450. Tor and Chrome on Debian

Note:
* For the Tor bundle see http://verahill.blogspot.com.au/2013/05/408-briefly-tor-on-debian-quick-option.html
* For securing your dropbox, see http://verahill.blogspot.com.au/2013/04/398-securing-your-dropbox.html
* For encrypting your filesystem with encfs, see http://verahill.blogspot.com.au/2013/05/408-briefly-tor-on-debian-quick-option.html
* For one-time passwords (OTPW), see http://verahill.blogspot.com.au/2013/04/385-otpw-connecting-from-insecure.html
* For encryption in general using PGP/GPG, OTR, SRTP for chat, email, voice and video, see http://verahill.blogspot.com.au/2013/04/381-encrypting-chat-voice-video.html
* For truecrypt with dropbox, see http://verahill.blogspot.com.au/2012/04/using-truecrypt-with-dropbox.html

Post begins:
I think it's fair to say that online privacy is in the spotlight again, temporarily,  in particular if you are not living in the US. After all, the rest of the world is offered no protection from US agencies.

There are two levels of snooping that (can) go on:
Case 1:  outright intercept of communications
In this case your emails are read, your browsing data is intercepted and your phone conversations tapped. This is the most intrusive form, and I think even in the US a warrant is required for the intercept of this type of data (whether that's too easy of difficult to get is another question entirely).

Case 2: mining of 'meta-data'
In this case data such as recipient/sender of emails, URLs that you've been visiting, and whom you have been calling/called by are collected. In addition, e.g. cell phone tower records can be collected to track your whereabouts 24/7.

While the contents of your conversations isn't known, your entire social and professional life can be charted.
As far as I understand this is what NSA has been engaging in. Likewise, knowing exactly where you are at any given point in time, a pretty detailed picture of your life can be painted.

Begin Rant
I don't have anything to hide, but I am not too keen on the government having better records of my life than I do myself. And I should be the one deciding what to share as long as the presumption of innocence holds.

Also, we're making the presumption that the government is benign, and as has been shown repeatedly, it isn't always. That goes for the US government, the UK government and just about any bloody imaginable government, and for a simple reason: the government is made up of people. In particular people who are keen on 'leading' i.e. controlling others. Even a benign despot is a despot.

There's no use being naive -- in either direction. There are legitimate reasons for clandestine organisations wanting to mine data, and there are legitimate reasons for why we should not give them a carte blanche.

Whether you use PGP/GPG or not won't affect the mining of meta-data. Nor will OTR, although it might in theory give you a somewhat better level of deniability (but not really).

Using PGP/GPG, OTR and encryption of data in general will only protect the content of your conversations, not the fact that they occurred. Not that it's easy getting people to start using encryption of their email, especially not since hotmail and gmail provided the final push into getting people to do all their email processing in the browser rather than using a more capable email client. Obviously Google would not be pleased if all communication was PGP encrypted, since this would create issues with targeted ads.

Finally, what really irks me is the fact that because John Doe won't use encryption -- or learn how to do it -- I also cannot use it. Instead we have to play according to the rules of the least technologically informed.
End Rant

Anyway. There are a few things you can do -- at least to make you feel better. Whether they have any real impact on your privacy depends on what other sources of information leakage there are in your life.

The simplest thing you can do is to do all your browsing anonymously, including setting up and checking your email. And the easiest way to do that is by using Tor.

It's easy enough to use the Tor Bundle, e.g. http://verahill.blogspot.com.au/2013/05/408-briefly-tor-on-debian-quick-option.html

However, I for some forsaken reason like using Chrome.

To set up Proxy SwitchySharp I'm following this post:
http://lifehacker.com/5614732/create-a-tor-button-in-chrome-for-on+demand-anonymous-browsing

NOTE: there are many layers to managing your privacy, and you're only as anonymous as your worst habits allow you to be. I'm a pessimist -- I think it is virtually impossible to protect yourself against a determined adversary. However, trying won't hurt.

---

Step 0. Block cookies by default and install an ad blocker

Cookies
Pretending to be anonymous won't help if you give the game away by exposing cookies that you acquired while surfing without Tor.

You'll be surprised how many websites require you to accept cookies -- however, it's up to you whether you want to put up with that. I only allow cookies with services that I've signed up to and that I trust. I refuse to allow in particular commercial sites to require cookies for me to simply visit.

