/dev/zero

On the heels of my raving about Gentoo, I find that while from and administrative perspective I like it, from a user perspective? Not so much.

I have two workstations at work. One is a Celeron 1.7ish, 1.5GB of RAM, running Windows XP. The internal web sites we use tend toward lots of javascript, plus another application that sucks up resources. Thus Firefox, when viewing our ticket system, our order database system and our server locator / user database system was running very sluggish.

I managed to acquire a second desktop, a P4 1.8Ghz, 1GB RAM system, on which I intended to install Linux. When I got that far, I installed Gentoo, running Xfce4, as a learning exercise. Everything went beautifully. Once I got Firefox and Thunderbird installed, I moved all my work that that system, using the Windows box only for the non-web based application that only has a Windows client. And since the speakers are hooked up to that system, I left Pidgin there as well.
The performance of Firefox on the Linux box is barely a marginal improvement.

My personal laptop, however, a Centrino 1.6 with 512MB of RAM running Ubuntu 7.10 and Gnome, running all the same web sites is at least 3x more responsive.
I even made sure I had exactly the same addons installed on the two Linux systems. By all lights, the Gentoo box should be smoking the laptop.

It’s got a faster (model) processor.
It has a faster (clock rate) processor.
It has 2x the RAM.
It’s got an “optimized” OS installed.
It’s running the light-weight Xfce4 window manager, compared to Gnome’s (and all the other bells and whistles I’ve installed) bloat.
The only thing I can figure is there’s something about the default compile settings Gentoo uses when building Firefox.

I must remember to reboot the Gentoo box and check if Hyperthreading is turned off in the BIOS. I’m running an SMP kernel but only seeing one CPU. I also need to check if a P4 1.8 has HT support…

I’m quickly becoming a fan of Gentoo.
I don’t think it will be replacing Ubuntu on my laptop, but I’m finding that for a “source based” system, it’s very easy to use. It doesn’t install anything you don’t absolutely need until you specifically ask for it, but when you do, it’s pretty painless. You just have to put up with it taking a little longer than other distros to get installed, since it has to download the source, then compile it.

While I get back into the swing of blogging from a fairly long hiatus, I thought I’d start with something useful I discovered a while back, but that has recently shown just how really cool and useful it is.
With ssh connection mastering, you can open multiple sessions to a single host. Once you have satisfied all the authentication / authorization requirements of the host to log in the first time, as long as you have a master connection open, logging in additional times not only doesn’t require going through authentication again, it’s much, much faster.

For example, where I work, we SSH to a single server, we’ll call it jupiter, a “bastion host” if you will, from whence we can make ssh connections to any of our client’s servers. All our client’s servers have our public key in the root authroized_keys file, and all technicians on jupiter can ssh using the private key associated with that public key. To log into jupiter the technician must enter his RSA SecureID pin and rolling key.

If you’ve never used SecureID, it is a “two factor” authentication system. Two factor authentication basically means to log in, you must present both something you know (thus it can’t be taken away from you by force, though you can be coerced into revealing it) as well as something on your person. In this case the “something you know” is your PIN, which doesn’t change. The “something on your person” is the 6 digit number displayed on the SecureID token. This is more secure than a simple password or PIN in that you must have both that and a physical device that displays a constantly changing number. Either one by itself is insufficient authentication to log in.

So getting back to jupiter, to ssh to this server we use SecureID authentication. This means we must ssh to the server, wait while ssh negotiates keys and does any DNS foo the server wants to do, type our PIN, then dig out our token and enter the displayed number, then wait while jupiter checks with our SecureID server to verify the numbers entered.

Using the ssh connection mastering technique I’ve linked to, you only have to do this once. As long as that original connection is open, you can open another terminal window, or even a virtual terminal, and ssh to the server and be in, instantly. No delays for ssh key exchanges, DNS lookups SecureID. You don’t have to enter your PIN and token again. You’re just in. This is very useful if you have to log into multiple client servers at once.
Just don’t tell the security admin.

For some reason the trackback link isn’t showing up in the blog. The link referred to above is
http://www.newartisans.com/blog_files/ssh.connection.mastering.php