this post was submitted on 01 Sep 2024
33 points (97.1% liked)

Linux

5187 readers
158 users here now

A community for everything relating to the linux operating system

Also check out [email protected]

Original icon base courtesy of [email protected] and The GIMP

founded 1 year ago
MODERATORS
top 26 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 2 months ago (1 children)

I noticed a pretty extreme difference in performance in openssh when using x11 forwarding when I touch the cipher suite.

AES128-ctr vs AES128-gcm on kubuntu 22.04.

I was wondering if anyone could shed some light into that. I'm mostly curious if it's not using hardware acceleration when I switch it to GCM.

[–] [email protected] 2 points 2 months ago

The week went by and this was left unanswered. Usually I research a bit to treat anything on these threads. This time, I'm on the phone, so I went lazy and directly to chatgpt. Hopefully this is not an AI hallucination and it sheds some light for you.

The performance difference you're observing between AES128-CTR and AES128-GCM in OpenSSH with X11 forwarding can be attributed to several factors, including the nature of the ciphers and hardware acceleration support.

AES128-CTR vs AES128-GCM

  1. Cipher Characteristics:

    • AES128-CTR (Counter Mode): This mode turns a block cipher into a stream cipher. It is generally faster because it can be parallelized and does not require padding.
    • AES128-GCM (Galois/Counter Mode): This mode provides both encryption and authentication (integrity check). The additional authentication step can introduce overhead, making it slower compared to CTR mode.
  2. Hardware Acceleration:

    • AES-NI Support: Modern CPUs support AES-NI (Advanced Encryption Standard New Instructions), which accelerates AES operations. Both CTR and GCM modes can benefit from AES-NI, but the extent of the acceleration can vary.
    • GCM Overhead: Even with hardware acceleration, GCM mode has additional computational overhead due to the authentication process. If the hardware acceleration is not fully utilized or if the implementation is suboptimal, this overhead can become more pronounced.

Checking Hardware Acceleration

To determine if your system is using hardware acceleration for AES operations, you can check the following:

  1. CPU Support:

    • Verify if your CPU supports AES-NI by checking the CPU flags:
      grep aes /proc/cpuinfo
      
    • If you see aes in the output, your CPU supports AES-NI.
  2. OpenSSL Benchmark:

    • Run an OpenSSL benchmark to see the performance difference between CTR and GCM modes:
      openssl speed -evp aes-128-ctr
      openssl speed -evp aes-128-gcm
      
    • Compare the results to see if there's a significant difference in performance.
  3. SSH Configuration:

    • Ensure that your OpenSSH configuration is optimized for hardware acceleration. You can specify the ciphers in your SSH configuration file (/etc/ssh/sshd_config for the server and /etc/ssh/ssh_config or ~/.ssh/config for the client):
      Ciphers aes128-ctr,[email protected]
      
    • Restart the SSH service after making changes:
      sudo systemctl restart ssh
      

Conclusion

The performance difference between AES128-CTR and AES128-GCM is expected due to the additional authentication overhead in GCM mode. Ensuring that your system is utilizing hardware acceleration (AES-NI) can help mitigate some of this overhead, but GCM will generally still be slower than CTR. If performance is critical and you do not need the additional authentication provided by GCM, sticking with CTR mode might be the better option.

[–] [email protected] 2 points 2 months ago (2 children)

I've recently made it to Act 3 in Baldur's Gate 3, and my integrated graphics on my laptop aren't keeping up, so now I have installed it on my desktop machine and am using Steam Remote Play (my desktop is plugged into the TV, it's not a proper desktop setup).

Often, the Steam connection drops out and the game keeps playing on the desktop but I can't connect back to it from the laptop.

Any suggestions on what I could do to either stop losing the connection or let me connect back to it after it drops?

Set up:

  • Laptop has Nobara Gnome spin
  • Desktop has Mint Cinnamon
  • Bought BG3 on GOG, installed through Heroic Launcher, added to Steam as non-steam game to play it.
[–] [email protected] 5 points 2 months ago (1 children)

Are you trying to do this over ethernet or WiFi?

If you're trying to use wifi that connection needs to be stellar for this to work well. No over-lapping channels with the neighbours and not too many clients.

If you're experiencing this on a wired connection, look into if your gear supports jumbo frames and confirm it's a gigabit link.

Try using Vulkan mode for BG3.

[–] [email protected] 2 points 2 months ago (1 children)

Laptop is on WiFi, desktop is on ethernet.

Laptop is directly next to an access point that is connected via ethernet, though I know the network is not super stable. I often have to restart the ISP router after it drops out.

I am confused why Steam doesn't let me reconnect though. Normally if the game is running you can open Steam and choose to connect to it. But I don't get this option, it's like it's forgotten that it started the game.

In Steam it's set to use Proton and I select the bg3.exe or whatever it's called, not the bg3_dx11.exe. Is this using Vulcan mode?

[–] [email protected] 2 points 2 months ago (1 children)

Are you able to connect everything involved via ethernet?

