Mon, 23 May 2016
One-time USB-IP
For some ugly proprietary software, I need to access an USB device (a hardware key) from the Windows-based virtual machine. I tried to use USB-IP with mixed results.
At first I created a Windows 2008r2 testing virtual machine. I tried various
versions of usbip (both kernel-side drivers and the user-space
utility), and finally using some version of drivers with the patched
usbip.exe probably from this thread
helped and I was able to see the HW token from the inside of the Windows guest,
install the proprietary software there, and make it use the token
(after disabling the token it complained about missing HW key, so I guess the
token was indeed successfully used before). I even tested the token
in my Linux workstation as well as in the server where it will be
in production use. So far OK.
Now the ugly part: I wanted to create a document describing how to
access the HW token from the Windows VM, so I created a new Windows VM.
And now I am not able to reproduce the process of installing the drivers
and accessing the token from the VM itself :-(. I must have done something
what I don't remember exactly, but now I can only list the devices on the
server using "usbip.exe -l my.ip.addr", but trying to attach
the device with "usbip.exe -a my.ip.addr bus-id" fails with
"Cannot find device" error message.
I am not sure what am I doing wrong, but I am sure that it has worked before. I feel like an idiot. Anyway, how would you make an USB device accessible from the inside of the Windows-based VM?
2 replies for this story:
Mirek Suchy wrote: Passthrough
USB passthrough - http://www.linux-kvm.org/page/USB_Host_Device_Assigned_to_Guest
Yenya wrote: Re: passthrough
Thanks, but this is not suitable for my application - my Windows VM will be in a private cloud, so it will not be fixed to any particular physical host. I really need some kind of usb-over-IP. Anyway, after a week or so banging my head against the wall I finally made it work. I am still not sure what was the problem, but the above linked usbip.exe and the 0.2.0.0 version of signed Windows drivers now work for me.
Reply to this story:
Tue, 29 Mar 2016
Broadcom WiFi Versus Windows 10
Broadcom is rumored to leave the wireless chipset business. I would like to add a single word to this rumour: "finally!".
I use a venerable Linksys WRT 54GL accesspoint for my home wireless network, and I run OpenWRT on it, because the stock firmware itself is unmaintained and insecure (not to mention the additional flexibility of OpenWRT). Then only problem is that Linux/OpenWRT uses the reverse-engineered driver for Broadcom WiFi, because the vendor-provided specification is next to none.
After upgrading the only Windows-based laptop we have at home to Windows 10, the WRT started crashing as soon as the laptop tried to connect to the network. It has simply rebooted. Incidentally, the laptop itself has also a Broadcom WiFi chip inside. I tried to use various versions of OpenWRT, but the problem is present in all versions.
Anyway, the WRT54GL is pretty old and OpenWRT barely fits in it, so I am looking for a replacement. I probably don't need fancy features such as USB host or even routing (I use the PC as a router). Just a WiFi AP and an ethernet switch. Preferably running OpenWRT. Do you have any suggestions, my dear lazyweb?
7 replies for this story:
Cohen wrote: Turris
Turris Omnia: https://omnia.turris.cz/ Very powerful (open-source!) hardware with promise of high security and exceptional support by (Czech) manufacturer and complete freedom in software customisation. there also is a high chance of great community around the project.
Yenya wrote: Re: Turris
Yep, Turris is probably one of the APs to consider. Do you know anything about the state of the firmware? Early Turris routers contained lots of big-brotherish antifeatures such as collecting information about the network traffic, etc. Is present-day Turris firmware usable without "calling home"? Alternatively, does OpenWRT run on the Turris Omnia hardware?
Cohen wrote: Re: Turris
Disclaimer: I am not connected to the CZ.NIC or the Turris project. Just fun and Turris Omnia buyer. It is important to distinguish between the original Turris and Turris Light. The original Turris router was/is research project on network security *based* on the call home functions as these were the reason the original Turris device was developed and ‘leased for free’ to selected group of people (selected to have a representative group of different network locations, types of users etc.). This device is impossible to buy – it was given to volunteers selected from an I-am-interrested-to-participate list –, but a lot of people were interested in the device and CZ.NIC guys were speaking several times a lot of people ‘whimpered’ to be able to get their own Turris device. That was the reason Turris Light (later renamed to Turris Omnia) project started. It is ‘light-weight’ (comparing to the original Turris device with manufacturing price ~12k CZK, not comparing to any SOHO router currently the market) version of the original device. The firmware is base on OpenWRT (see https://omnia.turris.cz/, so I do not expect any problems with using your own ‘pure’ OpenWRT installation if you are interested) but extended with CZ.NIC Python user interface and utilities. (BTW, I was told these Python extension will probably not be merged to the OpenWRT upstream as common SOHO router is not powerful enough to be able to run these programs fast enough so OpenWRT team is not interested in it.) The call-home functions are available in Turris Omnia OS but these are *opt-in*, i.e. you have to explicitly enable them. These are not mandatory as you are getting your device for money, not for participation in the research where the network data is the ‘fee’ to the manufacturer. CZ.NIC promised to publish full hardware data sheets, interconnection schemas etc. but only after starting of the production. At DevConf 2016 CZ.NIC guy told they have signals that some Chines manufactures would like to start production of their own Turris Omnia copies even before CZ.NIC. ;-) The Turris Omnia is not cheap (comparing to a common SOHO router) and not immediately available (the current availability estimate is May or even June 2016) but the hardware is powerful enough it could possible fully replace your routing PC by a small box with low power consumption and no noise as there is no active cooling.
