Vis innlegg

Denne delen lar deg se alle innlegg laget av dette medlemmet. Merk at du bare kan se innlegg gjort i områder du har tilgang til.


Meldinger - Floyd-ATC

Sider: 1 2 [3] 4 5 ... 52
31
Feil / Sv: Minecart i lava
« på: 26. Januar 2016, 06:29 am »
Kanskje dette er en uventet bivirkning av Minecarts og metro-system?

Det skal du ikke se bort i fra, men det virker snodig for i utgangspunktet skal de jo forsvinne med en gang det ikke sitter noen i dem. Skal ta en titt på det men det kommer nok til å ta litt tid siden vi står midt oppe i kjøp og salg av hus.

32
Minecraft / Sv: What is this? Kan jeg endre emnenavnet? :o
« på: 22. Januar 2016, 20:11 pm »
Krasja serveren eller er det bare meg?
*Uups*

Den ser ikke helt frisk og rask ut, jeg restartet den nå.
Bedre?

33
Generelt teknisk / Sv: Getting started with LTSP and Blackbox
« på: 17. Januar 2016, 13:14 pm »
But what exactly does LTSP do? I'm not very fond of Debian. Do you think the same can be accomplished with dnsmasq and systemd?

AFAIK, there's no reason to think it can't be done.

LTSP is just a small collection of scripts; a shrink-wrapped solution to configuring X, building a bootable image and offering it to PXE capable clients. Debian/Ubuntu isn't my first choice either but my initial attempts to do it with CentOS were unsuccessful because I didn't have the time and skill to adapt those scripts to a slightly different environment.

Obviously, in a complex client/server solution with lots of moving parts you have to get everything just right or nothing seems to work. Figuring out all the problems can be a frustrating and time consuming process. Maybe if I went back to it now that I have a working solution as reference... but then again, I already have a working solution so now there's lack of motivation :-)

34
Generelt teknisk / Sv: Getting started with LTSP and Blackbox
« på: 17. Januar 2016, 10:11 am »
That's interesting! I thought it was more like VNC.
How does it handle SDL and OpenGL (read: games)?
And in the case of VLC, is the video decoded by the client or the server? What limits the framerate in your case? The thin client hardware or the network bandwidth?

The X protocol works with both 2D and 3D (openGL) but the thin client would have to use software rendering and would be useless for gaming. That having been said, it is ofcourse possible to use a thick client with a GPU as an X server (remember: where the user sits), but the X protocol isn't built for gaming so I doubt it would work well. A typical use case for terminal servers and 3D is CAD modeling, design, maps etc where the heavy lifting is done by a huge server with tons of RAM and CPU not suitable for an office environment. Gaming OTOH is not a viable use case for terminal servers, you need low latency bidirectional streaming for that.

VLC, including the codec, runs on the terminal server so that's where the media streams are decoded. The audio and/or video is then encoded and transmitted using the X protocol. Physical network bandwidth is not a concern in my case (gigabit ethernet) but the X connection is encrypted using ssh which means the thin client CPU has to deal with both the decryption and the media. This is why live video really is a worst case scenario for this kind of setup.

Completely unrelated to LTSP: In an enterprise you would use Citrix HDX technology for this, where the Citrix terminal server offloads the video stream decoding to special-purpose hardware in the thin client. In real life, HDX is a configuration nightmare as soon as you have more than one type of thin clients because you have to deal with firmware revisions, media players and codecs that keep changing all the time. Do you know what codecs YouTube.com support at the moment? What Wyse or HP models require what firmware for the software you have installed on your TS farms and what are your users' actual requirements? Is it using HDX right now or did it silently fall back to server-side rendering? HDX is fantastic when it works; users can stream 1024p content in fullscreen and the terminal server sits almost idle.

I don't think anything similar to HDX exists for X Window System but I would love to be wrong.

35
Generelt teknisk / Sv: Getting started with LTSP and Blackbox
« på: 16. Januar 2016, 17:55 pm »
Why does blackbox vs Gnome have an impact on thin client performance? Doesn't the terminal server handle graphics? If it does, is it able to utilize a GPU?

