From deirdre at deirdre.net Sun Mar 1 05:35:20 2015
From: deirdre at deirdre.net (Deirdre Saoirse Moen)
Date: Sun, 1 Mar 2015 05:35:20 -0800
Subject: [conspire] A Git Tip
Message-ID: <06D1E840-2B88-40B2-BDC9-043671EAEC81@deirdre.net>
Scott DuBois asked me about my git repositories at last night?s Cabal.
And we talked about cron.
Most of what I?m working on is in private repositories. Now, a lot of people know you can have as many public repositories as you want on GitHub?but you have to pay for private repos. Sad panda.
However, bitbucket.org offers as many *private* repositories as you want. For free. Sure, you can have git locally, but it?s almost no extra effort to set up a remote push so you can also have offsite backup.
Then Ross and I were talking about WordPress, so here are my tips about for setting up a git repository for WordPress:
1. Grab this .gitignore file: http://cdn.wpengine.com/wp-content/uploads/2013/10/recommended-gitignore-no-wp.txt
2. Save it as .gitignore in your WordPress director(y|ies).
3. Then:
git init
git add .gitignore
git commit -m ?Adding .gitignore?
vi .htaccess
git add .htaccess
git commit -m ?Adding .htacess?
git add wp-content
git commit -m ?Initial add of wp-content?
That?s usually the point where I create the bitbucket repo and set up pushing.
By default, .htaccess doesn?t exist on WordPress installs, and permalinks (nice URLs) break without it, so it?s kind of important to have. Here?s the .htaccess I use:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
git remote add origin git at bitbucket.org:(username)/(reponame).git
git push -u origin master
4. My crontab (applicable even for non-WordPress, y?know)
$ crontab -l
5 */6 * * * /Users/deirdre/bin/backup-work.sh
(so four times a day at five minutes past the hours divisible by six)
5. That?s a braindead (hey, it works!) little shell script that has things like this:
echo -e "\n* Git Update: deirdre.net...\n"
cd /Users/deirdre/Sites/deirdre.net
git add *
git add .htaccess
git commit -m "Automatic checkin."
git push -u origin master
et voila.
Deirdre
From rick at linuxmafia.com Mon Mar 2 03:29:17 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 2 Mar 2015 03:29:17 -0800
Subject: [conspire] Some spam handling
Message-ID: <20150302112917.GF23123@linuxmafia.com>
Daniel --
Top of my personal mbox, as seen in mutt:
1 NDX 150302 Dr. Nelson Cody ( 53) Top of the day
-> 2 D+ 150302 ottokar-rybnik at wp (4456) FW: YTZC_Wyploty_UCU_opisy
3 NDX 150302 aragornwp at wp.pl (4456) Re: HTYC_Wyploty_UBW_opisy
4 NDX 150302 dfrazierchsc at wp.p (4457) PD: FW: BQOX_Wyploty_UKV_opisy
5 NDX 150302 praca at wp.pl (4456) FW: TDLG_Wyploty_UHZ_opisy
6 ND+ 150302 florex at wp.pl (4456) Re: TMVA_Wyploty_UTL_opisy
7 NDX 150302 theressajzlnrajvl (4457) Re: CYZS_Wyploty_UXF_opisy
8 NDX 150302 ireneusznych at wp.p (4456) Re: PD: FW: FSNP_Wyploty_UGR_opisy
9 NDX 150302 elux at wp.pl (4456) Re: PD: FW: JXAV_Wyploty_UMO_opisy
10 NDX 150302 artbed at wp.pl (4457) PD: FW: VDCG_Wyploty_UQV_opisy
11 NDX 150302 lford at wp.pl (4456) PD: FW: UDBJ_Wyploty_URD_opisy
12 NDX 150302 doniec at wp.pl (4456) PD: ZKNV_Wyploty_UVD_opisy
13 NDX 150302 noconwojciech at wp. (4456) PD: FW: QRBM_Wyploty_UGW_opisy
14 NDX 150302 basia1937 at wp.pl (4456) Re: PD: FW: PSLH_Wyploty_UJQ_opisy
15 N X 150302 logcheck system a ( 4) linuxmafia.com 2015-03-02 01:02 System
16 NDX 150302 detainmentk95 at wp. (4456) Re: ZXSM_Wyploty_UBE_opisy
All of those similar-looking ones are doubtless the same spams you spoke
of, consisting pretty much entirely of just a Zip archive attachment.
So, the thing is, there's only so much you can do to _automatically_
recognise spam. The closest one can come to telling the software
'Consider to be spam anything that looks approximately like _this_'
is to feed mails of that sort to a Bayesian classifier. This cannot
really be done fully programmatically: A human needs to pick them out
and do the feeding.
And that's just what I'm doing. One of a number of factors Exim4 (the
MTA) uses to decide spamicity is the assessment of spamd, the daemonised
(and system-wide) form of SpamAssassin. spamd includes a Bayesian
classifier, and you need to continually feed it examples of spam and of
ham (non-spam) that you wish it to generalise from.
I saved the one's I'm referring to below, writing them out to mbox
/tmp/spam.
Then:
linuxmafia:/# su - Debian-exim
Debian-exim at linuxmafia:~$ sa-learn --spam --mbox /tmp/spam
Learned tokens from 0 message(s) (0 message(s) examined)
Debian-exim at linuxmafia:~$
What the hell?
Let's compare against using the same tool to 'learn' an mbox of known
non-spam, /tmp/ham:
Debian-exim at linuxmafia:~$ sa-learn --ham --mbox /tmp/ham
Learned tokens from 11 message(s) (11 message(s) examined)
Debian-exim at linuxmafia:~$
OK, nothing particularly wrong with the Bayesian classifier; it's
something about those particular messages (the spams). Doesn't take
much Web-searching to confirm my suspicion:
http://fixunix.com/spamassassin/253119-re-sa-learn-max-message-size.html
[The] maximal size of message parsed by SA is hardcoded at 256K.
I think that applies for reporting as well as for checking
That was my recollection, too. If really huge messages were scanned and
classified, the tokens database files would be easily overwhelmed, and
basically you would end up DoSing yourself. After manually using mutt
to whack down the size of each of the 14 spam messages in /tmp/spam
(essentially deleting all but about 20 of each message's attached
Base65-encoded Zip archive):
Debian-exim at linuxmafia:~$ sa-learn --spam --mbox /tmp/spam
Learned tokens from 14 message(s) (14 message(s) examined)
Debian-exim at linuxmafia:~$
There. However, I fear that this really won't help much, because spamd
lacks the ability (in the version I have installed, at least) to, say,
read and analyse the first 256kB of any large message and ignore
everything after that.
So, that probably explains why there's been a flurry of such things
arriving at Mailman. Not _onto_ the mailing lists, of course, but I'm
sure listadmins see some of it lodging in the Mailman admin queues.
As with all such held spam, it's easy to just disregard it in the queues
and let it age out and get thrown away.
I'm afraid I can't spare the time to do this sort of thing _very_
frequently, especially the bits that require diagnosis time.
From rhcom.linux at gmail.com Mon Mar 2 07:33:12 2015
From: rhcom.linux at gmail.com (Scott DuBois)
Date: Mon, 2 Mar 2015 07:33:12 -0800
Subject: [conspire] A Git Tip
In-Reply-To: <06D1E840-2B88-40B2-BDC9-043671EAEC81@deirdre.net>
References: <06D1E840-2B88-40B2-BDC9-043671EAEC81@deirdre.net>
Message-ID: <20150302153312.GA18285@linux.roguehorse.com>
On Sun, Mar 01, 2015 at 05:35:20AM -0800, Deirdre Saoirse Moen wrote:
> 4. My crontab (applicable even for non-WordPress, y?know)
>
> $ crontab -l
> 5 */6 * * * /Users/deirdre/bin/backup-work.sh
>
> (so four times a day at five minutes past the hours divisible by six)
>
> 5. That?s a braindead (hey, it works!) little shell script that has things like this:
>
> echo -e "\n* Git Update: deirdre.net...\n"
> cd /Users/deirdre/Sites/deirdre.net
> git add *
> git add .htaccess
> git commit -m "Automatic checkin."
> git push -u origin master
>
> et voila.
>
> Deirdre
Brilliant!
Thanks. =)
--
Scott DuBois "Computers make excellent and efficient servants...
BSIT/SE but I have no wish to serve under them."
EFF ID: 1731778 -- Spock
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL:
From rick at linuxmafia.com Mon Mar 2 17:31:01 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 2 Mar 2015 17:31:01 -0800
Subject: [conspire] Some spam handling
In-Reply-To: <20150302112917.GF23123@linuxmafia.com>
References: <20150302112917.GF23123@linuxmafia.com>
Message-ID: <20150303013101.GA32548@linuxmafia.com>
Just a brief follow-up:
> [...] spamd lacks the ability (in the version I have installed, at
> least) to, say, read and analyse the first 256kB of any large message
> and ignore everything after that.
(Which would be what the quotation below calls 'truncating'.)
The Spamassassin maintainers explained the logic of the code's behaviour
on their dev mailing list
(http://www.gossamer-threads.com/lists/spamassassin/users/113696):
OK, truncation might be a better policy, as long as the threshold is
nearer what we use now -- 500KB rather than 64KB. ;)
By the way, an explanation of the current policy:
We can say with that only messages below a high-enough threshold should
be scanned, and have a good degree of certainty that this will allow us to
avoid crazy memory consumption/slow scan times/etc., while allowing
through only 0.001% of spam.
This works, because spammers need to be able to send out a certain
number of spam messages per day as part of their economic model, and
this is partly bottlenecked by the size of each message; increasing
the average size of their spams from 7KB (my current avg spam size)
to 600KB to evade SpamAssassin's limits, for example, means that
their spam output would drop to 1.1% of what it was previously.
(Mind you, certain subsets of spammers, such as the japanese-language
porn spammers, seem to send larger messages, probably since they're
not as concerned with volumes.)
The SpamAssassin version I'm currently running default-omits scanning of
any message over 256kB long. Starting with version 3.2, that was upped
to 500kB.
I haven't bothered to look inside the attached Zip files of the recent
mails that I _think_ are the ones Daniel commented on, but figured they
were extremely likely to be yet more MS-Windows malware.
From rick at linuxmafia.com Tue Mar 3 01:56:21 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 3 Mar 2015 01:56:21 -0800
Subject: [conspire] Some spam handling
In-Reply-To: <20150303013101.GA32548@linuxmafia.com>
References: <20150302112917.GF23123@linuxmafia.com>
<20150303013101.GA32548@linuxmafia.com>
Message-ID: <20150303095621.GA6178@linuxmafia.com>
I wrote:
> I haven't bothered to look inside the attached Zip files of the recent
> mails that I _think_ are the ones Daniel commented on, but figured they
> were extremely likely to be yet more MS-Windows malware.
Took a very brief look at one of the unpacked Zips: Very, very likely
to be the MS-Windows malware du jour. (Wrapper text of the message, and
the filenames, are in Polish, for whatever that's worth.)
/tmp $ file 'obwiezczenie o wy+?o++eniu.DOC.exe'
obwiezczenie o wy+?o++eniu.DOC.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
/tmp $
I've just doubled the size of message permitted to be sent to spamd,
via this adjustment in /etc/exim4/sa-exim.conf -- and restarted Exim:
# How much of the body we feed to spamassassin (in bytes)
# Default is 250KB
#SAmaxbody: 256000
SAmaxbody: 512000
From daniel at gimpelevich.san-francisco.ca.us Sat Mar 7 00:31:50 2015
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Sat, 07 Mar 2015 00:31:50 -0800
Subject: [conspire] [Fwd: Eric P. Scott celebration of life]
Message-ID: <1425717110.5990.2.camel@chimera>
Here is the actual announcement, attached.
-------------- next part --------------
An embedded message was scrubbed...
From: Ron Hipschman
Subject: Eric P. Scott celebration of life
Date: Fri, 6 Mar 2015 23:58:54 -0800
Size: 97479
URL:
From dmarti at zgp.org Fri Mar 13 19:41:11 2015
From: dmarti at zgp.org (Don Marti)
Date: Fri, 13 Mar 2015 19:41:11 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
Message-ID: <20150314024111.GA18236@rosmarinus>
I'm looking for a small, preferably fanless, Linux
system that has 2 or more Ethernet interfaces, which
I can use for NAT, firewall, DHCP, and DNS for a
home/small office network. I don't need a wireless
AP, since I already have that.
Preferably running an actively maintained regular
Linux such as Debian. I might end up putting a few
other miscellaneous network services on it.
Anyone using such a machine?
--
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org
From togo at of.net Sat Mar 14 10:03:07 2015
From: togo at of.net (Tony Godshall)
Date: Sat, 14 Mar 2015 10:03:07 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150314024111.GA18236@rosmarinus>
References: <20150314024111.GA18236@rosmarinus>
Message-ID:
I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom
but the proprietary stuff is in the video. And cheap and highly
replaceable. Debian by default. USB Ethernet for the second port might be a
deal killer but I've had pretty good luck with them. Combo USB 2.0 hub with
integrated Ethernet have been solid for me, USB 3.0 not so much. Should be
able to keep up with routing and natting unless your connection is way
faster than mine. Should even be able to saturate the line from USB
storage. I would add the copper heat sinks to the Raspberry Pi and use a
2.1 amp power supply. And stick to the 100 megabit usb ethernet- the
gigabit ones draw a lot more power . If you need to go but that might be a
deal breaker as well. My current router box uses gigabit on the internal
side where it can be useful and 100 megabit usb Ethernet on the external
which more than exceeds my upstream connection.
