Don’t Want Trackers Watching Your Web And Smartphone Activity? This Start-up’s For You. | Forbes

Kashmir Hill; Don’t Want Trackers Watching Your Web And Smartphone Activity? This Start-up’s For You.; In Forbes; 2013-07-24 (appears in print 2013-08-12).

Mentions

  • A hagiography of Disconnect
  • Disconnect
    • Casey Oppenheim
      • Founder
      • Age 39
      • Consumer advocate lawyer
      • from Minnesota
    • Brian Kennish
      • Founder
      • Age 37
      • ex-Google (2003-)
    • Dan Kwon
      • mentioned
    • Patrick Jackson
      • engineer
      • ex-NSA
    • Located Palo Alto, CA
    • Funding
      • $600,000
      • two venture capital firms and six angel investors
        • Charles River Ventures
        • FirstMark Capital
    • 1x year incubating at Charles River Ventures
    • Claim: <quote>Jackson has come up with a way to manipulate Apple’s operating system into letting Disconnect block advertisers and analytics companies from getting the location, user ID or other info from a person’s phone.</quote>
  • Counterpoint
    • Mike Zaneis, general counsel for the Interactive Advertising Bureau (IAB)

Via backfill

SDN: Software Defined Networks | Thomas Nadeau, Ken Gray

Thomas D. Nadeau, Ken Gray; SDN: Software Defined Networks: An Authoritative Review of Network Programmability Technologies; O’Reilly Media; ISBN: 978-1-4493-4230-2, ISBN 10: 1-4493-4230-2; 2013-08-29 (est); 300 pages; kindle: $38, softcover: $60 (O’Reilly), $49 (Amazon).

Compare

Via backfill

Fedora kernel updates with the Catalyst driver and a AMD FirePro W9000

Gear

Problem Statement

  • One or more monitors do not wake up from sleep in 1/1000 instances.
  • Kernel updates render this setup unstable:
    • Unmanaged “yum update” may make the display unuseable.
    • The kernel and drivers must be updated together, as a matched set.

Remediation

  • For the sleep-never-wake …
    • Unplug & replug the DisplayPort cable.
    • This will destroy your running X11 configuration back to the default
      (but the monitor was dark and unuseable anyway, right?)
    • A login/logout cycle is indicated.
    • A session with amdcccle is indicated to reconfigure the ordering & rotation.
  • For the kernel update problem
    • Ensure both the kernel and xorg drivers are updated together.

Best Practices

Basic paranoia about an ill-understood software stack…

  • If you have a working configuration, do not change it, do not log out.
  • Do not take kernel updates without management & monitoring.
    • See Resources, below, about preventing kernel updates.
  • Do not take Catalyst updates (e.g. from rpmfusion) without management & monitoring
  • Save old kernels, lots of them
    • See Resources, below, about saving old kernel (more than three)
  • Have a fallback position in case a new update doesn’t work out.

Configuration

Drivers & Kernels

  • You need both the catalyst X11 driver and the kmod catalyst driver
  • yum install xorg-x11-drv-catalyst kmod-catalyst

Packages

kmod-catalyst.x86_64
Metapackage which tracks in catalyst kernel module for newest kernel
xorg-x11-drv-catalyst.x86_64
AMD’s proprietary driver for ATI graphic cards

Failure Mode

  • Absent the kmod driver, the gear will still work, but in degraded mode
  • You will experience the GNOME “weak fallback mode”
    • A GNOME-2 type of experience (no compositing, no round edges)
    • Sliding windows will have video artifacts
    • Importantly, display rotation is unavailable
  • Therefore, make sure you have the catalyst X11 drivers and the kernel kmod catalyst drivers.
  • If you are experiencing GNOME-2 type screens, then acquire the appropriate drivers.
$ uname -a
Linux cathedral 3.9.11-200.fc18.x86_64 #1 SMP Mon Jul 22 21:04:50 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

Here is shown a configuration where there are two workable kernels:

  • Kernel 3.9.2 and 3.9.11
  • Catalyst 13.4
$ rpm -q -a | grep catalyst
kmod-catalyst-3.9.2-200.fc18.x86_64-13.4-2.fc18.x86_64
kmod-catalyst-3.9.11-200.fc18.x86_64-13.4-2.fc18.8.x86_64
kmod-catalyst-13.4-2.fc18.8.x86_64
xorg-x11-drv-catalyst-13.4-1.fc18.x86_64
xorg-x11-drv-catalyst-libs-13.4-1.fc18.x86_64

Xorg Configuration

/etc/X11/xorg.conf as set up by amdcccle

Section "ServerLayout"
        Identifier     "amdcccle Layout"
        Screen      0  "amdcccle-Screen[2]-0" 0 0
EndSection

Section "Monitor"
        Identifier   "0-DFP1"
        Option      "VendorName" "ATI Proprietary Driver"
        Option      "ModelName" "Generic Autodetecting Monitor"
        Option      "DPMS" "true"
        Option      "PreferredMode" "2560x1600"
        Option      "TargetRefresh" "60"
        Option      "Position" "4800 0"
        Option      "Rotate" "normal"
        Option      "Disable" "false"
EndSection

Section "Monitor"
        Identifier   "0-DFP5"
        Option      "VendorName" "ATI Proprietary Driver"
        Option      "ModelName" "Generic Autodetecting Monitor"
        Option      "DPMS" "true"
        Option      "PreferredMode" "2560x1600"
        Option      "TargetRefresh" "60"
        Option      "Position" "3200 12"
        Option      "Rotate" "right"
        Option      "Disable" "false"
EndSection

Section "Monitor"
        Identifier   "0-DFP9"
        Option      "VendorName" "ATI Proprietary Driver"
        Option      "ModelName" "Generic Autodetecting Monitor"
        Option      "DPMS" "true"
        Option      "PreferredMode" "2560x1600"
        Option      "TargetRefresh" "60"
        Option      "Position" "1600 12"
        Option      "Rotate" "right"
        Option      "Disable" "false"
EndSection

Section "Monitor"
        Identifier   "0-DFP13"
        Option      "VendorName" "ATI Proprietary Driver"
        Option      "ModelName" "Generic Autodetecting Monitor"
        Option      "DPMS" "true"
        Option      "PreferredMode" "2560x1600"
        Option      "TargetRefresh" "60"
        Option      "Position" "0 12"
        Option      "Rotate" "right"
        Option      "Disable" "false"
EndSection

Section "Device"
        Identifier  "amdcccle-Device[2]-0"
        Driver      "fglrx"
        Option      "Monitor-DFP1" "0-DFP1"
        Option      "Monitor-DFP5" "0-DFP5"
        Option      "Monitor-DFP9" "0-DFP9"
        Option      "Monitor-DFP13" "0-DFP13"
        BusID       "PCI:2:0:0"
EndSection

Section "Screen"
        Identifier "amdcccle-Screen[2]-0"
        Device     "amdcccle-Device[2]-0"
        DefaultDepth     24
        SubSection "Display"
                Viewport   0 0
                Virtual   7360 2572
                Depth     24
        EndSubSection
EndSection

Yum Configuration

In /etc/yum.conf, declare:

installonlypkgs=kernel,kernel-PAE,kernel-smp,kernel-bigmem,kernel-devel,kernel-firmware,kernel-headers

In /etc/yum.conf, declare a higher limit on older kernels:

installonly_limit=6

To turn off the cleanup of old kernels altogether, in /etc/yum.conf, declare:

installonly_limit=0

See Configuration for Package Protection afforded by yum-plugin-protect-packages. This package blocks the uninstall of yum and its dependencies. To protect other packages, one creates files in /etc/yum/protected.d/*.conf and adds package name, one per line, to the *.conf files.

