• Microsoft has announced the Surface Go 2 and Surface Book 3.  (AnandTech)
  
  They're both Intel-based unfortunately, but the Surface Go 2 delivers a 10.5" 550g Windows 10 tablet starting at $399.  1920x1280 screen, 4GB RAM and 64GB eMMC on the base model.  $549 with 8GB RAM and 128GB SSD.
  
  Bezels are kind of chunky though.  And keyboard is extra.
  
  
  
• Lenovo has announced a swarm of new ThinkPads with Ryzen 4000 CPUs.  (AnandTech)
  
  Models now available with the Ryzen 4000 include the E14, E15, T14, T14s, L14, L15, and X15.  Prices start at $639.
  
  
  
• The EU says that you have to give users access to your site even if it needs cookies to work and they refuse to accept your cookies.  (Tech Crunch)
  
  Tech Crunch just happens to do exactly what the EU forbids.
  
  
  
• The Ryzen 1600AF as a cheap server processor.  (Serve the Home)
  
  The 1600AF is a 1600 built on Global Foundries' 12nm process, so it's the exact same architecture as before but with somewhat better power and thermals.
  
  It's not blazingly fast - you'd want to jump up to a 3600 or 3700 if you want speed - but it competes pretty well with Xeons costing two to three times as much.  And all Ryzen desktop chips support ECC even if it's not officially official.  At the price, there's nothing that can match it.
  
  
  
• Someone sneezed in New York, let's cancel the space program.  (ZDNet)
  
  Or let's not and say we did.
  
  
  

Posted by: normal at Friday, May 08 2020 08:32 AM (obo9H)

Posted by: The Brickmuppet at Friday, May 08 2020 09:15 AM (5iiQK)

Posted by: normal at Friday, May 08 2020 09:30 AM (obo9H)

Posted by: Pixy Misa at Friday, May 08 2020 10:59 AM (PiXy!)

Posted by: Pixy Misa at Friday, May 08 2020 01:35 PM (PiXy!)

Posted by: normal at Friday, May 08 2020 01:55 PM (obo9H)

Hide Comments | Add Comment

• IOFlood also has a great server deal.  You'd think a dual 10-core Xeon system would have better performance than a single 8-core Ryzen...  Oh, it does?  Not by a lot though. 
  
  (That second link compares a single CPU, where the IOFlood system has two.  For good measure I threw in the Ryzen 4700U as found in that $649 Acer laptop.  That's also faster than a 10-core Xeon from seven years ago.  It keeps up fairly well with the 3700X given that it has a quarter of the power budget and also a quarter of the cache.)
  
  If I hadn't already got the Ryzen I would have been quite happy with that Xeon system.
  
  
  
• Adult site CAM4 leaked 7tb of user data.  (Wired)
  
  Can you spell Elasticsearch?
  
  Elasticsearch has what is known as the "ELK" stack - Elasticsearch, Logstash, and Kibana - for ingesting and analysing all of your application logs.
  
  Application logs usually contain private user details from debugging messages that escaped to production.
  
  Elasticsearch has, by default, no password protection, so if you connect it to the internet everyone has access to everything.
  
  Not a good combination.  But at least now it has the option of adding a password. Another ten years and it might insist on it.
  
  
  
• Microprose is back!  (Hot Hardware)
  
  Yes, they're planning on remastering some of their classic games, but they're kicking things off with three new ones: Task Force Admiral and Sea Power, two modern naval combat games with realistic 3D graphics, and Second Front, a WWII boardgame brought to life.
  
  
  
• Twitter says, and I quote, fuck all you fucking fucks and the fucking horse you fucking rode in on.  (Tech Crunch)
  
  
  
  
  This will go down as history's worst idea after Bill de Blasio's Stasi Hotline.
  
  
  
• Wait 30 seconds then delete all my files.
  
  Or, do not edit a running shell script.  Not ever.
  
