tag:blogger.com,1999:blog-206635242024-03-07T11:58:27.290+02:00Funkyware: ITCeteraFree Software entrepreneurship: Debian, Ubuntu and beyond.Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.comBlogger184125tag:blogger.com,1999:blog-20663524.post-22234065117206031502023-11-16T10:31:00.003+02:002023-11-16T11:38:58.897+02:00dhcpcd almost ready to replace ISC dhclient in Debian<p>A lot of time has passed since my previous post on my work to make <b>dhcpcd</b> the drop-in replacement for the deprecated ISC dhclient a.k.a. <b>isc-dhcp-client</b>. Current status:</p>
<ul>
<li>Upstream now regularly produces releases and with a smaller delta than before. This makes it easier to track possible breakage.</li>
<li>Debian packaging has essentially remained unchanged. A few Recommends were shuffled, but that's about it.</li>
<li>The only remaining bug is fixing the build for <b>Hurd</b>. Patches are welcome. Once that is fixed, bumping <b>dhcpcd-base</b>'s priority to important is all that's left.</li>
</ul>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com2tag:blogger.com,1999:blog-20663524.post-55834263563976931382022-07-17T22:10:00.000+03:002022-07-17T22:10:14.091+03:00Trying to chainload iPXE on old Etherboot hardware<p>Among my collection of PC hardware, I have a few rarities whose netboot implementation predates PXE. Since I recently managed to configure <b>dnsmasq</b> as a potent TFTP and PXE server, I figured that I'd try chainloading <b>iPXE</b> via BOOTP options. This required preparing a boot image using antiquated tools:</p>
<code>$ sudo mkelf-linux --param=autoboot --output=/srv/tftp/ipxe.nbi /srv/tftp/ipxe.lkrn</code>
<p>The host succesufully loads the boot image, except that the iPXE blob fails to find the network card:</p>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAmZ-7zHHydvSJ_lOz9CaKNz0zonuRNVIFL-TZzq-jcHHuheMDxP9lCp55UPDaywehR-OsWN6wWuiHqtbXKOT1VI5VQO72Y3s06Gh-gR_g9ldvHhjHubFY4-8y_0UaVavASympve6aA9fOKoWEDHUIQJphdXwKkLqzV-KkTjSiNWHmVHcaPQ/s4160/IMG_20220717_210749.jpg" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="500" data-original-height="3120" data-original-width="4160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAmZ-7zHHydvSJ_lOz9CaKNz0zonuRNVIFL-TZzq-jcHHuheMDxP9lCp55UPDaywehR-OsWN6wWuiHqtbXKOT1VI5VQO72Y3s06Gh-gR_g9ldvHhjHubFY4-8y_0UaVavASympve6aA9fOKoWEDHUIQJphdXwKkLqzV-KkTjSiNWHmVHcaPQ/s400/IMG_20220717_210749.jpg"/></a></div>
<p>Any ideas?</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-70332742266232692072022-07-03T11:52:00.001+03:002022-07-03T11:57:48.633+03:00Refactoring Debian's dhcpcd packaging<p>Given news that ISC's DHCP suite is getting deprecated by upstream and seeing how <b>dhclient</b> has never worked properly for DHCPv6, I decided to look into alternatives. ISC itself recommends Roy Maple's <b>dhcpcd</b> as a migration path. Sadly, Debian's package had been left unattended for a good 2 years. After refactoring the packaging, updating to the latest upstream and performing one NMU, I decided to adopt the package.</p>
<p>Numerous issues were exposed in the process:</p>
<ul>
<li>Upstream's <b>./configure</b> makes BSD assumptions. No harm done, but still...</li>
<li>Upstream's <b>./configure</b> is broken. <code>--prefix</code> does not propagate to all components. For instance, I had to manually specify the full path for manual pages. Patches are welcome.</li>
<li>Debian had implemented custom exit hooks for all its <b>NTP</b> packages. Since then, upstream has implemented this in a much more concise way. All that's missing upstream is support for <b>timesyncd</b>. Patches are welcome.</li>
<li>I'm still undecided on whether <code>--prefix</code> should assume <code>/</code> or <code>/usr</code> for networking binaries on a Debian system. Feedback is welcome.</li>
<li>The previous maintainer had implemented plenty of transitional measures in <b>maintainer scripts</b> such as symbolically linking <code>/sbin/dhcpcd</code> and <code>/usr/sbin/dhcpcd</code>. Most of this can probably be removed, but I haven't gotten around verifying this. Feedback and patches are welcome.</li>
<li>The previous maintainer had created an <b>init.d</b> script and <b>systemd</b> unit. Both of these interfere with launching <b>dhcpcd</b> using <b>ifupdown</b> via <code>/etc/network/interfaces</code> which I really need for configuring a router for IPv4 MASQ and IPv6 bridge. I solved this by putting them in a separate package and shipping the rest via a new binary target called <b>dhcpcd-base</b> along a logic similar to <b>dnsmasq</b>.