Cohen wrote: Re: Turris
BTW, you can see the DevConf 2016 (http://devconf.cz/) talk on Turris Omnia: https://youtu.be/TbXOW07quY0?t=5m44s Slides are here: http://bit.ly/20QoWvM
Yenya wrote: Re: Turris
OK, thanks for clarification. Yes, Turris Omnia specs are pretty impressive. As I said, I am considering this. But no, there is no way it can replace my home PC as an always-on device - I need remote access to terabytes of my data (photo archives, remote backups, etc.), so using a small embedded box would mean to have separate boxes for HDDs with their own power, cooling, etc., AND having to power up my desktop PC whenever we want to use it. So strictly speaking, I really only need a sufficiently open WiFi AP with ab integrated ethernet switch. There are also other reasons against Turris - for example, AFAIK it cannot be bought, it can only by "supported" on indiegogo, so it would probably be difficult to get an invoice in Czech, etc.
Cohen wrote: Re: Turris
I understand the reasons why Turris cold be ‘overkill’ and simultaneously insufficient to replace the PC doing more then routing but the invoice should not be a problem – if you support the project and select the router as the perk you will be requested to register at https://omnia.turris.cz/ (account pairing with indiegogo order on email address) where you can select color and power cord type and where you get the invoice after finishing the order. In the end, it is CZ.NIC project so cold be probably doable more in case of any ‘Czech specifics’. ;-)
Adelton wrote:
Lately, whenever I setup new AP, I just use TP-Link 841 with OpenWRT. One out of six power adapters has failed but the AP/routers themselves are rock stable.
Reply to this story:
Wed, 04 Nov 2015
Fedora 23
The upgrade to F23 was flawless both on my workstation and on my laptop. So far the changes I noticed were:
- GDM tries to run Xwayland instead of Xorg (yes, I still run GDM on one of my computers out of curiosity). It can be disabled with adding the following
to your
/etc/gdm/custom.conf:[daemon] WaylandEnable=false
- On my workstation, the mouse cursor was displayed about 20 pixels right and 20 pixels down from the place it in fact pointed to. For example, I was not able to reach the top left corner at all. The quick fix was to remove the old
/etc/X11/xorg.conffile I have been using for ages, and let everything to be autoconfigured. This could be a problem on my dual-seat home computer, where I need to useXorg.confin order to have the seats configured properly. - Firefox has broken the NewTabURL add-on, in their yet another futile attempt at guessing what I want to see in a new tab. This can be solved by installing a NewTabHomepage add-on instead.
- On my laptop, which has 14" FullHD screen (about 157 DPI), Firefox started to use the DPI value from the desktop environment, so I can finally move back to 12pt fonts instead of 22pt, which I had to set up manually only for Firefox. On the other hand, it started scaling images, so many icons and other images (including the icons in Firefox own menus) are a bit blurry now.
To sum it up, pretty flawless upgrade. I will obviously wait for some time before upgrading my home dual-seat desktop, as I always do.
0 replies for this story:
Reply to this story:
Mon, 14 Sep 2015
Service Bloat
I have (finally) upgraded my home workstation/server/router to Fedora 22. Newer Fedora releases have an anti-feature called "product": one cannot simply install "Fedora", the "Fedora Product", such as Fedora Workstation, should be selected first. For a system with X session (two X sessions, in my case), "Fedora Workstation" seems to be a natural choice. It is not: "Fedora Workstation" can be translated from Fedora Newspeak to an ordinary English as "Fedora GNOME 3". So this is a no-go.
A time ago, I came across a suggestion that "Fedora Server" is probably
the closest thing to former "Fedora". So I upgraded my home box to
"Fedora Server". Today, after a routine inspection of open ports on my
home server, I discovered that something is listening on port 9090
on INADDR_ANY (and IN6ADDR_ANY as well). One fuser -n tcp,
and I discovered that the listening process is called cockpit-ws.
Digging further into it, it seems that this is a web-based administrative
interface (do you remember linuxconf, anyone?), probably another futile
attempt to encapsulate the strength of all the configuration files to some
useless web-based interface. Moreover, it cannot be uninstalled, as it
depends on the fedora-release-server package.
A side note: the cockpit-ws package contains font files,
which is probably against Fedora Font Packaging Guidelines.
I wonder what happened to the "no unnecessary services should be enabled by default" philosophy. It seems that Cockpit is a blatant example of an unnecessary service, which is not only installed by default, but also enabled by default in Fedora Server 22. I recommend to run the following commands:
# systemctl stop cockpit.socket # systemctl disable cockpit.socket
What other kinds of service-bloat did you find on your computers? Watch for newly opened ports after Fedora upgrades.