In Chrome, go to Settings, Content Settings, and check:
* Block sites from setting any data
* Block third-party cookies and site data
* Clear cookies and other site and plug-in data when I close my browser

Disable:
* Allow local data to be set

You may want to restrict e.g. image loading, javascript, pop-ups, plugins etc. as well. It's down to you to weight inconvenience vs privacy.

Set Cookie and Site Data exceptions manually, and make sure to distinguish between Session Only and Allow.

Ads
Also, install e.g. simple adblock:
https://chrome.google.com/webstore/search/simple%20adblock

---

Step 1. Install the HTTPS everywhere extension
https://chrome.google.com/webstore/search/https%20everywhere?hl=en-GB

---

Step 2. Install Proxy SwitchySharp
https://chrome.google.com/webstore/search/proxy%20switchysharp?hl=en-GB

Set up a profile called Tor to use SOCK 5 with 127.0.0.1:9050

Go to the General Tab and enable Quick Switch.
Make sure to drag both Tor and Direct Connection into the Quick Switch field.

---

Step 3. Install Tor and Vidalia
Add the following to your /etc/apt/sources.list

deb http://deb.torproject.org/torproject.org wheezy main

Then do

sudo apt-get update
sudo apt-get install deb.torproject.org-keyring
sudo apt-get update
sudo apt-get install vidalia

Tor should run in the background whether you start Vidalia or not.

---

Step 4. Prevent DNS leaks:
[for fun, do

sudo apt-get install tcpdump
sudo tcpdump -pni eth0 'port domain'

before turning off prefetching. ]

To make sure that your DNS requests aren't being read (i.e. providing meta-data to your ISP), you will need to turn of DNS pre-fetching in Chrome.

Google is sneaky about it though -- to turn off prefetching go to Settings/Under the Bonnet and uncheck "Predict network actions to improve page load performance".

[If you set up tcpdump before you'll see how suddenly the IPs and URLs stop streaming by.]

---

Step 5. Start Tor/Vidalia
You don't seem to be able to launch Vidalia from the terminal, so launch Vidalia from within e.g. gnome.
In fact, you probably don't have launch vidalia as Tor should be run in the background.
Then open Chrome and navigate to e.g. whatsmyip.org or ipchicken.com:

You can turn on and off the proxy by clicking on the icon in the top right corner.

---

Step 6. Enable private browsing:
You don't want to risk one website being able to see what another website left behind. It shouldn't happen, but it has happened in the past.

Anyway, it's easy: open an Incognito window (ctrl + shift + N).

---

Done.
As far as I can tell this should give you some privacy. However, the question is how effective this is in the long run since it's difficult to maintain enough discipline to prevent any information leakage to occur.

436. Miramath on debian

For no particular reason (well, because of this: http://forums.debian.net/viewtopic.php?f=10&t=104566) here's a very brief how-to to get miramath up and running. There may well be more packages required and which I had pre-installed. The pre-built miramath binaries don't work on debian jessie, but since this is python...well..Anyway:

First compile and install PyQwt-Polar. It takes quite a while. Note that there's a conflict between PyQwt-Polar and python-qwt5-qt4 which may potentially be serious. A side-effect of this is that you can't build a proper package, since dpkg would detect this conflict (hence the make install). What this means is that PyQwt-Polar will over-write files installed by the python-qwt5-qt4 files i.e. A potentially Bad Thing.  Consider setting it up in a chroot.

There's another reason why I wouldn't recommend miramath for serious work at the moment -- it is in pre-alpha and the degree to which is it maintained isn't entirely clear to me. For scientific work, use octave and maxima, which are well-maintained and have been around for ages.

The flip-side of this is obviously that there's no harm in checking out a new and interesting piece of software, and presumably no-one is preventing you from contributing. Anyway. The main reason for checking this out was the debian forum post referenced above.

