From deirdre at deirdre.net Sun Mar 1 05:35:20 2015 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Sun, 1 Mar 2015 05:35:20 -0800 Subject: [conspire] A Git Tip Message-ID: <06D1E840-2B88-40B2-BDC9-043671EAEC81@deirdre.net> Scott DuBois asked me about my git repositories at last night?s Cabal. And we talked about cron. Most of what I?m working on is in private repositories. Now, a lot of people know you can have as many public repositories as you want on GitHub?but you have to pay for private repos. Sad panda. However, bitbucket.org offers as many *private* repositories as you want. For free. Sure, you can have git locally, but it?s almost no extra effort to set up a remote push so you can also have offsite backup. Then Ross and I were talking about WordPress, so here are my tips about for setting up a git repository for WordPress: 1. Grab this .gitignore file: http://cdn.wpengine.com/wp-content/uploads/2013/10/recommended-gitignore-no-wp.txt 2. Save it as .gitignore in your WordPress director(y|ies). 3. Then: git init git add .gitignore git commit -m ?Adding .gitignore? vi .htaccess git add .htaccess git commit -m ?Adding .htacess? git add wp-content git commit -m ?Initial add of wp-content? That?s usually the point where I create the bitbucket repo and set up pushing. By default, .htaccess doesn?t exist on WordPress installs, and permalinks (nice URLs) break without it, so it?s kind of important to have. Here?s the .htaccess I use: RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] git remote add origin git at bitbucket.org:(username)/(reponame).git git push -u origin master 4. My crontab (applicable even for non-WordPress, y?know) $ crontab -l 5 */6 * * * /Users/deirdre/bin/backup-work.sh (so four times a day at five minutes past the hours divisible by six) 5. That?s a braindead (hey, it works!) little shell script that has things like this: echo -e "\n* Git Update: deirdre.net...\n" cd /Users/deirdre/Sites/deirdre.net git add * git add .htaccess git commit -m "Automatic checkin." git push -u origin master et voila. Deirdre From rick at linuxmafia.com Mon Mar 2 03:29:17 2015 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 2 Mar 2015 03:29:17 -0800 Subject: [conspire] Some spam handling Message-ID: <20150302112917.GF23123@linuxmafia.com> Daniel -- Top of my personal mbox, as seen in mutt: 1 NDX 150302 Dr. Nelson Cody ( 53) Top of the day -> 2 D+ 150302 ottokar-rybnik at wp (4456) FW: YTZC_Wyploty_UCU_opisy 3 NDX 150302 aragornwp at wp.pl (4456) Re: HTYC_Wyploty_UBW_opisy 4 NDX 150302 dfrazierchsc at wp.p (4457) PD: FW: BQOX_Wyploty_UKV_opisy 5 NDX 150302 praca at wp.pl (4456) FW: TDLG_Wyploty_UHZ_opisy 6 ND+ 150302 florex at wp.pl (4456) Re: TMVA_Wyploty_UTL_opisy 7 NDX 150302 theressajzlnrajvl (4457) Re: CYZS_Wyploty_UXF_opisy 8 NDX 150302 ireneusznych at wp.p (4456) Re: PD: FW: FSNP_Wyploty_UGR_opisy 9 NDX 150302 elux at wp.pl (4456) Re: PD: FW: JXAV_Wyploty_UMO_opisy 10 NDX 150302 artbed at wp.pl (4457) PD: FW: VDCG_Wyploty_UQV_opisy 11 NDX 150302 lford at wp.pl (4456) PD: FW: UDBJ_Wyploty_URD_opisy 12 NDX 150302 doniec at wp.pl (4456) PD: ZKNV_Wyploty_UVD_opisy 13 NDX 150302 noconwojciech at wp. (4456) PD: FW: QRBM_Wyploty_UGW_opisy 14 NDX 150302 basia1937 at wp.pl (4456) Re: PD: FW: PSLH_Wyploty_UJQ_opisy 15 N X 150302 logcheck system a ( 4) linuxmafia.com 2015-03-02 01:02 System 16 NDX 150302 detainmentk95 at wp. (4456) Re: ZXSM_Wyploty_UBE_opisy All of those similar-looking ones are doubtless the same spams you spoke of, consisting pretty much entirely of just a Zip archive attachment. So, the thing is, there's only so much you can do to _automatically_ recognise spam. The closest one can come to telling the software 'Consider to be spam anything that looks approximately like _this_' is to feed mails of that sort to a Bayesian classifier. This cannot really be done fully programmatically: A human needs to pick them out and do the feeding. And that's just what I'm doing. One of a number of factors Exim4 (the MTA) uses to decide spamicity is the assessment of spamd, the daemonised (and system-wide) form of SpamAssassin. spamd includes a Bayesian classifier, and you need to continually feed it examples of spam and of ham (non-spam) that you wish it to generalise from. I saved the one's I'm referring to below, writing them out to mbox /tmp/spam. Then: linuxmafia:/# su - Debian-exim Debian-exim at linuxmafia:~$ sa-learn --spam --mbox /tmp/spam Learned tokens from 0 message(s) (0 message(s) examined) Debian-exim at linuxmafia:~$ What the hell? Let's compare against using the same tool to 'learn' an mbox of known non-spam, /tmp/ham: Debian-exim at linuxmafia:~$ sa-learn --ham --mbox /tmp/ham Learned tokens from 11 message(s) (11 message(s) examined) Debian-exim at linuxmafia:~$ OK, nothing particularly wrong with the Bayesian classifier; it's something about those particular messages (the spams). Doesn't take much Web-searching to confirm my suspicion: http://fixunix.com/spamassassin/253119-re-sa-learn-max-message-size.html [The] maximal size of message parsed by SA is hardcoded at 256K. I think that applies for reporting as well as for checking That was my recollection, too. If really huge messages were scanned and classified, the tokens database files would be easily overwhelmed, and basically you would end up DoSing yourself. After manually using mutt to whack down the size of each of the 14 spam messages in /tmp/spam (essentially deleting all but about 20 of each message's attached Base65-encoded Zip archive): Debian-exim at linuxmafia:~$ sa-learn --spam --mbox /tmp/spam Learned tokens from 14 message(s) (14 message(s) examined) Debian-exim at linuxmafia:~$ There. However, I fear that this really won't help much, because spamd lacks the ability (in the version I have installed, at least) to, say, read and analyse the first 256kB of any large message and ignore everything after that. So, that probably explains why there's been a flurry of such things arriving at Mailman. Not _onto_ the mailing lists, of course, but I'm sure listadmins see some of it lodging in the Mailman admin queues. As with all such held spam, it's easy to just disregard it in the queues and let it age out and get thrown away. I'm afraid I can't spare the time to do this sort of thing _very_ frequently, especially the bits that require diagnosis time. From rhcom.linux at gmail.com Mon Mar 2 07:33:12 2015 From: rhcom.linux at gmail.com (Scott DuBois) Date: Mon, 2 Mar 2015 07:33:12 -0800 Subject: [conspire] A Git Tip In-Reply-To: <06D1E840-2B88-40B2-BDC9-043671EAEC81@deirdre.net> References: <06D1E840-2B88-40B2-BDC9-043671EAEC81@deirdre.net> Message-ID: <20150302153312.GA18285@linux.roguehorse.com> On Sun, Mar 01, 2015 at 05:35:20AM -0800, Deirdre Saoirse Moen wrote: > 4. My crontab (applicable even for non-WordPress, y?know) > > $ crontab -l > 5 */6 * * * /Users/deirdre/bin/backup-work.sh > > (so four times a day at five minutes past the hours divisible by six) > > 5. That?s a braindead (hey, it works!) little shell script that has things like this: > > echo -e "\n* Git Update: deirdre.net...\n" > cd /Users/deirdre/Sites/deirdre.net > git add * > git add .htaccess > git commit -m "Automatic checkin." > git push -u origin master > > et voila. > > Deirdre Brilliant! Thanks. =) -- Scott DuBois "Computers make excellent and efficient servants... BSIT/SE but I have no wish to serve under them." EFF ID: 1731778 -- Spock -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: Digital signature URL: From rick at linuxmafia.com Mon Mar 2 17:31:01 2015 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 2 Mar 2015 17:31:01 -0800 Subject: [conspire] Some spam handling In-Reply-To: <20150302112917.GF23123@linuxmafia.com> References: <20150302112917.GF23123@linuxmafia.com> Message-ID: <20150303013101.GA32548@linuxmafia.com> Just a brief follow-up: > [...] spamd lacks the ability (in the version I have installed, at > least) to, say, read and analyse the first 256kB of any large message > and ignore everything after that. (Which would be what the quotation below calls 'truncating'.) The Spamassassin maintainers explained the logic of the code's behaviour on their dev mailing list (http://www.gossamer-threads.com/lists/spamassassin/users/113696): OK, truncation might be a better policy, as long as the threshold is nearer what we use now -- 500KB rather than 64KB. ;) By the way, an explanation of the current policy: We can say with that only messages below a high-enough threshold should be scanned, and have a good degree of certainty that this will allow us to avoid crazy memory consumption/slow scan times/etc., while allowing through only 0.001% of spam. This works, because spammers need to be able to send out a certain number of spam messages per day as part of their economic model, and this is partly bottlenecked by the size of each message; increasing the average size of their spams from 7KB (my current avg spam size) to 600KB to evade SpamAssassin's limits, for example, means that their spam output would drop to 1.1% of what it was previously. (Mind you, certain subsets of spammers, such as the japanese-language porn spammers, seem to send larger messages, probably since they're not as concerned with volumes.) The SpamAssassin version I'm currently running default-omits scanning of any message over 256kB long. Starting with version 3.2, that was upped to 500kB. I haven't bothered to look inside the attached Zip files of the recent mails that I _think_ are the ones Daniel commented on, but figured they were extremely likely to be yet more MS-Windows malware. From rick at linuxmafia.com Tue Mar 3 01:56:21 2015 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 3 Mar 2015 01:56:21 -0800 Subject: [conspire] Some spam handling In-Reply-To: <20150303013101.GA32548@linuxmafia.com> References: <20150302112917.GF23123@linuxmafia.com> <20150303013101.GA32548@linuxmafia.com> Message-ID: <20150303095621.GA6178@linuxmafia.com> I wrote: > I haven't bothered to look inside the attached Zip files of the recent > mails that I _think_ are the ones Daniel commented on, but figured they > were extremely likely to be yet more MS-Windows malware. Took a very brief look at one of the unpacked Zips: Very, very likely to be the MS-Windows malware du jour. (Wrapper text of the message, and the filenames, are in Polish, for whatever that's worth.) /tmp $ file 'obwiezczenie o wy+?o++eniu.DOC.exe' obwiezczenie o wy+?o++eniu.DOC.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit /tmp $ I've just doubled the size of message permitted to be sent to spamd, via this adjustment in /etc/exim4/sa-exim.conf -- and restarted Exim: # How much of the body we feed to spamassassin (in bytes) # Default is 250KB #SAmaxbody: 256000 SAmaxbody: 512000 From daniel at gimpelevich.san-francisco.ca.us Sat Mar 7 00:31:50 2015 From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich) Date: Sat, 07 Mar 2015 00:31:50 -0800 Subject: [conspire] [Fwd: Eric P. Scott celebration of life] Message-ID: <1425717110.5990.2.camel@chimera> Here is the actual announcement, attached. -------------- next part -------------- An embedded message was scrubbed... From: Ron Hipschman Subject: Eric P. Scott celebration of life Date: Fri, 6 Mar 2015 23:58:54 -0800 Size: 97479 URL: From dmarti at zgp.org Fri Mar 13 19:41:11 2015 From: dmarti at zgp.org (Don Marti) Date: Fri, 13 Mar 2015 19:41:11 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? Message-ID: <20150314024111.GA18236@rosmarinus> I'm looking for a small, preferably fanless, Linux system that has 2 or more Ethernet interfaces, which I can use for NAT, firewall, DHCP, and DNS for a home/small office network. I don't need a wireless AP, since I already have that. Preferably running an actively maintained regular Linux such as Debian. I might end up putting a few other miscellaneous network services on it. Anyone using such a machine? -- Don Marti http://zgp.org/~dmarti/ dmarti at zgp.org From togo at of.net Sat Mar 14 10:03:07 2015 From: togo at of.net (Tony Godshall) Date: Sat, 14 Mar 2015 10:03:07 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150314024111.GA18236@rosmarinus> References: <20150314024111.GA18236@rosmarinus> Message-ID: I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom but the proprietary stuff is in the video. And cheap and highly replaceable. Debian by default. USB Ethernet for the second port might be a deal killer but I've had pretty good luck with them. Combo USB 2.0 hub with integrated Ethernet have been solid for me, USB 3.0 not so much. Should be able to keep up with routing and natting unless your connection is way faster than mine. Should even be able to saturate the line from USB storage. I would add the copper heat sinks to the Raspberry Pi and use a 2.1 amp power supply. And stick to the 100 megabit usb ethernet- the gigabit ones draw a lot more power . If you need to go but that might be a deal breaker as well. My current router box uses gigabit on the internal side where it can be useful and 100 megabit usb Ethernet on the external which more than exceeds my upstream connection. -- This is unedited. Heck, this may only be phonetically similar to what I said, which may bear only a passing resemblance to what I meant. On Mar 13, 2015 7:42 PM, "Don Marti" wrote: > I'm looking for a small, preferably fanless, Linux > system that has 2 or more Ethernet interfaces, which > I can use for NAT, firewall, DHCP, and DNS for a > home/small office network. I don't need