11 replies for this story:
Adelton wrote: Nonproduct
I assume you've used fedup to upgrade. In that case --product=nonproduct is probably what you wanted.
isimluk wrote: Fedora minimal
To remove unnecesary packages, I maintain fedora-minimal.rpm with various conflicts. https://copr.fedoraproject.org/coprs/isimluk/fedora-minimal/
Yenya wrote: Re: Nonproduct
OK, how can I move an existing system to nonproduct? Is removing fedora-release-server package what I want? Thanks.
Yenya wrote: Re: Fedora minimal
Interesting. I have looked at fedora-minimal, and it looks like sudden outbreak of common sense to me. Thanks and keep up the good work!
Adelton wrote: Re: Nonproduct
That is my understanding -- it's just package dependency thing.
Adelton wrote: Re: Fedora minimal
Nice. I've installed all but four. fedora-minimal-conflicts-gnome conflicts with libxklavier but that is needed by lightdm, xfce4-settings, and xfce4-xkb-plugin -- all things I kinda like. And fedora-minimal-conflicts-anaconda wants to remove pykickstart which I have no problem with except it would take away dnf-plugins-core which sounds a bit hardcore.
Yenya wrote: Re: Nonproduct
Do you know whether a fresh install (as opposed to fedup upgrade) can also be done as "nonproduct"?
isimluk wrote: Re: Fedora minimal
Yenya, Yes. My understanding is that removing fedora-release-server is what you need. Adelton, I'll happily accept patches. pykickstart has been only recently required by dnf-plugins-core. libxklavier is not useful for me, but we could move it out of fedora-minimal-gnome pkg to some other.
Yenya wrote: Fedora No Bullshit?
Maybe we should attempt to create a Fedora spin without this bloat. Fedora Traditional? Fedora No Bullshit? Fedora JustWorks?
Yenya wrote: Re: Fedora No Bullshit?
(replying to myself :-) Fedora Nonproduct? Fedora Core? Fedora Versatile?
petr_p wrote: Re: Nonproduct
Uninstalling fedora-release* will break dependencies probably. Proper way is to have installed exactly on of the fedora-release* packages (e.g. "dnf --allowerasing install fedora-release). See [http://koji.fedoraproject.org/koji/buildinfo?buildID=637888]. By the way product introduction has already happened in Fedora 21. I recommend reading [https://fedoraproject.org/wiki/Upgrading_Fedora_using_yum#Version_specific_notes].
Reply to this story:
Tue, 14 Jul 2015
Which Web Gallery?
I am looking for the best way how to publish my photos on the Web. So far I have ruled out putting my photos to some "cloud" service out of my control (Picasa, Flickr, Rajče). I want something which could generate a static tree of files (HTML/CSS/JPG/JS), which can then be published by any web hosting service, or even on my own server.
Some time ago I have tested Highslide.js, but this is more lightbox than a gallery, and it cannot adapt itself to the size of the screen.
I have looked at Darktable, which has its own "web gallery" export format, but surrounding Javascripts are not good enough to make it fit the screen. I have googled many other project, usually ruling them out solely based on their demo galleries.
What looks promising so far, is the thing named Photoswipe. There still are some problems, though:
- When the image has much wider aspect ratio than the screen, the image caption is displayed far away from the image itself.
- It is configured in Javascript, instead of just adding images and their thumbnails to the HTML file with the appropriate classes.
- The thumbnail view somewhat sucks (see the thumbnail lists near the bottom of their own getting started page.
So, my dear lazyweb: which gallery for static files do you use? I would like to have something with the following properties:
- Works on different screen sizes (even Picasa sucks at this).
- Easy to generate all the data from large JPEGs with comments/title.
- The ability to link individual images (Highslide sucks at this).
What would you recommend?
5 replies for this story:
Vašek Stodůlka wrote:
I know, that it is maybe something different, then you are searching, but I'm using trovebox. You can see it live at fotky.stodulkovi.cz. It supports private and public stuff, sharing by creating link, albums, tags (!) and is quite fast. What is bad is, that trovebox is discontinued, but it is still by far the best private-hosted gallery I have seen, and I have searched a lot. (I had to do also some tweaks to have it working the way I want to.)
Yenya wrote: Re: Vašek Stodůlka
Apparently your trovebox requires cookies or whatever - I was not able to make it display any photo at all - just the surrounding text and an empty page.
Vašek Stodůlka wrote:
Hm, you are right with cookies, I have never tried this. :-) There is session ID cookie. IMHO there is nothing wrong on cookies, as long as they are used by the server, which originally issued them. BTW - Picasa works without cookies?
Yenya wrote: Re: Picasa
Picasa without cookies? No idea, I don't use Picasa. And for things like Google Excel (or whatever, people occasionally send me links to that crap and want me to write something in there) I tend to have a special Firefox session which has cookies for TheBigBrother.com allowed.
