Tiny Leaks
I found a tiny tiny memory leak in the popular instant messaging client "Pidgin" today. I was noticing a bit slower than usual system performance, and i checked my RAM usage. I have 4 gigs, so that's rarely an issue, but it was showing well over 2 gigs in use in normal deskopt usage. Something was up. Something nefarious and evil. I pulled up task manager with my leet tech support shortcut of ctrl-shift-esc, and saw, to my utter amazement, that the otherwise quiet and peaceful Pidgin, was now eating nearly 1.9 GB of memory all on it's own. And i wasn't even using it. It was just.. well, on. And yes, I just noticed there's a new 2.6.2 version out, this was 2.6.1, so i might just be using obsolete shitware.
Tried to open it up, non-responsive. So, i did what any humane computer user would do, and i killed it off. Wham. Memory usage down to 20%.
Because it was so funny, i took a screenshot so i can remember this day far in the future, from my flying car.
Memoryleak in Pidgin 2.6.1
Karmic Koala & ATI Radeon
This post will deal with the Alpha4 release of Ubuntu 9.10 "Karmic Koala", and it's new features, particularly the functionality of ATI Radeon cards.
I did a clean install yesterday, and this is what i'm liking so far:
- Empathy, the new default IM client is awesome. I didn't find plugin support yet, but it's light, and clean. Just the way i like it.
- The boot time is less than 20 seconds on my machine. It's nearly not enough to go do anything else while i'm waiting, which is a great feature for someone that has to deal with windows vista at work every day...
- Firefox 3.5 ubuntu branded by default. Thanks. That package is missing from 9.04 right now, and while you can still install it, it takes some work to go from the Beta name of "Shiretoko" to Firefox, with icons and everything. It works, but it's not perfect.
What i don't like:
- The new default login screen sucks ass.
- While the new 2.6.31 series kernel is a great improvement in many areas, AMD has not yet supported it in it's binary fglrx drivers (which offer 3d acceleration and the works on ATI cards)
So this will be the topic of discussion today. ATI cards have traditionally been much worse than those of Nvidia on any Linux distro. AMD (ex. ATI) offers drivers called fglrx which provide full 3D acceleration in Linux, and when they are working, the cards can offer great performance. However. When they don't work, disaster ensues.
When you install Karmic, you'll get the traditional "Hardware Drivers" dialog, which will say you have a device that requires propietary drivers that weren't installed by default. Yeah no shit they weren't. You select your device, you hit install. It downloads the drivers, installs them, makes modifications to xorg.conf, and asks you to reboot. With Karmic Alpha4, i got no download dialog, even if it seemed to do something. The selection of my card remained inactive and grey, instead of the green "activated" button that appears when drivers have been installed. So i thought that the drivers somehow failed (didn't look at debug or anything). I went about my business, doing an apt-get update && apt-get upgrade, and then rebooting.
To my great dismay, it wouldn't load gdm at all, but instead displayed an esoteric graphical pattern in the top section of my screen. So, switch to a shell, check out /etc/X11/xorg.conf, and sure enough, fglrx was jotted down as the driver. So clearly, this didn't work.
To get past this problem, uninstall and clean the fglrx drivers. They are not supported in the 2.6.31 kernel yet, so we need to wait for AMD's 9.9 series drivers for this. Usually they'll be out in time for the Beta's or at least the release, so i'm not fretting.
Run:
aptitude purge xorg-driver-fglrx && dpkg-reconfigure -phigh xserver-xorg && exit
This removes the driver, deletes anything related to it, and runs a reconfigure on xorg.
You should now have a clean xorg.conf. Install the xorg-driver-radeon if you don't have them (i'm not sure, i think they were installed by default), and then edit xorg.conf and in the device section, set the driver option to "radeon", if it isn't.
You should now be able to boot in to a graphical user interface.
