Tuesday, May 1, 2018

Cobalt Qube 2 / RaQ 2 Notes

I've had an old Cobalt Qube 2 in my possession since at least 2003 and I got my hands on an old Cobalt RaQ 2 sometime in 2007. These are cute ("qute"?) MIPS machines that (used to) work great as targets for my Compilers and Interpreters course. Sadly both boxes have been "out of commission" for a few years, but I recently decided that I want to run them again, the RaQ in particular. In the process I noticed that a few important pieces of Cobalt information are hard to find online these days, so this post is mostly a collection of notes for myself.

First here are two basic shots of the RaQ 2 in pretty much the state I received it in over 10 years ago. First note the lack of a cover for the power supply! You'll need to be somewhat careful working in here if you're worried about a capacitor zapping you.

Cobalt RaQ 2 Front

There is also a spot for a fan but apparently the power supply never gets hot enough because (as you can see in the next shot) that grate is actually covered by the Cobalt logo.

Cobalt RaQ 2 Back

The installed fan is incredibly tiny and in my RaQ 2 it doesn't sound particularly healthy anymore. I have not double-checked yet, but supposedly Cobalt used this SUNON fan for the RaQ 2. Sourcing an exact replacement fan has turned out to be difficult, but I've also found some ancient posts that claim that these machines don't really get hot enough to require a fan in the first place. I am leaving mine in for now, hoping that even if it fails it won't bring down the box with it.

Next topic: Failed battery. There's a CR2032 located on the main board next to the power supply. Sadly the thing has one of those dreaded sockets with an excessively tight retaining clip on top. You're supposed to "lift the clip" and then slide out the battery, but of course in the process of doing that the entire thing just "ripped off" the mainboard. To add insult to injury, a solder pad came off as well, complete with the attached copper track of course.

Socket and copper track, yikes!

Witness the complete destruction on the mainboard:

Battery connector destroyed.

The lesson here is either that I am incapable of treating a piece of history with the required tenderness or that one should just leave good enough alone. Good enough? Well it turns out that the machine works perfectly fine with an empty battery. Better yet, it works perfectly fine even with a ripped out battery. So luckily I did not actually destroy the entire machine with this horrible mistake. If I ever decide to give my Qube 2 the "same" treatment, I'll desolder the entire battery socket instead and replace it with a less insane one.

To be continued... :-)

Saturday, January 27, 2018

Unlock LUKS Remotely on Ubuntu 16.04 LTS

I reinstalled my little server at work. It had been running the same Gentoo setup since 2008 (!) but in December 2017 the Gentoo folks finally managed to produce a convoluted enough update to completely hose the darn thing. Well, not "hose" as in "disaster" of course: I got all the data off safely and I could even leave it running over the holidays while I was away in Germany. But in preparation for the Spring 2018 semester it was necessary to "start from scratch" as it were.

Upset enough with Gentoo I decided to go completely the other way and do a minimal Ubuntu 16.04 LTS install. I also used this opportunity to finally add full-disk LUKS encryption to my setup. Not that it makes much sense (the server runs 24/7 so it's basically always decrypted) but what the heck, this is how you're supposed to set up your server, right? And instead of going for ZFS or btrfs (which is what I used on my new home machine), I went "retro" one last time:

  1. Partition the disks into one "small" boot partition and one "large" data partition.
  2. Use mdadm to create a RAID-1 boot and a RAID-10 data array.
  3. Use cryptsetup to LUKS-encrypt the "huge" data RAID array.
  4. Use LVM to create swap, root, and various home volumes in the encrypted RAID.

Great! But now I had a problem. You see, every now and then we actually have a power outage. (I know it's weird, but since we're not the hospital we apparently don't get to have a redundant power grid.) I might not be around to reboot the machine manually, but students want to submit their homework assignments. And I don't like giving extensions. So what to do?