<li>DHCPv6 Prefix Delegation mysteriously reports <code>enp4s0: no global addresses for default route</code> after a reboot. Yet if I manually restart the interface, none of this appears. Help debuging this is welcome.</li>
<li>Support for Predictable Interface Names was missing because Debian's package didn't Build-Depends on <code>libudev-dev</code>. Fixed.</li>
<li>Support for priviledge separation was missing because Debian's package did not <b>./configure</b> this or create a system user for this. Fixed.</li>
<li>I am pondering moving the Debian package out of the <b>dhcpcd5</b> namespace back into the <b>dhcpcd</b> namespace. The 5 was the result of an upstream fork that happened a long time ago and the original dhcpcd package no longer is in the Debian archive. Feedback is welcome on whether this would be desirable.</li>
</ul>
<p>The key advantage of <b>dhcpcd</b> over <b>dhclient</b> is that works as a dual-stack DHCP client by design. With privilege separation enabled, this means separate child processes handling IPv4 and IPv6 configuration and passing the received information to the parent process to configure networking and update <code>/etc/resolv.conf</code> with nameservers for both stacks. Additionally, <code>/etc/network/interfaces</code> no longer needs separate <b>inet</b> and <b>inet6</b> lines for each DHCP interface, which makes for much cleaner configuration files.</p>
<p>A secondary advantage is that the dual-stack includes built-in fallback to <b>Bonjour</b> for IPv4 and <b>SLAAC</b> for IPv6. Basically, unless the interface needs a static IP address, this client handles network configuration in a smart and transparent way.</p>
<p>A third advantage is built-in support for DHCPv6 Prefix Delegation. Enabling this requires just two lines in the configuration file.</p>
<p>In the long run, I feel that <b>dhcpcd-base</b> should probably replace <b>isc-dhcp-client</b> as the default DHCP client with priority Important. Adequate IPv6 support should come out of the box on a standard Debian installation, yet <b>dhclient</b> never got around implementing that properly.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com2tag:blogger.com,1999:blog-20663524.post-78495287790955188202021-09-07T14:08:00.001+03:002021-09-07T14:21:21.327+03:00sudo apt-get update && sudo apt-get dist-upgrade<p>Debian 11 (codename <b>Bullseye</b>) was recently released. This was the smoothest upgrade I've experienced in some 20 years as a Debian user. In my haste, I completely forgot to first upgrade <b>dpkg</b> and <b>apt</b>, doing a straight <b>dist-upgrade</b>. Nonetheless, everything worked out of the box. No unresolved dependency cycles. Via my last-mile Gigabit connection, it took about 5 minutes to upgrade and reboot. Congratulations to everyone who made this possible!</p>
<p>Since the upgrade, only a handful of bugs were found. I filed bug reports. Over these past few days, maintainers have started responding. In once particular case, my report exposed a CVE caused by copy-pasted code between two similar packages. The source package fixed their code to something more secure a few years ago, while the destination package missed it. The situation has been brought to Debian's security team's attention and should be fixed over the next few days.</p>
<h4>Afterthoughts</h4>
<p>Having recently experienced hard-disk problems on my main desktop, upgrading to Bullseye made me revisit a few issues. One of these was the possibility of transiting to BTRFS. Last time I investigated the possibility was back when <b>Ubuntu</b> briefly switched their default filesystem to BRTFS. Back then, my feeling was that BRTFS wasn't ready for mainstream. For instance, the utility to convert an EXT2/3/4 partition to BTRFS corrupted the end of the partition. No thanks. However, in recent years, many large-scale online services have migrated to BRTFS and seem to be extremely happy with the result. Additionally, <b>Linux</b> kernel 5 added useful features such as background defragmentation. This got me pondering whether now would be a good time to migrate to BRTFS. Sadly it seems that the stock kernel shipping with Bullseye doesn't have any of these advanced features enabled in its configuration. Oh well.</p>
<h4>Geode</h4>
<p>The only point that has become problematic is my Geode hosts. For one things, upstream <b>Rust</b> maintainers have decided to ignore the fact that i686 is a specification and arbitrarily added compiler flags for more recent x86-32 CPUs to their i686 target. While Debian Rust maintainers have purposely downgraded the target, <b>RustC</b> still produces binaries that the Geode LX (essentially an i686 without PAE) cannot process. This affects fairly basic packages such as <b>librsvg</b>, which breaks SVG image support for a number of dependencies. Additionally, there's been persistent problems with <b>systemd</b> crashing on my Geode hosts whenever <b>daemon-reload</b> is issued. Then, a few days ago, problems started occurring with C++ binaries, because GCC-11 upstream enabled flags for more recent CPUs in their default i686 target. While I realize that SSE and similar recent CPU features produce better binaries, I cannot help but feel that treating CPU targets as anything else than a specification is a mistake. i686 is a specification. It is not a generic equivalent to x86-32.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com1tag:blogger.com,1999:blog-20663524.post-37899260836573488902021-05-19T15:04:00.002+03:002021-05-19T15:51:13.503+03:00WebRTC fails tests on Firefox 78.10.0esr (64-bit)<p>Having to participate in many online events since the COVID crisis started, I've come to notice that few of the online clients work properly on the current <b>Firefox ESR</b> found in <b>Debian</b>. A quick visit at <a href="https://test.webrtc.org/">WebRTC Test</a> confirmed that none of the tests in the <b>Network</b> and <b>Connectivity</b> section pass. Meanwhile, a Windows 10 laptop running Edge via the same network works just fine, so I have to assume that either a Firefox or Debian packaging issue is to blame, but I wouldn't know where to start. Any help? Thanks!