Michal wrote: JAlbum
How about JAlbum?
Reply to this story:
Mon, 13 Jul 2015
Systemd Developer Attitude
Systemd. Some people love it, some people hate it. My own position is somewhere in between: I think many things they are trying to solve are real problems which need solutions, the system should "just work" for common use without the configuration, etc. But sometimes the overall attitude of the systemd developers is just plain wrong. The following bug report shows the problem pretty clearly:
timeX.google.com provide non standard time - issue #437
TL;DR: it can be summarized as follows:
systemd-timeduses Google time servers by default.- These time servers are sometimes wrong because of the non-standard "leap second smearing" done by Google.
- Google has asked that their servers are not set up as defaults in
systemd-timed.
There are several solutions to this problem which I would consider clean and fair:
- Remove the default time servers from the configuration, let the user decide (e.g. to use a NTP pool).
- Register a NTP pool vendor zone and use it as defaults.
- Let somebody else register and maintain a NTP pool vendor zone (CoreOS people offered to do this).
The systemd maintainer's response was "we are not a vendor, we don't want a vendor pool", and "let's add a warning when somebody uses the defaults". I think using Google servers against the will of their owner is pretty rude, and having the defaults which need to be replaced, even though the possibility of having sane defaults exists, to be inconsiderate to their users.
In my opinion, the above clearly shows the attitude of systemd developers towards the rest of the world.
0 replies for this story:
Reply to this story:
Fri, 10 Jul 2015
My First CVE Number
After banging our collective heads against the wall while trying to discover why one Samba share works as we expect, while another one with the same configuration on the same server does not, I have finally admitted that the bug is not in our setup, but probably in Samba itself.
Interestingly enough, the expected behaviour was the share where it did not work, and the other one worked only by accident. The fact that it worked in one case turned out to be a potential minor security issue. So this is the first security issue I have discovered, which has its own CVE number: CVE-2015-3287 (details will be in Samba bug #11395 after it is declassifiled).
I appreciate the fast response of Samba developer Jeremy Allison: the first fix was available within 3.5 hours after the bug was reported.
1 replies for this story:
Peter Kruty wrote:
3,5h,that pretty fast. Nice.
Reply to this story:
Tue, 09 Jun 2015
Laptop Upgrade, take 2
After thinking about upgrading my laptop in 2013, it is time for another try. My old ASUS F3E has flaky power connector, and sometimes fails to charge, which is quite annoying. So far my requirements are:
- Fully supported by Linux without proprietary blobs (definitely not nVidia graphics or Broadcom wireless).
- No Microsoft tax (read: no pre-installed Windows).
- At least 8 GB of RAM, upgradable to at least 16 GB, more is better.
- As big battery as possible (upgrading my old ASUS F3E to a 9-cell battery helped a lot).
- 14" to 15.6" display. Maybe even 13.3", but not 17".
- Keyboard without the numeric keypad, with full-sized inverse-T arrow keys, and with backlight.
- Display resolution higher than my old ASUS F3E has (1280x800), especially in the vertical direction. Definitely not that "HD-ready" thing.
- Matte display. Glossy displays suck.
- Touchpad with at least two physical buttons, so that the middle button can be emulated.
- Not very heavy, if possible.
- Magnesium chassis (or, generally speaking, no brittle plastics).
- Internal SSD storage, or no storage at all (I already have a 240 GB SSD drive from my old laptop.
- No DVD drive. It only eats power, and it is dead weight anyway.
- CPU with as high single-core performance as possible. For a laptop, two cores are more than enough.
- If possible, something less ugly than classical black Thinkpads.
Of course, all the above criteria are met with exactly zero laptops currently available in the Czech Republic. So far I am considering the following less-than-optimal models:
- HP Probook 450 G2 (K9K20EA) (cons: HDD, DVD drive, only 4-cell battery, Realtek ethernet, probably no backlit keyboard).
- HP ZBook Z15 G2 (K0G61ES) (cons: HDD, weight 2.8 kg, numerical keypad, no information about wifi)
- HP EliteBook 850 G2 (J8R65EA) (cons: 3-cell battery, Windows)
- Lenovo Thinkpad T550 (20CK000XMC) (cons: 3-cell battery, price, Windows)
- Lenovo Thinkpad L450 (20DS0003MC) (cons: Windows, probably no backlit keyboard)
So, my dear lazyweb, what would you recommend? Any other models? Any known problems with the abovementioned laptops? Thanks!
12 replies for this story:
Šimon wrote: x1 carbon 3rd
Hey, I am old school thinkpad lover and after initial hurdles I am quite satisfied with Lenovo X1 Carbon 3rd. However, it may not be for everyone. Just take a look.
Yenya wrote: Re: x1 carbon 3rd
OK, X1 definitely does not look like a Thinkpad, which is positive. However, it looks too light and too brittle for me, does not have a VGA connector, has touchpad without buttons (the buttons above are definitely not usable for working with the touchpad itself), and comes with Microsoft tax. If I read the prices correctly, an X1 with i7-5500U costs at least thre times more than the HP Probook 450 G2 with the same CPU.
