|
|
Recently I bought a HP DL385 Opteron server at auction. It has an Opteron 265 1.8GHz dual-core CPU and is designed for SFF (Small Form Factor) SAS disks.
A friend told me that S-ATA disks would work in it and so would a faster Opteron CPU. I bought 3 S-ATA disks which work fine in a RAID-5 array. Unfortunately when I tried booting with the second CPU installed the BIOS said that it detected a CPU speed mismatch and would halt.
If anyone knows of a way of swapping Opteron 265 CPUs so that I can get a pair at the same speed then please let me know. I’d prefer to swap the 1.8GHz one for a 2.2 GHz one if possible, but the other way is also an option.
Debian is participating in the Google Summer Of Code (or Winter if you are in the southern hemisphere).
It would be good if we could get a SE Linux related project in. If you are interested in doing some SE Linux work (or other security related work) in this regard then please let me know. I’m interested in helping mentor for such projects.
This weekend I went to the Ballarat install-fest, mini-conf, and inaugural meeting of the Ballarat Linux Users’ Group (BLUG).
This was the second install-fest, the first one was quite successful so it was decided that there was demand for a second. I suggested that what we should do is get some of the more experience members of LUV to attend and give talks about their areas of expertise and make a mini-conference. I also suggested that we
hire a large vehicle to take a number of people to the meeting. Both my suggestions were accepted.
So on Friday evening I was in a Kia XXX with five other people from LUV on our way to Ballarat.
On Saturday we had the install-fest. We started at about 10AM, there were about a dozen people getting help installing Linux and many more attending the mini-conf and just hanging out. For lunch we had a BBQ. In the afternoon I gave a talk on SE Linux and then a brief impromptu talk on Poly-Instantiated Directories while the next speaker was setting up their laptop.
At the end there was the inaugural meeting of BLUG. The president was appointed, and there were some brief discussions about when to schedule meetings. I suggested that BLUG meetings should be either the day before or the day after LUV meetings to increase the incidence of speakers from other regions attending both meetings, my suggestion was being seriously considered at the time the meeting adjourned – LUV is a larger group and has better ability to get speakers from other regions. It was also agreed that a
weekend combined LUV and BLUG meeting would be arranged twice a year.
I traveled back to Melbourne by train which was cheap at $9 and comfortable. There was even a power point in the carriage (which I didn’t use as my laptop was charged and the location was not convenient). For the next such event I’ll try and arrange a group to travel on the train together.
The next thing to do is to find other regional centers in Victoria where we can do the same thing. Bendigo might be a possibility.
Also if you are a member of a LUG in a city please consider the possibilities for helping form a LUG in a regional center that’s nearby. I would be happy to provide whatever advice I can to help people replicate this success in areas surrounging other cities, so please email me if you have any questions.
A common criticism of fluorescent lights is the inability to use dimmers, as mentioned in Julien Goodwin’s blog.
However with some thought at the time the lights are installed this problem can be solved. The first thing to keep in mind is that an infinite number of levels of illumination (analogue scale) is not really required. In most cases two or three levels should do.
If you have two compact fluorescent lights that use 5W and 10W then you have the options of 5W, 10W, and 15W. If you have a large room to light (such as a lounge room) which needs 30W of fluorescent lighting for full illumination then you could have six 5W globes dispersed and have anything from one to six of them turned on to give different levels of illumination.
Of course if you don’t plan electrical work then it’s easiest to just use incandescent lights in those areas. As long as the areas that use the most light for the longest time have fluorescent lighting it shouldn’t make too much difference.
In response to a post on Planete Beranger, saving energy DOES matter. Sure you saving a few KWh isn’t going to make much difference on it’s own, but when a million other people do the same it all adds up.
The lack of public transport in the US causes more problems for the country than just environmental damage. It hurts the economy by making it more difficult for people to get to work. It will hurt the defence forces in the (unlikely) event of an invasion (trains are the best way of moving large numbers of troops, heavy weapons, and military supplies. It also hurts the national interest in decreasing the ability to react to civil emergencies. For example the entire population of New Orleans could have been evacuated in time using a single platform of a European station. If every city had multiple stations that had a reasonable number of platforms and multiple redundant train lines then evacuating civilians and bringing in emergency equipment and workers would be very easy. In the Netherlands train lines often run on top of dikes, this means that the dikes are very strong (if they can sustain the weight of a freight train then they aren’t going to be washed away by a wave) and that trains can still operate while flood waters are rising. If New Orleans is to be rebuilt to it’s former glory then the Americans should consider a similar design.