<p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com2tag:blogger.com,1999:blog-20663524.post-38943483029925236802021-02-28T09:40:00.002+02:002021-02-28T16:46:07.033+02:00Shipping Debian with GNOME X.XX.0 is an extremely bad idea<p>Since the freeze has slowly crept in, now is the time to revisit my pet peeve with <b>Debian</b>'s release process: to publish a new Debian release as soon as <b>GNOME</b> published a new X.XX.0 version. This is an extremely bad idea: X.XX.0 releases tend to lack polish, their translations are not up-to-date and several silly bugs that hamper the user experience (what the <b>Ubuntu</b> guys call "paper cuts") exist. Those issues tend to be fixed later when GNOME X.XX.1, X.XX.2, etc. bugfix releases are published. However, Debian has a policy of <i>not</i> pushing non-security releases onto a stable distribution. In this particular case, there are only two valid alternatives: either release Bullseye with GNOME 3.38.X or change the Debian policy to allow pushing 3.40.X bugfix releases via <b>bullseye-updates</b>.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com2tag:blogger.com,1999:blog-20663524.post-21384535763746454992021-02-15T20:10:00.004+02:002021-02-17T20:09:51.222+02:00OpenWRT: WRT54GL: Backfire: IPv6 issues<p>While having a <b>Debian</b> boxen as a router feels nice, I kept on longing for something smaller and quieter. I then remembered that I still had my old <b>WRT54GL</b> somewhere. After upgrading the <b>OpenWRT</b> firmware to the latest supported version for that hardware (Backfire 10.03.1, r29592), I installed <b>radvd</b> and <b>wide-dhcpv6-client</b>. Configuring radvd to deliver consistent results was easy enough.</p><p>The issue I keep on experiencing is the external interface (wan) dropping the IPv6 address it received from the ISP via router advertisement, which in turn kills the default IPv6 route to the outside world. Logging in via SSH and manually running "rdisc6 eth0.1" restores the IPv6 gateway. I just honestly wished I didn't have to do this every time I need to reboot the router.</p><p>Does this issue sound familiar to anyone? What was the solution?</p><p>PS: No, I won't just go and ditch this WRT54GL just because new toys exist on the market. This is obviously a software issue, so I need a software solution.</p><p>PPS: IPv6 pretty much works out of the box on the Debian boxen I had been using as my router. I previously <a href="https://q-funk.blogspot.com/2020/11/adding-ipv6-support-to-my-home-lan.html">wrote</a> about this on my blog. Basically, it's unlikely to be an ISP issue.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com1tag:blogger.com,1999:blog-20663524.post-33037240736108012092021-01-02T12:41:00.005+02:002021-01-25T16:33:15.693+02:00Help needed: clean up and submit KMS driver for Geode LX to LKML<p>Ever since X.org switched to rootless operation, the days of the Geode X.org driver have been numbered. The old codebase dates back from Geode's early days at Cyrix, was then updated by NSC to add support for their new GX2 architecture, from which AMD dropped GX1 support and added support for their new LX architecture. To put it mildly, that codebase is a serious mess.</p> <p>However, at least the LX code comes with plenty of niceties, such as being able to detect when it runs on an OLPC XO-1 and to probe DCC pins to determine the optimal display resolution on other hardware. This still doesn't make the codebase cruft-free.</p>
<p>Anyhow, most Linux distributions have dropped support for anything older than i686 with PAE, which essentially means that the GX2 code is just for show. Debian is one of very few distributions whose x86-32 port still ships with i686 without PAE. In fact, the lowest common denominator kernel on i386 is configured for Geode (LX).</p>
<p>A while back, someone had started working on a KMS driver for the Geode LX. Through word of mouth, I got my hands on a copy of their Git tree. The driver worked reasonably well, but the codebase needs some polishing before it could be included in the Linux kernel tree.</p>
<p>Hence this call for help:</p>
<p>Is there anyone with good experience of the LKML coding standards who would be willing to clean up the driver's code and submit the patch to the LKML?</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com3tag:blogger.com,1999:blog-20663524.post-43094443756860782032020-11-03T20:15:00.004+02:002020-11-03T21:21:42.267+02:00Adding IPv6 support to my home LAN<p>A couple of year ago, I moved into a new flat that comes with RJ45 sockets wired for 10 Gigabit (but currently offering 1 Gigabit) Ethernet.</p><p>This also meant changing the settings on my router box for my new ISP.</p><p>I took this opportunity to review my router's other settings too. I'll be blogging about these over the next few posts.</p>
<h4>Adding IPv6 support to my home LAN</h4>
<p>I have been following the evolution of IPv6 ever since the KAME project produced the first IPv6 implementation. I have also been keeping track of the IPv4 address depletion.</p>
<p>Around the time the <b>IPv6 Day</b> was organized in 2011, I started investigating the situation of IPv6 support at local ISPs.</p>
<p>Well, never mind all those rumors about Finland being some high-tech mecca. Back then, no ISP went beyond testing their routers for IPv6 compatibility and producing white papers on what their limited test deployments accomplished.</p>
<p>Not that it matters much, in practice. Most IPv6 documentation out there, including <a href="https://wiki.debian.org/DebianIPv6">Debian's own</a>, still focuses on configuring transitional mechanisms, especially how to connect to a public IPv6 tunnel broker.</p>
<p>Relocating to a new flat and rethinking my home network to match gave me an opportunity to revisit the topic. Much to my delight, my current ISP offers native IPv6.</p>
<p>This prompted me to go back and read up on IPv6 one more time. One important detail:</p>
<p><b>IPv6 hosts are globally reachable.</b></p>
<p>The implications of this don't immediately spring to mind for someone used to IPv4 network address translation (NAT):</p>