Enter the recent dropbear-initramfs package! This thing is supposed to integrate a tiny dropbear SSH server into the early root filesystem, enabling "remote unlocking" of the encrypted RAID array. And it almost works. First the easy parts:

  1. apt install dropbear-initramfs (and ignore the error message)
  2. mkdir -p /etc/initramfs-tools/root/.ssh/
  3. Put your SSH keys into /etc/initramfs-tools/root/.ssh/authorized_keys
  4. update-initramfs -u

Now when the machine boots up, it'll still ask for a passphrase on the console, but it will also start the dropbear SSH server. In theory you can ssh in as root at that point and run the unlock script, but that didn't work for me. What did work, however, is to echo the passphrase directly to the FIFO created by cryptsetup:

  1. ssh root@server
  2. echo -n passphrase >/lib/cryptsetup/passfifo
  3. exit

At this point the encrypted RAID will come up and the boot process will continue, just as if you had typed the passphrase at the console. I am positive that they'll eventually fix the scripts, but for now I am just happy that I was able to make it work.

Note that it's convenient to run dropbear SSH and the regular OpenSSH on different ports to avoid getting loads of useless warnings when connecting. It's also just good sane practice if you want to keep the number of script kiddies trying to get into your server down to a minimum. Yes, security through obscurity is bad, but it's only really bad if it's your only approach. Happy remote booting!

Friday, October 13, 2017

Buying an Old Thinkpad

I've recently been bitten by the theoretical Thinkpad bug. That is, I can see the attraction of these machines but I have no practical experience with them, especially not with the weird red dot on their keyboards. I also hate my current Lenovo laptop with a passion, so spending a lot of money without knowing if I'll like the machine seemed ill-advised indeed.

The good news is that the entire Thinkpad line seems to thrive on a myth of "eternal stability" meaning they simply don't change much (on the outside anyway) from year to year. So I figured I should just buy an older model for less money and see how it handles. If I end up liking it, I'll eventually shell out the dough for a new one.

I am obviously not the first person with that idea. Here's a reddit page that explains why older Thinkpads are a great way to go and there's even a buyer's guide specifically targetting older machines. So this post is less about pitching the idea of older Thinkpads and more about my own deliberations on which old model to get.

I decided to play the role of a "serious" user so the only Thinkpads I even considered were the T series and the X series. The strange sliver of my personality that made me an Apple fanboy back in the 1998-2004 time frame is immensely attracted to the X series. Thin, light, compact, sexy, wow! However, the newly discovered grown-up in me tends to prioritize things differently. I need a machine that I can work on comfortably for hours at a time which means I need a big display, good hand rests, a spacious keyboard, etc. If I really fall in love with Thinkpads during this experiment, no doubt I'll eventually own an X series product as well. But for now I'll stick to the T series.

Within the modern T series we have the bigger T5xx models (15.6" display, numeric pad) as well as the smaller T4xx models (14" display, no numeric pad). This is sort of a toss-up for me: A larger display is nice, but a numeric pad is completely useless. In terms of weight we're looking at 4.5 to 6 pounds for T5xx machines versus 3 to 5 pounds for T4xx machines (across the 2008-2017 time frame that is).

Just looking at the numbers above I couldn't really make up my mind until I remembered that my current Lenovo laptop is in the T5xx class when it comes to size and weight. And I have to admit that something a little lighter would be a lot nicer to carry around. So the entire T4xx line qualifies, but only the relatively recent T550, T560, or T570 models are light enough in the T5xx line. The crappy current laptop also helped me determine my "historical" cut-off point: I have a 2012 laptop now and I don't want to go earlier than that in terms of technology.

So now I am left with the T430-T470 as well as the T550-T570 in terms of my various criteria. But wait, the whole point was to buy an older, cheaper Thinkpad! That narrows the field further to just three realistic categories:

  • 2012: T430, T430s, T430u
  • 2013: T431s, T440, T440s, T440p
  • 2015: T450, T450s, T550

So I started looking into all these models and the first thing I noticed was that the T431s and all the T440 models have a very different trackpad setup from the rest (and indeed from all Thinkpads before and since). That takes all of these machines out of the race as well, after all I want to have a "true Thinkpad experience" and not some strange aberration that only existed for a brief instant.

