Notes On RockPro64, RockChip

Just a few notes on what I’m doing with my RockChip64, and anything using a RockChip in general.

First off, I’m typing this on the RockPro64, so it isn’t like I’m abandoning it.

I just did a full update to Armbian / Buster (latest release) on it. Yesterday, I’d tried Armbian / Focal (Ubuntu latest release). Focal had garbled sound on videos at YouTube and playback “had issues”. Buster works Just Fine.

So, with a new Armbian Buster on it, playback of videos is GREAT. The A72 cores can drive my TV at full motion 1080p without issues. (With the right working OS…) I’ve now moved it to the Bedroom TV as media driver for it. I’ll also do very occasional postings from there too. BUT, it gets NO logins to financial places, no email, no random browsing of odd websites. It isn’t used to download software or really do anything much that requires high security.

Why?

Well, basically, because China has become “An Issue” and they will be increasingly hostile. To the extent they have backdoors, or just know in detail the places where there is an exploit available in their products, that’s an exposure. And the RockPro64 uses a Chinese CPU / SOC.

https://en.wikipedia.org/wiki/Rockchip

Rockchip (Fuzhou Rockchip Electronics Co., Ltd.) is a Chinese fabless semiconductor company based in Fuzhou, Fujian province. Rockchip has been providing SoC products for tablets & PCs, streaming media TV boxes, AI audio & vision, IoT hardware since founded in 2001. It has offices in Shanghai, Beijing, Shenzhen, Hangzhou and Hong Kong. It designs system on a chip (SoC) products, using the ARM architecture licensed from ARM Holdings for the majority of its projects.

Rockchip has been ranked one of the TOP50 Fabless Company IC Suppliers Worldwide. The company established cooperation with Google, Microsoft, Intel. On 27 May 2014, Intel announced an agreement with Rockchip to adopt the Intel architecture for entry-level tablets.

Rockchip is a supplier of SoCs to Chinese white-box tablet manufacturers as well as supplying OEMs such as Asus, HP, Samsung and Toshiba.

As there are binary blobs of firmware loaded to “make it go”, it might be possible to sneak an exposure into a normal “firmware update”. There is a way to get “blobless boot” but I’ve not done that (yet). So the easier thing is to just isolate the usage profile (and eventually move the board to the TVs-Only network).

https://stikonas.eu/wordpress/2019/09/15/blobless-boot-with-rockpro64/

Blobless boot with RockPro64
Posted on 2019-09-15 by Andrius Štikonas

This is a guide for booting RockPro64 computer (https://www.pine64.org/rockpro64/) without using any proprietary blobs. RockPro64 is based on Rockchip’s rk3399 SoC, so if you have some other rk3399 board, you might still find this guide useful.

I’m using Gentoo GNU/Linux in this guide but steps should be quite similar on other distributions.

IF you ever wondered why the hard core security type guys, like at OpenBSD, were so obsessive about “Binary Blobs”, now you know why. It is quite possible, and in fact somewhat likely, that someone from the CCP Military will have at least explored how to embed an exploit in the Binary Blob Device Drivers et. al. Normally, the threat level of that is quite low due to the low value of hacking into an IoT embedded system ARM chip like a doorbell or washing machine. But these particular chips are used in lots of tablets and phones and such. Higher value targets. Also, the Chinese have a huge amount of dirt cheap labor so the wasted time poking at a million devices to find the dozen that matter is not as high a cost to them. Their cost / benefit ratio is much better for the hack.

Thus my moving it over to TV La La Land use.

Longer Term

When I have time, in a few months?, I’m going to convert this board to Devuan (via that ‘assemble the parts yourself’ approach noted on the XU4 thread). In fact, this install of Buster is precisely to get that base level install done (later to swap out userland for Devuan…). But since that’s a longer slower someday as time permits kind of project, for now, this board leaves the Lab Network where more interesting things are done ;-)

Because of the “blob” issue, I need to work out the steps to incorporate the Gentoo Blobless method with the Devuan “Franken Build” of Buster kernel, modules, headers, libraries and Devuan Userland. I’m assuming that whole thing is not just an afternoon with a cuppa but more like a week or three of tech wilderness wandering. It will be fun (to me ;-) to do it, but not at this time.

I’m also going to evaluate my ROck64 and Pine64 for SOC Blob and Chinese exposures and treat them accordingly. As they spend 99% of their time turned off in a box, that’s not high priority either. More a “Someday Thing”. I’m planning to go Franken Devuan on them, as well, now that I know it can be done. I suspect the process will be highly similar across all the Rock/Pine products.

Their (Pine) slogan of “Designed in Silicon Valley made in Silicon Delta China” was known to me when I bought the boards, and I knew this potential risk existed. I’ve generally preferred the Korean Odroid brand for their avoidance of China parts and risks. But Odroid has a bothersome signed bootloader, so I wanted to know there was a reasonable easier alternative.

Do note: I’m not particularly paranoid about the China Chip risk. I don’t really have anything to steal (public climate data? copies of public Linux releases?) and I’m not prone to a lot of risky behaviors that get you exposed to a lot of hack attacks. It is more just a few decades of professional computer security habit causing me to ‘be aware’, and that is made less present if I do something about it.

I do like the RockPro64 as a hardware platform. It would be better with 2 x USB 3.0 ports instead of just one. (Part of my slow disk to disk copy with Slackware may well have been the USB 2.0 on one of the disks and the need to move data between the two port types). As a Media Server / Occasional Browser it is a great solution. Putting it here also frees up my Odroid N2 (which has more fast cores and more USB 3.0 ports) to go back to the Lab and get an OS upgrade (now that the software is more mature and it is no longer the “newest board with quicky sloppy OS port…”). So I’m going to bring it up to date, too. (AND that will also update the Chromium browser on it removing that security risk / exposure. It will then be used as the station for Disk Management. Having lots of fast cores and fast ports means moving around TB of disk goes a lot faster on it. I’m also hopeful that the same Franken Devuan system build approach will let me move it from Android to Devuan too.

Would I feel afraid if all I had was one RockPro64 and couldn’t just segment my usage over multiple systems / networks? Not really. Yes “security by obscurity” is no security at all… but… The likelihood of a hack attack on the RK3399 SOC on RockPro64 boards is pretty slim.

Were I planning an attack on RK3399 systems, I’d likely do an upfront screen to preferentially attack the higher value targets using the chips. Routers, tablets, cell phones. I’d avoid the “Hacker Board” community for 2 large reasons. 1) Not much of interest to get there. 2) MUCH higher probability someone will notice the attempt and issue a warning / patch / piss in my beer.

But I would buy a few different uSD cards at $8 or so each and segment my work across them. One for “financial and such” tasks. One of “recreational browsing and music and videos”. One for “tech and software stuff”. Then if you DO hit an abusive web site that hacks the box, they get your YouTube play list and saved music, but not your financial / email stuff or your photo archive on the media editing station. Easy high value “fix” for much of the risk profile.