<p><b>Any network service running on an IPv6 host can be reached by anyone anywhere.</b>
<p>Contrary to IPv4, there is no division between private and public IP addresses. Whereas a device behind an IPv4 NAT essentially is shielded from the outside world, IPv6 breaks this assumption in more than one way. Not only is the host reachable from anywhere, its default IPv6 address is a mathematical conversion (EUI-64) of the network interface's MAC address, which makes every connection forensically traceable to a unique device.</p>
<p>Basically, if you hadn't given much thought to firewalls until now, IPv6 should give you enough goose bumps to get around it. Tightening the configuration of every network service is also an absolute must. For instance, I configured <b>sshd</b> to only listen to private IPv4 addresses.</p>
<p>What <code>/etc/network/interfaces</code> might look like on an dual-stack (IPv4 + IPv6) host:</p>
<pre>
allow-hotplug enp9s0
iface enp9s0 inet dhcp
iface enp9s0 inet6 auto
privext 2
dhcp 1
</pre>
<p>The <code>auto</code> method means that IPv6 will be auto-configured using SLAAC; <code>privext 2</code> enables IPv6 privacy options and specifies that we prefer connecting via the randomly-generated IPv6 address, rather than the EUI-64 calculated MAC specific address; <code>dhcp 1</code> enables passive DHCPv6 to fetch additional routing information.</p>
<p>The above works for most desktop and laptop configurations.</p>
<p>Where things got more complicated is on the router. I decided early on to keep NAT to provide an IPv4 route to the outside world. Now how exactly is IPv6 routing done? Every node along the line must have its own IPv6 address... including the router's LAN interface. This is accomplished using the sample script found in Debian's <a href="https://wiki.debian.org/IPv6PrefixDelegation">IPv6 prefix delegation</a> wiki page. I modified mine as follows (the rest of the script is omitted for clarity):</p>
<pre>
#Both LAN interfaces on my private network are bridged via br0
IA_PD_IFACE="br0"
IA_PD_SERVICES="dnsmasq"
IA_PD_IPV6CALC="/usr/bin/ipv6calc"
</pre>
<p>Just put the script at the suggested location. We'll need to request a prefix on the router's outside interface to utilize it. This gives us the following <code>interfaces</code> file:</p>
<pre>
allow-hotplug enp2s4 enp2s8 enp2s9
auto br0
iface enp2s4 inet dhcp
iface enp2s4 inet6 auto
request_prefix 1
privext 2
dhcp 1
iface enp2s8 inet manual
iface enp2s8 inet6 manual
iface enp2s9 inet manual
iface enp2s9 inet6 manual
iface br0 inet static
bridge_ports enp2s8 enp2s9
address 10.10.10.254
iface br0 inet6 manual
bridge_ports enp2s8 enp2s9
# IPv6 from /etc/dhcp/dhclient-exit-hooks.d/prefix_delegation
</pre>
<p>The IPv4 NAT and IPv6 Bridge script on my router looks as follows:</p>
<pre>
#!/bin/sh
PATH="/usr/sbin:/sbin:/usr/bin:/bin"
wan=enp2s4
lan=br0
########################################################################
# IPv4 NAT
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -X; iptables -t nat -X; iptables -t mangle -X
iptables -Z; iptables -t nat -Z; iptables -t mangle -Z
iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
########################################################################
# IPv6 bridge
ip6tables -F; ip6tables -X; ip6tables -Z
# Default policy DROP
ip6tables -P FORWARD DROP
# Allow ICMPv6 forwarding
ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT
# Allow established connections
ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# Accept packets FROM LAN to everywhere
ip6tables -I FORWARD -i $lan -j ACCEPT
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
# IPv6 propagation via /etc/dhcp/dhclient-exit-hooks.d/prefix_delegation
</pre>
<p>The above already provided enough IPv6 connectivity to pass the <a href="https://ipv6-test.com/">IPv6 test</a> on my desktop inside the LAN.</p>
<p>To make things more fun, I enabled DHCPv6 support for my LAN on the router's <b>dnsmasq</b> by adding the last 3 lines to the configuration:</p>
<pre>
dhcp-hostsfile=/etc/dnsmasq-ethersfile
bind-interfaces
interface=br0
except-interface=enp2s4
no-dhcp-interface=enp2s4
dhcp-range=tag:br0,10.10.10.0,static,infinite
dhcp-range=tag:br0,::1,constructor:br0,ra-names,ra-stateless,infinite
enable-ra
dhcp-option=option6:dns-server,[::],[2606:4700:4700::1111],[2001:4860:4860::8888]
</pre>
<p>The 5 first lines (included here for emphasis) are extremely important: they ensure that dnsmasq won't provide any IPv4 or IPv6 service to the outside interface (enp2s4) and that DHCP will only be provided for LAN hosts whose MAC address is known. Line 6 shows how dnsmasq's DHCP service syntax differs between IPv4 and IPv6. The rest of my configuration was omitted on purpose.</p>
<p>Enabling native IPv6 on my LAN has been an interesting experiment. I'm sure that someone could come up with even better <b>ip6tables</b> rules for the router or for my desktop hosts. Feel free to mention them in the blog's comment.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-32178754912000192042020-11-03T17:38:00.005+02:002020-11-04T18:58:16.683+02:00Migrating to Predictable Network Interface Names<p>A couple of years ago, I moved into a new flat that comes with RJ45 sockets wired for 10 Gigabit (but currently offering 1 Gigabit) Ethernet.</p><p>This also meant changing the settings on my router box for my new ISP.</p><p>I took this opportunity to review my router's other settings too. I'll be blogging about these over the next few posts.</p>
<h4>Migrating to Predictable Network Interface Names</h4>
<p>Ever since Linus decided to flip the network interface enumeration order in the Linux kernel, I had been relying on <b>udev</b>'s persistent network interface rules to maintain some semblance of consistency in the NIC naming scheme of my hosts. It has never been a totally satisfactory method, since it required manually editing the file to list the MAC addresses of all Ethernet cards and WiFi dongles likely to appear on that host to consistently use an easy-to-remember name that I could adopt for <strong>ifupdown</strong> configuration files.</p>