Use yum-utils to provide package-cleanup

## Install yum utils ##
yum install yum-utils
## Package-cleanup set count as how many old kernels you want left ##
package-cleanup --oldkernels --count=2

Resources

Products


 

NetworkManager dispatchers dbus services misconfiguration | Fedora 19, Schrödinger’s Cat

 Indications

  • Fedora 19, Schrödinger’s Cat
  • NetworkManager is in use
  • NetworkManager does not seem to be running the hooks in /etc/NetworkManager/dispatcher.d
  • There are messages /var/log/messages

Diagnostics

The message in /var/log/messages:

Activation via systemd failed for unit 'dbus-org.freedesktop.nm-dispatcher.ser
vice': Unit dbus-org.freedesktop.nm-dispatcher.service failed to load: No such file or directory. See system logs and 'systemctl status dbus-
org.freedesktop.nm-dispatcher.service' for details.

The response

$ systemctl status dbus-org.freedesktop.nm-dispatcher.service
dbus-org.freedesktop.nm-dispatcher.service
Loaded: error (Reason: No such file or directory)
Active: inactive (dead)

The installation

$ cat /etc/system-release
Fedora release 19 (Schrödinger’s Cat)

$ rpm -q NetworkManager
NetworkManager-0.9.8.2-8.git20130709.fc19.i686

Remediation

$ sudo systemctl enable NetworkManager-dispatcher.service
ln -s '/usr/lib/systemd/system/NetworkManager-dispatcher.service' '/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service' ln -s '/usr/lib/systemd/system/NetworkManager-dispatcher.service' '/etc/systemd/system/multi-user.target.wants/NetworkManager-dispatcher.service'

Reports

Red Hat 974811 – NetworkManager dispatchers dbus services misconfiguration

  • Reported 2013-06-16 00:27 EDT

Actualities

Jul 28 18:42:53 athletic NetworkManager[417]: <info> (em1): DHCPv4 state changed preinit -> bound
Jul 28 18:42:53 athletic NetworkManager[417]: <info>   address 192.168.0.71
Jul 28 18:42:53 athletic NetworkManager[417]: <info>   prefix 24 (255.255.255.0)
Jul 28 18:42:53 athletic NetworkManager[417]: <info>   gateway 192.168.0.22
Jul 28 18:42:53 athletic NetworkManager[417]: <info>   hostname 'athletic'
Jul 28 18:42:53 athletic NetworkManager[417]: <info>   nameserver '192.168.0.34'
Jul 28 18:42:53 athletic NetworkManager[417]: <info>   nameserver '192.168.0.26'
Jul 28 18:42:53 athletic NetworkManager[417]: <info>   nameserver '192.168.0.28'
Jul 28 18:42:53 athletic NetworkManager[417]: <info>   nameserver '192.168.0.44'
Jul 28 18:42:53 athletic NetworkManager[417]: <info>   nameserver '192.168.0.47'
Jul 28 18:42:53 athletic NetworkManager[417]: <info>   nameserver '192.168.0.22'
Jul 28 18:42:53 athletic NetworkManager[417]: <info> Activation (em1) Stage 5 of 5 (IPv4 Configure Commit) scheduled...
Jul 28 18:42:53 athletic NetworkManager[417]: <info> Activation (em1) Stage 5 of 5 (IPv4 Commit) started...
Jul 28 18:42:54 athletic NetworkManager[417]: <info> (em1): device state change: ip-config -> secondaries (reason 'none') [70 90 0]
Jul 28 18:42:54 athletic NetworkManager[417]: <info> Activation (em1) Stage 5 of 5 (IPv4 Commit) complete.
Jul 28 18:42:54 athletic NetworkManager[417]: <info> (em1): device state change: secondaries -> activated (reason 'none') [90 100 0]
Jul 28 18:42:54 athletic NetworkManager[417]: <info> Policy set 'Wired connection 1' (em1) as default for IPv4 routing and DNS.
Jul 28 18:42:54 athletic NetworkManager[417]: <info> Activation (em1) successful, device activated.
Jul 28 18:42:54 athletic dbus-daemon[422]: dbus[422]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Jul 28 18:42:54 athletic dbus[422]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Jul 28 18:42:54 athletic dbus[422]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.nm-dispatcher.service': Unit dbus-org.freedesktop.nm-dispatcher.service failed to load: No such file or directory. See system logs and 'systemctl status dbus-org.freedesktop.nm
-dispatcher.service' for details.
Jul 28 18:42:54 athletic NetworkManager[417]: <warn> Dispatcher failed: (32) Unit dbus-org.freedesktop.nm-dispatcher.service failed to load: No such file or directory. See system logs and 'systemctl status dbus-org.freedesktop.nm-dispatcher.service' for details.
Jul 28 18:42:54 athletic dbus-daemon[422]: dbus[422]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.nm-dispatcher.ser
vice': Unit dbus-org.freedesktop.nm-dispatcher.service failed to load: No such file or directory. See system logs and 'systemctl status dbus-org.freedesktop.nm-dispatcher.service' for details.

Replicant is a FOSS Android clone


Replicant

Rick Lehrbaum; Replicant fully-free Android distro project solicits funds; In Linux Gizmos; 2013-07-26.

Products

Devices

Founded

  • 2010
  • <quote>to unify the efforts of various individuals attempting to produce a fully free Android distribution</quote>

Who

  • Founders
    • Aaron Williamson
    • Graziano Sorbaioli
    • Denis “GNUtoo” Carikli
    • Bradley M. Kuhn
  • Recent
    • Carikli Kocialkowski
    • Paul Kocialkowski

Via backfill

ASUS PQ321Q Tiled Monitor | PC Perspective

ASUS PQ321Q 31.5-in 4K 60 Hz Tiled Monitor Review; ; In PC Perspective; 2013-07-19.

Mentions

  • DisplayPort SST (Single-Stream Transport)
  • DisplayPort MST (Multi-Stream Transport)
  • <quote>By enabling SST mode though you can connect a single HDMI cable or use DisplayPort to run more standard resolutions like 1920×1080 or even 3840×2160 at 30 Hz.</quote>
  • Implemented internally as 2x 2160×1920
  • SST supports 3240×2160 only at 30Hz.
  • <quote>The ASUS PQ321Q (and the Sharp PN-K321) are both powered by STMicroelectronics Athena controller</quote>

Claimed

But not verified in the article

  • The monitor can handle 4096×2160 inputs by clipping the video stream

Unclear

Unclear from the article

  • The device may require DisplayPort 1.2 MST to get to the full 4096×2160.  But one sentence claims that SST mode can handle 3840×2160 (at 30 Hz),
  • May not get to full resolution on DisplayPort 1.1

Actualities

Credits in the links

View Full Size

View Full Size

View Full Size

View Full Size

View Full Size

View Full Size

The /etc/*-release* files on Fedora, and especially /etc/system-release-cpe

Mentions

Origin

From fedora-release.spec

echo "cpe:/o:fedoraproject:fedora:%{version}" > $RPM_BUILD_ROOT/etc/system-release-cpe