In short, no.

The X protocol only sends meta information ("window Foo here, widget Bar there") from the X client application (running on the terminal server in this case) and to the X server (running on the thin client). Remember, the terms client/server are kind of opposite when dealing with X, see https://en.wikipedia.org/wiki/X_Window_System#Purpose_and_abilities

I think the problem is actually too much meta information (gradients, bitmaps, animations etc) being transmitted over the encrypted network connection for the thin client to handle properly. If you open the shell on SCREEN_02, "top" will show that the CPU utilization is stuck at 100% with Gnome and about 3/4 of that is the ssh process. With blackbox, it nearly drops to zero. Maybe disabling the encryption would free up enough cycles to make Gnome usable, I spent a few days trying to do this but couldn't get it to work.

Anyway, the Gnome UI is just for eye candy. Just about every Gnome or KDE application can be used just fine in blackbox (or any other window manager) as long as they don't violate the X protocol by reaching into the Gnome UI itself. I have not yet found a useful application that doesn't work. Here's a few I'm using without problems: Wireshark, GIMP, OpenOffice, Firefox, Arduino, Eclipse and Audacity. Even VLC and flash video works, except the framerate becomes useless I try to go fullscreen.

36
Feil / Sv: Feil med registreringa på forumet
« på: 06. Januar 2016, 22:46 pm »
Oh crap. Tror jeg vet hva som er årsaken, takk for tipset.
Jeg har fikset oppsettet og bedt forumet sende ut nye email for alle som er "pending", be dem sjekke nå ok?

37
Minecraft / Sv: Minecraft Pjatt
« på: 28. Desember 2015, 09:12 am »

God jul og godt nytt år til dere også :-)

38
ATC-Pjatt / Printere og Ubuntu Linux - dagens store overraskelse
« på: 27. November 2015, 21:04 pm »
Ubuntu Desktop og LTSP installert på en VM. Tynnklienten var oppe og gikk via PXE etter noen få minutter. Deretter brukte jeg noen timer på å erstatte Gnome med Blackbox og tilpasse skrivebordet akkurat sånn som jeg ville ha det, med applikasjoner og standardinnstillinger så nye brukere slipper å gå igjennom ørten standardvalg. Thor Arne ble sittende og løse matteoppgaver på web når han fikk prøvekjøre den.

Så var det på tide å konfrontere min erke-nemesis, printeren... Siden disse helvetesmaskinene ble skapt på slutten av 60-tallet har intet menneske kunnet unngå disse forbannede innretningene som kategorisk nekter å la seg installere, krøller papir, spruter blekk og toner på uskyldig forbipasserende og hvis de i det hele tatt kan trues til å reagere på en kommando så hevner de seg ved å kverne ut side etter side med meningsløst sludder på den siste bunken med papir du klarer å få stappet inn i dævelskapen.

Inn på serveren som fortsatt kjører Gnome, søkte på "print", fikk opp en enkelt applikasjon: "Printers". Klikket på den.
Oversikten viste "No printers installed". Klikket på "Add".
Det kom først opp noen standard (tekniske) alternativer "LPT:", "Network" osv. men etter et sekund kom "HP Color LaserJet CP2020" ut av intet. Klikket på den.
Searching for drivers... (varte ca. 2 sekunder)
"This printer has an optional tray 3". Javel, jeg vet ikke noe om dette? Standard valg var "Not installed". Sikkert greit. Klikket "Forward".
Navn? Klikket "Forward" for å akseptere forslaget "HP-Color-LaserJet-CP2020".
(Legg merke til at jeg når som helst kunne ha klikket "Back" hvis jeg hadde kommet på at noe var feil.)
Test page? Klikket på "Yes". Og helt uten videre kom det ut en testside i farger! Klikket på "OK".
Huh...!? Printeren ble faktisk installert og fungerte feilfritt på mindre enn 10 sekunder!?

Okei...?
Over på tynnklienten hvor LibreOffice står og kjører.
Klikket på "Print". Standardskriveren "HP-Color-LaserJet-CP2020" dukker opp uten videre, med status og det hele.
Klikket på "Print".
Og utskriften kom ut som den skulle!!!!