I did this on Debian Jessie, but it should work on Wheezy as well.

sudo apt-get install python-sip-dev python-qt4-dev python-scipy python-qt4-gl python-sympy python-ply python-qwt5-qt4 python-qwt3d-qt4 python-guiqwt python-dev libqwt-dev libqwt5-qt4

mkdir ~/tmp/
cd ~/tmp
wget http://ufpr.dl.sourceforge.net/project/miramath/PyQwt-Polar/PyQwt-Polar-5.2.0.tar.bz2
tar xvf PyQwt-Polar-5.2.0.tar.bz2
cd PyQwt-Polar-5.2/
cd configure/
python configure.py -Q ../qwt-5.2
make
sudo make install

Then continue:

wget http://waix.dl.sourceforge.net/project/miramath/Release%20Tarballs/miramath0.020.tar.bz2
cd ~/miramath
sed -i 's/sympy.abs/sympy.Abs/g' symbolics_init.py
chmod +x main.py
./main.py

433. Wine 1.5.31 on Debian

Here's a generic way of building wine which works for 1.5.31 (and 1.5.28 and everything in between except 1.5.31).

See here for information about 3D acceleration using libGL/U with Wine: http://verahill.blogspot.com.au/2013/05/429-briefly-wine-libglliubglu-blender.html

Getting started:
If you set up a e.g. chroot to build 1.5.28 before, you don't need to set up a new chroot to build 1.5.31. In that case, skip the set-up step below and instead re-enter your existing chroot like this:

sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32
su sandbox

cd ~/tmp

Setting up the Chroot

sudo apt-get install debootstrap
mkdir $HOME/tmp/architectures/wine32 -p
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:

apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Replace 'beryllium' with the name your host system (it's just to suppress error messages)

---

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it -- you don't actually need it):

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential

mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.31.tar.bz2
tar xvf wine-1.5.31.tar.bz2
cd wine-1.5.31/./configure
time make -j3
sudo checkinstall --install=no

checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran
           This software is released under the GNU GPL.


The package documentation directory ./doc-pak does not exist. 
Should I create a default set of package docs?  [y]: 

Preparing package documentation...OK

Please write a description for the package.
End your description with an empty line or EOF.
>> wine 1.5.31
>> 

*****************************************
**** Debian package creation selected ***
*****************************************

This package will be built according to these values: 

0 -  Maintainer: [ root@beryllium ]
1 -  Summary: [ wine 1.5.31]
2 -  Name:    [ wine ]
3 -  Version: [ 1.5.31]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ i386 ]
8 -  Source location: [ wine-1.5.31 ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ wine ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

---

Installing Wine

Exit the chroot

sandbox@beryllium:~/tmp/wine-1.5.31$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$ 

On your host system
 Enable multiarch* and install ia32-libs, since you've built a proper 32 bit binary:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

*At some point I think ia32-libs may be replaced by proper multiarch packages, but maybe not. So we're kind of doing both here.

 Copy the .deb package and install it

sudo cp wine32/home/sandbox/tmp/wine-1.5.31/wine_1.5.31-1_i386.deb .
sudo chown $USER wine_1.5.31-1_i386.deb
sudo dpkg -i wine_1.5.31-1_i386.deb

---

Links to this post:
http://appdb.winehq.org/objectManager.php?sClass=version&iId=19141&iTestingId=79415&bShowAll=true

431. Briefly: a crude comparison of performance of NWChem 6.1, 6.1.1 and 6.3.

Just a simple comparison of different versions of nwchem on different hardware. It's mostly interesting to myself as a general guide to how slow my nodes are in relative terms.

I built nwchem as shown here: http://verahill.blogspot.com.au/2013/05/424-nwchem-63-on-debian-wheezy.html
and openblas as shown here: http://verahill.blogspot.com.au/2013/05/423-openblas-on-debian-wheezy.html
and installed acml as shown here: http://verahill.blogspot.com.au/2013/05/422-set-up-acml-on-linux.html

I'm using ECCE: http://verahill.blogspot.com.au/2013/01/325-compiling-ecce-64-on-debian-testing.html
and SGE: http://verahill.blogspot.com.au/2012/06/setting-up-sun-grid-engine-with-three.html
I've set up ECCE similarly to what is shown here: http://verahill.blogspot.com.au/2012/06/ecce-in-virtual-machine-step-by-step.html

---

Test job:

scratch_dir /scratch
Title "opt freq"