Wi-Fi can be unreliable for many reasons so being near it isn't going to change the thought much.

A quick google suggests to me that it's Vulkan if you are running it that way but I can't confirm.

What may be happening is that when the connection is unstable it may not be well designed enough to handle the dropped connection gracefully to let you reconnect.

[–] [email protected] 2 points 2 months ago (1 children)

I'm running a Framework laptop and don't have the LAN expansion card as it wasn't release at the time I got my laptop. I can order one, but they also don't sell Frameworks in my country so it's a long freight forwarding process 🙁.

I've been considering a new gateway (rather than the ISP router) to see if that helps stabilise the network. Maybe that will be helpful until I can get a proper LAN connection.

[–] [email protected] 2 points 2 months ago (1 children)

If I recall correctly the framework laptops have a bunch of USBC ports?

If so you could just get a USBC dongle for it.

In the meantime we can evaluate the quality of your WiFi. If you have an android phone, I find this app works fairly well for visualizing the network.

https://play.google.com/store/apps/details?id=com.vrem.wifianalyzer

Additionally, If you have a dual band router I would suggest disabling the 2.4Ghz band unless you have any legacy devices that use it.

Check that your network isn't overlapping with any other networks.

[–] [email protected] 1 points 2 months ago (1 children)

Yes framework expansion card slots are just a bunch of USBC ports, but seems a waste not to get the proper expansion card that slots nicely into the laptop looking like it was built in instead of a boring regular dongle.

I checked out the app you suggested, not entirely sure what I'm doing but the app seems happy with my wifi. My network is strong, others from neighbours are all pretty weak.

Unfortunately I need 2.4Ghz wifi for a bunch of home automation things.

[–] [email protected] 2 points 2 months ago (1 children)

Do you see any overlap on yours in the graph view?

[–] [email protected] 1 points 2 months ago (1 children)

Some, at much lower strengths. Most of the graph is covered though, and the access point is using the recommended channel. It has band steering so automatically changes the channel to optimise.

[–] [email protected] 2 points 2 months ago (1 children)

So there's a few issues at play.

That automatic channel changing feature is more harmful than helpful in this context.

If you're able to lock it onto an entirely empty channel it'll help. Try for channel 106

[–] [email protected] 1 points 2 months ago (1 children)

I have the ISP router and two AmpliFi mesh access points to provide the wifi. The ISP router also has a wifi network, this is the 2.4Ghz one for the IoT devices.

When I try to change the channel for the access points, I don't get the option for channel 106. I only get the option for 36, 40, 44, 48, 149, 153, 157, 161.

I also noticed that I had missed that there's a little button in the wifi scanning app to toggle between 2.4Ghz and 5Ghz. I noticed if I change the channel, a whole bunch of hidden networks come with it. I think this must be related to the mesh network, it's a lot of networks though! 8 or 9 of them, two separate ones with the same network name (I presume the two access points), and the rest all marked as hidden.

In the app, what does the width of the bar represent? It says something like Wifi_Network 157 (155) and has a big flat top that seems to cover a range. Is that indicating that nearby channels can interfere with each other?

[–] [email protected] 2 points 2 months ago (1 children)

Another thought of mine is that wireless devices can perform poorly if they are too close to the AP. (Like less than a meter)

I don't get the option for channel 106

Assuming you're not in a country that blocks the use of those channels. There is a bunch of corner cutting gear out there that won't let you use a big chunk of the 5ghz spectrum.

If you're shopping for new stuff look for gear that supports DFS channels in the future.

...and two AmpliFi mesh access points to provide the wifi.

Mesh networks can perform poorly for applications that are sensitive to latency and jitter. (Such as steam's remote play)

a whole bunch of hidden networks come with it. I think this must be related to the mesh network, it's a lot of networks though! 8 or 9 of them

It's possible that some of those are related. My assumption is that there's interference from your own devices and the neighbours. But a mesh network isn't an ideal environment.

In the app, what does the width of the bar represent? It says something like Wifi_Network 157 (155) and has a big flat top that seems to cover a range.

This is indicative of the channel width. It's a common occurrence to have a network use overlapping channels to increase performance.

The take away is that not all channels are isolated from one another and it's possible for a network to have many of them bonded together.

With Wifi_Network 157 (155). It's indicating that the network's real channel 155 with a 80mhz channel width. But it's configured to channel 157 for its beacon as not all devices will connect in 80mhz mode. 157 represents the 20mhz channel it's configured to camp on.

Is that indicating that nearby channels can interfere with each other?

Yes.

Channel chart source: https://readus247.com/best-5ghz-channel/

[–] [email protected] 1 points 2 months ago (1 children)

Wow thanks for all the info!

Another thought of mine is that wireless devices can perform poorly if they are too close to the AP. (Like less than a meter)

Huh, I wouldn't have thought of that. I'm pretty close! I'll try moving it a bit further away.