Michal wrote: EliteBook
From the list of possible machines I would go for EliteBook 850 (or better for EB 840, i.e. 14" model, as that screen size seems to me to have the best usability/mobility ratio). I have EliteBook 840 G1 (http://www.notebookcheck.net/Review-HP-EliteBook-840-G1-H5G28ET-Ultrabook.114717.0.html) and I like the machine very much except for its display and keyboard. :-) The FullHD screen on your machine should be perfectly OK (matte IPS display; beware of models with lower resolutions as these are TN displays with terribly low contrast [I have one with 1600×900 in my EB 840 G1]). However, the keyboard sucks and I am afraid your model will do no better. I use my notebook just occasionally so more practice could do better but any move from my desktops' mechanical keyboards to the EB 840 keyboard is always really painful. After six months I am still unable to write my passwords correctly in two out of three attempts. Everything else seems to be OK. The chassis has its solid feel (and incredibly easy maintenance: http://youtu.be/j6Dujq2fHrc?t=1m59s) but the computer is very light with just a tiny charging adapter. You can install M.2 SSD (only 42 mm variant fits) which I really like – I use M.2 SSD for system and files in use and the original large rotating HDD (usually sleeping) to have encrypted backup of all my files always with me. Non-original (i.e. much cheaper) RAM modules are also usable with no problem. [I made a really bad experience with Lenovo laptops – non-original DVD-Drive to 2,5" HDD adapter (for secondary SSD) did not work at all (confirmed on two models of Lenovo notebooks with two different HDD adapters). However, Lenovo keyboards are far better. (Even though not as good as used to be in IBM era.)] Battery life is very good (recent Intel CPUs have amazingly low power consumption in idle states so turned of notebook lives very long [~5–6 hours] on battery if used for lightweight work such as browsing internet or working over SSH). It is possible to buy (inelegantly expensive) secondary battery to effectively double the battery life. There is also a docking connector. I _really_ like docking my notebook for use of better keyboard and monitor and charging and networking with no need for clowning around with cables.
Yenya wrote: Re: EliteBook
You are right. Today I have discovered that it would probably be possible to buy an EliteBook 840 G2 without the Microsoft tax, even though it is not offered as such in Czech e-shops. So yes, an EliteBook 840 G2 with FullHD screen is currently my favourite. I have a slightly different use case - I don't use it as my primary workstation neither at work nor at home, so I don't need docking or an external keyboard at all.
Michal wrote: Re: EliteBook
How about HP EliteBook 840 G2 J8R60EA? http://www.hpmarket.cz/productOpt.asp?konfId=J8R60EA http://www8.hp.com/h20195/v2/GetDocument.aspx?docname=c04472796
Yenya wrote: Re: EliteBook
It is a similar one to what I'll probably buy. I've got a really good price to a similar configuration - only without an operating system and with i5-5300U CPU.
Milan Zamazal wrote:
Maybe you should also consider the preinstalled backdoors (especially BIOS) and whether they are going to be replacable by something like coreboot. That would probably limit your options more than any of the other requirements though.
Tomas Ruprich wrote:
We bought few HP EliteBooks 840 G2 recently and they're fine so far. Just few cons, which may not be important for your use case :-) We had EliteBooks 8540w earlier and the chasis was more solid. The new chasis is more like plastic from my point of view (although it's magnesium/aluminium) and i don't trust it would survive what those old did. Second is just a cosmetic, but could be really painfull in a long term... If you'd have a look, there's a divide between front edge of chasis and the area with keyboard: http://www.hpmarket.cz/library/configuration/notebooky/HP-EliteBook-840_v3b.jpg If you don't use keyboard and lay your wrists on that edge when typing, it could be really disturbing and even painfull (esp. after few hours). Arrows on the keyboard layout are terrible! And we bought it from Autocont, they were able to order it from HP precisely how we wanted it - part after part, without OS. Price might have been bit higher than from eshops, but it was still better for us. I could provide you with direct contact. Btw. there's HP Ultraslim Docking Station available for this model.
Yenya wrote: Re: Tomas Ruprich
Thanks for your information. I'll definitely check the edge of the 840 laptop before buying it.
Michal wrote:
Possibly interesting machine: http://diit.cz/clanek/lenovo-chysta-retro-thinkpad-jako-ze-zlatych-casu-ibm#utm_source=atom&utm_medium=feed&utm_content=article
Yenya wrote: Re: Michal
Yes, I am aware of this. However, I am afraid that it would be an outer design thing only, and as I wrote above, I am not a big fan of the classical thinkpad look. We will see after the specs of the internal parts are announced.
