I was eager for the second expansion set of “Cradle Of Humanity” since I enjoyed the Split Vendetta expansion a lot. Sunk many nights into this sandbox so I pre-ordered the DLC on GOG (Good Old Games) and watched that countdown to release ticking down. Oh boy, was I disappointed when the timer reached zero and I got nothing while people who bought on Steam already enjoyed the DLC. As usual GOG leaves Linux players standing in the rain so I called it a day and checked again on the next day when I was presented with this:

X4: Foundations patched, Split Vendetta was not, Cradle Of Humanity nowhere to be seen.

So apparently they finally managed to roll out version 4.0 of the main game but missed the first DLC Split Vendetta. What could possibly go wrong. Cradle Of Humanity is still nowhere to be seen. This didn’t change until now, one day after release and the time of writing of this article. Oh GOG, I am so done with this. And I even expected this, joking around weeks before the release date that this will be two weeks later for GOG users. Again.

Curiously I checked the Downloads for Windows next and guess what: The DLCs were all there and also on version 4.0!

So I did what every Linux tinkerer would do. I checked out what is really in the DLC files by extracting the contents using innoextract. To my delight I could not find anything operating system related in there so I threw all the Windows DLCs into my version 4.0 base game folder and extracted both DLCs.

The required files are:

  • setup_x4_cradle_of_humanity_4.00_(64bit)(45636)-1.bin
  • setup_x4_cradle_of_humanity_4.00(64bit)(45636).exe
  • setup_x4_split_vendetta_4.00(64bit)(45636)-1.bin
  • setup_x4_split_vendetta_4.00(64bit)_(45636).exe
cd /games/linux/X4_Foundations/game
innoextract --exclude-temp --extract setup_x4_split_vendetta_4.00_\(64bit\)_\(45636\).exe 
innoextract --exclude-temp --extract setup_x4_cradle_of_humanity_4.00_\(64bit\)_\(45636\).exe

When I run the game now I found both DLCs registered in the Extensions menu and could start a new game as Terrain fraction. Whop whop, here we go.

No, I will never buy a recent game on GOG again. Especially not as pre-order. I wish I could migrate this to my Steam account. This is the DRM free revolution. As usual, the joke is on the paying customer.

tl;dr: Add PATH="${PATH}:/bin:/usr/bin:/sbin:/usr/sbin" to /etc/default/firehol when using backported version 3 of firehol on Ubuntu.

firehol – an easy to use but powerful iptables stateful firewall

man firehol

With this out of the way: When installing firehol on aging Xenial (Ubuntu 16.04) you want the backported packages by Andrey Galkin to get version 3 of firehol over version 2 in universe – especially when working with IPv6: https://launchpad.net/~andvgal

When done setting up your rules you may find out after a reboot that the systemd job involved will claim to have started firehol but eventually discover that your iptables are empty despite systemd claiming otherwhise and having set START_FIREHOL=YES in /etc/default/firehol:

● firehol.service - LSB: firehol firewall configuration
   Loaded: loaded (/etc/init.d/firehol; bad; vendor preset: enabled)
   Active: active (exited) since Fr 2020-11-27 15:43:51 CET; 2h 8min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 31555 ExecStop=/etc/init.d/firehol stop (code=exited, status=0/SUCCESS)
  Process: 31574 ExecStart=/etc/init.d/firehol start (code=exited, status=0/SUCCESS)

This is especially weird when you run the startup /sbin/firehol start command manually and it succeeds just fine.

I had to dig deep to find out where the script is in fact falling flat. This was mostly because of old init script /etc/init.d/firehol redirecting the output of the starting process to /dev/null not showing the errors at all:

do_start () {
        # return
        #  0 000 if firewall has been handled
        #  1 001 if firewall could not be activated
        #  4 100 if FireHOL is disabled via /etc/default/firehol
        [ "$START_FIREHOL" = "NO"  ] && return 4
        /sbin/firehol start "$@" > /dev/null 2>&1 || return 1

Now we finally get a result and with INIT_VERBOSE=yes set we do indeed get some useful output:

Nov 27 17:59:38 firehol[27095]: /sbin/firehol: line 33: dirname: command not found
Nov 27 17:59:38 firehol[27095]: /sbin/firehol: line 33: cd: HOME not set
Nov 27 17:59:38 firehol[27095]: /sbin/firehol: line 33: basename: command not found
Nov 27 17:59:38 firehol[27095]: /sbin/firehol: line 36: dirname: command not found
Nov 27 17:59:38 firehol[27095]: Cannot access /install.config
Nov 27 17:59:38 firehol[27095]:    ...fail!

