|
Wicaeed posted:Currently work for a firm that is 99% Windows (AD DNS/DHCP, Auth, PKI), but is working on an accelerated timeline for moving many of their applications over to Containers running on Linux. Before Devs ask to start just throwing Linux boxes into our environment, I want to be aware of any gotchas before we start deploying stuff, things pre-populating UIDs/GIDs to make sure they match across environments, patch management, system imaging, etc. Wicaeed posted:Most likely it will be a RHEL environment, and I'm sure RedHat is more than happy to charge $$$ for consultants to tell us all this, but I thought I'd ask if anyone has any good information here. Spent a fair bit of time with this recently. Honestly if your going to run it past a few hosts/apps pick an orchestrator. You really want to provide a management plane dev's can access and "provision" in a secure environment vs letting them run random containers/sudo access to the docker command. At the lower levels take a look at something like coreos or atomic as the os is basically a kernel and a container daemon the exposure is low as its hardened with apparmor or selinux and updates/patching is pretty simple/low risk with ostree. If I can say anything the platform/docker for us wasn't a major factor but the change in practices/tooling/mindset. We've been working with active parties to help champion the process but it really requires moving from admin type duties to release engineering. We've spent more time helping dev teams get up to speed with ci/cd workflows then on the platform itself. Users that now have access with oc commands to their own pods (rsh/logs -f/cp/rsync) were super happy and we have have easy to manage rbac controls. One thing we ran into with tools like s2i (which builds containers off code in openshift) can help in a lot of area's but getting teams to use proper dependency management has been an area we've had to help out on. Where our power users needed we've found running minishift/minikube to have the same sort of platform inside virtualbox on the go valuable. As mentioned registry scanning is going to be crucial to identify possible risks and required rebuilds of code or updates. Docker's enterprise trusted registry is really nice in this area as you can setup rules around scans/pushes, but insights has recently released a ci scanner in beta but there's not much to tell you what's not secure in the openshift registry built into the platform. The recommended way on openshift was to use cloudforms (a subset version is included with the platform) to scan the registry with openscap to enforce compliance. Cannot report back too much on how it works in practice yet. tl;dr provide some sort of platform via an orchestrator (kubernetes/docker ee/openshift origin) on linux distros aimed for this purpose(coreos/atomic). Don't let the users have OS level access and don't run privileged containers(outside edge-cases).
|
#
?
Nov 16, 2017 04:23
|
|
|
|
| # ? Apr 25, 2024 12:54 |
|
|
Wicaeed posted:Currently work for a firm that is 99% Windows (AD DNS/DHCP, Auth, PKI), but is working on an accelerated timeline for moving many of their applications over to Containers running on Linux. Before Devs ask to start just throwing Linux boxes into our environment, I want to be aware of any gotchas before we start deploying stuff, things pre-populating UIDs/GIDs to make sure they match across environments, patch management, system imaging, etc. AD is essentially DNS+DHCP+LDAP+krb+cLDAP, from a backend perspective. You can leave DNS and DHCP on Windows if you want, or set up dynamic DNS on Linux. Make sure you have appropriate ldap._tcp... and other DNS records if you still want Windows boxes and want them to automatically find any Linux AAA servers. IPA will do all of this for you (you'll just miss out on GPOs) Don't prepopulate anything. Use Ansible, salt, puppet, or whatever to add any users you need, and you set up pam_ldap and pam_krb5, or just use pam_winbind. Then you can keep central auth in the same place, and not futz with uids/gids. Viktor posted:Spent a fair bit of time with this recently. Honestly if your going to run it past a few hosts/apps pick an orchestrator. You really want to provide a management plane dev's can access and "provision" in a secure environment vs letting them run random containers/sudo access to the docker command. At the lower levels take a look at something like coreos or atomic as the os is basically a kernel and a container daemon the exposure is low as its hardened with apparmor or selinux and updates/patching is pretty simple/low risk with ostree. Seconding an orchestration tool. I like openshift, since it's basically k8s++, but anything works. If all you're going to use is containers, coreos or atomic or Alpine are great. However, all of these have relatively poor visibility into CVEs (even if the attack surface is smaller in theory, though a minimal centos host or whatever will have a similar surface). Additionally, it's challenging to install any vendor tooling you may want for hpasmcli monitoring or whatever. Super-privileged containers work sometimes, but