  I knew this, but because long ago I guessed what would happen and tried it out.  Never been burned by this particular gotcha.
  
  
  
• Text rendering hates you.  (GitHub)
  
  Sixbit or bust.
  
  
  
• Text editing hates you too.  (Lord.io)
  
  Sixbit 80x24.
  
  
  
• WinUI is Microsoft's new new new new new new new new new universal UI toolkit for Windows.  (GitHub)
  
  Just ignore all the burned out tanks littering the last hundred miles of highway.  This is the one.
  
  
  
• Intel has a new Xeon W 1200 family.  (Tom's Hardware)
  
  This looks like the workstation versions of the recently announced Comet Lake chips - that is, the exact same chips with ECC enabled and desktop chipset compatibility disabled.
  
  Or there's Ryzen, which is cheaper, uses less power, has more cache, and just works.
  
  
  

Posted by: cxt217 at Thursday, May 07 2020 05:32 AM (4i7w0)

Hide Comments | Add Comment

Twitter: Reloads, aims at feet, empties magazine.

Me: Okay then.  I have a new server and have licensed a new design.  See below for some sample screenshots.  July, maybe?

• Why is there no man page for LXD?  The lxc and lxd commands have help options, but that's it.  Want to know the valid options for --compression on lxc export?  Haha fuck you.  Want to know anything at all about lxc network?  See above.
  
  
  
• The Acer Swift 3 SF314 is a Ryzen 4000U laptop.  (AnandTech)
  
  Specifically the 4500U and 4700U, though if the pricing given in the review is correct you'd have to be nuts to buy the 4500U.  Update: The pricing matches that on Acer's online store.  Don't buy the 4500U model.
  
  For $649 you get an eight-core CPU, Vega 7 graphics, 8GB RAM, 512GB SSD, and a 14" 1080p IPS screen, weighing 1.2kg.  No Thunderbolt but it does have USB-C with power delivery and DisplayPort out, and separate USB-A and HDMI, and a traditional charging port.
  
  It has dedicated PgUp and PgDn keys but not Home and End.
  
  
  
• Oh and there's a new 13" MacBook Pro.  (AnandTech)
  
  
  
• Why does the 2TB model cost three times as much as the 1TB model?  (Tom's Hardware)
  
  Oh, right.  Patriot P300, budget M.2 NVMe SSD.
  
  
  
• Backblaze B2 is now S3 compatible.  (Backblaze)
  
  It originally had a more complicated API that was harder to use but cheaper for Backblaze to deploy.  Now it's directly compatible with S3 and thus with everything else.
  
  For $5 per terabyte per month, and $10 per terabyte for transfers out.  The competition charges up to 12 times as much for bandwidth.  (Though transfers in are free for all of them.)
  
  
  
• Julia 1.5 can capture Heisenbugs.  (JuliaLang)
  
  But not recursive Heisenbugs.  The new bug reporter can capture bugs on a user's system and reproduce them on the developer's machine, no matter what the underlying cause of the bug is, unless the bug stops happening when you turn on the bug reporter.
  
  
  
• It may now be cheaper to shoot space scenes in space than to do them in CGI.  (Deadline)
  
  
  
• Apple's T2 security chip prevents MacBooks from being refurbished.  (Vice)
  
  Without the password, you're left with $12 worth of scrap.

Posted by: Rick C at Wednesday, May 06 2020 01:13 AM (Iwkd4)

Posted by: Rick C at Wednesday, May 06 2020 01:13 AM (Iwkd4)

Posted by: normal at Wednesday, May 06 2020 02:16 AM (LADmw)

Posted by: The Brickmuppet at Wednesday, May 06 2020 08:49 AM (5iiQK)

Posted by: Pixy Misa at Wednesday, May 06 2020 04:29 PM (PiXy!)

Posted by: Pixy Misa at Wednesday, May 06 2020 04:33 PM (PiXy!)