Michal wrote:
DELL Latitude E5450 vs Lenovo ThinkPad L450 comparison: http://notebookblog.cz/technika/zkusenosti-a-reklamace/prime-srovnani-14-fhd-notebooku-dell-latitude-e5450-a-lenovothinkpad-l450/
Reply to this story:
Fri, 29 May 2015
Historic Bugs
After each Fedora release, the bugs reported to the release which is to be EOL'd, are being closed. I have looked at the notifications sent out after the Fedora 22 release, and most of my bugs-to-be-closed are waiting for the developers to do something about the bug. I wonder whether reporting bugs to Fedora bugzilla is still worth the effort. Anyway, the following reply to the bug closing notice made my day:
No! This bug is on the federal register of historic bugs! You can't close it now. Changing to fedora 22 (where, of course, it is still busted).
As you might guess this is in reply to the infamous "no way to control X server startup options" bug #451562 of GNOME Display Manager. There is nothing being done about the bug (reported in 2008 against Fedora 9), despite promises from 2009, that the bug is being worked on. Apparently GNOME developers are busy making their applications incompatible with other desktop environments instead.
0 replies for this story:
Reply to this story:
Thu, 28 May 2015
GNOME-Only Applications
Once upon a time, there was a windowing system called X. There were lots of applications for X written using various widget toolkits. In order to make the window operations unified across the whole desktop, regardless of the widget toolkit used by a particular application, the special application, called "window manager" provided window title bars and borders. Applications could inform the window manager about their particular needs (for example, their minimum required window size, etc.) using an open protocol called ICCCM. Not anymore.
Nowadays, GNOME developers decided that the only way to use their system and their applications is to have the complete desktop including all running apps GNOME-based. Being able to run GNOME apps under other desktop environments and vice versa is sooo last century way of desktop computing. From now on, all GNOME applications inform the window manager using ICCCM, that their windows are not to be touched by the WM. These windows then do not have window borders for resizing, raising/lowering/etc., they have their own title bar and maximize/minimize/close buttons different to the rest of the desktop, etc.
OK, after ditching GNOME desktop environment when GNOME 3.0 came out, it is time to ditch also the GNOME applications, as they are clearly not intended to run under the standard desktop environment. So far I have replaced the following applications:
evincewithOkular- This means installing lots of KDE libraries, but on the other hand Okular
does not take
over the screen on startup (unfixed since at least 2008), it can zoom to the
arbitrary size (CLOSED WONTFIX, really?), when I run "
okular somefile.pdf" twice, I get two windows as expected, etc. file rollerwiththunar-archive-plugin- Not that I use the GUI file manager often, but still.
eogandgthumbwith (undecided yet)- I am still not sure about the replacement - so far I am testing
ristretto,geeqieand some others.
There is a nice list of recommended applications for XFCE, which are written in GTK, but positively GNOME-free. Which image viewer and PDF viewer do you use, my dear lazyweb?
6 replies for this story:
Tomáš Janoušek wrote:
I use geeqie and zathura. Sometimes okular, whenever I need annotations or just wish to have something to click on. As a GUI file manager I use krusader, primarily because it's the only thing that is able to connect to my Android phone via MTP.
v. wrote:
image viewer - feh
Dan wrote:
for images - sxiv or gwenview for pdf - okular
Dan wrote:
Btw. have a look at the new Plasma 5 that's in Fedora 22. Unlike Gnome, it's very configurable and doesn't get in the way.
kakihara wrote: pdf
ended up using chrome browser for pdfs .. unfortunately
Vlastik Krejčíř wrote:
For images definitely gqview (GTK based) - the only bad thing is it cannot play animated gifs :-(. For PDFs - I am still looking for the good app for me, now I use qpdfview.
Reply to this story:
Mon, 23 Mar 2015
Backward Compatibility
One of the alleged advantages of certain family of operating systems from Redmond is backward compatibility. They say they support interfaces and applications back to the DOS era, and they sometimes even use this feature as an excuse for some doubtful technical choices they made. Yesterday I have discovered that it is not as good as they often say.
I wanted to install The Neverhood, an old 1996 adventure game. The result was the perfectly working game under WINE and Linux, and partly-working game under Windows 8.1: the gameplay was OK, but the in-game video sequences and their sound were too sluggish, as if it required 5 to 10 times more powerful hardware. According to the discussion forum posts about this topic, it is a common problem in newer versions of Windows. The recommended solution is to run the game under ScummVM, which is a rewrite of many ancient game engines.
Remember this the next time you hear an exaggerated statement about the backward compatibility of Windows.
0 replies for this story:
Reply to this story:
Thu, 19 Mar 2015
Libvirt Dependencies
Welcome to Yenya's rant about software "features". Today we will have look at libvirt in Fedora and its dependencies. But firstly let me show you a funny picture:
Anyway. I teach a seminar on Linux administration, where one of the tasks is to compile and use one's own kernel. The task for the following week is to create a virtual machine. One of my students had an interesting problem with the second task - virsh refused to start his KVM-based virtual machine with the "command timeout" message.
Digging into the issue, we discovered that it works with the distribution kernel, but not with his custom kernel. Then we found that virsh tries to do a RPC call over D-Bus, which then times out, because the D-Bus object in question was not present. This object is supposed to be provided by a daemon called systemd-machined, which describes itself with the following headline:
This is a tiny daemon that tracks locally running Virtual Machines and Containers in various ways.