--
This is unedited. Heck, this may only be phonetically similar to what I
said, which may bear only a passing resemblance to what I meant.
On Mar 13, 2015 7:42 PM, "Don Marti" wrote:
> I'm looking for a small, preferably fanless, Linux
> system that has 2 or more Ethernet interfaces, which
> I can use for NAT, firewall, DHCP, and DNS for a
> home/small office network. I don't need a wireless
> AP, since I already have that.
>
> Preferably running an actively maintained regular
> Linux such as Debian. I might end up putting a few
> other miscellaneous network services on it.
>
> Anyone using such a machine?
>
> --
> Don Marti
> http://zgp.org/~dmarti/
> dmarti at zgp.org
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rossbernheim at gmail.com Sat Mar 14 19:16:07 2015
From: rossbernheim at gmail.com (Ross Bernheim)
Date: Sat, 14 Mar 2015 19:16:07 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To:
References: <20150314024111.GA18236@rosmarinus>
Message-ID:
Pi 2 does not need the heat sink. While quad core, it is make using a newer smaller process so generates less heat. Also the Pi2 uses the newer power supply section that is much more efficient and creates less heat. Also the memory is
moved to a chip on the bottom of the board which reduced the heat in the CPU from the earlier system on a chip configuration.
Ethernet might be a problem as the usb chip is used to do the ethernet. So doing two ethernet ports might be pushing things a bit, particularly if you also want to hang a disk drive off of the usb controller as well.
Ross
> On Mar 14, 2015, at 10:03 AM, Tony Godshall wrote:
>
> I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom but the proprietary stuff is in the video. And cheap and highly replaceable. Debian by default. USB Ethernet for the second port might be a deal killer but I've had pretty good luck with them. Combo USB 2.0 hub with integrated Ethernet have been solid for me, USB 3.0 not so much. Should be able to keep up with routing and natting unless your connection is way faster than mine. Should even be able to saturate the line from USB storage. I would add the copper heat sinks to the Raspberry Pi and use a 2.1 amp power supply. And stick to the 100 megabit usb ethernet- the gigabit ones draw a lot more power . If you need to go but that might be a deal breaker as well. My current router box uses gigabit on the internal side where it can be useful and 100 megabit usb Ethernet on the external which more than exceeds my upstream connection.
>
> --
> This is unedited. Heck, this may only be phonetically similar to what I said, which may bear only a passing resemblance to what I meant.
>
> On Mar 13, 2015 7:42 PM, "Don Marti" > wrote:
> I'm looking for a small, preferably fanless, Linux
> system that has 2 or more Ethernet interfaces, which
> I can use for NAT, firewall, DHCP, and DNS for a
> home/small office network. I don't need a wireless
> AP, since I already have that.
>
> Preferably running an actively maintained regular
> Linux such as Debian. I might end up putting a few
> other miscellaneous network services on it.
>
> Anyone using such a machine?
>
> --
> Don Marti
> http://zgp.org/~dmarti/
> dmarti at zgp.org
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dmarti at zgp.org Sat Mar 14 21:44:08 2015
From: dmarti at zgp.org (Don Marti)
Date: Sat, 14 Mar 2015 21:44:08 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To:
References: <20150314024111.GA18236@rosmarinus>
Message-ID: <20150315044408.GA2900@rosmarinus>
begin Ross Bernheim quotation of Sat, Mar 14, 2015 at 07:16:07PM -0700:
>
> Pi 2 does not need the heat sink. While quad core, it is make using a newer smaller process so generates less heat. Also the Pi2 uses the newer power supply section that is much more efficient and creates less heat. Also the memory is
> moved to a chip on the bottom of the board which reduced the heat in the CPU from the earlier system on a chip configuration.
>
> Ethernet might be a problem as the usb chip is used to do the ethernet. So doing two ethernet ports might be pushing things a bit, particularly if you also want to hang a disk drive off of the usb controller as well.
I might also be able to scavenge up an old
PowerPC-based Mac Mini, which it looks like can be set
up as a decent Debian system.
http://www.sowerbutts.com/linux-mac-mini/
That would also mean finding a good USB Ethernet
device...TRENDnet TU2-E100?
http://free-electrons.com/blog/usbeth/
(Yes, I'm using the "look for blogs and list posts
written by people who compile kernels from source"
method of hardware shopping.)
> > On Mar 14, 2015, at 10:03 AM, Tony Godshall wrote:
> >
> > I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom but the proprietary stuff is in the video. And cheap and highly replaceable. Debian by default. USB Ethernet for the second port might be a deal killer but I've had pretty good luck with them. Combo USB 2.0 hub with integrated Ethernet have been solid for me, USB 3.0 not so much. Should be able to keep up with routing and natting unless your connection is way faster than mine. Should even be able to saturate the line from USB storage. I would add the copper heat sinks to the Raspberry Pi and use a 2.1 amp power supply. And stick to the 100 megabit usb ethernet- the gigabit ones draw a lot more power . If you need to go but that might be a deal breaker as well. My current router box uses gigabit on the internal side where it can be useful and 100 megabit usb Ethernet on the external which more than exceeds my upstream connection.
> >
> > --
> > This is unedited. Heck, this may only be phonetically similar to what I said, which may bear only a passing resemblance to what I meant.
> >
> > On Mar 13, 2015 7:42 PM, "Don Marti" > wrote:
> > I'm looking for a small, preferably fanless, Linux
> > system that has 2 or more Ethernet interfaces, which
> > I can use for NAT, firewall, DHCP, and DNS for a
> > home/small office network. I don't need a wireless
> > AP, since I already have that.
> >
> > Preferably running an actively maintained regular
> > Linux such as Debian. I might end up putting a few
> > other miscellaneous network services on it.
> >
> > Anyone using such a machine?
> >
> > --
> > Don Marti
> > http://zgp.org/~dmarti/
> > dmarti at zgp.org
> >
> > _______________________________________________
> > conspire mailing list
> > conspire at linuxmafia.com
> > http://linuxmafia.com/mailman/listinfo/conspire
> > _______________________________________________
> > conspire mailing list
> > conspire at linuxmafia.com
> > http://linuxmafia.com/mailman/listinfo/conspire
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
--
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org
From danagoyette at gmail.com Sun Mar 15 17:52:37 2015
From: danagoyette at gmail.com (Dana Goyette)
Date: Sun, 15 Mar 2015 17:52:37 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150315044408.GA2900@rosmarinus>
References: <20150314024111.GA18236@rosmarinus>
<20150315044408.GA2900@rosmarinus>
Message-ID:
Here's a Slashdot discussion about an interesting x86 option:
http://hardware.slashdot.org/story/15/01/14/2028230/tiny-fanless-mini-pc-runs-linux-or-windows-on-quad-core-amd-soc
The primary article discusses the CompuLab "fitlet", but that company
has other products as well.
Several comments mention options from other companies such as Soekris
and PCEngines.
One big advantage of going x86 is that you can use any ordinary Linux
or BSD distro; with ARM, you're often stuck with a vendor-specific
kernel.
On Sat, Mar 14, 2015 at 9:44 PM, Don Marti wrote:
>
> begin Ross Bernheim quotation of Sat, Mar 14, 2015 at 07:16:07PM -0700:
>>
>> Pi 2 does not need the heat sink. While quad core, it is make using a newer smaller process so generates less heat. Also the Pi2 uses the newer power supply section that is much more efficient and creates less heat. Also the memory is
>> moved to a chip on the bottom of the board which reduced the heat in the CPU from the earlier system on a chip configuration.
>>
>> Ethernet might be a problem as the usb chip is used to do the ethernet. So doing two ethernet ports might be pushing things a bit, particularly if you also want to hang a disk drive off of the usb controller as well.
>
> I might also be able to scavenge up an old
> PowerPC-based Mac Mini, which it looks like can be set
> up as a decent Debian system.
> http://www.sowerbutts.com/linux-mac-mini/
>
> That would also mean finding a good USB Ethernet
> device...TRENDnet TU2-E100?
> http://free-electrons.com/blog/usbeth/
>
> (Yes, I'm using the "look for blogs and list posts
> written by people who compile kernels from source"
> method of hardware shopping.)
>
>> > On Mar 14, 2015, at 10:03 AM, Tony Godshall wrote:
>> >
>> > I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom but the proprietary stuff is in the video. And cheap and highly replaceable. Debian by default. USB Ethernet for the second port might be a deal killer but I've had pretty good luck with them. Combo USB 2.0 hub with integrated Ethernet have been solid for me, USB 3.0 not so much. Should be able to keep up with routing and natting unless your connection is way faster than mine. Should even be able to saturate the line from USB storage. I would add the copper heat sinks to the Raspberry Pi and use a 2.1 amp power supply. And stick to the 100 megabit usb ethernet- the gigabit ones draw a lot more power . If you need to go but that might be a deal breaker as well. My current router box uses gigabit on the internal side where it can be useful and 100 megabit usb Ethernet on the external which more than exceeds my upstream connection.
>> >
>> > --
>> > This is unedited. Heck, this may only be phonetically similar to what I said, which may bear only a passing resemblance to what I meant.
>> >
>> > On Mar 13, 2015 7:42 PM, "Don Marti" > wrote:
>> > I'm looking for a small, preferably fanless, Linux
>> > system that has 2 or more Ethernet interfaces, which
>> > I can use for NAT, firewall, DHCP, and DNS for a
>> > home/small office network. I don't need a wireless
>> > AP, since I already have that.
>> >
>> > Preferably running an actively maintained regular
>> > Linux such as Debian. I might end up putting a few
>> > other miscellaneous network services on it.
>> >
>> > Anyone using such a machine?
>> >
>> > --
>> > Don Marti
>> > http://zgp.org/~dmarti/
>> > dmarti at zgp.org
>> >
>> > _______________________________________________
>> > conspire mailing list
>> > conspire at linuxmafia.com
>> > http://linuxmafia.com/mailman/listinfo/conspire
>> > _______________________________________________
>> > conspire mailing list
>> > conspire at linuxmafia.com
>> > http://linuxmafia.com/mailman/listinfo/conspire
>>
>
>> _______________________________________________
>> conspire mailing list
>> conspire at linuxmafia.com
>> http://linuxmafia.com/mailman/listinfo/conspire
>
>
> --
> Don Marti
> http://zgp.org/~dmarti/
> dmarti at zgp.org
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
From daniel at gimpelevich.san-francisco.ca.us Sun Mar 15 20:24:06 2015
From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich)
Date: Sun, 15 Mar 2015 20:24:06 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To:
References: <20150314024111.GA18236@rosmarinus>
<20150315044408.GA2900@rosmarinus>
Message-ID: <1426476246.6096.9.camel@chimera>
On Sun, 2015-03-15 at 17:52 -0700, Dana Goyette wrote:
> One big advantage of going x86 is that you can use any ordinary Linux
> or BSD distro; with ARM, you're often stuck with a vendor-specific
> kernel.
Not to mention, Don's original use case seemed more like a job for
pfSense than for GNU/Linux.
From rick at linuxmafia.com Mon Mar 16 03:38:22 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 16 Mar 2015 03:38:22 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150314024111.GA18236@rosmarinus>
References: <20150314024111.GA18236@rosmarinus>
Message-ID: <20150316103822.GM23366@linuxmafia.com>
Quoting Don Marti (dmarti at zgp.org):
> I'm looking for a small, preferably fanless, Linux
> system that has 2 or more Ethernet interfaces, which
> I can use for NAT, firewall, DHCP, and DNS for a
> home/small office network. I don't need a wireless
> AP, since I already have that.
At the most recent CABAL meeting, Dana Goyette ( /me waves from Hilo,
HI) suggested that the AMD Kabini SoC (socket FM1) on a mini-ITX form
factor motherboard might meet my needs for a multi-purpose silent, small
machine on our inside network:
http://www.newegg.com/Product/Product.aspx?Item=N82E16813157574&cm_re=mini-itx_amd-_-13-157-574-_-Product
That's a ASRock QC5000-ITX motherboard bundled with an AMD A4-5000
Quad-Core CPU -- more than powerful enough that people use these suckers
with SSDs as home-theatre PCs. 32GB RAM maximum. To get the multiple
LAN interfaces, you'd have to add a Mini PCIe card, though. It does
have a CPU fan that's said to be not often needed and not obtrusive, but
I'll bet you could swap that out for an aftermarket passive alternative.
