Mon, 23 May 2016
One-time USB-IP
For some ugly proprietary software, I need to access an USB device (a hardware key) from the Windows-based virtual machine. I tried to use USB-IP with mixed results.
At first I created a Windows 2008r2 testing virtual machine. I tried various
versions of usbip (both kernel-side drivers and the user-space
utility), and finally using some version of drivers with the patched
usbip.exe probably from this thread
helped and I was able to see the HW token from the inside of the Windows guest,
install the proprietary software there, and make it use the token
(after disabling the token it complained about missing HW key, so I guess the
token was indeed successfully used before). I even tested the token
in my Linux workstation as well as in the server where it will be
in production use. So far OK.
Now the ugly part: I wanted to create a document describing how to
access the HW token from the Windows VM, so I created a new Windows VM.
And now I am not able to reproduce the process of installing the drivers
and accessing the token from the VM itself :-(. I must have done something
what I don't remember exactly, but now I can only list the devices on the
server using "usbip.exe -l my.ip.addr", but trying to attach
the device with "usbip.exe -a my.ip.addr bus-id" fails with
"Cannot find device" error message.
I am not sure what am I doing wrong, but I am sure that it has worked before. I feel like an idiot. Anyway, how would you make an USB device accessible from the inside of the Windows-based VM?
Tue, 29 Mar 2016
Broadcom WiFi Versus Windows 10
Broadcom is rumored to leave the wireless chipset business. I would like to add a single word to this rumour: "finally!".
I use a venerable Linksys WRT 54GL accesspoint for my home wireless network, and I run OpenWRT on it, because the stock firmware itself is unmaintained and insecure (not to mention the additional flexibility of OpenWRT). Then only problem is that Linux/OpenWRT uses the reverse-engineered driver for Broadcom WiFi, because the vendor-provided specification is next to none.
After upgrading the only Windows-based laptop we have at home to Windows 10, the WRT started crashing as soon as the laptop tried to connect to the network. It has simply rebooted. Incidentally, the laptop itself has also a Broadcom WiFi chip inside. I tried to use various versions of OpenWRT, but the problem is present in all versions.
Anyway, the WRT54GL is pretty old and OpenWRT barely fits in it, so I am looking for a replacement. I probably don't need fancy features such as USB host or even routing (I use the PC as a router). Just a WiFi AP and an ethernet switch. Preferably running OpenWRT. Do you have any suggestions, my dear lazyweb?
Wed, 04 Nov 2015
Fedora 23
The upgrade to F23 was flawless both on my workstation and on my laptop. So far the changes I noticed were:
- GDM tries to run Xwayland instead of Xorg (yes, I still run GDM on one of my computers out of curiosity). It can be disabled with adding the following
to your
/etc/gdm/custom.conf:[daemon] WaylandEnable=false
- On my workstation, the mouse cursor was displayed about 20 pixels right and 20 pixels down from the place it in fact pointed to. For example, I was not able to reach the top left corner at all. The quick fix was to remove the old
/etc/X11/xorg.conffile I have been using for ages, and let everything to be autoconfigured. This could be a problem on my dual-seat home computer, where I need to useXorg.confin order to have the seats configured properly. - Firefox has broken the NewTabURL add-on, in their yet another futile attempt at guessing what I want to see in a new tab. This can be solved by installing a NewTabHomepage add-on instead.
- On my laptop, which has 14" FullHD screen (about 157 DPI), Firefox started to use the DPI value from the desktop environment, so I can finally move back to 12pt fonts instead of 22pt, which I had to set up manually only for Firefox. On the other hand, it started scaling images, so many icons and other images (including the icons in Firefox own menus) are a bit blurry now.
To sum it up, pretty flawless upgrade. I will obviously wait for some time before upgrading my home dual-seat desktop, as I always do.
Mon, 14 Sep 2015
Service Bloat
I have (finally) upgraded my home workstation/server/router to Fedora 22. Newer Fedora releases have an anti-feature called "product": one cannot simply install "Fedora", the "Fedora Product", such as Fedora Workstation, should be selected first. For a system with X session (two X sessions, in my case), "Fedora Workstation" seems to be a natural choice. It is not: "Fedora Workstation" can be translated from Fedora Newspeak to an ordinary English as "Fedora GNOME 3". So this is a no-go.