Okay dual screens. To make these work, as a "big desktop", make your xorg.conf look like this. I tried different options, and fiddling around with the "System -> Preferences -> Display" dealio, but that didn't get me anywhere. It'll ask you to "automatically set the virtual resolution to match your screens", but the end result was 2048 x 2048, in xorg.conf, which obviously didn't work.
Here's my xorg.conf:
Section "Screen"
Identifier "Default Screen"
DefaultDepth 24
SubSection "Display"
Virtual 3360 1050
EndSubSection
EndSectionSection "Module"
Load "glx"
EndSectionSection "Device"
Identifier "Default Device"
Driver "radeon"
EndSection
In all it's simplicity, i made the virtual resolution match the maximum resolutions of my screens set next to each other. I have two 22" Samsungs, each with a 1680x1050 resolution. So i added up the width resolution and that was it. I restarted X (why does ctrl-alt-bkspace not work anymore?), and went to Display, and then unchecked "mirror displays", and dragged the screens next to each other. Apply, Ok, restart X. Dual screen.
UPDATE! Video playback works *much* better with the radeon drivers than the fglrx drivers ever did in Jaunty 9.04! I'm playing a FullHD video, in full screen with no tearing (which was evident in 9.04 with fglrx drivers), and no problems. 40 CPU load on one core. 500 megs ram used with a bunch of other stuff on as well.
So conclusions: If you don't need 3d performance (i.e. compiz, gaming whathaveyou), don't install the propietary drivers. Stick with the open-source ones!
Ubuntu 9.04 & CPyrit-Stream now working!
Yay!
I've finally gotten the Pyrit program running and utilizing ATI Stream! I followed these instructions to the letter, though i built RPM from source with the patch for LZMA compressed RPM's, which did the trick (although, i've also read the 1.4.0 beta 2 package of the Ati Stream SDK doens't have this problem, but anyhow). I think i also had to apt-get some libraries that were missing, but they were listed pretty well in the instructions.
As for building pyrit, i used the instructions in the wiki, that can be found here. I ran in to an error while building the pyrit source, but that was fixed by doing an edit in a file according to these instructions. Fixes for other common errors are in the installation wiki.
So for the order: Install Atistream and Atical according to the instructions in the KB. Apt-get any packages you are missing. Build and install Pyrit, then CPyrit-Stream.
Run the command pyrit list_cores, which should show something like the screenshot below, and then run pyrit benchmark to see what kind of numbers you're getting on your hardware. I am amazed. Compare the over 8000 PMKs/s (pairwise master keys), with the ~700 of one Phenom II X4 940 cores. Look at those results (yes yes, synthetic benchmark..):
List cores and Benchmark on my Radeon 4850 (and Phenom 2 940)
You'll note that it only shows three of the four cores on my Phenom, this is a feature. For every GPU core that it handles, it saves one CPU core for scheduling tasks.
A man can always dream... That there is about 3000 euros worth of hardware (four Nvidia GTX295's, a motherboard to support 4 Pci-e cards, processor, memory.. i guestimated). 80 000 PMKs / s (or half of that, depending on how you read the benchmarks). It seems to see the cards as two cores each.
Edit for 15.8.09 - I'm working on a proper howto for this thing since the internets seem not to have a coherent guide for a current ubuntu version. The 8.04 guide is great, don't get me wrong, but i think it could be more complete. I've also e-mailed AMD to ask about providing .deb packages on my / their site, and or publishing the new howto.
Scratches, VirtualBox and Karmic Koalas
I noticed my damn screen got scratched during Assembly, at some point. I have a five or six thin scratches right in the middle part of the top of my screen. Not deep scratches or anything, just small things that reflect in a rainbow color. Fuck! If anyone has any good tricks, i'm all ears. I've used displex to take care of similar scratches from my mobile phone screens, but they are very different, in that they have a hard plastic shell, as opposed to a soft one. I'm not sure what it'll do. Toothpaste also works.