lots of vendors haven't done the work to containerize it yet, so you have to do it yourself if support tooling is important your business. Similarly, actually pulling metrics from the host with SNMP or prometheus or whatever can be a mess without super-privileged containers, or figuring out exactly what privileges it needs yourself. Viktor posted:If I can say anything the platform/docker for us wasn't a major factor but the change in practices/tooling/mindset. We've been working with active parties to help champion the process but it really requires moving from admin type duties to release engineering. We've spent more time helping dev teams get up to speed with ci/cd workflows then on the platform itself. Users that now have access with oc commands to their own pods (rsh/logs -f/cp/rsync) were super happy and we have have easy to manage rbac controls. One thing we ran into with tools like s2i (which builds containers off code in openshift) can help in a lot of area's but getting teams to use proper dependency management has been an area we've had to help out on. Where our power users needed we've found running minishift/minikube to have the same sort of platform inside virtualbox on the go valuable. An important caveat here if you use openshift is that it doesn't want containers which run as root by default. This is good. But see above -- you'll either need separate tenants with different rules (both for permissions and host pinning for the pods) for host monitoring, or to manage those containers outside of your orchestration tool with systemd units or whatever. Ultimately, this isn't a big deal, but it's another caveat. Viktor posted:As mentioned registry scanning is going to be crucial to identify possible risks and required rebuilds of code or updates. Docker's enterprise trusted registry is really nice in this area as you can setup rules around scans/pushes, but insights has recently released a ci scanner in beta but there's not much to tell you what's not secure in the openshift registry built into the platform. The recommended way on openshift was to use cloudforms (a subset version is included with the platform) to scan the registry with openscap to enforce compliance. Cannot report back too much on how it works in practice yet. My experience has been that you're better off building your own registry from docker trusted registries and whatever you need on top, or only using the "official" openshift containers (nodejs, Jenkins, etc) as base images. Once you get to "community" images, it's a free-for-all
|
|
#
?
Nov 16, 2017 14:39
|
|
|
What the gently caress... I just installed ubuntu on my desktop and i thought i'd try out kodi 'cause a program that i use to watch stuff seems interesting. I install it through apt-get, nothing out of the ordinary and it shows up in the app list like normal. I then restart to let an unrelated change take effect and all of a sudden kodi has completely taken over my computer!!! It boots straight into kodi, and trying to exit just goes to a command line screen, with kodi restarting after about a minute. Even trying to mess with the display settings (since it seems to think my secondary monitor is the primary) screws everything up, glitching the display, mouse pointer, interface, and everything. Trying to go windowed just sticks it into the corner of the monitor at 1/8 the size. Is it all possible to use kodi like you can on windows/osx where its just a program you can load/exit at will?
|
|
|
#
?
Nov 20, 2017 20:34
|
|
|
Watermelon Daiquiri posted:What the gently caress... I just installed ubuntu on my desktop and i thought i'd try out kodi 'cause a program that i use to watch stuff seems interesting. I install it through apt-get, nothing out of the ordinary and it shows up in the app list like normal. I then restart to let an unrelated change take effect and all of a sudden kodi has completely taken over my computer!!! It boots straight into kodi, and trying to exit just goes to a command line screen, with kodi restarting after about a minute. Even trying to mess with the display settings (since it seems to think my secondary monitor is the primary) screws everything up, glitching the display, mouse pointer, interface, and everything. Trying to go windowed just sticks it into the corner of the monitor at 1/8 the size. Is it all possible to use kodi like you can on windows/osx where its just a program you can load/exit at will? It has probably just set itself up as your window manager. Try to select a different window manager when you login:
|
|
#
?
Nov 20, 2017 20:58
|
|
|
IIRC it's possible to run Kodi as a full session (as opposed to e.g. gnome or unity), but that's not the default. It is absolutely possible to run kodi as a "normal" application; that's what I do. Do you remember what packages you installed? Before you log in after booting there should be an option somewhere to choose what kind of session you want. I don't use ubuntu so I can't tell you exactly where and what button that is, but it's probably somewhere around where/after you select which user to use. edit: beaten; see above screenshot ^^^
|
|
#
?