Concept

Related

Specimen

From: Fedora 18, Spherical Cow

$ ls -dl /etc/*-release* /etc/issue
-rw-r--r--. 1 root root   34 Dec 19  2012 /etc/fedora-release
-rw-r--r--. 1 root root   59 Dec 19  2012 /etc/issue
drwxr-xr-x. 2 root root 4096 Mar 27 19:31 /etc/lsb-release.d
-rw-r--r--. 1 root root  165 Dec 19  2012 /etc/os-release
lrwxrwxrwx. 1 root root   14 Mar 20 21:36 /etc/redhat-release -> fedora-release
lrwxrwxrwx. 1 root root   14 Mar 20 21:36 /etc/system-release -> fedora-release
-rw-r--r--. 1 root root   31 Dec 19  2012 /etc/system-release-cpe
$ ls -dl /etc/*-release*
-rw-r--r--. 1 root root   34 Dec 19  2012 /etc/fedora-release
drwxr-xr-x. 2 root root 4096 Mar 27 19:31 /etc/lsb-release.d
-rw-r--r--. 1 root root  165 Dec 19  2012 /etc/os-release
lrwxrwxrwx. 1 root root   14 Mar 20 21:36 /etc/redhat-release -> fedora-release
lrwxrwxrwx. 1 root root   14 Mar 20 21:36 /etc/system-release -> fedora-release
-rw-r--r--. 1 root root   31 Dec 19  2012 /etc/system-release-cpe
$ find /etc/lsb-release.d | sort | xargs ls -ld
drwxr-xr-x. 2 root root 4096 Mar 27 19:31 /etc/lsb-release.d
-rw-r--r--. 1 root root    0 Jan 16  2013 /etc/lsb-release.d/core-4.1-amd64
-rw-r--r--. 1 root root    0 Jan 16  2013 /etc/lsb-release.d/core-4.1-noarch
-rw-r--r--. 1 root root    0 Jan 16  2013 /etc/lsb-release.d/cxx-4.1-amd64
-rw-r--r--. 1 root root    0 Jan 16  2013 /etc/lsb-release.d/cxx-4.1-noarch
-rw-r--r--. 1 root root    0 Jan 16  2013 /etc/lsb-release.d/desktop-4.1-amd64
-rw-r--r--. 1 root root    0 Jan 16  2013 /etc/lsb-release.d/desktop-4.1-noarch
-rw-r--r--. 1 root root    0 Jan 16  2013 /etc/lsb-release.d/languages-4.1-amd64
-rw-r--r--. 1 root root    0 Jan 16  2013 /etc/lsb-release.d/languages-4.1-noarch
-rw-r--r--. 1 root root    0 Jan 16  2013 /etc/lsb-release.d/printing-4.1-amd64
-rw-r--r--. 1 root root    0 Jan 16  2013 /etc/lsb-release.d/printing-4.1-noarch
$ cat /etc/issue
Fedora release 18 (Spherical Cow)
Kernel \r on an \m (\l)
$ cat /etc/os-release 
NAME=Fedora
VERSION="18 (Spherical Cow)"
ID=fedora
VERSION_ID=18
PRETTY_NAME="Fedora 18 (Spherical Cow)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:fedoraproject:fedora:18"
$ cat /etc/system-release
Fedora release 18 (Spherical Cow)
$ cat /etc/system-release-cpe 
cpe:/o:fedoraproject:fedora:18

Special Classes & Special-Use Addresses in IPv4 & IPv6

Reserved Addresses & Ranges in IPv4

Address Block Present Use Reference Assigned
0.0.0.0/8 “This” Network RFC 1122, Section 3.2.1.3 1981-09
10.0.0.0/8 Private-Use Networks RFC 1918 1996-02
100.64.0.0/10 Shared Address Space
Carrier-Grade NAT (CGN)
RFC 6598, Section 7 2012-04
127.0.0.0/8 Loopback RFC 1122, Section 3.2.1.3 1981-09
169.254.0.0/16 Link Local RFC 3927 2005-05
172.16.0.0/12 Private-Use Networks RFC 1918 1996-02
192.0.0.0/24 IETF Protocol Assignments RFC 5736 2010-01
192.0.0.0/29 DS-Lite RFC 6333 2011-06
192.0.2.0/24 Documentation (TEST-NET-1) RFC 5737 2010-01
192.88.99.0/24 6to4 Relay Anycast RFC 3068 2001-06
192.168.0.0/16 Private-Use Networks RFC 1918 1996-02
198.18.0.0/15 Network Interconnect Device Benchmark Testing RFC 2544 1999-03
198.51.100.0/24 Documentation (TEST-NET-2) RFC 5737 2010-01
203.0.113.0/24 Documentation (TEST-NET-3) RFC 5737 2010-01
224.0.0.0/4 Multicast RFC 3171 1999-08
240.0.0.0/4 Reserved for Future Use RFC 1112, Section 4 1989-08
255.255.255.255/32 Limited Broadcast RFC 919, Section 7
RFC 922, Section 7
1984-10

Reserved Address & Ranges in IPv6

Address Block Present Use Reference Assigned
::1/128 Loopback Addresss RFC 4291 2006-02
64:ff9b::/96 IPv4-IPv6 Translation RFC 6052 2010-10
::ffff:0:0/96 IPv4-mapped Address RFC 4291 2006-02
100::/64 Discard-Only Address Block RFC 6666 2012-06
2001::/23 IETF Protocol Assignments RFC 2928 2000-09
2001::/32 TEREDO RFC 4380 2006-01
2001:2::/32 Benchmarking RFC 5180 2008-04
2001:10::/28 ORCHID RFC 5180 2007-03 (ex-2014-03)
2001:db8::/32 Documentation RFC 3849 2004-07
2002:::/16 6to4 RFC 3056 2001-02
fc00::/7 Unique-Local RFC 4193 2005-10
fe80::/10 Linked-Scoped Unicast RFC 4291 2006-02
ff00::/8 Multicast Address Space RFC 4291 (node),
RFC 3307 (link)
Registry

References

RetroShare on Fedora 17, 18, 19

RetroShare
Secure communication with friends

Installation Summary

  • Successfully installed, started & initialized a profile on Fedora 18

Known Problems

  • Bringing up the About dialog has no Close action
    • That modal dialog greys-and-blocks the application
    • You must kill the program to recover control
  • IPv4 only; there is no IPv6 support FAQ
  • There are order-dependent package conflicts in Fedora 18
    • libupnp1-1.6.7-11.1.x86_64 => required for RetroShare
    • libupnp-1.6.18-1.fc18.x86_64 => prevents RetroShare, required by gmyth, gstreamer-plugins-bad-free-extras
  • Expects UPnP to punch DNAT holes back through your (IPv4) NAT
    • linux-igd the Linux UPNP Internet GATEWAY DEVICE

Release History

  • 2013-03-23: Version 0.5.4e
  • 2012-12-17: Version 0.5.4d
  • 2012-11-21: Version 0.5.4c
  • 2012-09-26: Version 0.5.4b

Outreach

Promotions

And backfilled

Theory

Actualities

Screenshots (from Windows?); attribution in the links

Practice

  • IPv4 with uPnP?
  • IPv6?
  • Key Exchange
    • You’re exchanging public keys … so what’s the big deal
    • Suggestion: use cryptobin.org

Availability

(yum) Repos

The scheme seems to be to identify a yum repo for the distribution rather than to provide a download directly.

AsamK

AsamK’s work is nominated on the RetroShare Project Site

File: /etc/yum.repos.d/home:AsamK:RetroShare.repo

[home_AsamK_RetroShare]
name=RetroShare (Fedora_19)
type=rpm-md
baseurl=http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_19/
gpgcheck=1
gpgkey=http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_19/repodata/repomd.xml.key
enabled=1

Reference: home:AsamK:RetroShare.repo
Origin: Fedora 19 from the Downloads at the RetroShare Project Site

File: /etc/yum.repos.d/home:AsamK:RetroShare.repo

[home_AsamK_RetroShare]
name=RetroShare (Fedora_18)
type=rpm-md
baseurl=http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_18/
gpgcheck=1
gpgkey=http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_18/repodata/repomd.xml.key
enabled=1

Reference: home:AsamK:RetroShare.repo
Origin: Fedora 18 from the Downloads at the RetroShare Project Site

File: /etc/yum.repos.d/home:AsamK:RetroShare.repo

[home_AsamK_RetroShare]
name=RetroShare (Fedora_17)
type=rpm-md
baseurl=http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_17/
gpgcheck=1
gpgkey=http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_17/repodata/repomd.xml.key
enabled=1

Reference: home:AsamK:RetroShare.repo
Origin: Fedora 17 from the Downloads at the RetroShare Project Site

RPM Sphere

Zhong Huaren(?)’s work is nominated in Linux Packages Search. It features a Fedora 19 build and both x86_64 and i686 builds.