39
Generelt teknisk / Getting started with LTSP and Blackbox
« på: 27. November 2015, 14:00 pm »
The LTSP - Linux Terminal Server Project home page can be found here:
http://www.ltsp.org/

I recommend starting with the newest Ubuntu LTS Desktop version. Download and install, then make sure you assign a static ("manual") IP address. Simply click on the network icon and use "edit connection" to accomplish this. The change should take effect immediately, you can open a terminal and use the command "ifconfig" to confirm this.

(Note: The reason we're using the Desktop edition and not the Server edition is because all the X client software will actually be running on this Ubuntu machine.)

Installing LTSP is as simple as this:
Kode: [Velg]
sudo apt-get install ltsp-server-standalone
Next, build the initial client file system and boot image using this command:
Kode: [Velg]
sudo ltsp-build-client --arch i386
Note: If you will only be using 64bit thin clients then read "i386" as "amd64" throughout this document. Note that this will mean NO 32bit clients will be able to work with your terminal server.

Now you have to configure your DHCP server to offer PXE clients a way to boot off your thin client boot image. If you already have a DHCP server which can be configured for this, you need to add the following options:
Kode: [Velg]
next-server <YOUR SERVER IP HERE>;
filename "/ltsp/i386/pxelinux.0";

Alternatively, LTSP comes with a DHCP server on its own. In fact, it comes with both "isc-dhcp-server" and "dnsmasq" and this can be a little confusing because we won't be using any of those init scripts or configuration files. Instead, we will use one that's part of LTSP itself:
Kode: [Velg]
sudo joe /etc/ltsp/dhcpd.conf
It's important not to interfere with the "official" DHCP on your network if one exists, that's why I recommend the following setup:
Kode: [Velg]
not authoritative;

subnet 192.168.0.0 netmask 255.255.255.0 {
    min-secs 3; 
    range 192.168.0.100 192.168.0.200;
    option domain-name "your.domain.name";
    option domain-name-servers 8.8.8.8;
    option broadcast-address 192.168.0.255;
    option routers 192.168.0.1;
    option subnet-mask 255.255.255.0;
    if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
        filename "/ltsp/i386/pxelinux.0";
    }
}
Remember to carefully substitute the IP addresses for your own. Notice that we do not need a "next-server" here because the clients will default to using the DHCP server as their TFTP boot server.

You will probably spend some time getting this configuration file just right for your environment.

You can check the syntax using the following command:
Kode: [Velg]
sudo dhcpd -t -cf /etc/ltsp/dhcpd.conf
To restart the DHCP server, use the following command:
Kode: [Velg]
sudo service isc-dhcp-server restart
Now it's time to try booting your first thin client. The PXE boot loader should pick up the configuration after a few seconds, download the initial boot image via TFTP and then boot it. What happens next is the boot image requests a new IP address and mounts the thin client operating system via the Linux Network Block Device (nbd-server) service running on your terminal server. If all goes well, you should get a login screen after a few moments.

The login screen is running on your thin client, but beyond that everything you see is actually running on the Ubuntu server. Try opening an "xterm" window and notice the host name in the prompt.

If you have a very thin client, that is one with very little RAM and/or CPU, you will notice that things are running very slowly. In fact, when using the default Gnome 3 interface on my HP T5720 clients, the user experience is actually quite useless. Troubleshooting it, I found that the SSH process responsible for tunneling the X traffix between the server and client was using more than 80% of the CPU time on my thin client. Do NOT be discouraged by this, we've only just started!

The first thing we will do is tweak LTSP a bit. Create a configuration file for this:
Kode: [Velg]
sudo joe /var/lib/tftpboot/ltsp/i386/lts.conf
Here is the config file I'm using:
Kode: [Velg]
[Default]
SCREEN_02=shell
SCREEN_07=ldm

# Limit the RAM allocated by X client applications on the thin client
X_RAMPERC=80

# Use custom login theme under '/opt/ltsp/i386/usr/share/ldm/themes'
LDM_THEME=ltsp

The main reason Gnome 3 is so slow is because it uses bitmap images, animations and sound effects everywhere. This can hardly be noticed when running it locally but it is killing the thin client CPU and display adapter.