For the remaining models, I decided to read all the in-depth reviews I could find. But after doing that for a while, I realized that there's really only one review site worth reading, so here are the links to all those reviews, followed by my own comments:

  • T430: The i7 tends to run hot at 55C. Granted, only under load, but I don't like the idea of a runaway computation setting my couch on fire. So it's out.
  • T430s: The i5/620M tends to run warm at 43C, the i7/4000 tends to run warm at 46C, neither of which is terrible. Despite being smaller and lighter than the T430 this thing still has an optical drive bay, something I like. Depending on condition and features, these ran between $170 (crappy) and $400 (like new).
  • T430u: The i5 tends to run warm at 45C. It's the only older model with HDMI, a big plus in retrospect. However, it's also the one model with only a fixed battery and that's a big minus. But worst of all the screen is terrible, so it's out.
  • T450: The i5 tends to run warm at 47C and I'd be okay with that. What I wasn't okay with is that these started at $520 which I deemed too expensive.
  • T450s: The i7/5500 is a dream and runs cool at 36C even under load! The i5/940M on the other hand runs hot at 52C which is too much for me. Alas it didn't matter, also too expensive at $600+.
  • T550: The i7 tends to run cool at 39C. Sadly most of these were also very expensive ($750+), the only affordable one I could find (at $379) had a locked BIOS.

I am obviously a little obsessed with temperatures. Everybody has their thing and I've had plenty of "laptop too hot for my lap" experiences that I don't care to repeat.

You can probably guess that I finally settled on the T430s for my experiment. The one I ordered was a little more expensive than I had hoped for ($265 instead of $250) but that's close enough. What convinced me in the end was that the seller actually wrote a long reply, covering all the details that were important to me.

Once it gets in, I'll try to do another post (maybe with pictures) about the machine and then it's on to actually testing it by replacing my current laptop for a week or three of lectures. Oh, and I need to order an HDMI adapter because we mostly have HDMI at Johns Hopkins these days.

Playing id Classics on Linux

Just for reference since I've been going through a somewhat extreme retro-gaming phase lately. Of course you'll need the actual game data for all of these. Luckily I have old CD-ROMs that still work fine (even though I of course have backups as well). The details for extracting the data vary, maybe that's a topic for a future post. But if you can extract it, here's what to run the games with:

  • DOOM, DOOM 2, ...: For the best "retro-feeling" I recommend Chocolate Doom. If your distro doesn't package it, just grab the source and build it yourself, it's not hard. Youngsters may not like it because it's designed to give you an "accurate" 1993 experience (pixels!), but that's how it's meant to be played so deal with it.
  • Quake, ...: The only thing I can recommend is the DarkPlaces engine. Don't get me wrong, it's an awesome effort and it does indeed look a lot better than the original. But my vintage 2009 graphics card actually has trouble keeping up which is a little sad for what is ostensibly a 1996 game. Alas, every other source port I tried didn't actually work, so... Also surprisingly easy to build, just grab the source and hit make. Just be prepared to wait a little longer than for the Chocolate Doom build.
  • Quake 2, ...: Even fewer choices for Quake 2, but luckily Yamagi Quake 2 is excellent and they didn't overdo it with the graphical polish. I can play this at full speed with all the options turned up and it looks more or less like it should. Once again a pretty easy build, just grab the source and boom there it is. One minor quibble: They don't have a command line flag to configure the base path, so if you don't want to throw the executable into your data partition you'll have to change two lines in the Makefile.

There you have it, the stuff I've been playing with over the last two weeks or so. Good clean retro fragging, who can resist? I may update this post with more details if there's interest, so leave a comment if you prefer another engine that I missed or if you can't get the above to work for you.

Sunday, July 23, 2017

Protecting Weaker Party Members

I am currently running a B/X game that started with the sentence "We've all decided to play magic-users!" from one of the players. Luckily my adopted variant of "3d6 in order" prevented that outcome and they're a pretty typical "murderhobo" party now: two magic-users, two fighters, one thief, and one blood-thirsty halfling with suspenders but no shirt. (There was a cleric, but that's another story.)

In any case, one of the players was "completely new" and of course I recommended that she play a fighter. I sold this mostly with "it's the easiest class to run" but also with "all those robes-and-silly-hats people will need protection" which is what me got thinking:

There is no "rule" in B/X that would allow a fighter to protect a magic-user or anyone else for that matter.

Seemed like something important to offer at the time, but looking around the many B/X house rule documents out there I couldn't find the problem addressed by anyone. Even Delta who has probably forgotten more D&D than I will ever know left me out in the cold on this topic (aside from mentioning the need to have lots of fighters to protect magic-users in mass battles).