Large cars are a temporary issue. As fuel prices rise people will choose smaller cars. Also hopefully people will start to realise that 4WD and SUV vehicles are actually less safe than cars and stop buying them for perceived safety.
The Chinese government doesn’t worry about the same environmental issues, however they have more agressive targets for renewable energy use than most countries. It’s not a matter of being nice (they aren’t), but of looking out for their own self interest. It’s a pity that the governments of the US, Australia, and EU countries have not yet done the same – but it will happen eventually.
As for supermarkets using open fridges, if the vent the heat outside the building then it will be just part of the building air-conditioning system. Every adult dissipates about 100W of heat when at rest, when shopping it would be more than 100W. Get 100 people in a supermarket (not the peak business time) and 10KW would have to be removed by the A/C system without counting heat from lights (fluorescent lights dissipate about half their energy as heat, they are much more efficient than incandescent lights but much less than LEDs),
and heat from other machinery.
Finally, if you want to see changes in government policy then join your local Green party!
My Thinkpad has started to run hot recently. If I do anything CPU intensive then it will heat up to >80C and then turn itself off. When idling it seems to stay at about 60C when the ambient temperature is about 24C.
It used to not be like this, a couple of years ago I cracked a GPG pass-phrase by using my Thinkpad (as well as a few other machines) to run a brute-force attack lasting a few months. So a couple of years ago I could run at 100% CPU time for months on end and now I can only do that for a few minutes.
It seems that my Thinkpad may have accumulated dust in it’s fan from years of running 24*7. I run my Thinkpads 24*7 so that they can download email and large files while I’m asleep, because Linux suspend options have been lacking until recently, and because I use my laptop for a large portion of the day.
The problem I am having is similar to what I had with a previous Thinkpad. Are Thinkpads unable to handle 24*7 operation?
I just read an interesting blog post from December 2005 about the environmental impact of bio-fuels. It makes some really good points that should be studied by everyone who is interested in protecting the environment.
However this doesn’t mean that bio-fuels are inherently bad, just that some methods of production are bad.
The blog claims that reusing oil that had been used for frying would cover 1/380 of the fuel used for road transport in the UK. There are some technologies that have been recently invented to process farm and industrial waste into oil, some of which are already in production in the US. The volume of farm waste (and equivalent waste from restaurants) would significantly exceed the frying oil from restaurants and converting waste plastic into fuel would add even more. I’m sure that these sources of fuel from waste would add up to at least 1% of the current transport fuel use.
A better train system has the potential to halve the use of fuel for transport (or better), when living in Europe I never considered owning a car, the trains were so good and the car parking was so bad that it wasn’t worth doing. A combination of less cars and the cars being driven less would significantly reduce fuel use.
Hybrid vehicles and vehicles with smaller and more efficient engines could halve the use of fuel again (or better). Diesel hybrid cars that are currently being tested use as little as 1/4 the fuel of current petrol cars. Add further technological improvements such as the six-stroke engine and we could be looking at something better than four times the current fuel economy of cars.
I don’t think it’s unreasonable to assume that a combination of a good public transport infrastructure, fuel efficient vehicles, and government incentives for using both could reduce the transport use of fuel by a factor of 8. This would mean that fuel produced from restaurant, farm, and plastic waste (which I conservatively estimate at four times the volume of used frying oil) could account for more than 8% of the fuel supplies. The EU wants to have 5.75% of fuel oil to come from renewable sources, it seems to me that this is possible without importing any bio-Diesel from developing countries!
Electric cars could of course significantly decrease the use of fuel oil too. A Prius+ (Prius modified to take mains power) would be an ideal vehicle for me. I rarely make long journeys and rarely make multiple journeys in one day so I could use mains power most of the time. I estimate that with a Prius+ I would use no more than two tanks of petrol a year.