We will solve this by installing "blackbox" on your terminal server. To do so, use the following command:
Kode: [Velg]
sudo apt-get install blackbox
We will also need "blackbox" installed on the thin client, so execute the following commands on the server as well:
Kode: [Velg]
sudo ltsp-chroot
apt-get install blackbox
exit
sudo ltsp-update-image

Huh, what did we just do?? The command "ltsp-chroot" lets you perform maintenance directly on the file system which will be running on your thin client. We installed "blackbox" into that file system, then asked LTSP to update the image file that will be presented to the thin clients via nbd-server.

On your thin client, log out now. You should be prompted with a message saying that a new version of the system is available and the thin client will reboot automatically.

You should get the same login screen again, but don't log in just yet. Instead, click "Preferences" in the lower left corner, then select "Session" and change from "Default" to "Blackbox". Now log in.

You should now see a grey screen with only a small toolbar at the bottom. Congratulations, this is the "blackbox" window manager. By default it is extremely bare-bone, in fact if you rightclick on the desktop you only get three options.

Just as Blackbox is extremely small and simple but contains everything you actually need, so does the documentation:
Kode: [Velg]
man blackbox
The first thing you will want to do is edit the menu file to get easy access to the programs you need:
Kode: [Velg]
sudo joe /etc/X11/blackbox/blackbox-menu
Here's a sample menu file to get you started:
Kode: [Velg]
# Sample blackbox menu file created by floyd@atc.no
[begin] (Main menu)

  [submenu] (Applications) {Applications}

    [submenu] (Development) {Development}
      [exec] (Arduino) {arduino}
      [exec] (Eclipse) {eclipse}
      [exec] (Fritzing) {Fritzing}
    [end]

    [exec] (Gimp image manipulation) {gimp}

    [submenu] (LibreOffice) {LibreOffice}
      [exec] (Calc) {localc}
      [exec] (Draw) {lodraw}
      [exec] (Impress) {loimpress}
      [exec] (Writer) {lowriter}
    [end]

  [end]

  [submenu] (Internet) {Internet}
    [exec] (Firefox web browser) {firefox}
    [exec] (Thunderbird mail) {thunderbird}
  [end]

  [submenu] (Tools) {Tools}
    [exec] (Calculator) {gnome-calculator}
    [exec] (Disk usage) {baobab ~}
    [exec] (File explorer) {xfe ~}
    [exec] (gFTP) {gftp}
    [exec] (Text editor) {gnome-text-editor}
    [exec] (Xterm) {xterm}
  [end]

  [nop]

  [submenu] (Preferences) {Preferences}
    [stylesmenu] (Custom styles) {~/.blackbox/styles}
    [stylesmenu] (Predefined styles) {/usr/share/blackbox/styles}
    [reconfig] (Reload configuration)
    [restart] (Restart desktop)
    [exec] (System settings) {unity-control-center}
    [config] (Window settings)
    [workspaces] (Workspaces)
  [end]

  [exit] (Log off)

[end]

Remember that these menu options will only work if the actual program is installed on your terminal server. For instance, to install the Eclipse IDE, simply run this command in Ubuntu:
Kode: [Velg]
sudo apt-get install eclipse
Referring to the blackbox man page, you should see a lot of ways that Blackbox can be tweaked to look and feel pretty much the way you want by adding the bells and whistles needed.

Another thing you may want to look into if you have a decent display adapter on your thin clients is turn off "image dithering" which is on by default and tries to use the CPU to compensate for lack of color depth. (In my blackbox-menu, it's under "Preferences", "Window settings", "Image Dithering")

Using Blackbox and firefox, I can browse the web and run YouTube videos on that very same HP T5720 which couldn't even handle the Gnome desktop.

