Xorg and fluxbox speedup with gentoo

I’ve lately noticed that my fluxbox was a bit slow…when opening up terminals, when opening up firefox, or even when entering the wm.

I did some changes and the problem has been significantly reduced:
1) edit /etc/hosts and make sure there are lines like these:

127.0.0.1 localhost
1.2.3.4 koko.lala koko

2) re-emerge fluxbox with disablexmb flag:
#echo "x11-wm/fluxbox disablexmb" >> /etc/portage/package.use
#emerge -Dv fluxbox

3) check your font paths inside xorg.conf for any incosistencies and symlink loops

4) if you have a system with a lot of ram change vm.swappiness. I use:

vm.swappiness=40

inside my /etc/sysctl.conf

5) I’ve also done this to fine tune my memmory settings, if you feel brave enough..you can do that too:

echo 4096 >> /proc/sys/vm/min_free_kbytes

my system now boots faster and I whichever application I use has a noticeable speed difference.
Have fun with gentoo!

Christian Spam

Today I had my first, and hopefully the last, christian spam.

From : Meet Christian Singles
Reply-To : return@knockoutgamesmail.com
Sent : Thursday, August 18, 2005 6:12 PM
To : xxx@xxx.com
Subject : Christian singles. A match made in heaven.


As promised, your faith and perseverance will pay off. Finding the right match is no different. Sign up now and choose from thousands of possible like-minded singles looking to share their life with you.

YIAKS! I am no christian and I am not a single. I don’t believe in heaven and crap like that.

now, GET OUT OF MY INBOX!

just pathetic…

traffic shaping a dsl line with linux

The case is like this:
[code]
Internet < --> [dsl modem] < --> [linux box] < --> [Lan]
[/code]

DSL modem is connected on eth2 on linux box and the rest of the Lan on eth0. I had a serious problem with people leaving edonkey clients opens all night..limiting the download speed to 20kb/sec but forgetting to limit the upload. The current dsl line is 384/128 so having the uploads unlimited…is like killing the line.

The solution was to setup a QOS script. And here it is:
[code]
#!/bin/bash

DEV=”eth2″
LOCALIF=”eth2″

# Reset everything to a known state (cleared)
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev imq0 root 2> /dev/null > /dev/null
iptables -t mangle -F POSTROUTING 2> /dev/null > /dev/null
iptables -t mangle -Z POSTROUTING 2> /dev/null > /dev/null
iptables -t mangle -X POSTROUTING 2> /dev/null > /dev/null
iptables -t mangle -F tosfix
iptables -t mangle -F ack
ip link set imq0 down 2> /dev/null > /dev/null
rmmod imq 2> /dev/null > /dev/null

if [ “$1” = “stop” ]
then
echo “Shaping removed on $DEV.”
exit
fi

tc qdisc add dev $DEV root handle 1: tbf rate 85kbit burst 1600 limit 1
tc qdisc add dev $DEV parent 1:1 handle 2: prio bands 4
tc qdisc add dev $DEV parent 2:1 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 2:2 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 2:3 handle 30: sfq perturb 10
tc qdisc add dev $DEV parent 2:4 handle 40: tbf rate 40kbit burst 1600 limit 3000
tc qdisc add dev $DEV parent 40:1 handle 41: pfifo limit 10

iptables -t mangle -N tosfix
iptables -t mangle -A tosfix -p tcp -m length –length 0:64 -j RETURN
iptables -t mangle -A tosfix -m limit –limit 2/s –limit-burst 10 -j RETURN
iptables -t mangle -A tosfix -j TOS –set-tos Maximize-Throughput
iptables -t mangle -A tosfix -j RETURN

iptables -t mangle -N ack
iptables -t mangle -A ack -m tos ! –tos Normal-Service -j RETURN
iptables -t mangle -A ack -p tcp -m length –length 0:64 \
-j TOS –set-tos Minimize-Delay
iptables -t mangle -A ack -p tcp -m length –length 64: \
-j TOS –set-tos Maximize-Throughput
iptables -t mangle -A ack -j RETURN

# Is our TOS broken? Fix it for TCP ACK and OpenSSH.

iptables -t mangle -A POSTROUTING -p tcp -m tcp –tcp-flags SYN,RST,ACK ACK -j ack
iptables -t mangle -A POSTROUTING -p tcp -m tos –tos Minimize-Delay -j tosfix

# Here we deal with ACK, SYN, and RST packets

# Match SYN and RST packets
iptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp -m tcp –tcp-flags ! SYN,RST,ACK ACK \
-j CLASSIFY –set-class 2:1
# Match ACK packets
iptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp -m tcp –tcp-flags SYN,RST,ACK ACK \
-m length –length :128 -m tos –tos Minimize-Delay \
-j CLASSIFY –set-class 2:1