Nov 20, 2017 20:59
|
|
|
Watermelon Daiquiri posted:What the gently caress... I just installed ubuntu on my desktop and i thought i'd try out kodi 'cause a program that i use to watch stuff seems interesting. I install it through apt-get, nothing out of the ordinary and it shows up in the app list like normal. I then restart to let an unrelated change take effect and all of a sudden kodi has completely taken over my computer!!! It boots straight into kodi, and trying to exit just goes to a command line screen, with kodi restarting after about a minute. Even trying to mess with the display settings (since it seems to think my secondary monitor is the primary) screws everything up, glitching the display, mouse pointer, interface, and everything. Trying to go windowed just sticks it into the corner of the monitor at 1/8 the size. Is it all possible to use kodi like you can on windows/osx where its just a program you can load/exit at will? Usually if you install a new session type, the package name would be like "kodi-session" So don't install that. Not at a computer to check actual package names though.
|
|
#
?
Nov 20, 2017 21:42
|
|
|
Hey, I have a quick question, but it might be very specific and niche so, sorry. I am probably mis-configuring something, but basically I need to be able to type in English and also simplified Chinese with a pinyin keyboard. I'm on Mint 18.2 xfce. I installed Fcitx to manage the two input methods. I've also installed the google pinyin package (I tried out a couple other pinyin packages too, but it makes no difference.) If I switch to pinyin I can start typing Chinese characters almost as expected. The thing is, with Chinese, there are many characters that are the same in pinyin (or just have different tones.) On Windows and other OSs, when you type a word like "shi" for example it will show a little menu with all the possible "shi" characters. I swear at one point on another install Mint was doing this too. Now, I dont get any window showing me the possible characters as I type. I just type, and I guess it guesses the first possible "shi" and goes with that. I've dug through the fcitx configs and tried tweaking a few things, but I cant find much that seems relevant and nothing I do gets me the Chinese character bar. Any ideas how to make this work? Here's an example of another OS handling this correctly. 
|
|
#
?
Nov 21, 2017 01:21
|
|
|
BrainDance posted:Hey, I have a quick question, but it might be very specific and niche so, sorry. I am probably mis-configuring something, but basically I need to be able to type in English and also simplified Chinese with a pinyin keyboard. Are you trying to enter text into a gtk program? A qt program? Or a terminal? If you've only tried one of these you might want to try another just to see if there is a difference. When you say you installed the input methods, you enabled them in fcitx, right? fcitx also has to be running, but if you actually can actually use its configuration utility and see the input methods and can input stuff using it, then obviously that isn't the issue. For japanese at least, fcitx is definitely able to display the candidates properly, so unless there's some issue with the Chinese input methods for it specifically I don't know why that wouldn't be working. Also, I had some issues with the input window appearing in the wrong place with Wayland, but I don't think Mint uses Wayland so that shouldn't be an issue. (You also probably would have noticed if the candidate window was just appearing in the wrong place such as at the upper left of your screen, I imagine.) mystes fucked around with this message at 03:19 on Nov 21, 2017 |
|
#
?
Nov 21, 2017 03:15
|
|
|
hooah posted:Now for a strange graphical thing. Some windows (terminal, file browser, settings, Ubuntu Software) have a dark bar under them and a weirdly-shaded bar on top, as you can see in this screen shot of the terminal: Does anyone have any idea what's going on here?
|
|
#
?