I wanted a simple mechanic that would make the protected character "safer" in some way (benefit) while also "exposing" the protecting fighter more (cost). I quickly settled on two "ground rules" for this:

  • The fighter must be "close" (within 5' say) to the character they protect.
  • The fighter must be "aware" of an attack in order to protect against it.

I guess you could say that I am treating the fighter as an "intelligent shield" of sorts? That approach seems fair to me because I don't want a fighter to simply throw themselves over the character they are trying to protect. I very much want "protector" and "protectee" to still be "in combat" instead of changing the focus to a Secret-Service-style "Get him out of here!" and nothing else.

The simplest thing I could come up with was to simply let the fighter take the damage. So as a rule, I'd phrase it something like this:

Fighters can choose to protect one character within 5' of them. If the protected character gets hit by an attack the fighter is aware of, the fighter can choose to take the damage instead.

Not too shabby in terms of simplicity, is it? But as always the "devil" is in the details. First of all this conveys almost complete immunity to the protected character. But the goal was to make them "safer" only, not "safe". In other words, I still want the magic-user to worry about maybe having their spell interrupted. Also we have reduced the fighter to an actual meat shield ("bag of hit points") and nothing else: Regardless of how good their AC is, they now get skewered because of the (presumably) much worse magic-user AC. That's not fun at all for whoever is playing the fighter. Finally, if we have multiple fighters protecting one character, the "immunity" could actually be complete and it could go on for a long time indeed. This may work great for Delta's mass combat scenario, but on the "party in a dungeon" scale I wouldn't want to deal with it.

So instead of letting the fighter take all the damage, let's try to do something about getting hit in the first place. Here's what I came up with next:

Fighters can choose to protect one character within 5' of them. Attacks against the protected character that the fighter is aware of suffer a -8 penalty. Attacks against the fighter, however, gain a +2 bonus.

The numbers are subject to debate of course, but this seemed fair to me. Presumably the kobold archers trying to hit the magic-user would notice that the fighter brushed away all their arrows, so next round they'd redirect their fire. But as so often when you design a rule with fixed penalties/bonuses, there's an exploit: Two or more fighters protecting each other would impose a -6 penalty against most attacks, clearly not the application that was intended. Except for that terrible flaw, however, we would get the desired effects: The protected character still has to worry about getting hit, and the fighter now makes for an easier target because they are "out there" trying to distract attackers.

What finally made me think of a better solution is this: With the fixed penalty, a naked fighter could protect a character in plate and shield. That makes no sense! What should happen instead is something like this:

Fighters can choose to protect one character within 5' of them. Attacks against the protected character that the fighter is aware of must hit the fighter's armor class instead (provided that armor class is better). Any damage is still suffered by the protected character. Attacks against the fighter also gain a +2 bonus.

I am reasonably happy with this rule. It's a little more complex, but not overly so. It does allow protecting weaker party members if they have a worse armor class, but it doesn't make them (almost) completely safe. It also has no obvious exploit that I can think of, mostly by virtue of letting the better armor class prevail. I'd also say that a spell like Protection from Normal Missiles cannot be used with this rule as it doesn't affect armor class, but your mileage may vary.

I've added the last version as a house rule to said B/X game, but after two sessions so far it has not seen any use yet. Admittedly the characters were not really in situations where it made much sense to try yet, but here's to hoping someone will attempt it sometime soon. In the meantime, I'd love to hear what everybody out there thinks of what I did here.

BTW, I am aware of the 5th edition Protection Fighting Style thing but it's just too horribly complicated and too far from B/X to try to convert. It's interesting however that the 5e folks also thought that the "big fighter protecting small magic-user" trope needed "a bit more rule" behind it.

Thursday, December 29, 2016

Editions of Armor Class Part 1: No Armor

A few weeks ago one of Zenopus' excellent posts made me think about "armor class" in D&D again. On Google+ I even commented "I like that booklet too, but I really couldn't care less about AD&D armor classes. The original system just makes so much more sense. I feel a blog post coming on..." Sadly life happened and I couldn't find the time to write about the crazy in my head then. But now that I am safely tucked away in Germany for my year-end vacation, I figured I'd give it a quick shot.

Disclaimer: In true grognard-style I shall only consider "descending armor class" in the following. I don't care about "ascending armor class" systems, especially since the usual "selling point" of those doesn't apply once you use Delta's Target20 mechanic.