The more I study up on even cutting-edge ARM designs like the Novena
(http://www.kosagi.com/w/index.php?title=Novena_Main_Page) & Cubox-i
series, and wildly popular ones like the Raspberry Pi 2, the more I'm
frustrated by some characteristic problems -- which Nathan Willis's
write-up about Stephen Arnold's SCALE talk captured beautifully:
https://lwn.net/Articles/635289/
To wit: Every bloody ARM device requires out-of-tree kernel patches
that aren't necessarily very current at all and may introduce severe
pecuilarities. For devices where you care about graphics (which
obviously doesn't include SOHO routers), you are stuck with a
binary-only, proprietary BLOB. And there's wild variation in what
bootloader is required. The more I look at this mess, the more I think
splurging a few additional watts on an x86_64 alternative makes better
sense for many applications. Like, for example, the missions of
the inside-network host would include being a backup target and running
network IDS software to watch everything else for signs of security
problems, so impliedly it needs to be kept high-security. It would be
kind of sad to unable to fix a serious kernel security hole because some
ARM platform's oddball kernel fork hasn't been brought up to date.
Nathan Willis's LAN.net piece points out that ARM machines' supported
kernel versions tend to be seriously behind the times. This problem
doesn't exist on low-power x86_64 alternatives.
AMD's Kabini series of 'APUs" draw anywhere from 15W to 25W, and their
'Temash' series brethren draw from 3.9W to 9W. These figures are the
newish measure TDP, thermal design power, the maximum heat that any
related cooling system needs to be able to dissipate. Here's a
fascinating little bundle with a fanless quad-core Temash spec'd with
TDP of 8W:
http://www.newegg.com/Product/Product.aspx?Item=N82E16883218035&cm_re=A6-1450-_-83-218-035-_-Product
Only one LAN port, so not qualified for your project, but look at the
size of that thing!
AMD's Kabini and Temash ('Jaguar' SoC, Socket AM1 or Socket FT3)x) were
their low-power APUs for notebooks in 2013. Looks like these were
succeeded in mid-2014 by 'Beema' as the high-power 15 watt series, and
'Mullins' as the 4.5 watt one ('Puma' SoC, Socket FT3b).
http://www.tomshardware.com/reviews/amd-tablet-processor,3813.html
Mullins:
Family Model TDP Cores
A10-Micro 6700T 4.5W 4
A4-Micro 6400T 4.5W 4
E1-Micro 6200T 3.95W 2
Beema:
Family Model TDP Cores
A6 6310 15W 4
A4 6210 15W 4
E2 6110 15W 4
E1 6010 10W 2
Unfortunately, so far as I can see so far, Beema/Mullins seem to have
been ignored by the OEMs except for some HP Pavillion tablets and
netbooks.
From rick at linuxmafia.com Mon Mar 16 04:11:09 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 16 Mar 2015 04:11:09 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150316103822.GM23366@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
Message-ID: <20150316111109.GN23366@linuxmafia.com>
I wrote:
> AMD's Kabini and Temash ('Jaguar' SoC, Socket AM1 or Socket FT3) were
> their low-power APUs for notebooks in 2013. Looks like these were
> succeeded in mid-2014 by 'Beema' as the high-power 15 watt series, and
> 'Mullins' as the 4.5 watt one ('Puma' SoC, Socket FT3b).
> http://www.tomshardware.com/reviews/amd-tablet-processor,3813.html
>
>
> Mullins:
> Family Model TDP Cores
> A10-Micro 6700T 4.5W 4
> A4-Micro 6400T 4.5W 4
> E1-Micro 6200T 3.95W 2
>
> Beema:
> Family Model TDP Cores
> A6 6310 15W 4
> A4 6210 15W 4
> E2 6110 15W 4
> E1 6010 10W 2
>
> Unfortunately, so far as I can see so far, Beema/Mullins seem to have
> been ignored by the OEMs except for some HP Pavillion tablets and
> netbooks.
Here, finally, is a series of fanless mini-PCs based on the AMD E1
Micro-6200T 'Mullins' SoC, including one with two LAN ports:
http://www.fit-pc.com/web/products/fitlet/fitlet-i/
Looks like variants based on the higher-end A10-6700T SoC can now also
be ordered.
It's funny that none of the usual suspects (ASUS, Gigabyte, ASRock,
etc.) are yet making mini-ATX motherboards for these SoCs, though maybe
I'm missing something? Anyway, the Kabini offerings such as that ASRock
bundle I mentioned strike me as pretty sweet for the price.
From rick at linuxmafia.com Mon Mar 16 05:36:05 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 16 Mar 2015 05:36:05 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150316111109.GN23366@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
Message-ID: <20150316123605.GO23366@linuxmafia.com>
I wrote:
> Here, finally, is a series of fanless mini-PCs based on the AMD E1
> Micro-6200T 'Mullins' SoC, including one with two LAN ports:
> http://www.fit-pc.com/web/products/fitlet/fitlet-i/
> Looks like variants based on the higher-end A10-6700T SoC can now also
> be ordered.
That particular Fitlet variant, the one based on the best 'Mullins' SoC, the
quad-core AMD A10-Micro 6700T, went out of stock quickly after it
became available, but I'm sure they'll restock pretty soon. Meanwhile,
specs are interesting:
http://www.fit-pc.com/web/products/specifications/?model%5B%5D=FITLET-GI-C67-WACB
Notice that they claim _total_ system power consumption (not just TDP of
the SoC chip) is 4.5W-10.5W. Impliedly, that includes an SODIMM stick
and an SSD. RAM expansion is limited to 8GB, presumably on account of
the SODIMM support circuitry they've chosen. The SoC has no such
limitation.
But RAM limitation aside, this is a very powerful machine for such a
paltry amount of power consumption. And naturally, this is way more
computer than a SOHO router requires, but, then, the nice thing about
having gobs of spare CPU power (and preferably also RAM) avaoilable in
an otherwise modest little machine is the other possibilities that it
implicitly opens.
From rick at linuxmafia.com Mon Mar 16 12:57:22 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Mon, 16 Mar 2015 12:57:22 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To:
References: <20150314024111.GA18236@rosmarinus>
Message-ID: <20150316195722.GP23366@linuxmafia.com>
Quoting Tony Godshall (togo at of.net):
> I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom
> but the proprietary stuff is in the video.
The other disturbing software bit (for Raspberry Pi 2 Model B), as I
mentioned separately, is the ongoing kernel situation. You're probably
thinking 'At last, a Pi that I can run the standard Debian armhf ('HF' =
hardfloat) port on.' Well, kinda, almost.
With the standard packaged Pi distros, you'll get kernel 3.18, but it's
not the standard kernel by a long stretch. An experimenter reported
that he had to apply 'stack of patches on top from the raspberrypi
github repository' to the corresponding Debian packaged kernel, and then
further tweak the result a bit. Plus some other non-kernel changes.
Details here:
http://sjoerd.luon.net/posts/2015/02/debian-jessie-on-rpi2/
Me, I'd just not be entirely happy with being on hardware the mainline
Linux kernels doesn't know how to support, that requires a whole bunch
of out-of-tree patches all the time. (It seems that _all_ ARM boards
involve this drawback.)
> USB Ethernet for the second port might be a deal killer but I've had
> pretty good luck with them.
Dodgy technology and also CPU-intensive on a machine that doesn't have a
lot of grunt to spare.
But the biggest single omission in the I/O department is SATA. Having
nothing better than a Micro SD port and USB2 is this unit's chief
and most egregious hardware limitation. The 1GB RAM is understandable,
but the lack of even mSATA is puzzling and means you are permanently
stuck with only crappy mass-storage connectivity.
> And cheap and highly replaceable.
That's the good news.
I don't think it's adequate for a router, but standard differ.
From togo at of.net Mon Mar 16 15:38:29 2015
From: togo at of.net (Tony Godshall)
Date: Mon, 16 Mar 2015 15:38:29 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150316195722.GP23366@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316195722.GP23366@linuxmafia.com>
Message-ID:
Good points all.
Thanks for the cogent response.
On Mon, Mar 16, 2015 at 12:57 PM, Rick Moen wrote:
> Quoting Tony Godshall (togo at of.net):
>
>> I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom
>> but the proprietary stuff is in the video.
>
> The other disturbing software bit (for Raspberry Pi 2 Model B), as I
> mentioned separately, is the ongoing kernel situation. You're probably
> thinking 'At last, a Pi that I can run the standard Debian armhf ('HF' =
> hardfloat) port on.' Well, kinda, almost.
>
> With the standard packaged Pi distros, you'll get kernel 3.18, but it's
> not the standard kernel by a long stretch. An experimenter reported
> that he had to apply 'stack of patches on top from the raspberrypi
> github repository' to the corresponding Debian packaged kernel, and then
> further tweak the result a bit. Plus some other non-kernel changes.
> Details here:
> http://sjoerd.luon.net/posts/2015/02/debian-jessie-on-rpi2/
>
> Me, I'd just not be entirely happy with being on hardware the mainline
> Linux kernels doesn't know how to support, that requires a whole bunch
> of out-of-tree patches all the time. (It seems that _all_ ARM boards
> involve this drawback.)
>
>> USB Ethernet for the second port might be a deal killer but I've had
>> pretty good luck with them.
>
> Dodgy technology and also CPU-intensive on a machine that doesn't have a
> lot of grunt to spare.
>
> But the biggest single omission in the I/O department is SATA. Having
> nothing better than a Micro SD port and USB2 is this unit's chief
> and most egregious hardware limitation. The 1GB RAM is understandable,
> but the lack of even mSATA is puzzling and means you are permanently
> stuck with only crappy mass-storage connectivity.
>
>> And cheap and highly replaceable.
>
> That's the good news.
>
> I don't think it's adequate for a router, but standard differ.
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
--
--
Best Regards.
This is unedited.
This message came out of me
via a suboptimal keyboard.
From togo at of.net Mon Mar 16 15:53:46 2015
From: togo at of.net (Tony Godshall)
Date: Mon, 16 Mar 2015 15:53:46 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150316123605.GO23366@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150316123605.GO23366@linuxmafia.com>
Message-ID:
If going x86, also consider the Lenovo Q180/Q190.
$220 on Amazon, easy to blow away Windows (tell the bios enable CSM,
legacy only)
But no obvious way to add ethernet except USB.
I've got about 50 of these buggers deployed as workstations. Much
more reliable so far than the Zino HDs and the Zotac AD02 and AD10s
I'd been buying before them.
Some guys in the forums say they eat 17 watts- haven't measured
myself. Not fanless, but people say they run pretty quiet if you keep
the fan to 40% pwm.
On Mon, Mar 16, 2015 at 5:36 AM, Rick Moen wrote:
> I wrote:
>
>> Here, finally, is a series of fanless mini-PCs based on the AMD E1
>> Micro-6200T 'Mullins' SoC, including one with two LAN ports:
>> http://www.fit-pc.com/web/products/fitlet/fitlet-i/
>> Looks like variants based on the higher-end A10-6700T SoC can now also
>> be ordered.
>
> That particular Fitlet variant, the one based on the best 'Mullins' SoC, the
> quad-core AMD A10-Micro 6700T, went out of stock quickly after it
> became available, but I'm sure they'll restock pretty soon. Meanwhile,
> specs are interesting:
> http://www.fit-pc.com/web/products/specifications/?model%5B%5D=FITLET-GI-C67-WACB
> Notice that they claim _total_ system power consumption (not just TDP of
> the SoC chip) is 4.5W-10.5W. Impliedly, that includes an SODIMM stick
> and an SSD. RAM expansion is limited to 8GB, presumably on account of
> the SODIMM support circuitry they've chosen. The SoC has no such
> limitation.
>
> But RAM limitation aside, this is a very powerful machine for such a
> paltry amount of power consumption. And naturally, this is way more
> computer than a SOHO router requires, but, then, the nice thing about
> having gobs of spare CPU power (and preferably also RAM) avaoilable in
> an otherwise modest little machine is the other possibilities that it
> implicitly opens.
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
--
--
Best Regards.
This is unedited.
This message came out of me
via a suboptimal keyboard.
From rick at linuxmafia.com Tue Mar 17 01:38:20 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 17 Mar 2015 01:38:20 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To:
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150316123605.GO23366@linuxmafia.com>
Message-ID: <20150317083820.GQ23366@linuxmafia.com>
Quoting Tony Godshall (togo at of.net):
> If going x86, also consider the Lenovo Q180/Q190.
>
> $220 on Amazon, easy to blow away Windows (tell the bios enable CSM,
> legacy only)
>
> But no obvious way to add ethernet except USB.
>
> I've got about 50 of these buggers deployed as workstations. Much
> more reliable so far than the Zino HDs and the Zotac AD02 and AD10s
> I'd been buying before them.
>
> Some guys in the forums say they eat 17 watts- haven't measured
> myself. Not fanless, but people say they run pretty quiet if you keep
> the fan to 40% pwm.
These Lenovos are pretty amazingly cost-effective for the many people
who don't care about wired networking, and don't mind topping out at 4GB
on system RAM. For the target market of home theatre PC people, this is
just the thing - and one can imagine many good applications with Linux,
too.
So, congrats on grabbing a few, as I'm sure you'll find good use for
them.
Mostly a me thing, but for the next machine I buy or build, I'm going to
go a bit out of my way to avoid hardware-based limitations that might
prove annnoying over the next half-decade or more. I've managed to do
this several times in the past, through a combination of some care,
instinct, and some amount of dumb luck.