Furthermore, I’m pretty sure the folks at Pine in Silicon Valley AND their user community are the kind of folks who will be indulging in excessive scrutiny of any chip designs, fab products, and binary blobs (especially if it grows by 20% with no apparent change of function…)

Im just looking at it thinking: The Odroid N2 would be much better used on my lab desktop and the RockPro64 makes a dandy Media Station and the N2 software has enough age on it now… so why not swap them? Getting the Chinese SOC moved out of the inside network is just Security Gravy.

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits. Bookmark the permalink.

33 Responses to Notes On RockPro64, RockChip

  1. E.M.Smith says:

    Well this is a bummer… Pine Inc is no longer a Silicon Valley entity.
    https://en.wikipedia.org/wiki/Pine64

    History

    Pine64 initially operated as Pine Microsystems Inc. (Fremont, California), founded by TL Lim, the inventor of the PopBox and Popcorn Hour series of media players sold under the Syabas and Cloud Media brands.

    In 2015 Pine Microsystems offered its first product, the Pine A64, a single-board computer designed to compete with the popular Raspberry Pi in both power and price. The A64 was first funded through a Kickstarter crowdfunding drive in December 2015 which raised over $1.7 million. The Kickstarter project was overshadowed by delays and shipping problems. The original Kickstarter page referred to the Pine64 Inc. based in Delaware, but all devices for the Kickstarter campaign were manufactured and sold by Pine Microsystems Inc. based in Fremont, California.

    In January 2020, Pine Microsystems Inc. was dissolved while Pine Store Limited was incorporated on December 5, 2019 in Hong Kong and store.pine64.org claims to operate under the laws of Malaysia and China.

    So as of 1/2020 it is entirely a Chinese Operation under the Laws Of China that include subservience to the CCP and Communist Military needs…

    OK, guess I’ve bought my last Pine product.

    The ones I own are from well before the ‘relocate’ to China. (I’d be less worried about Hong Kong were it not for the CCP subjugating them and invoking dominance of CCP Law…)

    Then, the Pin64 uses an Alwinner chip set:

    https://en.wikipedia.org/wiki/Allwinner_Technology

    Allwinner Technology is a fabless semiconductor company that designs mixed-signal systems on a chip (SoC). The company is headquartered in Zhuhai, Guangdong, China. It has a sales and technical support office in Shenzhen, Guangdong, and logistics operations in Hong Kong.

    Since its founding in 2007, Allwinner has released over fifteen SoC processors for use in Android-based tablets, as well as in smartphones, over-the-air OTT boxes, video camera systems, car DVRs, and car media players.

    In 2012 and 2013, Allwinner was the number one supplier in terms of unit shipments of application processors for Android tablets worldwide. According to DigiTimes, in Q4 2013 Allwinner lost its number one position in terms of unit shipments to the Chinese market to Rockchip.For Q2 2014, Allwinner was reported by DigiTimes to be the third largest supplier to the Chinese market after Rockchip and MediaTek. DigiTimes has also projected that Allwinner will fall to the number four position in Q4 2014, being passed by Intel, as Allwinner’s unit shipments continue to decline.

    Looks like “beware of low end Android phones & tablets” time… (My Samsung has an Exynos chipset ;-)

    I think the Pine64 is my only Alwinner chipset board. I got it as a lark ($16 IIRC) just to compare to the other boards. I’ve only ever booted an OS, played for a few hours, then shut it down. Didn’t even put a heatsink on the CPU / SOC chip. Kind of found it silly to put a $5 heat sink on a $16 board… so waiting until I could buy a basket of them at $1 or so each for the production cluster I’ve never built…

    OK, it’s going to continue to sit in the box almost all the time too…

    Rock64, as I’d expected, has a RockChip in it too:

    https://www.pine64.org/devices/single-board-computers/rock64/

    SPECIFICATIONS

    Rockchip RK3328 Quad-Core SOC with Mali 450MP2

    So going to stay in the same category. Occasional experimental or very much isolated and non-critical uses; unless or until I can prove a “blob-less boot” on them. (Even then, not likely to displace my preferred Odroid desktops or the RPi cluster build…)

    I’d always felt a bit uneasy about them, and the Orange Pi One boards, having a Chinese connection. But let Silicon Valley in the location soothe my worry and the cheap prices let me buy them for “play not serious stuff”.

    Orange Pi One ( I bought 2 of them for about $10 each, $15 delivered… IIRC) also has an Alwinner chip, the H3, in it:

    http://www.orangepi.org/orangepione/

    What’s Orange Pi One?

    It’s an open-source single-board computer. It can run Android 4.4, Ubuntu, Debian Image. It uses the AllWinner H3 SoC, and has 512MB DDR3 SDRAM

    So later today it will be removed from my NFS file server use. (The 2nd one is a “hangar queen” that’s 99%+ of the time in a box…) I leave the file server turned off about 95% of the time. Saves wear on archival disks AND most of my work is done on dedicated boards / systems with local data. I’d been thinking of doing a tear down on it anyway as it has been years since I first set it up. I’ll be moving the disk farm to a Raspberry Pi in the Pi Stack. I wanted to do this for a while anyway as it turns out the Pi M2 boards are substantially idle even with the other work I’ve put on them (PiHole, DNS, Squid proxy server, cluster compute nodes…)

    The RPi SOC is from Broadcom (nominally USA but fabbed where?) and the Odroid C1 & C2 use a chip from Amlogic (American company who fabs with TSMC in Taiwan) while the XU4 uses a Korean Samsung Exynos chip (fabbed where?… but I trust the Koreans to be suspicious of China…) so all the rest of my “kit” is pretty well detached from China.

    So, OK, I’ve got 5 SBCs that have a China Chip in them. 3 of the 5 cost all of about $40+ total, so no big loss if they mostly sit in a box and are pulled out for experiments. One, the most expensive, is set for Media Center duty (and now on the House Network with the other TVs… just moved the plug). So that only leaves the Rock64 (that spent a year in the box anyway as that Ubuntu/SystemD /etc/fstab bug caused me to think it had died when really it was just SystemD being stupid in how it took over /etc/fstab…)

    So “find a use for the Rock64” or just let it be. No big, as I’m going through assuring everything is on a new OS / Kernel level and either has no Chromium browser on it or has a patched one. It can “go to a box” and be handled at the end of the upgrade cycle. Along with the 2 x Orange Pi One boards and the Pine64.

    I can only effectively keep 5 SBCs running and busy at once anyway.

    IFF I can make a Franken Devuan port to them AND get a blobless boot going, then I can add them back to the distcc compile cluster. Maybe. But really, just the XU4, or the N2 compiles the whole system pretty darned fast and adding a few smaller compute cluster nodes doesn’t seem to be a big win. The biggest feature is experimenting with distributed compute codes for climate stuff…

    I can also easily put them on a dedicated switch as a stand alone cluster that doesn’t talk to anything else and just play with them that way. Import compute tasks on USB and export results the same way. But realistically, would an Orange Pi One be a target for espionage or hacking in? I doubt it. Strongly doubt it. It’s a $12 board last price check with 1/2 GB of memory. Not exactly shouting “high value target here” ;-)

    Speaking of which, while I need to get back to the production cluster design, I’m pretty sure it will want a dedicated compute cluster made of “compute modules”. All the same and the same OS (preferably supported Devuan, so Pi M4 modules?) So this kit is fine for the learning and experimenting stage, but kind of clunky and slow for an actual modeling cluster. For that, dedicated boards with a half dozen compute modules each (or even an Nvidea Tegra type cluster) would be a lot more effective. NVidia has a new lower end “SBC” (really mother / daughter boards) out for about $60? IIRC. So “whenever” (or, at this point, is it “if”?) I get some kind of parallel model going, I think it will be “new hardware time” to get enough computes.