Posted by: normal at Wednesday, May 06 2020 10:44 PM (obo9H)

Posted by: Rick C at Thursday, May 07 2020 12:02 AM (Iwkd4)

Hide Comments | Add Comment

Except that for certain operations, that directory is horribly, painfully slow.  Local access on the file server is just fine; it's only remote access.

To cut a stupid story short, the problem is that Unix is case-sensitive and Samba is case-insensitive.  If you are looking for a file and Samba finds an exact match, it's as fast as you'd expect.  But if you are looking for a file and it's not there, Samba will scan the entire directory for case-insensitive matches, which is a disaster if you have millions and millions of files.

Solution:

Create a specific share for that directory and set case sensitive = true.

Mount that in the appropriate place, and problem solved.

• I found a clean, simple, reliable way to add a public IP address to an LXC container - and inadvertently poked a hole in my firewall.  Fortunately since this was in a test environment the hole led to a container running nothing but SSH and demanding a recognised private key from a list of exactly none, so no harm done.
  
  I updated the documentation for this method.
  
  Moral of this story is that having two nested firewalls like we do at my day job is not overkill.
  
  TL;DR: Static routes take effect before firewall rules.  You need to firewall your containers to be safe from future screwups.
  
  
  
• David Icke got banned from YouTube for spreading 5G conspiracy theories.  (Newsweek)
  
  Icke is a professional lunatic and his ideas are total garbage.  YouTube is completely within its rights to ban him.  And I am entirely on Icke's side here.
  
  
  
• The servers for LineageOS, which is the latest in a long line of pure open-source Android builds, got hacked, shut down, restored from backup, patched, hatched, scrutinised with an extreme scrute, and brought back online.  (Bleeping Computer)
  
  Apparently a Salt server was exposed to the internet.  I'd say "why the hell was a Salt server exposed to the internet" but I just poked a hole in the firewall on my own server and didn't realise it for two hours so I'll give them a pass on that just this once.
  
  
  
• Melinda Gates is an idiot.  (Politico)
  
  
  
• Redis 6.0 is out.  (antirez)
  
  This brings client side caching and, well, a bunch of smaller stuff.  Client side caching means that cached data can be held in your own process space and Redis will push cache invalidation notices to you.  For large systems that could have huge scaling benefits.
  
  
  
• The best way to get the right answer on the Internet is not to ask a question; it's to post the wrong answer.
  
  The article is about a perceived case where Go was significantly faster than Rust, but turned out to be that the two programs being compared were not equivalent.
  
  
  
• Intel's Alder Lake will come in Socket LGA 1700 unless it doesn't.  (WCCFTech)
  
  Which the hell one is Alder Lake?  Oh, it's the 8+8 core design, with 8 real cores and 8 crappy Atom cores.  Which might work well for a laptop except that it has a 125W TDP so scratch that idea.
  
  
  

Anime Music Video of the Day

Let's say your public IP range is 1.2.3.0/29.  This is a pretty typical allocation for a dedicated server.

Your gateway will be 1.2.3.1, and your server will be 1.2.3.2.  Broadcast is 1.2.3.7, so you have four IP addresses available.  

We'll pick 1.2.3.3, and we'll give the container the internal IP of 10.1.1.3.  The simplest way to do that is to add the container names and internal IP addresses to your hosts file before launch.  The IP addresses will be assigned automatically and won't change.

The selected public IP should not be active on the host interface when you start.  If you ping it you should get no response.

1. Add the public IP address within the container.
   
   root@container# ifconfig eth0:1 1.2.3.3 up
   
   
   
2. Add a static route from the host server to the container.  (But see step 4 below.)
   
   root@host# route add 1.2.3.3/32 gw 10.1.1.3
   
   
   
3. If you try reaching the container now, chances are it won't work, because the route hasn't been announced to the gateway.  Fortunately, that's easy too.
   
   root@host# arp -Ds 216.18.211.180 eth0 pub
   
   In this case eth0 will likely be something different.  You want the main public interface for your server - in my case this was enp35s0.
   