<p>Enter predictable interface names. What started as a Linux kernel module project at <b>Dell</b> was eventually re-implemented in <b>systemd</b>. However, clear documentation on the naming scheme had been difficult to find and udev's persistent network interface rules gave me what I needed, so I postponed the transition for years. Relocating to a new flat and rethinking my home network to match gave me an opportunity to revisit the topic.</p>
<p>The naming scheme is surprisingly simple and logical, once </a><a href="https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html">proper explanations</a> have been found. The short version:</p>
<ul>
<li>Ethernet interfaces are called <b>en</b> i.e. Ether Net.</li>
<li>Wireless interfaces are called <b>wl</b> i.e. Wire Less. (yes, the official documentation call this Wireless Local but, in everyday usage, remembering Wire Less is simpler)</li>
</ul>
<p>The rest of the name specifies on which PCI bus and which slot the interface is found. On my old Dell laptop, it looks like this:</p>
<ul>
<li>enp9s0: Ethernet interface at PCI bus 9 slot 0.</li>
<li>wlp12s0: Wireless interface at PCI bus 12 slot 0.</li>
</ul>
<p>An added bonus of the naming scheme is that it makes replacing hardware a breeze, since the naming scheme is bus and slot specific, not MAC address specific. No need to edit any configuration file. I saw this first-hand when I got around upgrading my router's network cards to Gigabit-capable ones to take advantage of my new home's broadband LAN. All it took was to power off the host, swap the Ethernet cards and power on the host. That's it. <b>systemd</b> took care of everything else.</p>
<p>Still, migrating looked like a daunting task. Debian's <a href="https://wiki.debian.org/NetworkInterfaceNames">wiki page</a> gave me some answers, but didn't provide a systematic approach. I came up with the following shell script:</p>
<pre>
#!/bin/sh
lspci | grep -i -e ethernet -e network
sudo dmesg | grep -i renamed
for n in $(ls -X /sys/class/net/ | grep -v lo);
do
echo $n: && udevadm test-builtin net_id /sys/class/net/$n 2>/dev/null | grep NAME;
sudo rgrep $n /etc
sudo find /etc -name '*$n*'
done
</pre>
<p>This combined ideas found on the Debian wiki with a few of my own. Running the script before and after the migration ensured that I hadn't missed any configuration file. Once I was satisfied with that, I commented out the old <b>udev</b> persistent network interface rules, ran <code>dpkg-reconfigure</code> on all my Linux kernel images to purge the rules from the <code>initrd</code> images, and called it a day.</p>
<p>... well, not quite. It turns out that with <b>bridge-utils</b>, <code>bridge_ports all</code> no longer works. One must manually list all interfaces to be bridged. Debian <a href="https://bugs.debian.org/966319">bug report</a> filed.</p>
<p>PS: Luca Capello pointed out that Debian 10/Buster's Release Notes include <a href="https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#migrate-interface-names">migration instructions</a>.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-53937396444884618402020-11-03T16:16:00.001+02:002020-11-03T17:48:51.999+02:00GRUB fine-tuning<p>A couple of years ago, I moved into a new flat that comes with RJ45 sockets wired for 10 Gigabit (but currently offering 1 Gigabit) Ethernet.</p><p>This also meant changing the settings on my router box for my new ISP.</p><p>I took this opportunity to review my router's other settings too. I'll be blogging about these over the next few posts.</p>
<h4>GRUB fine-tuning</h4>
<p>One thing that had been annoying me ever since Debian migrated to <b>systemd</b> as /sbin/init is that boot message verbosity hasn't been the same. Previously, the <b>cmdline</b> option <code>quiet</code> merely suppressed the kernel's output to the bootscreen, but left the daemon startup messages alone. Not anymore. Nowadays, <code>quiet</code> produces a blank screen.</p>
<p>After some googling, I found the solution to that:</p>
<code>GRUB_CMDLINE_LINUX_DEFAULT="noquiet loglevel=5"</code>
<p>The former restores daemon startup messages, while the later makes the kernel output only significant notices or more serious messages. On most of my hosts, it mostly reports inconsistencies in the ACPI configuration of the BIOS.</p>
<p>Another setting I find useful is a reboot delay in case a kernel panic happens:</p>
<code>GRUB_CMDLINE_LINUX="panic=15"</code>
<p>This gives me enough time to snap a picture of the screen output to attach to the bug report that will follow.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-52482944498414941882017-12-29T13:11:00.000+02:002017-12-29T13:11:03.747+02:00Jackpot<div class="separator" style="clear: both; text-align: center;">
<a href="https://d3vsgec5pd3juy.cloudfront.net/wp-content-new/uploads/ap/sites/23/2017/12/jytky-1024x932.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://d3vsgec5pd3juy.cloudfront.net/wp-content-new/uploads/ap/sites/23/2017/12/jytky-1024x932.jpg" /></a></div>
I have no idea whatsover of how I achieved this, but there you go. This citizen's legal draft is moving forward to the Finnish parliament.Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com1tag:blogger.com,1999:blog-20663524.post-8679261487018519542017-12-02T17:03:00.001+02:002017-12-02T17:03:07.575+02:00dbus, rsyslogd, systemd: Which one is the culprit?I have been facing this issue since a few weeks on testing. For many weeks, it prevented upgrading <b>dbus</b> to the latest version that trickled to Testing. Having manually force-installed dbus via the Recovery Mode's shell, I then ran into this issue:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVfzFFc7_tdRhzshr5LGAiUuQTqloytg_MUTw2etlxGpgig2peL20LimdKIl_jCX_9LNORbiJFQKRY7H5wTW8BfQHPb0ufoa0GKFfDxCEbo4oGn24C36MjICDimdjHphbzB0Ov/s1600/IMG_0142.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1200" data-original-width="1600" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVfzFFc7_tdRhzshr5LGAiUuQTqloytg_MUTw2etlxGpgig2peL20LimdKIl_jCX_9LNORbiJFQKRY7H5wTW8BfQHPb0ufoa0GKFfDxCEbo4oGn24C36MjICDimdjHphbzB0Ov/s320/IMG_0142.JPG" width="320" /></a></div>
<br />
