Blog

Ryzen so far…

So my first iteration ended in a failed BIOS update…  Now I have a fresh MB.

Iteration 2 – disable everything

Ryzen machine is running pretty stable now with a few tweaks.   I was getting some memory paging bugs but one of things worked around it:

  • Moved from 4.10 (stock zesty) to 4.11 mainline kernel
  • Remove 1 of my 2 16 GB sticks of memory
  • Underclock memory from 2400 -> 2133
  • Re-enable VM Support (CVM)
  • Disable the C6
  • Disable boost

It was totally stable for several days after that..

Iteration 3 – BIOS update

Trying to have less things disabled (or more specifically to get my full 32 GB of ram) I did the latest (7A37v14) BIOS update (with all cables not important for the update removed).

Memtest had also intermittently shown bad ram… but I can no longer reproduce…  Both sticks tested independently show nothing is wrong..  Then I put both back in and it says it’s fine.

Part of that was resetting the settings above and although it was more stable I was still getting random crashes.

Iteration 4 – Mostly just underclock the RAM

  • Underclocked 32 GB of  memory from 2400 -> 2133
  • On 4.11 kernel mainline kernel with Nouveau drivers (previously on Nvidia prop. driver, but didn’t support 4.11 at the time)

So far it’s been stable and that’s what I’m running.

Outstanding things

  • CPU Temperature Reporting on Linux is Missing.  (AMD has to release the data to do so – see some discussion here.  That is a community project, posting there will not help AMD do anything)
  • Being coreboot friendly with these new chips
  • Update BIOS from Linux?
  • Why is VM support disabled by default? (It’s called SVM on these boards)
  • MSI please document/implement BIOS recover for these motherboards

Overall

Ryzen 1700 is a pretty powerful chip.  I love having 16 threads available to me (VMs/Compiling faster is what I wanted from ryzen and it delivers)   Like many new products there are some stumbling blocks for earlier adopters, but I feel like on my hardware combinations+ I’m finally seeing the stability I need.

*Stability testing was just leaving BOINC running (with SETI and NFS projects) with Firefox open.  And doing normal work with VMs, etc.
+ MB: MSI B350M MORTAR AM4
Ryzen 1700
2 x Patriot 16GB DDR4-2400  PSD416G24002H

Who we trust | Building a computer

I thought I was being smart.  By not buying through AVADirect I wasn’t going to be using an insecure site to purchase my new computer.

For the curious I ended purchasing through eBay (A rating) and Newegg (A rating) a new Ryzen (very nice chip!) based machine that I assembled myself.   Computer is working mostly ok, but has some stability issues.   A Bios update comes out on the MSI website promising some stability fixes so I decide to apply it.

The page that links to the download is HTTPS, but the actual download itself is not.
I flash the BIOS and now appear to have a brick.

As part of troubleshooting I find that the MSI website has bad HTTPS security, the worst page being:

Given the poor security and now wanting a motherboard with a more reliable BIOS  (currently I need to send the board back at my expense for an RMA) I looked at other Micro ATX motherboards starting with a Gigabyte which has even less pages using any HTTPS and the ones that do are even worse:

Unfortunately a survey of motherboard vendors indicates MSI failing with Fs might put them in second place.   Most just have everything in the clear, including passwords.   ASUS clearly leads the pack, but no one protects the actual firmware/drivers you download from them.

Main Website Support Site RMA Process Forum Download Site Actual Download
MSI F F F F F Plain Text
AsRock Plain text Email Email Plain text Plain Text Plain Text
Gigabyte (login site is F) Plain text Plain Text Plain Text Plain text Plain Text Plain Text
EVGA Plain text default/A- Plain text Plain text A Plain Text Plain Text
ASUS A- A- B Plain text default/A A- Plain Text
BIOSTAR Plain text Plain text Plain text n/a? Plain Text Plain Text

A quick glance indicates that vendors that make full systems use more security (ASUS and MSI being examples of system builders).

We rely on the security of these vendors for most self-built PCs.  We should demand HTTPS by default across the board.   It’s 2017 and a BIOS file is 8MB, cost hasn’t been a factor for years.

Juju’s localhost LXD now works with offline images

Some environments require no direct Internet access.   Previously to Juju 2.1.x it wasn’t possible to use Juju locally with LXD without the Internet.