Karmic Koala, the next release of Ubuntu, also known as 9.10, is reaching alpha 4 tomorrow on the 14th. I'm following the new release closely, as i think it looks great, what with new versions of Gnome, the kernel and for instance, new Intel graphics drivers in place of the broken borked onces that crippled Jaunty completely (doesn't work to any satisfactory degree on my thinkpad x41). One of the things the development gurus have been paying attention to is the boot-time. We're getting very close to a sub-20-second boot (The goal for Jaunty i think was 25 seconds). This is a big topic nowadays, what with MontaVista's embedded linux that claims to boot in one second in to some kind of environment. Not to mention all the laptop vendors who offer their small OS on a chip that boots as fast as a BIOS setup screen. Basically, there are times when i just need a browser to check some timetables, or some other little thing, and booting up a whole system is kind of moot. At that point you really wish you'd have a browser, maybe an IM or something ready in a few seconds without having to load all sorts of esoterics.
For my testing, i use VirtualBox from Sun Microsystems, which is in the Ubuntu repo's. It's a nice little program for running your own virtual servers. It has support for amd virtualization technology, and with it, it really doesn't place too much load on my Phenom2. I can give it a few hundred megs of ram, a dynamic disk drive, network access and whatever i want.
The only thing it doesn't do (3.0 version claims to improve this), is gaming, since the OS only sees emulated hardware (as with most virtualization techniques), so it can't access all the fancy hijinks of the GPU that sits on the host machine. There are ways to emulate stuff, but it's previously been really slow. I haven't honestly read too much in to what they've been cooking for the 3.0 release, but i'm gonna try it out when i have the time.
Right now, i'm just you know.. learning, watching and testing.
Edit: I was looking through the A3 release (while waiting for A4, actually did a dist-upgrade, which took it to kernel 2.6.31-5, but how do i see which alpha i'm on?), i noticed that Pidgin (the IM client), has been replaced by Empathy. Empathy is an IM client that uses the Telepathy framework for communication. We also have the Firefox 3.5 package *with* ubuntu branding (no more Shiretoko on there...).
64-bit Ubuntu & Citrix XenApps
Hey!
This was a thing i was debating with a colleague for a long time. There is no official x64 client from Citrix for their XenApps dealio. But! There is a way to install it successfully!
I used Madox.net for a part of this, but the rest was googled by myself. I thought i'd compile the instructions here to avoid problems. So, follow the instructions of Madox.net. As for the certificate issue mentioned, you can search my blog for Thawte, or download any necessary certs and place them in your citrix installation folder /keystore/cacerts.
There are a few remaining problems, namely some 32-bit libs that can't be found when starting wfcmgr or wfica. To solve these, i found an awesome tool called getlibs. Getlibs gets 32 bit libs as they are needed. You can point it to the wfcmgr program (if you used the default, that's /usr/lib/ICAClient/wfcmgr), and it'll sniff out the needed libs, download, install and symlink as needed! It fucking worked! Thanks to cappy, if that's who made the tool. There are tons of other nifty options for that tool, you could look here for some of those.
Fedora 11 woes & ATI troubles
What the hell is up with Fedora 11? Honestly.
I download the x64 image, put it on a usb stick with unetbootin, and boot up. Create partitions, and when i create the swap partition, the installer crashes. Wonderful. Retry. Same problem. Assign an existing partition as swap? No problems.. except later, when it crashes at the package selection.
Burn image on CD, same-ish results. Whatever the fuck ever.
About ATI, ubuntu seemed to work fine with it, straight out of the box, where as debian, for instance, had to ofcourse download the propietary drivers.
The regular driver worked fine, but only in mirrored mode. Any and all attempts to put on xinerama failed.