Then of course there’s the issue of market protection. It seems that every first-world country has a farming lobby that convinces the government to pay them to produce more crops than they can sell at market rate. Instead of subsidising food that is sold to other countries such government money could go towards subsidising development of bio-fuels. The US subsidy of corn production is a classic example of this, corn syrup can be easily fermented and distilled to make fuel – much better than eating the nasty stuff!
The book SE Linux by Example has been reviewed on Slashdot.
The issue of Perl scripts was raised for discussion. It is of course true that a domain which is permitted to run the Perl interpreter can perform arbitrary system calls – it can therefore do anything that SE Linux permits that domain to do. This is in fact a demonstration of how SE Linux does the right thing! If you want to restrict what can be done when executing the Perl interpreter then you can have a domain_auto_trans() rule to have Perl run in a different domain.
Restricting Perl (as used by one particular program) is actually easier than restricting a complex application run by users such as Firefox. Users want to use Firefox for web browsing, local HTML file browsing, saving files that are downloaded from the web, running plugins, and more. Granting Firefox access to perform all those tasks means that it is not restricted from doing anything that the user can do.
A claim was made that a novice users would not understand how to use SE Linux. The fact is that they don’t need to. I know many novice computer users who are running SE Linux systems, it just works! It’s more advanced users that have to learn about SE Linux because they configure their machines more heavily.
The essential difference between path-based access control and Inode based access control is that the standard Unix commands to control file access (chmod, chown, and chgrp) all operate on Inodes. If a file has 1000 hard links then I can restrict access to all of them via a single chmod or chcon (the SE Linux command that is comparable to chmod) command. AppArmor does things differently and implements an access control model that is vastly different to the Unix traditions. SE Linux extends the Unix traditions with Mandatory Access Control.
Granting different levels of access to a file based on the name of the link which is used is a horror not a feature.
I wrote this as a blog entry rather than a /. comment because my lack of Karma means that less people will read my /. comments than my blog.
I got the idea for this from Ben Hutchings.
A. Copy the list below to your own journal and
Bold the actions you are already taking
Underline the actions you plan to start taking
Italicize the actions that don’t apply to you
B. Add one (or more) suggested action(s) of your own
C. Leave a comment here, so that she can track the meme to your journal, and copy your suggested action(s) back to the master list.
- Replace standard incandescent light bulbs with compact fluorescent light bulbs
- Choose energy efficient appliances – I’m documenting the power consumption of my computers
- Wash clothes in cold(er) water – Colder than what? I suspect this is based on American machines that are controlled by mixer valves rather than using a thermostat.
- Turn the thermostat of your hot water tank down to 50°C (125°F) – this is a good safety measure anyway
- Install a programmable thermostat (or turn the heat down over night and when you’re out of the house)
- Register with the [Canadian Marketing Association’s] Do Not Contact Service to reduce the amount of junk mail delivered to your house. – Substitute MPS.
- Eat less meat (particularly feedlot beef) – For practical purposes I’m vegetarian, with occasional exceptions.
- Walk, bike, carpool or take public transit as often as possible – I’m writing this on the tram
- Make sure you know what can be recycled in your area, and try to recycle as much household waste as possible
- Compost using an outdoor compost bin or an indoor vermicomposter
- Clean or replace filters on your furnace and air conditioner
- Buy local, organic or fair trade food where possible
- Reduce air travel – pity that long-distance trains suck in Australia
- Wrap your water heater in an insulation blanket
- Use a clothesline instead of a dryer whenever possible – don’t own a clothes dryer, hanging up clothes inside near a heater works on cold days
- Plant a tree – pity my trees are dying because of the drought / climate change
- Buy fresh foods instead of frozen
- Keep your car tuned up and your tires inflated to their optimal pressure – also minimise driving. I drive about 5000Km per year.
- Use biodegradable dishwashing liquid, laundry soap powder, etc.
- Drink tap water (filtered if necessary) rather than buying bottled water – remember the Benzene incident…
- Turn the tap off while brushing your teeth
- Unplug seldom-used appliances and chargers for phones, cameras, etc., when you’re not using them – the power use is small so I only do this for rarely used chargers.