And this is basically yelling at us that the PATH variable is not set because the script can not find and execute required commands. Sadly this fail is not catched or logged without verbose information and thanks to the /dev/null redirect at all.

At first glance I was going to blame systemd isolating the script from environment variables but that was too fast because setting it explicit changed nothing. To blame is the old set-up logic of the init script /etc/init.d/firehol right at the top not allowing /usr/bin where dirname or basename and others are found.

PATH=/bin:/sbin
NAME=firehol
DESC="firewall"
SCRIPTNAME=/etc/init.d/$NAME

test -x /sbin/firehol || exit 0

[ -r /etc/default/firehol ] && set -a && . /etc/default/firehol

I compared the /sbin/firehol script of version 2 with version 3 and there is a subtle difference at the start in version 2 that is missing in version 3:

# EXTERNAL/SYSTEM COMMANDS MANAGEMENT
#
# ------------------------------------------------------------------------------
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# ------------------------------------------------------------------------------

export PATH="${PATH}:/bin:/usr/bin:/sbin:/usr/sbin"

I’d argue that version 3 missing this is more correct because setting up the PATH is really the job of the system that is running the script. So basically SysVinit or systemd. Sadly that doesn’t help us here and fiddling with a maintainer provided file is a no go because this will be erased on the next update (if any). Luckily we can see from the init script /etc/init.d/firehol that it also sources the file /etc/default/firehol. This means we can set any additional environment variable here:

# FireHOL application default file
# sourced by the initscript `/etc/init.d/firehol'.

PATH="${PATH}:/bin:/usr/bin:/sbin:/usr/sbin"

# To enable firehol at startup set START_FIREHOL=YES (init script variable)
START_FIREHOL=YES

After editing this file we finally get some more information and our iptables are piling up with rules again.

● firehol.service - LSB: firehol firewall configuration
   Loaded: loaded (/etc/init.d/firehol; bad; vendor preset: enabled)
  Drop-In: /etc/systemd/system/firehol.service.d
   Active: active (exited) since Fr 2020-11-27 18:17:41 CET; 1s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 14337 ExecStop=/etc/init.d/firehol stop (code=exited, status=0/SUCCESS)
  Process: 14511 ExecStart=/etc/init.d/firehol start (code=exited, status=0/SUCCESS)

Nov 27 18:17:39 systemd[1]: Starting LSB: firehol firewall configuration...
Nov 27 18:17:39 firehol[14511]: Params
Nov 27 18:17:39 firehol[14511]: FireHOL: Saving active firewall to a temporary file...  OK
Nov 27 18:17:40 firehol[14511]: FireHOL: Processing file '//etc/firehol/firehol.conf'...  OK  (470 iptables rules)
Nov 27 18:17:41 firehol[14511]: FireHOL: Activating ipsets...  OK
Nov 27 18:17:41 firehol[14511]: FireHOL: Fast activating new firewall...  OK
Nov 27 18:17:41 firehol[14511]: FireHOL: Saving activated firewall to '//var/spool/firehol'...  OK
Nov 27 18:17:41 systemd[1]: Started LSB: firehol firewall configuration.

Personally I can’t wait for all init scripts to sink into oblivion because debugging this sort of errors is hard and a waste of time and usually revolves about problems solved already in many different ways before – each falling flat in some corner case.

Today I scratched an itch I had with and . Every time I run it on my PC I have to drag around the window until it fills my 3 displays setup. It’s tricky because it’s a grown installation and the displays have different resolutions.

Gnome has smart borders auto-sizing windows when you come close to a border. Usually that’s awesome but in this case it’s not. wmctrl to my rescue!

