|
Thermopyle posted:lol, am I on Slashdot in 2002 I didn't see anyone call it "Micro$haft windurrrs" here so I think you're giving /. too much credit. I'm running across ridiculous IO latency that I can't track down. 2+ second stalls on SSD. Very visible in things like tab completion - it just hangs for a while when it should be basically instant. BTRFS on 4.8.9. It's not consistent, even if I drop the caches and try to reproduce. I'd say "SSD is failing" but it SMARTs fine and random access benchmarks return the same performance it's always had. Are there any analyzers for blktrace so I can leave a log running and try to run through it after I see a stall? I'm looking for something causing an IO storm that would explain what I'm seeing. 840 EVO 250GB code:
|
#
¿
Dec 8, 2016 23:43
|
|
|
|
| # ¿ Apr 23, 2024 09:06 |
|
|
ToxicFrog posted:Are you sure btrfs isn't the problem? When I used it I was plagued with random slowdowns and things blocking on IO that really shouldn't be, although if it's only ~2 seconds for you it's been much improved. Switched to XFS and ZFS on the same disks and the problems went away. Well, I can't be certain it's not BTRFS, but I'm running a basically identical setup on other machines (btrfs on SSD) and not seeing the same stalls. It still could be BTRFS, it's sensitive to free-space fragmentation so differing load patterns lead to accumulating performance differences. I just don't want to give up filesystem-level snapshots or maintain off-tree ZFS to keep them. My backup system is "take a snapshot then backup the snapshot to NAS" so everything is 100% consistent. Then I keep today, yesterday, 1 week and nuke the rest. Having "oh gently caress" recovery from 1hr, yesterday, last week without having to do a full restore from the NAS is nice. I'm not even positive that it's process-originated IO either. It could be writeback getting lumpy or some other bit of stupidity. I'll run blktrace for a while and examine the logs by hand for the timestamp in question. iotop doesn't work because it's polling and refreshes the burst away before I can tab to the window. There really isn't a tool to do what I want, which would be graph IO load and let you click on any point to get the process breakdown. Maybe I'll write it as a viewer for blktrace logs.
|
|
#
¿
Dec 13, 2016 16:58
|
|
|
Double Punctuation posted:Why is a distribution installing music playback libraries for the Super Nintendo by default? Why is that even a thing gstreamer supports? Linux has, hands down, the most ability to play media files bar none. Even bizarro codecs from the late 90s that only ever had proprietary windows decoders that won't work in modern windows have wrappers around the DLL enough to play. I keep running into "why the gently caress can't windows play this, works fine on linux?" when I try to send someone a video clip in an ~~obscure~~ format like .webm or an x264 .mkv. That's also a negative, since as people are discovering - the bar for a media decoder is "does it decode a standard file" and beyond that nobody checks to see what happens when you feed it malicious poo poo. I bet you could rack up 100+ CVEs just by fuzzing all the gstreamer libraries, but you'd have to figure out dozens of undocumented formats well enough to trick the library into trying to decode them. The other half of your question is answered pretty simply: Because they're small, they work, and everyone hates the "You need a new codec to play this file, let me search Windows Update to find one for you" popup that you get if you don't have everything already installed. But yeah, the bitching about archaic permissions systems is justified. Linux protects the trivial-to-reinstall system from the single user, not the impossible-to-replace documents from a rogue process. The only reason there's been no linux port of cryptolocker is that it's way too much effort for the dozen people running linux desktops out there. (Shoutout to the other 11 of you).