Mesh networks can perform poorly for applications that are sensitive to latency and jitter. (Such as steam’s remote play)

Last night it was much more stable, I didn't have any Steam dropouts (only the BG3 crashes which seem pretty common in Act 3 after having none until then, and I'm not the only one). But I do have the option to create a separate non-mesh network from the AP if I need to. If I have further trouble I'll give that a go.

It’s possible that some of those are related. My assumption is that there’s interference from your own devices and the neighbours. But a mesh network isn’t an ideal environment.

When I changed the channel, the whole lot came with it, hence my assumption.

[–] [email protected] 2 points 2 months ago (1 children)

But I do have the option to create a separate non-mesh network from the AP

Channel 165 tends to be empty if you do try that.

If your core problem is bg3 itself crashing then I've gone on a silly tangent here.

You might find act 3 is more stable in dx11 mode assuming proton is up for the challenge.

[–] [email protected] 2 points 2 months ago (1 children)

Two issues here: Issue one, BG3 itself crashes all the time. This most likely isn't linux related, because it's been rock solid up to Act 3 and everyone across all platforms complains about all the crashing in Act 3. Solution - quick save all the time.

Issue two, sometimes Steam Remote Play will disconnect from the game. The game continues to play on the remote PC but the connection is lost, and it won't let me reconnect (which is something Steam normally lets you do, but this might be because it's a non-steam game).

Your info on wifi networks to prevent the connection dropping has definitely been relevant and helpful!

[–] [email protected] 2 points 1 month ago (1 children)

Now that patch 7 has landed has your experience improved?

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago)

Oh I hadn't realised it had! I'll have to make sure I update before I play again.

The release notes seem to cover lots of specific crashes, but I'd guess my issue is more generally that if it's trying to shoe too much stuff on the screen (like a crowded city) then it crashes. I have turned the graphics settings right down and it happens less, but still happens at least once each time I play. I'm keen to check out that patch and see if it helps. Thanks for letting me know about it!

[–] [email protected] 3 points 2 months ago (1 children)

Oh, tough one. I don't know what's that protocol. But I guess it's not tied to WiFi. So, How about getting a cheap ethernet switch? That's how I connect devices in my living room to the router given by ISP that's on the other side of the wall.

[–] [email protected] 1 points 2 months ago

The laptop is connected via WiFi (to an access point directly next to me), I don't have a LAN port for it at the moment.

The desktop is connected via ethernet.

Normally Steam will let you reconnect to a game that's already playing, but I don't seem to have that option. It's like it forgets it's running.

[–] [email protected] 2 points 2 months ago (2 children)

How do I configure my Linux, on a laptop, to consume as little battery as possible?

A bit of context: one of my laptop ran Ubuntu, with acceptable battery drain (up to 3h30 of usage, running desktop applications: Firefox, terminal, vim, etc). This is a high-end laptop: 12 AMD Ryzen + AMD Rembrandt.

I switched to open use, and now battery drains in one hour, running the exact same applications. Installed tuned, selected power save, tried power top, applied different parameters, etc, but no result: battery still dies after 1h. No improvement at all.

I am going to investigate on my own, but any help is greatly appreciated.

[–] [email protected] 3 points 2 months ago

I assume this is an old laptop? If you're able to remove the battery, as in the old models, you can measure it's full milliamperes when at a 100%. It's probably going to show a lower value than what's reported by the user guides. From what you tell, I'd expect something as low as 1.5k... Beware that removing batteries with tools and so on might make them explode and is many times, just not an option.

Perhaps you can even see this in the BIOS. Some modern BIOS might even tell the number of charging cycles, allowing you to infer it's worn out. Chances are, you need a new battery. Which is tricky, since oftentime the "new" battery was sitting at some store but was manufactured by the company when the laptop model was fresh.

[–] [email protected] 2 points 2 months ago

Switch the kernel power governer to power saver

[–] [email protected] 2 points 2 months ago (1 children)

I want to run PipeWire as a system user and have multiple login users access it. My current hack is to run it as one login user and then do something like:

export XDG_RUNTIME_DIR=/run/user/1001

Where 1001 is the user ID. Is there a cleaner approach?

[–] [email protected] 1 points 2 months ago

You could utilize the server/client functionality over the local network instead of using the same process.

So you could point the other users to the machine's local address and they would automatically find the Pipewire server. Maybe? I guess? It's just a theory.

https://wiki.archlinux.org/title/PipeWire#Sharing_audio_devices_with_computers_on_the_network

This thread seems to have what you're looking for.

https://bbs.archlinux.org/viewtopic.php?id=265878

According to the thread, its possible to provide system-wide usage by enabling this option at build time:

-Dsystemd-system-service=enabled

Or it seems like you could share it over the local network by editing the Pipewire config file and making an environment variable. (See post #5.)

Or you could

Just add the "player" user to the "audio" group

according to post #8.

Note: it seems like Pipewire runs on port 4713. So the server would run on 0.0.0.0:4713, I guess.