Toshiba Satellite/Portege Z830/R830 frequency lock (and BIOS upgrade)
by Leandro Lucarella on 2012- 11- 28 23:21 (updated on 2012- 11- 28 23:21)- with 0 comment(s)
Fuck! I bought this extremely nice ultrabook, the Toshiba Satellite Z830-10J, about an year ago, and I've been experiencing some problems with CPU frequency scaling.
At one point I looked and looked for kernel bugs without much success. I went through several kernel updates in the hope of this being fixed, but never happened.
It seemed that the problem wasn't so bad after all, because I only got the CPU frequency locked down to the minimum when using the ondemand scaling governor, but the conservative was working apparently OK.
Just a little more latency I thought, is not that bad.
Recently I received an update on a related bug and I thought about giving it another shot. This mentioned something about booting with processor.ignore_ppc=1 to ignore some BIOS warning about temperature to overcome some faulty BIOS, so I thought on trying that.
But before doing, if this were a real BIOS problem, I thought about looking for some BIOS update. And there was one. The European Toshiba website offered only a Windows program to do the update though, but fortunately I found in a forum a suggestion about using the non-European BIOS upgrade instead, which was provided also as an ISO image. The problem is I don't have a CD-ROM, but that shouldn't stop me, I still have USB sticks and hard-drives, how hard could it be? I failed with UNetbootin but quickly found a nice article explaining how to boot an ISO image directly with grub.
BIOS upgraded, problem not fixed. So I was a about to try the kernel parameter when I remembered I saw some other article when googling desperately for answers suggesting changing some BIOS options to fix a similar problem.
So I though about messing with the BIOS first instead. The first option I saw that looked a little suspicious was in:
PowerManagement -> BIOS Power Management -> Battery Save Mode (using custom settings) -> Processor Speed <Low>
That is supposed to be only for non-ACPI capable OS, so I thought it shouldn't be a problem, but I tried with <High> instead.
WOW!!!
I start noticing the notebook booting much faster, but I thought maybe it was all in my mind...
But no, then my session opened way faster too, and everything was extremely faster. I think maybe about twice as fast. Everything feels a lot more responsive too. I can't believe I spend almost an year with this performance penalty. FUCKING FAULTY BIOS. I didn't make any battery life comparisons yet, but my guess is everything will go well, because it should still consume very little power when idle.
Anyway, lesson learned:
Less blaming to the kernel, more blaming to the hardware manufacturers.
But I still want to clarify that I love this notebook. I found it a perfect combination between features, weight and battery life, and now that it runs twice as fast (at least in my brain), is even better.
Hope this is useful for someone.
SecurityKiss + Dante == bye bye censorship
by Leandro Lucarella on 2012- 11- 25 20:00 (updated on 2012- 11- 28 21:28)- with 3 comment(s)
I live in Germany, and unfortunately there is something in Germany called GEMA, which basically censor any content that "might have copyrighted music".
Among the sites being censored are Grooveshark (completely banned) and YouTube (only banned if the video might have copyrighted music according to some algorithm made by Google). Basically this is because GEMA want these company to pay royalties for each time some copyrighted song get streamed). AFAIK Grooveshark don't want to pay at all, and Google want to pay a fixed fee (which is what it does in every other country), because it makes no sense to do otherwise, since anyone can just endlessly get a song streamed over and over again just to be paid.
Even when the model is debatable, there is a key aspect and why I call this censorship: not all the banned content is copyrighted or protected by GEMA.
- In Grooveshark there are plenty of bands that release their music using more friendly license, like CC.
- There are official videos posted in YouTube by the bands themselves and embedded in the band official website that is banned by GEMA.
- There are videos in YouTube that doesn't have copyrighted music at all, but they have to cover their asses and ban everything suspicious just in case.
- The personal videos that do have copyrighted music get banned completely, not only muted.
These are just the examples that pop on my mind now.