In that regard, looking at the Lenovo HTPC boxes you mention, the lack
of wired LAN stands out, but the hard limit of 4GB RAM about as much.
Why? Because this is the golden age of virtualisation software, and
something like the ASRock min-iTX / AMD Kabini bundle I mentioned wins
IMO even though it draws a few more watts, because it can be expanded to
32GB RAM, which opens up whole new categories of possibilities
unavailable with RAM in the 1GB range like a Raspberry Pi 2 Model B or
most of the other SFF (small form factor) PCs that top out at 2-4 GB.
As you say, the only way you can get wired networking on the Lenovos is
USB-ethernet things (because there's neither an expansion slot nor room
for a card).
All of which are eminently reasonable compromises given the target uses
for the Lenovos.
I have a couple of cynical suspicions about the holes in the market
where it seems like things like a good, Linux-friendly, modestly
expandable SFF computer based on things like AMD Beema/Mullins SoCs
ought to be:
Suspicion #1 (conspiracy-leaning): Intel is so determined to shut AMD
out of the small-device market that they are literally financially
subsidising OEMs' choice of uninspiring and limited crud like the
'Atom'-class Bay Trail SoC platform.
Suspicion #2 (less conspiratorial): AMD suffers because it's been
crowded into price competition with really anaemic, low-spec ARM-based
boards best suited to smartphones and low-end tablets that are so cheap
that the OEMs just aren't willing to pay for better performance and
fewer limits.
#2 would explain both why it's so difficult to _find_
enthusiast-friendly (i.e., not an HP Pavillion sealed-tight mini-something)
units based on the newer and truly amazing lov-power, high-perfoamnce
AMD SoCs, _and_ why low-power computing has been almost completely
abandoned to stripped-down ARM offerings with all their
proprietary-software dependencies and utter lack of standard kernel
support, even after _many_ years of ARM-based Linux computing.
That's why I've finally decided that the smartest compromise in 2015 is
to retreat a bit on my quest for the fewest possible watts from the
wall, and get something like the ASRock min-iTX / AMD Kabini bundle
that fleshes out to 32GB, has _no_ annoying hardware limitations,
has zero proprietary-software problems, requirement for out-of-tree
kernel patchsets with an unknown future, or need for strange one-off
bootloader setups. And yet, _still_ manages to be low-power for
reasonable values of that term.
BTW, somewhere in the garage I have a Kill-A-Watt unit that you plug
between the AC wall outlet and something whose real-world wattage draw
you want to measure. I need to start using that to get some real
figures instead of fibs on spec sheets.
BTW#2, I'm a _little_ surprised that few of the people who've
recommended ARM-based Linux computers to me, including but not limited
to the several Raspberry Pi models, has been particularly bothered by
the bit about being totally dependent on out-of-tree kernel patchsets --
which when I finally noticed it was big news to me, and at least a
yellow flag on the play if not quite a red one.
But I'm guessing the explanation is that most people just take a distro
kernel and use it without even bothering to think about what produced
it, whether it has a likely future, and if lags in the support for newer
kernel.org versions might not create huge security problems in the
future. For most folks, the kernel's just a thing that's there, and
doesn't merit that sort of pondering.
(That is not, of course, to say that these aren't excellent offerings,
especially the Pis. But they have long-term issues that aren't obvious
to many.)
From rick at linuxmafia.com Tue Mar 17 06:48:06 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Tue, 17 Mar 2015 06:48:06 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150317083820.GQ23366@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150316123605.GO23366@linuxmafia.com>
<20150317083820.GQ23366@linuxmafia.com>
Message-ID: <20150317134806.GA14836@linuxmafia.com>
Just wanting to elaborate a bit on:
> Suspicion #2 (less conspiratorial): AMD suffers because it's been
> crowded into price competition with really anaemic, low-spec ARM-based
> boards best suited to smartphones and low-end tablets that are so cheap
> that the OEMs just aren't willing to pay for better performance and
> fewer limits.
>
> #2 would explain both why it's so difficult to _find_
> enthusiast-friendly (i.e., not an HP Pavillion sealed-tight mini-something)
> units based on the newer and truly amazing low-power, high-performance
> AMD SoCs, _and_ why low-power computing has been almost completely
> abandoned to stripped-down ARM offerings with all their
> proprietary-software dependencies and utter lack of standard kernel
> support, even after _many_ years of ARM-based Linux computing.
Somehow through dominating the upper end of the market, Intel seems to
have perpetuated a perception that its CPUs and chipsets are preferable
to AMD's at _every_ price point and in every specialty within the x86_64
market space, which is very demonstrably very untrue. In the low-power,
low-cost segment, AMD has lately had _massively_ better offerings,
especially per dollar.
You look for an Intel-based low-power system, and inevitably find an
Atom-series CPU, which frankly is a bit lackluster in performance, in a
chipset that, at best, maxes out at 8GB RAM. The AMD alternatives are
things like the ASRock mini-ITX / AMD Kabini bundle I cited on Newegg,
which has a quite fast CPU that draws less power than the Atom, runs
cooler, and plugs into a motherboard that maxes out at 32GB. And the
ADM package ends up being cheaper, as well. But people will recommend
Atom-based things anyway, because Intel. Which is kind of crazy.
The lower end, which is what low-power is considered to be, rightly or
wrongly, is dominated within the hardware industry by the
embedded-computing mindset (that surrounds ARM). As Don Marti will tell
you (he having been Editor of _Embedded Linux Journal_ for some years,
the embedded-computing offshoot of _Linux Journal_, secrecy and
proprietary components are totally routines in the embedded space. GPL
enforcement against embedded-computing hardware companies typically
fails for a number of reasons including chipset churn being so rapid
that the violator can just stall for a few months until the model in
question gets EOLed and then says 'Hey, we've ceased violating.' Rapid
chipset churn also means that reverse-engineering is less fruitful
because so many things are moving targets.
But the effect of the _standard_ low-power offerings being relegated to
ARM is that everyone gets so used to the user-facing hassles and
compromises of the ARM platforms that the hassles and compromises fade
to background: Rarely do they get talked about, even by Linux people.
They become 'normal', so people don't say 'Wait, this is stupid. Is
there an alternative that's _almost_ as power-thrifty and _almost_ as
cheap that doesn't have these problems? With no strange boot
configuration and bootloader setups, no out-of-tree patchsets against
old and moldy kernels? No proprietary blobs just to run X11?'
And that is exactly what you _can_ get with the sort of AMD SoC /
miniature motherboard setup I've been talking about in this thread.
In general, the 'HTPC' market is producing some really kick-ass small
form-factor, quiet, low-power hardware at very low prices, and AMD by
all rights ought to own that market, given the exceptional things the
Kabini/Temash, let alone the hard-to-find Beema/Mullins SoCs seems
capable of, provided the OEMs bother to ship motherboards that can use
them instead of assuming that everyone wants ARM-based alternatives just
because they hit absolute bottom dollar.
I'm really not quite understanding why the OEMs have in general done
almost nothing with those chips in SFF PCs, and instead apparently put
them only into tablet computers. It's a pity they haven't.
And all I can add to that is: Linux people who want quality low-power
gear need to be better at voting with their dollars, or this bad
situation will get worse.
From danagoyette at gmail.com Tue Mar 17 10:39:39 2015
From: danagoyette at gmail.com (Dana Goyette)
Date: Tue, 17 Mar 2015 10:39:39 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150317134806.GA14836@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150316123605.GO23366@linuxmafia.com>
<20150317083820.GQ23366@linuxmafia.com>
<20150317134806.GA14836@linuxmafia.com>
Message-ID:
Incidentally, there are some server-grade "Avoton" Atom processors
that have 2, 4, and 8-core models, and support up to 64GB of ECC
memory. For comparison, the Core i7 / Xeon E3 series only does 32GB
memory.
The Avoton SOC contains a four-port Intel i354 network controller, but
oddly, some OEMs ignore that and waste PCIe lanes and watts for
discrete i210 network controllers instead.
Another thing that seems hard to find: low-power AMD boards with IPMI.
IPMI firmware is another can of (usually GPL-violating) worms, but
remote KVM access can be useful.
I'm looking forward to seeing what the AMD Opteron A1100 (aarch64) is
capable of. The SOC has two integrated 10-gigabit controllers, and
can take up to 128GB of ECC memory. I believe AMD is working directly
with the upstream kernel to get the thing supported.
Considering how often the AMD processors are artificially restricted
to bottom-of-the-barrel devices (such as laptops with terrible
screens), it really does make me wonder if Intel is still doing
anticompetitive arm-twisting.
On Tue, Mar 17, 2015 at 6:48 AM, Rick Moen wrote:
> Just wanting to elaborate a bit on:
>
>> Suspicion #2 (less conspiratorial): AMD suffers because it's been
>> crowded into price competition with really anaemic, low-spec ARM-based
>> boards best suited to smartphones and low-end tablets that are so cheap
>> that the OEMs just aren't willing to pay for better performance and
>> fewer limits.
>>
>> #2 would explain both why it's so difficult to _find_
>> enthusiast-friendly (i.e., not an HP Pavillion sealed-tight mini-something)
>> units based on the newer and truly amazing low-power, high-performance
>> AMD SoCs, _and_ why low-power computing has been almost completely
>> abandoned to stripped-down ARM offerings with all their
>> proprietary-software dependencies and utter lack of standard kernel
>> support, even after _many_ years of ARM-based Linux computing.
>
> Somehow through dominating the upper end of the market, Intel seems to
> have perpetuated a perception that its CPUs and chipsets are preferable
> to AMD's at _every_ price point and in every specialty within the x86_64
> market space, which is very demonstrably very untrue. In the low-power,
> low-cost segment, AMD has lately had _massively_ better offerings,
> especially per dollar.
>
> You look for an Intel-based low-power system, and inevitably find an
> Atom-series CPU, which frankly is a bit lackluster in performance, in a
> chipset that, at best, maxes out at 8GB RAM. The AMD alternatives are
> things like the ASRock mini-ITX / AMD Kabini bundle I cited on Newegg,
> which has a quite fast CPU that draws less power than the Atom, runs
> cooler, and plugs into a motherboard that maxes out at 32GB. And the
> ADM package ends up being cheaper, as well. But people will recommend
> Atom-based things anyway, because Intel. Which is kind of crazy.
>
> The lower end, which is what low-power is considered to be, rightly or
> wrongly, is dominated within the hardware industry by the
> embedded-computing mindset (that surrounds ARM). As Don Marti will tell
> you (he having been Editor of _Embedded Linux Journal_ for some years,
> the embedded-computing offshoot of _Linux Journal_, secrecy and
> proprietary components are totally routines in the embedded space. GPL
> enforcement against embedded-computing hardware companies typically
> fails for a number of reasons including chipset churn being so rapid
> that the violator can just stall for a few months until the model in
> question gets EOLed and then says 'Hey, we've ceased violating.' Rapid
> chipset churn also means that reverse-engineering is less fruitful
> because so many things are moving targets.
>
> But the effect of the _standard_ low-power offerings being relegated to
> ARM is that everyone gets so used to the user-facing hassles and
> compromises of the ARM platforms that the hassles and compromises fade
> to background: Rarely do they get talked about, even by Linux people.
> They become 'normal', so people don't say 'Wait, this is stupid. Is
> there an alternative that's _almost_ as power-thrifty and _almost_ as
> cheap that doesn't have these problems? With no strange boot
> configuration and bootloader setups, no out-of-tree patchsets against
> old and moldy kernels? No proprietary blobs just to run X11?'
>
> And that is exactly what you _can_ get with the sort of AMD SoC /
> miniature motherboard setup I've been talking about in this thread.
> In general, the 'HTPC' market is producing some really kick-ass small
> form-factor, quiet, low-power hardware at very low prices, and AMD by
> all rights ought to own that market, given the exceptional things the
> Kabini/Temash, let alone the hard-to-find Beema/Mullins SoCs seems
> capable of, provided the OEMs bother to ship motherboards that can use
> them instead of assuming that everyone wants ARM-based alternatives just
> because they hit absolute bottom dollar.
>
> I'm really not quite understanding why the OEMs have in general done
> almost nothing with those chips in SFF PCs, and instead apparently put
> them only into tablet computers. It's a pity they haven't.
>
> And all I can add to that is: Linux people who want quality low-power
> gear need to be better at voting with their dollars, or this bad
> situation will get worse.
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
From Michael.Paoli at cal.berkeley.edu Wed Mar 18 02:33:35 2015
From: Michael.Paoli at cal.berkeley.edu (Michael Paoli)
Date: Wed, 18 Mar 2015 02:33:35 -0700
Subject: [conspire] check out AC power (Watt)meter (What's Your Watt?/...)
from library
In-Reply-To:
References:
Message-ID: <20150318023335.15866bjolk8uepgc@webmail.rawbw.com>
One can check out AC power Wattmeter (What's Your Watt?) from
library.
San Francisco Public Library has them (What's Your Watt?).
Among other things, they will display Watts. (They're designed
to be quite consumer friendly. They'll also display lbs. of CO2
and $s - the latter two making presumptions which may or may not
be accurate and are (obviously) not direct measurement.)