This is in fact an understatement, with the real situation being that this
daemon is a core part of the virtualization subsystem, and it is not even
possible to start a libvirt-managed guest without it. We have tried to start
the daemon from the command line, but it immediately exited without a meaningful
message anywhere. The only message in the syslogjournal was
that systemd-machined failed to start when the system was booted.
Long story short, my lucky guess was that systemd-machined could have something to do also with containers, and it might have needed a container support in the kernel. After enabling about five namespaces-related kernel config options and booting a recompiled kernel, we were able to start systemd-machined, and only then we managed to start the VM using virsh.
This spaghetti-structured unstraceable mess of interconnected daemons communicating over D-Bus and providing no meaningful error messages, which is masqueraded under a collective name "systemd", makes me sick quite often.
5 replies for this story:
michich wrote:
If libvirt fails hard when it fails to communicate with systemd-machined and at the same time it reports no useful error message, I'd consider that a bug in libvirt. You did not write what the error about starting systemd-machined said. Was it something like "Failed at step NAMESPACE spawning systemd-machined"? In systemd-machined.service you'll find it declares several security features whose implementation relies on namespaces: PrivateTmp=yes PrivateDevices=yes PrivateNetwork=yes ProtectSystem=full ProtectHome=yes If the kernel does not provide them, the service cannot start. There are many ways to shoot oneself in the foot when configuring a custom kernel. After spending quite a lot of time debugging some issues reported in Red Hat Bugzilla where the reporters failed to disclose they were using custom kernels (and on one occastion, when the fact became apparent, the reporter even refused to do a test under a Fedora kernel), I have developed a dislike for custom kernels. If you got to have one, please at least use the distro's config as the starting point and only trim down what you KNOW you don't need ("make localmodconfig" is nice).
Yenya wrote: Re: michich
My rant is about something other. I do not deny that systemd-machined requires special kernel features. What I find "interesting" is that virsh fails to start a KVM-based virtual machine in a situation when systemd-machined is not running. There is no need for virsh to require systemd-machined. As systemd-machined describes itself, it only tracks the VMs, it should not be a hard requirement for them. Moreover, when I do not use containers, my KVM-based VMs should not fail only because I don't have container-related features in my kernel. Also, the exact "solution" you describe is the reason of why even I don't compile my own kernels anymore - with custom kernel, random pieces of the distribution start failing, even though the features they are missing are not strictly needed for my use cases. This is the reason of recent decline in the number of "voluntary" kernel developers: using custom kernels has become increasingly harder and troublesome.
michich wrote:
I don't know about the goals of libvirt developers, so I cannot say whether the hard requirement on machined is justified or not. As I wrote earlier, at the very least it should report a useful error message. But maybe you're right and it should just continue regardless of the error. Still I don't see this in any way as systemd-machined's fault. I disagree with your point "I'm not knowingly using containers => I should not need container-related features in the kernel". Namespaces have a wider use than just for what people think of as containers. In my view it is perfectly acceptable if programs want to use these features for security hardening or whatever. They don't necessarily have to appear to the user as running in containers. Using localmodconfig it's fairly easy to create a custom kernel that's both quite lean and not lacking essential features. So I disagree with your conclusion.
Yenya wrote:
There are several problems: firstly, I would guess the dependency on systemd-machined has probably been added to libvirt by systemd developers. Even after reading the manpage, I fail to see the benefits systemd-machined brings to the libvirt user. There are probably none. Secondly, I am fully aware of benefits of namespaces besides their use for creating containers (having per-user /tmp is one of the most clever tricks, for example). So the implication you are trying to put into my mouth is in fact different: I would say something like "I don't use containers and I don't depend on namespaces for my applications => the applications should not fail just because the namespaces support is not present in the kernel". It is the same way as (at least for now), the system is still working even when booted with selinux=disabled.
michich wrote:
Looking at libvirt.git, support for systemd-machined was added to libvirt by Daniel P. Berrange, who's not a systemd developer. Though no doubt he communicated with Lennart first. From some of the commit messages, it seems to me the intention was not to have a hard dependency. It may be that the observed hard dependency is simply a bug. This leads me to your corrected implication. Having applications always degrade gracefully when faced with missing kernel features sounds like a nice plan, but may be difficult to achieve in practice. I mean QA most likely only test on the standard kernel. Adding the requirement of testing various kernel configurations would quickly lead to exponential explosion.
Reply to this story:
Sat, 20 Dec 2014
HDMI Sound
Another problem related to getting a new mainboard was sound. The mainboard has an on-board Intel GPU, which I use for the first seat. Unlike my previous graphics card for the Seat0, it is connected by HDMI port to my monitor. So I have decided to give sound over HDMI a try.
The problem was that it did not work: using pavucontrol, I have verified that sound is routed correctly to the HDMI interface, but the interface said that the output is disconnected. And I did not know how to "connect" it, because physically it has obviously been connected.