A time ago, I came across a suggestion that "Fedora Server" is probably
the closest thing to former "Fedora". So I upgraded my home box to
"Fedora Server". Today, after a routine inspection of open ports on my
home server, I discovered that something is listening on port 9090
on INADDR_ANY (and IN6ADDR_ANY as well). One fuser -n tcp,
and I discovered that the listening process is called cockpit-ws.
Digging further into it, it seems that this is a web-based administrative
interface (do you remember linuxconf, anyone?), probably another futile
attempt to encapsulate the strength of all the configuration files to some
useless web-based interface. Moreover, it cannot be uninstalled, as it
depends on the fedora-release-server package.
A side note: the cockpit-ws package contains font files,
which is probably against Fedora Font Packaging Guidelines.
I wonder what happened to the "no unnecessary services should be enabled by default" philosophy. It seems that Cockpit is a blatant example of an unnecessary service, which is not only installed by default, but also enabled by default in Fedora Server 22. I recommend to run the following commands:
# systemctl stop cockpit.socket # systemctl disable cockpit.socket
What other kinds of service-bloat did you find on your computers? Watch for newly opened ports after Fedora upgrades.
Tue, 14 Jul 2015
Which Web Gallery?
I am looking for the best way how to publish my photos on the Web. So far I have ruled out putting my photos to some "cloud" service out of my control (Picasa, Flickr, Rajče). I want something which could generate a static tree of files (HTML/CSS/JPG/JS), which can then be published by any web hosting service, or even on my own server.
Some time ago I have tested Highslide.js, but this is more lightbox than a gallery, and it cannot adapt itself to the size of the screen.
I have looked at Darktable, which has its own "web gallery" export format, but surrounding Javascripts are not good enough to make it fit the screen. I have googled many other project, usually ruling them out solely based on their demo galleries.
What looks promising so far, is the thing named Photoswipe. There still are some problems, though:
- When the image has much wider aspect ratio than the screen, the image caption is displayed far away from the image itself.
- It is configured in Javascript, instead of just adding images and their thumbnails to the HTML file with the appropriate classes.
- The thumbnail view somewhat sucks (see the thumbnail lists near the bottom of their own getting started page.
So, my dear lazyweb: which gallery for static files do you use? I would like to have something with the following properties:
- Works on different screen sizes (even Picasa sucks at this).
- Easy to generate all the data from large JPEGs with comments/title.
- The ability to link individual images (Highslide sucks at this).
What would you recommend?
Mon, 13 Jul 2015
Systemd Developer Attitude
Systemd. Some people love it, some people hate it. My own position is somewhere in between: I think many things they are trying to solve are real problems which need solutions, the system should "just work" for common use without the configuration, etc. But sometimes the overall attitude of the systemd developers is just plain wrong. The following bug report shows the problem pretty clearly:
timeX.google.com provide non standard time - issue #437
TL;DR: it can be summarized as follows:
systemd-timeduses Google time servers by default.- These time servers are sometimes wrong because of the non-standard "leap second smearing" done by Google.
- Google has asked that their servers are not set up as defaults in
systemd-timed.
There are several solutions to this problem which I would consider clean and fair:
- Remove the default time servers from the configuration, let the user decide (e.g. to use a NTP pool).
- Register a NTP pool vendor zone and use it as defaults.
- Let somebody else register and maintain a NTP pool vendor zone (CoreOS people offered to do this).
The systemd maintainer's response was "we are not a vendor, we don't want a vendor pool", and "let's add a warning when somebody uses the defaults". I think using Google servers against the will of their owner is pretty rude, and having the defaults which need to be replaced, even though the possibility of having sane defaults exists, to be inconsiderate to their users.
In my opinion, the above clearly shows the attitude of systemd developers towards the rest of the world.
Fri, 10 Jul 2015
My First CVE Number
After banging our collective heads against the wall while trying to discover why one Samba share works as we expect, while another one with the same configuration on the same server does not, I have finally admitted that the bug is not in our setup, but probably in Samba itself.
Interestingly enough, the expected behaviour was the share where it did not work, and the other one worked only by accident. The fact that it worked in one case turned out to be a potential minor security issue. So this is the first security issue I have discovered, which has its own CVE number: CVE-2015-3287 (details will be in Samba bug #11395 after it is declassifiled).