|
|
#
¿
Dec 16, 2016 22:24
|
|
|
jre posted:You probably wouldn't need to know anything about the format at all, just what byte string the fuzzer found that caused an error. You need enough bytes in the right places to detect the format and pass it to the library to be tested, though. That's why the attack works by renaming it to .flac: it's a filetype opened by gstreamer, which then ignores the extension and figures out what type it is and gives to the right decoder. Edit: Even if you just fuzz the library directly, they more than likely check some key locations and refuse to parse the file if they don't like what they see. That's what I meant about needing to work with dozens of obscure formats. Harik fucked around with this message at 22:51 on Dec 16, 2016 |
|
#
¿
Dec 16, 2016 22:49
|
|
|
Thermopyle posted:2. Is there a path from where Linux is now to where its security isn't poo poo? Desktop android is a start. Even with a kernel vulnerable to the latest "change the contents of any file you can read" exploit, phone rooters haven't been able to turn that into real root access. Security contexts are a bitch to bypass, because they need to find something they can change that runs in the correct context so they can grant permissions to their process and keep them. They'll find something eventually, but it's still an incredibly impressive security firewall. So far it's only led to changing some XML files to enable wifi tether without paying for the plan. The problem, as I alluded to earlier, is that unix security is protecting the OS from the users, and users from other users. It's not a good model for a single-user system where the OS is a trivial install (USB install diskto booted debian is what, 5 minutes tops?) It's not that different from windows - without a priv elevation exploit cryptolocker can only ransom your files. Unfortunately, that's the only part of a computer that anyone gives a poo poo about - their pictures, their documents, their work. Going forward, isolation isolation isolation. Everything a user does runs in the same security context, with the same read/write access to everything they hold dear. Security contexts, limited filesystem visibility and some sort of access arbitrator for things (documents, media, whatever) that you have to go through instead of just using open(). If firefox/chrome was limited to seeing it's own prefs directory + a download directory, and there was a mechanism that it could request the user select a file elsewhere and be handed the FD, that would be a massive improvement. Run email and chat clients the same way. For the most part, you'd never even notice, except everyone's file upload/attach/send file dialogs would be standardized because the browser/email/chat program has no real filesystem access, so it has to ask a program which can see the filesystem, and won't hand it anything without the user actually selecting the file. I think it's possible to get there, but it would require someone with an interest in desktop linux instead of server linux pushing forward with it. One of the nice bits about linux is you can pass a FD between processes, so there's no overhead to accessing a file through an arbitrator instead of directly. Ciaphas posted:It's been a very long time since I've tried to administer a Linux system, so I don't really know what I'm doing anymore. What's the 'right' way to run GUI applications in linux land over an SSH connection? Or do I have the right idea and I have something misconfigured? (I know VNC is a thing, but I'm not a fan of that either. Something about the way it authenticated last time I tried it just bothered me.) Mount the server via SSHfs and use whatever GUI editor you want locally. You never want to use a remote GUI over the internet except in emergencies. Even LAN is painful, because all those nice shared-memory optimizations go out the window and everything has to be updated pixel by pixel. Step one would be to fix your local VMs though, this isn't rocket science, poo poo just works and there's pre-installed containers for every flavor of VM out there. Harik fucked around with this message at 00:11 on Dec 20, 2016 |
|
#
¿
Dec 20, 2016 00:06
|
|
|
evol262 posted:Same filesystem. Kernel won't matter here. It's either that, or the ubuntu selinux tags are slightly different than the ones on fedora. You'll get the same effect if you try to rsync to FAT, for instance, as it will throw an error for the uid/gid/permissions portion. The data is fine. To be absolutely sure, you could always recursively md5 on both systems and compare the output. Computer Serf posted:Looking to run a local development environment for several servers. What are you trying to do with the additional NICs? One should be fine for most VM uses (but beware hairpin NAT issues that even multiple NICs won't really help with.)
|
|
#
¿
Dec 31, 2016 01:36
|
|
|
Computer Serf posted:Just trying to experiment and learn about multi-server environments for isolating a database server from various external servers sending requests. As long as you're just simulating connecting/disconnecting the ethernet cable, you should be able to do that entirely in software, no NICs required. Just brctl delif <bridgename> <VMs host interface> to disconnect, and addif to put it back.