After some hours of searching I have found the following solution:
$ pactl list cards ... Card #1 Name: alsa_card.pci-0000_00_03.0 Driver: module-alsa-card.c Profiles: output:hdmi-stereo: Digital Stereo (HDMI) Output (sinks: 1, sources: 0, priority: 5400, available: yes) output:hdmi-surround: Digital Surround 5.1 (HDMI) Output (sinks: 1, sources: 0, priority: 300, available: yes) output:hdmi-stereo-extra1: Digital Stereo (HDMI 2) Output (sinks: 1, sources: 0, priority: 5200, available: yes) output:hdmi-surround-extra1: Digital Surround 5.1 (HDMI 2) Output (sinks: 1, sources: 0, priority: 100, available: yes) output:hdmi-stereo-extra2: Digital Stereo (HDMI 3) Output (sinks: 1, sources: 0, priority: 5200, available: yes) off: Off (sinks: 0, sources: 0, priority: 0, available: yes) Active Profile: output:hdmi-stereo Ports: hdmi-output-0: HDMI / DisplayPort (priority: 5900, latency offset: 0 usec, not available) Properties: device.icon_name = "video-display" Part of profile(s): output:hdmi-stereo, output:hdmi-surround hdmi-output-1: HDMI / DisplayPort 2 (priority: 5800, latency offset: 0 usec, not available) Properties: device.icon_name = "video-display" Part of profile(s): output:hdmi-stereo-extra1, output:hdmi-surround-extra1 hdmi-output-2: HDMI / DisplayPort 3 (priority: 5700, latency offset: 0 usec, available) Properties: device.icon_name = "video-display" device.product.name = "PLE2607WS" Part of profile(s): output:hdmi-stereo-extra2 $ pactl set-card-profile 1 output:hdmi-stereo-extra2
Apparently PulseAudio knows that the hdmi-stereo-extra2 is the only connected output, but remains set up to hdmi-stereo instead. Now that is not very user-friendly, plug&play, etc.
0 replies for this story:
Reply to this story:
Fri, 19 Dec 2014
Multiseat LightDM
After getting a new mainboard, I have upgraded my home computer to Fedora 20, and made my multiseat setup use the udev/logind/loginctl seat tags. About a month ago I have discovered that the seat numbers are not correctly assigned to sessions by xdm(8), so I started to look for solutions. Of course, that piece of crap called gdm was not even been considered for obvious reasons. Apparently the solution does exist, and suprisingly enough, it is really nice: it is called LightDM.
LightDM is the display manager. It has cleanly separated the display manager part (starting up the X servers, listening on XDMCP, etc.), and the user interface part (chooser). The later can be selected from various options - e.g. a KDE/Qt compatible one, and a GTK+ compatible one. The configuration is pretty straigthforward, and it does not try to hide anything from the user, unlike the above mentioned piece of crap.
The multiseat setup in LightDM is pretty straightforward: in /etc/ligthdm/lightdm.conf I have to add the following:
[Seat:0] xdg-seat=seat0 xserver-command=X -layout Primary -isolateDevice PCI:0:2:0 -seat seat0 vt7 [Seat:1] xdg-seat=seat1 xserver-command=X -layout Secondary -isolateDevice PCI:1:0:0 -seat seat1 -sharevts vt7
In the udev tags, I had to tag the following device as belonging to Seat1 (using loginctl(8)):
- The DRM device of the graphics card (.../drm/card1)
- The FB device of the graphics card (.../graphics/fb1)
- The sound card ports (.../sound/card1/inputXX)
- The USB port for the mouse (.../usb5/5-1)
- The USB port for the keyboard (.../usb5/5-2)
And that's it! The only (minor) nitpick is, that the GTK+ greeter does not remember the last logged-in user per seat, so it preselects the last logged in user on both seats by default. But we usually log in only after the reboot, so it is not a big problem.
0 replies for this story:
Reply to this story:
Tue, 16 Dec 2014
Systemd: ENOENT
I maintain a small software project (about 4k LOC) which is a part of the university infrastructure. It is versioned in Git and installed on several computers across the university. Today I wanted to deploy it on a Fedora 20 machine, which of course is running systemd.
Firstly about my position on systemd: I think most of the things they are trying to acchieve are pretty cool, but sometimes the implementation and design choices are a bit questionable. Anyway, I have written two unit files for my software, even with the unitname@.service wildcard syntax. The units are OK, systemctl start unitname-instance.service works as expected. The crash landing came when I wanted to enable these units after reboot:
# systemctl enable unitname-instance.service Failed to issue method call: No such file or directory
What's wrong with it? It can be systemctl start'd anyway, so the unit files should be OK, shouldn't they? After some hair pulling I have discovered that systemd intentionally ingores symlinks in the /usr/lib/systemd/system directory. Moreover, they just set O_NOFOLLOW and print whatever errno they get from the kernel, which is simply misleading. I think my use case - to have my own unit files in my git repository - is valid, and there is no reason for disallowing symlinked unit files.
Related Fedora bug reports: #1014311, #955379.