File: /etc/yum.repos.d/rpm-sphere.repo

[rpm-sphere]
name=RPM Sphere
baseurl=http://download.opensuse.org/repositories/home:/zhonghuaren/Fedora_19/
gpgkey=http://download.opensuse.org/repositories/home:/zhonghuaren/Fedora_19/repodata/repomd.xml.key
enabled=1
gpgcheck=1

Reference: retroshare-0.5.3c-12.1.x86_64.rpm

File: /etc/yum.repos.d/rpm-sphere.repo

[rpm-sphere]
name=RPM Sphere
baseurl=http://download.opensuse.org/repositories/home:/zhonghuaren/Fedora_18/
gpgkey=http://download.opensuse.org/repositories/home:/zhonghuaren/Fedora_18/repodata/repomd.xml.key
enabled=1
gpgcheck=1

Reference: retroshare-0.5.3c-12.1.x86_64.rpm

File: /etc/yum.repos.d/rpm-sphere.repo

[rpm-sphere]
name=RPM Sphere
baseurl=http://download.opensuse.org/repositories/home:/zhonghuaren/Fedora_17/
gpgkey=http://download.opensuse.org/repositories/home:/zhonghuaren/Fedora_17/repodata/repomd.xml.key
enabled=1
gpgcheck=1

Reference: retroshare-0.5.3c-12.1.x86_64.rpm

Olea

Only has i686. See the Search Results

Installation

Create file: /etc/yum.repos.d/home:AsamK:RetroShare.repo

[home_AsamK_RetroShare]
name=RetroShare (Fedora_18)
type=rpm-md
baseurl=http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_18/
gpgcheck=1
gpgkey=http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_18/repodata/repomd.xml.key
enabled=1

What will be installed?

$ yum 'search' 'retroshare' 
Loaded plugins: langpacks, presto, refresh-packagekit
<snip/>
=========================== N/S Matched: retroshare ============================
retroshare-debuginfo.i686 : Debug information for package retroshare
retroshare-debuginfo.x86_64 : Debug information for package retroshare
retroshare-nogui.i686 : RetroShare without gui
retroshare-nogui.x86_64 : RetroShare without gui
retroshare-plugins.i686 : Precompiled plugins for RetroShare
retroshare-plugins.x86_64 : Precompiled plugins for RetroShare
retroshare-svn-debuginfo.i686 : Debug information for package retroshare-svn
retroshare-svn-debuginfo.x86_64 : Debug information for package retroshare-svn
retroshare-svn-nogui.i686 : RetroShare without gui
retroshare-svn-nogui.x86_64 : RetroShare without gui
retroshare-svn-plugins.i686 : Precompiled plugins for RetroShare
retroshare-svn-plugins.x86_64 : Precompiled plugins for RetroShare
retroshare.i686 : Secure chat and file sharing
retroshare.x86_64 : Secure chat and file sharing
retroshare-svn.i686 : Secure chat and file sharing
retroshare-svn.x86_64 : Secure chat and file sharing
<snip/>

The difference between the “regular” and the “svn”-suffixed packages is unclear.

$ sudo yum install -y retroshare retroshare-nogui
Loaded plugins: langpacks, presto, refresh-packagekit
Resolving Dependencies
--> Running transaction check
---> Package retroshare.x86_64 0:0.5.4e-2.1 will be installed
--> Processing Dependency: libupnp.so.3()(64bit) for package: retroshare-0.5.4e-2.1.x86_64
---> Package retroshare-nogui.x86_64 0:0.5.4e-2.1 will be installed
--> Running transaction check
---> Package libupnp1.x86_64 0:1.6.7-11.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package              Arch       Version        Repository                 Size
================================================================================
Installing:
 retroshare           x86_64     0.5.4e-2.1     home_AsamK_RetroShare     5.0 M
 retroshare-nogui     x86_64     0.5.4e-2.1     home_AsamK_RetroShare     1.2 M
Installing for dependencies:
 libupnp1             x86_64     1.6.7-11.1     home_AsamK_RetroShare     114 k

Transaction Summary
================================================================================
Install  2 Packages (+1 Dependent package)

Total download size: 6.3 M
Installed size: 17 M
Downloading Packages:
warning: /var/cache/yum/x86_64/18/home_AsamK_RetroShare/packages/libupnp1-1.6.7-11.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 21691f91: NOKEY
Public key for libupnp1-1.6.7-11.1.x86_64.rpm is not installed
--------------------------------------------------------------------------------
Total                                            37 kB/s | 6.3 MB     02:57     
Retrieving key from http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_18/repodata/repomd.xml.key
Importing GPG key 0x21691F91:
 Userid     : "home:AsamK OBS Project "
 Fingerprint: e2ce 3677 c801 5772 d097 b0aa 9418 a479 2169 1f91
 From       : http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_18/repodata/repomd.xml.key
Running Transaction Check
Running Transaction Test

Transaction Check Error:
  file /usr/lib64/libixml.so.2 from install of libupnp1-1.6.7-11.1.x86_64 conflicts with file from package libupnp-1.6.18-1.fc18.x86_64

Error Summary
-------------

FAIL (on cathedral)

Diagnosis
cathedral (F18) fails

$ rpm -q -a | grep pnp | sort
gupnp-0.18.4-1.fc18.x86_64
gupnp-av-0.10.3-1.fc18.x86_64
gupnp-igd-0.2.1-2.fc18.x86_64
libupnp-1.6.18-1.fc18.x86_64

cavernous (F18) succeeds:

$ rpm -q -a |grep pnp | sort
gupnp-0.18.4-1.fc18.x86_64
gupnp-av-0.10.3-1.fc18.x86_64
gupnp-igd-0.2.1-2.fc18.x86_64
libupnp1-1.6.7-11.1.x86_64

Great … so it’s the difference between libupnp and libupnp1  What needs which?

Try again (on cavernous) …

$ sudo yum install -y retroshare retroshare-nogui
Loaded plugins: langpacks, presto, refresh-packagekit
<snip/>
Resolving Dependencies
--> Running transaction check
---> Package retroshare.x86_64 0:0.5.4e-2.1 will be installed
--> Processing Dependency: libupnp.so.3()(64bit) for package: retroshare-0.5.4e-2.1.x86_64
--> Processing Dependency: libixml.so.2()(64bit) for package: retroshare-0.5.4e-2.1.x86_64
---> Package retroshare-nogui.x86_64 0:0.5.4e-2.1 will be installed
--> Processing Dependency: libssh.so.4()(64bit) for package: retroshare-nogui-0.5.4e-2.1.x86_64
--> Processing Dependency: libssh_threads.so.4()(64bit) for package: retroshare-nogui-0.5.4e-2.1.x86_64
--> Running transaction check
---> Package libssh.x86_64 0:0.5.4-3.fc18 will be installed
---> Package libupnp1.x86_64 0:1.6.7-11.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package             Arch      Version           Repository                Size
================================================================================
Installing:
 retroshare          x86_64    0.5.4e-2.1        home_AsamK_RetroShare    5.0 M
 retroshare-nogui    x86_64    0.5.4e-2.1        home_AsamK_RetroShare    1.2 M
Installing for dependencies:
 libssh              x86_64    0.5.4-3.fc18      updates                  126 k
 libupnp1            x86_64    1.6.7-11.1        home_AsamK_RetroShare    114 k

Transaction Summary
================================================================================
Install  2 Packages (+2 Dependent packages)

Total download size: 6.5 M
Installed size: 18 M
Downloading Packages:
<snip>
--------------------------------------------------------------------------------
Total                                            36 kB/s | 6.5 MB     03:04     
Retrieving key from http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_18/repodata/repomd.xml.key
Importing GPG key 0x21691F91:
 Userid     : "home:AsamK OBS Project "
 Fingerprint: e2ce 3677 c801 5772 d097 b0aa 9418 a479 2169 1f91
 From       : http://download.opensuse.org/repositories/home:/AsamK:/RetroShare/Fedora_18/repodata/repomd.xml.key
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : libupnp1-1.6.7-11.1.x86_64                                   1/4 
  Installing : libssh-0.5.4-3.fc18.x86_64                                   2/4 
  Installing : retroshare-nogui-0.5.4e-2.1.x86_64                           3/4 
  Installing : retroshare-0.5.4e-2.1.x86_64                                 4/4 
  Verifying  : retroshare-0.5.4e-2.1.x86_64                                 1/4 
  Verifying  : libupnp1-1.6.7-11.1.x86_64                                   2/4 
  Verifying  : retroshare-nogui-0.5.4e-2.1.x86_64                           3/4 
  Verifying  : libssh-0.5.4-3.fc18.x86_64                                   4/4 

Installed:
  retroshare.x86_64 0:0.5.4e-2.1      retroshare-nogui.x86_64 0:0.5.4e-2.1     

Dependency Installed:
  libssh.x86_64 0:0.5.4-3.fc18           libupnp1.x86_64 0:1.6.7-11.1          

Complete!