Nov 21, 2017 03:43
|
|
|
mystes posted:This is probably a silly question, but are you sure you're actually using fcitx? The input method settings are always complicated because there are different settings qt, gtk, etc., although hopefully whatever you use to configure it is setting up all of these things. I thought so, xfce (mint?) has a little language settings program that lets you choose input method, and I made sure fcitx was always chosen. Although I seem to have accidentally fixed it. I purged fcitx-config-gtk, fcitx-frontend-gtk2, fcitx-ui-classic and fcitc-googlepinyin, and then reinstalled all of them. Suddenly more options appear in the same place I was looking before, related to appearance of the text display window. Works now though, don't know why it wasn't working in the first place but whatever. I have another question though that just came up. It's unrelated to the other stuff, but still Mint, xfce. I have a 2nd display, and I would like xfce4-terminal to run fullscreen, no window borders on the second display at logon. I've been reading through xfce-terminal's man pages and put together something that almost does it. 'xfce4-terminal --display=2 --maximize --hide-borders'. It doesn't start it on my 2nd monitor though (and I've tried it with other numbers too, I have this other program that needs the display specified, and setting it to 3 gets it to output on this other monitor. Not with --display= for xfce4-terminal though) I've tried also "--default-display=2" but, same deal, just goes fullscreen on my first, main display. I'm using the proprietary nvidia drivers. In nvidia's x server settings it shows both physical displays but then makes them both a part of "x screen 0", like it was one 3840x1080 display spanning across both monitors. Is that maybe part of the problem? How else could I go about doing this?
|
|
#
?
Nov 21, 2017 04:58
|
|
|
Here I go blowing away another disk drive. I'm going to reduce the size of an encrypted LVM partition so I can create a new, encrypted lvm partition that I can install a new os into. The guide detailing this process explains 7 step process and has 10 warning (!) bubbles scattered around the page, so I know I'm doing something serious.
|
|
#
?
Nov 23, 2017 04:29
|
|
|
What are some good alternatives to Evolution for (Exchange) email? Evolution looks really ugly and I can't figure out how to change the theme and it's also kind of buggy from what I've used/seen in the past week with the latest version on Fedora 27.
|
|
#
?
Nov 25, 2017 14:17
|
|
|
gmail
|
|
#
?
Nov 25, 2017 14:26
|
|
Associate Christ
|
Boris Galerkin posted:What are some good alternatives to Evolution for (Exchange) email? Evolution looks really ugly and I can't figure out how to change the theme and it's also kind of buggy from what I've used/seen in the past week with the latest version on Fedora 27. Thunderbird works OK with a not massively expensive plugin called ExQuilla. It's a little slow for larger mailboxes but it's basically fine and works with calendars as well as email. Alternatively if you're allowed to use IMAP with Exchange then things like KMail start working and that's far nicer IMO than Evolution. Also, if you're got a relatively modern Exchange setup then OWA works just fine. The 2016 version is arguably better than the Outlook version anyway, and it's theme-able and tweak-able to a fairly decent level.
|
|
#
?
Nov 25, 2017 15:38
|
|
|
Major Ryan posted:Also, if you're got a relatively modern Exchange setup then OWA works just fine. The 2016 version is arguably better than the Outlook version anyway, and it's theme-able and tweak-able to a fairly decent level. OWA is great. I use it for group mailboxes because Outlook 2010 doesn't easily let you choose which email accounts get new email popup alerts and which don't.
|
|
#
?
Nov 25, 2017 17:26
|
|
|
Apparently 1Password released a Chromium plugin called 1Password X which works in Linux. You have to use Chrome/Chromium but trying it out it works just like the regular browser plugins. You can even set the same familiar hotkey to autofill. This is pretty awesome. waffle iron posted:OWA is great. I use it for group mailboxes because Outlook 2010 doesn't easily let you choose which email accounts get new email popup alerts and which don't. We have a webmail.website.com portal that launches OWA but I get this lovely version instead of the modern looking one. If I login from microsoft.com then it says I have Word and PowerPoint (and some other things) available, but not Outlook or mention of Webmail. Major Ryan posted:Thunderbird works OK with a not massively expensive plugin called ExQuilla. It's a little slow for larger mailboxes but it's basically fine and works with calendars as well as email. IMAP is available so I don’t need Exchange. In that case I’ll take a look at Thunderbird since I’d rather not install all of the KDE dependencies to run a mail client 
|
|
#
?
Nov 27, 2017 21:10
|
|
|
I would really be wary of those browser plugins that fill passwords from online password managers. They had bugs in the past where they could be tricked to fill in the password for a different site and surely they aren't 100% now nor can they ever be 100% (don't remember if it was 1password or lastpass , but it doesn't really matter).
|
|
#
?