I appreciate the fast response of Samba developer Jeremy Allison: the first fix was available within 3.5 hours after the bug was reported.
Tue, 09 Jun 2015
Laptop Upgrade, take 2
After thinking about upgrading my laptop in 2013, it is time for another try. My old ASUS F3E has flaky power connector, and sometimes fails to charge, which is quite annoying. So far my requirements are:
- Fully supported by Linux without proprietary blobs (definitely not nVidia graphics or Broadcom wireless).
- No Microsoft tax (read: no pre-installed Windows).
- At least 8 GB of RAM, upgradable to at least 16 GB, more is better.
- As big battery as possible (upgrading my old ASUS F3E to a 9-cell battery helped a lot).
- 14" to 15.6" display. Maybe even 13.3", but not 17".
- Keyboard without the numeric keypad, with full-sized inverse-T arrow keys, and with backlight.
- Display resolution higher than my old ASUS F3E has (1280x800), especially in the vertical direction. Definitely not that "HD-ready" thing.
- Matte display. Glossy displays suck.
- Touchpad with at least two physical buttons, so that the middle button can be emulated.
- Not very heavy, if possible.
- Magnesium chassis (or, generally speaking, no brittle plastics).
- Internal SSD storage, or no storage at all (I already have a 240 GB SSD drive from my old laptop.
- No DVD drive. It only eats power, and it is dead weight anyway.
- CPU with as high single-core performance as possible. For a laptop, two cores are more than enough.
- If possible, something less ugly than classical black Thinkpads.
Of course, all the above criteria are met with exactly zero laptops currently available in the Czech Republic. So far I am considering the following less-than-optimal models:
- HP Probook 450 G2 (K9K20EA) (cons: HDD, DVD drive, only 4-cell battery, Realtek ethernet, probably no backlit keyboard).
- HP ZBook Z15 G2 (K0G61ES) (cons: HDD, weight 2.8 kg, numerical keypad, no information about wifi)
- HP EliteBook 850 G2 (J8R65EA) (cons: 3-cell battery, Windows)
- Lenovo Thinkpad T550 (20CK000XMC) (cons: 3-cell battery, price, Windows)
- Lenovo Thinkpad L450 (20DS0003MC) (cons: Windows, probably no backlit keyboard)
So, my dear lazyweb, what would you recommend? Any other models? Any known problems with the abovementioned laptops? Thanks!
Fri, 29 May 2015
Historic Bugs
After each Fedora release, the bugs reported to the release which is to be EOL'd, are being closed. I have looked at the notifications sent out after the Fedora 22 release, and most of my bugs-to-be-closed are waiting for the developers to do something about the bug. I wonder whether reporting bugs to Fedora bugzilla is still worth the effort. Anyway, the following reply to the bug closing notice made my day:
No! This bug is on the federal register of historic bugs! You can't close it now. Changing to fedora 22 (where, of course, it is still busted).
As you might guess this is in reply to the infamous "no way to control X server startup options" bug #451562 of GNOME Display Manager. There is nothing being done about the bug (reported in 2008 against Fedora 9), despite promises from 2009, that the bug is being worked on. Apparently GNOME developers are busy making their applications incompatible with other desktop environments instead.
Thu, 28 May 2015
GNOME-Only Applications
Once upon a time, there was a windowing system called X. There were lots of applications for X written using various widget toolkits. In order to make the window operations unified across the whole desktop, regardless of the widget toolkit used by a particular application, the special application, called "window manager" provided window title bars and borders. Applications could inform the window manager about their particular needs (for example, their minimum required window size, etc.) using an open protocol called ICCCM. Not anymore.
Nowadays, GNOME developers decided that the only way to use their system and their applications is to have the complete desktop including all running apps GNOME-based. Being able to run GNOME apps under other desktop environments and vice versa is sooo last century way of desktop computing. From now on, all GNOME applications inform the window manager using ICCCM, that their windows are not to be touched by the WM. These windows then do not have window borders for resizing, raising/lowering/etc., they have their own title bar and maximize/minimize/close buttons different to the rest of the desktop, etc.