Installed the fglrx driver from ATI, went ... fairly well, what with a few hickups. Xinerama=on -> No more graphical mode. I forgot how wonderful ATI cards were in linux 
Ubuntu 9.04 x64 & Pyrit with ATI Stream
Okay, so since i just got the new graphics card (an ASUS EAH4850), i wanted to try out some of the GPU computing possibilities of the card. The Pyrit project exists to take advantage of multiple GPU computing platforms, such as Nvidia CUDA, and ATI Stream, so i decided to give that a whirl.
I downloaded the Pyrit and the Ati Stream packages from the Pyrit site. I found out i also need the ATI Stream SDK, which can be obtained from the AMD site. The thing to be noted here is that there is currently only support for RPM based systems, such as Fedora, CentOS etc. So of course, i thought, "Alien!", the package converter. I apt-get'ed Alien and RPM, and got working on the thing.
You download the package, which is a .tar.gzip file. Unpack the file to get to the .run file. The run file can be exectured simply with ./filename.run. This should result in the script from the .run file being executed. It'll fail shortly after the EULA, or it did on my x64 system.
I opened up the run file, and commented out the part where it deletes the temporary folder where it extracts the actual RPM file (and before that, tries to run rpm on the file, which fails).
#!/bin/bash
echo "ATI Brook+ SDK Installer"TMP="atibrook"
HERE=`pwd`
DST=/usr/local
FOPEN="more"
RPM="alien"#Extract archive into /tmp/atibrook
echo -n "Extracting archive..."
dd if=$0 of=/tmp/${TMP}.tar.gz bs=1 skip=16384 >& /dev/null
echo "DONE"
mkdir /tmp/atibrook
cd /tmp/atibrook
echo -n "Uncompressing package..."
tar -xzf ../${TMP}.tar.gz
echo "DONE"#Accept EULA
${FOPEN} EndUserLicense.txt
echo -n "Do you accept this license agreement? [y/n]: "
read agree
if test A"$agree" = Ay -o A"$agree" = AY; then
echo "You accepted the license, continuing installation."
else
echo "You declined the license, aborting..."
rm -rf /tmp/atibrook
rm /tmp/${TMP}.tar.gz
exit
fi#Install via rpm
echo ""
echo -n "Select a path for installation [default]: "
read USERPATHif test "$USERPATH" != ""; then
echo "Using '$USERPATH' for directory prefix."
echo ""
echo "Installing package via RPM..."
$RPM --prefix=$USERPATH /tmp/atibrook/*.rpm
else
echo "Using default directory /usr/local/atibrook"
echo ""
echo "Installing package via RPM..."
$RPM /tmp/atibrook/*.rpm
fi#### THIS PART I COMMENTED OUT SO IT LEAVES THE RPM INTACT ####
#Cleanup
#echo ""
#echo "Removing Temporary Files..."
#rm -rf /tmp/atibrook
#rm /tmp/${TMP}.tar.gz
echo "Exiting installation..."
exit
So the result is that in /tmp/atibrook you now have the rpm file.
Running Alien against it results in an error about rpm.pm on line 155. Something relating to perl, the complete error is:
Installing package via RPM...
Unpacking of '/tmp/atibrook/atistream-brook-1.4.0_beta-1.x86_64.rpm' failed at /usr/share/perl5/Alien/Package/Rpm.pm line 155.
Exiting installation...
Now, i have no fucking idea how to fix it. Looking at line 155, it relates to the cpio command not working properly, but how and why and what the fuck? I'm not a developer. I'll need to show this to someone, like B, maybe he can figure it out.
I also tried instructions i found on the AMD Developer Forum (requires registration). These detail the use of rpm2cpio, instead of alien, but that doesn't work either. The RPM seems malformed somehow. Perhaps as a result of it being made with a specific tool (the name of which escapes me), which creates files that are unreadable by rpm2cpio.
Blargh. I'm gonna run a Fedora 11 live CD soon, and see that it actually works. Get some numbers off this thing. It's supposed to do 7800 PKM's, which is a lot faster than for instance an Intel I7 920. Sweetness.