Nov 28, 2017 01:35
|
|
|
It was probably Lastpass, going from memory of the security troubles they've had over the last couple of years. I switched from Lastpass to Keepass when they absolutely hosed the UI in Linux. I had been thinking about switching for a while and that one nailed it. I'm glad I switched to Keepass, even moreso now that KeepassXC gives cross-compatibility and a nice, clean UI. I use the CTRL-v method in KeepassXC to inject the username + <carriage return> + password + <carriage return> combo into websites. Anyone know if this is potentially vulnerable? Does it just send the data through the dbus in Linux? Is dbus a pretty secure thing?
|
|
#
?
Nov 28, 2017 01:42
|
|
|
Boris Galerkin posted:Apparently 1Password released a Chromium plugin called 1Password X which works in Linux. You have to use Chrome/Chromium but trying it out it works just like the regular browser plugins. You can even set the same familiar hotkey to autofill. This is pretty awesome. Just one note it only works with their paid monthly storage service. You cannot use any sort of local/3rd party provider.
|
|
#
?
Nov 28, 2017 02:24
|
|
|
Speaking of "KeeWhateverPass", which one is the latest one? Looking at my KDE menu I have 3 Kee programs showing up: KeePass, KeePassX 2 and KeePassXC. UI-wise they're ... fine, whatever, nothing to see here. But under the hood, is there a difference? Is one more competently updated than the other one?
|
|
#
?
Nov 28, 2017 03:01
|
|
|
Volguus posted:Speaking of "KeeWhateverPass", which one is the latest one? Looking at my KDE menu I have 3 Kee programs showing up: KeePass, KeePassX 2 and KeePassXC. UI-wise they're ... fine, whatever, nothing to see here. But under the hood, is there a difference? Is one more competently updated than the other one?
|
|
#
?
Nov 28, 2017 03:07
|
|
|
FWIW, I find KeepassXC much more pleasant to use. It seems to have a more active community behind it, too. There's an update every couple of months and it's compatible with all database files, whereas with the more legacy versions you used to have to choose which program to use depending on whether you were using a Keepass or Keepass v2 database file.
|
|
#
?
Nov 28, 2017 03:24
|
|
|
Hi all, I have a small problem with a Linux VM. It runs on my KVM machine and has the USB controller on my server passed through to it. Attached to this USB controller is an Xbox TV Tuner for which I compiled the latest media_build driver for TV Headend. I had a power failure and now it does not seem to load the driver anymore for the Tuner, at least it does not show up in TV headend anymore. lsusb gives the following: code:
|
|
#
?
Nov 30, 2017 18:32
|
|
|
Mr Shiny Pants posted:Hi all, check lsmod for the drivers themselves
|
|
#
?
Nov 30, 2017 18:39
|
|
|
RFC2324 posted:check lsmod for the drivers themselves Yeah, it wasn't loaded. It seems like my kernel got an upgrade to .17 and now the drivers won't load. Something about an unknown symbol. I tried a git clone again but the build fails: code:
|
|
#
?
Nov 30, 2017 20:35
|
|
|
Mr Shiny Pants posted:Yeah, it wasn't loaded. It seems like my kernel got an upgrade to .17 and now the drivers won't load. Something about an unknown symbol. I tried a git clone again but the build fails: The easiest thing is to keep booting the old kernel. But if you have the source of the driver you can fix it if you want and know.
|
|
#
?
Nov 30, 2017 20:39
|
|
|
Volguus posted:The easiest thing is to keep booting the old kernel. But if you have the source of the driver you can fix it if you want and know. I have the source, and the drivers seem to not build since today ( figures, the guy keeps a log from the build proces: https://hverkuil.home.xs4all.nl/logs/Thursday.log ) so I was thinking of just resetting GIT to the last commit that seems to work ( monday ) but I am still figuring out how to do that . Edit: booting the older kernel works, much easier. Thanks guys. Yup, all is well again. I can watch TV again 
Mr Shiny Pants fucked around with this message at 20:51 on Nov 30, 2017 |
|
#
?