    Well, enough babble… Time to go move hardware around and do more OS Upgrades. Bringing R.Pi and Odroid to the front, Pine & Orange to the dock, er, box ;-)

  2. E.M.Smith says:

    Interesting note on swap space:

    I’m not yet sure if this is release / distro specific, a general trend in all boards, or a quirk of specific implementations, but…

    A few of the various SBC / Distro combinations I’ve tried seem to “have issues” when swap approaches 1 GB of space in use. This isn’t particularly common, so many combos I’ve tried might have the issue but I never “tickled it” as generally the only way I get there is having a LOT of tabs open with big things (like music videos) in them.

    Since video / sound out, itself, is buggered on some combos; I’ve not done that on many of the boards / OS combos.

    So, the RockPro64 has 2 GB of memory where the Odroid N2 has 4 GB. On the Odroid N2 as media station I’d not had any issues with many video tabs open. (And, for historical purposes: I’d not had any issues with LOTS of tabs open in the old Chromebox that retired a year or two back… Intel CPU, Chrome OS, Chrome browser).

    On the RockPro64, using FireFox, it looks like (depending on resolution chosen but 720p or 1080p for me) and exact video content, it racks up about 300 to 500 MB of memory used per video. That gives about 2 to fill available memory (after OS and browser shares) and 4 more to start nudging that 1 GB swap barrier. BUT:

    It has in Armbian Buster, a Zram swap area set up of about 982 MB. That’s using part of RAM as a compressed data area. Nice trick, but you get only 1.87 G of memory for your use after that, and video memory and tmpfs space used for /dev/shm /run/lock /sys/fs/cgroup /tmp and more Zram used for /var/log and of course the /run/user/foo tempfs space. As things go into the tmpfs spaces, their usage grows and the memory “left over” can shrink…

    So in fact I had a hard lock up when I first discovered this. The 982 MB of Zram was getting quite full and the machine when off to La La Land. I don’t know if it was a hard hang, or just “playing with it’s bits forever” trying to swap bits out to Zram and swap other bits back in and needing to compress / decompress so needing code that was swapped and so swapping…. But it became entirely unresponsive for several minutes. I did a power fail and started over…

    I added a 1 GB /var/SWAPFILE on the uSD card AND a 2 GB Linux Swap partition on a USB disk. Priority order Disk (pri=64) then /dev/zram1 (pri=5 set “somewhere” not in /etc/fstab so “some assembly required” to figure out how it is set up and works), then as a last resort the /var/SWAPFILE (pri=2 so it gets used last).

    Figuring that with nearly 4 GB of swap my worries were over, I launched the browser and began opening lots of videos….

    This time it did not fully hang, but it did become VERY slow with lots of swaps as it got to the 1 GB+ point. At about 1.2 GB of swap, nearly locked, but patience let me close some tabs and get back to normal operations.

    So: WHY?

    I don’t know.

    Is it the New Improved RUST driven FireFox without garbage collection? (Hey Rust manages memory for you so you can just IGNORE IT, right? Or maybe having a human do things like release memory from inactive tabs and reloading them from cache when reactivated might “cure” this?) I’ve generally found that “It’s all Auto Magic!” languages and styles of programming end up with some usage cases where Bad Things Happen as the programmer was no longer thinking about what they were actually causing the machine to do… Just a suspicion, but… 45 years of programming experience is scratching at an itch… I’ll be testing Chromium today to see if there is a difference.

    Is it just a bad scheduler / swap manager in this Linux? Possibly. Any decent OS ought to be able to use about 2 x Memory size of swap space. On older BSD Unix machines, I’ve used up to 4 x without OS performance issues (particular applications can start to thrash lock on swap, but the OS just kept on going). But maybe it is just that Xorg is not treated as part of the core OS to keep memory resident and my thrash lock was in the windowing system and not the core OS. I wasn’t running a windows system on those old Unix high swap systems. (Terminal login CLI interface to systems doing engineering and other more CLI oriented things.) I DO think that some work needs to go into making these Linux versions work better with 2 x swap (at least…).

    It is, to some extent, the move to 64 Bit OS and Applications. Double the word size is double the memory for that instruction word. On ARM you can get around that with setting compiler choices to make v7 (32 bit) instructions or even Thumb ( 16 bit) instructions: BUT did anyone care? Does Rust have the brains to do that? On the R.Pi M3 with 64 Bit Devuan 2.0 as it approached 1 GB of swap in use, it too had “issues” of sloth. It happened with just ONE video page open. At 2+ is locked up and I had to do a power fail. (Well, maybe didn’t HAVE to, but after making coffee and a snack and it was still thrashing the real disk swap, I ran out of patience.) I’m going to test the 32 bit Devuan 2.0 (on the same uSD chip / dual boot) later today.

    So, Bottom Line:

    IF you are going to use a Linux ARM SBC as a Media Station, LOTS OF MEMORY is your friend, and adding beyond about 1.5 to 2 GB of swap is just wishful thinking. At least for now using 64 Bit OSs and FireFox.

    OK, time for more morning coffee and back to hacking at it / characterizing the issue.

  3. E.M.Smith says:

    Well, partly it is FireFox. In Chromium I have 8 music video tabs open (so far…) and swap use is at 92 MB. Opening more tabs doesn’t seem to move it up much (or at all).

    So my (tentative) conclusion is that the New! Improved! Rust based FireFox with Auto-Magical memory management has issues with memory management… Instead of just saying “Hey, I have this in cache, I can let go of it instead of just sucking up another 500 MB of memory” it Auto Magically! just says “Hey, he’s not closed this tab yet so This Is IN USE and keep it in memory…” which for inactive tabs is kind of silly. This causes a lot of rapid “roll to swap” if you open a lot of heavy page weight tabs (like videos).

    That, then, tickles (relatively quickly) the (relatively) poor performance of Linux on Swap Management as it approaches 1 GB of swap in use. (i.e. instead of keeping kernel, modules, AND Xorg login memory resident and preferentially swapping out browser pages, it swaps out “something important”… )

    That’s my tentative conclusion. I’m going to open a half dozen to a dozen more video tabs and see if it continues to hold (but that takes about 5 minutes / tab as I’m listening to the music with morning coffee ;-)

    So looks like I’m using Chromium for my Video Station… This being a fresh install, it ought to be OK, but I need to check the release level in detail against the Zero Day fix release level just to be sure… 8 Music / Video tabs open at once is a heck of a lot better than 3 or 4 (and I rarely go over 8 to 12 open before the clutter gets to me ;-)

  4. E.M.Smith says:

    Well, a dozen music video tabs open, PLUS an active live stream of the Trump Rally in Az, plus this page active and swap is at 700 MB. Some of the tabs were opened at the same time, so would have rolled more to swap than if opened sequentially (i.e. both active at once so some inactive “other” had to roll off).