There are plenty of ways to bypass this censorship and they are the only way to access legal content in Germany that gets unfairly banned, not only harming the consumers, but also the artists, because most of the time having their music exposed in YouTube only spreads the word and do more good than harm.
HideMyAss is a popular choice for a web proxy. But I like SecurityKiss, a free VPN (up to 300MB per day), because it gives a more comprehensive solution.
But here comes the technical chalenge! :) I don't want to route all my traffic through the VPN, or to have to turn the VPN on and off again each time I want to see the censored content. What I want is to see some websites through the VPN. A challenge that proved to be harder than I initially thought and why I'm posting it here.
So the final setup I got working is:
- OpenVPN to use SecurityKiss free VPN service.
- Dante Socks Server to route any application capable of using a socks server through the VPN.
- FoxyProxy Firefox extension to selectively route YouTube and Grooveshark through the Socks proxy.
And here is how I did it (in Ubuntu 12.10):
OpenVPN server
Install the package:
sudo apt-get install openvpn
Get the configuration bundle generated for you account in the control panel and then create a /etc/openvpn/sk.conf file with this content:
client dev tunsk proto udp # VPN server IP : PORT # (pick the server you want from the README file in the bundle) remote 178.238.142.243 123 nobind ca /etc/ssl/private/openvpn-sk/ca.crt cert /etc/ssl/private/openvpn-sk/client.crt key /etc/ssl/private/openvpn-sk/client.key comp-lzo yes persist-key persist-tun user openvpn group nogroup auth-nocache script-security 2 route-noexec route-up "/etc/openvpn/sk.setup.sh up" down "/usr/bin/sudo /etc/openvpn/sk.setup.sh down"
Install the certificate and key files from the bundle in /etc/ssl/private/openvpn-sk/ with the names specified in the sk.conf file.
Create the tun device:
mknod /dev/net/tunsk c 10 200
Start the VPN at system start (optional):
echo 'AUTOSTART="sk"' >> /etc/default/openvpn
Add the openvpn system user:
adduser --system --home /etc/openvpn openvpn
Now we need to route some specific traffic only through the VPN. I choose to discriminate traffic by the uid/gid of the application that generated it. So with the route-up and down script we will do all the special routing. I also want my default route table to be untouched, that's why I used route-noexec. Here is how the /etc/openvpn/sk.setup.sh script looks for me:
#!/bin/sh # Based on: # http://serverfault.com/questions/345111/iptables-target-to-route-packet-to-specific-interface #exec >> /tmp/log #exec 2>> /tmp/log.err #set -x # Config uid=skvpn gid=skvpn mark=100 table=$mark priv_dev=br-priv env_file="/var/run/openvpn.sk.env" umark_rule="OUTPUT -t mangle -m owner --uid-owner $uid -j MARK --set-mark $mark" gmark_rule="OUTPUT -t mangle -m owner --gid-owner $gid -j MARK --set-mark $mark" masq_rule="POSTROUTING -t nat -o $dev -j SNAT --to-source $ifconfig_local" up() { # Save environment env > $env_file # Route all traffic marked with $mark through route table $table ip rule add fwmark $mark table $table # Make all traffic go through the VPN gateway in route table $table ip route add table $table default via $route_vpn_gateway dev $dev # Except for the internal traffic ip route | grep "dev $priv_dev" | \ xargs -n1 -d'\n' echo ip route add table $table | sh # Flush route tables cache ip route flush cache # Mark packets originated by processes with owner $uid/$gid with $mark iptables -A $umark_rule iptables -A $gmark_rule # Prevent the packets sent over $dev getting the LAN addr as source IP iptables -A $masq_rule # Relax the reverse path source validation sysctl -w "net.ipv4.conf.$dev.rp_filter=2" } down() { # Restore and remove environment . $env_file rm $env_file # Since the device is already removed, there is no need to clean # anything that was referencing the device because it was already # removed by the kernel. # Delete iptable rules iptables -D $umark_rule iptables -D $gmark_rule # Delete route table and rules for lookup ip rule del fwmark $mark table $table # Flush route tables cache ip route flush cache } if test "$1" = "up" then up elif test "$1" = "down" then down else echo "Usage: $0 (up|down)" >&2 exit 1 fi
I hope this is clear enough. Finally we need to add the skvpn user/group (for which all the traffic will be routed via the VPN) and let the openvpn user run the setup script:
sudo adduser --system --home /etc/openvpn --group skvpn sudo visudo
In the editor, add this line:
openvpn ALL=(ALL:ALL) NOPASSWD: /etc/openvpn/sk.setup.sh
Now if you do:
sudo service openvpn start
You should get a working VPN that is only used for processes that runs using the user/group skvpn. You can try it with:
sudo -u skvpn wget -qO- http://www.securitykiss.com | grep YOUR.IP
Besides some HTML, you should see the VPN IP there instead of your own (you can check your own by running the same without sudo -u skvpn).