a wireless > AP, since I already have that. > > Preferably running an actively maintained regular > Linux such as Debian. I might end up putting a few > other miscellaneous network services on it. > > Anyone using such a machine? > > -- > Don Marti > http://zgp.org/~dmarti/ > dmarti at zgp.org > > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rossbernheim at gmail.com Sat Mar 14 19:16:07 2015 From: rossbernheim at gmail.com (Ross Bernheim) Date: Sat, 14 Mar 2015 19:16:07 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: References: <20150314024111.GA18236@rosmarinus> Message-ID: Pi 2 does not need the heat sink. While quad core, it is make using a newer smaller process so generates less heat. Also the Pi2 uses the newer power supply section that is much more efficient and creates less heat. Also the memory is moved to a chip on the bottom of the board which reduced the heat in the CPU from the earlier system on a chip configuration. Ethernet might be a problem as the usb chip is used to do the ethernet. So doing two ethernet ports might be pushing things a bit, particularly if you also want to hang a disk drive off of the usb controller as well. Ross > On Mar 14, 2015, at 10:03 AM, Tony Godshall wrote: > > I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom but the proprietary stuff is in the video. And cheap and highly replaceable. Debian by default. USB Ethernet for the second port might be a deal killer but I've had pretty good luck with them. Combo USB 2.0 hub with integrated Ethernet have been solid for me, USB 3.0 not so much. Should be able to keep up with routing and natting unless your connection is way faster than mine. Should even be able to saturate the line from USB storage. I would add the copper heat sinks to the Raspberry Pi and use a 2.1 amp power supply. And stick to the 100 megabit usb ethernet- the gigabit ones draw a lot more power . If you need to go but that might be a deal breaker as well. My current router box uses gigabit on the internal side where it can be useful and 100 megabit usb Ethernet on the external which more than exceeds my upstream connection. > > -- > This is unedited. Heck, this may only be phonetically similar to what I said, which may bear only a passing resemblance to what I meant. > > On Mar 13, 2015 7:42 PM, "Don Marti" > wrote: > I'm looking for a small, preferably fanless, Linux > system that has 2 or more Ethernet interfaces, which > I can use for NAT, firewall, DHCP, and DNS for a > home/small office network. I don't need a wireless > AP, since I already have that. > > Preferably running an actively maintained regular > Linux such as Debian. I might end up putting a few > other miscellaneous network services on it. > > Anyone using such a machine? > > -- > Don Marti > http://zgp.org/~dmarti/ > dmarti at zgp.org > > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmarti at zgp.org Sat Mar 14 21:44:08 2015 From: dmarti at zgp.org (Don Marti) Date: Sat, 14 Mar 2015 21:44:08 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: References: <20150314024111.GA18236@rosmarinus>

Message-ID: <20150315044408.GA2900@rosmarinus> begin Ross Bernheim quotation of Sat, Mar 14, 2015 at 07:16:07PM -0700: > > Pi 2 does not need the heat sink. While quad core, it is make using a newer smaller process so generates less heat. Also the Pi2 uses the newer power supply section that is much more efficient and creates less heat. Also the memory is > moved to a chip on the bottom of the board which reduced the heat in the CPU from the earlier system on a chip configuration. > > Ethernet might be a problem as the usb chip is used to do the ethernet. So doing two ethernet ports might be pushing things a bit, particularly if you also want to hang a disk drive off of the usb controller as well. I might also be able to scavenge up an old PowerPC-based Mac Mini, which it looks like can be set up as a decent Debian system. http://www.sowerbutts.com/linux-mac-mini/ That would also mean finding a good USB Ethernet device...TRENDnet TU2-E100? http://free-electrons.com/blog/usbeth/ (Yes, I'm using the "look for blogs and list posts written by people who compile kernels from source" method of hardware shopping.) > > On Mar 14, 2015, at 10:03 AM, Tony Godshall wrote: > > > > I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom but the proprietary stuff is in the video. And cheap and highly replaceable. Debian by default. USB Ethernet for the second port might be a deal killer but I've had pretty good luck with them. Combo USB 2.0 hub with integrated Ethernet have been solid for me, USB 3.0 not so much. Should be able to keep up with routing and natting unless your connection is way faster than mine. Should even be able to saturate the line from USB storage. I would add the copper heat sinks to the Raspberry Pi and use a 2.1 amp power supply. And stick to the 100 megabit usb ethernet- the gigabit ones draw a lot more power . If you need to go but that might be a deal breaker as well. My current router box uses gigabit on the internal side where it can be useful and 100 megabit usb Ethernet on the external which more than exceeds my upstream connection. > > > > -- > > This is unedited. Heck, this may only be phonetically similar to what I said, which may bear only a passing resemblance to what I meant. > > > > On Mar 13, 2015 7:42 PM, "Don Marti" > wrote: > > I'm looking for a small, preferably fanless, Linux > > system that has 2 or more Ethernet interfaces, which > > I can use for NAT, firewall, DHCP, and DNS for a > > home/small office network. I don't need a wireless > > AP, since I already have that. > > > > Preferably running an actively maintained regular > > Linux such as Debian. I might end up putting a few > > other miscellaneous network services on it. > > > > Anyone using such a machine? > > > > -- > > Don Marti > > http://zgp.org/~dmarti/ > > dmarti at zgp.org > > > > _______________________________________________ > > conspire mailing list > > conspire at linuxmafia.com > > http://linuxmafia.com/mailman/listinfo/conspire > > _______________________________________________ > > conspire mailing list > > conspire at linuxmafia.com > > http://linuxmafia.com/mailman/listinfo/conspire > > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire -- Don Marti http://zgp.org/~dmarti/ dmarti at zgp.org From danagoyette at gmail.com Sun Mar 15 17:52:37 2015 From: danagoyette at gmail.com (Dana Goyette) Date: Sun, 15 Mar 2015 17:52:37 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150315044408.GA2900@rosmarinus> References: <20150314024111.GA18236@rosmarinus>

<20150315044408.GA2900@rosmarinus> Message-ID: Here's a Slashdot discussion about an interesting x86 option: http://hardware.slashdot.org/story/15/01/14/2028230/tiny-fanless-mini-pc-runs-linux-or-windows-on-quad-core-amd-soc The primary article discusses the CompuLab "fitlet", but that company has other products as well. Several comments mention options from other companies such as Soekris and PCEngines. One big advantage of going x86 is that you can use any ordinary Linux or BSD distro; with ARM, you're often stuck with a vendor-specific kernel. On Sat, Mar 14, 2015 at 9:44 PM, Don Marti wrote: > > begin Ross Bernheim quotation of Sat, Mar 14, 2015 at 07:16:07PM -0700: >> >> Pi 2 does not need the heat sink. While quad core, it is make using a newer smaller process so generates less heat. Also the Pi2 uses the newer power supply section that is much more efficient and creates less heat. Also the memory is >> moved to a chip on the bottom of the board which reduced the heat in the CPU from the earlier system on a chip configuration. >> >> Ethernet might be a problem as the usb chip is used to do the ethernet. So doing two ethernet ports might be pushing things a bit, particularly if you also want to hang a disk drive off of the usb controller as well. > > I might also be able to scavenge up an old > PowerPC-based Mac Mini, which it looks like can be set > up as a decent Debian system. > http://www.sowerbutts.com/linux-mac-mini/ > > That would also mean finding a good USB Ethernet > device...TRENDnet TU2-E100? > http://free-electrons.com/blog/usbeth/ > > (Yes, I'm using the "look for blogs and list posts > written by people who compile kernels from source" > method of hardware shopping.) > >> > On Mar 14, 2015, at 10:03 AM, Tony Godshall wrote: >> > >> > I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom but the proprietary stuff is in the video. And cheap and highly replaceable. Debian by default. USB Ethernet for the second port might be a deal killer but I've had pretty good luck with them. Combo USB 2.0 hub with integrated Ethernet have been solid for me, USB 3.0 not so much. Should be able to keep up with routing and natting unless your connection is way faster than mine. Should even be able to saturate the line from USB storage. I would add the copper heat sinks to the Raspberry Pi and use a 2.1 amp power supply. And stick to the 100 megabit usb ethernet- the gigabit ones draw a lot more power . If you need to go but that might be a deal breaker as well. My current router box uses gigabit on the internal side where it can be useful and 100 megabit usb Ethernet on the external which more than exceeds my upstream connection. >> > >> > -- >> > This is unedited. Heck, this may only be phonetically similar to what I said, which may bear only a passing resemblance to what I meant. >> > >> > On Mar 13, 2015 7:42 PM, "Don Marti" > wrote: >> > I'm looking for a small, preferably fanless, Linux >> > system that has 2 or more Ethernet interfaces, which >> > I can use for NAT, firewall, DHCP, and DNS for a >> > home/small office network. I don't need a wireless >> > AP, since I already have that. >> > >> > Preferably running an actively maintained regular >> > Linux such as Debian. I might end up putting a few >> > other miscellaneous network services on it. >> > >> > Anyone using such a machine? >> > >> > -- >> > Don Marti >> > http://zgp.org/~dmarti/ >> > dmarti at zgp.org >> > >> > _______________________________________________ >> > conspire mailing list >> > conspire at linuxmafia.com >> > http://linuxmafia.com/mailman/listinfo/conspire >> > _______________________________________________ >> > conspire mailing list >> > conspire at linuxmafia.com >> > http://linuxmafia.com/mailman/listinfo/conspire >> > >> _______________________________________________ >> conspire mailing list >> conspire at linuxmafia.com >> http://linuxmafia.com/mailman/listinfo/conspire > > > -- > Don Marti > http://zgp.org/~dmarti/ > dmarti at zgp.org > > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire From daniel at gimpelevich.san-francisco.ca.us Sun Mar 15 20:24:06 2015 From: daniel at gimpelevich.san-francisco.ca.us (Daniel Gimpelevich) Date: Sun, 15 Mar 2015 20:24:06 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: References: <20150314024111.GA18236@rosmarinus>

<20150315044408.GA2900@rosmarinus> Message-ID: <1426476246.6096.9.camel@chimera> On Sun, 2015-03-15 at 17:52 -0700, Dana Goyette wrote: > One big advantage of going x86 is that you can use any ordinary Linux > or BSD distro; with ARM, you're often stuck with a vendor-specific > kernel. Not to mention, Don's original use case seemed more like a job for pfSense than for GNU/Linux. From rick at linuxmafia.com Mon Mar 16 03:38:22 2015 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 16 Mar 2015 03:38:22 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150314024111.GA18236@rosmarinus> References: <20150314024111.GA18236@rosmarinus> Message-ID: <20150316103822.GM23366@linuxmafia.com> Quoting Don Marti (dmarti at zgp.org): > I'm looking for a small, preferably fanless, Linux > system that has 2 or more Ethernet interfaces, which > I can use for NAT, firewall, DHCP, and DNS for a > home/small office network. I don't need a wireless > AP, since I already have that. At the most recent CABAL meeting, Dana Goyette ( /me waves from Hilo, HI) suggested that the AMD Kabini SoC (socket FM1) on a mini-ITX form factor motherboard might meet my needs for a multi-purpose silent, small machine on our inside network: http://www.newegg.com/Product/Product.aspx?Item=N82E16813157574&cm_re=mini-itx_amd-_-13-157-574-_-Product That's a ASRock QC5000-ITX motherboard bundled with an AMD A4-5000 Quad-Core CPU -- more than powerful enough that people use these suckers with SSDs as home-theatre PCs. 32GB RAM maximum. To get the multiple LAN interfaces, you'd have to add a Mini PCIe card, though. It does have a CPU fan that's said to be not often needed and not obtrusive, but I'll bet you could swap that out for an aftermarket passive alternative. The more I study up on even cutting-edge ARM designs like the Novena (http://www.kosagi.com/w/index.php?title=Novena_Main_Page) & Cubox-i series, and wildly popular ones like the Raspberry Pi 2, the more I'm frustrated by some characteristic problems -- which Nathan Willis's write-up about Stephen Arnold's SCALE talk captured beautifully: https://lwn.net/Articles/635289/ To wit: Every bloody ARM device requires out-of-tree kernel patches that aren't necessarily very current at all and may introduce severe pecuilarities. For devices where you care about graphics (which obviously doesn't include SOHO routers), you are stuck with a binary-only, proprietary BLOB. And there's wild variation in what bootloader is required. The more I look at this mess, the more I think splurging a few additional watts on an x86_64 