    It is very clear that Chromium Memory Management is way superior to FireFox and this matters in “small” computers with “only” 1 or 2 GB of memory…

    FWIW, Brave Browser on my old Android Samsung Galaxy 10.x tablet has about 100 tabs open. I just keep adding them. I’ve gone back some and closed a few, but I got into this “lets see where it breaks” mode ;-) So clearly Brave (based on Chromium) is doing some Great Memory Management via good use of cache and Android (based on the Linux Kernel) is doing a great job of avoiding swap to its solid state storage. Otherwise I’d have blown through it long ago.

    For now, this experiment / test draws to a close. Use Chromium based browsers on small memory machines where you will do a lot of high page weight pages or videos. FireFox is a memory hog (as I’d pointed out before in a posting where the Rust Fan Bois complained at me and insisted that Rust with its Magical Memory Management would cure all ills of poor memory management…).

    Some time later (far later…) I MAY check out different Linux / BSD systems at the 1 to 2 GB of swap point to characterize if anyone does it right, or not.. But for now, a dozen music videos PLUS a live stream active in 720p? More than enough for me ;-)

  5. E.M.Smith says:

    Interesting… I closed all the music video tabs and swap only dropped down to 518 MB, so a fair amount of what went to swap was not the video pages. So loading up memory demand rolled a lot of stuff out, but not much from the videos (early opening of tabs had about 100 MB per tab added, so most of it went to cache). This leads me to believe it was my opening multiple active tabs at once that caused the swap spike, and that rolled out “whatever” was not very active.

    I can live with that, especially since I typically don’t launch 3 or 4 music videos at once :-)

  6. E.M.Smith says:

    Closing the browser entirely dropped swap to 300 MB, so that’s how much “other stuff” was swapped out. Only 200 MB was used for the active video feed and this page (plus whatever other crap it was hanging on to…)

    After re-launch with just this tab active, swap has dropped to 253 MB (memory at 808 MB out of 1870 MB) as something was swapped back in for the launch / restart and there was more than enough empty memory.

    Interesting… Not sure what to make of it, but still, interesting.

    Anyway, I’m off to watch the Bullhead Az rally for Trump and done playing with the tabs / swap for a good long while.

  7. E.M.Smith says:

    OK, having played with this a bit, I discovered that the htop in this OS release (Armbian Buster) has options to display speed on the uSD and disk. The uSD runs about 10 to 20 MB/sec max on a dd write of a GB file. The USB disk runs 3 to 6 times that fast at 30 to 60 MB/sec.

    Also, of course, the zram is just damn fast as long as your CPU has cycles…

    So, testing done, I’ve added a swap partition of 1 GB to the uSD card (and shrunk it to have about 14 GB for this OS and a space of 14 GB where I can install a Devuan Userland as the next step in making this a Devuan Franken Board ;-) This way the swap partition can be shared by the two OSes where a swap FILE is dedicated to just that one OS (unless you do something funky like mount the other OS file system and swap into it…).

    Since the board will run beyond 1 GB swap used (hitting the wall at just over 1 GB) and that’s more than the Zram size, this prevents just running out of space to swap.

    I’ve also got 1 GB of swap partition on a USB drive that may or may not be present on the system at any one time. It’s faster than the uSD and it doesn’t cause uSD “wear” and eventual card death… (even though the present generation of uSD / SSD etc. have MUCH improved write lifetimes, heavy repeated constant swap can do a lot of writing) so it’s better to not use the uSD swap if possible.

    I’ve now changed the swap priority to be:

    root@rockpro64:/# swapon -s
    Filename Type Size Used Priority
    /dev/mmcblk1p3 partition 1048572 0 1
    /dev/zram1 partition 982240 0 5
    /dev/sda1 partition 1048572 0 4

    So first to zram (I found out how to set it up / tune it, but being a series of SystemD commands / config files I decided to just leave it as is) at priority 5.

    Then, IF the disk is plugged in, the “OMG! Overflow” swap rolls to 1 GB on the USB disk. We’ve established that the system will become unusable before that is really filled beyond a few hundred MB, but my “standard” is to make swap spaces in increments of 1 GB and they can be slugged in on any system knowing they are ‘about right’.)

    Finally, as a “Hail Mary Just Don’t CRASH On Me!” there’s that 1 GB of uSD swap partition. This ought to never be used unless Zram is maxed out and the disk drive is not plugged in AND I’m doing a lot of video tabs (or using FireFox with just a few…). Contrary to beliefs and expectations, a priory of 1 is not high. Bigger numbers are higher priority.

    Priority can be set negative to strongly discourage use of a Hail Mary swap space. I usually use priorities like 512 or 1024 or 2048 so that there’s lots of space between priority assignments to rank another unit (useful when removing swap from one and putting it on another). At the single digit end this can get cramped. So,for example, I can’t slug in a new swap partition between the Zram and present disk as there is no integer between 4 and 5. Oh Well, unlikely I’ll ever need to do that. (“someday” I’ll change the Zram pri- to my number scheme and fix all that – maybe…)

    Oh, and I’ve not looked at “swappiness” setting yet. It ought to be about 60 (the usual Linux setting) and not an issue; but sometimes it gets set to 0 or 1 when uSD cards are used to strongly discourage swapping. Since these folks use Zram, that ought not be the case. With lots of swap, 60 to 100 are nice as you never cramp main memory, swapping out idle pages fairly earl and fast. But it is something I ought to check. “Someday”… if a problem nags at me enough ;-0

    So hopefully my “Adventures In Swapland” are over… and I can get on to installing Devuan Userland in the (new) added partition using this Armbian kernel / boot / modules and such (as was done by some folks on the Devuan ARM forum).

    Hopefully all this tuning talk is not boring folks to tears. I figure those not interested don’t have to read it and those that are interested have a reference for what those cryptic manual pages are talking about. Also, as my “lab notebook” this lets some “future me” know things like what the speed to write was or what arcane command was used (for example if I ever reconfig Zram) or just WHY was I using a particular size of swap or…

    Finally, some time later today I’m going to remove this USB disk as I’m not using the file systems on it, just the swap, and we now know that when I have used about a GB the system is going to sloth land anyway, so slow uSD swap at the “almost a GB” point is not going to make much difference. But “we’ll see”…

  8. ED says:

    Will this affect Pi-hole choices?

    A friend called me up out of the blue last week, asked me to make a pi-hole for him and his wife, who both work from home now. I’m not familiar with their home network but I suspect it’s just the ISP provided router/wifi unit.

    I was thinking stock pi 3 or pi 4, but now I’m not sure

  9. E.M.Smith says:

    The PiHole is a very light weight service and especially if running on a system where no X-Windows login is active. That is, a headless server, not your active desktop watching videos.

    Mine is running on a R.Pi M2, yes, and an old 32 bit 2 at that. it is substantially idle most of the time even at full load. I’m running a squid proxy on it too.