OK, after ditching GNOME desktop environment when GNOME 3.0 came out, it is time to ditch also the GNOME applications, as they are clearly not intended to run under the standard desktop environment. So far I have replaced the following applications:
evincewithOkular- This means installing lots of KDE libraries, but on the other hand Okular
does not take
over the screen on startup (unfixed since at least 2008), it can zoom to the
arbitrary size (CLOSED WONTFIX, really?), when I run "
okular somefile.pdf" twice, I get two windows as expected, etc. file rollerwiththunar-archive-plugin- Not that I use the GUI file manager often, but still.
eogandgthumbwith (undecided yet)- I am still not sure about the replacement - so far I am testing
ristretto,geeqieand some others.
There is a nice list of recommended applications for XFCE, which are written in GTK, but positively GNOME-free. Which image viewer and PDF viewer do you use, my dear lazyweb?
Mon, 23 Mar 2015
Backward Compatibility
One of the alleged advantages of certain family of operating systems from Redmond is backward compatibility. They say they support interfaces and applications back to the DOS era, and they sometimes even use this feature as an excuse for some doubtful technical choices they made. Yesterday I have discovered that it is not as good as they often say.
I wanted to install The Neverhood, an old 1996 adventure game. The result was the perfectly working game under WINE and Linux, and partly-working game under Windows 8.1: the gameplay was OK, but the in-game video sequences and their sound were too sluggish, as if it required 5 to 10 times more powerful hardware. According to the discussion forum posts about this topic, it is a common problem in newer versions of Windows. The recommended solution is to run the game under ScummVM, which is a rewrite of many ancient game engines.
Remember this the next time you hear an exaggerated statement about the backward compatibility of Windows.
Thu, 19 Mar 2015
Libvirt Dependencies
Welcome to Yenya's rant about software "features". Today we will have look at libvirt in Fedora and its dependencies. But firstly let me show you a funny picture:
Anyway. I teach a seminar on Linux administration, where one of the tasks is to compile and use one's own kernel. The task for the following week is to create a virtual machine. One of my students had an interesting problem with the second task - virsh refused to start his KVM-based virtual machine with the "command timeout" message.
Digging into the issue, we discovered that it works with the distribution kernel, but not with his custom kernel. Then we found that virsh tries to do a RPC call over D-Bus, which then times out, because the D-Bus object in question was not present. This object is supposed to be provided by a daemon called systemd-machined, which describes itself with the following headline:
This is a tiny daemon that tracks locally running Virtual Machines and Containers in various ways.
This is in fact an understatement, with the real situation being that this
daemon is a core part of the virtualization subsystem, and it is not even
possible to start a libvirt-managed guest without it. We have tried to start
the daemon from the command line, but it immediately exited without a meaningful
message anywhere. The only message in the syslogjournal was
that systemd-machined failed to start when the system was booted.
Long story short, my lucky guess was that systemd-machined could have something to do also with containers, and it might have needed a container support in the kernel. After enabling about five namespaces-related kernel config options and booting a recompiled kernel, we were able to start systemd-machined, and only then we managed to start the VM using virsh.
This spaghetti-structured unstraceable mess of interconnected daemons communicating over D-Bus and providing no meaningful error messages, which is masqueraded under a collective name "systemd", makes me sick quite often.
Sat, 20 Dec 2014
HDMI Sound
Another problem related to getting a new mainboard was sound. The mainboard has an on-board Intel GPU, which I use for the first seat. Unlike my previous graphics card for the Seat0, it is connected by HDMI port to my monitor. So I have decided to give sound over HDMI a try.
The problem was that it did not work: using pavucontrol, I have verified that sound is routed correctly to the HDMI interface, but the interface said that the output is disconnected. And I did not know how to "connect" it, because physically it has obviously been connected.