Yes, it's really that simple! Have fun and please let me know how it works for you :-)

40
Feil / Sv: Internettet?
« på: 24. November 2015, 22:09 pm »
Jeg er t åpen for forslag... har ikke noen som helst ide hva dette kan komme av eller hva jeg skal kunne gjøre med det.:-/

41
Minecraft / Sv: Er det noen interresse for SSL på forumet?
« på: 09. November 2015, 22:22 pm »
I dag klarte jeg å konfigurere HAPROXY med SNI sånn at jeg slipper å bruke wildcard-sertifikat (som koster penger). Dermed har jeg plutselig CA-signerte sertifikater på plass gitt :-)

42
Minecraft / Sv: Er det noen interresse for SSL på forumet?
« på: 02. November 2015, 15:24 pm »
Ja, det er korrekt. Men skal du da anta at noen forsøker på noe lurt eller skal du anta at jeg har byttet sertifikat for f.eks. å bytte fra 1024 til 2048 bits? Du må bare gjette :-)

Korreksjon: Nja. I noen nettlesere klarerer man URL og ikke sertifikat. Her vil man ikke få varsel dersom sertifikatet er endret heller.

43
Minecraft / Sv: Stor flyttejobb
« på: 02. November 2015, 06:47 am »
It's... magic

44
Minecraft / Sv: Er det noen interresse for SSL på forumet?
« på: 02. November 2015, 06:41 am »
Men noen andre klarer vel ikke å lage en privat nøkkel som er likt ditt? Så hvis man krypterer data med din offentlige nøkkel, vil kun din private nøkkel kunne dekryptere det? Man må vel bare passe på at man bruker den riktige offentlige nøkkelen? Eller misforstår jeg?
http://stackoverflow.com/a/514243/1981338
Nei, de kan ikke gjette min private nøkkel, men det trenger de heller ikke så lenge jeg kjører self-signed.

Mot meg presenterer en angriper sin public key akkurat som du gjør når du besøker siden. De etablerer en SSL-forbindelse på samme måte som en hvilken som helst nettleser og dekrypterer innholdet. Mot deg (offeret) behøver de bare å presentere et NYTT sertifikat med en helt annen private key.

Din nettleser har kun en måte å sikre seg mot forfalskede sertifikater og det er ved å sjekke at CA-signaturen stemmer kryptografisk overens med CA-sertifikatet som nettleseren din allerede har. På et self-signed sertifikat har nettleseren ingen mulighet til å gjøre dette og du har akseptert at det er greit.


Men hvis dette handler om sikkerheten på forumet, så er det vel naturlig å spørre om dette er noe vi har hatt problemer med tidligere?
Ikke som jeg kjenner til. Passordet sendes riktignok i plaintext men det er ikke akkurat rikets sikkerhet vi snakker om her. Jeg er ikke i tvil om at de fleste kontoer blir "hacket" ved at folk logger inn hos kompiser og ikke bryr seg om å fjerne passordet etterpå.

På den annen side så beveger verden seg i retning av at flere og flere nettsteder bruker SSL og Mozilla har offisielt gått ut og sagt at de ønsker å bevege seg bort fra HTTP og mot HTTPS rett og slett ved å stenge for en del funksjonalitet i Firefox:
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

Jeg for min del har akkurat fått SSL-offloading til å fungere sammen med forumet så rent teknisk er alt klart. Spørsmålet er bare om jeg skal gidde å kaste $59 på en feature hvis det ikke kommer til å bli brukt.

45
Minecraft / Sv: Er det noen interresse for SSL på forumet?
« på: 30. Oktober 2015, 10:39 am »
Valgfritt selvfølgelig.

Når det gjelder self-signed så er det dessverre ikke relevant hvorvidt du stoler på meg, problemet er at hvem som helst kan lage et self-signed sertifikat for *.atc.no, ikke bare jeg. Det vil si at du har ingen måte å vite sikkert at et self-signed sertifikat faktisk er laget av meg self om det står mitt navn på det.

En CA brukes for å bekrefte at sertifikatet faktisk er utstedt av dem og at de har sjekket at det er samme person (eller firma) som eier domenet og sertifikatet. Dette er arbeidet de tar betalt for.

Sider: 1 2 [3] 4 5 ... 52