And if San Francisco Public Library is not sufficiently close/convenient,
if one is CA.US. resident, can check out via Link+ from any Link+
participating library (most public libraries in CA.US. are, also
includes some libraries beyond CA.US.).
Not sure of the details, but appears the Tool Lending Library of
Berkeley Public Library has similar ("electricity monitor" /
"watt meter") - but to check out Tools from
the Berkeley Public Library's Tool Lending Library, one must be
18+ years of age, and also resident of Berkeley or owner of
property (real estate) in Berkeley.
Can be quite convenient and comparatively economical if one only has
rare/occasional use for such.
references/excerpts (some of these URLs may not be persistent):
http://www.sfenvironment.org/whatsyourwatt
http://www.sfenvironment.org/news/update/are-phantom-loads-haunting-your-energy-bill
http://sustainability.ucsf.edu/1.310
http://sfpl.org/index.php?pg=2000610901
http://sfpl.bibliocommons.com/item/show_circulation/2558857093?search_scope=CAL-SFPL
https://csul.iii.com/search/?searchtype=t&SORT=D&searcharg=What%27s+Your+Watt
https://csul.iii.com/
https://www.berkeleypubliclibrary.org/locations/tool-lending-library
https://encore.berkeley-public.org/iii/encore/record/C__Rb1477122__Swatt%20meter__Orightresult__X3?lang=eng&suite=pearl
> Date: Tue, 17 Mar 2015 01:38:20 -0700
> From: Rick Moen
> To: conspire at linuxmafia.com
> Subject: Re: [conspire] Quiet, Freedom-compatible NAT/firewall/misc
> box?
>
> BTW, somewhere in the garage I have a Kill-A-Watt unit that you plug
> between the AC wall outlet and something whose real-world wattage draw
> you want to measure. I need to start using that to get some real
> figures instead of fibs on spec sheets.
From nick at zork.net Wed Mar 18 03:44:18 2015
From: nick at zork.net (Nick Moffitt)
Date: Wed, 18 Mar 2015 10:44:18 +0000
Subject: [conspire] check out AC power (Watt)meter (What's Your
Watt?/...) from library
In-Reply-To: <20150318023335.15866bjolk8uepgc@webmail.rawbw.com>
References:
<20150318023335.15866bjolk8uepgc@webmail.rawbw.com>
Message-ID: <20150318104418.GJ26733@zork.net>
Michael Paoli:
> One can check out AC power Wattmeter (What's Your Watt?) from
> library.
These devices are really useful for installations where you have a lot
of devices running. You can accurately measure median loads, sample and
get a rolling average, and take note of peak load (typically on startup
for devices that have spinning rust).
It's also amazing to look at two identical pieces of hardware and notice
that they have dramatically different power loads. Often you can trace
that to software load differences, and make adjustments as necessary.
But of course the best reason is for energy savings and capacity
planning. You can work out that your mains bus can handle N servers at
normal load, and N/4 at peak load, or what have you. Then you know to
only start up a quarter of your systems at any one time, and stagger
boots (or just increase capacity to cover full synchronised peak load).
From rossbernheim at gmail.com Wed Mar 18 10:11:26 2015
From: rossbernheim at gmail.com (Ross Bernheim)
Date: Wed, 18 Mar 2015 10:11:26 -0700
Subject: [conspire] check out AC power (Watt)meter (What's Your
Watt?/...) from library
In-Reply-To: <20150318104418.GJ26733@zork.net>
References:
<20150318023335.15866bjolk8uepgc@webmail.rawbw.com>
<20150318104418.GJ26733@zork.net>
Message-ID: <584DF350-97C9-43EF-8C9A-68CC76B69E5A@gmail.com>
One thing to remember about the Kill A Watt and similar consumer power/watt meters
is that they are meant for lights and appliances and while they will easily measure
a refrigerator or 100W light bulb, they are not accurate at low power levels.
The accuracy at low levels, typically below seven watts is not terribly useful. As
we move to LED light bulbs that only draw a few watts and very low power
computers with solid state drives these meters may give inaccurate results.
One suggestion is to use a multi-outlet power strip and pair the device you want
to check with another device such as a light bulb that is a constant load above
ten watts so that you can accurately measure it then add the load you want to
test and measure the increased load accurately.
All test equipment has limitations and you need to know what they are so
you can assure the accuracy of your measurements.
Ross
> On Mar 18, 2015, at 3:44 AM, Nick Moffitt wrote:
>
> Michael Paoli:
>> One can check out AC power Wattmeter (What's Your Watt?) from
>> library.
>
> These devices are really useful for installations where you have a lot
> of devices running. You can accurately measure median loads, sample and
> get a rolling average, and take note of peak load (typically on startup
> for devices that have spinning rust).
>
> It's also amazing to look at two identical pieces of hardware and notice
> that they have dramatically different power loads. Often you can trace
> that to software load differences, and make adjustments as necessary.
>
> But of course the best reason is for energy savings and capacity
> planning. You can work out that your mains bus can handle N servers at
> normal load, and N/4 at peak load, or what have you. Then you know to
> only start up a quarter of your systems at any one time, and stagger
> boots (or just increase capacity to cover full synchronised peak load).
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
From rick at linuxmafia.com Wed Mar 18 14:27:19 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Wed, 18 Mar 2015 14:27:19 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150317134806.GA14836@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150316123605.GO23366@linuxmafia.com>
<20150317083820.GQ23366@linuxmafia.com>
<20150317134806.GA14836@linuxmafia.com>
Message-ID: <20150318212719.GL23366@linuxmafia.com>
As a brief follow-up on this one bit:
> The lower end, which is what low-power is considered to be, rightly or
> wrongly, is dominated within the hardware industry by the
> embedded-computing mindset (that surrounds ARM). As Don Marti will tell
> you (he having been Editor of _Embedded Linux Journal_ for some years,
> the embedded-computing offshoot of _Linux Journal_, secrecy and
> proprietary components are totally routines in the embedded space. GPL
> enforcement against embedded-computing hardware companies typically
> fails for a number of reasons including chipset churn being so rapid
> that the violator can just stall for a few months until the model in
> question gets EOLed and then says 'Hey, we've ceased violating.' Rapid
> chipset churn also means that reverse-engineering is less fruitful
> because so many things are moving targets.
The very high rate of chipset churn is related to another aspect: In
embedded computing (as an industry), the expectation is that nothing
needs to be upgradeable, because you're expected to just throw the thing
away and get a newer one, rather than upgrade it.
E.g., normal non-developer people with Android smartphones aren't
expected to ever upgrade Android. They're expected to get new 'phones.
And this mindset is absolutely routine in ARM-based computing, which is
basically embedded computing.
So, those of us who expect to run secure, fixed, updated kernels are
regarded as freaks and outside the target market.
Smartphones and tablets are likely to remain security nightmares, for
that reason alone, and the mindset stands in the way IMO of the hardware
being good for Linux use.
From rick at linuxmafia.com Wed Mar 18 14:44:14 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Wed, 18 Mar 2015 14:44:14 -0700
Subject: [conspire] check out AC power (Watt)meter (What's Your
Watt?/...) from library
In-Reply-To: <584DF350-97C9-43EF-8C9A-68CC76B69E5A@gmail.com>
References:
<20150318023335.15866bjolk8uepgc@webmail.rawbw.com>
<20150318104418.GJ26733@zork.net>
<584DF350-97C9-43EF-8C9A-68CC76B69E5A@gmail.com>
Message-ID: <20150318214414.GM23366@linuxmafia.com>
Quoting Ross Bernheim (rossbernheim at gmail.com):
> One suggestion is to use a multi-outlet power strip and pair the device you want
> to check with another device such as a light bulb that is a constant load above
> ten watts so that you can accurately measure it then add the load you want to
> test and measure the increased load accurately.
That's an excellent idea. Gets the measured figures out of the noise
floor.
From olanna at gmail.com Wed Mar 18 17:46:45 2015
From: olanna at gmail.com (olanna at gmail.com)
Date: Wed, 18 Mar 2015 17:46:45 -0700
Subject: [conspire] Chefcon in Santa Clara
Message-ID:
Hi
I was wondering if anyone is going to chef con. If you're interested in
sharing a room, please let me know.
I'm female, neat and quiet.
Thanks,
Ola
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From togo at of.net Wed Mar 18 17:47:41 2015
From: togo at of.net (Tony Godshall)
Date: Wed, 18 Mar 2015 17:47:41 -0700
Subject: [conspire] check out AC power (Watt)meter (What's Your
Watt?/...) from library
In-Reply-To: <584DF350-97C9-43EF-8C9A-68CC76B69E5A@gmail.com>
References:
<20150318023335.15866bjolk8uepgc@webmail.rawbw.com>
<20150318104418.GJ26733@zork.net>
<584DF350-97C9-43EF-8C9A-68CC76B69E5A@gmail.com>
Message-ID:
I certainly concur that the display does not have much resolution and
thus cannot properly measure the instantaneous power use of cell phone
chargers, led lights, etc. It's also a poor measure of average
electric use of a refrigerator, a heater, anything with a thermostat,
anything that turns on and off. And that includes a computer, which
can turn fan on and off, hard drive on and off, cpu clock up and down,
even shut down and fire up cpus as load requires.
However I've been able to get values that seemed credible to me by
measuring the total kwh over enough time, and then dividing by the
number of hours, both figures being readily available from the
kill-a-wat, which costs, IIRC, $20 or so at Fry's. Don't spend the
extra money on the "easier to use" model- it's pointlessly dumbed
down.
At that price, it's good thing to have around.
Turns out that fancy German fridge with the dual variable speed
compressors will pay for itself. Eventually. Mostly what we like
about it is that it is counter depth and narrow and tall. And has no
ice-maker to break.
On Wed, Mar 18, 2015 at 10:11 AM, Ross Bernheim wrote:
>
> One thing to remember about the Kill A Watt and similar consumer power/watt meters
> is that they are meant for lights and appliances and while they will easily measure
> a refrigerator or 100W light bulb, they are not accurate at low power levels.
>
> The accuracy at low levels, typically below seven watts is not terribly useful. As
> we move to LED light bulbs that only draw a few watts and very low power
> computers with solid state drives these meters may give inaccurate results.
>
> One suggestion is to use a multi-outlet power strip and pair the device you want
> to check with another device such as a light bulb that is a constant load above
> ten watts so that you can accurately measure it then add the load you want to
> test and measure the increased load accurately.
>
> All test equipment has limitations and you need to know what they are so
> you can assure the accuracy of your measurements.
>
> Ross
>
>
>
>
>> On Mar 18, 2015, at 3:44 AM, Nick Moffitt wrote:
>>
>> Michael Paoli:
>>> One can check out AC power Wattmeter (What's Your Watt?) from
>>> library.
>>
>> These devices are really useful for installations where you have a lot
>> of devices running. You can accurately measure median loads, sample and
>> get a rolling average, and take note of peak load (typically on startup
>> for devices that have spinning rust).
>>
>> It's also amazing to look at two identical pieces of hardware and notice
>> that they have dramatically different power loads. Often you can trace
>> that to software load differences, and make adjustments as necessary.
>>
>> But of course the best reason is for energy savings and capacity
>> planning. You can work out that your mains bus can handle N servers at
>> normal load, and N/4 at peak load, or what have you. Then you know to
>> only start up a quarter of your systems at any one time, and stagger
>> boots (or just increase capacity to cover full synchronised peak load).
>>
>> _______________________________________________
>> conspire mailing list
>> conspire at linuxmafia.com
>> http://linuxmafia.com/mailman/listinfo/conspire
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
--
--
Best Regards.
This is unedited.
This message came out of me
via a suboptimal keyboard.
From dmarti at zgp.org Wed Mar 18 21:21:57 2015
From: dmarti at zgp.org (Don Marti)
Date: Wed, 18 Mar 2015 21:21:57 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150316111109.GN23366@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
Message-ID: <20150319042157.GB18331@rosmarinus>
begin Rick Moen quotation of Mon, Mar 16, 2015 at 04:11:09AM -0700:
> Here, finally, is a series of fanless mini-PCs based on the AMD E1
> Micro-6200T 'Mullins' SoC, including one with two LAN ports:
> http://www.fit-pc.com/web/products/fitlet/fitlet-i/
> Looks like variants based on the higher-end A10-6700T SoC can now also
> be ordered.
Wow -- that looks ideal, thank you. Also has 2 HDMI
displays so can set it up to also run Synergy as
extra workspace, or something. Guess I'll wait until
they're back in stock, maybe set up a temporary NAT
box with an old laptop until them.
--
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org
From dmarti at zgp.org Wed Mar 18 21:05:26 2015
From: dmarti at zgp.org (Don Marti)
Date: Wed, 18 Mar 2015 21:05:26 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150318212719.GL23366@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150316123605.GO23366@linuxmafia.com>
<20150317083820.GQ23366@linuxmafia.com>
<20150317134806.GA14836@linuxmafia.com>
<20150318212719.GL23366@linuxmafia.com>
Message-ID: <20150319040526.GA18331@rosmarinus>
begin Rick Moen quotation of Wed, Mar 18, 2015 at 02:27:19PM -0700:
> The very high rate of chipset churn is related to another aspect: In
> embedded computing (as an industry), the expectation is that nothing
> needs to be upgradeable, because you're expected to just throw the thing
> away and get a newer one, rather than upgrade it.