What got installed?

$ rpm -q -l retroshare
/usr/bin/RetroShare
/usr/share/applications/retroshare.desktop
/usr/share/icons/hicolor
/usr/share/icons/hicolor/128x128
/usr/share/icons/hicolor/128x128/apps
/usr/share/icons/hicolor/128x128/apps/retroshare.png
/usr/share/icons/hicolor/24x24
/usr/share/icons/hicolor/24x24/apps
/usr/share/icons/hicolor/24x24/apps/retroshare.png
/usr/share/icons/hicolor/48x48
/usr/share/icons/hicolor/48x48/apps
/usr/share/icons/hicolor/48x48/apps/retroshare.png
/usr/share/icons/hicolor/64x64
/usr/share/icons/hicolor/64x64/apps
/usr/share/icons/hicolor/64x64/apps/retroshare.png
/usr/share/pixmaps/retroshare.xpm
$ rpm -q -l retroshare-nogui
/usr/bin/retroshare-nogui
/usr/share/RetroShare
/usr/share/RetroShare/bdboot.txt
/usr/share/RetroShare/qss
/usr/share/RetroShare/qss/blacknight
/usr/share/RetroShare/qss/blacknight.qss
/usr/share/RetroShare/qss/blacknight/check_sel.png
/usr/share/RetroShare/qss/blacknight/check_unsel.png
/usr/share/RetroShare/qss/blacknight/clbg.png
/usr/share/RetroShare/qss/blacknight/down.png
/usr/share/RetroShare/qss/blacknight/radio_sel.png
/usr/share/RetroShare/qss/blacknight/radio_unsel.png
/usr/share/RetroShare/qss/blacknight/up.png
/usr/share/RetroShare/qss/blue
/usr/share/RetroShare/qss/blue.qss
/usr/share/RetroShare/qss/blue/blue.png
/usr/share/RetroShare/qss/blue/blue2.png
/usr/share/RetroShare/qss/blue/tab1.png
/usr/share/RetroShare/qss/blue/tabselected.png
/usr/share/RetroShare/qss/groove.qss
/usr/share/RetroShare/qss/orangesurfer
/usr/share/RetroShare/qss/orangesurfer.qss
/usr/share/RetroShare/qss/orangesurfer/border.png
/usr/share/RetroShare/qss/orangesurfer/main.png
/usr/share/RetroShare/qss/orangesurfer/main2.png
/usr/share/RetroShare/qss/orangesurfer/sizegrip.png
/usr/share/RetroShare/qss/orangesurfer/tab_hover.png
/usr/share/RetroShare/qss/orangesurfer/tab_normal.png
/usr/share/RetroShare/qss/orangesurfer/tab_pressed.png
/usr/share/RetroShare/qss/orangesurfer/toolbar.png
/usr/share/RetroShare/qss/qlive
/usr/share/RetroShare/qss/qlive.qss
/usr/share/RetroShare/qss/qlive/qb.png
/usr/share/RetroShare/qss/qlive/qb2.png
/usr/share/RetroShare/qss/redscorpion
/usr/share/RetroShare/qss/redscorpion.qss
/usr/share/RetroShare/qss/redscorpion/red.png
/usr/share/RetroShare/qss/redscorpion/red2.png
/usr/share/RetroShare/qss/silver
/usr/share/RetroShare/qss/silver.qss
/usr/share/RetroShare/qss/silver/silver.png
/usr/share/RetroShare/qss/silver/silver2.png
/usr/share/RetroShare/qss/silvergrey.qss
/usr/share/RetroShare/qss/uus
/usr/share/RetroShare/qss/uus.qss
/usr/share/RetroShare/qss/uus/uus.png
/usr/share/RetroShare/qss/uus/uus2.png
/usr/share/RetroShare/qss/wx
/usr/share/RetroShare/qss/wx.qss
/usr/share/RetroShare/qss/wx/wx.png
/usr/share/RetroShare/qss/yaba
/usr/share/RetroShare/qss/yaba.qss
/usr/share/RetroShare/qss/yaba/yaba.png
/usr/share/RetroShare/qss/yaba/yaba2.png
/usr/share/RetroShare/qss/yaba/yaba3.png
/usr/share/RetroShare/qss/yeah
/usr/share/RetroShare/qss/yeah.qss
/usr/share/RetroShare/qss/yeah/yeah.png

The Linux UPNP Internet GATEWAY DEVICE

Jitsi

Jitsi (formerly SIP Communicator) is an audio/video and chat communicator that supports protocols such as SIP, XMPP/Jabber, AIM/ICQ, Windows Live, Yahoo! and many other useful features.

Availability

Via backfill

Update to Firefox 22, and the WordPress text editor arrow keys don’t work (because of Firebug)

Problem Statement

  • The arrow keys and the Home and End keys no longer work in the WordPress wysiwyg text editor.
  • They continue to work in the raw HTML editor.

Severity

  • The wysiwyg text editor is nearly unuseable.
  • The only workaround to move the text entry point is to use the mouse.

Context

  • Fedora 18
  • Firefox 22, updated from Firefox 19
  • There are gobs of other plugins in Firefox: including Firebug.

Diagnosis

  • It’s Firebug’s fault.

Remediation

  • Change the keybindings away from Ctrl+Shift+Arrow
  • The OK vs Cancel does not work in Firebug
    • hit Cancel, it does not Cancel
    • Validate that the changes were accepted via Cancel (which means OK)
  • Restart Firefox (yes, you apparently have to do that)

References

Actualities

Chevy Volt costs about $1.76/day to fuel (uh, charge) via CPAU E-1, Tier 3

The Data

Date Delta 6-months Average Monthly Daily Rate
Ending kWh $ kWh $ kWh $
2013-06-19 322 $58.54 291 $52.83 9.69 $1.76
2013-05-21 290 $53.62
2013-04-22 334 $60.52
2013-03-20 218 $40.69
2013-02-20 181 $33.70
2013-01-23 399 $69.91

Provenance & Context

  • Data from 2012-06-21 through 2013-06-19.
  • Complete utility metering data is not shown
  • Monetary values include CPAU “Utility Users Tax” of ~4.20%
  • The “delta” is relative to the 6-month prior metric.
  • Operation of the vehicle commenced 2013-01-31.
  • For the frame ending 2013-01-23, this includes the school holiday break wherein the kids watched a wall-sized TV for between 8-14 hours/day from 2012-12-21 to 2013-01-02.
  • City of Palo Alto (CPA), Residential Rates, the E1 Rate Card

Configuring Firefox to support Yahoo! Messenger’s ymsgr:SendIM URLs

tl;dr => the published recipe does not work; it longer works (it once may have).

Problem Statement

I want URLs of the form ymsgr:SendIM?someone to work in Firefox, where work is defined as

  • Double-click in Firefox initiates an URL handler for ymsgr protocol.
  • The handler communicates with the running pidgin.
  • Initiates a new conversation in pidgin using Yahoo! Messenger services.

On Fedora, Fedora 17, 18, 19.

Concept of the Recipe

  • Use purple-url-handler
  • Convince Firefox to initiate this handler for URL scheme ymsgr

Known

The invocation of purple-url-handler works, where work is defined as

  • From the command line …
  • The handler communicates with the running pidgin.
  • Initiates a new conversation in pidgin using Yahoo! Messenger services.

The problem occurs in convincing Firefox to accept the ymsgr protocol as a valid protocol.

