Category Archives: Indulgence

Italy’s Army Wants to Grow More Powerful Pot for it Citizens

Italy can’t keep up with its citizen’s demand for marijuana. Perhaps getting high is the one way Italians can cope with all the immigrants? Actually, it’s for “medical marijuana”. And the army has a monopoly on growing it. Also, the EU won’t let citizens grow their own pot. Maybe they’re afraid the Italians will take long afternoon naps? ?

Interestingly, Italy started buying pot from Holland for its citizens, and then everyone realized how much better Dutch pot was than Italy’s army pot. So now they Italian army is upping their game and growing a new strain that promises to be “3 times as powerful”.

There’s talk they may start buying from Canada. Now that would be an improvement. But, nothing as good as Washington State pot. Let me know when you want to talk, Mr. Italy uniform big-boys. We’ll make you an offer… ?

Source: PBS News Hour Report: Italy’s only medical marijuana producer can’t keep up with demand

AMD Ryzen 1800x Performance and Experience

A couple days ago I purchased an AMD Ryzen 1800x CPU as part of a new system build. Having more that 4 physical cores is very important to me since I do a lot simultaneously, including virtualization. That’s why I stuck with my last AMD 8350 for so long. It’s been a great workhorse and still performs very well, especially on heavy loads.

I’ve heard mixed results from people about DDR4 memory speeds usable by the Ryzen CPUs – that they are very picky about memory and can never reach 3200 MHz. I had no trouble reaching 3200 MHz, and with a CAS Level 14 as well! I chose the G.Skill Flare series memory which purports to be Ryzen AM4 oriented, and which was in my motherboard’s tested models as well.

The motherboard I chose was, at first, the Asrock x370 Taichi. I wanted a motherboard with a good reputation, good features and a good price. I also wanted it to support ECC memory, as the Asrock boards do. Although I wasn’t buying ECC memory now, I tend to turn these AMD multicore systems into servers down the road, and having the capability in place makes me sleep better. 😉

The trouble is, I could never find the Asrock x370 Taichi in stock – it was always sold out. So I decided to buy the Asrock board which is the top-of-the-line x370 board instead, the Asrock Fatal1ty X370 Professional Gaming. It was a little more expensive, but it tended to be in stock, and it had a couple added features I liked: dual UEFI capabilities and it also had an extra 5gig network interface.

I had such good luck with my old Asrock board on the AMD 8350 system that this new Ryzen is replacing that I was confident going with Asrock again. I think these guys are my top favorite brand now after trying them in several different machines and form factors. The Asrock Fatal1ty x370 motherboard was a real pleasure to see and hold. You can tell some serious, solid work went into making these things. I have little doubt that the quality here is what made memory overclock so easily, too. And the CPU. Flawless and solid. I bet the Taichi x370 model would be the same.

The first thing I did after assembling the system was to enter the UEFI and use Asrock’s built-in network UEFI update utility to get the latest BIOS version. I love that you don’t even need to install an OS or mess with USB keys to update Asrock UEFIs. After doing this and rebooting into the latest UEFI, I just selected the memory profile for 3200 speed, and that’s it! Nothing else. Not one bit of hassle. I really have to hand it to G.Skill too for those nice modules. And they are fast with CL 14.

Asrock x370 Fatal1ty UEFI Screen

After this, I just bumped up the CPU base clock frequency from 3.6 to 4.0 GHz. Didn’t even change the default voltages. Touched nothing else. And there it was – perfectly stable. I’m very, very pleased with this CPU and motherboard. 🙂 I have never had a little bit of overclocking go so easily.

And power use? It’s just sipping power right now as I type this, with very little else going on. The CPU, a Radeon Fury video card, an LG Ultrawide monitor, a Corsair H110i water cooler/pump with its 2 fans and 4 additional fans in the case — all of that is drawing 105 Watts, 113 Watts and 121 Watts — it keeps alternating between those 3 values.

Ambient temperature in the room right now is 23C — the CPU is 32C. When I ran the CPU benchmarks shown below, the highest temperature the CPU reached was 42C very briefly. I’d say I probably have a lot of overclocking room if I want to.

I have to say, my experience with the the AMD Ryzen 8100x has been a real joy, especially when paired with this Asrock board. I can certainly feel a zippyness in normal use over the 8350, especially in such silly things as scrolling a web browser on a page full ads 😉 Not even one little stutter with this machine.

I haven’t installed Linux on it just yet – that will happen after I’m done typing this. But Windows 10 works wonderfully. And I really like this Ultra M.2 SSD. I went with the Corsair Force MP500. My Linux system will be on a normal Crucial MX200 SSD I’ll be installing.

