Ubuntu 18.04 & Gnome 3

I’ve upgraded three computers to Ubuntu 18.04. Although I appreciate the modern software (including LibreOffice), each upgrade has had different issues.

Lenovo Server: upgrade was rocky because the root partition ran out of space part way through the upgrade. I hand-recovered and managed to get it to finish. Later, the journal (systemd journal) went nuts and filled up my root partition (which is shared with /var) with log messages — causing so much I/O that it was quite slow to log in to my computer. Once I figured out how to vacuum the journal, I recovered space, and set the journal size smaller. Now it seems to be working well.

System76 Galego Ultrapro: upgraded without a hitch. However, power management is less-than stellar. It won’t go to sleep when I want it to, and it comes out of sleep when I don’t want it to.

Lenovo P50 with NVidia graphics card: It worked better at driving two external monitors with Ubuntu 16.04. It mostly works with 18.04, but it’s more temperamental. The upgrade didn’t go smoothly, aborted early, and I had to hand-recover, which, fortunately, worked out. I needed a new version of VMWare Workstation.

Things I appreciate about Gnome 3 (Ubuntu 18.04):

  • Keyboard shortcuts, including WINDOWS + left-click-window + drag
  • Window snapping: WINDOWS-LEFT, WINDOWS-RIGHT, etc. Very similar to Windows
  • High-DPI support works well, which is excellent for my Lenovo P50 with a 4K display (4K is too much resolution for a laptop screen, but it was the only option with the Xeon processors).
  • Looks great

Things I dislike about Gnome 3 (Ubuntu 18.04):

  • Clock doesn’t include day of month by default. Requires gnome-tweak tool to enable. Sloppy and difficult.
  • Too many clicks to get to network settings, including VPN. It used to be easier.
  • Can’t share my connection with wired-via-USB-cable computers anymore. Reported workaround, which doesn’t work at all for me: launch nm-connection-editor.
  • Login screen shows a background instead of a list of users, until I press a button or swipe. Please don’t follow Windows here. It’s dumb.
  • When I zoom in on a folder in Nautilus, it zooms all other folders, including my desktop icons.

Other things I dislike with Gnome — longstanding issues that existed before Gnome 3:

  • Nautilus uses too much white space between images when zooming in on icon view. It should be proportional — like windows Explorer does. I.e. when the images are 0.5×0.5 inches, it’s fine to have 0.5 inches between icons. But when the icons are 3″x3″, I don’t want or need 3″ of white space between icons! (This isn’t an issue with Gnome 3 — it’s a long-standing issue with Nautilus)
  • Nautilus doesn’t show image meta-data such as camera model for images — I like to sort by camera model.
  • Lack of a photo screensaver. I live without it, but it still frustrates me that Gnome is the only desktop, which, by default, doesn’t include one. Windows, Mac and KDE are much better in this regard.

I love using Linux, but Windows is squarely better at some things.

Add a camera via WPS to a LEDE/OpenWRT router

I have some WiFi cameras that can be added to a router via WPS. Here’s how I got it to work with one of my LEDE routers. On the other one, somehow, I broke its ability to do WiFi completely, so this can be dangerous — I had to re-install LEDE. YMMV.

OpenWRT/LEDE Instructions:

First, backup the router config — always a good idea!

Setup:

opkg update
opkg remove wpad-mini
opkg install wpad hostapd-utils
opkg upgrade dnsmasq
cp /etc/config/wireless /etc/config/wireless.orig
vi /etc/config/wireless and change wps_pushbutton to '1' -- but only for one interface.
reboot

Check to see if WiFi is working. If not, use the ethernet port connected to a laptop to log back in, and update the firmware that isn’t broken. There may be a better way, but that’s worked for me.

Put the router into WPS mode (note: this times out after a while):

hostapd_cli wps_pbc

Other instructions say to run this (YMMV):

hostapd_cli -i wlan1 wps_pbc

Within a minute or so, push the WPS mode button on the camera.