    So we’re talking DNS for the whole house (including 2 TVs running Roku internet TV that, per the logs, make up most of the PiHole filtering) a tablet, and usually 3 other active computers. So a pretty big DNS load for the house.

    The Squid proxy is set up for most of my computers too. So in addition to DNS, a couple of computers of web traffic through the Squid Proxy.

    It just isn’t a significant compute or memory load. I could run it on my $12 (recent price) Orange Pi One without swap and only 512 MB of main memory (if it ran there and I hadn’t decided to remove Chinese chips from anything important).

    My Pi Model 2 has been running continuously and flawlessly for a couple? of years now (modulo power fails or my choosing to rearrange my lab).

    IMHO, any R.Pi will be enough.

  10. E.M.Smith says:

    Ed,

    I realized I can just do a screen capture on a remote login to my PiHole server so you can see for yourself how light a load it is. Only 0.8% of CPU rising into low single digits on a lot of activity on the Squid Proxy server, and 169 MB of memory out of 923 MB on the Raspberry Pi M2 early 32 bit version. Click to embiggen:

    It’s when you open up an X-Windows based login, launching something like a browser, and then start watching videos that really chews memory and computes. Text of a few hundred bytes for DNS lookup or even Squid Proxy (limited by my internet spigot to 40 MB/sec) pretty much mean the Pi is ALWAYS loafing using nearly nothing of it’s ability. Yes, this board is also the time server for my internal network so my time requests from everything else need not go to the internet either.

    I can get it loaded up when I launch a big distcc compile as part of a compute cluster, but the 99.99% of the time I’m not doing that, it’s basically at way low usage load.

    Note that you can see pihole, boinc, and even time daemon ntpd running (squid being further down out of this particular panel but it pops up on high proxy web page use). Boinc has the daemon running but no projects at he moment. I installed it, but the ones I was interested in were not available in ARM format. (Boinc is successor to the “Seti At Home” and lets you dedicate computes to all sorts of projects, but most of them prefer Intel computes…)

  11. ed says:

    Thanks for the reply. Looks like these are far more powerful than i realized.

    I went ahead and bought a Pi 3 from Canakit. It wasn’t much more than the 2, and has BT and WiFi built in if they ever want that. Apparently 4’s need a heat sink?

    So, pi-hole, squid, and the dns thing. I should go look at their setup before getting too deep into it.

  12. E.M.Smith says:

    Don’t know if it is still relevant, but here’s what I did to make a PiHole machine. It ended up living on the desktop instead of being ported around with me:

    https://chiefio.wordpress.com/2018/12/16/pocket-pihole/

    Mostly because I quit going to Starbucks…

    Here’s my Squid Proxy experience:

    https://chiefio.wordpress.com/2018/12/22/installing-squid-proxy-server-on-devuan/

    PiHole is a DNS server. So they are the same thing, really.

    Yeah, unless you have a cluster of Pi M2 or some reason to need them to all match, there’s no real reason to buy a Model 2 anymore (Just my opinion, but I own 2 x Pi M2 and 2 x Pi M3 and one old Pi the original… )

    The Pi Model 4 is grossly short of cooling capacity. I’m not buying them as I don’t have anything in the small HDMI form factor plug and their heat management is just silly. (I MIGHT buy a Pi 4 compute module / mother board as the MB has a real HDMI spigot on it and a nice collection of interfaces, so it’s just “glue a BIG heat sink on the CPU” that’s missing – but at about $75 all up, I’d rather just buy more Odroids ;-)

    IMHO the Pi M3 was their best board so far. Were I buying more of them, that’s the one I’d get. It does need a heat sink for heavy compute loads, but a little 1/2 inch x 1/2 inch one is fine. And on a PiHole it would be happy with no heat sink as the load is near nothing.

    Oh, and do note that my “experience” postings above are pre-SystemD so if you are using a SystemD infested release, many of the commands / configuration steps will be different. (Why I use Devuan… no capricious change crap.)

  13. Ed says:

    I am actually trying to avoid SystemD, my current X64 Mint box is doing odd things, as did the previous version. I was thinking of moving to MX Linux or Devuan.

    Does the Raspian OS have issues? The pi-hole people support it, but there’s some sort of disclaimer as well.

  14. jim2 says:

    Ed – I currently have MX Linux installed on a brand new PC, AMD 64. It also does odd things. The audio didn’t work right. So, I uninstalled Pulseaudio and used Alsa. (I believe Pulseaudio programmers are the same ones that gave us systemd, or at least related to that group – or some such.) After some jacking around with it, Alsa was gotten to work. Then I discovered Firefox has a hard dependency on Pulseaudio. No worries, I have other browser options. Then, the sound went south again, so I reinstalled pulseaudio with the “recommended options.” The pulseaudio install ripped out Sysvinit and replaced it with systemd. At least systemd is the process root.

    I know MX Linux has a systemd “shim” for programs that need it, but I assume it wouldn’t be the root process. However, I didn’t look at the process tree before. I just know that after the pulse audio install, boot went a lot faster, that’s what made me suspicious and look at the process tree.

    Now, I’m faced with re-building my system from scratch to get rid of systemd.

  15. E.M.Smith says:

    Just use Devuan.

    The only real problem I’ve had with it was me assuming the install on the XU4 was to uSD when it was to mmc card.

    On my PC it has been flawless.

  16. ed says:

    @jim2: ugh. my desktop is AMD64. Thanks for the info. Maybe i’ll pass on MX…

    @EMS: Sounds like Devuan is the way to go. I will download tonight.

  17. E.M.Smith says:

    Well, a couple of updates on the RockPro64 to Devuan “project”, and swap space.

    If you want to skip all the storytelling and details, skip to the very bottom where I’ve bolded the bit about how to fix the swap hang behaviour if not the 1 GB onset point.

    First off, I jumped straight into mucking around with the boot configuration on the assumption it was “close enough” to what I’d done on the Pi boards and Odroids that it would generalize. It doesn’t. The RockPro64 uses Das UBoot and it “has quirks”… Including that it (looks like to me at this moment…) takes the config files and they you have to run a bit of code that turns it into some kind of signed binary (with options that I need to figure out…) and THAT is what it tries to use to boot. Maybe.

    Yes, I’m in the ‘wandering in the desert’ phase of learning Yet Another Boot Method. So things are still confused and mysterious. (What, read the manual? Where’s the fun in that? ;-) So later in the week I’m returning to this after I’ve read up on UBoot a bit.

    In the process, I managed to brick that particular uSD card image. OK…. It has 2 partitions on the one card. The first being the wonderfully working Armbian I just installed. The other a copy of the aarm64 image of Devuan from a working R.Pi M3 userland with the RockPro64 firmware, modules, etc. copied over. Same kind of process I used on the Odroid XU4. I think I had it more or less converted right to boot the partition one kernel, modules, etc. and then launch into “/” from partition two, BUT I forgot to change the UNIT= setting in the part2:/etc/fstab so it just booted up with the same part2:/ and looked like “nothing changed”. Backing out of that bricked it when I fumbled who knows what. OK… I can recover the uSD, but later…

    About then, having the computer that drives the TV (temporarily) bricked was when the Roku Stick died. ZERO access to TV or internet on this TV now… I could just move to the office and watch TV on the small 19 inch TV / Monitor, but…. it isn’t my preferred option.