# Match packets with TOS Minimize-Delay
iptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp -m tos –tos Minimize-Delay \
-j CLASSIFY –set-class 2:1

### Actual traffic shaping classifications with CLASSIFY

# ICMP (ping)

iptables -t mangle -A POSTROUTING -o $LOCALIF -p icmp -j CLASSIFY –set-class 2:1

# Outbound client requests for HTTP, IRC and AIM (dport matches)

iptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp –dport 80 -j CLASSIFY –set-class 2:2
iptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp –dport 6667 -j CLASSIFY –set-class 2:2
iptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp –dport 5190 -j CLASSIFY –set-class 2:2
iptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp –sport 80 -j CLASSIFY –set-class 2:3
iptables -t mangle -A POSTROUTING -o $LOCALIF -p tcp –dport 1024: -j CLASSIFY –set-class 2:4
[/code]

It WORKS for me…I don’t know whether it will work for you though. I take no responsibility. I will explain it no further because comments do exists and it’s really easy to understand what’s going on if you read a couple of tc tutorials from the net. Many ideas about this script were “stolen” from other scripts I studied while trying to make mine.

Have fun with it…

Here’s an mrtg graph to see how it’s working. Watch the blue line which is the uploads. It never goes beyond a reasonable limit and download stays unaffected:

breathe in…breathe out..

gaim-latex plugin

There’s a very nice plugin for Gaim that allows one to send latex code via IM to other people who have the same plugin (if they don’t they just see the latex code).

I find it very usefull since I’m a student in a math department and I often exchange math fomulae with people even through IM.

I wonder how one would describe this latex code in “normal IM text”:

$$ f( x) =
\sum_{i=0}^{\infty}\frac{f^{( i )}(x )}{i!} $$

but…check this:
gaim-latex plugin for Gaim in action

If you exchange math formulae with colleagues via IM … you’ll want this one 🙂

scroll more lines with mouse wheel on acroread

edit your .Xdefaults and add this at the bottom:


*XmScrollBar.baseTranslations:#augment\n Shift:IncrementUpOrLeft(0)\n Shift:IncrementDownOrRight(0)\n :IncrementUpOrLeft(0)IncrementUpOrLeft(0)IncrementUpOrLeft(0) IncrementUpOrLeft(0)IncrementUpOrLeft(0)IncrementUpOrLeft(0)\n :IncrementDownOrRight(0)IncrementDownOrRight(0)IncrementDownOrRight(0) IncrementDownOrRight(0)IncrementDownOrRight(0)IncrementDownOrRight(0)\n

That’s ONE line! Then to test it open a pdf with acrobat reader on linux and press shift while scrolling the mouse wheel…you’ll notice the difference 🙂 (it now scrolls one page per scroll “click”)

enjoy 🙂

the right way to enable udev in gentoo

I know there are numerous postings and wiki articles on the net on how to enable udev on a linux distribution and specifically for Gentoo. Because I did not find anything complete here’s my version on doing all that. The were 2 reasons I started looking around for udev support, first reason was to have a special device for my olympus c70z so I did not have to “fdisk -l” every time I wanted to check on what device it was, and secondly to improve the usb_key+hotplug+xlockmore stuff I had done earlier.

BEWARE!!!
I am not writing this guide for complete newbies to linux and kernel stuff…I am not going to explain how to compile a kernel and where to put it and and and and…cause it would never end.

First thing to do check your kernel settings!!

Device Drivers -> USB Support
< *> Support for Host-side USB
[*] USB device filesystem
< *> EHCI HCD (USB 2.0) support
< *> OHCI HCD support


For SCSI support
Device Drivers -> SCSI device support
[*] legacy /proc/scsi/ support
< *> SCSI disk support
< *> SCSI generic support


For vfat file system support
File systems -> DOS/FAT/NT Filesystems
< *> MSDOS fs support
< *> VFAT (Windows-95) fs support


Remove devfs support (If you want...)
File systems -> Pseudo filesystems
[ ] /dev file system support (OBSOLETE)
BUT YOU MUST REMOVE !!!! below devfs support.
[ ] Automatically mount at boot (SAY NO TO THIS!!!!)

Then emerge the proper packages:
emerge -uDv udev hotplug baselayout

Edit your /etc/conf.d/rc:
You must have settings like that:
RC_DEVICES="udev"
RC_DEVICE_TARBALL="yes"
RC_DEVFSD_STARTUP="no"

then:
sysctl -w kernel.hotplug="/sbin/udev"
rc-update add hotplug boot

In lilo.conf change the append line of your kernel adding this:
append="gentoo=nodevfs"
and then type lilo to make the proper changes.