The politics of DDOS-attacks
Twitter has today been the target of a rather crippling DDOS, which has left the site down for several hours, according to Pingdom and Netcraft.
I haven't seen any word as to the attacker, and that got me to wonder:
Is there politics involved in DDOSes? Twitter knows exactly who's been hitting their sites, they see the source ip:s. Sure, they might've gone through a bunch of zombies here and there, or a botnet or something, but i'm pretty sure they have an idea of what is going on. Can they tell us who it was?
Let's play with the idea that it was Iran, even governmental forces in Iran who wanted to show Twitter who is the king of the hill? Twitter was and has been instrumental in the dissemination of information from the botched elections in Iran not long ago. Twitter has been blocked in Iran by the government, but there are also other groups working to provide twitter to Iranians, through proxies and anonymizers. I'm not gonna get in to this issue now; the blocking of people from sites so they can't talk freely, that's an issue for a different post.
Instead i'm wondering whether Twitter can actually disclose the attackers, should they know them? Or does foreign policy or something else dictate how it's done? I mean, twitter delayed their service break at the request of the government, so that reporting from Iran could keep on going.
Who knows, but i'd be willing to bet at least someone is thinking about this issue. Can you publicly blame someone, if you are absolutely sure it was them? Or does it fall under the umbrella of politics?
Samsung SyncMaster 226BW shenanigans
I recently got a second Samsung 226BW from a friend, and i wanted to find out whether it had the S or the A panel.
Background
So what's this hokum-pokum about different panels? Well if you ask Samsung, nothing. Nowhere do they state who their panel manufacturer is. So why would people get angry about two different panels then? Well, because there are differences. The inferior A panel, is called AU M220EW01. While it does conform to the promise of 3000:1 dynamic contrast (in reality a bit under 1000:1 actual contrast), response time (while the A panel is supposed to be 5 ms, it does conform to the 2ms promise made by Samsung). The main difference comes with the colors. The A panel is clearly blue-heavy, i.e. the picture is leaning towards the blue. Also, the colorspace isn't as wide as with the proper S panel. The S panel has a truer color space than the A. This means that if you're working with graphics or something that requires true color output, you need to make sure you get an S panel Samsung.
I'm not too well versed in the technical details, and i'd rather not repeat what someone else said, and sound smarter than i am, i'll link to the most comprehensive comparison i could find on these two variants. Here's the link to BeHardware who did an absolutely amazing job on this thing.
The Service Menu
Until hackers found the service menu, Samsung had absolutely nothing to comment on this issue. People were claiming that reviewers were sent pre-calibrated S-panel screens, while some consumers were stuck with the far inferior A panels.
After this, Samsung i guess just said, nowhere do they promise specifics about the panel, except for certain specs. But for people looking for the reviewed goodness of the calibrated S panel, the A panel might be quite the disappointment.
You can access the Service Menu on your Samsung 226BW in the following manner:
- Set Contrast and Brightness to 0 using the regular menu.
- Close the menu after this, then open it again.
- Press and hold the source button (second from the right).
- Tadah. You now have a service menu on the screen.
- Close the screen using the power button, then power it on again to kill the service menu.
The service menu shows you all kinds of details, such as a lifetimer (how many hours the panel has been on), and how many times the device has been power-cycled. The item we are interested in is the panel manufacturer.
Identifying the S and A
There are two ways to find out which panel your screen has.
- Look at the back side of your screen. You'll see the sticker with the serial number and other stuff on it. Look for an S or an A behind the model name.
- If this doesn't work for some reason, look up the service menu and look at the panel manufacturer:
- A panel will have AU M220EW01
- S panel will have AMLCD 220M1
I'm stuck with an A panel, what can i do?
Well, if you look through the BeHardware article, they've made a spiffy color profile, and detailed some of the settings you can do to remediate the issue. I'll sum them up:
- Select the internet profile using the down arrow key while not in the menu.