    Instead, I put the Odroid N2 (that had been driving the bedroom TV for many months and was just recently swapped out for the RockPro64) back where it came from.

    So that gave me instant return of function to this TV. (But it delays where I was going to use the N2 in a more production Lab use and explore putting Devuan on it.)

    Why mention all this?

    Because I’m going to report something on swap setting but I’m suddenly doing it from the Odroid N2 instead of the RockPro64 and now you know why.

    The Odroid N2 has 2 x the memory of the RockPro64, so tickling swap space takes a LOT more “stuff”. 4 GB of stuff. Yet I did get there with enough tabs open with videos in them even in Chromium. It started slowing at 1.x GB of swap in use. This looks to be more or less constant across Armbian ports ( I’ve not tested others as much as the R.Pi isn’t enough horsepower for lots of video anyway and I only have Armbian running where I can’t get Devuan to go. IIRC, Gentoo also got cranky at about 1 GB of swap.)

    I’ll skip a lot of poking and prodding to try getting zram swap to “go” on the N2. There are about 3 ways to tell it to go. The regular way, the Ubuntu way, and the Armbian way (differently named configure files / SystemD crap each…). I tried all of them. No Joy. I suspect the reason it didn’t ship with zram swap (the Armbian norm is on) is that it has some issue and doesn’t run yet on the N2. Instead I layered a small mmc swap space of 250 MB with a backing space of a 4 GB partition on the uSD card.

    root@OdroidN2:/# swapon -s
    Filename				Type		Size	Used	Priority
    /dev/mmcblk1p2                         	partition	4194300	0	2
    /mmc/ext/SWAPFILE                      	file    	255996	0	4
    

    I’d use more on the mmc card but it is presently mostly full of Ubuntu as shipped from the factory. I can go to 1.5 GB on it, but then free space is near zero, so I’d have to remove the SWAPFILE to run Ubuntu.

    I then proceeded to launch music videos until memory was full and swap was being used. (Why music videos? They tend to complex backgrounds and lots of motion so don’t compress as well as static shots, so more memory used.) Spilling to swap, at about 1 GB used, things started that “slow, slower, much slower, click shit and hope, wait-wait-did it finally change panels?” decay and I rapidly started closing tabs until responsiveness returned. (Then explored zram for a few hours…)

    Along the way, at an Armbian forum, ran into a discussion of vm.swappiness. These were Armbian folks arguing over setting it to 0 vs 100. What happened to 60 “The Usual” value, I wondered. Checking swappiness on the N2, I found it was 100. That basically says “Hold on to every page of memory you can until it is desperation time, then and only then, start deleting old idle pages”. (Swappiness 0 says “Dump idle pages as fast as you can and try to never never use swap” while 60 is in between.)

    This, being a SystemD afflicted system, I get to use “sysctl”. Use /etc/sysctl.conf to set values and the sysctl command to see what’s happening… so here’s my present setting:

    root@OdroidN2:/# sysctl vm.swappiness
    vm.swappiness = 50
    

    Here’s the line that sets it:

    root@OdroidN2:/etc# cat sysctl.conf
    #
    # /etc/sysctl.conf - Configuration file for setting system variables
    # See /etc/sysctl.d/ for additional system variables.
    # See sysctl.conf (5) for information.
    #
    [...]
    vm.swappiness=50
    net.ipv6.conf.all.disable_ipv6 = 0
    net.ipv6.conf.default.disable_ipv6 = 0
    net.ipv6.conf.lo.disable_ipv6 = 0
    root@OdroidN2:/etc# 
    

    Note that I also took the opportunity to shut of ipv6 functions by changing the default “1” to “0”.

    Well, after that change and a reboot, I can open all the tabs I want in Chromium. Once it starts running out of memory, it just drops idle pages of video content. Going back to a (long time idle) tab has a “can not display content, reload?” message and clicking reload it pops right up. Don’t know if that’s reloading from cache or the internet, but I’d expect cache.

    It’s not swapping quite as much as I’d like, so I’m thinking of trying swappiness at 609 to 80 and see how that does. I want it to use swap up to about 800 MB then start dropping idle pages, but we’ll see how touchy it is to changes over time.

    The point?

    IF you have swap congestion / hang issues, first thing to do is check swappiness and if it is 100, turn it down a ways.

    OK, with that, I’m going back to my regularly scheduled programming ;-)

    (Side note: Why not IPv6? Aside from the fact that nothing else on my whole network is running it, and it’s a damn annoyance to use those very long hex? IP addresses, it impresses me as a bit, um, prone to leakage. I’ve not investigated it all yet, but the emphasis seems to be on “let me get to the internet regardless” and less on “keep my space private”. It’s a bit of a whack-a-mole game to get it to shut up. I also don’t need the excess traffic on my network. Finally, I LIKE using NAT [network address translation] in my boundary router / lab isolation router to add a layer of security. IPv6 is specifically designed to eliminated the need for and use of NAT. I like that NAT does not let traffic originate outside and come in, but only allows return traffic to my outbound. I don’t need any IPv6 “come on in” function in my network.)

  18. E.M.Smith says:

    Changed swappiness to 70 and watched video for many hours without swap reaching 1 GB or the system having issues. I think the old standard of “60” is likely just about right…

  19. E.M.Smith says:

    Not really the right place for this… but I need to document it somewhere AND vent a bit. Reason to hate SystemD number 1,389,490,816

    I changed swappiness on the Odroid N2 running Armbian to 60 and rebooted. Yeah, 70 was fine, but I decided to try the value chosen by generations of Unix SysAdmins as the usual best. The “standard” unless you had good reason otherwise.

    I had also noticed that I was getting way more ads in stuff than usual. Was something wrong with my PiHole DNS? Looking into it (doing an ‘nslookup apple.com’ for example) I found I was using the Telco Router for DNS resolution. WT? OK, easy fix.

    For at least a generation, you just edit resolv.conf, put in the DNS server you want, and go on your way.

    root@OdroidN2:/etc# cat resolv.conf
    # Generated by NetworkManager
    search chiefio.home
    nameserver 192.168.0.254
    nameserver 8.8.8.8
    

    I don’t want 8.8.8.8
    I did’t choose it at any time.
    The other is the Telco router. OK, perhaps DHCP got that.

    I changed it, rebooted. Nothing changed.

    OK… guess “network manager” has a secret somewhere and is using that instead of what I’ve explicitly stated. I didn’t run “network manager”. I didn’t ask for it.

    I did a web search.

    Now you might be wondering just why an experienced systems administrator with over 40 years of just about every flavor of Unix, SunOS, Solaris, AUX, Unicos, BSD, Linux FROM It’s inception, and more would need to do a web search to find out how to change the nameserver choice. I certainly did…
    https://forum.armbian.com/topic/8806-please-how-do-i-set-the-dns-server/

    PLEASE — How do I set the DNS server!
    […]
    I’ve tried editing the network connection, adding DNS servers, which had no effect except that systemd-resolve –status shows the correct DNS servers for eth0 (the wired connection). This cannot be altered by systemd-resolve –set-dns=[DNS Server IP]. It doesn’t throw an error but neither does it change anything, even on reboot.