Nov 30, 2017 20:46
|
|
|
People who have set up GPU passthrough on a home system for gaming with a VM, was there a particular guide or method you followed? I spent a few hours searching around for information and working on a method that started with installing the mainline kernel with my CentOS box, but I ended up with being unable to use Kimchi at all due to XML-RPC errors with wokd and unable to start my configured VM in virt-manager due to permissions errors with KVM files. At this point, I plan to blow away the packages and start over and I think a fresh approach might be good.
Eletriarnation fucked around with this message at 04:54 on Dec 1, 2017 |
|
#
?
Dec 1, 2017 04:51
|
|
|
I use Arch and followed this: https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVMF More or less. It shouldn't be too Arch specific, and it's not completely comprehensive (I remember having to setup networking, and a lot of tuning can't be done through virt-manager directly, but with virsh edit). Also both AMD Processors(Ryzen & Threadripper specifically) and nVidia graphics cards have gotchas you really need to work around, but those are mentioned on the wiki.
|
|
#
?
Dec 1, 2017 05:04
|
|
|
Eletriarnation posted:People who have set up GPU passthrough on a home system for gaming with a VM, was there a particular guide or method you followed? I spent a few hours searching around for information and working on a method that started with installing the mainline kernel with my CentOS box, but I ended up with being unable to use Kimchi at all due to XML-RPC errors with wokd and unable to start my configured VM in virt-manager due to permissions errors with KVM files. At this point, I plan to blow away the packages and start over and I think a fresh approach might be good. I used this one: https://ycnrg.org/vga-passthrough-with-ovmf-vfio/ Because it was recent. Worked for my Windows 8.1 install.
|
|
#
?
Dec 1, 2017 06:56
|
|
|
Eletriarnation posted:People who have set up GPU passthrough on a home system for gaming with a VM, was there a particular guide or method you followed? I spent a few hours searching around for information and working on a method that started with installing the mainline kernel with my CentOS box, but I ended up with being unable to use Kimchi at all due to XML-RPC errors with wokd and unable to start my configured VM in virt-manager due to permissions errors with KVM files. At this point, I plan to blow away the packages and start over and I think a fresh approach might be good. Not much has changed recently. You should just follow this, because it's very complete, and written by the lead engineer. The arch wiki and other blogs pretty much just crib from this without actually understanding it. Use plain virt-manager (kimchi is not necessary for this at all), make sure that /var/lib/libvirt/images has the right permissions, and make sure you're not getting selinux problems (temporarily putting it in permissive may help instead of just failing to do whatever it was)
|
|
#
?
Dec 1, 2017 13:36
|
|
|
Yeah - I couldn't figure out what was going on with /var/lib/libvirt/images permissions and that prevented me from using LVM for my install destination, but then I just switched to a file on my RAID and was able to move on. Now that I have the VM created though, I'm running into a different issue. It seemed to work normally on the first boot, but after that it gets stuck at the TianoCore splash screen with "Start boot option" across the bottom. When I check the log, I notice this: Dec 1 15:45:35 eden kernel: vfio_ecap_init: 0000:01:00.0 hiding ecap 0x19@0x900 Dec 1 15:45:35 eden kernel: vfio-pci 0000:01:00.0: BAR 1: can't reserve [mem 0xe0000000-0xefffffff 64bit pref] Dec 1 15:45:35 eden kernel: vfio-pci 0000:01:00.1: enabling device (0000 -> 0002) Dec 1 15:45:37 eden NetworkManager[1021]: <info> [1512161137.0067] device (macvtap0): link connected Dec 1 15:45:37 eden kernel: vfio-pci 0000:01:00.0: Invalid ROM contents It's not clear to me whether it's unable to read the ROM or the ROM isn't EFI compatible - the second seems unlikely though, since it did seem to work once and the card is a 1050. I tried pulling out the ROM to look at it as described in this page but I can't get anything so I'm currently trying to figure out why that is. e: The problem may or may not be related to using the Q35 chipset on my VM, which appears to be required for the secure boot version of OVMF that I got through CentOS repos. The tutorial specifically says 440BX is needed, but virt-manager throws an error if I try to combine it with UEFI so I may need to either get a different version of OVMF or edit the config file manually. I found the a copy of the ROM for my card online and confirmed that it definitely does have an EFI mode, at least. e2: I seem to have fixed the ROM issue by enabling passthrough mode for IOMMU, I think? Still couldn't figure out how to resolve the permissions errors with the qemu user trying to boot off of LVM, but the dirty hack of telling QEMU to do everything as root fixed it. I'll have to clean this process up next time, but for now I'm booted into Windows and seeing the 1050 in Device Manager so I'm pretty sure it worked. e3: God drat it, Nvidia. Locking out 3D acceleration in VMs? Really? Eletriarnation fucked around with this message at 05:49 on Dec 2, 2017 |
|
#
?