Yes, let's make all the devices on the market
have the glass go as close to the edge as possible.
Because it looks cool. And people are more likely to
buy a device that has a few mm of cool-looking extra
glass on the edge, beyond the actual display area,
than a device that can survive a drop.
> E.g., normal non-developer people with Android smartphones aren't
> expected to ever upgrade Android. They're expected to get new 'phones.
> And this mindset is absolutely routine in ARM-based computing, which is
> basically embedded computing.
When the hardware is designed to shatter (ignoring
the don't make the glass go too close to the edge
lessons of every portable device ever made, from
radios to multimeters) the software might as well be
disposable, too.
Also, you can hire the guys who took the short bus to
law school to write your software licenses...
http://mer-project.blogspot.com/2015/03/some-doubts-about-gpl-licensing-and-bq.html
> So, those of us who expect to run secure, fixed, updated kernels are
> regarded as freaks and outside the target market.
>
> Smartphones and tablets are likely to remain security nightmares, for
> that reason alone, and the mindset stands in the way IMO of the hardware
> being good for Linux use.
Speaking of Android....
http://arxiv.org/pdf/1502.06577v1.pdf
Have a look at the table on page 3. Yes, Google AdMob
sends "user age" and "user gender" over un-encrypted
HTTP (!) (Fair warning: when I do set up my new Linux
router (thanks all for recommendations), I'm going
to have it sniff this.)
--
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org
From rick at linuxmafia.com Wed Mar 18 23:05:29 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Wed, 18 Mar 2015 23:05:29 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150319042157.GB18331@rosmarinus>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150319042157.GB18331@rosmarinus>
Message-ID: <20150319060529.GN23366@linuxmafia.com>
Quoting Don Marti (dmarti at zgp.org):
[my posting of a CompuLab Fitlet description and URL:]
> Wow -- that looks ideal, thank you. Also has 2 HDMI displays so can
> set it up to also run Synergy as extra workspace, or something. Guess
> I'll wait until they're back in stock, maybe set up a temporary NAT
> box with an old laptop until them.
It always struck me that old laptops ought to make fine ad-hoc appliance
hosts. You get low power, quiet operation, and an onboard UPS. Having
two NICs might take some work, depending.
Those CompuLab guys do brilliant engineering. Maybe someone who's less
of a hardware amateur could explain to me why the Fitlet has an 8GB
ceiling on RAM. Dana alluded upthread to some 'Avoton' Atom CPUs maxing
out at 64GB (vs. 8GB) because they were designed to be server-grade.[0]
(I'm not hopeless at understanding this stuff, but am catching up on new
x86_64 hardware after ceasing ot do so around 2006.)
/me Web-searches. 2013 architecture review of the Avoton with block
diagrams and such:
http://techreport.com/review/25311/inside-intel-atom-c2000-series-avoton-processors
Very much better than all the lackluster Bay Trail 'Atom' stuff out
there.
it's capable of true 64-bit addressing
Yeah, that. A lot of online discussions of newish hardware burble at
length about how many 'lanes' of PCIe and how many channels are
available to address SDRAM, but I keep thinking 'Wait, wasn't one of the
key benefits of x86_64 over i386 the expansion of RAM address space from
4GB to some reasonable subset of the theoretical 16 exabyte linear
address space (2^64)?
What I remember is that x86_64 real-world designs were supposed to have
48-bit pinouts, and 2^48 is 256 terabytes. So, machines with a 8GB
limit (like the Fitlet, or most Atom-based machines) means some
cheapskate has limited some key hardware component -- CPU address pins
and decoder circultry? -- to just a _single_ bit more than what an
i386 box could do.
The 'Avoton' Atom CPUs would thus seem to be achieving 2^36 (64GB) RAM
addressing.
I'm jetlagged at the moment, so I'm likely missing something (and won't
swear to my math being exactly right), but, well, if what all this means
is the pernicious effect of price pressure, that's kind of sad. RAM is
cheap, and buying the ability to expand it is thus cheap future-proofing
(not to mention virtualisation).
The Fitlet is so terrific that I hesitate to cavil over something like
its 8GB RAM limit, but, knowing that the AMD A10-6700T SoC and others of
its Beema/Mullins 'Puma' architecture class can address 32GB (I
_think_?), it seems a shame they didn't go higher.
I might be wrong: 8GB might be the max you can get with 'Puma'. I do
know that that ASRock / Kabini ('Jaguar' architecture) bundle I cited
from Newegg[1] can handle 32GB -- and 'Puma' (Beema/Mullins) was the
2014 successor to 2013's 'Jaguar' (Kabini/Temash) architecture.
[0] Everybody loves ECC for 'server-grade' gear, except for when you
have to write the cheque. Personally, in my long experience, I've found
that the Linux kernel tells you very, very clearly when you have bad
RAm, though patterns of segfaulting and spontaneous rebooting that are
unmistakeable. Given that, and choosing to not run a more oblivious OS
such as MS-Windows, why blow the money on ECC? Not worth it, in my
view.
[1] http://www.newegg.com/Product/Product.aspx?Item=N82E16813157518
Note $79 for motherboard and SoC. If you suspect I'm leaning towards
buying one of these bundles plus a compact mini-iTX case, 32GB RAM, and
an SSD or two, you'd be correct.
From nick at zork.net Thu Mar 19 01:27:45 2015
From: nick at zork.net (Nick Moffitt)
Date: Thu, 19 Mar 2015 08:27:45 +0000
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150319040526.GA18331@rosmarinus>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150316123605.GO23366@linuxmafia.com>
<20150317083820.GQ23366@linuxmafia.com>
<20150317134806.GA14836@linuxmafia.com>
<20150318212719.GL23366@linuxmafia.com>
<20150319040526.GA18331@rosmarinus>
Message-ID: <20150319082745.GA26733@zork.net>
Don Marti:
> http://arxiv.org/pdf/1502.06577v1.pdf
> Have a look at the table on page 3. Yes, Google AdMob sends "user
> age" and "user gender" over un-encrypted HTTP (!)
This is why nobody pesters people with A/S/L any more.
From rick at linuxmafia.com Thu Mar 19 02:37:20 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 19 Mar 2015 02:37:20 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150319060529.GN23366@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150319042157.GB18331@rosmarinus>
<20150319060529.GN23366@linuxmafia.com>
Message-ID: <20150319093720.GA11378@linuxmafia.com>
Something similar to the ASRock motherboard / AMD SoC bundle cited here...
> http://www.newegg.com/Product/Product.aspx?Item=N82E16813157518
> Note $79 for motherboard and SoC. If you suspect I'm leaning towards
> buying one of these bundles plus a compact mini-iTX case, 32GB RAM, and
> an SSD or two, you'd be correct.
...is this similar ECS motherboard / AMD SoC bundle, which is _fanless_,
thus totally silent:
http://www.newegg.com/Product/Product.aspx?Item=N82E1681313536
Fanless operation is possible because it uses an AMD E1-2100, which is a
dual-core "Kabini" SoC (9W TDP) -- cf. the fan-cooled quad-core AMD A4-5000
'Kabini' (15W TDP) bundled with the ASRock.
Motherboard is an Elitegroup Computer Systems (ECS) KBN-I mini-ITX
board. Linux-oriented review at a different site, here:
http://linuxgizmos.com/rugged-mini-itx-board-runs-amd-kabini-system-on-chip/
Reading the Newegg customer reviews on the ECS bundle is interesting.
You have to ignore 2/3 that are from Windows users whining about how
they need more CPU power. The Linux users are generally happy. Major
points to note:
o The Realtek 8111E ethernet chipset isn't great (no surprise; it's
Realtek), and you'll want a kernel, e.g., Debian Jessie or CentOS 6.2.
(I believe a mini-PCIe card with one or more Intel NIC is pretty
cheap, if the RealTek is a problem.) Grumbling from Ubuntu people
not smart enough to use leading-edge releases must be discounted
along with the MS-Windows people.
o Total _system_ AC draw (presumably with SSD) is said to be about
6-8W in normal use. Another says with a hard drive it's 13W at
idle, 20W loaded. Either way, pretty amazing -- down in
Raspberry Pi territory.
o ATX PSU needs to be one with a 24-pin connector, not 20-pin.
o Some customers claim ECS has questionable QA, e.g., infant mortality
and replacement. Doesn't seem like a company with lots of friends.
(I've never heard of it before, FWIW.)
o Against all odds, this board/SoC combo is fast enough for home theatre PC
duty, though it's no speed demon. Loved one reviewer's characterisation
of the machine as a 'phone chip glued on a micro board'.
I get the vibes that ASRock's motherboards are maybe more solid --
but I'm new to this market and don't know the players.
Don, you wanted silent. This meets spec for your project (w/NIC board
in one of the 2 PCIe slots, to give you that second NIC). Newegg
customer reviews say cost of the combo is about $30 after ECS's rebate
-- which, again, makes this a Pi competitor.
From rick at linuxmafia.com Thu Mar 19 03:20:40 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 19 Mar 2015 03:20:40 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150319093720.GA11378@linuxmafia.com>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150319042157.GB18331@rosmarinus>
<20150319060529.GN23366@linuxmafia.com>
<20150319093720.GA11378@linuxmafia.com>
Message-ID: <20150319102040.GR23366@linuxmafia.com>
Fixing a word omission caused by jetlag:
> o The Realtek 8111E ethernet chipset isn't great (no surprise; it's
> Realtek), and you'll want a kernel, e.g., Debian Jessie or CentOS 6.2.
^ recent
Realtek reliably fields network chips that are OK but no great prize,
and are of the 'I wish they'd used an Intel e1000 but this will do'
variety. In this case, the 8111E ethernet chip is gratuitously
different enough from prior Realtek chips that you need a _current_
distro with a _current_ set of drivers (and kernel), else it is likely
to get misrecognised as a different Realtek chip, putting you through
hassles where (on older distros) you have to 'blacklist' the wrong
driver to force use of the correct one.
The ASRock combo has the same slightly cheesy Realtek LAN chip, FWIW.
(Basically, a Realtek network chip is a sign of cheapness but not a
catastrophe. Kind of like Broadcom and Marvell chips.)
From togo at of.net Thu Mar 19 11:10:19 2015
From: togo at of.net (Tony Godshall)
Date: Thu, 19 Mar 2015 11:10:19 -0700
Subject: [conspire] glass to the edge [Re: Quiet,
Freedom-compatible NAT/firewall/misc box?]
Message-ID:
...
> Yes, let's make all the devices on the market
> have the glass go as close to the edge as possible.
> Because it looks cool. And people are more likely to
> buy a device that has a few mm of cool-looking extra
> glass on the edge, beyond the actual display area,
> than a device that can survive a drop.
amazingly a polycarbonite thin-shell that sticks about
0.3mm above the glass makes a huge difference.
the snap-on kind, not the snap-together crap. I would
have killed my oneplus a dozen times by now, how
many times i have dropped it on concrete
Tony
From rick at linuxmafia.com Thu Mar 19 13:35:53 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 19 Mar 2015 13:35:53 -0700
Subject: [conspire] [OT]* PowerPoint karaoke
Message-ID: <20150319203553.GG4018@linuxmafia.com>
All my life, I've been waiting for this:
http://www.wsj.com/articles/powerpoint-karaoke-brings-stress-relief-to-silicon-valleys-embattled-office-workers-1426728632
PowerPoint Karaoke Brings Stress Relief to Silicon Valley's Embattled Office Workers
'PowerPoint karaoke' pits players in improv slideshows, whales, chest hair
[...]
The mix of improvised comedy and corporate-culture takedown is based
on a simple notion: Many PowerPoint presentations are unintentional
parody already, so why not go all the way?
[...]
At a February PowerPoint karaoke show in San Francisco, contestants
were given pairings of topics and slides ranging from a self-help
seminar for people who abuse Amazon Prime, with slides including a dog
balancing a stack of pancakes on its nose, to a sermon on 'Fifty
Shades of Grey,' with slides including a pyramid dotted with
blocks of numbers. Another had to explain the dating app Tinder to
aliens invading the Earth, accompanied by a slide of old floppy disk
drives, among other things.
My favourite bit of this article is a guest appearance by Never Say Anything:
Ubiquity has a downside: When former National Security Agency
contractor Edward Snowden leaked information about the agency's
digital-surveillance programs, commenters panned the agency's
slidework. An architecture and design columnist for the Guardian
newspaper said the NSA's PowerPoints looked 'like the work of
a drunken toddler, high on the potentials of AutoShapes and WordArt.'
An NSA spokeswoman didn't respond to a request for comment.
* As if that weren't apparent from the title.