    I’ve tried editing /etc/systemd/resolved.conf with nano, uncommenting and setting the DNS, FallbackDNS, uncommenting and turning LLMNR=no, MulticastDNS=no, Cache=yes, DNSStubListener=no Saving that and rebooting doesn’t change a thing.

    I’m on a SOHO LAN and do not have a DNSSEC signed router.

    Someone suggested editing ./etc/resolv.conf directly with nano, despite the head text which says it won’t work. It doesn’t work.

    There follows a series of suggestions and failures… Way down the list is just how to run the “network manager” at a terminal.

    network manager (nmtui from the shell, or one can do nmcli) is really your friend here… it’ll work directly with systemd-resolve to ensure that the resolvers are set correctly.

    Why, of course, isn’t it obvious that the “network manager” would be named nmtui? Or maybe nmcli? /sarc;

    OK, I ran it. Got an ncurses (block crayola looking) menu that says it let me change the name servers. Nothing changed in /etc/resolv.conf though. So now I’m going to do a reboot to see if THAT tickles something that causes SystemD to do “whatever” and listen to the pleas of nmtui… or whatever.

    Changing a fricking name server is generally a TRIVIAL task in standard Unix / Linux. You need to know ONE thing. Edit file foo. The foo sometimes changes a little, but typically you can put it in resolv.conf or sometimes in the particular network interface definition so as to have specific name servers for specific interfaces. But, looking in /etc/network/interfaces we find:

    root@OdroidN2:/etc# cat network/interfaces
    source /etc/network/interfaces.d/*
    # Network is managed by Network manager
    auto lo
    iface lo inet loopback
    

    Yet more “Go away kid, you bother me…”

    So SystemD has Taken CONTROL of Networks and is doing it the way IT wants.

    I’m now going to reboot and find out if nmtui actually did anything, or not. And just why do I need to reboot or restart services or “whatever” anyway? Don’t ask. It’s the Microsoft Way…

  20. E.M.Smith says:

    No Joy.

    ems@OdroidN2:~$ nslookup apple.com
    Server:		192.168.0.254
    Address:	192.168.0.254#53
    
    Non-authoritative answer:
    Name:	apple.com
    Address: 17.253.144.10
    

    So now I’m wondering, still, just how DO you change the DNS servers…

  21. E.M.Smith says:

    OK, edited /etc/systemd/resolved.conf and added my two DNS servers, then did a reboot “in the Microsoft Way”…:

    root@OdroidN2:/etc/systemd# cat resolved.conf 
    #  This file is part of systemd.
    [...]
    [Resolve]
    DNS=192.168.0.252
    FallbackDNS=192.168.0.253
    

    Nothing changed:

    root@OdroidN2:/etc/systemd# nslookup apple.com
    Server:		192.168.0.254
    Address:	192.168.0.254#53
    
    Non-authoritative answer:
    Name:	apple.com
    Address: 17.253.144.10
    

    So that’s THREE different ways of setting the DNS Name Server tried, and failed.

    This is just so wrong.

  22. E.M.Smith says:

    Ah, something DID change:

    root@OdroidN2:/etc/systemd# cat /etc/resolv.conf
    # Generated by NetworkManager
    search chiefio.home
    nameserver 192.168.0.254
    nameserver 192.168.0.252
    nameserver 192.168.0.253
    

    So it DID take my name servers and put them on the list, BUT, only behind ITS preferred one (that I do not want as it is the Telco one).

    OK, I guess that’s a bit of progress. But how do you remove the name server that isn’t requested?…

  23. E.M.Smith says:

    When in doubt, use a bigger crowbar…

    OK, it works. It’s a kludge. But it works. I don’t really want to debug or figure out the SystemD(mented) way… so this will do until I can get Devuan on this board.

    ems@OdroidN2:~$ nslookup apple.com
    Server:		192.168.0.252
    Address:	192.168.0.252#53
    
    Non-authoritative answer:
    Name:	apple.com
    Address: 17.253.144.10
    

    Success!

    How?

    Bruit force. In /etc/rc.local I just put an override of /etc/resolv.conf contents

    ems@OdroidN2:~$ cat /etc/rc.local
    #!/bin/sh -e
    #
    # rc.local
    #
    # This script is executed at the end of each multiuser runlevel.
    [...]
    # Since nmtui didn't work and editing /etc/systemd/resolved.conf
    # left the Telco DNS at the top of the list, I'm just going to 
    # crowbar in the desired name servers... -E.M.S.  1Nov2020
    
    echo 'search chiefio.home' > /etc/resolv.conf
    echo 'nameserver 192.168.0.252' >> /etc/resolv.conf
    echo 'nameserver 192.168.0.253' >> /etc/resolv.conf
    

    Crude, but it works.

    Now, back to my regularly scheduled morning coffee, toast, and other breakfast…

  24. E.M.Smith says:

    Well this is interesting…. I wonder when Cisco bought them?

    Cisco logo – OpenDNS is now part of Cisco

    Don’t know if that’s good or bad. I’m pretty sure Cisco is in bed with the TLAs, so that means they have OpenDNS data on demand. OTOH, they likely had that before, more indirectly.

    Maybe it’s time for me to move my DNS servers to VPN and encrypted pipes… I don’t have much leakage at present as my DNS server just does one lookup (and not to my Telco…) then caches it for a day for any subsequent lookups. But putting it in a different geography / identity via VPN and using encrypting DNS so only if they have compromised the server do they get anything, well, that would be better (and maybe time for me to get a Round Tuit…

  25. jim2 says:

    Warning
    Using PulseAudio without udev or systemd is not recommended. This breaks both auto-detection and hot-plugging as well as disabling ConsoleKit.

    https://wiki.gentoo.org/wiki/PulseAudio#Global

  26. Pingback: Food Fight Over Encrypting DNS | Musings from the Chiefio

  27. E.M.Smith says:

    @Jim2:

    Yeah, the PulseAudio folks are closely tied (many or all) to the SystemD folks. I’d be happy to have them both gone. ALSA is fine for audio.

    Eventually I see a hard schism as RedHat / Pottering with SystemD / PulseAudio etc. go off one way and “Experienced System Admins”, BSD, and non-SystemD systems like Devuan, Alpine, etc. go their own way.

    The SystemD / PulseAudio folks keep gasping control (and screwing up…) more and more bits. You can’t span both worlds forever as the cancer grows. Folks will need to choose up side.

    I’ve already chosen mine. Mostly. ( I do – barely – tolerate SystemD IFF it’s the only option that runs on one bit of my hardware. “Going forward” I’m only going to buy new hardware that has a non-SystemD operating system available.)

    FWIW, I’ve had nothing but pain and suffering from PulseAudio. Gee… seems to be a trend with code designed / written by Pottering….