   
   
4. Make sure to set up appropriate firewall rules in the container.  That static route will take effect before the filtering by ufw on the host.  (That one surprised me too.)
   
   
   
5. That's it.  Done.

The problem with this approach is that it is manual and you'll need to make sure it's applied on reboot.  Just create an /etc/rc.local file on the host and on the container (on recent version of Ubuntu it doesn't exit by default), put the necessary commands in there, and end it with an exit 0.

The advantage of this approach is that since you're not mucking about with netplan files the chance of you locking yourself out of your own server is greatly reduced.

I wish someone had explained this clearly somewhere back when I had Mari, before I had to give it up because I couldn't get networking to work properly and couldn't afford to keep it around but not in production.  But Akane is a pretty nice server too.  On the CPU side it is much, much faster (about 2.5x single-threaded, about 2x multi-threaded), and it's less than half the price. 

Meanwhile, Akane running PyPy absolutely creams Aoi running Psyco.  PyPy was originally created by the same developer as Psyco but has a larger team and several years more active development, and it shows.  Combined with the faster CPU and the elimination of virtualisation overhead, the difference on this toy benchmark is on the order of 50x.

That's comparing our current JIT compiler to the new one, not interpreted to compiled.

Now I just have to update the template engine so that it doesn't trash that performance.  Accumulating the output using in-memory file operations should do the trick.

Update: Looks like PyPy is optimising some of the sub-tests into oblivion.  Adding some randomness into the benchmark to prevent that reduced it to only 6x faster.  Since the server also has twice the number of cores, that's 12x overall.

• Akane (new server) is nearly three times faster than Aoi (old server) even when Aoi is cheating by using the Psyco JIT compiler.
  
  Psyco helps a lot in optimising loops and function calls - it's 20x faster on a benchmark that just loops and makes empty function calls - but can't speed up the Python code for functions like string manipulation.  Akane wins by close to 6x on string scanning.
  
  That's a lot more than the single-threaded difference between a Xeon E3-1230 and a Ryzen 3700X, so it's either a difference in cache sizes (8M vs. 32M) or virtualisation overheads.  Aoi is stuck running OpenVZ within KVM, where Akane is running LXD.
  
  I'll run the benchmark under PyPy, but I'll need to excise one of the tests.  I test large string concatenations because that's how Minx builds HTML.  That's very fast in Python (and Psyco) but offers nothing but pain and suffering under PyPy due to changes in the garbage collection.
  
  
  
• I mention LXD and LXC a lot, which might be a bit confusing.  LXC is the container framework, and LXD is a management tool for LXC.  So when you are using LXD, the containers are LXC containers and you mostly use the lxc command to manage them.
  
  If you are using LXC directly you don't use the lxc command because that's part of LXD.  Instead you use commands like lxc-launch where LXD uses lxc launch.  And if you get the two mixed up you can scramble your configuration.
  
  Clear?
  
  Good.
  
  I miss OpenVZ 6.
  
  
  
• Also, the ASRock IPMI interface on their Ryzen server boards works.
  
  One of the long-standing problems with accessing IPMI over long distances (like Australia to the US) is keybounce on the KVM console.  I've often run into cases where it's all but unusable.  No sign of it here.  Ping times aren't wonderful, but it works regardless.
  
  This means that I can experiment safely with the network config on Akane to get LXD just the way I want it.
  
  
  
• No we don't.  (Tech Crunch)
  
  
  
• Nvidia's Hopper architecture may be headed for Samsung's 5nm process or it may not.  (WCCFTech)
  
  This is supposedly the next generation after Ampere, which is the next generation.
  
  Interesting point from the table is that the current top of the line Tesla V100 chip is larger than the estimated size of the rumoured 128 CU Navi part.  Whether AMD is working on such a chip is still unknown, but TSMC is capable of manufacturing it if they are.
  
