|01:48||Freejack has left IRC (Freejack!~Freejack@unaffiliated/freejack, Ping timeout: 260 seconds)|
|01:52||Freejack has joined IRC (Freejack!~Freejack@unaffiliated/freejack)|
|02:04||ben_roose has left IRC (email@example.com, Remote host closed the connection)|
|03:50||vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)|
|04:11||rac_ has joined IRC (rac_!71148af6@gateway/web/freenode/ip.22.214.171.124)|
I install google chrome on ltsp-PNP, the installation is completed properly, but in google chrome ltsp client does not show
can help me,
did you rebuild the image?
fat or thin clients?
I should run after installation software,
if you're using fat clients, you need to re-run ltsp-update-image in order for installed software to be available
ok i want try
a good answer, my problem is finished.
one more, why the client computer is sometimes a bit slow and not respond
rac_: what is the cpu/ram of the client?
is there another way to make it faster in client ltsp ?
if it is a fat client, the main way to make it faster is to get a faster fat client...
ON Server : Processor : i7, Memory 16G, HDD :1T...On the Clinet Processor : Dual Core, Memory 1G
On the client, run: grep 'model name' /proc/cpuinfo
What is the output?
Because saying "dual core" is like saying "my vehicle has 4 wheels". Not too specific...
rocessor : 0 vendor_id : AuthenticAMD cpu family : 16 model : 6 model name : AMD Sempron(tm) 145 Processor stepping : 3 microcode : 0x10000c8 cpu MHz : 2800.000 cache size : 1024 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 5 wp :
It has a cpu score of 800
Here is one i7: https://www.cpubenchmark.net/cpu.php?cpu=Intel+Core+i7-6700K+%40+4.00GHz
It has a cpu score of 10000+
That means that your server is 10 times faster than your amd client
For modern operating systems, clients should have more than 1000 score, and for new clients, it's best to buy with at least 2000 score
if the client computer I have a problem with the specification
What can I maximize existing computer ?
Is this your only client?
How many clients do you have?
there are multiple client computers at our place with the following specifications
Then you can't do much to make it better. LTSP doesn't make the clients run the OS faster than it would run if you installed it on a local disk.
since you have a nice server, you could try thin clients...
but a lot of things will still be very slow
I use ubuntu 16.04lts, if I use ubuntu 10.04lts, what could be better?
No, it's chromium that goes slowly, not ubuntu
Web browsing will be faster if you use firefox 1.0 or dillo, but half of the web won't be working at all then :)
This means the problem of Chrome instead of ubuntu, if I only use thunderbird what's the problem?
No problem, thunderbird should be faster than chrome
!learn cpubenchmark as One way to measure your client CPU performance is by looking up its CPU score in cpubenchmark.net. Anything with score below 1000 isn't really acceptable for today's web browsing needs etc. For new clients, try to buy ones with score>2000, whether you plan to run them as LTSP fat clients or to install a local OS in them.
The operation succeeded.
but thunderbird is only a mail client
ok, thanks for the advice ( alkisg, vagrantc )
You're welcome rac_
rac_: good luck!
|04:57||rac_ has left IRC (rac_!71148af6@gateway/web/freenode/ip.126.96.36.199, Ping timeout: 250 seconds)|
|05:05||rac_ has joined IRC (rac_!71148af6@gateway/web/freenode/ip.188.8.131.52)|
|05:09||rac_ has left IRC (rac_!71148af6@gateway/web/freenode/ip.184.108.40.206, Ping timeout: 250 seconds)|
vagrantc: in epoptes.postinst, we're using faketime to fool openssl to generate a certificate that is valid since the Epoch
...it segfaults in 16.04, it'll probably segfault on sid too, I haven't checked
You've done some work on reproducible builds, right? Is there any other way than faketime to fool apps to think the date=epoch?
the way reproducible_builds has been going is to support SOURCE_DATE_EPOCH in the build tools.
faketime isn't prone to a variety of errors.
er, faketime is prone to a variety of errors.
vagrantc: so that wouldn't help in telling openssl to generate a certificate valid since the Epoch, it could only be used at the build time of openssl...
Any other ideas that could work?
The problem is that clients like rpi or PCs with failed CMOS dates don't accept the epoptes certificate if their clock is wrong
*failed CMOS batteries resulting to wrong dates...
I see that there are other apps using faketime with openssl, e.g. http://permalink.gmane.org/gmane.linux.pve.devel/16245, maybe we should file a bug report against faketime or openssl
alkisg: well, you could set SOURCE_DATE_EPOCH=0
alkisg: but openssl would have to respect SOURCE_DATE_EPOCH
SOURCE_DATE_EPOCH is seconds since the start of the unix clock.
vagrantc: openssl would only need to respect that during its build though, not during runtime, right?
|05:54||* vagrantc has been noticing some at least reset to the CMOS manufacturing date or software date, rather than 1970|
alkisg: during runtime *might* be reasonable for openssl
That still makes the certificate invalid, even 2014 does, when epoptes was installed in 2016
toolchains need to respect it
alkisg: yeah, i get that
openssl could arguably be part of a toolchain
alkisg: might make sense to use fake-hwclock or timesyncd to ensure a sane time
vagrantc: fake-hwclock can't work with ltsp without server-side storage
|05:59||ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)|
and timesyncd might run too late, after the epoptes service starts
|06:00||* vagrantc thought timesyncd ran very early|
the network time doesn't necessarily kick in in a timely fashion, but it also has a timestamp file
It has to contact the server, possibly skew the clock etc... even if it starts early, in practice I've seen it doesn't succeed
the timestamp file read should happen very early
One way around it is to implement something like fake-hwclock in ltsps or epoptes,
we could touch that file from ltsp-update-image
so that if the client clock date is earlier than the epoptes certificate timestamp, to update the clock date to that
yeah, it wouldn't be hard
epoptes-client can do that while starting itself, or can put a script at ltsp/init-ltsp.d
it can do that for any client, or only for ltsp clients
only problem is one of "should we really be messing with that" vs. relying on services which are supposed to handle that
What do you think it should do?