|
|
#
¿
Dec 31, 2016 05:22
|
|
|
I'm banging my head against the awesomeness/catastrofuck that is systemd. Something is going horribly wrong in early boot, and stealing 8GB of ram. init=/bin/bash leaves me with 35MB used. exec systemd --unit=emergency.target, enter root password, used is over 8GB. I'd love to step-by-step the boot process. gently caress, I'd love to tell it to single-thread and run a command after each target and I could pretty quickly isolate WTF is going on. Nothing big is showing up in tmpfs, and no process has much memory used - a few hundred meg is the sum of everything running at that point. It's actual real reserved memory - not buffers/cache or anything like that. Ideas? Specifically on sysvinit: I don't need help debugging the memory problem, I need help getting visibility into the boot process. Edit: emergency target is still ~35MB, rescue.target has eaten 8GB. Edit2: Holy gently caress it's literally impossible to do this. systemd.confirm_spawn turns itself off once you've reached the desired target, there's no way to force single-threading of boot for diagnostic purposes, and no way to ... well, do loving anything. I'm going to have to loving make my own systemd binary that shells out before and after it launches each target just to test this poo poo. gently caress. I've narrowed it down emergency.target -> dbus.service starting dbus.service eats 8GB of ram, permenantly. Of course, it also does a billion other things so it's impossible to diagnose because you can't loving do them in order and check each one. I like the boot time but holy poo poo no you do not get to eat half my RAM. Harik fucked around with this message at 16:56 on Jan 13, 2017 |
|
#
¿
Jan 13, 2017 15:30
|
|
|
Well, first problem is emergency.target cannot do anything at all without dbus - it just hangs for every unit then finally times out. So I have to start dbus.target first... and that eats the 8gb. dbus is so fundamental it's not even listed as a target: pre:... ● │ ├─tmp.mount ● │ └─var-lib-machines.mount ● └─swap.target ● └─dev-disk-by\x2dlabel-SWAP.swap So, tried this: boot to emergency. 35 MB used, cool. systemctl start dbus.target gently caress. 8GB eaten. GODDAMNIT. Dbus does so much poo poo on startup aaaah. Edit: Ok, not quite so much. The actual problem is lazy dependencies. swap.target doesn't depend on dbus, it just seemed like it does. It's actually depending on something else in sysinit.target, but they're letting it retry until that other thing launches instead of putting in a dependency. That's what was driving me batshit insane - systemd-analyze always showed the swap target happening first, but it only _STARTED_ first, it didn't complete until something else started. Probably systemd-udev. When I ran through the rescue-dependancies forward it actually worked properly, and I found the culprit. The problem was some installer or other dropped vm.nr_hugepages=4000 in sysctl.d. What's astonishing is that reservation is completely invisible in the usual places - at least, I can't find it in any of the /proc files. It's astonishing how impenetrable systemd is. All I wanted was an ACCURATE accounting of how the boot happened, and it can't manage that. E2: BTW, Thanks, ToxicFrog. I was using systemd-analyze but it wasn't getting me anywhere. I think it was mostly your expectation that starting services should work in emergency mode that led to me trying one of the others at random (none of swap or mount worked) and then I figured out the lazy dependency problem. Harik fucked around with this message at 18:00 on Jan 13, 2017 |
|
#
¿
Jan 13, 2017 17:02
|
|
|
|
| # ¿ Apr 23, 2024 09:06 |
|
|
Truga posted:"sort -h" sorts human readable HOLY poo poo. I've been doing *ix poo poo for 20+ years and I didn't know that. The XY problem above is "How do I translate 'rootfs' into a block device because my special snowflake system didn't associate it right" I've seen that happen before, with actual block-backed filesystems that are just marked "rootfs /" in mtab. See if you have busybox rdev applet Harik fucked around with this message at 19:17 on Jul 28, 2018 |
|
#
¿
Jul 28, 2018 18:42
|
|