From rick at linuxmafia.com Thu Mar 19 23:27:11 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 19 Mar 2015 23:27:11 -0700
Subject: [conspire] Partly as a reminder about the Sat. March 28 CABAL
meeting
Message-ID: <20150320062711.GZ23123@linuxmafia.com>
----- Forwarded message from Ken Bernard -----
Date: Thu, 19 Mar 2015 22:59:33 -0700
From: Ken Bernard
To: installers at linuxmafia.com
Subject: I hope to attend CABAL Sat. March 28
Hi Rick-
I hope to attend the CABAL installfest on March 28. I hope to install
Ubuntu 12.04.5 LTS or 14.04.2 LTS on an old Lenovo ThinkPad T61. The laptop
was new when Windows XP was being retired. I don't know if we will be
successful in getting Ubuntu working on it, but it would save me the hassle
of buying a new laptop.
I have downloaded the distros and burned them to disc, which I will bring.
See you next week
Ken Bernard
----- End forwarded message -----
----- Forwarded message from Rick Moen -----
Date: Thu, 19 Mar 2015 23:20:39 -0700
From: Rick Moen
To: Ken Bernard
Subject: Re: I hope to attend CABAL Sat. March 28
Organization: If you lived here, you'd be $HOME already.
Quoting Ken Bernard (kenbernard at gmail.com):
> I hope to attend the CABAL installfest on March 28. I hope to install
> Ubuntu 12.04.5 LTS or 14.04.2 LTS on an old Lenovo ThinkPad T61. The laptop
> was new when Windows XP was being retired.
Hi, Ken!
I have high confidence of no problems. The T60 series was a really good
one that by around 2008 had really excellent Linux support.
----- End forwarded message -----
From dmarti at zgp.org Fri Mar 20 06:57:57 2015
From: dmarti at zgp.org (Don Marti)
Date: Fri, 20 Mar 2015 06:57:57 -0700
Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box?
In-Reply-To: <20150319082745.GA26733@zork.net>
References: <20150314024111.GA18236@rosmarinus>
<20150316103822.GM23366@linuxmafia.com>
<20150316111109.GN23366@linuxmafia.com>
<20150316123605.GO23366@linuxmafia.com>
<20150317083820.GQ23366@linuxmafia.com>
<20150317134806.GA14836@linuxmafia.com>
<20150318212719.GL23366@linuxmafia.com>
<20150319040526.GA18331@rosmarinus>
<20150319082745.GA26733@zork.net>
Message-ID: <20150320135757.GA32625@rosmarinus>
begin Nick Moffitt quotation of Thu, Mar 19, 2015 at 08:27:45AM +0000:
> Don Marti:
> > http://arxiv.org/pdf/1502.06577v1.pdf
> > Have a look at the table on page 3. Yes, Google AdMob sends "user
> > age" and "user gender" over un-encrypted HTTP (!)
>
> This is why nobody pesters people with A/S/L any more.
Time to review iptables string matching. "Hi there,
my router says you're into [user interest]..."
This is also why it's a win to have an audio out
on your router. (Yes, AdMob is on Apple iOS too,
not just Android.)
I knew there was a reason I was building my own router
and not just buying one.
--
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org
From rick at linuxmafia.com Fri Mar 20 15:43:43 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 20 Mar 2015 15:43:43 -0700
Subject: [conspire] The end of PerlHoo?
Message-ID: <20150320224343.GB23366@linuxmafia.com>
tl;dr: Any Perlista want to fix an XSS problem in a simple 100-line
Perl CGI?
This is a story about how the world changes.
Once Upon a Time
----------------
In the halcyon dot-com year 1999, there was a Perl teaching project
called PerlHoo in three articles by Jonathan Eisenzopf. Which I didn't
notice until four years later.
In our continuing effort to save the world in less than one hundred
lines of Perl code, we will now embark on a quest to build a complete
Yahoo-like Web directory. The evolution of PerlHoo will occur over the
next few issues of Mother of Perl. In this issue, we will build a simple
implementation in (you guessed it) less than 100 lines of code.
http://www.webreference.com/perl/tutorial/2/
http://www.webreference.com/perl/tutorial/3/
http://www.webreference.com/perl/tutorial/5/
It was a nice little project for 1999. I found it in 2003, it
being exactly what I needed to organise my appalling sprawl of public
ASCII files. I also found and expanded a Python script to HTMLise
the ASCII information files I most cared about.
Setting up PerlHoo is easy. A little Apache HTTPd logic permits the
PerlHoo CGI to display a virtual webspace directory tree at URL
http://linuxmafia.com/kb/ ('kb' for knowledgebase) by parsing a file in
any directory of the underlying physical tree (/var/www/faq/, on my
server) to parse comma-separated file perlhoo.csv and construct/display
an index.html file based on the CSV values. Each line (entry) of the
CSV file could point to any URL, either local or remote.
You can see the guts of the tree at http://linuxmafia.com/faq/, where
the perlhoo.csv file in each folder gets parsed to make index.html for
the corresponding virtual webspace folder in http://linuxmafia.com/kb/ .
PerlHoo was exactly what I needed -- as opposed to all the hideously
overengineered CMSes and wikis people suggested when I described the
problem. The problem was: 'I have HTMLised local files, plus
interesting remote pages, and I'd like to organise them on my Web site.
You know, like the old Yahoo hierarchical catalogue.' All of the dozens
of suggestions from LUG people were -- sorry -- inane and Didn't Get It.
But I saw PerlHoo and said 'Yes. Exactly like that.'
PerlHoo had one other function as well, little-used on my site, and this
is where things started to go wrong in early days. The virtual webspace
allowed the public to submit candidate URLs to add. Just like the old
Yahoo Web directory. Anyone spotting the first snake in this Garden of
Eden? Anyone? Bueller?
Comment Spam
------------
Anyone running any site that accepts _any_ kind of HTTP POST or GET
submissions knows this one: Spammers and scammers blanket the Internet
with automated bots probing all advertised services (including of course
Web servers and their pages), looking for places to spamvertise.
PerlHoo's submission feature is completely devoid of any attempt to
block this. Results are predictable -- but not a big problem. Example
from the Knoledgebase's Admin folder:
linuxmafia:/var/www/faq/Admin# ls -l perlhoo*
-rw-r--r-- 1 rick rick 6601 Jul 8 2013 perlhoo.csv
-rw-r--r-- 1 rick rick 6486 Feb 23 2012 perlhoo.csv~
-rw-r--r-- 1 www-data www-data 1748 Mar 2 2014 perlhoo_new.csv
linuxmafia:/var/www/faq/Admin#
perlhoo_new.csv is the submissions from the public. (perlhoo.csv is the
curated and dislayed Web diretory for the Admin category.) Once in a
long while -- almost never, really, I've looked through the
perlhoo_new.csv files, and maybe a dozen times over 12 years or so has
there been a human-submitted entry. All the rest is inane comment spam.
(The dozen or so exceptions tends to be people who didn't quite get what
each folder was for, or were trying to promote their Web sites, the
usual random noise. Maybe three were ever submissions i liked and moved
to perlhoo.csv.)
So, that part of PerlHoo was a failure for lack of spam control. But
it can be just ignored. Some folders, I just chowned perlhoo_new.csv
so the Apache user could no longer write to it, because the feature
was effectively useless.
But I modestly updated Jonathan's CGI to make it serve valid HTML 4.01
Transitional, and otherwise just loved it for what it was: a simple,
elegant solution to a simple problem. (Jonathan never touched it after
his 1999 teaching article. In software-engineering terms, it's orphaned
code. Or, if you're more of a glass-half-full person, it's a finished
project.)
You Have to Sanitise Public Data
--------------------------------
I don't want to belittle Jonathan Eisenzopf. I love PerlHoo. But the
second thing he completely failed to do was sanitise input data.
PerlHoo's CGI takes an incoming URL from the user's Web browser and says
'Oh, you want the virtual webspace index for _this_ directory.' But
what if what's submitted is not just the intended URL? Did Jonathan
make sure contrived data sent to the CGI couldn't trick it into doing
something stupid? No, he did not.
Date: Thu, 19 Mar 2015 22:11:22 +0000
From: Ayoub Tabout
To: bofh at linuxmafia.com
Subject: XSS Vuln. in your website
Hi,
i've discovred The XSS Vuln. in a subdomain on your website that may
enables attackers to inject client-side script into Web pages viewed by
other users. A cross-site scripting vulnerability may be used by
attackers to bypass access controls such as the same origin policy.
Here's the url :
http://linuxmafia.com/kb/Kernel%27%22%3E%3C/title%3E%3Cscript%3Ealert%280%29%3C/script%3E%27%22%3E%3Cmarquee%3E%3Ch1%3EXSS%20found%3C/h1%3E%3C/marquee%3E
Aw, crud. That's a design flaw in PerlHoo that I probably _shouldn't_
just ignore, because it's a security hole. Ironically, it's not usable
to attack my site. It's usable to attack other sites via reflecting
attacks through mine.
Ayoub was kind enough to tell me that PerlHoo completely punts -- fails
-- on one task that all Web applications must do. It needs to parse
input data to make sure it cannot be used to encode, say, a second
attack URL that the serving HTTPd process then gets tricked into serving
up to the user, making the user carry out targeted attacks against the
user him/herself or against third-party Web sites. This is called a
'cross-site scripting' (abbreviated XSS) vulnerability.
http://en.wikipedia.org/wiki/Cross-site_scripting
XSSes are a little difficult to wrap your brain around, and a subtle
concept. The threat model involve a deliberate violation of 'same orgin
policy', where the contrived URL causes content from two places to get
served in a goulash so that untrustworthy content (from, say,
evilsite.com) gets mixed into content the user trusts (from, say,
Linuxmafia.com Knowledgebase).
Someone could put up in webspace a link to what's _claimed_ to be a
Linuxmafia.com Knowledgebase entry. The link's URL would indeed be to
linuxmafia.com's PerlHoo CGI, but the URL would also include encoded
links to 'malicious' content offsite. And PerlHoo would then fail to
notice the chicanery and fail to disable the active content reference
being passed through it to the user.
Ayoub proved that PerlHoo provided no protection against it being fooled
in this fashion -- just as Jonathan failed to include any protection
against comment spam.
The threat model isn't an attack on linuxmafia.com. It's an attack on
users of linuxmafia.com. The reason I'm obliged to care is that I want
you to get linuxmafia.com content and not hidden redirects to
evilsite.com when you are seeing my Knowledgebase on your screen.
A Simple Matter of Programming
------------------------------
OK, you are saying. Retrofit input sanitising into PerlHoo. Sure.
I'll get right on that.
Except I'm (1) not good and Perl, and (2) so backlogged I can't
reasonably take this on. Or rather I shouldn't. Way too much on my
plate, especially since I moderately suck as a Perlista. (Never claimed
to be one.)
Here's PerlHoo (updated by me to serve valid HTML):
http://linuxmafia.com/pub/linux/apps/perlhoo-linuxmafia-1.21.tar.gz
I will say: Jonathan writes nice, clean Perl that's a pleasure to read.
I just am a bit stumped about how to add some lines to sanitise the
submitted URL line that PerlHoo defangs, e.g. puts inside comment tags
or whatever, any URI that's not supposed to be there.
Any actual Perlist willing to try to fix it? Maybe splicing in a call
to extra CPAN module Filter::Handle::Tainted , the way one of the
Perlmonks suggests here? http://www.perlmonks.org/?node_id=224782
I really don't know what's the sanest way to code an adequate fix.
Maybe you, the reader, do.
Any Perl coder want to fix this, I'll buy you dinner, or a six-pack of
$GOODBEER, or a nice bottle of wine.
Say Goodbye to PerlHoo?
-----------------------
If I can't fix it in maybe a week, I'll probably just convert the
CGI-generated index file for each folder into a static HTML file and
remove PerlHoo. Honestly, I've never gotten any mileage out of
PerlHoo's theoretical dynamic features, so it might as well be flat
HTML, and the content will be exactly the same.
From rick at linuxmafia.com Fri Mar 20 16:14:20 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Fri, 20 Mar 2015 16:14:20 -0700
Subject: [conspire] (forw) Re: Ancient hardware [Was: Can Ubuntu 14.04 not
install on a new HD?]
Message-ID: <20150320231420.GD23366@linuxmafia.com>
GMTA. ;->
----- Forwarded message from Craig Sanders -----
Date: Sat, 21 Mar 2015 08:32:18 +1100
From: Craig Sanders
To: luv-main at luv.asn.au
Subject: Re: Ancient hardware [Was: Can Ubuntu 14.04 not install on a new HD?]
On Thu, Mar 19, 2015 at 03:38:41PM +1100, Erik Christiansen wrote:
> > I'm actually surprised there's enough memory in the machine to run
> > a modern desktop environment and web browser. A 2004 era machine
> > probably only has between 0.1 and 0.5 GB of RAM. I think?
>
> It's now a bit newer (VIA C7), and has a whole 1 GB, so no drama
> there.
that's a 32-bit CPU from Sep 2006, nearly 9 years old. are you aware
that you can upgrade to a modern machine for under $170?
e.g. the cheapest current parts combo i can find at MSY today is:
AMD A4-7300 64-bit dual-core CPU + GPU $58
ASRock A58M-HD+ motherboard $65
4G Kit DDR3-1333 RAM (2x2GB) $46
if the RAM in your current mb is DDR3 (it probably isn't), you could put
off buying the new ram for a while, but 1GB isn't really adequate for a
modern desktop any more. the machine will likely be swapping to disk by
the time it finishes booting and you login even with a "light" desktop
like xfce or lxde, let alone start running memory hogs like iceweasel or
chromium.
you've already got yourself a new drive but if you hadn't, you can get a
64GB SSD for $56 these days. small but much faster than any mechanical
drive.