alternative makes better sense for many applications. Like, for example, the missions of the inside-network host would include being a backup target and running network IDS software to watch everything else for signs of security problems, so impliedly it needs to be kept high-security. It would be kind of sad to unable to fix a serious kernel security hole because some ARM platform's oddball kernel fork hasn't been brought up to date. Nathan Willis's LAN.net piece points out that ARM machines' supported kernel versions tend to be seriously behind the times. This problem doesn't exist on low-power x86_64 alternatives. AMD's Kabini series of 'APUs" draw anywhere from 15W to 25W, and their 'Temash' series brethren draw from 3.9W to 9W. These figures are the newish measure TDP, thermal design power, the maximum heat that any related cooling system needs to be able to dissipate. Here's a fascinating little bundle with a fanless quad-core Temash spec'd with TDP of 8W: http://www.newegg.com/Product/Product.aspx?Item=N82E16883218035&cm_re=A6-1450-_-83-218-035-_-Product Only one LAN port, so not qualified for your project, but look at the size of that thing! AMD's Kabini and Temash ('Jaguar' SoC, Socket AM1 or Socket FT3)x) were their low-power APUs for notebooks in 2013. Looks like these were succeeded in mid-2014 by 'Beema' as the high-power 15 watt series, and 'Mullins' as the 4.5 watt one ('Puma' SoC, Socket FT3b). http://www.tomshardware.com/reviews/amd-tablet-processor,3813.html Mullins: Family Model TDP Cores A10-Micro 6700T 4.5W 4 A4-Micro 6400T 4.5W 4 E1-Micro 6200T 3.95W 2 Beema: Family Model TDP Cores A6 6310 15W 4 A4 6210 15W 4 E2 6110 15W 4 E1 6010 10W 2 Unfortunately, so far as I can see so far, Beema/Mullins seem to have been ignored by the OEMs except for some HP Pavillion tablets and netbooks. From rick at linuxmafia.com Mon Mar 16 04:11:09 2015 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 16 Mar 2015 04:11:09 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150316103822.GM23366@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> Message-ID: <20150316111109.GN23366@linuxmafia.com> I wrote: > AMD's Kabini and Temash ('Jaguar' SoC, Socket AM1 or Socket FT3) were > their low-power APUs for notebooks in 2013. Looks like these were > succeeded in mid-2014 by 'Beema' as the high-power 15 watt series, and > 'Mullins' as the 4.5 watt one ('Puma' SoC, Socket FT3b). > http://www.tomshardware.com/reviews/amd-tablet-processor,3813.html > > > Mullins: > Family Model TDP Cores > A10-Micro 6700T 4.5W 4 > A4-Micro 6400T 4.5W 4 > E1-Micro 6200T 3.95W 2 > > Beema: > Family Model TDP Cores > A6 6310 15W 4 > A4 6210 15W 4 > E2 6110 15W 4 > E1 6010 10W 2 > > Unfortunately, so far as I can see so far, Beema/Mullins seem to have > been ignored by the OEMs except for some HP Pavillion tablets and > netbooks. Here, finally, is a series of fanless mini-PCs based on the AMD E1 Micro-6200T 'Mullins' SoC, including one with two LAN ports: http://www.fit-pc.com/web/products/fitlet/fitlet-i/ Looks like variants based on the higher-end A10-6700T SoC can now also be ordered. It's funny that none of the usual suspects (ASUS, Gigabyte, ASRock, etc.) are yet making mini-ATX motherboards for these SoCs, though maybe I'm missing something? Anyway, the Kabini offerings such as that ASRock bundle I mentioned strike me as pretty sweet for the price. From rick at linuxmafia.com Mon Mar 16 05:36:05 2015 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 16 Mar 2015 05:36:05 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150316111109.GN23366@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> Message-ID: <20150316123605.GO23366@linuxmafia.com> I wrote: > Here, finally, is a series of fanless mini-PCs based on the AMD E1 > Micro-6200T 'Mullins' SoC, including one with two LAN ports: > http://www.fit-pc.com/web/products/fitlet/fitlet-i/ > Looks like variants based on the higher-end A10-6700T SoC can now also > be ordered. That particular Fitlet variant, the one based on the best 'Mullins' SoC, the quad-core AMD A10-Micro 6700T, went out of stock quickly after it became available, but I'm sure they'll restock pretty soon. Meanwhile, specs are interesting: http://www.fit-pc.com/web/products/specifications/?model%5B%5D=FITLET-GI-C67-WACB Notice that they claim _total_ system power consumption (not just TDP of the SoC chip) is 4.5W-10.5W. Impliedly, that includes an SODIMM stick and an SSD. RAM expansion is limited to 8GB, presumably on account of the SODIMM support circuitry they've chosen. The SoC has no such limitation. But RAM limitation aside, this is a very powerful machine for such a paltry amount of power consumption. And naturally, this is way more computer than a SOHO router requires, but, then, the nice thing about having gobs of spare CPU power (and preferably also RAM) avaoilable in an otherwise modest little machine is the other possibilities that it implicitly opens. From rick at linuxmafia.com Mon Mar 16 12:57:22 2015 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 16 Mar 2015 12:57:22 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: References: <20150314024111.GA18236@rosmarinus> Message-ID: <20150316195722.GP23366@linuxmafia.com> Quoting Tony Godshall (togo at of.net): > I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom > but the proprietary stuff is in the video. The other disturbing software bit (for Raspberry Pi 2 Model B), as I mentioned separately, is the ongoing kernel situation. You're probably thinking 'At last, a Pi that I can run the standard Debian armhf ('HF' = hardfloat) port on.' Well, kinda, almost. With the standard packaged Pi distros, you'll get kernel 3.18, but it's not the standard kernel by a long stretch. An experimenter reported that he had to apply 'stack of patches on top from the raspberrypi github repository' to the corresponding Debian packaged kernel, and then further tweak the result a bit. Plus some other non-kernel changes. Details here: http://sjoerd.luon.net/posts/2015/02/debian-jessie-on-rpi2/ Me, I'd just not be entirely happy with being on hardware the mainline Linux kernels doesn't know how to support, that requires a whole bunch of out-of-tree patches all the time. (It seems that _all_ ARM boards involve this drawback.) > USB Ethernet for the second port might be a deal killer but I've had > pretty good luck with them. Dodgy technology and also CPU-intensive on a machine that doesn't have a lot of grunt to spare. But the biggest single omission in the I/O department is SATA. Having nothing better than a Micro SD port and USB2 is this unit's chief and most egregious hardware limitation. The 1GB RAM is understandable, but the lack of even mSATA is puzzling and means you are permanently stuck with only crappy mass-storage connectivity. > And cheap and highly replaceable. That's the good news. I don't think it's adequate for a router, but standard differ. From togo at of.net Mon Mar 16 15:38:29 2015 From: togo at of.net (Tony Godshall) Date: Mon, 16 Mar 2015 15:38:29 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150316195722.GP23366@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316195722.GP23366@linuxmafia.com> Message-ID: Good points all. Thanks for the cogent response. On Mon, Mar 16, 2015 at 12:57 PM, Rick Moen wrote: > Quoting Tony Godshall (togo at of.net): > >> I'm thinking of a raspberry pi 2 for such an application. Not 100% freedom >> but the proprietary stuff is in the video. > > The other disturbing software bit (for Raspberry Pi 2 Model B), as I > mentioned separately, is the ongoing kernel situation. You're probably > thinking 'At last, a Pi that I can run the standard Debian armhf ('HF' = > hardfloat) port on.' Well, kinda, almost. > > With the standard packaged Pi distros, you'll get kernel 3.18, but it's > not the standard kernel by a long stretch. An experimenter reported > that he had to apply 'stack of patches on top from the raspberrypi > github repository' to the corresponding Debian packaged kernel, and then > further tweak the result a bit. Plus some other non-kernel changes. > Details here: > http://sjoerd.luon.net/posts/2015/02/debian-jessie-on-rpi2/ > > Me, I'd just not be entirely happy with being on hardware the mainline > Linux kernels doesn't know how to support, that requires a whole bunch > of out-of-tree patches all the time. (It seems that _all_ ARM boards > involve this drawback.) > >> USB Ethernet for the second port might be a deal killer but I've had >> pretty good luck with them. > > Dodgy technology and also CPU-intensive on a machine that doesn't have a > lot of grunt to spare. > > But the biggest single omission in the I/O department is SATA. Having > nothing better than a Micro SD port and USB2 is this unit's chief > and most egregious hardware limitation. The 1GB RAM is understandable, > but the lack of even mSATA is puzzling and means you are permanently > stuck with only crappy mass-storage connectivity. > >> And cheap and highly replaceable. > > That's the good news. > > I don't think it's adequate for a router, but standard differ. > > > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire -- -- Best Regards. This is unedited. This message came out of me via a suboptimal keyboard. From togo at of.net Mon Mar 16 15:53:46 2015 From: togo at of.net (Tony Godshall) Date: Mon, 16 Mar 2015 15:53:46 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150316123605.GO23366@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150316123605.GO23366@linuxmafia.com> Message-ID: If going x86, also consider the Lenovo Q180/Q190. $220 on Amazon, easy to blow away Windows (tell the bios enable CSM, legacy only) But no obvious way to add ethernet except USB. I've got about 50 of these buggers deployed as workstations. Much more reliable so far than the Zino HDs and the Zotac AD02 and AD10s I'd been buying before them. Some guys in the forums say they eat 17 watts- haven't measured myself. Not fanless, but people say they run pretty quiet if you keep the fan to 40% pwm. On Mon, Mar 16, 2015 at 5:36 AM, Rick Moen wrote: > I wrote: > >> Here, finally, is a series of fanless mini-PCs based on the AMD E1 >> Micro-6200T 'Mullins' SoC, including one with two LAN ports: >> http://www.fit-pc.com/web/products/fitlet/fitlet-i/ >> Looks like variants based on the higher-end A10-6700T SoC can now also >> be ordered. > > That particular Fitlet variant, the one based on the best 'Mullins' SoC, the > quad-core AMD A10-Micro 6700T, went out of stock quickly after it > became available, but I'm sure they'll restock pretty soon. Meanwhile, > specs are interesting: > http://www.fit-pc.com/web/products/specifications/?model%5B%5D=FITLET-GI-C67-WACB > Notice that they claim _total_ system power consumption (not just TDP of > the SoC chip) is 4.5W-10.5W. Impliedly, that includes an SODIMM stick > and an SSD. RAM expansion is limited to 8GB, presumably on account of > the SODIMM support circuitry they've chosen. The SoC has no such > limitation. > > But RAM limitation aside, this is a very powerful machine for such a > paltry amount of power consumption. And naturally, this is way more > computer than a SOHO router requires, but, then, the nice thing about > having gobs of spare CPU power (and preferably also RAM) avaoilable in > an otherwise modest little machine is the other possibilities that it > implicitly opens. > > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire -- -- Best Regards. This is unedited. This message came out of me via a suboptimal keyboard. From rick at linuxmafia.com Tue Mar 17 01:38:20 2015 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 17 Mar 2015 01:38:20 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150316123605.GO23366@linuxmafia.com> Message-ID: <20150317083820.GQ23366@linuxmafia.com> Quoting Tony Godshall (togo at of.net): > If going x86, also consider the Lenovo Q180/Q190. > > $220 on Amazon, easy to blow away Windows (tell the bios enable CSM, > legacy only) > > But no obvious way to add ethernet except USB. > > I've got about 50 of these buggers deployed as workstations. Much > more reliable so far than the Zino HDs and the Zotac AD02 and AD10s > I'd been buying before them. > > Some guys in the forums say they eat 17 watts- haven't measured > myself. Not fanless, but people say they run pretty quiet if you keep > the fan to 40% pwm. These Lenovos are pretty amazingly cost-effective for the many people who don't care about wired networking, and don't mind topping out at 4GB on system RAM. For the target market of home theatre PC people, this is just the thing - and one can imagine many good applications with Linux, too. So, congrats on grabbing a few, as I'm sure you'll find good use for them. Mostly a me thing, but for the next machine I buy or build, I'm going to go a bit out of my way to avoid hardware-based limitations that might prove annnoying over the next half-decade or more. I've managed to do this several times in the past, through a combination of some care, instinct, and some amount of dumb luck. In that regard, looking at the Lenovo HTPC boxes you mention, the lack of wired LAN stands out, but the hard limit of 4GB RAM about as much. Why? Because this is the golden age of virtualisation software, and something like the ASRock min-iTX / AMD Kabini bundle I mentioned wins IMO even though it draws a few more watts, because it can be expanded to 32GB RAM, which opens up whole new categories of possibilities unavailable with RAM in the 1GB