Yubikey 4 GPG key generation (Ubuntu)

Install supporting software

sudo apt-add-repository ppa:yubico/stable
sudo apt-get update
sudo apt-get install scdaemon -y
sudo apt-get install python-setuptools python-crypto python-pyscard python-pyside pyside-tools libykpers-1-1 pcscd -y
sudo apt-get install yubioath-desktop yubikey-personalization yubikey-personalization-gui yubikey-manager  -y

Insert Yubikey and Generate key

gpg --card-edit
gpg/card> admin
gpg/card> generate
gpg/card> quit

export and backup the public keys, because the Yubikey only stores the private portion of the key

gpg --armor --export $KEYID > mykey.pub

Require touching the Yubikey button to authenticate, sign, or encrypt:

ykman openpgp touch aut on 
ykman openpgp touch sig on 
ykman openpgp touch enc on 

Change the pin

gpg --card-edit
gpg/card> admin
gpg/card> passwd
gpg/card> quit

Change yubikey information

gpg --card-edit
gpg/card> name
gpg/card> lang
gpg/card> quit

References:

LEDE awesomeness

I’ve had what I thought was a great WiFi router for the past 3 years. The vendor continues to provide firmware updates, which is admirable.

Having heard of the awesome improvements that are being made by folks in the LEDE fork of OpenWRT (in the area of eliminating bufferbloat), I thought it was time for an upgrade. So I purchased an Archer C7 version 2 router, and today, I installed LEDE. Installation was a breeze. Configuring LEDE isn’t as easy as most consumer WiFi routers, but the payoff has been good.

My downstream 2GHz WiFi cameras and networking gear seem to be staying online better, and streaming live video works better as well. I’m not sure if my family notices much of a difference, but I do. I appreciate the folks who have brought me better networking.

Runtime debugging tools for Linux

Here’s a useful presentation on Linux debugging tools — tools that don’t require source code, additional prints or logging.

http://jvns.ca/blog/2016/09/17/strange-loop-talk/

  • strace has a new flag that I didn’t know about: -y, which prints the paths that are associated with file descriptors.

  • opensnoop lets you see the details of open() calls across the entire system, or for an individual process, or for paths containing certain characters, or it can print the file paths that couldn’t be opened.

  • pgrep shows the stack trace of a running process, which can be useful to get an idea of what a program spends most of its time doing.

  • dstat shows system resource stats. It is a replacement for vmstat, iostat and ifstat.

  • htop — a more beautiful ‘top’, and easier to use. I still mostly use ‘top’ because it is installed by default. Other great tools I use include ‘powertop’ and ‘iotop’.

  • ngrep — an alternative to tcpdump, but allows the use of regexes to match plain-text data in packets.

  • tcpdump — useful when troubleshooting network connections between servers.

  • wireshark — a more UI-friendly tool than tcpdump, with dissectors for most protocols

RabbitMQ, memcache, and too many socket connections

What happens when you have hundreds of services connected to RabbitMQ and memcache, and those services have a bug that causes them to keep their previous socket connections open, and repeatedly reconnect to RabbitMQ and memcache?

They crash.

It occurred to me that one can prevent too many connections using iptables on the RabbitMQ and memcache machines. Here’s how:

http://www.cyberciti.biz/faq/iptables-connection-limits-howto/

The corollary is that setting the per-ip connection limit too low can also cause problems.

I’d guess that more commonly public-facing servers like NGINX and Apache don’t have the problem of crashing. Hopefully, they degrade gracefully, and refuse additional connections while continuing to service the connections they already have open.

ip and ss: better than ifconfig and netstat

I’ve been using Linux for a while now, so typing certain commands is fairly ingrained, like ‘ifconfig’ and ‘netstat’. I know about “ip addr”, which is more modern than ifconfig, and I use it sometimes.

This week, I learned about ‘ss’, which is faster than ‘netstat’, and does more. My favorite invocation is “ss -tlp” to show programs listening on tcp sockets.