This is a nasty one, since it also prevents performing a clean poweroff. That <b>systemd-journald</b> line about getting a timeout while attempting to connect to the Watchdog keeps on showing ad infinitum.<br />
<br />
What am I missing?Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-88688744180813394242017-08-31T13:33:00.001+03:002017-08-31T13:33:29.330+03:00Firefox slow as HEL even after boosting RAM from 4GB to 16GBThe title says it all: Firefox is the only piece of software that shows zero sign of improvement in its performance after quadrupling the amount of RAM installed on my 64-bit desktop computer. All other applications show a significant boost in performance. Yet, among all the applications I use, Firefox is the one that most needed this speed boost. To say that this is a major disapointment is an understatement. FFS, Mozilla devs!Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-72053100873416104022017-01-25T16:05:00.001+02:002017-01-25T16:05:56.212+02:00OpenWRT Backfire on WRT54GL signal strenghtBecause I wanted my home router to use at least decently supported software that provides complete out-of-the-box support for native <b>IPv6</b>, I recently got around upgrading my <b>WRT54GL</b>'s firmware from <b>White Russian</b> to <b>Backfire</b>, which is the most recent <b>OpenWRT</b> release that fits the hardware's limited amount of flash memory.<br />
<br />
One issue remains unanswered:<br />
<br />
In <b>GNOME</b> shell's top panel and <b>WiFi</b> menu, the signal strength remains at 2 out of 4 bars. Given how the router sits only a few meters behind me, I would have expected much better signal strength than that.<br />
<br />
Would anyone happen to know how to improve on these results? Thanks!Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com3tag:blogger.com,1999:blog-20663524.post-73511714612455942582016-08-07T20:18:00.002+03:002016-08-07T20:18:49.380+03:00Debian within a Windows partition?A few years ago, I remember that Ubuntu had a trick that allowed the distribution to be installed as one large file within a Windows partition. Does the same thing exist to install Debian?Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com3tag:blogger.com,1999:blog-20663524.post-28840409842157238542016-06-22T11:12:00.002+03:002016-06-22T11:12:52.999+03:00Batch photo manipulation via free software tools?<p>I have a need for batch-processing pictures. My requirements are fairly simple:</p><ul><li>Resize the image to fit Facebook's preferred 960 pixel box.</li>
<li>Insert Copyright, Byline and Bylinetitle into the EXIF data.</li>
<li>Optionally, paste my watermark onto a predefined corner of the image.</li>
<li>Optionally, adjust the white balance.</li>
<li>Rename the file according to a specific syntax.</li>
<li>Save the result to a predefined folder.</li>
</ul><p>Until recently, I was using Phatch to perform all of this. Unfortunately, it cannot edit the EXIF data of my current Lumix camera, whose JPEG it claims to be MPO. I am thus forced to look for other options. Ideally, I would do this via a script inside gThumb (which is my main photo editing software), but I cannot seem to find adequate documentation on how to achieve this.</p><p>I am thus very interested in hearing about other options to achieve the same result. Ideas, anyone?</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com1tag:blogger.com,1999:blog-20663524.post-78083859043164031482016-02-04T16:27:00.001+02:002016-02-04T16:27:59.141+02:00xf86-video-geode 2.11.18<p>Yesterday, I pushed out version 2.11.18 of the <b>Geode X.Org</b> driver. This is the driver used by the <b>OLPC XO-1</b> and by a plethora of low-power desktops, micro notebooks and thin clients. This release mostly includes maintenance fixes of all sorts. Of noticeable interest is a fix for the long-standing issue that switching between X and a VT would result in a blank screen (this should probably be cherry-picked for distributions running earlier releases of this driver). Many thanks to <strong>Connor Behan</strong> for the fix!</p><br />
<p>Unfortunately, this driver still doesn't work with GNOME. On my testing host, launching GDM produces a blank screen. 'ps' and other tools show that GDM is running but there's no screen content; the screen remains pitch black. This issue doesn't happen with other display managers e.g. LightDM. Bug reports have been filed, additional information was provided, but the issue still hasn't been resolved.</p><br />
<p>Additionally, X server flat out crashes on Geode hosts running Linux kernels 4.2 or newer. 'xkbcomp' repeatedly fails to launch and X exits with a fatal error. Bug reports have been filed, but not reacted to. However, interestingly enough, X launches fine if my testing host is booted with earliers kernels, which <em>might</em> suggest what the actual cause of this particular bug might be:</p><br />
<p>Since kernel 4.2 entered Debian, the base level i386 kernel on Debian is now compiled for i686 (without PAE). Until now, the base level was i586. This essentially makes it pointless to build the Geode driver with GX2 support. It also means that older GX1 hardware won't be able to run Debian either, starting with the next stable release.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-81806040038505157642016-01-31T15:05:00.001+02:002016-01-31T15:05:40.202+02:00Stupid Design: Facebook's Selling Something feature<p>Over these past few months, I've been going through my personal belongings to reduce them to the bare essentials – more-or-less following the rule "If I cannot remember that I had it, I probably don't need it" – with an explicit goal to make it easier for me to relocate in the near future.</p><p>Part of that iterative process has involved selling surplus items via Facebook groups. While I initially rejoiced at the invention of the new Selling Something feature, the more I use it, the more I end up cursing at the lack of thought that went into designing that feature:</p><p>For instance, in the feature's most recent implementation, it has become possible to post the same ad in several groups. Great idea, right? Actually, no. What this option does is post individual copies of that exact same ad in each group. Managed to sell a particular item? You'll have to sort through each and every duplicate post in each group to mark the item as sold. Need to edit the ad to lower the price or add requested information about the item? Same thing: go through each individual copy of the ad in each group. Seriously, Facebook? Who the fuck designed that senseless implementation?!