Netfilter and Multicast

Netfilter can by default not track replies to multicast(/broadcast for IPv4) messages. Thus they are, unless they are explicitely allowed through a stateless rule, not matched by a rule using the conntrack match module. To work around this limitation, I developed a equivalent workaround using ipset and iptables. Theoretically the same can be done with …

Direct firmware load for $something_mc.bin failed with error -2

-2 means that the file was not found. Install linux-firmware or whatever the name for the linux firmware package is of your distro. Install it and reboot. Then that error should be gone. If it’s not, double check if $something_mc.bin exists and check where to get it. It might just not be packaged by the …

Working with SetupDiGetDriverInfoDetailA

When using the Windows setupapi function SetupDiGetDriverInfoDetailA, it can set the thread local error variable to ERROR_INSUFFICIENT_BUFFER or ERROR_INVALID_USER_BUFFER. The two mean basically the same thing: Your buffer is too small. The SP_DRVINFO_DETAIL_DATA_A struct has a dynamically sized tail that contains the Hardware IDs. ERROR_INVALID_USER_BUFFER means that that dynamically sized area is too small.

Making Linux responsive aka how IO priority and buffer size influences responsiveness

When doing backups on Linux, it is ususally wanted that the system stays responsive to inputs. That includes terminals and Xorg/Wayland. In the context of IO niceness, the concept of “everything is a file” bites Xorg/Wayland into the ass quite well because it turns out that writing to the frame buffers and refreshing the screen …

Protecting databases against credentials theft

In the past years credential theft has become a common theme among web sites. They all stem from a compromise of the web or application server or unrelated other infrastructure. Once access to the file system of the database server is achieved or the database can be accessed using the application’s credentials, the stored secret …