Archive for February, 2012

שרכים על הקיר

Thursday, February 23rd, 2012

צילום בלילה עם פלאש:



Definetly the weirdest LDAP management tool

Tuesday, February 21st, 2012

Its called ldapvi, and its just about what you’d expect with that name :-). The author would like you to think about it as vipw for your LDAP based authentication, and in addition to a few command line option it really isn’t much more then that (UI-wise):


Nvidia Optimus on Ubuntu 12.04

Sunday, February 19th, 2012

Nvidia Optimus is a neat solution to the problem of power consumption vs. 3D performance in notebook computers – the computer comes with two graphics chips, an “integrated graphics package” – the Intel GMA embedded graphics and a “discrete graphics package” – the Nvidia chip. The setup works by running your normal windowing UI on the integrated graphics, only powering on the discrete graphics when you want to play a 3D game or something like that.

Recently I had the fortune to work on a Lenovo T420 laptop(1) that has this setup, and it works very well on MS-Windows with the Nvidia Optimus driver – you get battry life around 10 hours with the 9 cell battery.

Unfortunately I spend most of my day in Linux and because Nvidia does not support Optimus on Linux, you have the poor choice of either running everything on the Nvidia chip – decreasing battery life to around 4 hours if you’re careful, or disabling the Nvidia chip completely.

The solution comes from the Bumblebee project – a software suite to handle the switching between the Nvidia discrete graphics and the embedded Intel chip.

The setup is pretty simple to understand (though I suspect under the hood there are many problems to be solved): A service runs and waits for users to ask for 3D accelerated graphics. When a user starts a program using the special command optirun, the service loads the Nvidia driver, starts an X server using the discrete graphics (with the display disconnected from the actual screen) and runs the specified program on that “background” X server. Then it copies the visuals from the program that is rendered using the discrete graphics to a window on the main X server. When the program terminates, the service closes the secondary X server, removes the driver and powers down the graphics card – putting us back into the ~10 hours battery life.

The Bumblebee software had some problems in the past, but the current version – 3.0 – looks very good. There are a few seconds of delay when you launch the application (setting up the driver and X takes some time), but performance is about what you’d expect when running directly on the hardware. All this without any configuration – that is if you are running on the stable Ubuntu version.

As I can’t leave well enough alone, and whenever someone says “alpha”, I say – “I wants”, I’m running the current Ubuntu 12.04 alpha (which is not so bad – due to be released in a couple of months, it works very well). And of course Bumblebee doesn’t work properly here.

So this is what I had to do to get it running:


  1. with an amazing 1600×900 screen, what they call “HD+”. Truly a work of art []

LDAP authentication on Fedora 16 (and why it sucks)

Thursday, February 16th, 2012

In my company we (still) use an Active Directory domain controller to manage central authentication(1), which is not set up very well – no SSL and the Kreberos setup is not done properly. This makes gives much trouble to modern Linuxes (e.g. not Ubuntu. yes – I’m looking at you Shuttleworth.)  such as Fedora, as Fedora have done away with NSS/PAM based LDAP authentication and instead relies on SSS – which I have yet managed to get working or even find a tutorial on how to set it up properly.

So if you still want to authentication your Fedora installation against the company’s Active Directory – and can’t/won’t rely on Winbind’s notably flaky behaviour, you can always install NSS/PAM ldap authentication manually. Unfortunately its not as easy as it sounds, and as I learned the hard way – one must pay careful attention to SELinux. So here’s the recipe:


  1. there are a lot of MS-Windows workstation, so it kinds of makes sense – but we are planning to phase it out in favour of OpenLDAP, so don’t worry about it []

Spam prevention powered by Akismet