Find out about current window position when satisfied: wmctrl -G -l -x

Use that information for a one liner script: wmctrl -x -r code.Code -e 0,0,109,5276,1136

This will do until I get a 4k display or learn how to auto-run this snippet on the launch of vscode (like I do this with RisingWorld to force semi borderless fullscreen) 🤣

There’s a weird issue with (snap) on that starts when using voice chat causing really bad lag and short freezes (input, rendering, everything) that became worse over time. My journal filled up with looping messages from appindicator causing this.

appindicatorsupport(at)rgcjonas.gmail.com[2514]: discord1, Impossible to lookup icon for 'discord1_12-panel'

Followed by a JS exception and trace:

JS ERROR: Exception in callback for signal: icon: Error: Argument 'filename' (type filename) may not be null

When I finally found the cause of this I went on looking for a solution and it seems like the unsung hero @3v1n0 fixed this long standing bug like 8 days ago: https://github.com/ubuntu/gnome-shell-extension-appindicator/commit/745c66a73e0a15a870e92e5aa461e2e9e646b899

Here is a more coherent report on this: https://bugs.launchpad.net/ubuntu/+source/gnome-shell-extension-appindicator/+bug/1849142

Fun thing is: I only have that indicator because Discord would eventually crash without trying to access this.

Now it’s patched and gone – back to 😁

Man, this is a 180° turn for me. When I started out with Linux the GPUs where usually troublemakers and I kinda got used to throw moar power at it to solve the problem. Spent nights fiddling with Elsa Winner or 3Dfx Vodoo or some ATI cards (that eventual became AMD). When laptops of mine could no longer be used because AMD simply dropped support for perfectly fine hardware I was really never again buying from it again.

The background for finally ripping out the heart of my Linux PC is basically this issue: https://beko.famkos.net/2020/01/17/computer-fallen

NVRM: GPU 0000:01:00.0: GPU has fallen off the bus.

This is followed by a frozen X server rendering all HID interfaces dead until reboot. It happened once or twice a week. NVIDIA support has no idea and while the card is still fine and up for any task I finally decided to get a more recent GPU hoping that the problem will be gone (and not be an issue from the mainboard).

So here I am in 2020 ripping out the heart of my Linux PC.

The decision to try AMD again after a decade was basically made because I read so much positive news on their open source drivers and general good support by Mesa nowadays. Since nothing about the old fglrx days is valid any more this is sort of a jump into cold water for me 🙂

I decided for the slightly older RX 5600 XT 14Gbps 6GB (THICC III Pro) edition by XFX that seems to be good for 1080p gaming and this is close to my main display resolution of 1920×1200. While I never heard of XFX before I was hooked by NO RGB and that tiny vBios switch it has offering a backup bios. That’s a feature I like in my mainboards as well.

Speaking of I heard a lot of confusion on said vBioses on this series so I digged deeper on this topic. Thankfully a lot of the legwork was already done for me by André Almeida who describes the process for Linux PC on https://andrealmeid.com/post/2020-05-01-vbios2/ after a lot of research in part 1.

With the help of the mentioned tool amdvbflash I was able to drag the following vBios information out of the GPU:

AMDVBFLASH version 4.71, Copyright (c) 2020 Advanced Micro Devices, Inc.

    Product Name is :    NAVI10 A1/A2 D1990301 XLE 6GB 300e/875m 
    Device ID is    :    731F
    Bios Version    :    017.001.000.068.000000
    Bios P/N is     :    113-170WCNAVIXLE6
    Bios SSID       :    5710
    Bios SVID       :    1682
    Bios Date is    :    03/27/20 21:25 

The extracted rom of the active vBios (switch was set on position closer to power connector) has the sha1sum 9ce7ecc9625d7ff39b3b08c45916b6c2e3bf4a8c and is according to the flashing tool valid and signed. I understood it’s a bad idea to flash with an unsigned rom because the GPU will probably refuse to boot. I’d upload it to techpowerup that seems to collect such roms and allows hassle free downloading but their extract and upload tool seems to be for Windows PC only.

XFX has vBios roms for the 12Gbps variant on it’s website but currently none for this one so it seems it is up to date already.

