Re: [SLUG] X authorization
jam wrote: This POS is not in operation I'd come at this another way, and use a login theme or screensaver to display the not in use text. Mainly because if the terminal is saying it is not in use then it shouldn't be usable. Whereas if you just paste up a some text using X then the keyboard will still work, which might be confusing when someone cleans the keyboard. Anyway, your problem is almost certainly that X isn't running TCP. That's controlled by the GDM settings. Don't forget to modify the firewall too. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Performance Tuning
Kyle wrote: Ok, a couple of responses thus far. Some further info. The software I can tune myself. I was more looking for Linux specific tuning. * Yes, I was/am concerned about I/O. * But also ensuring the OS itself (system processes) is not hindering anything otherwise. * The RAID is the storage medium. (Hardware RAID) * Incremental change analysis is done client side. * Dual P4's / 1GB RAM * Filesys is ext3 mounted with 'defaults' You've chosen *the* application which most stresses the operating system :-) Cut the problem into three - tune the disk - tune the network - tune the backup software. Disk: - you are writing large files. - RAID5 is not your friend, why not RAID10 since disk is so cheap? - some filesystems do big files better than others (xfs ext3) - you need all spindles running under the same load, so layout your disks that that in mind. You'll probably need four spindles running to ensure that the average write speed exceeds the maximum read speed of the clients. Test this -- the client should not stall. - you are not reading - caching gains you little, so adjust the weighting so caches are cleared down more agressively - discard metadata uselessness (such as atime). - kill all low value disk-using processes (such as Beagle, slocate and other such rubbish, typically run from cron). - The stripe sizes used to build the RAID should be unusually large and should mesh well with the filesystem's extents. Network: - set autotuning for the bandwidth-display product. A reasonable reference is: http://www.gdt.id.au/~gdt/presentations/2008-01-29-linuxconfau-tcptune/ - use jumbo frames (9000B packet 8KB disk block, so very efficient) - avoid firewalls and other bogusness - check every counter on every host/switch/router for errors. You need zero errors. Note the contention between network and disk I/O buffers. These both need low memory. A 32b OS only has 512MB of that, which is a fail for this application (especially since Linux locks hard on kernel memory fragmentation). You need a 64b install. Do the math (which depends on the number of clients), but I think you'll find that 1GB of RAM won't be sufficient and you'll run out of cache before you run out of filesystem bandwidth. Backup software: - chain backups, so only one/two client is running at a time. - avoid rate limiting, it's more efficient for one or two clients racing to the finish rather than have 30 clients all talking slowly. - set any block sizes way big. - work out how the indexing works. Move that off the main backup spindles, so that index updates don't move the disk heads on the backup spindles. Of course, all this needs to be taken with a grain of salt. There's a world of difference between tuning small backup server (where you just want things to complete overnight) and a corporate backup server (where you are more interested in how many clients each machine can back up per night). Finally, what is your offsite strategy? If you're ejecting diskpacks then note that not all chassis are rated to continually do this. Worse still your diskpacks may not fit into a borrowed chassis. Better to use a third-party container and keep a spare container chassis offsite with the diskpacks. Also some backup software needs a full scan of all diskpacks if it the software is asked to do a disaster recovery and this can take a long time. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Performance Tuning
On Sun, Sep 07, 2008 at 07:06:08PM +0930, Glen Turner wrote: Kyle wrote: Ok, [snip] - use jumbo frames (9000B packet 8KB disk block, so very efficient) I noticed a lot of people have talked about using large 1500 frames, usually 9k. I had been using jumbo frames for +8 months and I had found it beneficial. But since using 2.6.25 (and now 2.6.26), I have been getting a lot of kernel memory allocation errors, I have been told they where order 2 and not to worry about them. Cause of fragmented swap space (and some other description that I can't remember right now, but the jist being not to worry). I had found that the system behaved a bit slowly/differently after these events. usually brought on by high network load, moving around 40-300G of files, either with scp or nfs. Since turning off jumbo frames - moving back to standard mtu I have not had these ooop's. My question to the list is, do the people who use jumbo frames have you been seeing these errors. 2 of the servers were using forcedeth and I rtl8168B (using the realteck driver). At sites where I haven't used large mtu I have seen the problem. My setup for large mtu, is me just changing the mtu for the interface. I am guessing there is a leak somewhere. Another hicup for this site is it is a mixed mtu site (that fun), I have had to hand code all the relevant mtu and place them in the routing table with ip r add for ipv4 and ipv6. alex [snip] -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Free societies are hopeful societies. And free societies will be allies against these hateful few who have no conscience, who kill at the whim of a hat. - George W. Bush 09/17/2004 Washington, DC signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] OT: image file reduction batch tool