</p><p>Here's a better implementation: centrally manage all items via the user's account preferences, and let the user tick checkboxes besides each item to decide which groups will see that particular item. Ditto whenever editing the ad's content or marking an item as sold; do everything via the user's account preferences. Rather than making the content group-centric, make it user-centric.</p><p>You're welcome.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-5887735250134850202015-10-28T09:34:00.002+02:002015-10-28T09:36:49.394+02:00xf86-video-geode: Last call, dernier sévice<p>I guess that the time has finally come to admit that, as far as upstream development is concerned, the <a href="http://www.x.org/wiki/GeodeDriver">Geode X.Org driver</a> is reaching retirement age:</p><br />
<p>While there have indeed been recent contributions by a number of developers to keep it compilable against recent X releases, the Geode driver has accumulated too much cruft from the Cyrix and NSC days, and it hasn't seen any active contribution from AMD in a long time. Besides, nowadays, Xserver pretty much assumes that its runs on an X driver that leverages its matching kernel driver and thus won't require root priviledges to launch. This isn't the case with the Geode driver, since it directly probes FBDEV and MSR, both of which reside in /dev and require root priviledges to access.</p><br />
<p>On Debian, as a stopgap measure, the package now Recommends a legacy wrapper that enforces operation as root. Meanwhile, other distributions are mercilessly droping all X drivers that don't leverage KMS. Basically, unless a miracle happens really quick, Geode will soon become unusable on X.</p><br />
<p>Back when AMD was still involved, a concensus had been reached that, since the Geode series doesn't offer any sort of advanced graphic capabilities, the most sensible option would indeed be to make a KMS driver and let Xserver use its generic modeline driver on top of that, then drop the Geode X driver entirely. Amazingly enough, someone did start working on a <a href="https://gitorious.org/lx">KMS driver for Geode LX</a>, but it never made it as far as the Linux kernel tree (additionally, Gitorious seems to be down, but I have a copy of the driver's Git tree on hand, if anyone is interested). While I'll still be accepting and merging patches to the Geode X driver, our best long-term option would be to finalize the KMS driver and have it merged into Linux ASAP.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-91363646373630161452015-05-20T12:46:00.000+03:002015-05-20T12:46:36.018+03:00xf86-video-geode 2.11.17<p>This morning, I pushed out version 2.11.17 of the <b>Geode X.Org</b> driver. This is the driver used by the <b>OLPC XO-1</b> and by a plethora of low-power desktops, micro notebooks and thin clients. This is a minor release. It merges conditional support for the OpenBSD MSR device (Marc Ballmer, Matthieu Herrb), fixes a condition that prevents compiling on some embedded platforms (Brian A. Lloyd) and upgrades the code for X server 1.17 compatibility (Maarten Lankhorst).</p><br />
<p>Pending issues:</p><ul><li>toggle COM2 into DDC probing mode during driver initialization</li>
<li>reset the DAC chip when exiting X and returning to vcons</li>
<li>fix a rendering corner case with Libre Office</li>
</ul>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-10468372326222499482015-03-23T16:19:00.000+02:002015-03-23T21:27:57.884+02:00This and That<p>I haven't blogged anything in months and figured that now might be a good time to get around that. Here it goes:</p><br />
<h4>Free Software</h4><br />
<p>While I occasionally upgrade the packaging of the software I maintain at Debian to keep up with best practices, my activity downsizing goes on. Simply put: I never had any ambition to become a Debian Developer. My involvement has always remained pragmatic and mostly from the perspective of packaging software that I found useful. Even then, my motivation for doing that keeps on dwindling into nothingness, because key pieces of software keep on breaking, whenever someone upstream decides to reinvent the wheel.</p><br />
<p>For instance, GNOME no longer works at all on Geode chipsets and it barely works on Nouveau chipsets. This happened as soon as GNOME 3.14 was uploaded into unstable, right before the freeze started. Then again, I wouldn't jump to a conclusion that GNOME itself might be at fault, since Plymouth also stopped working on the same two video platforms at the same time. For all we know, this could be caused by some changes in the X.Org server code. Bugs were filed, additional information was provided, but no fix has taken place.</p><br />
<p>Given how Geode and Nouveau represent 80% of my hardware investment (my Intel laptop being the sole exception), it essentially means that the upcoming Debian "stable" is useless for me. Now try and remain motivated, even just as a mere Free Software end-user. At this point, I'm done.</p><br />
<h4>Politics</h4><br />
<p>Finland is holding national elections this April. I still have no idea who I'll vote for this time. The guy I voted for last time has become a career politician with an inflated ego and zero connection to the average Finn's aspirations and worries. Meanwhile, two friends are standing as candidates: one who is a razor-sharp fact finder and who is a proven pragmatic decision-maker, but whose values are slightly off with mine, and one whose actions come straight from the heart but whose concept of today's Finnish reality leaves a lot to be desired.</p><br />
<h4>National Defence</h4><br />