Dec 1, 2017 22:03
|
|
|
Eletriarnation posted:
|
|
#
?
Dec 2, 2017 09:02
|
|
|
Yeah, I checked into that and apparently at this point to get it to work with current drivers you have to lock out some Hyper-V extensions too that commenters say actually affect performance. gently caress that noise, the 1050 is still well within the return period and Amazon has an RX 460 for $85 so I'll switch teams.
|
|
#
?
Dec 2, 2017 17:11
|
|
|
Eletriarnation posted:Yeah, I checked into that and apparently at this point to get it to work with current drivers you have to lock out some Hyper-V extensions too that commenters say actually affect performance. gently caress that noise, the 1050 is still well within the return period and Amazon has an RX 460 for $85 so I'll switch teams. Yeah, this is exactly the route I am taking. gently caress them.
|
|
#
?
Dec 2, 2017 19:34
|
|
|
Eletriarnation posted:Yeah, I checked into that and apparently at this point to get it to work with current drivers you have to lock out some Hyper-V extensions too that commenters say actually affect performance. gently caress that noise, the 1050 is still well within the return period and Amazon has an RX 460 for $85 so I'll switch teams. My 1080 I don't need to disable the hyper-V extensions, just kvm hidden. I'm getting almost indistinguishable performance out of my 1080, so if you didn't want to switch it might be worth trying kvm hidden. Also both Q35 and BX440 are fine. Just make sure you're not trying to use IDE devices with Q35. the 440i emulation is just more well tested / more mature. But it's a very old architecture.
|
|
#
?
Dec 2, 2017 23:48
|
|
|
I've got two machines running Ubuntu 16.04 and Logwatch 7.4.2, both with identical logwatch.conf files that have MailTo and MailFrom set appropriately. Both also have identical postfix configs to relay mail to Amazon SES. One machine sends the logwatch email just fine, the other fails with: code:
|
|
#
?
Dec 3, 2017 07:26
|
|
|
SoftNum posted:My 1080 I don't need to disable the hyper-V extensions, just kvm hidden. I'm getting almost indistinguishable performance out of my 1080, so if you didn't want to switch it might be worth trying kvm hidden. Which drivers?
|
|
#
?
Dec 3, 2017 09:49
|
|
|
Mr Shiny Pants posted:Which drivers? There are a few flags you need to set in your vm’s xml using ‘virsh edit’ on the cli. These are all documented in the arch wiki page linked earlier. You will only find out if you’ve done it right at the point you are able to install the windows drivers. Ie, the guest is running and you have video output through the passed through GPU. You can also patch the drivers (and run them unsigned) to not do the check if you are running a different hypervisor (eg xen)
|
|
#
?
Dec 3, 2017 12:38
|
|
|
|
| # ? Apr 25, 2024 12:54 |
|
|
Yeah, I went back and tried both methods listed in the wiki (setting KVM to hidden and adding vendorID to Hyper-V extensions, as well as just disabling Hyper-V extensions entirely) and after each I'm still seeing Code 43 in Device Manager. I also tried some script from GitHub that modifies the drivers downloaded from Nvidia and claims that they won't trigger the issue if installed after modification, but it doesn't help either. It's academic at this point, the RX 460 is in the mail. I am sure that Nvidia doesn't give a poo poo anyway but I like the idea of sending some kind of message with the purchase. Eletriarnation fucked around with this message at 22:47 on Dec 3, 2017 |
|
#
?
Dec 3, 2017 16:41
|
|