I'm not sure that certificates are supposed to have a start date
i'm fairly sure init-ltsp.d hook to touch the appropriate timesyncd file should work.
Yes, but that won't solve the problem in non-ltsp clients
oh yeah, those other computers
E.g. suppose that the epoptes-client manpage states: "if the certificate start date is in the future, epoptes assumes that the clock is broken, and updates it"
How reasonable is that?!
I don't see any downsides other than the initial "omg! that sucks!" :P
i see the logic of it, but it's kind of stepping on other toes.
alkisg: X509 dictates that the start date is for allowing you to pre-generate certificates which will become valid at specific cases where you might want to "automatically" cut over from an outdated certificate
maldridge: yes, but what about *not* specyfing a start date because you don't need one?
not specifying a start date sure would be a more elegant solution
I think not providing for that is similar to a bug... not just feature request
hmm, I don't think that's within spec, but I believe most things do tolerate that
|06:07||* vagrantc wonders if there's an alternative to openssl that miht be more flexible|
I've always just set the start date to '0' and the end date to 2038
well, that sounds like what alkisg is looking for
maldridge: how do you do that?
I actually didnt' write those scripts, another guy on my team did
I can ask him in the morning (its 0100 here)
if it's already possible with the existing tools, that would solve the issue
I've seen other packages using faketime just to fool openssl
I believe it might be possible to set the server start date back to an earlier time and then generate it with a long window, but that might mess with other things when stuff gets installed
I do hope it's possible to set a blank or another start date, but I don't have high hopes for it...
maldridge: that's what we're using faketime for
We're setting the date back to 1970
(just for openssl)
yeah that would make sense
we're largely moving away from fake certs at my site, but that does seem like a good idea to do it that way
|06:16||* vagrantc waves|
|06:16||vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)|
Good night vagrantc
|07:28||kjackal has left IRC (kjackal!~quassel@2a02:587:3117:9e00:790f:ff4d:499c:57c2, Ping timeout: 260 seconds)|
|07:33||kjackal has joined IRC (firstname.lastname@example.org)|
|10:58||adrianorg has left IRC (email@example.com, Ping timeout: 260 seconds)|
|10:58||adrianorg has joined IRC (firstname.lastname@example.org)|
|12:10||ben_roose has joined IRC (email@example.com)|
|13:09||adrianorg has left IRC (firstname.lastname@example.org, Ping timeout: 276 seconds)|
|13:10||adrianorg has joined IRC (email@example.com)|
|13:31||ben_roose has left IRC (firstname.lastname@example.org, Quit: Leaving)|
|14:51||ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)|
|15:36||kjackal has left IRC (email@example.com, Ping timeout: 276 seconds)|
nbd_server: Read failed: End of file
|15:49||_longines has joined IRC (firstname.lastname@example.org)|
Entering request loop
*Error: Read failed: End of file
|17:32||kjackal has joined IRC (kjackal!~quassel@2a02:587:3117:9e00:e113:dadf:2c9a:ae4)|
|18:18||cor_geeks_eadthe has joined IRC (email@example.com)|
|18:19||cor_geeks_eadthe is now known as cor_gfg_eadthem|
|18:23||cor_gfg_eadthem has left IRC (firstname.lastname@example.org, Quit: Leaving)|
|18:23||eadthem_cor_gfg has joined IRC (email@example.com)|
|18:31||eu^8478164117 has joined IRC (eu^8478164117!544ea475@gateway/web/freenode/ip.220.127.116.11)|
Γειἀ σας, παιδιά
|18:31||eu^8478164117 has left IRC (eu^8478164117!544ea475@gateway/web/freenode/ip.18.104.22.168, Client Quit)|
and to you too
|18:35||kjackal has left IRC (kjackal!~quassel@2a02:587:3117:9e00:e113:dadf:2c9a:ae4, Ping timeout: 260 seconds)|
|19:25||robb_nl has joined IRC (firstname.lastname@example.org)|
Haha, hello unknown greek person that joined the channel just to salute us...
|19:46||robb_nl has left IRC (email@example.com, Quit: I'm gone, bye bye)|
|23:48||gateway has joined IRC (gateway!c83797bc@gateway/web/freenode/ip.22.214.171.124)|
|23:50||ogra_ has left IRC (firstname.lastname@example.org, Ping timeout: 250 seconds)|
|23:50||ogra_ has joined IRC (email@example.com)|
|23:57||gateway has left IRC (gateway!c83797bc@gateway/web/freenode/ip.126.96.36.199, Quit: Page closed)|