  28. jim2 says:

    EM – It appears systemd is the 666 of the FOSS world. I got suckered into getting systemd installed when I re-installed pulseaudio. MX Linux has been a disappointment, but you have to be ever vigilant nowadays or you get what you were trying to avoid. I’vd downloaded Devuan and I’m going to give it a shot.

  29. Power Grab says:

    There might be a better place to put this, but here goes:

    Headline:
    Raspberry Pi 400 is out: $70 for a complete PC with a faster Pi 4 in a keyboard
    The Raspberry Pi 400 comes with 4GB RAM, a faster Raspberry Pi 4 and a built-in heatsink to keep it cool.

    That’s an article on ZDNet:
    https://www.zdnet.com/article/raspberry-pi-400-is-out-70-for-a-complete-pc-with-a-faster-pi-4-in-a-keyboard

  30. E.M.Smith says:

    @Jim2:

    Yeah, it is a real piece of work…

    FWIW I think I found how to turn off the Telco DNS in SystemD. In that nmtui program, IF you chose an interface and IF you chose manual setting and IF you scroll all the way down to the bottom (IIRC) there was a check box to “turn off automatic DNS”.

    My God how are you supposed to discover that?

    So I’ve had to resort to manually configured DNS instead of DHCP with DNS override. What crap.

    It is almost like IBM (Owner of Red Hat) is having them complicate the administration so much you need “Professional Services” to make it go. But I’m sure that Professional Services being their biggest profit center has nothing to do with it…

    @PowerGrab:

    This is a tech thread, so as good as any other.

    Now THAT is a device that could get me to buy a Pi M4. My one big gripe about it is the lack of proper heat management. Having it prepackaged with a heat sink fixed that.

    So now my only remaining question would be is there a Full Sized HDMI on it? I have NOTHING that is shrunken sized, so don’t like the idea of more cables to buy (and track) plugged into a more fragile port… Sure, I cold make it “go”, but the dinky plugs and sockets are not robust to frequent motion…

  31. E.M.Smith says:

    Well, looked at the link. With all that real estate on the case, they stuck with the micro-HDMI. Oh Well… I still might get one IF there’s a very flexible thin cable to plug into it to assure no socket strain.

    FWIW, I’m REALLY HAPPY with my Logitech K400+ Keyboard / Trackpad combo. It has a little nubby (like a wifi nubby) that plugs into a USB port and “Presto!” you have a wireless KB & Mouse. (Using it ATM to type this).

    So I regularly put an SBC on a dresser, table, desk, wherever… with the nubby plugged in, apply power and monitor (and network or WiFi) and I’m done.

    IIRC it was about $40, so it + Pi would cost more. OTOH, no wires!

    That particular Pi in KB would work nicely in my office (modulo the fact that all my monitors are on full sized HDMI cables to plug into ALL my other SBCs…. ) Maybe someone makes a small highly flexible cable uHDMI to Full size HDMI adapter…

  32. E.M.Smith says:

    Just a note on device types and swap:

    I did some testing to push swap to different device types, so I could see just how good or bad it worked.

    Not really any surprises.

    Zram works very well and very fast. The only surprise to me was how little it seemed to consume “real memory” to make the compressed memory space. I’m not fond of the idea of taking memory away from use as regular memory when you are running out of regular memory, but in actual testing it was a big net win.

    The mmc card (on systems where I have one) is also very good. Not as fast as Zram, but still fast enough so as to not notice swap going to it. It is the 2nd best choice.

    Real Disk: Has a bit of start up lag for some disks. Once spinning, the pause goes away and swap can proceed “well enough”. On big loads where you run a lot of video stuff and start swapping 100 MB chunks, there can be occasional pauses of short duration. For most any other use, I could not detect any issues. Mostly just “every so often” you might take a 2 second pause for the disk to spin up if it went tidle.

    uSD Card: These are sucky as swap. Yeah, it can work, especially at low swap levels like a few hundred MB that’s mostly (all?) idle crap just being swapped out and not much need to swap in. Once you hit about 800 MB of swap use, there’s some kind of exponential decay sets in. To swap “something important” in, you must swap something else out, so a large block write plugs up the read-in, which causes more system distress and more write / read requests and pretty soon you are in thrash lock. At about 1 GB of swap this seems to happen nearly universally.

    So what have I chosen to do?

    1) On any system that supports Zram swap, set up a 1/4 of physical memory Zram swap space. (The “that supports” qualification is because I’ve yet to get it to work on the Odroid N2 despite having the configs set as claimed correct.)

    2) If a system has an mmc card in it, set aside 1 GB for swap if at all possible. This is to be just a bit lower priority than Zram.

    3) IF you have no Zram (or actually need all phys mem) and no mmc card: Use a USB hard disk for swap space. 1 to 2 GB. Preferably no other contention on the disk (i.e. not fighting for head seeks with /usr /usr/lib /home etc. all at the other end of the disk).

    4) Use uSD space for swap only as a last resort. I’m generally setting up 1 GB swap spaces on any media (disk, mmc, uSD…) but I’m likely to cut that back to 500 MB on the uSD and use it only as a lowest priority Aw Shit Happens space that’s just there for the odd few blocks that rolls past everything else. If ever. Or at boot time if Zram doesn’t work, there’s no mmc card, and I’ve not got a USB disk plugged in yet.

    5) On another thread someone recommended I look into USB SSD storage. I was a bit dismissive due to having had one die on my spousal Macintosh and knowing that excess write cycles can wear out the bit storage (and thus you suddenly lose all data on the “disk”). Yet you can get smaller ones fairly cheaply. I’ll now be looking into getting one just for use as /tmp, large write heavy short use analysis databases, SWAP space and such. I’ve done zero research on choices or options, but just as a random example, here’s one at $50 from Amazon:

    Not keen on PNY as their uSD cards have sucky performance. Once you fill a (admittedly good sized) internal buffer the actual write speed drops a lot. Clearly they put a big write cache in front of actually slow storage and then made good looking spec numbers … for a little while…

    Looks like a close out price, but hey, whatever.

    It is well worth it to me to “blow” $50 on my $80 “media station” to make swap an irrelevant thing and not have to wait for a hard disk to spin up “sometimes” even if it only lasts a coupe of years.

  33. Ed says:

    A brief update.

    It’s been a while (October?), and life has gotten in the way, but I did get Devuan installed.

    But for the life of me I could not get WiFi to work. I tried several cards, no luck, eventually even adding in the non-free binaries.

    I understand Devuans position in not wanting to bundle them, but given that, to a first approximation, there are NO free drivers for WiFi, it’s incredibly short sighted – how many people are just going to walk away?

    I ordered a USB WiFi dongle from Think Penguin, and it’s sitting there on the desk waiting for me to get over my irritation. It’s been a few weeks, maybe in another month or two.

    After hours of Devuan installation experience, spread across a couple of days, reminiscent of the installs of the early 2000s I gave up, and went ahead and installed Mint on another partition.

    Smooth, flawless, maybe two hours total.

    ———

    I’ve been too busy to even unbox the Pi. Sigh.

    I did see an article about hardwired DNS addresses used to bypass Pi-holes the other day:
    https://labzilla.io/blog/force-dns-pihole

Comments are closed.