addr 192.168.0.254, port 53
  Time Query=0, Queued=0, Expire=0
  Buf length = 0x0fa0 (4000)
  Msg length = 0x003c (60)
  Message:
    XID       0x4eb1
    Flags     0x0100
      QR        0 (QUESTION)
      OPCODE    0 (QUERY)
      AA        0
      TC        0
      RD        1
      RA        0
      Z         0
      CD        0
      AD        0
      RCODE     0 (NOERROR)
    QCOUNT    1
    ACOUNT    0
    NSCOUNT   0
    ARCOUNT   1
    QUESTION SECTION:
    Offset = 0x000c, RR count = 0
    Name      "(12)NameOfServer(3)dom(5)local(3)dev(4)null(0)"
      QTYPE   AAAA (28)
      QCLASS  1
    ANSWER SECTION:
      empty
    AUTHORITY SECTION:
      empty
    ADDITIONAL SECTION:
    Offset = 0x0031, RR count = 0
    Name      "(0)"
      TYPE   OPT  (41)
      CLASS  4000
      TTL    32768
      DLEN   0
      DATA   
        Buffer Size  = 4000
        Rcode Ext    = 0
        Rcode Full   = 0
        Version      = 0
        Flags        = 80 DO


Get this bounty!!!

#StackBounty: #domain-name-system #query #snort #sophos Suspicious DNS query leads to "Intrusion protection alert" on Sophos …

Bounty: 50

A customer Sophos-UTM reports Intrusion protection alert warnings INDICATOR-COMPROMISE suspicious .null dns query:

2019:01:15-11:54:13 utm-ba snort[31619]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="INDICATOR-COMPROMISE suspicious .null dns query" group="241" srcip="192.168.0.1" dstip="192.168.0.254" proto="17" srcport="49445" dstport="53" sid="48666" class="Misc activity" priority="3" generator="1" msgid="0"

We enabled DNS logging on the domain controller and get this data. (Names are obfuscated)

From the DNS log of the domain controller

Devices in the log

  • 192.168.0.1 = domain controller (DomainServer.dom.local)
  • 192.168.0.16 = QNAP NAS
  • 192.168.0.254 = Sophos UTM

15.01.2019 11:53:39 2728 PACKET  000000E796562170 UDP Rcv 192.168.0.16    4c9e   Q [0001   D   NOERROR] AAAA   (12)NameOfServer(3)dom(5)local(3)dev(4)null(0)
UDP question info at 000000E796562170
  Socket = 556
  Remote addr 192.168.0.16, port 56856
  Time Query=533586, Queued=0, Expire=0
  Buf length = 0x0fa0 (4000)
  Msg length = 0x0031 (49)
  Message:
    XID       0x4c9e
    Flags     0x0100
      QR        0 (QUESTION)
      OPCODE    0 (QUERY)
      AA        0
      TC        0
      RD        1
      RA        0
      Z         0
      CD        0
      AD        0
      RCODE     0 (NOERROR)
    QCOUNT    1
    ACOUNT    0
    NSCOUNT   0
    ARCOUNT   0
    QUESTION SECTION:
    Offset = 0x000c, RR count = 0
    Name      "(12)NameOfServer(3)dom(5)local(3)dev(4)null(0)"
      QTYPE   AAAA (28)
      QCLASS  1
    ANSWER SECTION:
      empty
    AUTHORITY SECTION:
      empty
    ADDITIONAL SECTION:
      empty

15.01.2019 11:53:39 2728 PACKET  000000E7932A4220 UDP Snd 192.168.0.254   4eb1   Q [0001   D   NOERROR] AAAA   (12)NameOfServer(3)dom(5)local(3)dev(4)null(0)
UDP question info at 000000E7932A4220
  Socket = 11688
  Remote addr 192.168.0.254, port 53
  Time Query=0, Queued=0, Expire=0
  Buf length = 0x0fa0 (4000)
  Msg length = 0x003c (60)
  Message:
    XID       0x4eb1
    Flags     0x0100
      QR        0 (QUESTION)
      OPCODE    0 (QUERY)
      AA        0
      TC        0
      RD        1
      RA        0
      Z         0
      CD        0
      AD        0
      RCODE     0 (NOERROR)
    QCOUNT    1
    ACOUNT    0
    NSCOUNT   0
    ARCOUNT   1
    QUESTION SECTION:
    Offset = 0x000c, RR count = 0
    Name      "(12)NameOfServer(3)dom(5)local(3)dev(4)null(0)"
      QTYPE   AAAA (28)
      QCLASS  1
    ANSWER SECTION:
      empty
    AUTHORITY SECTION:
      empty
    ADDITIONAL SECTION:
    Offset = 0x0031, RR count = 0
    Name      "(0)"
      TYPE   OPT  (41)
      CLASS  4000
      TTL    32768
      DLEN   0
      DATA   
        Buffer Size  = 4000
        Rcode Ext    = 0
        Rcode Full   = 0
        Version      = 0
        Flags        = 80 DO

Questions:

  • Does anyone have an explanation why this is a potentially dangerous request?
  • Is it only due do the (3)dev(4)null(0)part in the request?

(We currently don’t know why this requests are sent and I already asked on Superuser: DNS queries “DomainServer.dom.local.dev.null” by QNAP NAS)


Get this bounty!!!