• Toes♀@ani.social
    link
    fedilink
    arrow-up
    3
    ·
    2 months ago

    I noticed a pretty extreme difference in performance in openssh when using x11 forwarding when I touch the cipher suite.

    AES128-ctr vs AES128-gcm on kubuntu 22.04.

    I was wondering if anyone could shed some light into that. I’m mostly curious if it’s not using hardware acceleration when I switch it to GCM.

    • adr1an@programming.devOPM
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      The week went by and this was left unanswered. Usually I research a bit to treat anything on these threads. This time, I’m on the phone, so I went lazy and directly to chatgpt. Hopefully this is not an AI hallucination and it sheds some light for you.

      The performance difference you’re observing between AES128-CTR and AES128-GCM in OpenSSH with X11 forwarding can be attributed to several factors, including the nature of the ciphers and hardware acceleration support.

      AES128-CTR vs AES128-GCM

      1. Cipher Characteristics:

        • AES128-CTR (Counter Mode): This mode turns a block cipher into a stream cipher. It is generally faster because it can be parallelized and does not require padding.
        • AES128-GCM (Galois/Counter Mode): This mode provides both encryption and authentication (integrity check). The additional authentication step can introduce overhead, making it slower compared to CTR mode.
      2. Hardware Acceleration:

        • AES-NI Support: Modern CPUs support AES-NI (Advanced Encryption Standard New Instructions), which accelerates AES operations. Both CTR and GCM modes can benefit from AES-NI, but the extent of the acceleration can vary.
        • GCM Overhead: Even with hardware acceleration, GCM mode has additional computational overhead due to the authentication process. If the hardware acceleration is not fully utilized or if the implementation is suboptimal, this overhead can become more pronounced.

      Checking Hardware Acceleration

      To determine if your system is using hardware acceleration for AES operations, you can check the following:

      1. CPU Support:

        • Verify if your CPU supports AES-NI by checking the CPU flags:
          grep aes /proc/cpuinfo
          
        • If you see aes in the output, your CPU supports AES-NI.
      2. OpenSSL Benchmark:

        • Run an OpenSSL benchmark to see the performance difference between CTR and GCM modes:
          openssl speed -evp aes-128-ctr
          openssl speed -evp aes-128-gcm
          
        • Compare the results to see if there’s a significant difference in performance.
      3. SSH Configuration:

        • Ensure that your OpenSSH configuration is optimized for hardware acceleration. You can specify the ciphers in your SSH configuration file (/etc/ssh/sshd_config for the server and /etc/ssh/ssh_config or ~/.ssh/config for the client):
          Ciphers aes128-ctr,aes128-gcm@openssh.com
          
        • Restart the SSH service after making changes:
          sudo systemctl restart ssh
          

      Conclusion

      The performance difference between AES128-CTR and AES128-GCM is expected due to the additional authentication overhead in GCM mode. Ensuring that your system is utilizing hardware acceleration (AES-NI) can help mitigate some of this overhead, but GCM will generally still be slower than CTR. If performance is critical and you do not need the additional authentication provided by GCM, sticking with CTR mode might be the better option.

  • Parade du Grotesque@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    How do I configure my Linux, on a laptop, to consume as little battery as possible?

    A bit of context: one of my laptop ran Ubuntu, with acceptable battery drain (up to 3h30 of usage, running desktop applications: Firefox, terminal, vim, etc). This is a high-end laptop: 12 AMD Ryzen + AMD Rembrandt.

    I switched to open use, and now battery drains in one hour, running the exact same applications. Installed tuned, selected power save, tried power top, applied different parameters, etc, but no result: battery still dies after 1h. No improvement at all.

    I am going to investigate on my own, but any help is greatly appreciated.

    • adr1an@programming.devOPM
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      I assume this is an old laptop? If you’re able to remove the battery, as in the old models, you can measure it’s full milliamperes when at a 100%. It’s probably going to show a lower value than what’s reported by the user guides. From what you tell, I’d expect something as low as 1.5k… Beware that removing batteries with tools and so on might make them explode and is many times, just not an option.

      Perhaps you can even see this in the BIOS. Some modern BIOS might even tell the number of charging cycles, allowing you to infer it’s worn out. Chances are, you need a new battery. Which is tricky, since oftentime the “new” battery was sitting at some store but was manufactured by the company when the laptop model was fresh.

  • Dave@lemmy.nz
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    I’ve recently made it to Act 3 in Baldur’s Gate 3, and my integrated graphics on my laptop aren’t keeping up, so now I have installed it on my desktop machine and am using Steam Remote Play (my desktop is plugged into the TV, it’s not a proper desktop setup).

    Often, the Steam connection drops out and the game keeps playing on the desktop but I can’t connect back to it from the laptop.