Installing it was a breeze. I upgraded to Fedora Workstation 32 before changing the GPU to make sure I get more recent drivers and that was it. System booted up just fine and the card worked out of the box. Unlike NVIDIA I didn’t need to download a specific driver first or add some further repository. There’s this nice tool CoreCtrl that shows me a power consumption of only 14W while the card is in idle with zero spinning fans. That’s right – no noise! When not in use this card consumes next to no resources which begs the question how I’m going to heat my man cave from now on 😀

CoreCtrl in action

This surprised me as well. All the cool bits are laid out for me to play with at /sys/class/drm/card1/device/. I mean I’m not much into over-clocking but it’s all there. This brings me to benchmarking the new GPU. I’m not some YTer so you’ll only get the Unigine Superposition benchmark with basically irrelevant OpenGL (I know of no nifty Vulkan benchmark like this yet) for Linux PC gaming.

The tool picked up the wrong model (it really is a FX 5600 XT)

That’s rad! My old Titan X has it’s stronger side in other features but managed only a total result of 3055 without over-clocking on this benchmark.

I’ve not much gaming experience with it yet. I just made sure that Valheim (beta) and X4 Foundations works fine with it. There seems to be some sound issue with Discord + Fullscreen that I found so far but I solved this by switching to windowed mode on the games seeing no difference in FPS.

The one notable issue I have compared with NVIDIA is that I have to set the environment variable DRI_PRIME=1 or games will pick up the integrated GPU of the i5-8600K. This is probably because I’ve a display connected to it as well so it’s active. Going to play with this a little until I get the idea. Will need some adapters first tho 😅

Update: Just as guessed. Once I had all my adapters in place the integrated GPU was not needed any more and does no longer show up. No need to use DRI_PRIME=1 for each 3D application any more.

“Releases for PC”. Oh we Linux gamers know this phrase well. So it seems that is taking another approach now instead of the usual “PC is not Windows”. Liam changed the wording on the news slightly:

Beyond a Steel Sky to release for Linux PC during July

https://www.gamingonlinux.com/2020/06/beyond-a-steel-sky-to-release-for-linux-pc-during-july

I like that approach and I shall also use “Linux PC” in the future. And not just for my .

 

Things were going smooth for a while. The pirates didn’t stop harassing my ships so I decided for drastic action. We slacked their station in the system.

The Scale Plate Pact station is no more

That sure put a damper on their actions in the sectors nearby. Surviving ships were hunted down, boarded and taken over. It was glorious. The fleet was unstoppable for a while and with each carefully picked battle it grew.

Gate duty helped to train the fleet further and a lot of sweet loot to improve and modify ships further could be collected.

The highlight was two Xenon K jumping into the sector to be annihilated by my fleet of two destroyers, plenty of small fighters and an auxiliary ship used as bullet sponge.

Battling Xenon K at the gates

This was when I decided to contact the Split while extending my mining business all over the galaxy big time. I started with a bad reputation towards Split – that’s kinda default for most races in the X4 universe – so I had a hard time to make them like me… somewhat. This was mostly achieved by destroying enemy ships near to their stations.

Meanwhile I bought several Magnetar mining ships so keep the needed raw materials on my prospering stations coming. Everything was going nicely and I decided to claim the sector Heretics End.

While I was busy building my stations to do so my new not-exactly-enemies decided to go to battle in freakin Argon Prime. Four Rattle Snake destroyers went basically unchallenged into the Argon heart and took out the Wharf. I didn’t want to interference since I just made not-exactly-enemy with the Split. From here it went downhill fast. Almost all of Argon Prime was wiped out – and I had bought most of my ships there. This! Hurt! Business!

I had not much time to mourn though. While I was busy with my new stations in Heretics End I was ended by a very surprising Xenon attack myself. First two more K ships showed up that I hardly managed to destroy – especially since most of my fleet was busy rescuing some Teladi trading station from another K.

While I was busy counting my losses _it_ showed up. The worst nightmare X4 has to offer: The Xenon Branch 9 Destroyer I entered the sector and all I had to offer were two half built stations, some Interceptors and my badly damaged Argon Behemoth destroyer.

Xenon Branch 9 Destroyer I

I tried to keep my distance while waiting for my fleet to arrive. This worked for a while but it eventually was going to destroy my station so I tried to get into it’s blind spot. That was my last stand. Out of mines and turrets, low on interceptors and badly damaged my destroyer went down with me on the bridge.