- Set contrast and brightness to comfortable levels
- Download the color profile and install it according to instructions in the article, page 2.
They even list manual settings if you don't wanna calibrate using a color profile, or you are not using Windows. This is on page 3 of the article.
I actually did all these, and the picture improved noticeably, though i can't say anything for actual measurements, as i don't have the spiffy hardware that the guys at BeHardware had. But i'm pleased, not as much as with the S panel, but happy none the less.
Sources: 1) BeHarware - Samsung 226BW A and S series: The Verdict
Medeco – Hiding the truth since 1968
Ok, let's get the facts straight here. Medeco, a "high-security" lock manufacturer founded in 1968 tries to hide the fact that their "high-security" locks are not foolproof. Wikipedia has a page on Medeco, and when someone tries to add a section on the weaknesses found in their "high-security" locks, it gets removed. Also it appears the history page is wiped clean, as well as the discussion, since i can't find any of the edits (makes it harder to restore!), or any whine or gripe on the subject. There was one comment, but my feeling is that there have been much more.
Medeco locks are used in various high-security places, such as government organisations etc. The only problem is, the locks have a weakness which makes them not at all secure, since the security can be bypassed without breaking anything.
The method is known as bumping, and was invented sometime in the 1970's in Denmark. When you bump a lock, you use a specially crafted key that is inserted in to the lock, then "bumped" inwards, causing the driver pins to jump up past the shear-line, so you can turn the cylinder freely. The lock is not harmed, nor will any discernible marks be left on the lock.
Most (but probably not all) Medeco locks are susceptible to this technique, and are therefore, not high-security locks, and i recommend nobody do any business with them, until they correct and/or admit that they've been hiding the truth. I know it's hard guys... you've got a product that you know is flawed, and you've sold millions of them to like.. the government, and you don't want to get reamed. I get that. I don't enjoy getting reamed. But you gotta fess up when we are talking about a product that is supposed to provide security. People stake life and limb on these things.
If you want a lock that is bump-proof, and also, comes from my country of Finland, get an Abloy Disc Tumbler lock, which are very common here. They are not bumpable, and take a considerable amount of time and expertise to pick, requiring special tools and skill. Unlike medeco locks which take a filed piece of metal, and in some cases a screwdriver. Whoo!
Some sources here:
Wiki - Disc Tumbler Locks
Wiki - Lock Bumping
Wiki - Medeco
Medeco Bumping at Defcon In this link, an 11 year old bumps a Medeco M3 High-security lock. On this page from 2006, they say their locks are virtually bump-proof. Virtually.
Hell, they even host courses on what lock bumping and the risk it presents..
A word on legality: The posession of lockpicks or other tools that can be used to gain unlawful access, with criminal intent, to the property owned by someone other than you is a crime punishable by a fine in Finland.
I am not a lawyer, so don't listen to me, but that would mean that you could have these tools for your personal practice. Lockpicking is a hobby in many countries (haven't heard much of it in Finland), and why couldn't it be? Picking a lock could be a useful skill in an emergency, when someone is locked inside a dangerous area, or if you are there yourself. Or just as a general hobby. I mean shooting can also be a hobby...
Here is the law:
28 luku, 12 a § (24.5.2002/400)
Murtovälineen hallussapito
Joka ilman hyväksyttävää syytä pitää hallussaan sellaista avainta toisen lukkoon taikka tiirikkaa tai muuta välinettä, jota voidaan perustellusti epäillä pääasiassa käytettävän tunkeutumiseen toisen hallinnassa olevaan suljettuun tilaan rikoksen tekemistä varten, on tuomittava murtovälineen hallussapidosta sakkoon.
This means, if you for instance, carry some tools that can be used to pick locks, in a public area, without a reasonable reason, you can be fined. This means, if you are not coming or going to a lock-picking event/hobby club etc.
A good site on this whole hobby, is can be found here, at the "Haittalevy" blog.