range like a Raspberry Pi 2 Model B or most of the other SFF (small form factor) PCs that top out at 2-4 GB. As you say, the only way you can get wired networking on the Lenovos is USB-ethernet things (because there's neither an expansion slot nor room for a card). All of which are eminently reasonable compromises given the target uses for the Lenovos. I have a couple of cynical suspicions about the holes in the market where it seems like things like a good, Linux-friendly, modestly expandable SFF computer based on things like AMD Beema/Mullins SoCs ought to be: Suspicion #1 (conspiracy-leaning): Intel is so determined to shut AMD out of the small-device market that they are literally financially subsidising OEMs' choice of uninspiring and limited crud like the 'Atom'-class Bay Trail SoC platform. Suspicion #2 (less conspiratorial): AMD suffers because it's been crowded into price competition with really anaemic, low-spec ARM-based boards best suited to smartphones and low-end tablets that are so cheap that the OEMs just aren't willing to pay for better performance and fewer limits. #2 would explain both why it's so difficult to _find_ enthusiast-friendly (i.e., not an HP Pavillion sealed-tight mini-something) units based on the newer and truly amazing lov-power, high-perfoamnce AMD SoCs, _and_ why low-power computing has been almost completely abandoned to stripped-down ARM offerings with all their proprietary-software dependencies and utter lack of standard kernel support, even after _many_ years of ARM-based Linux computing. That's why I've finally decided that the smartest compromise in 2015 is to retreat a bit on my quest for the fewest possible watts from the wall, and get something like the ASRock min-iTX / AMD Kabini bundle that fleshes out to 32GB, has _no_ annoying hardware limitations, has zero proprietary-software problems, requirement for out-of-tree kernel patchsets with an unknown future, or need for strange one-off bootloader setups. And yet, _still_ manages to be low-power for reasonable values of that term. BTW, somewhere in the garage I have a Kill-A-Watt unit that you plug between the AC wall outlet and something whose real-world wattage draw you want to measure. I need to start using that to get some real figures instead of fibs on spec sheets. BTW#2, I'm a _little_ surprised that few of the people who've recommended ARM-based Linux computers to me, including but not limited to the several Raspberry Pi models, has been particularly bothered by the bit about being totally dependent on out-of-tree kernel patchsets -- which when I finally noticed it was big news to me, and at least a yellow flag on the play if not quite a red one. But I'm guessing the explanation is that most people just take a distro kernel and use it without even bothering to think about what produced it, whether it has a likely future, and if lags in the support for newer kernel.org versions might not create huge security problems in the future. For most folks, the kernel's just a thing that's there, and doesn't merit that sort of pondering. (That is not, of course, to say that these aren't excellent offerings, especially the Pis. But they have long-term issues that aren't obvious to many.) From rick at linuxmafia.com Tue Mar 17 06:48:06 2015 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 17 Mar 2015 06:48:06 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150317083820.GQ23366@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150316123605.GO23366@linuxmafia.com> <20150317083820.GQ23366@linuxmafia.com> Message-ID: <20150317134806.GA14836@linuxmafia.com> Just wanting to elaborate a bit on: > Suspicion #2 (less conspiratorial): AMD suffers because it's been > crowded into price competition with really anaemic, low-spec ARM-based > boards best suited to smartphones and low-end tablets that are so cheap > that the OEMs just aren't willing to pay for better performance and > fewer limits. > > #2 would explain both why it's so difficult to _find_ > enthusiast-friendly (i.e., not an HP Pavillion sealed-tight mini-something) > units based on the newer and truly amazing low-power, high-performance > AMD SoCs, _and_ why low-power computing has been almost completely > abandoned to stripped-down ARM offerings with all their > proprietary-software dependencies and utter lack of standard kernel > support, even after _many_ years of ARM-based Linux computing. Somehow through dominating the upper end of the market, Intel seems to have perpetuated a perception that its CPUs and chipsets are preferable to AMD's at _every_ price point and in every specialty within the x86_64 market space, which is very demonstrably very untrue. In the low-power, low-cost segment, AMD has lately had _massively_ better offerings, especially per dollar. You look for an Intel-based low-power system, and inevitably find an Atom-series CPU, which frankly is a bit lackluster in performance, in a chipset that, at best, maxes out at 8GB RAM. The AMD alternatives are things like the ASRock mini-ITX / AMD Kabini bundle I cited on Newegg, which has a quite fast CPU that draws less power than the Atom, runs cooler, and plugs into a motherboard that maxes out at 32GB. And the ADM package ends up being cheaper, as well. But people will recommend Atom-based things anyway, because Intel. Which is kind of crazy. The lower end, which is what low-power is considered to be, rightly or wrongly, is dominated within the hardware industry by the embedded-computing mindset (that surrounds ARM). As Don Marti will tell you (he having been Editor of _Embedded Linux Journal_ for some years, the embedded-computing offshoot of _Linux Journal_, secrecy and proprietary components are totally routines in the embedded space. GPL enforcement against embedded-computing hardware companies typically fails for a number of reasons including chipset churn being so rapid that the violator can just stall for a few months until the model in question gets EOLed and then says 'Hey, we've ceased violating.' Rapid chipset churn also means that reverse-engineering is less fruitful because so many things are moving targets. But the effect of the _standard_ low-power offerings being relegated to ARM is that everyone gets so used to the user-facing hassles and compromises of the ARM platforms that the hassles and compromises fade to background: Rarely do they get talked about, even by Linux people. They become 'normal', so people don't say 'Wait, this is stupid. Is there an alternative that's _almost_ as power-thrifty and _almost_ as cheap that doesn't have these problems? With no strange boot configuration and bootloader setups, no out-of-tree patchsets against old and moldy kernels? No proprietary blobs just to run X11?' And that is exactly what you _can_ get with the sort of AMD SoC / miniature motherboard setup I've been talking about in this thread. In general, the 'HTPC' market is producing some really kick-ass small form-factor, quiet, low-power hardware at very low prices, and AMD by all rights ought to own that market, given the exceptional things the Kabini/Temash, let alone the hard-to-find Beema/Mullins SoCs seems capable of, provided the OEMs bother to ship motherboards that can use them instead of assuming that everyone wants ARM-based alternatives just because they hit absolute bottom dollar. I'm really not quite understanding why the OEMs have in general done almost nothing with those chips in SFF PCs, and instead apparently put them only into tablet computers. It's a pity they haven't. And all I can add to that is: Linux people who want quality low-power gear need to be better at voting with their dollars, or this bad situation will get worse. From danagoyette at gmail.com Tue Mar 17 10:39:39 2015 From: danagoyette at gmail.com (Dana Goyette) Date: Tue, 17 Mar 2015 10:39:39 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150317134806.GA14836@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150316123605.GO23366@linuxmafia.com> <20150317083820.GQ23366@linuxmafia.com> <20150317134806.GA14836@linuxmafia.com> Message-ID: Incidentally, there are some server-grade "Avoton" Atom processors that have 2, 4, and 8-core models, and support up to 64GB of ECC memory. For comparison, the Core i7 / Xeon E3 series only does 32GB memory. The Avoton SOC contains a four-port Intel i354 network controller, but oddly, some OEMs ignore that and waste PCIe lanes and watts for discrete i210 network controllers instead. Another thing that seems hard to find: low-power AMD boards with IPMI. IPMI firmware is another can of (usually GPL-violating) worms, but remote KVM access can be useful. I'm looking forward to seeing what the AMD Opteron A1100 (aarch64) is capable of. The SOC has two integrated 10-gigabit controllers, and can take up to 128GB of ECC memory. I believe AMD is working directly with the upstream kernel to get the thing supported. Considering how often the AMD processors are artificially restricted to bottom-of-the-barrel devices (such as laptops with terrible screens), it really does make me wonder if Intel is still doing anticompetitive arm-twisting. On Tue, Mar 17, 2015 at 6:48 AM, Rick Moen wrote: > Just wanting to elaborate a bit on: > >> Suspicion #2 (less conspiratorial): AMD suffers because it's been >> crowded into price competition with really anaemic, low-spec ARM-based >> boards best suited to smartphones and low-end tablets that are so cheap >> that the OEMs just aren't willing to pay for better performance and >> fewer limits. >> >> #2 would explain both why it's so difficult to _find_ >> enthusiast-friendly (i.e., not an HP Pavillion sealed-tight mini-something) >> units based on the newer and truly amazing low-power, high-performance >> AMD SoCs, _and_ why low-power computing has been almost completely >> abandoned to stripped-down ARM offerings with all their >> proprietary-software dependencies and utter lack of standard kernel >> support, even after _many_ years of ARM-based Linux computing. > > Somehow through dominating the upper end of the market, Intel seems to > have perpetuated a perception that its CPUs and chipsets are preferable > to AMD's at _every_ price point and in every specialty within the x86_64 > market space, which is very demonstrably very untrue. In the low-power, > low-cost segment, AMD has lately had _massively_ better offerings, > especially per dollar. > > You look for an Intel-based low-power system, and inevitably find an > Atom-series CPU, which frankly is a bit lackluster in performance, in a > chipset that, at best, maxes out at 8GB RAM. The AMD alternatives are > things like the ASRock mini-ITX / AMD Kabini bundle I cited on Newegg, > which has a quite fast CPU that draws less power than the Atom, runs > cooler, and plugs into a motherboard that maxes out at 32GB. And the > ADM package ends up being cheaper, as well. But people will recommend > Atom-based things anyway, because Intel. Which is kind of crazy. > > The lower end, which is what low-power is considered to be, rightly or > wrongly, is dominated within the hardware industry by the > embedded-computing mindset (that surrounds ARM). As Don Marti will tell > you (he having been Editor of _Embedded Linux Journal_ for some years, > the embedded-computing offshoot of _Linux Journal_, secrecy and > proprietary components are totally routines in the embedded space. GPL > enforcement against embedded-computing hardware companies typically > fails for a number of reasons including chipset churn being so rapid > that the violator can just stall for a few months until the model in > question gets EOLed and then says 'Hey, we've ceased violating.' Rapid > chipset churn also means that reverse-engineering is less fruitful > because so many things are moving targets. > > But the effect of the _standard_ low-power offerings being relegated to > ARM is that everyone gets so used to the user-facing hassles and > compromises of the ARM platforms that the hassles and compromises fade > to background: Rarely do they get talked about, even by Linux people. > They become 'normal', so people don't say 'Wait, this is stupid. Is > there an alternative that's _almost_ as power-thrifty and _almost_ as > cheap that doesn't have these problems? With no strange boot > configuration and bootloader setups, no out-of-tree patchsets against > old and moldy kernels? No proprietary blobs just to run X11?' > > And that is exactly what you _can_ get with the sort of AMD SoC / > miniature motherboard setup I've been talking about in this thread. > In general, the 'HTPC' market is producing some really kick-ass small > form-factor, quiet, low-power hardware at very low prices, and AMD by > all rights ought to own that market, given the exceptional things the > Kabini/Temash, let alone the hard-to-find Beema/Mullins SoCs seems > capable of, provided the OEMs bother to ship motherboards that can use > them instead of assuming that everyone wants ARM-based alternatives just > because they hit absolute bottom dollar. > > I'm really not quite understanding why the OEMs have in general done > almost nothing with those chips in SFF PCs, and instead apparently put > them only into tablet computers. It's a pity they haven't. > > And all I can add to that is: Linux people who want quality low-power > gear need to be better at voting with their dollars, or this bad > situation will get worse. > > > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire From Michael.Paoli at cal.berkeley.edu Wed Mar 18 02:33:35 2015 From: Michael.Paoli at cal.berkeley.edu (Michael Paoli) Date: Wed, 18 Mar 2015 02:33:35 -0700 Subject: [conspire] check out AC power (Watt)meter (What's Your Watt?