On Fri, 29 Aug 2008 at 20:08, Alex Samad [EMAIL PROTECTED] wrote: On Fri, Aug 29, 2008 at 07:08:09PM +1000, Ben Donohue wrote: Hi Slugs, anyone have a favourite tool that they use for reducing image file size? Not necessarily reducing image size on the page but the amount it takes up on storage. I need something that would crawl the network and attack files over a certain size in target directories. Is there such a beast? not sure exactly what you mean, but it sounds like find is your friend find dir -size +100M -exec do something {} \; There are a few tools you can use for that do something. For PNGs, I use optipng to optimise the format, then advpng to enhance the compression. The beauty of this is that it's entirely lossless. I've found optipng to be a little better than pngcrush. You can find advpng on Debian/Ubuntu as is part of the advancecomp package. Advancecomp is quite handy, and can work on a number of different file types besides PNG (including plain old ZIP). Some years ago I hacked together a KDE service menu to automate this: http://kde-look.org/content/show.php/Optimise+Compression?content=17552 Also, it can help a lot to index your PNGs and GIFs before you save them. For JPEGs, you can try jpegoptim. I haven't used it so I can't vouch for it. -- Sadly, a kernel by itself gets you nowhere. To get a working system you need a shell, compilers, a library etc. These are separate parts and may be under a stricter (or even looser) copyright. Most of the tools used with linux are GNU software and are under the GNU copyleft. - Linus Torvalds, 'Notes for linux release 0.01', 1991 signature.asc Description: This is a digitally signed message part. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Performance Tuning
Glen Turner [EMAIL PROTECTED] writes: [...] Note the contention between network and disk I/O buffers. These both need low memory. A 32b OS only has 512MB of that, which is a fail for this application (especially since Linux locks hard on kernel memory fragmentation). You need a 64b install. Sorry to change the topic a little, but can you confirm my understanding here: that 512MB figure comes from what is left of the 896MB of ZONE_NORMAL after kernel memory, pagetables and the like are factored in, right? Regards, Daniel -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] X authorization
On 06/09/2008, at 12:49 PM, jam wrote: On Saturday 06 September 2008 09:44:12 [EMAIL PROTECTED] wrote: I need to understand X authorization so if anybody can explain to a bear of little brain :-) Once-upon-a-time xhost + would allow anybody to write to your display. That is no longer true What makes you think that? There have been some changes to X security over the years, but the fundamental mechanisms are still in place... saturn is a CentOS 5 machine: [eeyore] /home/jam [53]% ssh -X saturn xhost + access control disabled, clients can connect from any host [eeyore] /home/jam [54]% export DISPLAY=saturn:0 xmessage hello world Error: Can't open display: saturn:0 argh. WRONG WRONG WRONG. xhost also uses X protocol to modify the access control, so all your first command did was disable access control in your client's X server (on eeyore?, not on saturn). The reason why xhost + doesn't seem to work on a lot of linux systems is that TCP sessions are disabled by default in most deployments (forcing you to use unix domain sockets), forcing you to use a X11 protocol forwarder (such as ssh) to get to the Xserver. If security is not a concern, start the X server on saturn with -ac so access control is disabled completely in that server rather than trying to xhost it. C. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Performance Tuning
On Sat, Sep 06, 2008 at 09:54:13AM +1000, Kyle wrote: Can somebody recommend a reasonably comprehensive but straightforward performance tuning article/HowTo/PDF/site I could read pls? Specifically, I am looking to perf-tune a dual-CPU RAID5 box used as a backup server. Are you backing up to disk or tape? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: [Python-au] Learn about Python 3K @ SyPy Meetup Thursday 4 September 2008