I accept this glorious defeat – for now 😀

I wonder for a suited format for a series of log entries for my X4 adventures. Mayhap I should simply edit and append as the story [of my sandbox] unfolds.

Spent most of the day hunting pirates that seem to develop a taste for my ships. The salvaged Cerberus Vanguard is a huge help with this and whenever a pirate surrenders my own support fleet of Minotaur grows. Did I mention that I just love the design of this ship? It’s such a great all-round asset that can even haul some cargo on occasion or act as small carrier.

I also stumbled over another really tiny vault. Took some time to unlock all it’s secrets but I’m starting to get the hang of it.

Raiding a tiny vault

Talking about raiding I had some notable encounters as well. A Raider tried to steal from the current head quarter. That was a mighty stupid idea and the Raider was toast before I even got close to it.

Scale Plate Pact Raider going down in a blaze

And another had the nerve to attack my medium freighters during their duty of making profit. When I finally had enough I called in the fleet and together we started a boarding operation. That was a long and ugly fight mostly because due to a bunch of Xen fighters trashing our party. Lost one small heavy fighter and 45 marines but in the end the ship was ours. Good thing the Cerberus brought a repair drone along to fix the busted engines, by the way.

I also identified a choking point in Napileos’ Fortune VI where a lot of the pirate traffic seems to originate. It’s an empty and unclaimed sector so I started building an Administrative Center here hoping to get this pest under control.

Claiming Napileos’ Fortune VI

I wonder if it makes sense to start more stations here, because a lot of other huge stations are within 4 sectors of this – the typical maximum distance for auto traders to go – and a lot of traffic is passing through this already.

Oh yeah – and I finally got all the parts to assemble the SINZA device. It’s IMHO not really obvious that it simply activated with Shift+4 because I tried to install it as modification or ship drive first.

Today I learned about IMA, EVM and TPM on Linux and I feel like Alice tumbling down the rabbit hole.

[ 0.784022] ima: No TPM chip found, activating TPM-bypass!

dmesg | grep TPM

Last time I read about this is ~15 years ago and I simply disabled TPM so far since I only remember the concerns from back then about privacy and the impact it may have on free software related to DRM. TrueCrypt also fuelled this believe.

Turns out that TPM is completely passive and can do a lot for me, especially in combination with UEFI and IMA (Integrity Measurement Architecture) or, in fact, with securing personal credentials and even TOTP.

Yes, I read about the ROCA vulnerability, too!

I played the visual novel game Ken Follett's The Pillars of the Earth. I admit I didn’t even look up the details before when I got all three parts dead cheap as a bundle. I’ve a very faint memory of reading the book/s but that’s all. It looked like a decent point-and-click adventure available for and the idea was to play it via Steam Link in the living room with the kids around. Hint: Don’t do that.

The story is an emotional roller-coaster not shy of splattering blood all over the scene. There are dramatic moments where decisions have to be made [in time] but also peaceful chapters and fun moments. Some have to be spotted and can be missed. The story builds up slowly based on character development and decisions made. Or so it feels. All strings come together in the end and some scenes may change in detail but the overall outcome is probably the same. I’d have to read up on this or do another play-through to be sure though.

It’s not a difficult game. There are no riddles (minigames) to be solved. The only minigame included is some sort of timing game (“quick action”) where one has to click at the right moment. That was mostly annoying but mercifully simply reset the scene when it really mattered so one could try again.

Depiction of a town in 12th century England

The character style may be an issue for some. Animations are not very smooth and there seems to be no lip sync. Sometimes the animations don’t fire at all. The audio however is very good and makes up for this. Music and scenery are awesome. A lot of research went into this, unlike most games, and the depiction of 12th century England looks adequate [to me]. Since this is a hobby of mine I’m really thrown off if this does not match up in games [or movies]. I also catched the vibe of architectural love for cathedrals that I can relate to. While it’s timberframed buildings for me I can certainly understand the fascination. I visited Guédelon some years ago after all 😉

So if you like stories for your do yourself a favour and get this game. It’s worth every penny.