  
  
• A new California law requires that default passwords be unique for each unit manufactured.  (Serve the Home)
  
  The password is on the service tag.
  
  The service tag is on the server.
  
  The server is in a rack, in a datacenter, 10,000 miles away, and it's 3AM there.
  
  Which is not to say this law is a bad idea, for all that it came out of the Global Bad Law Research and Development Center in Sacramento.  But sysadmins will have occasion to curse, vehemently, in coming months.
  
  
  
• There needs to be a Kickstarter for network documentation for LXD BECAUSE THERE FUCKING ISN'T ANY.
  
  There's a specific command, lxc network, to manage LXD networks, and there's no documentation for it at all, not even a man page.
  
  This is super painful when you are guessing your way to a solution because any time you screw up there's a good chance you'll lose access to your server.  Which is why I was testing IPMI today.
  
  Also, if you spin up an Ubuntu virtual machine rather than a container, it comes up with no working networking - and without the standard net-tools installed.  And you can't install net-tools because you have no networking to reach the install repo.  There is still the ip command but that is a pain in the butt.
  
  

Video of the Day

• We've all had days like that.
  
  
  
  
  
  
• And who hasn't done this?
  
  
  
  
  
  
• Quibi is a failure while TikTok soars.  (TechDirt)
  
  This is because unlike Hollywood, China abandoned communism 40 years ago.
  
  True, they abandoned it for fascism.
  
  
  
• Is Intel up to its old tricks again?
  
  Ian Cutress of AnandTech tweeted - and then deleted - that his sources were telling him Intel was using financial incentives to stop AMD-based NUCs.  Particularly now that AMD has a categorically superior chip for small form factor devices.
  
  This and many other questions are discussed, though not necessarily answered.
  
  
  
  
  
• Currently running backups to the new server, after which I will figure out the details of the migration.
  
  mee.nu can be switched from CentOS and OpenVZ to a current version of Ubuntu running in LXC behind a proxy with relatively little pain. 
  
  The main reason it's fiddly at all is that it uses Psyco - a precursor to PyPy - to speed up the code, but the new server is so much faster that we can do without for a while, until I can check that the code runs cleanly in PyPy,
  
  Well, also that MySQL does stupid stuff every time we do a migration, and loses key settings that break things but only after I've tested it all and gone to bed.
  
  The other stuff still runs on CPanel and not only requires CentOS but proper routing, which I have yet to get working cleanly with LXC.
  
  The big advantage of this move - apart from the dramatically better hardware - is ZFS, which lets me instantly snapshot and back up the virtual servers.  That will make future migrations much, much easier if we're willing to take a little downtime, because those snapshots can be restored on any other LXC host with everything intact.
  
  I used to do this with OpenVZ, but OpenVZ 6 has been deprecated and OpenVZ 7 is not compatible.
  
  Update: This is why I like LXC/LXD and OpenVZ 6.
  
  
  
  I can tweak the memory and CPU capacities of the virtual machines live.  Are we getting extra load on one app and need to give it another couple of cores and an extra 4GB of RAM for a while?  Click click, done.  No waiting, and most important, no reboots.
  
  

Anime Music Video of the Day

I hadn't seen this before, even though it's by Copycat Revolver who has done some of my favourite AMVs ever.

It does make me want to watch Sayonara Zetsubou Sensei.

Other Copycat Revolver AMVs you may have seen here before:

Disclaimer: So, that anime stuff...  What's good right now?  I have a 1.5TB MySQL database to migrate at my day job (to our new self-hosted cloud thingy) and could do with the distraction.

Posted by: J Greely at Sunday, May 03 2020 01:28 AM (ZlYZd)

Posted by: Wonderduck at Monday, May 04 2020 10:55 AM (cTMj+)

Posted by: Pixy Misa at Monday, May 04 2020 12:45 PM (PiXy!)

Hide Comments | Add Comment