So, the performance of using this thing — very fast and responsive. And you can load it up too, and not even notice. I’ve tried the gaming and recording at the same time – couldn’t even tell the difference.

For benchmarks I like to use actual CPU benchmarks and not just how many FPS a game might have. I used the AIDA64 suite here, which is a really thorough set of testing and system cataloging software. I’m going to have to buy a copy I think — I like the whole inventory aspect they have too for your systems.

Anyway, this Ryzen 8100x system performs absolutely, completely stellar on the benchmarks. It’s right up their with incredibly expensive 16 and more systems on most, and always right up toward the top. Of particular note, and importance to me, is its performance on AES encryption — nothing can touch it. This will be wonderful for full disk encryption on the Linux side. 🙂

I’ll include screen shots of all the benchmarks – I ran every one in the suite, just once, except for 1 I ran 3 times because I accidentally kicked off Thunderbird. Hopefully this might help someone who’s thinking about getting one. I honestly couldn’t be happier, particularly considering what I’m getting for the money! And I’m happy to have some solid new AMD tech. This system really feels well engineered.

FPU Julia
FPU VP8
AES
CPU PhotoWorxx
CPU Queen
CPU ZLib
FP32 Ray Trace
FP64 Ray Trace
Hash
FPU SinJulia
Mandel
Memory Read
Memory Write
Memory Copy
Memory Latency

A Satellite Dream

I had a dream that a guy was having surgery to place all kinds of electronic equipment inside his body, all over, including antennas, so that he could be a satellite.

The doctors were happy to do it, because it was something new. They wrinkled up all the skin around his shoulders and chest with a long, thick wire. He was wincing a little.

He said the only drawback so far is that it gave him scoliosis in a few places in his spine, and he felt heaver and it was hard to move because the metal inside always seemed to move separately from his flesh.

EFF’s Web Browser Tracking Tester – My Results

The Electronic Frontier Foundation (EFF) announced an update to Panopticlick 2.0 — a web-based utility that analyzes your web browser’s current capabilities, settings and behavior as it is visible to outside people, to help you understand how your privacy is maintained.

It’s an interesting question, the issue of privacy, when considering the accessibility and use of so many “free” services. The fact is, our privacy is the currency we often trade in money’s stead.

This growing realization is prompting many people to find ways to start protecting their privacy. This is a challenge, despite whatever means they discover, particularly considering the largest marketing company around, Google, also provides people with the most widely-used web browser, Chrome.

Running Panopticlick 2.0 from the Chrome web browser yielded the following result for me:

Chrome Web Tracking

It’s pretty much exactly what you’d expect. I don’t, however, use Google’s Chrome browser, except when I have no choice, which Google makes sure is often enough. For example, you can’t edit your photos stored on Google unless you use Chrome. You can’t use hangouts unless you use Chrome. Or use Google Voice. And if you’re using Linux, in order to use Chrome, you must give Google root access to your computer by installing Chrome as a system repository.

So I use Firefox for nearly everything that isn’t a Google service, as a sort of compromise. I actually find Firefox is a much better experience for me, too, regardless of ethical considerations. I also use the EFF’s Privacy Badger plugin, which helps thwart tracking. The result of the same test run above with Firefox, using Privacy Badger is the following:

Web Tracking with Privacy Badger

I honestly don’t mind ads on sites, as long as they are not obtrusive or intrusive — or malicious. And Google provides some of the least obtrusive ads out there. However, they also provide some of the most intrusive, in that they know the most about you.

I use Google’s Ads on my site here. Despite getting around 100 or so visits per day, I haven’t made any money from them yet. Not one cent. Yet I’m giving Google the information that you’ve come here to read this. Unless, of course, you’re using something like Privacy Badger to block the ads, like I am. 😉 I don’t know how much you could really block using an add-on, if you’re using Google’s Chrome browser though.

As an interesting aside, I ran this test on Microsoft’s Edge web browser. It surprised me! They actually have some partial protection for people going on. Well done Microsoft!

Web Tracking Microsoft Edge

The funny thing is, if you click on “Install Privacy Badger” in Microsoft Edge, you get taken to the Google Chrome store to install a Chrome plugin. The EFF really needs to fix that.

 

Fix Slow Network (NAT) after Debian Wheezy Kernel Update 3.2.0-4

NOTE: This issue was fixed with 3.2.60-1+deb7u3 update that came out in Debian’s security update stream.

Router with FirewallI noticed a few weeks ago that after a Debian kernel update on my Debian-based router, network performance degraded terribly. Linux clients behind this Debian firewall did not seem to be effected nearly as much as the Windows clients — Windows machines could not upload at all to the Internet once this Debian update was in place on the router.