    Any suggestions on what I could do to either stop losing the connection or let me connect back to it after it drops?

    Set up:

    • Laptop has Nobara Gnome spin
    • Desktop has Mint Cinnamon
    • Bought BG3 on GOG, installed through Heroic Launcher, added to Steam as non-steam game to play it.
    • Toes♀@ani.social
      link
      fedilink
      arrow-up
      2
      ·
      2 months ago

      Are you trying to do this over ethernet or WiFi?

      If you’re trying to use wifi that connection needs to be stellar for this to work well. No over-lapping channels with the neighbours and not too many clients.

      If you’re experiencing this on a wired connection, look into if your gear supports jumbo frames and confirm it’s a gigabit link.

      Try using Vulkan mode for BG3.

      • Dave@lemmy.nz
        link
        fedilink
        arrow-up
        2
        ·
        2 months ago

        Laptop is on WiFi, desktop is on ethernet.

        Laptop is directly next to an access point that is connected via ethernet, though I know the network is not super stable. I often have to restart the ISP router after it drops out.

        I am confused why Steam doesn’t let me reconnect though. Normally if the game is running you can open Steam and choose to connect to it. But I don’t get this option, it’s like it’s forgotten that it started the game.

        In Steam it’s set to use Proton and I select the bg3.exe or whatever it’s called, not the bg3_dx11.exe. Is this using Vulcan mode?

        • Toes♀@ani.social
          link
          fedilink
          arrow-up
          2
          ·
          2 months ago

          Are you able to connect everything involved via ethernet?

          Wi-Fi can be unreliable for many reasons so being near it isn’t going to change the thought much.

          A quick google suggests to me that it’s Vulkan if you are running it that way but I can’t confirm.

          What may be happening is that when the connection is unstable it may not be well designed enough to handle the dropped connection gracefully to let you reconnect.

          • Dave@lemmy.nz
            link
            fedilink
            arrow-up
            2
            ·
            2 months ago

            I’m running a Framework laptop and don’t have the LAN expansion card as it wasn’t release at the time I got my laptop. I can order one, but they also don’t sell Frameworks in my country so it’s a long freight forwarding process 🙁.

            I’ve been considering a new gateway (rather than the ISP router) to see if that helps stabilise the network. Maybe that will be helpful until I can get a proper LAN connection.

            • Toes♀@ani.social
              link
              fedilink
              arrow-up
              2
              ·
              2 months ago

              If I recall correctly the framework laptops have a bunch of USBC ports?

              If so you could just get a USBC dongle for it.

              In the meantime we can evaluate the quality of your WiFi. If you have an android phone, I find this app works fairly well for visualizing the network.

              https://play.google.com/store/apps/details?id=com.vrem.wifianalyzer

              Additionally, If you have a dual band router I would suggest disabling the 2.4Ghz band unless you have any legacy devices that use it.

              Check that your network isn’t overlapping with any other networks.

              • Dave@lemmy.nz
                link
                fedilink
                arrow-up
                1
                ·
                2 months ago

                Yes framework expansion card slots are just a bunch of USBC ports, but seems a waste not to get the proper expansion card that slots nicely into the laptop looking like it was built in instead of a boring regular dongle.

                I checked out the app you suggested, not entirely sure what I’m doing but the app seems happy with my wifi. My network is strong, others from neighbours are all pretty weak.

                Unfortunately I need 2.4Ghz wifi for a bunch of home automation things.

    • adr1an@programming.devOPM
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      Oh, tough one. I don’t know what’s that protocol. But I guess it’s not tied to WiFi. So, How about getting a cheap ethernet switch? That’s how I connect devices in my living room to the router given by ISP that’s on the other side of the wall.

  • Corbin@programming.dev
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    I want to run PipeWire as a system user and have multiple login users access it. My current hack is to run it as one login user and then do something like:

    export XDG_RUNTIME_DIR=/run/user/1001
    

    Where 1001 is the user ID. Is there a cleaner approach?

    • comma@midwest.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      You could utilize the server/client functionality over the local network instead of using the same process.

      So you could point the other users to the machine’s local address and they would automatically find the Pipewire server. Maybe? I guess? It’s just a theory.

      https://wiki.archlinux.org/title/PipeWire#Sharing_audio_devices_with_computers_on_the_network

      This thread seems to have what you’re looking for.

      https://bbs.archlinux.org/viewtopic.php?id=265878

      According to the thread, its possible to provide system-wide usage by enabling this option at build time:

      -Dsystemd-system-service=enabled
      

      Or it seems like you could share it over the local network by editing the Pipewire config file and making an environment variable. (See post #5.)

      Or you could

      Just add the “player” user to the “audio” group

      according to post #8.

      Note: it seems like Pipewire runs on port 4713. So the server would run on 0.0.0.0:4713, I guess.