/...) from library In-Reply-To: References: Message-ID: <20150318023335.15866bjolk8uepgc@webmail.rawbw.com> One can check out AC power Wattmeter (What's Your Watt?) from library. San Francisco Public Library has them (What's Your Watt?). Among other things, they will display Watts. (They're designed to be quite consumer friendly. They'll also display lbs. of CO2 and $s - the latter two making presumptions which may or may not be accurate and are (obviously) not direct measurement.) And if San Francisco Public Library is not sufficiently close/convenient, if one is CA.US. resident, can check out via Link+ from any Link+ participating library (most public libraries in CA.US. are, also includes some libraries beyond CA.US.). Not sure of the details, but appears the Tool Lending Library of Berkeley Public Library has similar ("electricity monitor" / "watt meter") - but to check out Tools from the Berkeley Public Library's Tool Lending Library, one must be 18+ years of age, and also resident of Berkeley or owner of property (real estate) in Berkeley. Can be quite convenient and comparatively economical if one only has rare/occasional use for such. references/excerpts (some of these URLs may not be persistent): http://www.sfenvironment.org/whatsyourwatt http://www.sfenvironment.org/news/update/are-phantom-loads-haunting-your-energy-bill http://sustainability.ucsf.edu/1.310 http://sfpl.org/index.php?pg=2000610901 http://sfpl.bibliocommons.com/item/show_circulation/2558857093?search_scope=CAL-SFPL https://csul.iii.com/search/?searchtype=t&SORT=D&searcharg=What%27s+Your+Watt https://csul.iii.com/ https://www.berkeleypubliclibrary.org/locations/tool-lending-library https://encore.berkeley-public.org/iii/encore/record/C__Rb1477122__Swatt%20meter__Orightresult__X3?lang=eng&suite=pearl > Date: Tue, 17 Mar 2015 01:38:20 -0700 > From: Rick Moen > To: conspire at linuxmafia.com > Subject: Re: [conspire] Quiet, Freedom-compatible NAT/firewall/misc > box? > > BTW, somewhere in the garage I have a Kill-A-Watt unit that you plug > between the AC wall outlet and something whose real-world wattage draw > you want to measure. I need to start using that to get some real > figures instead of fibs on spec sheets. From nick at zork.net Wed Mar 18 03:44:18 2015 From: nick at zork.net (Nick Moffitt) Date: Wed, 18 Mar 2015 10:44:18 +0000 Subject: [conspire] check out AC power (Watt)meter (What's Your Watt?/...) from library In-Reply-To: <20150318023335.15866bjolk8uepgc@webmail.rawbw.com> References: <20150318023335.15866bjolk8uepgc@webmail.rawbw.com> Message-ID: <20150318104418.GJ26733@zork.net> Michael Paoli: > One can check out AC power Wattmeter (What's Your Watt?) from > library. These devices are really useful for installations where you have a lot of devices running. You can accurately measure median loads, sample and get a rolling average, and take note of peak load (typically on startup for devices that have spinning rust). It's also amazing to look at two identical pieces of hardware and notice that they have dramatically different power loads. Often you can trace that to software load differences, and make adjustments as necessary. But of course the best reason is for energy savings and capacity planning. You can work out that your mains bus can handle N servers at normal load, and N/4 at peak load, or what have you. Then you know to only start up a quarter of your systems at any one time, and stagger boots (or just increase capacity to cover full synchronised peak load). From rossbernheim at gmail.com Wed Mar 18 10:11:26 2015 From: rossbernheim at gmail.com (Ross Bernheim) Date: Wed, 18 Mar 2015 10:11:26 -0700 Subject: [conspire] check out AC power (Watt)meter (What's Your Watt?/...) from library In-Reply-To: <20150318104418.GJ26733@zork.net> References: <20150318023335.15866bjolk8uepgc@webmail.rawbw.com> <20150318104418.GJ26733@zork.net> Message-ID: <584DF350-97C9-43EF-8C9A-68CC76B69E5A@gmail.com> One thing to remember about the Kill A Watt and similar consumer power/watt meters is that they are meant for lights and appliances and while they will easily measure a refrigerator or 100W light bulb, they are not accurate at low power levels. The accuracy at low levels, typically below seven watts is not terribly useful. As we move to LED light bulbs that only draw a few watts and very low power computers with solid state drives these meters may give inaccurate results. One suggestion is to use a multi-outlet power strip and pair the device you want to check with another device such as a light bulb that is a constant load above ten watts so that you can accurately measure it then add the load you want to test and measure the increased load accurately. All test equipment has limitations and you need to know what they are so you can assure the accuracy of your measurements. Ross > On Mar 18, 2015, at 3:44 AM, Nick Moffitt wrote: > > Michael Paoli: >> One can check out AC power Wattmeter (What's Your Watt?) from >> library. > > These devices are really useful for installations where you have a lot > of devices running. You can accurately measure median loads, sample and > get a rolling average, and take note of peak load (typically on startup > for devices that have spinning rust). > > It's also amazing to look at two identical pieces of hardware and notice > that they have dramatically different power loads. Often you can trace > that to software load differences, and make adjustments as necessary. > > But of course the best reason is for energy savings and capacity > planning. You can work out that your mains bus can handle N servers at > normal load, and N/4 at peak load, or what have you. Then you know to > only start up a quarter of your systems at any one time, and stagger > boots (or just increase capacity to cover full synchronised peak load). > > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire From rick at linuxmafia.com Wed Mar 18 14:27:19 2015 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 18 Mar 2015 14:27:19 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150317134806.GA14836@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150316123605.GO23366@linuxmafia.com> <20150317083820.GQ23366@linuxmafia.com> <20150317134806.GA14836@linuxmafia.com> Message-ID: <20150318212719.GL23366@linuxmafia.com> As a brief follow-up on this one bit: > The lower end, which is what low-power is considered to be, rightly or > wrongly, is dominated within the hardware industry by the > embedded-computing mindset (that surrounds ARM). As Don Marti will tell > you (he having been Editor of _Embedded Linux Journal_ for some years, > the embedded-computing offshoot of _Linux Journal_, secrecy and > proprietary components are totally routines in the embedded space. GPL > enforcement against embedded-computing hardware companies typically > fails for a number of reasons including chipset churn being so rapid > that the violator can just stall for a few months until the model in > question gets EOLed and then says 'Hey, we've ceased violating.' Rapid > chipset churn also means that reverse-engineering is less fruitful > because so many things are moving targets. The very high rate of chipset churn is related to another aspect: In embedded computing (as an industry), the expectation is that nothing needs to be upgradeable, because you're expected to just throw the thing away and get a newer one, rather than upgrade it. E.g., normal non-developer people with Android smartphones aren't expected to ever upgrade Android. They're expected to get new 'phones. And this mindset is absolutely routine in ARM-based computing, which is basically embedded computing. So, those of us who expect to run secure, fixed, updated kernels are regarded as freaks and outside the target market. Smartphones and tablets are likely to remain security nightmares, for that reason alone, and the mindset stands in the way IMO of the hardware being good for Linux use. From rick at linuxmafia.com Wed Mar 18 14:44:14 2015 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 18 Mar 2015 14:44:14 -0700 Subject: [conspire] check out AC power (Watt)meter (What's Your Watt?/...) from library In-Reply-To: <584DF350-97C9-43EF-8C9A-68CC76B69E5A@gmail.com> References: <20150318023335.15866bjolk8uepgc@webmail.rawbw.com> <20150318104418.GJ26733@zork.net> <584DF350-97C9-43EF-8C9A-68CC76B69E5A@gmail.com> Message-ID: <20150318214414.GM23366@linuxmafia.com> Quoting Ross Bernheim (rossbernheim at gmail.com): > One suggestion is to use a multi-outlet power strip and pair the device you want > to check with another device such as a light bulb that is a constant load above > ten watts so that you can accurately measure it then add the load you want to > test and measure the increased load accurately. That's an excellent idea. Gets the measured figures out of the noise floor. From olanna at gmail.com Wed Mar 18 17:46:45 2015 From: olanna at gmail.com (olanna at gmail.com) Date: Wed, 18 Mar 2015 17:46:45 -0700 Subject: [conspire] Chefcon in Santa Clara Message-ID: Hi I was wondering if anyone is going to chef con. If you're interested in sharing a room, please let me know. I'm female, neat and quiet. Thanks, Ola -------------- next part -------------- An HTML attachment was scrubbed... URL: From togo at of.net Wed Mar 18 17:47:41 2015 From: togo at of.net (Tony Godshall) Date: Wed, 18 Mar 2015 17:47:41 -0700 Subject: [conspire] check out AC power (Watt)meter (What's Your Watt?/...) from library In-Reply-To: <584DF350-97C9-43EF-8C9A-68CC76B69E5A@gmail.com> References: <20150318023335.15866bjolk8uepgc@webmail.rawbw.com> <20150318104418.GJ26733@zork.net> <584DF350-97C9-43EF-8C9A-68CC76B69E5A@gmail.com> Message-ID: I certainly concur that the display does not have much resolution and thus cannot properly measure the instantaneous power use of cell phone chargers, led lights, etc. It's also a poor measure of average electric use of a refrigerator, a heater, anything with a thermostat, anything that turns on and off. And that includes a computer, which can turn fan on and off, hard drive on and off, cpu clock up and down, even shut down and fire up cpus as load requires. However I've been able to get values that seemed credible to me by measuring the total kwh over enough time, and then dividing by the number of hours, both figures being readily available from the kill-a-wat, which costs, IIRC, $20 or so at Fry's. Don't spend the extra money on the "easier to use" model- it's pointlessly dumbed down. At that price, it's good thing to have around. Turns out that fancy German fridge with the dual variable speed compressors will pay for itself. Eventually. Mostly what we like about it is that it is counter depth and narrow and tall. And has no ice-maker to break. On Wed, Mar 18, 2015 at 10:11 AM, Ross Bernheim wrote: > > One thing to remember about the Kill A Watt and similar consumer power/watt meters > is that they are meant for lights and appliances and while they will easily measure > a refrigerator or 100W light bulb, they are not accurate at low power levels. > > The accuracy at low levels, typically below seven watts is not terribly useful. As > we move to LED light bulbs that only draw a few watts and very low power > computers with solid state drives these meters may give inaccurate results. > > One suggestion is to use a multi-outlet power strip and pair the device you want > to check with another device such as a light bulb that is a constant load above > ten watts so that you can accurately measure it then add the load you want to > test and measure the increased load accurately. > > All test equipment has limitations and you need to know what they are so > you can assure the accuracy of your measurements. > > Ross > > > > >> On Mar 18, 2015, at 3:44 AM, Nick Moffitt wrote: >> >> Michael Paoli: >>> One can check out AC power Wattmeter (What's Your Watt?) from >>> library. >> >> These devices are really useful for installations where you have a lot >> of devices running. You can accurately measure median loads, sample and >> get a rolling average, and take note of peak load (typically on startup >> for devices that have spinning rust). >> >> It's also amazing to look at two identical pieces of hardware and notice >> that they have dramatically different power loads. Often you can trace >> that to software load differences, and make adjustments as necessary. >> >> But of course the best reason is for energy savings and capacity >> planning. You can work out that your mains bus can handle N servers at >> normal load, and N/4 at peak load, or what have you. Then you know to >> only start up a quarter of your systems at any one time, and stagger >> boots (or just increase capacity to cover full synchronised peak load). >> >> _______________________________________________ >> conspire mailing list >> conspire at linuxmafia.com >> http://linuxmafia.com/mailman/listinfo/conspire > > > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire -- -- Best Regards. This is unedited. This message came out of me via a suboptimal keyboard. From dmarti at zgp.org Wed Mar 18 21:21:57 2015 From: dmarti at zgp.org (Don Marti) Date: Wed, 18 Mar 2015 21:21:57 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150316111109.GN23366@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> Message-ID: <20150319042157.GB18331@rosmarinus> begin Rick Moen quotation of Mon, Mar 16, 2015 at 04:11:09AM -0700: > Here, finally, is a series of fanless mini-PCs based on the AMD E1 > Micro-6200T 'Mullins' SoC, including one with two LAN ports: > http://www.fit-pc.com/web/products/fitlet/fitlet-i/ > Looks like variants based on the higher-end A10-6700T SoC can now also > be ordered. Wow -- that looks ideal, thank you. Also has 2 HDMI displays so can set it up to also run Synergy as extra workspace, or something. Guess I'll wait until they're back in stock, maybe set up a temporary NAT box with an old laptop until them. -- Don Marti http://zgp.org/~dmarti/ dmarti at zgp.org From dmarti at zgp.org Wed Mar 18 21:05:26 2015 From: dmarti at zgp.org (Don Marti) Date: Wed, 18 Mar 2015 21:05:26 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150318212719.GL23366@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150316123605.GO23366@linuxmafia.com> <20150317083820.GQ23366@linuxmafia.com> <20150317134806.GA14836@linuxmafia.com> <20150318212719.GL23366@linuxmafia.com> Message-ID: <20150319040526.GA18331@rosmarinus> begin Rick Moen quotation of Wed, Mar 18, 2015 at 02:27:19PM -0700: > The very high rate of chipset churn is related to another aspect: In > embedded computing (as an industry), the expectation is that nothing > needs to be upgradeable, because you're expected to just throw the thing > away and get a newer one, rather than upgrade it. Yes, let's make all the devices on the market have the glass go as close to the edge as possible. Because it looks cool. And people are more likely to buy a device that has a few mm of cool-looking extra glass on the edge, beyond the actual display area, than a device that can survive a drop. > E.g., normal non-developer people with Android smartphones aren't > expected to ever upgrade Android. They're expected to get new 'phones. > And this mindset is absolutely routine in ARM-based computing, which is > basically embedded computing. When the hardware is designed to shatter (ignoring the don't make the glass go too close to the edge lessons of every portable device ever made, from radios to multimeters) the software might as well be disposable, too. Also, you can hire the guys who took the short bus to law school to write your software licenses... http://mer-project.blogspot.com/2015/03/some-doubts-about-gpl-licensing-and-bq.html > So, those of us who expect to run secure, fixed, updated kernels are > regarded as freaks and outside the target market. > > Smartphones and tablets are likely to remain security nightmares, for > that reason alone, and the mindset stands in the way IMO of the hardware > being good for Linux use. Speaking of Android.... http://arxiv.org/pdf/1502.06577v1.pdf Have a look at the table on page 3. Yes, Google AdMob sends "user age" and "user gender" over un-encrypted HTTP (!) (Fair warning: when I do set up my new Linux router (thanks all for recommendations), I'm going to have it sniff this.) -- Don Marti http://zgp.org/~dmarti/ dmarti at zgp.org From rick at linuxmafia.com Wed Mar 18 23:05:29 2015 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 18 Mar 2015 23:05:29 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150319042157.GB18331@rosmarinus> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150319042157.GB18331@rosmarinus> Message-ID: <20150319060529.GN23366@linuxmafia.com> Quoting Don Marti (dmarti at zgp.org): [my posting of a CompuLab Fitlet description and URL:] > Wow -- that looks ideal, thank you. Also has 2 HDMI displays so can > set it up to also run Synergy as extra workspace, or something. Guess > I'll wait until they're back in stock, maybe set up a temporary NAT > box with an old laptop until them. It always struck me that old laptops ought to make fine ad-hoc appliance hosts. You get low power, quiet operation, and an onboard UPS. Having two NICs might take some work, depending. Those CompuLab guys do brilliant engineering. Maybe someone who's less of a hardware amateur could explain to me why the Fitlet has an 8GB ceiling on RAM. Dana alluded upthread to some 'Avoton' Atom CPUs maxing out at 64GB (vs. 8GB) because they were designed to be server-grade.[0] (I'm not hopeless at understanding this stuff, but am catching up on new x86_64 hardware after ceasing ot do so around 2006.) /me Web-searches. 2013 architecture review of the Avoton with block diagrams and such: http://techreport.com/review/25311/inside-intel-atom-c2000-series-avoton-processors Very much better than all the lackluster Bay Trail 'Atom' stuff out there. it's capable of true 64-bit addressing Yeah, that. A lot of online discussions of newish hardware burble at length about how many 'lanes' of PCIe and how many channels are available to address SDRAM, but I keep thinking 'Wait, wasn't one of the key benefits of x86_64 over i386 the expansion of RAM address space from 4GB to some reasonable subset of the theoretical 16 exabyte linear address space (2^64)? What I remember is that x86_64 real-world designs were supposed to have 48-bit pinouts, and 2^48 is 256 terabytes. So, machines with a 8GB limit (like the Fitlet, or most Atom-based machines) means some cheapskate has limited some key hardware component -- CPU address pins and decoder circultry? -- to just a _single_ bit more than what an i386 box could do. The 'Avoton' Atom CPUs would thus seem to be achieving 2^36 (64GB) RAM addressing. I'm jetlagged at the moment, so I'm likely missing something (and won't swear to my math being exactly right), but, well, if what all this means is the pernicious effect of price pressure, that's kind of sad. RAM is cheap, and buying the ability to expand it is thus cheap future-proofing (not to mention virtualisation). The Fitlet is so terrific that I hesitate to cavil over something like its 8GB RAM limit, but, knowing that the AMD A10-6700T SoC and others of its Beema/Mullins 'Puma' architecture class can address 32GB (I _think_?), it seems a shame they didn't go higher. I might be wrong: 8GB might be the max you can get with 'Puma'. I do know that that ASRock / Kabini ('Jaguar' architecture) bundle I cited from Newegg[1] can handle 32GB -- and 'Puma' (Beema/Mullins) was the 2014 successor to 2013's 'Jaguar' (Kabini/Temash) architecture. [0] Everybody loves ECC for 'server-grade' gear, except for when you have to write the cheque. Personally, in my long experience, I've found that the Linux kernel tells you very, very clearly when you have bad RAm, though patterns of segfaulting and spontaneous rebooting that are unmistakeable. Given that, and choosing to not run a more oblivious OS such as MS-Windows, why blow the money on ECC? Not worth it, in my view. [1] http://www.newegg.com/Product/Product.aspx?Item=N82E16813157518 Note $79 for motherboard and SoC. If you suspect I'm leaning towards buying one of these bundles plus a compact mini-iTX case, 32GB RAM, and an SSD or two, you'd be correct. From nick at zork.net Thu Mar 19 01:27:45 2015 From: nick at zork.net (Nick Moffitt) Date: Thu, 19 Mar 2015 08:27:45 +0000 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150319040526.GA18331@rosmarinus> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150316123605.GO23366@linuxmafia.com> <20150317083820.GQ23366@linuxmafia.com> <20150317134806.GA14836@linuxmafia.com> <20150318212719.GL23366@linuxmafia.com> <20150319040526.GA18331@rosmarinus> Message-ID: <20150319082745.GA26733@zork.net> Don Marti: > http://arxiv.org/pdf/1502.06577v1.pdf > Have a look at the table on page 3. Yes, Google AdMob sends "user > age" and "user gender" over un-encrypted HTTP (!) This is why nobody pesters people with A/S/L any more. From rick at linuxmafia.com Thu Mar 19 02:37:20 2015 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 19 Mar 2015 02:37:20 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150319060529.GN23366@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150319042157.GB18331@rosmarinus> <20150319060529.GN23366@linuxmafia.com> Message-ID: <20150319093720.GA11378@linuxmafia.com> Something similar to the ASRock motherboard / AMD SoC bundle cited here... > http://www.newegg.com/Product/Product.aspx?Item=N82E16813157518 > Note $79 for motherboard and SoC. If you suspect I'm leaning towards > buying one of these bundles plus a compact mini-iTX case, 32GB RAM, and > an SSD or two, you'd be correct. ...is this similar ECS motherboard / AMD SoC bundle, which is _fanless_, thus totally silent: http://www.newegg.com/Product/Product.aspx?Item=N82E1681313536 Fanless operation is possible because it uses an AMD E1-2100, which is a dual-core "Kabini" SoC (9W TDP) -- cf. the fan-cooled quad-core AMD A4-5000 'Kabini' (15W TDP) bundled with the ASRock. Motherboard is an Elitegroup Computer Systems (ECS) KBN-I mini-ITX board. Linux-oriented review at a different site, here: http://linuxgizmos.com/rugged-mini-itx-board-runs-amd-kabini-system-on-chip/ Reading the Newegg customer reviews on the ECS bundle is interesting. You have to ignore 2/3 that are from Windows users whining about how they need more CPU power. The Linux users are generally happy. Major points to note: o The Realtek 8111E ethernet chipset isn't great (no surprise; it's Realtek), and you'll want a kernel, e.g., Debian Jessie or CentOS 6.2. (I believe a mini-PCIe card with one or more Intel NIC is pretty cheap, if the RealTek is a problem.) Grumbling from Ubuntu people not smart enough to use leading-edge releases must be discounted along with the MS-Windows people. o Total _system_ AC draw (presumably with SSD) is said to be about 6-8W in normal use. Another says with a hard drive it's 13W at idle, 20W loaded. Either way, pretty amazing -- down in Raspberry Pi territory. o ATX PSU needs to be one with a 24-pin connector, not 20-pin. o Some customers claim ECS has questionable QA, e.g., infant mortality and replacement. Doesn't seem like a company with lots of friends. (I've never heard of it before, FWIW.) o Against all odds, this board/SoC combo is fast enough for home theatre PC duty, though it's no speed demon. Loved one reviewer's characterisation of the machine as a 'phone chip glued on a micro board'. I get the vibes that ASRock's motherboards are maybe more solid -- but I'm new to this market and don't know the players. Don, you wanted silent. This meets spec for your project (w/NIC board in one of the 2 PCIe slots, to give you that second NIC). Newegg customer reviews say cost of the combo is about $30 after ECS's rebate -- which, again, makes this a Pi competitor. From rick at linuxmafia.com Thu Mar 19 03:20:40 2015 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 19 Mar 2015 03:20:40 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150319093720.GA11378@linuxmafia.com> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150319042157.GB18331@rosmarinus> <20150319060529.GN23366@linuxmafia.com> <20150319093720.GA11378@linuxmafia.com> Message-ID: <20150319102040.GR23366@linuxmafia.com> Fixing a word omission caused by jetlag: > o The Realtek 8111E ethernet chipset isn't great (no surprise; it's > Realtek), and you'll want a kernel, e.g., Debian Jessie or CentOS 6.2. ^ recent Realtek reliably fields network chips that are OK but no great prize, and are of the 'I wish they'd used an Intel e1000 but this will do' variety. In this case, the 8111E ethernet chip is gratuitously different enough from prior Realtek chips that you need a _current_ distro with a _current_ set of drivers (and kernel), else it is likely to get misrecognised as a different Realtek chip, putting you through hassles where (on older distros) you have to 'blacklist' the wrong driver to force use of the correct one. The ASRock combo has the same slightly cheesy Realtek LAN chip, FWIW. (Basically, a Realtek network chip is a sign of cheapness but not a catastrophe. Kind of like Broadcom and Marvell chips.) From togo at of.net Thu Mar 19 11:10:19 2015 From: togo at of.net (Tony Godshall) Date: Thu, 19 Mar 2015 11:10:19 -0700 Subject: [conspire] glass to the edge [Re: Quiet, Freedom-compatible NAT/firewall/misc box?] Message-ID: ... > Yes, let's make all the devices on the market > have the glass go as close to the edge as possible. > Because it looks cool. And people are more likely to > buy a device that has a few mm of cool-looking extra > glass on the edge, beyond the actual display area, > than a device that can survive a drop. amazingly a polycarbonite thin-shell that sticks about 0.3mm above the glass makes a huge difference. the snap-on kind, not the snap-together crap. I would have killed my oneplus a dozen times by now, how many times i have dropped it on concrete Tony From rick at linuxmafia.com Thu Mar 19 13:35:53 2015 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 19 Mar 2015 13:35:53 -0700 Subject: [conspire] [OT]* PowerPoint karaoke Message-ID: <20150319203553.GG4018@linuxmafia.com> All my life, I've been waiting for this: http://www.wsj.com/articles/powerpoint-karaoke-brings-stress-relief-to-silicon-valleys-embattled-office-workers-1426728632 PowerPoint Karaoke Brings Stress Relief to Silicon Valley's Embattled Office Workers 'PowerPoint karaoke' pits players in improv slideshows, whales, chest hair [...] The mix of improvised comedy and corporate-culture takedown is based on a simple notion: Many PowerPoint presentations are unintentional parody already, so why not go all the way? [...] At a February PowerPoint karaoke show in San Francisco, contestants were given pairings of topics and slides