If you rebooted now your system with the new kernel it should have been udev enabled.

You might encounter mouse problems, because the old /dev/mouse symlink is lost with udev. Edit /etc/conf.d/gpm and /etc/X11/xorg.conf to replace /dev/mouse with /dev/input/mouse0

What’s next ? udev rules. You must make some rules for udev to properly find your devices.
I am going to explain how I wrote 3 simple rules for my digital camera, my usb stick and my usb-hdd.
1) DIGITAL CAMERA
When plugged in the usb port go check your dmesg. You should see something like:
Attached scsi removable disk sdb at scsi7, channel 0, id 0, lun 0
Attached scsi generic sg1 at scsi7, channel 0, id 0, lun 0, type 0

now do this: udevinfo -a -p /sys/class/scsi_generic/sg1
and a bunch of info like that will appear in front of you:
looking at the device chain at '/sys/devices/pci0000:00/0000:00:10.0/usb2/2-2':
BUS="usb"
ID="2-2"
DRIVER="usb"
SYSFS{bConfigurationValue}="1"
SYSFS{bDeviceClass}="00"
SYSFS{bDeviceProtocol}="00"
SYSFS{bDeviceSubClass}="00"
SYSFS{bMaxPower}=" 0mA"
SYSFS{bNumConfigurations}="1"
SYSFS{bNumInterfaces}=" 1"
SYSFS{bcdDevice}="0100"
SYSFS{bmAttributes}="c0"
SYSFS{detach_state}="0"
SYSFS{devnum}="6"
SYSFS{idProduct}="0109"
SYSFS{idVendor}="07b4"
SYSFS{manufacturer}="OLYMPUS"
SYSFS{maxchild}="0"
SYSFS{product}="C70Z,C7000Z"
SYSFS{serial}="1234567890"

SYSFS{speed}="12"
SYSFS{version}=" 2.00"

We just need the italic ones.
edit /etc/udev/rules.d/10-local.rules
and add something like this:
BUS="usb", KERNEL="sd?1", SYSFS{manufacturer}="OLYMPUS", SYSFS{serial}="1234567890", SYSFS{product}="C70Z,C7000Z", NAME="%k", SYMLINK="c70z"

YOUR VALUES WILL DEFER!!!

now “mkdir -p /mnt/digicam” and add something like this in your /etc/fstab:
/dev/c70z /mnt/digicam vfat noatime,user,rw,sync,uid=1000 0 0

mount /mnt/digicam and your camera is ready to extract the pictures from it!

2) USB KEY
same as above…but the rule and fstab entry will defer slightly:
udev rule:
BUS="usb", SYSFS{serial}="23DE746790310A9B", NAME="%k", SYMLINK="mykey"
fstab entry:
/dev/mykey /mnt/usbkey vfat noatime,user,rw,sync,uid=1000 0 0

3) USB HDD
udev rule:
BUS="scsi", SYSFS{model}="00JB-32EVA0", NAME{all_partitions}="wd-usb"
fstab entry:
/dev/wd-usb1 /mnt/usbdisk ext3 noatime,users 0 0

Remember my old post on pam_usb ? It gets a lot better with udev!
edit /etc/pam.d/login
and change the rule into something like this now:
auth sufficient /lib/security/pam_usb.so proc_basename=/proc/scsi/usb-storage/1 !check_device force_device=/dev/mykey allow_remote=1 fs=vfat debug=1 log_file=/var/log/pam_usb.log

where /dev/mykey is created by udev so it does not matter where the real device is…it will always symlink to mykey!

You can’t make it work ? Read these links…they might help you:
Gentoo udev Guide
Gentoo Wiki – HOWTO_Install_a_digital_camera
UDEV Primer
Using udev for Static Device Naming
Writing UDEV rules

usbutils problems and solution

I just wanted a tool to easily monitor my usb devices, and that should be lsusb . In Gentoo it’s inside usbutils package, but when I tried to emerge it I got a ton of errors like that:

In file included from /usr/include/linux/usb.h:4,
from access.c:34:
/usr/include/linux/mod_devicetable.h:18: error: syntax error before "__u32"
/usr/include/linux/mod_devicetable.h:20: error: syntax error before "class"
/usr/include/linux/mod_devicetable.h:21: error: syntax error before "driver_data"
/usr/include/linux/mod_devicetable.h:31: error: syntax error before "__u32"
/usr/include/linux/mod_devicetable.h:33: error: syntax error before "model_id"
/usr/include/linux/mod_devicetable.h:34: error: syntax error before "specifier_id"
/usr/include/linux/mod_devicetable.h:35: error: syntax error before "version"
/usr/include/linux/mod_devicetable.h:36: error: syntax error before "driver_data"
/usr/include/linux/mod_devicetable.h:99: error: syntax error before "__u16"
/usr/include/linux/mod_devicetable.h:103: error: syntax error before "idProduct"
/usr/include/linux/mod_devicetable.h:104: error: syntax error before "bcdDevice_lo"
/usr/include/linux/mod_devicetable.h:105: error: syntax error before "bcdDevice_hi"
/usr/include/linux/mod_devicetable.h:108: error: syntax error before "bDeviceClass"
/usr/include/linux/mod_devicetable.h:109: error: syntax error before "bDeviceSubClass"
/usr/include/linux/mod_devicetable.h:110: error: syntax error before "bDeviceProtocol"
/usr/include/linux/mod_devicetable.h:113: error: syntax error before "bInterfaceClass"
/usr/include/linux/mod_devicetable.h:114: error: syntax error before "bInterfaceSubClass"
/usr/include/linux/mod_devicetable.h:115: error: syntax error before "bInterfaceProtocol"
/usr/include/linux/mod_devicetable.h:118: error: syntax error before "driver_info"
/usr/include/linux/mod_devicetable.h:135: error: syntax error before "__u16"
/usr/include/linux/mod_devicetable.h:138: error: syntax error before "dev_type"
/usr/include/linux/mod_devicetable.h:139: error: syntax error before "cu_model"
/usr/include/linux/mod_devicetable.h:140: error: syntax error before "dev_model"
/usr/include/linux/mod_devicetable.h:142: error: syntax error before "driver_info"
/usr/include/linux/mod_devicetable.h:155: error: syntax error before "__u8"
/usr/include/linux/mod_devicetable.h:160: error: syntax error before "__u8"
/usr/include/linux/mod_devicetable.h:163: error: syntax error before "__u8"
/usr/include/linux/mod_devicetable.h:165: error: syntax error before '}' token

The solution was to edit /usr/src/linux/include/linux/usb.h and comment out lines 4 and 5:

4 /*#include 5 #include */

Then I emerged usbutils just fine…uncommented the previous lines…and everything is working properly:

# lsusb
Unknown line at line 1809
Duplicate HUT Usage Spec at line 2650
Bus 004 Device 004: ID 058f:9254 Alcor Micro, Inc. Hub
Bus 004 Device 001: ID 0000:0000 Virtual Hub
Bus 003 Device 001: ID 0000:0000 Virtual Hub
Bus 002 Device 001: ID 0000:0000 Virtual Hub
Bus 001 Device 002: ID 05e3:0702 Genesys Logic, Inc.
Bus 001 Device 001: ID 0000:0000 Virtual Hub

distcc with gentoo

I wanted to install gentoo on an old pII at 400MHz I own. The compilation time would take really really long if it was done on that machine only…that’s where I thought about installing distcc to my other gentoo machines. I followed Gentoo Distcc Documentation and in a few minutes I was able to compile stuff concurrently between 3 different machines, an athlonxp 2800+, an athlonxp 2500+ and and that pII 400MHz. I edited /etc/make.conf and replaced
MAKEOPTS="-j2"
with
MAKEOPTS="-j4"

The machines were all i686 and the whole process was a lot faster than it would if I compiled only at that old pII. I am now running an emerge –emptytree just to check if all will be compiled cleanly with distcc without problems.

cancelling echo in audigy2 for voip applications in linux

big title huh?

I had tried various applications for VoIP in Linux, Gnomemeeting, kphone, skype, etc etc and I was always told that the remote party heard an echo of his/her voice. My side was perfect…but the opposite side was unacceptable.
The solution to the echo problem was to tweak audigy2 capture values in alsamixer or alsamixergui.

Fire up alsamixer…you should probably see that the “View: ” title on top says “Playback”. Go to microphone and set it down to 0..that’s right..zero. Then press tab once and the “View: ” title will switch to “Capture”. Set PCM capture to 0 (zero) and mic value around 80-90.
The mic boost (+20db) is usefull to me too…use it if you want.
In alsamixergui: set the first PCM slider as high as you want and the second one to zero. Then go to mic and set the first to zero and the second one to 80-90.

After that the remote parties I talked to stopped bugging me about echo problems. So I think that’s the solution.