At first I thought it was Comcast, before I realized that it was mostly the Windows machines that had slow network performance. Sometimes download performance was effected as well – some sites just stalling, and Pandora was practically unlistenable.

After searching around a bit, I found an old bug where the network address translation Linux kernel code had been patched for handling the defragmentation of packets that exceeded MTU values, if I’m remembering right. Apparently this “fix” caused a number of problems with the 3.2.0-4 Debian GNU/Linux kernel when it was implemented along with some security updates.

I started playing around with it on my own, and managed to find a Debian bug where a couple patches were available that patched it back. This is very, very good, because the network connection was pretty much unusable if you were using IP Masquerading or NAT as a firewall/router.

The bug is documented on the Debian bugsite, along with the kernel patches. But if you’d like a step-by-step, this is what I did to fix the problem on 2 different routers so far:

Prepare

You’ll need some disk space — probably around 10G free. Always back up — if following these steps results in an unbootable machine for you, don’t blame me. It very well could. Particularly if you don’t pay attention, or know things that I can’t even imagine you don’t know. Which is hard. You’ve been warned. It’s a kernel recompile! I’d say wait for Debian to release it in the channel, but it’s been weeks, and I’m sure some of you have been suffering as much as me.

Install Debian Packages

This is a kernel compile – we’ll be keeping all of Debian’s customizations, along with their current kernel, just with our 2 little extra patches applied. As such, you’ll need some source to compile, and the Debian scripts that automate the Debian Way. It’s a boatload of packages…

# apt-get install devscripts
# apt-get build-dep linux

I know, sweetie.

To The Kernel Source and Patch

I like to do my dirty work in /usr/src – and when doing it, I like to be root, not any of that sudo or fakeroot stuff. So if you’re playing it safe and wise, you’ll need to fakeroot these compiles. I leave it to you. But if you’re willing to be root, here’s the easy:

# cd /usr/src
# mkdir linux-deb
# cd linux-deb
# apt-get source linux

NOTE! You might want to specify “linux=3.2.60-1+deb7u1” instead of just the plain “linux” there. That way you’re sure to get the right version – the version with the problem, that matches with this fix.

As for the patches, I’ll link to the ones provided in the bug report that you can get with wget — I’ve also included them as full text below if you’d rather, in case the cut & paste for these long URI’s don’t work right for you.

If you can these two long lines pasted, you’ll get two files outputted to your working directory that are those patches. Saw this from Teodor Milkov in the bug – thanks Teo!

# wget
--no-check-certificate
"https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=50;filename=revert-net-ip-ipv6-handle-gso-skbs-in-forwarding-pat.patch;att=1;bug=754294"
-O revert-net-ip-ipv6-handle-gso-skbs-in-forwarding-pat.patch


# wget
--no-check-certificate
"https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=50;filename=revert-net-ipv4-ip_forward-fix-inverted-local_df-tes.patch;att=2;bug=754294"
-O revert-net-ipv4-ip_forward-fix-inverted-local_df-tes.patch

Compile Kernel with the Patches

Now you’ll just cd down into the top of your Debian kernel build tree, and apply these patches and compile. This command line is for the amd64 architecture. You maybe have a different one.. ?

And replace that -j 8 with the number of CPU cores you have (or less)

# cd linux-3.2.60
# debian/bin/test-patches -f amd64 -j 8 ../revert-net-ipv4-ip_forward-fix-inverted-local_df-tes.patch ../revert-net-ip-ipv6-handle-gso-skbs-in-forwarding-pat.patch

Now go make some dinner. Do some yoga! Dig in the earth, or paint a room. That will take some time. The first error up top at the very beginning is normal.

Install the new Debian Kernel Package

Now you should have a nice new linux-image-3.2.0-4 deb package file, along with another with debug headers, and just your regular headers. 😉 This new Debian package, version-wise, is the same as the one in the main stream, only with a ~test — so I believe we should get newer-versioned kernels automatically when they come out.

Install this deb with the normal

dpkg -i linux-image-3.2.0-4-amd64_3.2.60-1+deb7u1a~test_amd64.deb

It’ll do all your modules and initrd stuff for you, and call your grub menu rebuilder doohicky.

One of my routers failed the install, complaining that it couldn’t make a symlink to the initrd file from / to /boot — that’s because there was no initrd. I solved it by removing my current kernel-image package (ignore the scary warnings if you’re foolhearty) and then running the dpkg -i again on it, where the initrd was made just fine. The other router had no problem with it. Go figure.

Hope this helps some of you if you’re having those terrible network performance problems after that last Debian kernel update. I wish they could get these fixed sooner.