Prereq: Setup Juju 2.1.x and LXD however you usually do in the environment

  1. Get an LXD importable image and move to the offline machine
    wget https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-lxd.tar.xz https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-root.tar.xz
  2. Import the image and assign it an alias so Juju knows to use it
    lxc image import xenial-server-cloudimg-amd64-lxd.tar.xz xenial-server-cloudimg-amd64-root.tar.xz --alias juju/xenial/amd64
  3. It’s a good idea to confirm that LXD can launch the image fine
    lxc launch juju/xenial/amd64
  4. Bootstrap and start deploying charms
    juju bootstrap localhost

This is just one part of running offline.   This may only work if you have a local package mirror that the LXD image will be able to detect as it does need to install some packages.

Additionally,  some charms may download software directly from Internet sites so those would also need more workarounds for them.

Fixed bug: https://bugs.launchpad.net/juju/+bug/1650651

RSS Reading – NewsBlur

Bye Tiny

Some recent hacking attempts at my site had convinced me to reduce the number of logins I had to protect on my personal site.   That’s what motivated a move from the -still- awesome Tiny Tiny RSS that I’ve been using since Google Reader ended.   I only follow 13 sites and maintaining my own install simply doesn’t make sense.

* None of the hacking attempts appeared to be targeting Tiny Tiny RSS ~ but then again I’m not sure if I would have noticed if they were.

Enter NewsBlur

My favorite site for finding alternatives to software quickly settled on a few obvious choices.  Then I noticed that one of them was both Open Source and Hosted on their own servers with a freemium model.

It was NewsBlur

I decided to try it out and haven’t looked back.  The interface is certainly different than Tiny (and after 3 years I was very used to Tiny ) but I haven’t really thought about it after the first week.   The only item I found a bit difficult to use was arranging folders ~ I’d really prefer drag and drop.   I only needed to do it once so not a big deal.

The free account has some limitations such as a limit to the number of feeds (64), limit to how fast they update, and no ability to save stories.   The premium account is only $24 a year which seems very reasonable if you want to support this service or need those features.  As of this writing there were about 5800 premium and about 5800 standard users, which seems like a healthy ratio.

Some security notes: the site get’s an A on  SSLLabs.com but they do have HSTS turned explicitly off.   I’m guessing they can’t enable HSTS because they need to serve pictures directly off of other websites that are HTTP only.

NewsBlur’s code is on Github including how to setup your own NewsBlur instance (it’s designed to run on 3 separate servers) or for testing/development.   I found it particularly nice that the guide the site operator will check if NewsBlur goes down is public.  Now, that’s transparency!

They have a bunch of other advanced features (still in free version) that I haven’t even tried yet, such as:

  • finding other stories you would be interested (Launch Intel)
  • subscribing to email newsletters to view in the feed
  • Apps for Android, iPhone and suggested apps for many other OSes
  • Global sharing on NewsBlur
  • Your own personal (public in free version) blurblog to share stories and your comments on them

Give NewsBlur a try today.  Let me know if you like it!

I’d love to see more of this nice combination of hosted web service (with paid & freemium version) and open source project.  Do you have a favorite project that follows this model?   Two others that I know of are Odoo and draw.io.

Once your organization get’s big enough…

it’s harder to keep everyone on the same page.  These are two emails I got from Mozilla in the last month.

Short Story:
MDN (their Wiki) is requiring everyone use a GitHub account now.
While add-ons.mozilla.org (addon authors/reviewers) is requiring everyone use a Firefox account now.
(Bugzilla can do a local account, a Persona account, or Github)

Just to be clear, this isn’t an issue specific to Mozilla, but I’d expect them to support OpenID more if their Persona initiative failed.

Aug 18
“Dear MDN contributor,

You are getting this message because you use Persona to log in to your account on MDN.

We are discontinuing Persona as a sign-in method. If you want to keep access to your account, you must link your profile to a GitHub account.

If you do not have a GitHub account, you will need to create one.

If you do not link your profile to a GitHub account by Oct. 31, you will not be able to log in to MDN using your current profile, create or update pages, or update your profile. We recognize that this is an inconvenience, and we apologize.

If you have questions, please let us know. You can also read more on MDN about this change.

Thank you,
The MDN Team”

July 28th
“In February 2016 we turned on Firefox Accounts as an authentication source for addons.mozilla.org (AMO). Since then, 80% of the developers who have visited AMO have migrated their account to a Firefox Account. We are writing to remind you to migrate your account as well.

We urge you to do so in the next few weeks, when the migration wizard will close and you will no longer be able to log in using your old AMO credentials. You can start the migration flow at https://addons.mozilla.org/users/login today.

After migration closes, you can still log in to your AMO account, but first you’ll have to create a Firefox Accounthttps://accounts.firefox.com/ using the same email address you use for your AMO account.

Sincerely,
The AMO Team”