ranging from a self-help seminar for people who abuse Amazon Prime, with slides including a dog balancing a stack of pancakes on its nose, to a sermon on 'Fifty Shades of Grey,' with slides including a pyramid dotted with blocks of numbers. Another had to explain the dating app Tinder to aliens invading the Earth, accompanied by a slide of old floppy disk drives, among other things. My favourite bit of this article is a guest appearance by Never Say Anything: Ubiquity has a downside: When former National Security Agency contractor Edward Snowden leaked information about the agency's digital-surveillance programs, commenters panned the agency's slidework. An architecture and design columnist for the Guardian newspaper said the NSA's PowerPoints looked 'like the work of a drunken toddler, high on the potentials of AutoShapes and WordArt.' An NSA spokeswoman didn't respond to a request for comment. * As if that weren't apparent from the title. From rick at linuxmafia.com Thu Mar 19 23:27:11 2015 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 19 Mar 2015 23:27:11 -0700 Subject: [conspire] Partly as a reminder about the Sat. March 28 CABAL meeting Message-ID: <20150320062711.GZ23123@linuxmafia.com> ----- Forwarded message from Ken Bernard ----- Date: Thu, 19 Mar 2015 22:59:33 -0700 From: Ken Bernard To: installers at linuxmafia.com Subject: I hope to attend CABAL Sat. March 28 Hi Rick- I hope to attend the CABAL installfest on March 28. I hope to install Ubuntu 12.04.5 LTS or 14.04.2 LTS on an old Lenovo ThinkPad T61. The laptop was new when Windows XP was being retired. I don't know if we will be successful in getting Ubuntu working on it, but it would save me the hassle of buying a new laptop. I have downloaded the distros and burned them to disc, which I will bring. See you next week Ken Bernard ----- End forwarded message ----- ----- Forwarded message from Rick Moen ----- Date: Thu, 19 Mar 2015 23:20:39 -0700 From: Rick Moen To: Ken Bernard Subject: Re: I hope to attend CABAL Sat. March 28 Organization: If you lived here, you'd be $HOME already. Quoting Ken Bernard (kenbernard at gmail.com): > I hope to attend the CABAL installfest on March 28. I hope to install > Ubuntu 12.04.5 LTS or 14.04.2 LTS on an old Lenovo ThinkPad T61. The laptop > was new when Windows XP was being retired. Hi, Ken! I have high confidence of no problems. The T60 series was a really good one that by around 2008 had really excellent Linux support. ----- End forwarded message ----- From dmarti at zgp.org Fri Mar 20 06:57:57 2015 From: dmarti at zgp.org (Don Marti) Date: Fri, 20 Mar 2015 06:57:57 -0700 Subject: [conspire] Quiet, Freedom-compatible NAT/firewall/misc box? In-Reply-To: <20150319082745.GA26733@zork.net> References: <20150314024111.GA18236@rosmarinus> <20150316103822.GM23366@linuxmafia.com> <20150316111109.GN23366@linuxmafia.com> <20150316123605.GO23366@linuxmafia.com> <20150317083820.GQ23366@linuxmafia.com> <20150317134806.GA14836@linuxmafia.com> <20150318212719.GL23366@linuxmafia.com> <20150319040526.GA18331@rosmarinus> <20150319082745.GA26733@zork.net> Message-ID: <20150320135757.GA32625@rosmarinus> begin Nick Moffitt quotation of Thu, Mar 19, 2015 at 08:27:45AM +0000: > Don Marti: > > http://arxiv.org/pdf/1502.06577v1.pdf > > Have a look at the table on page 3. Yes, Google AdMob sends "user > > age" and "user gender" over un-encrypted HTTP (!) > > This is why nobody pesters people with A/S/L any more. Time to review iptables string matching. "Hi there, my router says you're into [user interest]..." This is also why it's a win to have an audio out on your router. (Yes, AdMob is on Apple iOS too, not just Android.) I knew there was a reason I was building my own router and not just buying one. -- Don Marti http://zgp.org/~dmarti/ dmarti at zgp.org From rick at linuxmafia.com Fri Mar 20 15:43:43 2015 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 20 Mar 2015 15:43:43 -0700 Subject: [conspire] The end of PerlHoo? Message-ID: <20150320224343.GB23366@linuxmafia.com> tl;dr: Any Perlista want to fix an XSS problem in a simple 100-line Perl CGI? This is a story about how the world changes. Once Upon a Time ---------------- In the halcyon dot-com year 1999, there was a Perl teaching project called PerlHoo in three articles by Jonathan Eisenzopf. Which I didn't notice until four years later. In our continuing effort to save the world in less than one hundred lines of Perl code, we will now embark on a quest to build a complete Yahoo-like Web directory. The evolution of PerlHoo will occur over the next few issues of Mother of Perl. In this issue, we will build a simple implementation in (you guessed it) less than 100 lines of code. http://www.webreference.com/perl/tutorial/2/ http://www.webreference.com/perl/tutorial/3/ http://www.webreference.com/perl/tutorial/5/ It was a nice little project for 1999. I found it in 2003, it being exactly what I needed to organise my appalling sprawl of public ASCII files. I also found and expanded a Python script to HTMLise the ASCII information files I most cared about. Setting up PerlHoo is easy. A little Apache HTTPd logic permits the PerlHoo CGI to display a virtual webspace directory tree at URL http://linuxmafia.com/kb/ ('kb' for knowledgebase) by parsing a file in any directory of the underlying physical tree (/var/www/faq/, on my server) to parse comma-separated file perlhoo.csv and construct/display an index.html file based on the CSV values. Each line (entry) of the CSV file could point to any URL, either local or remote. You can see the guts of the tree at http://linuxmafia.com/faq/, where the perlhoo.csv file in each folder gets parsed to make index.html for the corresponding virtual webspace folder in http://linuxmafia.com/kb/ . PerlHoo was exactly what I needed -- as opposed to all the hideously overengineered CMSes and wikis people suggested when I described the problem. The problem was: 'I have HTMLised local files, plus interesting remote pages, and I'd like to organise them on my Web site. You know, like the old Yahoo hierarchical catalogue.' All of the dozens of suggestions from LUG people were -- sorry -- inane and Didn't Get It. But I saw PerlHoo and said 'Yes. Exactly like that.' PerlHoo had one other function as well, little-used on my site, and this is where things started to go wrong in early days. The virtual webspace allowed the public to submit candidate URLs to add. Just like the old Yahoo Web directory. Anyone spotting the first snake in this Garden of Eden? Anyone? Bueller? Comment Spam ------------ Anyone running any site that accepts _any_ kind of HTTP POST or GET submissions knows this one: Spammers and scammers blanket the Internet with automated bots probing all advertised services (including of course Web servers and their pages), looking for places to spamvertise. PerlHoo's submission feature is completely devoid of any attempt to block this. Results are predictable -- but not a big problem. Example from the Knoledgebase's Admin folder: linuxmafia:/var/www/faq/Admin# ls -l perlhoo* -rw-r--r-- 1 rick rick 6601 Jul 8 2013 perlhoo.csv -rw-r--r-- 1 rick rick 6486 Feb 23 2012 perlhoo.csv~ -rw-r--r-- 1 www-data www-data 1748 Mar 2 2014 perlhoo_new.csv linuxmafia:/var/www/faq/Admin# perlhoo_new.csv is the submissions from the public. (perlhoo.csv is the curated and dislayed Web diretory for the Admin category.) Once in a long while -- almost never, really, I've looked through the perlhoo_new.csv files, and maybe a dozen times over 12 years or so has there been a human-submitted entry. All the rest is inane comment spam. (The dozen or so exceptions tends to be people who didn't quite get what each folder was for, or were trying to promote their Web sites, the usual random noise. Maybe three were ever submissions i liked and moved to perlhoo.csv.) So, that part of PerlHoo was a failure for lack of spam control. But it can be just ignored. Some folders, I just chowned perlhoo_new.csv so the Apache user could no longer write to it, because the feature was effectively useless. But I modestly updated Jonathan's CGI to make it serve valid HTML 4.01 Transitional, and otherwise just loved it for what it was: a simple, elegant solution to a simple problem. (Jonathan never touched it after his 1999 teaching article. In software-engineering terms, it's orphaned code. Or, if you're more of a glass-half-full person, it's a finished project.) You Have to Sanitise Public Data -------------------------------- I don't want to belittle Jonathan Eisenzopf. I love PerlHoo. But the second thing he completely failed to do was sanitise input data. PerlHoo's CGI takes an incoming URL from the user's Web browser and says 'Oh, you want the virtual webspace index for _this_ directory.' But what if what's submitted is not just the intended URL? Did Jonathan make sure contrived data sent to the CGI couldn't trick it into doing something stupid? No, he did not. Date: Thu, 19 Mar 2015 22:11:22 +0000 From: Ayoub Tabout To: bofh at linuxmafia.com Subject: XSS Vuln. in your website Hi, i've discovred The XSS Vuln. in a subdomain on your website that may enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Here's the url : http://linuxmafia.com/kb/Kernel%27%22%3E%3C/title%3E%3Cscript%3Ealert%280%29%3C/script%3E%27%22%3E%3Cmarquee%3E%3Ch1%3EXSS%20found%3C/h1%3E%3C/marquee%3E Aw, crud. That's a design flaw in PerlHoo that I probably _shouldn't_ just ignore, because it's a security hole. Ironically, it's not usable to attack my site. It's usable to attack other sites via reflecting attacks through mine. Ayoub was kind enough to tell me that PerlHoo completely punts -- fails -- on one task that all Web applications must do. It needs to parse input data to make sure it cannot be used to encode, say, a second attack URL that the serving HTTPd process then gets tricked into serving up to the user, making the user carry out targeted attacks against the user him/herself or against third-party Web sites. This is called a 'cross-site scripting' (abbreviated XSS) vulnerability. http://en.wikipedia.org/wiki/Cross-site_scripting XSSes are a little difficult to wrap your brain around, and a subtle concept. The threat model involve a deliberate violation of 'same orgin policy', where the contrived URL causes content from two places to get served in a goulash so that untrustworthy content (from, say, evilsite.com) gets mixed into content the user trusts (from, say, Linuxmafia.com Knowledgebase). Someone could put up in webspace a link to what's _claimed_ to be a Linuxmafia.com Knowledgebase entry. The link's URL would indeed be to linuxmafia.com's PerlHoo CGI, but the URL would also include encoded links to 'malicious' content offsite. And PerlHoo would then fail to notice the chicanery and fail to disable the active content reference being passed through it to the user. Ayoub proved that PerlHoo provided no protection against it being fooled in this fashion -- just as Jonathan failed to include any protection against comment spam. The threat model isn't an attack on linuxmafia.com. It's an attack on users of linuxmafia.com. The reason I'm obliged to care is that I want you to get linuxmafia.com content and not hidden redirects to evilsite.com when you are seeing my Knowledgebase on your screen. A Simple Matter of Programming ------------------------------ OK, you are saying. Retrofit input sanitising into PerlHoo. Sure. I'll get right on that. Except I'm (1) not good and Perl, and (2) so backlogged I can't reasonably take this on. Or rather I shouldn't. Way too much on my plate, especially since I moderately suck as a Perlista. (Never claimed to be one.) Here's PerlHoo (updated by me to serve valid HTML): http://linuxmafia.com/pub/linux/apps/perlhoo-linuxmafia-1.21.tar.gz I will say: Jonathan writes nice, clean Perl that's a pleasure to read. I just am a bit stumped about how to add some lines to sanitise the submitted URL line that PerlHoo defangs, e.g. puts inside comment tags or whatever, any URI that's not supposed to be there. Any actual Perlist willing to try to fix it? Maybe splicing in a call to extra CPAN module Filter::Handle::Tainted , the way one of the Perlmonks suggests here? http://www.perlmonks.org/?node_id=224782 I really don't know what's the sanest way to code an adequate fix. Maybe you, the reader, do. Any Perl coder want to fix this, I'll buy you dinner, or a six-pack of $GOODBEER, or a nice bottle of wine. Say Goodbye to PerlHoo? ----------------------- If I can't fix it in maybe a week, I'll probably just convert the CGI-generated index file for each folder into a static HTML file and remove PerlHoo. Honestly, I've never gotten any mileage out of PerlHoo's theoretical dynamic features, so it might as well be flat HTML, and the content will be exactly the same. From rick at linuxmafia.com Fri Mar 20 16:14:20 2015 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 20 Mar 2015 16:14:20 -0700 Subject: [conspire] (forw) Re: Ancient hardware [Was: Can Ubuntu 14.04 not install on a new HD?] Message-ID: <20150320231420.GD23366@linuxmafia.com> GMTA. ;-> ----- Forwarded message from Craig Sanders ----- Date: Sat, 21 Mar 2015 08:32:18 +1100 From: Craig Sanders To: luv-main at luv.asn.au Subject: Re: Ancient hardware [Was: Can Ubuntu 14.04 not install on a new HD?] On Thu, Mar 19, 2015 at 03:38:41PM +1100, Erik Christiansen wrote: > > I'm actually surprised there's enough memory in the machine to run > > a modern desktop environment and web browser. A 2004 era machine > > probably only has between 0.1 and 0.5 GB of RAM. I think? > > It's now a bit newer (VIA C7), and has a whole 1 GB, so no drama > there. that's a 32-bit CPU from Sep 2006, nearly 9 years old. are you aware that you can upgrade to a modern machine for under $170? e.g. the cheapest current parts combo i can find at MSY today is: AMD A4-7300 64-bit dual-core CPU + GPU $58 ASRock A58M-HD+ motherboard $65 4G Kit DDR3-1333 RAM (2x2GB) $46 if the RAM in your current mb is DDR3 (it probably isn't), you could put off buying the new ram for a while, but 1GB isn't really adequate for a modern desktop any more. the machine will likely be swapping to disk by the time it finishes booting and you login even with a "light" desktop like xfce or lxde, let alone start running memory hogs like iceweasel or chromium. you've already got yourself a new drive but if you hadn't, you can get a 64GB SSD for $56 these days. small but much faster than any mechanical drive. FYI, comparison of the A4-7300 with the C7: http://www.cpu-world.com/Compare/887/AMD_A4-Series_A4-7300_%28JA%29_vs_VIA_C7-D_1800_400.html note that the max power usage of the A4-7300 is 65W versus 20W for the C7 - but the A4-7300 includes a built-in Radeon R3 graphics processor. if your current graphics card is as old as your mb and cpu, then it probably uses at least 30-40W anyway, and isn't anywhere near as good as the R3....9+ years is a LONG time in the evolution of GPUs. also, FYI, the Intel G1840 (a dual-core 64-bit celeron with built-in graphics) costs $55 but the cheapest Haswell Refresh motherboards start at nearly twice the price of the cheapest AMD FM2+ motherboards....and Intel, as usual, sucks at upgradability. once again you have to discard your old m/b if you want to upgrade to the new generation of CPUs. AMD OTOH generally keep the same socket for at least two generations so you can keep upgrading your CPU without having the expense and waste of a new motherboard. (the asrock m/b above can take any FM/FM2+ CPU up to the current A10-7850K CPU, a quad-core 4Ghz CPU with Radeon R7 graphics for $199, and probably several future CPUs too) this upgradability issue is the main reason I haven't switched back to Intel CPUs. the latest Intel chips are undeniably better than the current AMD CPUs, but the initial expense of switching (new mb and new CPU, maybe new RAM) is much higher and intel's history with socket changes tells me I'd have the same high expenses in future every time i upgraded. my current machine is good enough for now, so i'll just wait until AMD releases an upgraded CPU i can swap in. craig -- craig sanders _______________________________________________ luv-main mailing list luv-main at luv.asn.au http://lists.luv.asn.au/listinfo/luv-main ----- End forwarded message ----- From rick at linuxmafia.com Sat Mar 21 21:46:23 2015 From: rick at linuxmafia.com (Rick Moen) Date: Sat, 21 Mar 2015 21:46:23 -0700 Subject: [conspire] (forw) Re: Ancient hardware [Was: Can Ubuntu 14.04 not install on a new HD?] Message-ID: <20150322044623.GD23768@linuxmafia.com> Probable answer to the question of _why_ the 2014 AMD low-power SoCs can drive only 8GB RAM maximum, while their immediate predecessors (such as Kabini SoCs) from 2013 can drive 4x as much. It's because the motherboards have two DIMM sockets, and the particular flavour of low-power DDR3 DIMMs required aren't available in higher density than 4GB per stick. Ergo, 8GB max. So, it's not the SoC but the RAM itself. ----- Forwarded message from Rick Moen ----- Date: Sat, 21 Mar 2015 19:35:42 -0700 From: Rick Moen To: luv-main at luv.asn.au Subject: Re: Ancient hardware [Was: Can Ubuntu 14.04 not install on a new HD?] Organization: If you lived here, you'd be $HOME already. Quoting Colin Fee (tfeccles at gmail.com): > AIUI it's an economic compromise made by CPU manufacturers and mobo > manufacturers. Sounds reasonable (and this is what I expected). Part of what I'm curious about (not asking _you_ specifically, but rather just putting the question out in the air) is whether this implementation compromise is, particularly in recently discussed SoCs and motherboards, imposed by the SoC or not. And which specific component or components create(s) it. Most particularly, I am curious whether I am wasting my time looking aroudn for motherboards compatible with AMD's 2014 'Puma' series of SoCs (the Beema and Mullins series) capable of supporting more than 8GB of RAM -- because to the extent I find Beema/Mullins used, which is distressingly rare, I see 8GB limits. [RM: snipping the rest] -- Cheers, I'm ashamed at how often I use a thesaurus. I mean bashful. Rick Moen Embarrassed! Wait--humiliated. Repentant. Chagrined! Sh*t! rick at linuxmafia.com -- @cinemasins McQ! (4x80) _______________________________________________ luv-main mailing list luv-main at luv.asn.au http://lists.luv.asn.au/listinfo/luv-main ----- End forwarded message ----- ----- Forwarded message from Craig Sanders ----- Date: Sun, 22 Mar 2015 15:11:03 +1100 From: Craig Sanders To: luv-main at luv.asn.au Subject: Re: Ancient hardware [Was: Can Ubuntu 14.04 not install on a new HD?] On Sat, Mar 21, 2015 at 04:17:02PM -0700, Rick Moen wrote: > Quoting Craig Sanders (cas at taz.net.au): > > > funnily enough, i have a similar reaction to most intel motherboards > > - their CPUs can be quite good, but the PCIe lines available and the > > I/O is minimal compared to AMD AM2/3/3+ CPUs and motherboards. > > Here's a question that stumps me just a bit: Why are so many x86_64 i know this question wasn't actually addressed to me, but i just wanted to say that i'm quite interested in this conversation but unable to continue at the moment because i'm getting ready to go into hospital tomorrow - i expect to be in for about 10-14 days (having my right polycystic kidney removed...the left one was removed last year and weighed 6.5 Kg or about 1 stone in archaic units) i probably wont have internet access because dealing with the hospital's wifi authentication system (they come around with a daily changed password sometime in the mid-to-late afternoon, which stops working abruptly at midnight when the password is changed) is way more hassle than it's worth. in any case, i expect i shall be making use of the magic morphine-on-demand button (max 1 hit every 15 minutes) for the first day or two. so, anyway, sorry for dropping out of the convo so abruptly - it's been interesting and educational and has spurred me to do more reading and research than i really have time for right now :) the only detail i've managed to find about the mullins/beema memory controllers is that they're both single channel and support up to two dimms. AFAICT they're both also DDR3-L (low power variant of ddr3), which only seeems to be available in 1, 2, and 4GB sticks at the moment. so that may be the source of the 8GB limit. craig ps: i have warned my surgeon that if i cark it on the operating table, i'll turn on the spot and he'll have a zombie outbreak to deal with. (i promised the same thing last year and the very first thing i said to my partner when i woke up after surgery was "braaaaaainzzzz". fortunately she had left her katana at home) -- craig sanders BOFH excuse #241: _Rosin_ core solder? But... _______________________________________________ luv-main mailing list luv-main at luv.asn.au http://lists.luv.asn.au/listinfo/luv-main ----- End forwarded message ----- From rhcom.linux at gmail.com Mon Mar 23 09:35:39 2015 From: rhcom.linux at gmail.com (Scott DuBois) Date: Mon, 23 Mar 2015 09:35:39 -0700 Subject: [conspire] [OT]* PowerPoint karaoke In-Reply-To: <20150319203553.GG4018@linuxmafia.com> References: <20150319203553.GG4018@linuxmafia.com> Message-ID: <20150323163539.GC22353@linux.roguehorse.com> On Thu, Mar 19, 2015 at 01:35:53PM -0700, Rick Moen wrote: > My favourite bit of this article is a guest appearance by Never Say Anything: > > Ubiquity has a downside: When former National Security Agency > contractor Edward Snowden leaked information about the agency's > digital-surveillance programs, commenters panned the agency's > slidework. An architecture and design columnist for the Guardian > newspaper said the NSA's PowerPoints looked 'like the work of > a drunken toddler, high on the potentials of AutoShapes and WordArt.' > > An NSA spokeswoman didn't respond to a request for comment. > > > * As if that weren't apparent from the title. Well, it's the backlash of recruiting uninformed college kids promised with delusions of grandeur and excitement while working for the government. I place a nice footer at the bottom of all my slides that says: "Created using LibreOffice" -- Scott DuBois "UNIX is basically a simple operating system, BSIT/SE you just have to be a genius to see the simplicity" EFF ID: 1731778 -- Ritchie -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: Digital signature URL: From deirdre at deirdre.net Wed Mar 25 23:08:43 2015 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Wed, 25 Mar 2015 23:08:43 -0700 Subject: [conspire] Script for wifi connections in gawk Message-ID: <622C2036-5F26-4EA3-B81D-1A2AA50A4E08@deirdre.net> bougeyman wrote a script that?s basically: 1. show what I can connect to 2. connect to it https://github.com/bougyman/wifish Without all the gui fluff and fold. Deirdre From rick at linuxmafia.com Thu Mar 26 02:22:27 2015 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 26 Mar 2015 02:22:27 -0700 Subject: [conspire] Script for wifi connections in gawk In-Reply-To: <622C2036-5F26-4EA3-B81D-1A2AA50A4E08@deirdre.net> References: <622C2036-5F26-4EA3-B81D-1A2AA50A4E08@deirdre.net> Message-ID: <20150326092227.GM17365@linuxmafia.com> Quoting Dire Red (deirdre at deirdre.net): > bougeyman wrote a script that?s basically: > > 1. show what I can connect to > 2. connect to it > > https://github.com/bougyman/wifish > > Without all the gui fluff and fold. Very nice, seems to hit a sweet spot. You see frequent travelers like Ted T'so posting about how much they regret that the only tool adequate to manage they're WiFi access to many different ESSIDs with different requirements is NetworkManager, which is a horribly overengineered GNOME thing with extremely excessive dependencies. You see people tell Ted 'You should try wicd', and so on, but doubt about adequacy of those alternatives. Wifish requires only wpa_supplicant, which is a low-level WiFi toolkit that is well regarded and supoorts diverse front ends. Wifish also requires GNU awk, which is what it's written in. https://wiki.archlinux.org/index.php/WPA_supplicant From nick at zork.net Thu Mar 26 08:01:20 2015 From: nick at zork.net (Nick Moffitt) Date: Thu, 26 Mar 2015 15:01:20 +0000 Subject: [conspire] Script for wifi connections in gawk In-Reply-To: <20150326092227.GM17365@linuxmafia.com> References: <622C2036-5F26-4EA3-B81D-1A2AA50A4E08@deirdre.net> <20150326092227.GM17365@linuxmafia.com> Message-ID: <20150326150120.GN18516@zork.net> Rick Moen: > Wifish also requires GNU awk, which is what it's written in. Note that for various reasons, Debian systems default to mawk, which is a far smaller implementation of POSIX awk. There are advantages to gawk over mawk, which I've used myself: http://zork.net/~nick/loyhargil/if/if.awk Yes that's a complete text adventure written in awk. If I were to do it in mawk, I'd probably need to move that call to `next` out of the `prompt()` function and put it after each call to it. Not great, but not a hardship. The more I study parser-based interactive fiction, the less silly I find the idea of doing it in awk as I did a decade ago. From rick at linuxmafia.com Sat Mar 28 01:33:30 2015 From: rick at linuxmafia.com (Rick Moen) Date: Sat, 28 Mar 2015 01:33:30 -0700 Subject: [conspire] CABAL, Saturday Mar. 28th Message-ID: <20150328083330.GD27171@linuxmafia.com> CABAL is _today_, Saturday 28th, 4pm to midnight. CABAL co-founder Duncan Mackinnon is here for a visit, and would be glad to see old friends. Joe Grosch, founder of Bay Area FreeBSD User Group, and his wife Lisa will be here. This will be the first _outdoor_ CABAL of this year, as we are predicted to have more of the current stunning weather. I will be cooking ribs outdoors on the barbecue, and making garlic bread with fresh local garlic and oregano. From rick at linuxmafia.com Sat Mar 28 11:53:49 2015 From: rick at linuxmafia.com (Rick Moen) Date: Sat, 28 Mar 2015 11:53:49 -0700 Subject: [conspire] (forw) Re: CABAL, Saturday Mar. 28th Message-ID: <20150328185349.GR31588@linuxmafia.com> I forgot to mention Ross's famous sous-vide cooking. ----- Forwarded message from Ross Bernheim ----- Date: Sat, 28 Mar 2015 09:18:38 -0700 From: Ross Bernheim To: Rick Moen Subject: Re: [conspire] CABAL, Saturday Mar. 28th I?m bringing some Chicken Tiki Masala and brown rice. Ross > On Mar 28, 2015, at 1:33 AM, Rick Moen wrote: > > CABAL is _today_, Saturday 28th, 4pm to midnight. > > CABAL co-founder Duncan Mackinnon is here for a visit, and would be glad > to see old friends. > > Joe Grosch, founder of Bay Area FreeBSD User Group, and his wife Lisa will be here. > > This will be the first _outdoor_ CABAL of this year, as we are predicted > to have more of the current stunning weather. I will be cooking ribs > outdoors on the barbecue, and making garlic bread with fresh local > garlic and oregano. > > > _______________________________________________ > conspire mailing list > conspire at linuxmafia.com > http://linuxmafia.com/mailman/listinfo/conspire ----- End forwarded message -----