Anyway, here are those patches if you need to cut and paste your own, instead of wgetting from those obnoxiously long URI’s. Just put them in any named file, and then be sure to call them by those names from the test-patches step.

diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 7593f3a..e0d9f02 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -42,12 +42,12 @@
 static bool ip_may_fragment(const struct sk_buff *skb)
 {
     return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) ||
-        skb->local_df;
+           !skb->local_df;
 }
 
 static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
 {
-    if (skb->len <= mtu)
+    if (skb->len <= mtu || skb->local_df)
         return false;
 
     if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -2588,22 +2588,5 @@ static inline bool skb_is_recycleable(co
 
     return true;
 }
-
-/**
- * skb_gso_network_seglen - Return length of individual segments of a gso packet
- *
- * @skb: GSO skb
- *
- * skb_gso_network_seglen is used to determine the real size of the
- * individual segments, including Layer3 (IP, IPv6) and L4 headers (TCP/UDP).
- *
- * The MAC/L2 header is not accounted for.
- */
-static inline unsigned int skb_gso_network_seglen(const struct sk_buff *skb)
-{
-    unsigned int hdr_len = skb_transport_header(skb) -
-                   skb_network_header(skb);
-    return hdr_len + skb_gso_transport_seglen(skb);
-}
 #endif    /* __KERNEL__ */
 #endif    /* _LINUX_SKBUFF_H */
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -39,68 +39,6 @@
 #include <net/route.h>
 #include <net/xfrm.h>
 
-static bool ip_may_fragment(const struct sk_buff *skb)
-{
-    return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) ||
-           !skb->local_df;
-}
-
-static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
-{
-    if (skb->len <= mtu || skb->local_df)
-        return false;
-
-    if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
-        return false;
-
-    return true;
-}
-
-static bool ip_gso_exceeds_dst_mtu(const struct sk_buff *skb)
-{
-    unsigned int mtu;
-
-    if (skb->local_df || !skb_is_gso(skb))
-        return false;
-
-    mtu = dst_mtu(skb_dst(skb));
-
-    /* if seglen > mtu, do software segmentation for IP fragmentation on
-     * output.  DF bit cannot be set since ip_forward would have sent
-     * icmp error.
-     */
-    return skb_gso_network_seglen(skb) > mtu;
-}
-
-/* called if GSO skb needs to be fragmented on forward */
-static int ip_forward_finish_gso(struct sk_buff *skb)
-{
-    struct sk_buff *segs;
-    int ret = 0;
-
-    segs = skb_gso_segment(skb, 0);
-    if (IS_ERR(segs)) {
-        kfree_skb(skb);
-        return -ENOMEM;
-    }
-
-    consume_skb(skb);
-
-    do {
-        struct sk_buff *nskb = segs->next;
-        int err;
-
-        segs->next = NULL;
-        err = dst_output(segs);
-
-        if (err && ret == 0)
-            ret = err;
-        segs = nskb;
-    } while (segs);
-
-    return ret;
-}
-
 static int ip_forward_finish(struct sk_buff *skb)
 {
     struct ip_options * opt    = &(IPCB(skb)->opt);
@@ -110,9 +48,6 @@ static int ip_forward_finish(struct sk_b
     if (unlikely(opt->optlen))
         ip_forward_options(skb);
 
-    if (ip_gso_exceeds_dst_mtu(skb))
-        return ip_forward_finish_gso(skb);
-
     return dst_output(skb);
 }
 
@@ -152,7 +87,8 @@ int ip_forward(struct sk_buff *skb)
     if (opt->is_strictroute && opt->nexthop != rt->rt_gateway)
         goto sr_failed;
 
-    if (!ip_may_fragment(skb) && ip_exceeds_mtu(skb, dst_mtu(&rt->dst))) {
+    if (unlikely(skb->len > dst_mtu(&rt->dst) && !skb_is_gso(skb) &&
+             (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) {
         IP_INC_STATS(dev_net(rt->dst.dev), IPSTATS_MIB_FRAGFAILS);
         icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
               htonl(dst_mtu(&rt->dst)));
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -381,17 +381,6 @@ static inline int ip6_forward_finish(str
     return dst_output(skb);
 }
 
-static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
-{
-    if (skb->len <= mtu || skb->local_df)
-        return false;
-
-    if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
-        return false;
-
-    return true;
-}
-
 int ip6_forward(struct sk_buff *skb)
 {
     struct dst_entry *dst = skb_dst(skb);
@@ -515,7 +504,7 @@ int ip6_forward(struct sk_buff *skb)
     if (mtu < IPV6_MIN_MTU)
         mtu = IPV6_MIN_MTU;
 
-    if (ip6_pkt_too_big(skb, mtu)) {
+    if (skb->len > mtu && !skb_is_gso(skb)) {
         /* Again, force OUTPUT device used as source address */
         skb->dev = dst->dev;
         icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);