<p>There's been a lot of recent articles about how former hardware and locations of the Finnish defence forces and border guards have been sold, often for peanuts, to Russian interests. In some cases, we're only talking about buildings formerly used for on-site staff accommodations. In other cases, former patrol boats and navy harbours changed hands. Now, to top it all, it appears that our north-western neighbour, Norway, has sold a former submarine base to German investors who, in turn, leased it to – you guessed it – Russian interests.</p><br />
<p>Looking at Russian actions in Ukraine, I cannot help but feel great concern that strategic locations are falling into potentially dangerous hands. Just seeing the picture of a former navy harbour with a handful of patrol boats on standby, right on the Finnish coastline, half-way between Helsinki and Turku, was a sobering experience. While the whole idea of shooting at people – even invading armies – gives me the creeps, at this point, I cannot help but start pondering whether defending this country might in fact be an occupation worth training for.</p><br />
<h4>Employment</h4><br />
<p>It has now been 6 years since I held my last dayjob. Since then, the only thing I've found is an unpaid training in the national bureaucracy. I've also freelanced as an actor and model, but that barely brought me pocket change, if even that. Seeing my face on posters advertising a movie I participated in last year was indeed nice, getting some media attention in connection to that too, but it hasn't lead to additional gigs. As far as I can tell, this was just my Warholian 15 minutes of fame.</p><br />
<p>However, there's a larger issue at stake. Newspapers recently published an employment statistics map for Nordic countries and the truth couldn't be more bleak: while Norway and Sweden's employment figures are nearly spotless for almost every province, those of Finland are – save for a couple of mildly successful provinces – outright catastrophic. Given this and despite feeling relatively happy living in Finland and having developed a will to defend this country from an eventual Russian assault, I've come to the conclusion that I would be better off going West, with a strong preference for Norway.</p><br />
<p>Now, the main question is, doing what? 6 years later, I have strong doubts that I would be remotely considered for any high-tech job. Besides, come to think of it, I wouldn't want any new office job. Off the top of my head, my idea of a cool job that would allow me to stay physically fit would be working as a tourist guide in Lapland. However, if Norway is anything like Finland, someone probably needs a dozen of permits of all sorts (first aid certification, C or even D class driving license, college degree in tourism, etc.) that I cannot afford. What then?</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-66353180809299404902014-12-02T02:09:00.001+02:002014-12-02T02:15:00.473+02:00GNOME is destroying the whole GTK universe<p>When GNOME 3.14 components were uploaded into Debian (just a few days before the Jessie freeze started), GNOME stopped working on two video platforms: Geode (xf86-video-geode) and NVIDIA (xf86-video-nouveau). On Geode, GDM launches into a black screen. On NVIDIA, GDM launches as expected, but then the GNOME session itself barfs with the dreaded "Oh No! Something went wrong. [Logout]" dialog during session initialization. Basically, components in GNOME have become too tightly dependent upon some video driver features. Thinking out loud, I figured that reverting to a desktop environment that is based upon GTK+3, without GNOME's bells and whistles, would at least restore operation on my NVDIA hosts. Alas, it does not: Cinnamon, too, barfs during session initialization. Great. Now what?</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com15tag:blogger.com,1999:blog-20663524.post-11199457864148900482014-11-09T01:07:00.000+02:002014-11-09T01:07:21.043+02:00On the Joey debacle<p>Looking back, I cannot think of a single moment when Joey wouldn't have shown the utmost patience and courtesy towards anyone involved in Debian, even towards mere users filing sometimes senseless bug reports against his packages. From this perspective, I cannot help but venture that whatever chain of events lead to Joey's decisions essentially means one thing: Debian must have seriously gotten off-course for someone who has been involved for so long to call it quits. As for the current situation at hands, while I admittedly haven't followed too closely who or what caused Joey's decision, I nonetheless cannot help but feel that whoever pushed Joey's buttons so hard as to make him decide to leave Debian ought to be the one(s) kicked out of Debian instead.</p>Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com0tag:blogger.com,1999:blog-20663524.post-57881668423554343122014-11-07T18:52:00.000+02:002014-11-07T19:48:00.180+02:00HEL has just frozen over. Wait. No. Debian did.Noticing that Debian just entered its freeze, I went ahead and changed the APT sources on a spare host that is currently running stable. Then, it was time for this command to be executed:<br />
<br />
<pre>sudo apt-get update && \
sudo apt-get install apt dpkg locales && \
sudo apt-get --purge dist-upgrade && \
sudo apt-get --fix-policy install && \
sudo apt-get --purge autoremove $(deborphan --guess-all)
</pre><br />
I guess I'll be busy filing bug reports for the next few hours. Wish me (and each faulty package's maintainer) luck!<br />
<br />
PS: Apparently, so many aspects of Debian have become dependent upon GPG features that merely upgrading APT, DPKG and libc6+locales is no longer enough. One must also upgrade gnupg and gnupg2. Thus, the second element of the above recipe has become: <br />
<br />
<tt>sudo apt-get install apt dpkg gnupg gnupg2 locales && \</tt><br />
<br />
Hopefully, APT's <tt>dist-upgrade</tt> command already knows that these must be upgraded first...<br />
<br />
PPS: Hosts running Network-Manager cannot be upgraded remotely, because Network-Manager insists upon killing the network connection and the SSH daemon with it, when its turn comes to get upgraded.Martin-Érichttp://www.blogger.com/profile/00394315280689943764noreply@blogger.com4