Helpful & Instructive

Mozilla 312953 Confusing error message when protocol handler is non-existent app
After some comments, some success is reported with a different recipe than
Registering a protocol in Firefox (which does not work); something in & around:

  • Either personally or system-wide, add MIME types
    • Add MIME types to ~/.local/share/applications/mimeapps.list
    • Add the symlink /etc/gnomes/defaults.list pointing to /usr/share/applications/defaults.list (this advice seems spurious so ignore it)
  • The MIME types descriptions in mimeapps.list
    application/x-ymsgr=ymsgr.desktop;
    application/ymsgr=ymsgr.desktop;
    x-scheme-handler/ymsgr=ymsgr.desktop;
  • There must be a ymsgr.desktop patterned after some of the other *.desktop files located in
    • /usr/share/applications
    • ~/.local/share/applications
  • A winning definition of ymsgr.desktop:
    [Desktop Entry]
    Name=Yahoo! Messenger
    Comment=Yahoo! Messenger
    Exec=purple-url-handler %u
    Icon=yahoo
    MimeType=application/ymsgr;application/x-ymsgr;
    Terminal=false
    Type=Application
    StartupNotify=true
    Categories=Network;InstantMessaging;
  • A restart of Firefox does not seem to be necessary.

Irrelevant & Wrong

The received wisdom is Registering a protocol in Firefox, instructions for Linux and Mac.  This is wrong and does not work.  Something about within the about:config page, add some various properties and it will “just work.”  It does not.
Either

  • network.protocol-handler.expose.ymsgr (Boolean) false

Or

  • network.protocol-handler.external.ymsgr (Boolean) true
  • network.protocol-handler.app.ymsgr (String) "/usr/bin/purple-url-handler %s"
  • network.protocol-handler.expose-all (Boolean) true

Fragments

Debugging …

gconftool-2 --set /desktop/gnome/url-handlers/ymsgr/command --type String '/usr/bin/purple-url-handler %s'
gconftool-2 --set /desktop/gnome/url-handlers/ymsgr/enabled --type Boolean true
$ rpm -q -f /usr/bin/purple-url-handler
libpurple-2.10.7-2.fc18.x86_64
$ gconftool-2 --set /desktop/gnome/url-handlers/ymsgr/command  --type String '/usr/bin/purple-url-handler %s'
$ gconftool-2 --set /desktop/gnome/url-handlers/ymsgr/enabled --type Boolean true

$ for path in /desktop/gnome/url-handlers/ymsgr/{command,enabled} ; do echo "$path -> '$(gconftool-2 --get $path)'"; done
/desktop/gnome/url-handlers/ymsgr/command -> '/usr/bin/purple-url-handler %s'
/desktop/gnome/url-handlers/ymsgr/enabled -> 'true'

Unclear that /etc/gnome/defaults.list is really a valid thing

$ ls -als /etc/gnome/defaults.list
ls: cannot access /etc/gnome/defaults.list: No such file or directory

Recall that the suggestion was to link /etc/gnome/defaults.list to /usr/share/applications/defaults.list, yet /etc/gnome is not a directory:

$ ls -l /usr/share/applications/defaults.list /etc/gnome/defaults.list
ls: cannot access /etc/gnome/defaults.list: No such file or directory
-rw-r--r--. 1 root root 15530 Feb 13 12:26 /usr/share/applications/defaults.list
$ ls -ld /etc/gnome
ls: cannot access /etc/gnome: No such file or directory

The systemwide application MIME types application bindings.

$ cat ~/.local/share/applications/mimeapps.list 
[Default Applications]
x-scheme-handler/mailto=mozilla-thunderbird.desktop

[Added Associations]
x-scheme-handler/mailto=mozilla-thunderbird.desktop;
video/mpeg=gnome-mplayer.desktop;
$ wc -l /usr/share/applications/defaults.list
360 /usr/share/applications/defaults.list
$ head /usr/share/applications/defaults.list 
[Default Applications]
application/x-dia-diagram=fedora-dia.desktop
text/x-vcard=evolution.desktop
text/directory=evolution.desktop
text/calendar=evolution.desktop
application/x-cd-image=gnome-disk-image-mounter.desktop
image/x-compressed-xcf=gimp.desktop
image/x-xcf=gimp.desktop
image/x-psd=gimp.desktop
image/x-fits=gimp.desktop
...etc...

And arbitrarily, the Cherrytree application’s cherrytree.desktop against which to pattern a proposed construction of ymsgr.desktop

$ cat /usr/share/applications/cherrytree.desktop 
[Desktop Entry]
Name=CherryTree
Comment=Hierarchical Note Taking
Comment[cs]=Hierarchická tvorba poznámek
Comment[de]=Hierarchische Notizfunktion
Comment[es]=Gestor de notas jerárquico
Comment[fr]=Prise de Notes Hiérarchisées
Comment[gl]=Xestor de notas xerárquico
Comment[it]=Gestore di Appunti Gerarchico
Comment[pl]=Strukturalny Notes
Comment[ru]=Записная книжка с иерархической структурой
Comment[uk]=Записник з ієрархічною структурою
Comment[zh_CN]=分层笔记
Exec=cherrytree %f
Icon=cherrytree
MimeType=application/cherrytree-ctd;application/cherrytree-ctz;application/cherrytree-ctb;application/cherrytree-ctx;
Terminal=false
Type=Application
StartupNotify=true
Categories=GNOME;GTK;Utility;

Actualities

The failure case

The default settings in Firefox (Firefox 19)

Some modified settings in Firefox (recall, these have no effect set up as such):

On the Security of RC4 in TLS and WPA | AlFardan, Bernstein, Patterson, Poettering, Schuldt

Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt; On the Security of RC4 in TLS and WPA; At Their Shop; 2013-03-13, updated 2013-07-08.

Mentions

  • Single-byte bias attack on TLS.
  • To be presented at USENIX Security 2013, Washington DC, USA, 2013-08-14.
  • Claims <quote>
    • The most effective countermeasure against our attack is to stop using RC4 in TLS. [there are other countermeasures]
    • One of the attacks also applies to WPA/TKIP, the IEEE’s successor protocol to WEP. The most effective countermeasure against our attack against WPA/TKIP is to stop using WPA/TKIP and upgrade to WPA2.
      </quote>

Referenced

  • Nadhem J. AlFardhan, Daniel J. Bernstein, Kenneth G. Paterson, Bertram Poettering, Jacob C. N. Schuldt; On the Security of RC4 in TLS and WPA; In Proceedings of the USENIX Security Symposium 2013; 2013-07-08; 31 pages.
    Data & Evidence

  • CVE-2013-2566; National Vulnerability Database, National Institute of Standards & Technology, U.S.

    • Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
    • Overview: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Related

Via: backfill.

systemd cgroup changes | Lennart Poettering

Lennart Poettering (Red Hat)

Via backfill

Mentions

Mostly from Part I

  • Tejun Heo, (Linux kernel) cgroup maintainer

Deprecating:

Introducing:

  • Slices
  • single kernel cgroup hierarchy

Capabilites

  • partition system resources in a tree
  • move to arbitrarity places within a tree
    • units
    • users
    • machines

Reduction

  • Only a single cgroup tree
  • Controllers enabled/disabled separately per cgroup

Removed

  • ControlGroup=
    Replaced with

    • Slice=
    • EnableControllers=
    • and others
  • ControlGroupPersistent=
    Replaced with

    • only systemd sets up the cgroup tree
  • ControlGroupAttribute=
    Replace with (called the High Level Attributes)

    • CPUShares=
    • MemoryLimit=
    • others TBD
  • systemctl set-cgroup
    Replaced with

    • systemctl set-slice (or similar)
  • systemctl set-cgroup-attr
    Replaced with

    • systemctl set-attr (which only sets the high-level attributes
  • undocumented APIs (of systemd), no replacement

From Part II

Current dev (in git)

  • the Slice concept
  • logind will now also keep track of running containers/VMs.
  • ps can show the cgroups (and containers?) of a process.