FYI, comparison of the A4-7300 with the C7:
http://www.cpu-world.com/Compare/887/AMD_A4-Series_A4-7300_%28JA%29_vs_VIA_C7-D_1800_400.html
note that the max power usage of the A4-7300 is 65W versus 20W for the
C7 - but the A4-7300 includes a built-in Radeon R3 graphics processor.
if your current graphics card is as old as your mb and cpu, then it
probably uses at least 30-40W anyway, and isn't anywhere near as good as
the R3....9+ years is a LONG time in the evolution of GPUs.
also, FYI, the Intel G1840 (a dual-core 64-bit celeron with built-in
graphics) costs $55 but the cheapest Haswell Refresh motherboards start
at nearly twice the price of the cheapest AMD FM2+ motherboards....and
Intel, as usual, sucks at upgradability. once again you have to discard
your old m/b if you want to upgrade to the new generation of CPUs. AMD
OTOH generally keep the same socket for at least two generations so you
can keep upgrading your CPU without having the expense and waste of a
new motherboard.
(the asrock m/b above can take any FM/FM2+ CPU up to the current
A10-7850K CPU, a quad-core 4Ghz CPU with Radeon R7 graphics for $199,
and probably several future CPUs too)
this upgradability issue is the main reason I haven't switched back
to Intel CPUs. the latest Intel chips are undeniably better than the
current AMD CPUs, but the initial expense of switching (new mb and new
CPU, maybe new RAM) is much higher and intel's history with socket
changes tells me I'd have the same high expenses in future every time i
upgraded. my current machine is good enough for now, so i'll just wait
until AMD releases an upgraded CPU i can swap in.
craig
--
craig sanders
_______________________________________________
luv-main mailing list
luv-main at luv.asn.au
http://lists.luv.asn.au/listinfo/luv-main
----- End forwarded message -----
From rick at linuxmafia.com Sat Mar 21 21:46:23 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Sat, 21 Mar 2015 21:46:23 -0700
Subject: [conspire] (forw) Re: Ancient hardware [Was: Can Ubuntu 14.04 not
install on a new HD?]
Message-ID: <20150322044623.GD23768@linuxmafia.com>
Probable answer to the question of _why_ the 2014 AMD low-power SoCs
can drive only 8GB RAM maximum, while their immediate predecessors
(such as Kabini SoCs) from 2013 can drive 4x as much.
It's because the motherboards have two DIMM sockets, and the particular
flavour of low-power DDR3 DIMMs required aren't available in higher
density than 4GB per stick. Ergo, 8GB max. So, it's not the SoC but
the RAM itself.
----- Forwarded message from Rick Moen -----
Date: Sat, 21 Mar 2015 19:35:42 -0700
From: Rick Moen
To: luv-main at luv.asn.au
Subject: Re: Ancient hardware [Was: Can Ubuntu 14.04 not install on a new HD?]
Organization: If you lived here, you'd be $HOME already.
Quoting Colin Fee (tfeccles at gmail.com):
> AIUI it's an economic compromise made by CPU manufacturers and mobo
> manufacturers.
Sounds reasonable (and this is what I expected). Part of what I'm
curious about (not asking _you_ specifically, but rather just putting
the question out in the air) is whether this implementation compromise
is, particularly in recently discussed SoCs and motherboards, imposed by
the SoC or not. And which specific component or components create(s) it.
Most particularly, I am curious whether I am wasting my time looking
aroudn for motherboards compatible with AMD's 2014 'Puma' series of SoCs
(the Beema and Mullins series) capable of supporting more than 8GB of
RAM -- because to the extent I find Beema/Mullins used, which is
distressingly rare, I see 8GB limits.
[RM: snipping the rest]
--
Cheers, I'm ashamed at how often I use a thesaurus. I mean bashful.
Rick Moen Embarrassed! Wait--humiliated. Repentant. Chagrined! Sh*t!
rick at linuxmafia.com -- @cinemasins
McQ! (4x80)
_______________________________________________
luv-main mailing list
luv-main at luv.asn.au
http://lists.luv.asn.au/listinfo/luv-main
----- End forwarded message -----
----- Forwarded message from Craig Sanders -----
Date: Sun, 22 Mar 2015 15:11:03 +1100
From: Craig Sanders
To: luv-main at luv.asn.au
Subject: Re: Ancient hardware [Was: Can Ubuntu 14.04 not install on a new HD?]
On Sat, Mar 21, 2015 at 04:17:02PM -0700, Rick Moen wrote:
> Quoting Craig Sanders (cas at taz.net.au):
>
> > funnily enough, i have a similar reaction to most intel motherboards
> > - their CPUs can be quite good, but the PCIe lines available and the
> > I/O is minimal compared to AMD AM2/3/3+ CPUs and motherboards.
>
> Here's a question that stumps me just a bit: Why are so many x86_64
i know this question wasn't actually addressed to me, but i just wanted
to say that i'm quite interested in this conversation but unable to
continue at the moment because i'm getting ready to go into hospital
tomorrow - i expect to be in for about 10-14 days (having my right
polycystic kidney removed...the left one was removed last year and
weighed 6.5 Kg or about 1 stone in archaic units)
i probably wont have internet access because dealing with the hospital's
wifi authentication system (they come around with a daily changed
password sometime in the mid-to-late afternoon, which stops working
abruptly at midnight when the password is changed) is way more hassle
than it's worth.
in any case, i expect i shall be making use of the magic
morphine-on-demand button (max 1 hit every 15 minutes) for the first day
or two.
so, anyway, sorry for dropping out of the convo so abruptly - it's been
interesting and educational and has spurred me to do more reading and
research than i really have time for right now :)
the only detail i've managed to find about the mullins/beema memory
controllers is that they're both single channel and support up to two
dimms.
AFAICT they're both also DDR3-L (low power variant of ddr3), which only
seeems to be available in 1, 2, and 4GB sticks at the moment. so that
may be the source of the 8GB limit.
craig
ps: i have warned my surgeon that if i cark it on the operating table,
i'll turn on the spot and he'll have a zombie outbreak to deal with.
(i promised the same thing last year and the very first thing i said
to my partner when i woke up after surgery was "braaaaaainzzzz".
fortunately she had left her katana at home)
--
craig sanders
BOFH excuse #241:
_Rosin_ core solder? But...
_______________________________________________
luv-main mailing list
luv-main at luv.asn.au
http://lists.luv.asn.au/listinfo/luv-main
----- End forwarded message -----
From rhcom.linux at gmail.com Mon Mar 23 09:35:39 2015
From: rhcom.linux at gmail.com (Scott DuBois)
Date: Mon, 23 Mar 2015 09:35:39 -0700
Subject: [conspire] [OT]* PowerPoint karaoke
In-Reply-To: <20150319203553.GG4018@linuxmafia.com>
References: <20150319203553.GG4018@linuxmafia.com>
Message-ID: <20150323163539.GC22353@linux.roguehorse.com>
On Thu, Mar 19, 2015 at 01:35:53PM -0700, Rick Moen wrote:
> My favourite bit of this article is a guest appearance by Never Say Anything:
>
> Ubiquity has a downside: When former National Security Agency
> contractor Edward Snowden leaked information about the agency's
> digital-surveillance programs, commenters panned the agency's
> slidework. An architecture and design columnist for the Guardian
> newspaper said the NSA's PowerPoints looked 'like the work of
> a drunken toddler, high on the potentials of AutoShapes and WordArt.'
>
> An NSA spokeswoman didn't respond to a request for comment.
>
>
> * As if that weren't apparent from the title.
Well, it's the backlash of recruiting uninformed college kids promised with
delusions of grandeur and excitement while working for the government.
I place a nice footer at the bottom of all my slides that says:
"Created using LibreOffice"
--
Scott DuBois "UNIX is basically a simple operating system,
BSIT/SE you just have to be a genius to see the simplicity"
EFF ID: 1731778 -- Ritchie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL:
From deirdre at deirdre.net Wed Mar 25 23:08:43 2015
From: deirdre at deirdre.net (Deirdre Saoirse Moen)
Date: Wed, 25 Mar 2015 23:08:43 -0700
Subject: [conspire] Script for wifi connections in gawk
Message-ID: <622C2036-5F26-4EA3-B81D-1A2AA50A4E08@deirdre.net>
bougeyman wrote a script that?s basically:
1. show what I can connect to
2. connect to it
https://github.com/bougyman/wifish
Without all the gui fluff and fold.
Deirdre
From rick at linuxmafia.com Thu Mar 26 02:22:27 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Thu, 26 Mar 2015 02:22:27 -0700
Subject: [conspire] Script for wifi connections in gawk
In-Reply-To: <622C2036-5F26-4EA3-B81D-1A2AA50A4E08@deirdre.net>
References: <622C2036-5F26-4EA3-B81D-1A2AA50A4E08@deirdre.net>
Message-ID: <20150326092227.GM17365@linuxmafia.com>
Quoting Dire Red (deirdre at deirdre.net):
> bougeyman wrote a script that?s basically:
>
> 1. show what I can connect to
> 2. connect to it
>
> https://github.com/bougyman/wifish
>
> Without all the gui fluff and fold.
Very nice, seems to hit a sweet spot.
You see frequent travelers like Ted T'so posting about how much they
regret that the only tool adequate to manage they're WiFi access to many
different ESSIDs with different requirements is NetworkManager, which is
a horribly overengineered GNOME thing with extremely excessive
dependencies. You see people tell Ted 'You should try wicd', and so on,
but doubt about adequacy of those alternatives.
Wifish requires only wpa_supplicant, which is a low-level WiFi toolkit that
is well regarded and supoorts diverse front ends. Wifish also requires
GNU awk, which is what it's written in.
https://wiki.archlinux.org/index.php/WPA_supplicant
From nick at zork.net Thu Mar 26 08:01:20 2015
From: nick at zork.net (Nick Moffitt)
Date: Thu, 26 Mar 2015 15:01:20 +0000
Subject: [conspire] Script for wifi connections in gawk
In-Reply-To: <20150326092227.GM17365@linuxmafia.com>
References: <622C2036-5F26-4EA3-B81D-1A2AA50A4E08@deirdre.net>
<20150326092227.GM17365@linuxmafia.com>
Message-ID: <20150326150120.GN18516@zork.net>
Rick Moen:
> Wifish also requires GNU awk, which is what it's written in.
Note that for various reasons, Debian systems default to mawk, which is
a far smaller implementation of POSIX awk. There are advantages to gawk
over mawk, which I've used myself:
http://zork.net/~nick/loyhargil/if/if.awk
Yes that's a complete text adventure written in awk. If I were to do it
in mawk, I'd probably need to move that call to `next` out of the
`prompt()` function and put it after each call to it. Not great, but
not a hardship.
The more I study parser-based interactive fiction, the less silly I find
the idea of doing it in awk as I did a decade ago.
From rick at linuxmafia.com Sat Mar 28 01:33:30 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Sat, 28 Mar 2015 01:33:30 -0700
Subject: [conspire] CABAL, Saturday Mar. 28th
Message-ID: <20150328083330.GD27171@linuxmafia.com>
CABAL is _today_, Saturday 28th, 4pm to midnight.
CABAL co-founder Duncan Mackinnon is here for a visit, and would be glad
to see old friends.
Joe Grosch, founder of Bay Area FreeBSD User Group, and his wife Lisa will be here.
This will be the first _outdoor_ CABAL of this year, as we are predicted
to have more of the current stunning weather. I will be cooking ribs
outdoors on the barbecue, and making garlic bread with fresh local
garlic and oregano.
From rick at linuxmafia.com Sat Mar 28 11:53:49 2015
From: rick at linuxmafia.com (Rick Moen)
Date: Sat, 28 Mar 2015 11:53:49 -0700
Subject: [conspire] (forw) Re: CABAL, Saturday Mar. 28th
Message-ID: <20150328185349.GR31588@linuxmafia.com>
I forgot to mention Ross's famous sous-vide cooking.
----- Forwarded message from Ross Bernheim -----
Date: Sat, 28 Mar 2015 09:18:38 -0700
From: Ross Bernheim
To: Rick Moen
Subject: Re: [conspire] CABAL, Saturday Mar. 28th
I?m bringing some Chicken Tiki Masala and brown rice.
Ross
> On Mar 28, 2015, at 1:33 AM, Rick Moen wrote:
>
> CABAL is _today_, Saturday 28th, 4pm to midnight.
>
> CABAL co-founder Duncan Mackinnon is here for a visit, and would be glad
> to see old friends.
>
> Joe Grosch, founder of Bay Area FreeBSD User Group, and his wife Lisa will be here.
>
> This will be the first _outdoor_ CABAL of this year, as we are predicted
> to have more of the current stunning weather. I will be cooking ribs
> outdoors on the barbecue, and making garlic bread with fresh local
> garlic and oregano.
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
----- End forwarded message -----