The tutorial I referenced last night is available here: http://www.interlink.com.au/anthony/tech/talks/OSCON2008/porting3.pdf Also, if you missed the talk last night, the earlier version I presented at LCA is available on google video here: http://video.google.com/videoplay?docid=4264641260805367198hl=en On Fri, Aug 29, 2008 at 1:19 PM, Mark Rees [EMAIL PROTECTED] wrote: Hi everyone, This month we have a talk by Anthony Baxter on Python 3000. Date Time: 6:30PM (for a 7pm start) - 8:30PM Thursday, 4th Sep 2008 Meeting Type: Presentation Venue: Google Australia, Level 18, Tower 1 Darling Park, 201 Sussex St, Sydney This month we have a talk by Anthony Baxter on Python 3000. Anthony Baxter Google/Python Software Foundation Anthony has been involved in the open-source community for more than a decade, largely working in Python and, in the last few years, on Python. He's worked in the Internet area and in the telco space, where he gets to exercise his incredibly short attention span by working on far far too many things at once. He's written or contributed to more open source projects than he can remember – mostly related to networking and protocol implementations. He's currently the release manager for Python. This is much less glamorous than you might think. After a number of years working for a travel-based telephone company, he's recently started working for Google Australia. Anthony's spoken at a number of conferences, including a keynote at linux.conf.au 2008, at each of the 4 OSDC conferences held so far, and presented Effective Python Programming at OSCON 2005. http://en.oreilly.com/oscon2008/public/schedule/speaker/3464 Please RSVP here: http://anyvite.com/events/home/1je4nigw0t/0409-sypy-anthony-baxter-quotpython-3000quot and turn up on or before 6:30 to ensure you get a in. Notes: Congregate in the foyer downstairs near the security desk at or before 6:30 and the Google people will start taking people up in the elevators. After the meeting we will go to Hotel Sweeney, 236 Clarence Street, Sydney, for some beer and thai food (if you are hungry). ___ python-au maillist - [EMAIL PROTECTED] http://starship.python.net/mailman/listinfo/python-au -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] opening a photo in GIMP
I have copied a set of photos from my digital camera for re-processing in GIMP. GIMP says it can't open them. Plug-in could not open image They are all JPG files 0372 x 2305 pixels (2.93 MB) Can any one advise how to resolve this problem (or a better forum)? PS I have no trouble viewing them on screen. However I need to reduce their size for us in ID cards and and posting to the web. -- Chris Allen [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] route traffic through multiple interfaces
On Fri, Sep 5, 2008 at 11:16 AM, Daniel Pittman [EMAIL PROTECTED] wrote: Chris Zhang [EMAIL PROTECTED] writes: Hi Daniel, You were correct in guessing what I was after. I am trying to get VOIP working over 3G. My understanding is that there are at least two places this can be prevented. Firstly, the app(e.g. Truphone) won't let you connect unless you have a working WIFI connection. This is why I was asking for NATting possibility(I didn't describe it properly). - Assign wifi interface with an IP ( 192.168.1.1/24) and forward all traffic to 3G interface with a public IP. Since 'ipfw' won't work the way it does in a normal BSD, the only thing I thought would be changing the routing table, which you pointed out not possible. The other place where VOIP might get blocked is from the ISP, e.g. filtering on 3G network. My thought was to setup a tunnel and encrypt VOIP inside that tunnel. It should in theory bypass ISP restriction shouldn't it? Alternatively, I am not sure if VOIP works over a socks proxy. This requires iPhone being a socks client, which it doesn't support, nor have I found any thrid party apps that can do this. Last resort would prob. be ssh tunnelling. but I doubt this would work since the ports VOIP uses are in 10,000 ~ 20,000 range? apart from port 5062. I have to do some more research on this. Please also see inline reply. Thanks, Chris As Alex asked, your problem description is unclear. Since I have some different questions to what he asked, and you answered, I include them: Suppose I have two NICs on one host, NIC A and NIC B. Is it possible to get all traffic to use A, When you say to use A, what specifically do you mean: * to use the IP address that you assigned to NIC A[1] * to leave the computer and hit the wire out NIC A * something else? and then route them through B, My best guess here is that you expect the packet to: 1. Exit to the wire via NIC A 2. Return to the host via NIC B 3. Exit to the outside world via some unmentioned, third, interface Is that correct? This is the idea, except for the packets won't go out to wire. Traffic = NIC A's IP = NIC B's IP = NIC B's gateway. This is, as you pointed out, NATing, I am convinced it is not possible without iptables or such. and finally to outside? without the aid of iptables or anything similar, e.g. just changing the routing table? Suppose ip forwarding works. Why the restriction? Is this, specifically, because you want to achieve some VoIP and tunnelling related goal with the iPhone, and it only provides a standard routing stack? I ask, because the Linux IP stack is extremely flexible and can do a wide range of things that a more traditional BSD