Linux IP accounting

Time for some more statistics. Say your box runs as a router and you want to monitor which pc of your lans talks to whom from the outside world…how many bytes, packets, flows, etc…or say you use your box at home for p2p applications and want to monitor what’s going on…more than just keeping track of your traffic. That’s where IP accounting comes handy.
I applied IP accounting at my gentoo box at home. What I needed was inside this excellent documentation. Basically one needs fprobe, to export flows from linux in netflow format, flow-tools to collect those netflows, and FlowScan to process the flow files. Most tools are easily emerged…but remember NOT to emerge flow-tools. If you do that you will have problems with Cflow. Do as the documentation says, download flow-tools from their site, ‘make install’ it and go inside the contrib dir, untar Cflow-1.051.tar.gz and do as the documentation says for it. Most other things are rather straightforward.
One usefull shell script I wrote with the help of Angelos was this:
showtop.sh

#!/bin/bash
echo "<pre>" > /var/netflow/scoreboard/stats.html
/usr/local/netflow/bin/flow-cat -p /var/netflow/ft/ | /usr/local/netflow/bin/flow-stat -f10 -S4 -n | head -n 50 >> /var/netflow/scoreboard/stats.html /usr/local/netflow/bin/flow-cat -p /var/netflow/ft/ | /usr/local/netflow/bin/flow-stat -f8 -S3 -n| head -n 50 >> /var/netflow/scoreboard/stats.html echo "</pre>" >> /var/netflow/scoreboard/stats.html

It creates an html file with 2 top-X lists…
The first one is: a report on top source/destination IP pairs sorted by octets
and the second one is: a top destination IP address report by sorted by outbound traffic
I find it really usefull and I’ve added it to my crontab to run every 5 minutes.

It works for me…try it if you wish and comment with your results…

P.S. I think flow-tools was the first package I had to install manually in my gentoo box since the day I’ve installed it. I think it is possible to create an ebuild to overcome the problems with Cflow…but I was too bored…anyway…have fun with IP accounting.

Simple Port Accounting – part 2

A small addition to the previous post about port accounting with iptables and mrtg.

A new script to count tcp and udp connections.
conns.sh

#!/bin/bash
HOSTNAME="/bin/hostname"
NETSTAT="/bin/netstat"
UPTIME="/usr/bin/uptime"
$NETSTAT -ant | grep -v LISTEN | grep -v Active | grep -v Proto | wc -l
$NETSTAT -anu | grep -v LISTEN | grep -v Active | grep -v Proto | wc -l
$UPTIME | awk '{ print $3, $4, $5 }'
$HOSTNAME

and the part that goes inside your mrtg.conf


Target[conns]: `/etc/mrtg/conns.sh`
Options[conns]: growright, nopercent, gauge
MaxBytes[conns]: 20000
Title[conns]: Connections
YLegend[conns]: Connections
LegendI[conns]:  TCP:
LegendO[conns]:  UDP:
ShortLegend[conns]: conns
PageTop[conns]: <h1>Connection Stats </h1 >

enjoy 🙂 It works for me..I hope it works for you too 🙂

American Judges are nothing more than farmers

Where do american people study to become judges ? How can so foolish people become judges ? Just check this news from a Minessota court…

A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent.

Read about this hilarious matter.. I don’t care if the guy was in child pr0n industry…let him rot in jail…but PGP is NOT evidence that someone is using the power of the dark force to conquer the world. Make this judge a favour and sent him home to farm his fields…

grrrrrrr

another message on a wall

greeks only too…

I don’t need to comment on it 🙂

Introduction to TOR

Today I’ve decided to use Tor a bit. One can say it’s an anonymity tool…but it’s not only that. It’s something more like an underground internet community. You can read an excellent article about Tor too.

Some quotes from the Tor site:

Tor: An anonymous Internet communication system

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and more.

Your traffic is safer when you use Tor, because communications are bounced around a distributed network of servers, called onion routers. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the data came from or where it’s going. This makes it hard for recipients, observers, and even the onion routers themselves to figure out who and where you are. Tor’s technology aims to provide Internet users with protection against “traffic analysis,” a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security.

To the point…Using Tor and privoxy you have access to what’s inside the Tor network. There are hidden wikis, book collections and even more.
This link goes to Tor Network Hidden Wiki and this one goes to KIRA – online list of Tor featured sites.
Notes from the Underground is pretty cool too.

The complete details of connecting to the Tor world are here: Tor Documentation
Oh…if you want anonymous P2P with Tor…check this page about Tor+azureus.
Check this graffiti I’ve found while surfing a site inside the Tor network…I think that it’s great…

P.S. This was posted using the Tor network…my apache logs are clear about this 🙂