Dante Socks Server
This should be pretty easy to configure, if it weren't for Ubuntu coming with an ancient (1.x when there is a 1.4 beta already) BROKEN package. So to make it work you have to compile it yourself. The easiest way is to get a sightly more updated package from Debian experimental. Here is the quick recipe to build the package, if you want to learn more about the details behind this, there is always Google:
cd /tmp for suffix in .orig.tar.gz -3.dsc -3.debian.tar.bz2 do wget http://ftp.de.debian.org/debian/pool/main/d/dante/dante_1.2.2+dfsg$suffix done sudo apt-get build-dep dante-server dpkg-source -x dante_1.2.2+dfsg-3.dsc cd dante_1.2.2+dfsg dpkg-buildpackage -rfakeroot cd .. dpkg -i /tmp/dante-server_1.2.2+dfsg-3_amd64.deb
Now you can configure Dante, this is my configuration file as an example, it just allow unauthenticated access to all clients in the private network:
logoutput: syslog internal: 10.1.1.1 port = 1080 external: tunsk clientmethod: none method: none user.privileged: skvpn user.unprivileged: skvpn user.libwrap: skvpn client pass { from: 10.1.1.0/24 port 1-65535 to: 0.0.0.0/0 log: error # connect disconnect } client pass { from: 10.1.1.0/24 port 1-65535 to: 0.0.0.0/0 } #generic pass statement - bind/outgoing traffic pass { from: 0.0.0.0/0 to: 0.0.0.0/0 command: bind connect udpassociate log: error # connect disconnect iooperation } #generic pass statement for incoming connections/packets pass { from: 0.0.0.0/0 to: 0.0.0.0/0 command: bindreply udpreply log: error # connect disconnect iooperation }
I hope you get the idea...
Now just start dante:
sudo service danted start
And now you have a socks proxy that output all his traffic through the VPN while any other network traffic goes through the normal channels!
FoxyProxy Addon
Setting up FoxyProxy should be trivial at this point (just create a new proxy server pointing to dante and set it as SOCKS v5), but just as a pointer, here are some example rules (set them as Whitelist and Regular Expression):
^https?://(.*\.)?youtube\.com/.*$ ^https?://(.*\.)?grooveshark\.com/.*$
PulseAudio flat volumes
by Leandro Lucarella on 2012- 11- 06 20:57 (updated on 2012- 11- 06 20:57)- with 0 comment(s)
Just a quick note because it took me ages to find out how to do it.
I don't really use the feature of pulseaudio that gives every application their own volume instead of manipulating the master volume directly, and lately it became more and more a problem, as I want to use applications like mpd or xbmc that allow remote controlling, and for that having separate volumes makes no sense.
I managed to fix it in mpd once, by using a mixed setup, using pulse as output, but the hardware alsa mixer, but for xbmc I couldn't find a way.
So that made me think if I really wanted the split volumes thingy, and the answer was no. After looking for hours for how to do it, the answer is pretty trivial. Just edit /etc/pulse/daemon.conf and change the flat-volumes option to yes.
You are welcome.