Tuesday 23 June 2015

Musings: SSH key types, PayPal API documentation, and more

I have a few random musings to arf about today.

Sleep is miserable. I don't know why I even bother pretending to have a schedule to myself. Between work demands, personal issues, and the fact that I tend to favour going to sleep around the 05:00 hour naturally, it's impossible. Sure, I can hold a "normal person" schedule indefinitely... if I have no external factors. But my life is full of external factors that make it impossible. And there are some people in my life that try and make me feel guilty for not being able to hold a schedule. It feels miserable.

In other news, PayPal's API documentation for their SetExpressCheckout call lies. They say the xsi:type for the SolutionType is "ebl:SolutionTypeType", but I found out the hard way that passing that as the type causes a SOAP Fault (and leaks the API password and signature out in the error message)! The only way I can find to do it properly is to set xmlns="urn:ebay:apis:eBLBaseComponents" on the SolutionType node and then set xsi:type="SolutionTypeType" (no ebl: namespace). Then the API accepts it fine. Who knows why their systems do what they do.

I investigated making a new SSH key that would be stronger than my current one. Unfortunately, it doesn't seem I really have a choice in the matter. The only common denominator is RSA, as shown in this matrix:

Key TypeMac OS XNetBSDDebian
RSA Yes Yes Yes
DSA Yes Yes Yes
ed25519 No No No
ECDSA No Yes Yes
SSH Version / OS Version 5.6 / 10.8.5 5.9 / 6.1.5/i386. 6.0 / 8.0 "Jessie".

Note that the following systems supported all listed key types:

  • Gentoo 20150623
  • FreeBSD 10.1
  • OpenBSD 5.6
  • Alpine Linux 3.2
  • Windows 2000

Truly a sad day when a 16 year old Windows OS has more SSH key types available (via mingw) than Mac OS X, NetBSD, and Debian combined. Looks like I'm sticking with RSA keys for the foreseeable future.

Sunday 21 June 2015

Removing Python 2.7 from Gentoo, one port at a time.

I'm highly motivated, as a Pythonista who loves Python 3 and all of the new features, syntax, and improvements, to help the rest of the community upgrade to Python 3 and enjoy all of its benefits.

To that end, I would like to end the dependence of Python 2 in the general community. Since I feel I am a fairly average power user of Gentoo, I figured I would start with the packages on my own system, and this is what I found:

  dev-lang/python-2.7.10 pulled in by:

Not terrible for a world that has 1,277 packages. Now, we can wipe some of those off:

dev-lang/spidermonkey, www-client/firefox
The Mozilla build system...
dev-libs/protobuf, dev-python/google-apputils, dev-python/ipaddress, dev-python/python-gflags-2.0
I can't make Google care about Python 3. I'm just a lone fox.
This is apparently only pulled in because I have 2.7 compatibility enabled on other packages, and it also appears abandoned upstream.
All but deprecated upstream. dev-python/cryptography pretty cleanly replaces it. I simply need to change dependencies to use that instead.
The Twisted project is large, and already has a Python 3 objective. No need to worry about that until later, since they have others working on it.
They, too, are working on an official Python 3 port already. I've even used it; though it is ridiculously unstable, there has been a lot of progress made.
As of August 2014, they are officially porting to Python 3. Same as Twisted, then.
This is a very large codebase with a lot of issues related to 2->3. Not something one fox can help with either, I'm afraid.
any gnome package
Not really interested in contributing to the ever-dying and unmaintained GTK 2, and definitely not interested in contributing to the abomination of GTK 3.
As KDE 5 nears stability, this will become less and less maintained, so it probably isn't worth it either.
net-print/cups, sys-devel/llvm
I doubt there is any hope of getting Python 3 code into Apple projects, since they seem to enjoy clinging to 1990-era development tech :(

After doing some sorting to show the order I'd like to work on these, this leaves us with:


I would really like to do at least one per week, but there's no guarantees of course. Wish me luck!

Tuesday 16 June 2015

Linux 4.1 kernel: Finally, a movement in the upwards direction

No musings yesterday because I was having quite a time getting Linux to play well. I spent yesterday configuring the rest of the kernel until around 21:00, when I started searching for and applying all the patches I wanted. Found a small bug in the CPU optimisation patch that Gentoo uses (via grsecurity); namely, it doesn't enable P6_NOP for anything higher than a Core 2. I manually edited the patch and applied it.

I built the kernel, ran # emerge @module-rebuild, signed the newly built modules, and rebooted in to my new system... Or I would have, if it had been able to read the init RAM disk. Doing the Apple EFI dance to switch between 3.18 to rebuild and 4.1 to test was not my idea of a good time, but after a while, I found the issue. There's something broken somewhere and it would not read XZ-compressed ones. I used my fallback algorithm, LZO (chosen because it's free and very fast), and it booted right up. Only now, I couldn't start KDE.

Typically, I start KDE by using $ X_SESSION=KDE-4 startx; I don't use KDM or XDM because I regularly test breaking changes to i915 that may cause X to hardlock, rendering my laptop useless. This time, however, it complained 'xterm: command not found'. Unsure why it was trying to load xterm, I checked around and I found no answer. I still haven't figured this out. The workaround I'm using is $ XINITRC=/etc/X11/Sessions/KDE-4 xinit which acts the same as the old command, only it's longer and less readable.