Theory

  • Only a one single kernel cgroup.
  • The controllers individually enabled for each cgroup.
  • The cgroup hierarchy is private property of systemd
    • systemd sets it up.
    • systemd maintains it.
  • Any software wishing to manipulate cgroups will do so via systemd APIs.
  • Slices map to cgroups internally
  • Slices only allow high-level constraints.
  • There will be at least three slices:
    1. The system.slice where all system services are located by default,
    2. The user.slice where all logged in users are located by default,
    3. The machine.slice where all running VMs/containers are located by default.
    4. Others as created by administrators
  • systemd-logind is responsible for
    • users & sessions
    • machines & containers
  • Something about registration of machines / containers / VMs with systemd
    • so that ps will work
    • so that it behaves like Solaris’ zones concept.

Removed

  • unit configuration options
    • ControlGroup=
    • ControlGroupModify=
    • ControlGroupPersistent=
    • ControlGroupAttribute=
  • DefaultControllers=cpu

Remains

  • CPUShares=
  • MemoryLimit=
  • other high-level constraints

Timeline

  • #1 (single cgroup) => long term, not now
  • #2 (single cgroup owned by systemd) => long term, not now
  • #3 (systemd removes ControlGroup settings) => in development today
  • #4 (systemd slice concept) => implemented in systemd upstream
  • #5 (systemd-logind owns users & vms) => implemented in systemd upstream

Compatibilities

  • not supported; becomes deprecated

  • ok for now, but on notice to evolve (per #1 & #2 not scheduled)

The Thread

[systemd-devel] [HEADSUP] cgroup changes Lennart Poettering

[systemd-devel] [HEADSUP] cgroup changes Lennart Poettering

ZB Block blocks Softlayer/ThePlanet/Everyone/Reach (ASN-SLTP-054) and Hurricane Electric (ASN-HE1-029)

Seems like someone has added 172.255.0.0/16 to the ZB Block list. Pesky. Sloppy.

See the file signatures_install.inc from ZB Block 0.4.10a3 2013-04-28 “Tomcat” update 72.
To wit:

$ax += cidrblock($address,"173.255.240.0/20","Softlayer/ThePlanet/Everyone/Reach. (ASN-SLTP-054). "); //71
$ax += cidrblock($address,"173.255.240.0/20","Hurricane Electric (ASN-HE1-029). "); //73b

Basics

ZB Block of Spambot Security
ZB Block is a freeware php driven website/forum/blog/CMS anti spam and hacking script.

“ZB” seems to be the adoption of Douglas Adams’ character Zaphod Beeblebrox as the preferred nick name of the main autho.

Releases

Note that the actualities below are tagged ZB Block 0.4.10a4 / 74d, so that’s prerelease code.

Related, Sympathetic, Clones & Copies

Referenced

Promotion

Blog


Intro to ZB Block; On YouTube; 2009-19; 8:20.
tl;dr => content free

Features

  • Bad hosts
  • Bad IPs ( block single IP’s and IP ranges )
  • Bad query input ( $_GET )
  • Bad POST input ( $_POST )
  • Remote file inclusion
  • MySQL injections
  • http injections
  • Bad browser useragents.

Source: some other site

Actualities

HTML

     403 FORBIDDEN!     

Either the address you are accessing this site from has been banned for previous malicious behavior or the action you attempted is considered to be hostile to the proper functioning of this system.

The detected reason(s) you were blocked are:
Softlayer/ThePlanet/Everyone/Reach. (ASN-SLTP-054). Hurricane Electric (ASN-HE1-029).

Your IP, Domain Name (if resolvable), the referring page (if any), QUERY, POST, User Agent, time of access, and date have been logged and flagged for admin review. Please either 1. Stop the bad behavior, or 2. Cease accessing this system.

The webmaster of this site has decided to provide you with an e-mail link to start a trouble ticket about this block.
Please do not change the beginning of the subject line, nor the preamble of the body text.

Click HERE to start a trouble ticket.

Your connection details:
Record #: 284220
Time: 2013-07-15, Mon – 11:41:51 -06:00
Running: 0.4.10a4 / 74d
Host: *
IP: 173.255.0.0
Post:
Query:
Stripped Query:
Referer:
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0
Reconstructed URL: http:// www.spambotsecurity.com /

Generated by ZB Block 0.4.10a4 / 74d

Ube | Control Your Lights From Your Smartphone

Ube
myube.co because ube.co is a spam parking domain.

Ube WiFi Connected Multi-touch DimmerUbe Smart PlugUbe Smart Electrical Outlet

Concept

Household control via ambient WiFi from your personal device.

Specifications

… aren’t published, something more available 2013-Q4 & 2014.

  • CPU in each device, ambient WiFi connectivity
    • Expects your ambient WiFi (802.11) network.
      • “Uses your supplied SSID and WiFi password”
      • Supports: WEP, WPA and WPA2
    • Maybe, maybe not ad hoc mode.  unstated.
    • IPv4 only?  unstated.
  • The devices communicate with each other
    • Discovery by broadcast?
  • The phone app communicates with the devices
    • Discovery by broadcast?
  • Form Factor
    • NEMA 5-15R (plug)
    • Decora-style (faceplate)
  • Loads & Form Factor
    • NEMA 5-15R
    • Resistive loads (incandescent lights, dimmable LEDs and dimmable CFL).
    • <quote>The maximum wattage is 600W in a single gang application with controlling incandescent lights. The wattage is 150W when controlling LED or CFL bulbs.</quote>

Statements

Frequently-Asked Questions

Unclear what all this means, actually … <quote>

  • 32-bit processor
  • open source API
  • advanced operating system
  • full IP stack
  • Wi-Fi connectivity

</quote>

Cloud Access (Their Access to Your Network)

But you do seem to need to have access to the Ube cloud, your house is monitored in their cloud.  Seems like:

  • Submetering & reporting is done through their cloud.
  • Household control may optionally use their cloud
    • remote access
    • scheduling

<quote>

  • Does it require a connection to the ube Cloud to operate?
    No. The dimmer will dim lights and turn them on and off without a connection to any cloud service.
  • What if my internet goes down?
    The Ube dimmer will continue to function normally within the house even if your internet is down. However, if your internet is down, you will not be able to get certain reporting functions nor will you be able to control the lights from outside your home.
  • What if my WiFi goes down?
    You can still control the lights from the dimmer. However, you will not be able to use the Ube app if your WiFi is down.

</quote>

Ongoing Charges

<quote>

  • Is there a cost for the Ube app?
    The Ube lighting app to control Ube dimmers is free.

  • Is there a monthly service charge?
    There is no monthly service charge to control your lights.

</quote>

Unclear

  • Tablet form factor unstated.
  • Android availability unstated.
    • only iPhone is shown.
  • Desktop browser availability unstated.
    • something about late 2013, 2014
  • IPv6 unstated.
  • Protocols unstated.
    • Something about 2014.
    • Something about WiFi m2m (machine to machine?)

Availability

Promotions

Actualities

Ube WiFi Connected Multi-touch Dimmer
Ube Smart PlugUbe Smart Electrical Outlet

Why Mobile Web Apps are Slow | Drew Crawford

Sources

Summary

He puts the abstract-summary at the end.

<quote>

  • Javascript is too slow for mobile app use in 2013 (e.g., for photo editing etc.).  
    • It’s slower than native code by about 5
    • It’s comparable to IE8
    • It’s slower than x86 C/C++ by about 50
    • It’s slower than server-side Java/Ruby/Python/C# by a factor of about 10 if your program fits in 35MB, and it degrades exponentially from there
  • The most viable path for it to get faster is by pushing the hardware to desktop-level performance.  This might be viable long-term, but it’s looking like a pretty long wait.
  • The language itself doesn’t seem to be getting faster these days, and people who are working on it are saying that with the current language and APIs, it will never be as fast as native code
  • Garbage collection is exponentially bad in a memory-constrained environment.  It is way, way worse than it is in desktop-class or server-class environments.
  • Every competent mobile developer, whether they use a GCed environment or not, spends a great deal of time thinking about the memory performance of the target device
  • JavaScript, as it currently exists, is fundamentally opposed to even allowing developers to think about the memory performance of the target device
  • If they did change their minds and allowed developers to think about memory, experience suggests this is a technically hard problem.
  • asm.js show some promise, but even if they win you will be using C/C++ or similar “backwards” language as a frontend, rather than something dynamic like JavaScript

</quote>

Fanout

By section

The genre of “Which is better: native or HTML5″ “Who will win?”