Let's begin with the classic AC 9 versus AC 10 debate: Should an average character who is not wearing any armor be AC 9 as OD&D, B/X, and BECMI profess, or AC 10 as AD&D wants us to believe? For me, any answer that doesn't immediately consult the combat tables is of a purely religious nature. It really doesn't matter whether we start at AC 9 or AC 10, what matters is whether there's a difference in running a combat. Here I prefer the B/X (and to some extent BECMI) story:

Two average, unarmored, untrained, "normal humans" should have a 50% chance per round to hit (and most likely kill) each other.

I don't know about you, but that seems perfectly reasonable to me. It certainly shouldn't be more than 50% because that would imply skill where (by definition) none should exist. And if it was less than 50% things would just drag out longer.

If you consult the B/X Basic Set, page B27, you'll see that a "normal man" indeed needs an 11+ to hit AC 9, a chance of 50% on a d20 roll. Perfect! As for the "most likely kill" part: On page B25 we find that a successful attack does 1-6 points of damage (average 3.5) while page B40 explains that "normal humans" have 1-4 hit points (average 2.5). Death incarnate!

In the BECMI Expert Set (but not the Basic Set, go figure!) we find the same "11+ to hit AC 9" for "normal man" on page 29; alas the BECMI Basic Set says that "normal humans" have 1-8 hit points (average 4.5) so things are a little less deadly (never mind the other problems this change causes, sigh).

What about OD&D? On page 19 of "Men and Magic" we find (perhaps surprisingly?) that "normal men equal 1st level fighters" which means they only need a 10+ to hit AC 9, a chance of 55% on a d20 roll. Granted, it's only a 5% difference, but that seems wrong to me. Why would an untrained combatant have the same skill as a trained one?

AD&D does away with "normal men" for the most part, replacing it with the notion of "0 level" characters (for which only humans and halflings qualify?). AD&D also recalibrates to AC 10 for "no armor" of course. Well, at least starting in the Player's Handbook it does, the Monster Manual seems to be written to the original AC 9 for "no armor" instead. But at least Gary manages to stay somewhat true to my B/X story: On page 74 of the Dungeon Master's Guide we learn that "0 level" characters need 11+ to hit AC 10, a chance of 50% on a d20 roll again. Of course average hit points are "off" as in BECMI, see page 88 of the Dungeon Master's Guide.

So then... What should "no armor" be, AC 9 or AC 10? As I said before, it doesn't matter! B/X (and to a lesser degree BECMI and even AD&D) get it "right" as far as I am concerned, only OD&D has it "wrong" since it doesn't distinguish trained from untrained combatants.

Of course there is one difference after all: I strongly prefer single-digit AC values, and so in the final analysis, AD&D is out. But I have to admit that this preference is mostly "religious" as well, not truly "technical" as it were. True, Target20 is easier with single-digit AC values, but since that's not a standard mechanic I can't really use it to "rationalize my irrationality" too much. Does "neater table layout with single digits" count?

Friday, October 14, 2016

The S.M.A.R.T. Overflow

Before today, I didn't realize that S.M.A.R.T. has overflow issues. I should say that I spent most of yesterday replacing three disks in my home machine's RAID-10, so I constantly was using smartctl to double-check stuff. So when I got to work today, I poked around the disks in my server. And I noticed this:

SMART Self-test log structure revision number 1
Num  Test_Description ... LifeTime(hours) ...
# 1  Short offline    ... 2484            ...

# 2  Short offline    ... 2469            ...
# 3  Short offline    ... 2445            ...

This made absolutely no sense, because I knew that most of the disks in there were certainly older than a few months. After some digging, I came to realize what the problem is:

SMART Self-test log structure revision number 1
Num  Test_Description ... LifeTime(hours) ...
# 1  Short offline    ... 1276            ...
# 2  Short offline    ... 62136           ...
# 3  Short offline    ... 61776           ...


The actual value for Power_On_Hours is 66812 for that disk. Let's subtract 1276 from that and what do we find? 65536 of course. So the life time recorded with each self-test is apparently an unsigned 16-bit value, whereas the total hours recorded for the disk itself is stored as something bigger. Here's to hoping that people who write scripts telling them which disks to swap are aware of this...