After some hours of searching I have found the following solution:
$ pactl list cards ... Card #1 Name: alsa_card.pci-0000_00_03.0 Driver: module-alsa-card.c Profiles: output:hdmi-stereo: Digital Stereo (HDMI) Output (sinks: 1, sources: 0, priority: 5400, available: yes) output:hdmi-surround: Digital Surround 5.1 (HDMI) Output (sinks: 1, sources: 0, priority: 300, available: yes) output:hdmi-stereo-extra1: Digital Stereo (HDMI 2) Output (sinks: 1, sources: 0, priority: 5200, available: yes) output:hdmi-surround-extra1: Digital Surround 5.1 (HDMI 2) Output (sinks: 1, sources: 0, priority: 100, available: yes) output:hdmi-stereo-extra2: Digital Stereo (HDMI 3) Output (sinks: 1, sources: 0, priority: 5200, available: yes) off: Off (sinks: 0, sources: 0, priority: 0, available: yes) Active Profile: output:hdmi-stereo Ports: hdmi-output-0: HDMI / DisplayPort (priority: 5900, latency offset: 0 usec, not available) Properties: device.icon_name = "video-display" Part of profile(s): output:hdmi-stereo, output:hdmi-surround hdmi-output-1: HDMI / DisplayPort 2 (priority: 5800, latency offset: 0 usec, not available) Properties: device.icon_name = "video-display" Part of profile(s): output:hdmi-stereo-extra1, output:hdmi-surround-extra1 hdmi-output-2: HDMI / DisplayPort 3 (priority: 5700, latency offset: 0 usec, available) Properties: device.icon_name = "video-display" device.product.name = "PLE2607WS" Part of profile(s): output:hdmi-stereo-extra2 $ pactl set-card-profile 1 output:hdmi-stereo-extra2
Apparently PulseAudio knows that the hdmi-stereo-extra2 is the only connected output, but remains set up to hdmi-stereo instead. Now that is not very user-friendly, plug&play, etc.
Fri, 19 Dec 2014
Multiseat LightDM
After getting a new mainboard, I have upgraded my home computer to Fedora 20, and made my multiseat setup use the udev/logind/loginctl seat tags. About a month ago I have discovered that the seat numbers are not correctly assigned to sessions by xdm(8), so I started to look for solutions. Of course, that piece of crap called gdm was not even been considered for obvious reasons. Apparently the solution does exist, and suprisingly enough, it is really nice: it is called LightDM.
LightDM is the display manager. It has cleanly separated the display manager part (starting up the X servers, listening on XDMCP, etc.), and the user interface part (chooser). The later can be selected from various options - e.g. a KDE/Qt compatible one, and a GTK+ compatible one. The configuration is pretty straigthforward, and it does not try to hide anything from the user, unlike the above mentioned piece of crap.
The multiseat setup in LightDM is pretty straightforward: in /etc/ligthdm/lightdm.conf I have to add the following:
[Seat:0] xdg-seat=seat0 xserver-command=X -layout Primary -isolateDevice PCI:0:2:0 -seat seat0 vt7 [Seat:1] xdg-seat=seat1 xserver-command=X -layout Secondary -isolateDevice PCI:1:0:0 -seat seat1 -sharevts vt7
In the udev tags, I had to tag the following device as belonging to Seat1 (using loginctl(8)):
- The DRM device of the graphics card (.../drm/card1)
- The FB device of the graphics card (.../graphics/fb1)
- The sound card ports (.../sound/card1/inputXX)
- The USB port for the mouse (.../usb5/5-1)
- The USB port for the keyboard (.../usb5/5-2)
And that's it! The only (minor) nitpick is, that the GTK+ greeter does not remember the last logged-in user per seat, so it preselects the last logged in user on both seats by default. But we usually log in only after the reboot, so it is not a big problem.
Tue, 16 Dec 2014
Systemd: ENOENT
I maintain a small software project (about 4k LOC) which is a part of the university infrastructure. It is versioned in Git and installed on several computers across the university. Today I wanted to deploy it on a Fedora 20 machine, which of course is running systemd.
Firstly about my position on systemd: I think most of the things they are trying to acchieve are pretty cool, but sometimes the implementation and design choices are a bit questionable. Anyway, I have written two unit files for my software, even with the unitname@.service wildcard syntax. The units are OK, systemctl start unitname-instance.service works as expected. The crash landing came when I wanted to enable these units after reboot:
# systemctl enable unitname-instance.service Failed to issue method call: No such file or directory
What's wrong with it? It can be systemctl start'd anyway, so the unit files should be OK, shouldn't they? After some hair pulling I have discovered that systemd intentionally ingores symlinks in the /usr/lib/systemd/system directory. Moreover, they just set O_NOFOLLOW and print whatever errno they get from the kernel, which is simply misleading. I think my use case - to have my own unit files in my git repository - is valid, and there is no reason for disallowing symlinked unit files.