Three criticisms about benchmarks

  1. Whether JIT is appreciably slower where it matters (benchmarks do not matter).
  2. JIT gets better every day, native does not; oOne day soon, JIT will be “faster than native.”
  3. Python, PHP, Ruby (fully-interpreted code) is already fast enough for ultra-high scale, this is single-user, so what’s the point?

Performance Baseline & Benchmarks

Performance Evolution and Possibilities

Language Tradeoffs: Native vs Managed

Managed languages optimize for developer productivity with JIT thrown in to recover some of the drain.  Native languages don’t have that overhead.  Even the proponents admit this. In archaeological order, not article order:

On Garbage Collection contra Explicit Memory Management

Screen Shot 2013-05-14 at 10.15.29 PM

Hertz, Berger; Quantifying the Performance of Garbage Collection vs Explicit Memory Management

Claim: Garbage Collectors need 6x (4x) more memory than “is necessary” in order to be efficient enough for real-time UX-type applications.  See the chart where the relative memory footprint approaches 1x; consider that 1.5x to 2x is “acceptable performance degadation.”

How Much Memory is Available on iOS?

  • iOSMemoryBudgetTest by Jan Ilavsky
  • Observed limits in the field, on his gear
    • iPhone 4S
      • warn => 40MB (around)
      • killed => 213MB (around)
    • iPad 3
      • warned => 400MB (around)
      • killed => 550MB (around)
  • Walk the scenarios against the limits
  • Multiple copies of the same photo in memory
    Citing also the slide from Session 242, iOS App Performance – Memory, 2012
    <quote>

    1. The camera screen that shows you what the camera sees,
    2. the photo that the camera actually took,
    3. the buffer that you’re trying to fill with compressed JPEG data to write to disk,
    4. the version of the photo that you’re preparing for display in the next screen
    5. the version of the photo that you’re uploading to some server,
    6. the buffer that is going to hold a smaller photo suitable for display in the next screen,
    7. the buffer that resizes the photo in the background because it is too slow to do it in the foreground.</quote>
  • Multiple copies of the same video frame in memory
    Citing also Technical Q&A QA1708 Improving Image Drawing Performance on iOS

    • Q: What can I do to improve my image drawing performance (CGContextDrawImage, UIImage/-drawInRect:, etc)?
    • “Every UIView is backed with a CALayer and images as layer contents remain in memory as long as the CALayer stays in the hierarchy.”
  • Compare the iPad 3 display with a pure display
    (though these are larger, brighter, faster, etc.)

Packaging of ARM Technology

Addressing the need/ability to add more memory to ARM PoP in order to make garbage collection performant; i.e. can one get 6x more memory on some future hypothetical ARM PoP in order to make GC be performant enough to use?

In archaeological order

On JavaScript and Garbage Collection

Mentions

  • Benchmarks
  • Hardware
    • Intel x86
    • ARM
  • Native (C, Objective-C, C++)
    • GCC
    • LLVM
    • ICC (Intel-closed-secret-proprietary)
  • Java
    • There is only One. True. Compiler. here, right?
  • JavaScript
    • V8 of Google
    • Nitro JS
    • Nitro/SFX
    • TraceMonkey/IonMonkey
    • Chakra,
    • ASM.js
  • Lua
    • A simpler language with a simpler interpreter, via Brendan Eich
  • Period Pieces
    • Internet Explorer 8 (veeerrrryyyy sllllooowwwww)
    • Firefox 3.0.3, when Firefox becomes “fast”
      • Firefox 19 (Firefox 22), current
    • Chome 8, when Chrome became “fast”
      • Chrome 26, current

Who

Referenced

LLVM CLANG

Apple Developer Documentation

Incidentally

  • Andreas Gal’s dissertation

Generic

Quotes

Pithy, trenchant, money (quote), etc.
Unless otherwise stated, from: Why mobile web apps are slow; In His Blog; 2013-07-09.

  • <quote>The thing is, JITing JavaScript was a 60-year old idea with 60 years of research, and literally thousands of implementations for every conceivable programming language demonstrating that it was a good idea.  But now that we’ve done it, we’ve run out of 60-year-old ideas.  That’s all, folks.  Show’s over.  Maybe we can grow another good idea in the next 60 years.</quote>

Ahem …

JavaScript-the-good-parts

  • <quote>The ground truth is that in a memory constrained environment garbage collection performance degrades exponentially.  If you write Python or Ruby or JS that runs on desktop computers, it’s possible that your entire experience is in the right hand of the chart, and you can go your whole life without ever experiencing a slow garbage collector.  Spend some time on the left side of the chart and see what the rest of us deal with.</quote>
  • <quote>With garbage collection, the winning move is not to play.  A weaker form of this “the winning move is not to play” philosophy is embedded in the official Android documentation:

    Object creation is never free. A generational garbage collector with per-thread allocation pools for temporary objects can make allocation cheaper, but allocating memory is always more expensive than not allocating memory. As you allocate more objects in your app, you will force a periodic garbage collection, creating little “hiccups” in the user experience. The concurrent garbage collector introduced in Android 2.3 helps, but unnecessary work should always be avoided. Thus, you should avoid creating object instances you don’t need to… Generally speaking, avoid creating short-term temporary objects if you can. Fewer objects created mean less-frequent garbage collection, which has a direct impact on user experience.

    </quote>

  • <quote>I can give you three frames of reference that are both useful and approximately correct.
    • If you are a web developer, think about the iPhone 4S Nitro as IE8, as it benchmarks in the same class.  That gets you in the correct frame of mind to write code for it.  JS should be used very sparingly, or you will face numerous platform-specific hacks to make it perform.  Some apps will just not be cost-effective to write for it, even though it’s a popular browser.
    • If you are an x86 C/C++ developer, think about the iPhone 4S web development as a C environment that runs at 1/50th the speed of its desktop counterpart.  Per the benchmarks, you incur a 10x performance penalty for being ARM, and another 5x performance penalty for being JavaScript. Now weigh the pros and cons of working in a non-JavaScript environment that is merely 10x slower than the desktop.
    • If you are a Java, Ruby, Python, C# developer, think about iPhone 4S web development in the following way.  It’s a computer that runs 10x slower than you expect (since ARM) and performance degrades exponentially if your memory usage goes above 35MB at any point, because that is how garbage collectors behave on the platform.  Also, you get killed if at any point you allocate 213MB.  And nobody will give you any information about this at runtime “by design”.  Oh, and people keep asking you to write high-memory photo-processing and video applications in this environment.

    </quote>

  • <quote>The desktop market is shrinking year-on-year.    Computers are going to be what the hardcore professionals use–Photoshop  and Visual Studio will always stick around–but mere mortals who spend all day in Excel or Outlook or Powerpoint are going to migrate to ARM tablets.  (Maybe even ARM notebooks.)  Some of us like desktop computers for ideological reasons, or like x86 on the technical merits, or whatever.  But the truth on the ground is that ARM is rising and x86 is falling, like it or not.  Even if we throw out all the smartphones and tablets, you have reasonable research firms projecting things like a 60-40 ARM-Intel netbook split for 2013. And once you throw the tablets and smartphones back in, well, let’s just say that more ARM chips were fabbed last yearthan all the x86 chips ever made.  The sky is falling.  The building is on fire.Whenever you make a platform decision, you’re making a bet.  If you’re writing a web app, you’re essentially betting either 1) that ARM doesn’t matter, 2) that ARM customers will just suck it up and use your slow product,  3) that the web browser guys will wave a wand and make it faster, or 4) that the WiFi guys will fix the speed of light so that everybody has a zero-latency always-on connection to an x86 chip.  Unless you’re writing Photoshop, or writing an app with two buttons, I think you’re nuts.</quote>
    From: Mobile web apps are slow; In His Blog; 2013-05-06.

Irrelevant

Humorous, ironic or off-the-cuff

Via: backfill