- Plug air leeks and drafts around doors and windows with weatherstripping
- Switch from disposable to reusable products: food and beverage containers, cups, plates, writing pens, razors, diapers, towels, shopping bags, etc – I’ve done this for most things, could improve though.
- Consider garage sales, Freecycle, eBay, or borrowing from friends/family before buying a new tool or appliance – second-hand and refurbished computers are so powerful and so cheap that you don’t need to care about the environment to do this.
- Reuse bathwater, maybe to flush the loo, water the garden, etc.
- Make sure your roof is well-insulated. – I think it is, but as tenants it’s not really our choice.
- Always wear a jumper/sweater and socks indoors unless it’s warm enough outdoors to go without both.
- Run your vehicle on biofuel/sustainable fuels
- Set up a grey water barrel to use when clean water isn’t necessary – grey water should never be stored. It contains chemicals that are used as food for bacteria.
- Put grey water on your garden immediately without storing it.
- Install tanks to collect rain-water from your roof for watering the garden, washing your car, etc.
Erich Schubert comments on the issues relating to getting big changes into Debian. This is something that I had also noticed. I started work on SE Linux in Debian in 2001 and continued it actively until 2003 when I joined Red Hat. Less than a year after I joined Red Hat there was a Fedora release with SE Linux fully integrated and shortly after that there was a release with SE Linux on by default. The reason for this was that Red Hat management supported the idea of SE Linux and everyone had to accept it. There was no option for a package maintainer to refuse to support SE Linux.
Recently in a discussion on debian-devel one DD (who I won’t name in this blog post) advocated removing SE Linux support from dpkg. I then asked him whether he had the same attitude towards non-executable stack
(Exec-Shield/PaX/OpenWall), Poly-Instantiated directories, and PIE executables. When he expressed interest in having those features I pointed out that one of the enemies of security in Debian is the fact that every person controls their little area and has no requirement to work towards common goals (apart from the most obvious ones of making the system work).
This means that instead of having a little cooperation from other developers anyone who wants to get a significant change included will have to fight hundreds of battles.
SE Linux is a classic example of this. Debian could have had SE Linux support long before Fedora, but instead it gets it long afterwards.
The same battles occur with regard to all the other security measures I mentioned (and some others I didn’t). We could made Debian the most secure Linux distribution, there are many people who have the skills and the interest in doing so.
If you want features such as exec-shield, then you are missing out – largely because the people with the skill and time to work on them are too busy fighting trench-warfare rather than actively coding.
Now while I strongly object to most incarnations of the “you can’t force a volunteer to do anything” meme that infects Debian I do agree that we can’t force developers to write new code. We can however strongly discourate an antagonistic attitude towards new features. If someone proposes a feature
that you don’t plan to use but which doesn’t hurt you then there’s no reason to attack – you can just ignore it. If someone sends in a patch that adds a feature which is requested by many people but you personally don’t use, then if it has little or no down-side (linking against a couple of shared objects as is the case for many SE Linux enabled programs provides no measurable overhead) and the code is good it should be merged!
The real problem is that some DDs are more concerned about what is best for them personally (in the most short-term manner) than about what is best for the users.
This morning when walking through a shopping center car park on my way to work a grannie came fairly close to squashing me. She accellerated her Mazda 323 backwards as hard as possible and hit a purple Magna. The back ends of both cars were seriously damaged, and the Mazda (which received the worst damage) was possibly a write-off (it doesn’t take that much damage to make an old car an insurance write-off). The damage was surprising given that there was only about 4 meters between the cars before the crash, the roar of the engine however did indicate that full accelleration was being used. The area between the vehicles was where I had just walked a few seconds earlier…
I phoned the police and waited until they arrived. They might end up forcing her to have a driving test, but it’s most unlikely that she will lose her license. One of my relatives passed such a test more than 10 years after I refused to ever be a passenger in his car.
What is needed is periodic testing of all drivers with the same standards as used for initially getting a drivers license (currently the standards are much lower). I would probably have to practice my parallel parking before such a test (it’s something I hardly ever do) but I expect that I wouldn’t have any difficulty in passing – as would all good drivers.
|
|