Then I had a world of i915 bugs that I will omit from my blog mainly because they were mostly configuration error and the ones that weren't were resolved by re-merging media-libs/mesa.

After all of that was over, I checked on my wireless chip. Lo and behold, for the first time since I've started using draft-n wireless networking on Linux in 2009, it was actually associating successfully to a 5GHz 802.11n AP! The speed is only 150mbit/s; the chip supports 300mbit, so I am not sure why that is, but I am still happy to be finally untethered from my Ethernet cord!

Some benchmarks.

Running emerge -1 openssl

Kernel / SchedWall TimeSystem Time
3.18 / CFQ5m 3s59s
4.1 / CFQ4m 57s55s
4.1 / BFQ4m 53s52s

That's a pretty nice win for BFQ, and a huge improvement over 3.18. Note this is all on the same hardware, on a fresh boot, with nothing in fscache.

Playing 720p MPEG-4 video in VLC

KernelOn-Die TemperatureCPU % used
3.1871° C31.2%
4.163° C46.3%

Each measurement was taken at 2 minutes into playing the video. Not sure why the CPU's a bit more active, but wow, that temperature reduction is serious!

Overall, I am very, very happy with this upgrade. The Linux 4 series seems to be all about making things smoother, faster, and more battery-friendly. I'll update later with a benchmark of battery life.

If you have a MacBook Pro from the 2011 era (or you're just curious), you can view my config file online. Special thanks to Elly and Horst for guidance, patchsets, and keeping me company while I was going insane with menuconfig. :)

Monday 15 June 2015

Musings: Just another lazy Sunday.

Okay, I guess I'm doing this daily. Sundays are usually pretty lazy for me, so this will be short.

Found more interesting tidbits, still configuring the 4.1 kernel for my laptop. RC8 came out before I even finished, so now I have some oldconfiging to do.

Still felt dizzy from yesterday, so spent 20 minutes on the treadmill. Blew all the cobwebs out of my blood, I suppose. Almost completely better afterwards, so that's a good thing.

Found a really intricate resource pack for Minecraft, S&K Photo Realism. I'll have to try it out the next time I'm on the desktop with the Radeon 5700HD. My laptop can't handle resource packs; the poor little Sandy Bridge HD Graphics is too overwhelmed.

Helped Horst debug an i915_drm driver issue on 4.0.5. Not sure the root cause, will have to probe further tomorrow.

Started planning how to install Foxtoo, my own little brand of Gentoo, on to my Pentium-100 laptop. I think I have a way and it's going to make for quite an article if I manage to make it happen.

Actually excited for work tomorrow. Lots of cool things in the works there.

Sunday 14 June 2015

Musings: libxo, Python code quality, and Linux kernel shenanigans

I've been inspired to actually make this in to an actual bloggy journal thing instead of just writing occasional long-winded well thought out articles. I still want to do long-winded well thought out articles, but the entire reason I got this thing in the first place is to share my knowledge and experiences with the world. Might as well.

Caught up on the backlog of happenings on the freebsd-current mailing list. Lots of people are upset about libxo, including myself. May mean a Linux migration in my professional future. Disappointing, especially since there is a lot of opposition, but it's understandable that it's going forward anyway. Juniper pays to keep the lights on at the FreeBSD foundation, so they have a lot of pull. Sad to see they don't really care about the community or what we have to say.

Looked harder at GCC 5.1 code output. Then looked harder at switching default compiler from GCC to Clang on Gentoo. ;) It's not all there yet but it seems to be improving every day. Looking forward to trying out a Clang-compiled kernel if that patchset advances.

Played with Pylint and Pyflakes. Ran it on a few of the projects I work on and a few of the ones I write with Elly. PyIRC 3 got a rating of 8.5 out of 10. Really impressive. I hope to show Pylint to the people at work in the coming week and improve the quality and process there too.

Tried playing Minecraft. Already felt a bit dizzy before playing, so that was a mistake. Logged off after about 20 minutes from the ill feeling. Perhaps tomorrow.

Found out about a lovely years-old DoS vulnerability in the Linux kernel's UDP stack. Ran netstat on my servers to make sure they had no UDP listeners. Not sure what to do about the Minecraft server, perhaps the DDoS protection we already have on it is good enough.

Read a hilarious article comparing the Pentium 4 Northwood to various new CPUs, where the AMD "accelerated" notebook CPUs performed worse. I can't believe AMD has gone so downhill that a Pentium 4 from 2002 can spank its brand new designs.

Decided to start configuring a 4.1-rc7 kernel for my laptop. 3.18 is so old (by my own standards) and I really want to get off of this line since my checkout is still affected by that stupid exit race bug which sometimes causes Firefox to die. Found an interesting knob, CONFIG_EXT4_ENCRPYTION, which is apparently the same encryption stuff Android "M" will be using. Pretty neat but seems useless for my needs. Might try it on the Pentium II for the hilarity.

Tried to tinker with the internals of OS X Server 5.0 beta 1 before bed, but it's compressed with a weird algorithm (ADC?) that none of my Linux utilities can break open. I'll need to investigate that more tomorrow.