stack, well, can't. Anyway, assuming that my best guess is, in fact, correct -- which I think it probably is from the iPhone bit below -- then, no. What you are asking is impossible without the addition of NAT, packet marking, or some other method to identify the packet beyond what you get in the standard facility. The routing table doesn't include a lot of if for an individual packet, and retains no state -- you can't say if this is the second time I have seen ... Just out of curiosity, does anyone know how iPhone restricts VOIP traffic over 3G technically? It is done for profit, and by the request of customers. (The real customers, the telecoms companies, not you and the other end users who hold the physical device...) Suppose one can make a tunnel, e.g. IPSec, PPTP (which iPhone has native support), to a VPN endpoint, e.g. home computer through 3G. Is it possible to then run a VOIP app inside the tunnel? Not if Apple and their customers have any say in the matter, no. Not reliably, in the long term, because it some something other than what Apple have approved of your doing with their iPhone.[2] Regards, Daniel Footnotes: [1] ...which, under Linux, is actually a property of the computer, not the network card, and is equally valid as an outbound address for any interface, technically speaking. [2] Since you don't actually have any particular control of the device I wouldn't really call you the owner of it. You may have paid for it, but Apple still run the show... -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] route traffic through multiple interfaces
On Fri, Sep 05, 2008 at 02:02:25PM +1000, Chris Zhang wrote: On Fri, Sep 5, 2008 at 11:16 AM, Daniel Pittman [EMAIL PROTECTED] wrote: Chris Zhang [EMAIL PROTECTED] writes: Hi Daniel, You were correct in guessing what I was after. I am trying to get VOIP working over 3G. Silly question but isn't voip data more expensive than normal call costs [snip] -- I am here to make an announcement that this Thursday, ticket counters and airplanes will fly out of Ronald Reagan Airport. - George W. Bush 10/03/2001 Washington, DC signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] X authorization
On Monday 08 September 2008 07:59:29 [EMAIL PROTECTED] wrote: I need to understand X authorization so if anybody can explain to a bear of little brain :-) Once-upon-a-time xhost + would allow anybody to write to your display. That is no longer true What makes you think that? There have been some changes to X security over the years, but the fundamental mechanisms are still in place... saturn is a CentOS 5 machine: [eeyore] /home/jam [53]% ssh -X saturn xhost + access control disabled, clients can connect from any host [eeyore] /home/jam [54]% export DISPLAY=saturn:0 xmessage hello world Error: Can't open display: saturn:0 argh. WRONG WRONG WRONG. xhost also uses X protocol to modify the access control, so all your first command did was disable access control in your client's X server (on eeyore?, not on saturn). Sorry, tried to be too clever and confused things. For this EG I am on eeyore and want to display a message on saturn, so indeed this is correct ssh -X saturn xhost + The reason why xhost + doesn't seem to work on a lot of linux systems is that TCP sessions are disabled by default in most deployments (forcing you to use unix domain sockets), forcing you to use a X11 protocol forwarder (such as ssh) to get to the Xserver. As many have pointed out TCP is the issue. Why is port 6000 closed with no tcp ? (clearly security, is it just to disable the xhost suit of ways) How would you use ssh to run a program on eeyore, from eeyore, but display on saturn? The opposite is trivial ie display HERE a program running THERE. If security is not a concern, start the X server on saturn with -ac so access control is disabled completely in that server rather than trying to xhost it. This thin clients DO (-ac) and it does not work, which is how this thread started :-) (but almost certainly the thin clients do no-tcp) Thanks James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] route traffic through multiple interfaces
On Mon, Sep 8, 2008 at 10:30 AM, Alex Samad [EMAIL PROTECTED] wrote: On Fri, Sep 05, 2008 at 02:02:25PM +1000, Chris Zhang wrote: On Fri, Sep 5, 2008 at 11:16 AM, Daniel Pittman [EMAIL PROTECTED] wrote: Chris Zhang [EMAIL PROTECTED] writes: Hi Daniel, You were correct in guessing what I was after. I am trying to get VOIP working over 3G. Silly question but isn't voip data more expensive than normal call costs That'd depend. Most people will have a couple of hundred MB 3G download allowance thrown in. According to http://www.fring.com/fring_is/why_fring/ , VOIP usage is really not much. [snip] -- I am here to make an announcement that this Thursday, ticket counters and airplanes will fly out of Ronald Reagan Airport. - George W. Bush 10/03/2001 Washington, DC -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjEch0ACgkQkZz88chpJ2MDmwCgoDzi6QBXmFkjI09ly+G3aO1O sVUAoLZXuipHMltBH6aDsqoPbehnahGP =sZcO -END PGP SIGNATURE- -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html