Start  biphenyl_cation_twisted

echo

charge 1

geometry autosym units angstrom
 C     0.00000     -3.56301     0.00000
 C     -1.13927     -2.85928     -0.393841
 C     -1.13879     -1.46545     -0.394153
 C     0.00000     -0.742814     0.00000
 C     1.13879     -1.46545     0.394153
 C     1.13927     -2.85928     0.393841
 C     0.00000     0.742814     0.00000
 C     1.13879     1.46545     -0.394153
 C     1.13927     2.85928     -0.393841
 C     -1.13879     1.46545     0.394153
 C     0.00000     3.56301     0.00000
 C     -1.13927     2.85928     0.393841
 H     0.00000     -4.64896     0.00000
 H     -2.02827     -3.39662     -0.711607
 H     -2.02148     -0.928265     -0.727933
 H     2.02827     -3.39662     0.711607
 H     2.02827     3.39662     -0.711607
 H     -2.02148     0.928265     0.727933
 H     0.00000     4.64896     0.00000
 H     -2.02827     3.39662     0.711607
 H     2.02148     0.928265     -0.727933
 H     2.02148     -0.928265     0.727933
end

ecce_print ecce.out

basis "ao basis" cartesian print
  H library "6-31G**"
  C library "6-31G**"
END

dft
  mult 2
  XC b3lyp
  mulliken
end

driver
end

task dft optimize
task dft freq numerical

---

Results:
The jobs were run using all cores available.

AMD Phenom II X6 1055T, 8 Gb RAM, Openblas. Six cores.

6.1    2461
6.1.1  2114
6.3    2044
6.3    2048**

**using MKL compiled with ifort (http://verahill.blogspot.com.au/2013/07/469-intel-compiler-on-debian.html).

AMD FX 8150, 32 Gb RAM, acml 5.3.1 (gfortran, int64, fma4) -- earlier versions of nwchem were compiled against different versions of acml. Eight cores.

6.1    1619s
6.1.1  1588s
6.3    1611s
6.3    1507s**

**using MKL compiled with ifort (http://verahill.blogspot.com.au/2013/07/469-intel-compiler-on-debian.html).

Intel i5-2400, 16 Gb RAM, openblas. Four cores.

6.1    1689s
6.1.1  1696s
6.3    1652s
6.3    1550s*
6.3    1498s**

*using Intel MKL (see http://verahill.blogspot.com.au/2013/06/465-intel-mkl-math-kernel-library-on.html)
**using MKL compiled with ifort (http://verahill.blogspot.com.au/2013/07/469-intel-compiler-on-debian.html).

AMD Athlon II X3, 4 gb RAM, acm 5.3.1. Three cores.

6.3    4818s 
6.3    4058s**

**using MKL compiled with ifort (http://verahill.blogspot.com.au/2013/07/469-intel-compiler-on-debian.html).

428. system-config-kickstart on debian

Don't know much about kickstart, but you can compile the redhat tool using the Canonical-patched sources. This is in response to this post: http://forums.debian.net/viewtopic.php?f=17&t=104286

Note that:
1. The Debian way to create pre-configured installations is using Preseed
2. Debian has python-pykickstart for those who want kickstart.
3. I haven't tested system-config-kickstart beyond making sure that it runs

Dependencies and preparation:

sudo apt-get install build-essential gfortran checkinstall python-all-dev cdbs debhelper quilt intltool python-central rarian-compat pkg-config gnome-doc-utils samba python-libuser libuser1 python-glade2 console-setup hwdata python-apt
sudo apt-get install isoquery
mkdir ~/tmp
cd ~/tmp

---

localechooser

cd ~/tmp
wget http://archive.ubuntu.com/ubuntu/pool/main/l/localechooser/localechooser_2.49ubuntu4.tar.gz
tar xvf localechooser_2.49ubuntu4.tar.gz
cd localechooser/
dpkg-buildpackage -uc -us
sudo dpkg -i ../localechooser-data_2.49ubuntu4_all.deb 

---

system-config-kickstart

cd ~/tmp
wget http://archive.ubuntu.com/ubuntu/pool/main/s/system-config-kickstart/system-config-kickstart_2.5.20.orig.tar.gz
tar xvf system-config-kickstart_2.5.20.orig.tar.gz
wget http://archive.ubuntu.com/ubuntu/pool/main/s/system-config-kickstart/system-config-kickstart_2.5.20-0ubuntu22.diff.gz
gunzip system-config-kickstart_2.5.20-0ubuntu22.diff.gz
patch -p0 < system-config-kickstart_2.5.20-0ubuntu22.diff
cd system-config-kickstart-2.5.20/
dpkg-buildpackage -uc -us
sudo apt-get install ../system-config-kickstart_2.5.20-0ubuntu22_all.deb

---

Edit line 46 in /usr/share/system-config-kickstart/packageGroupList.py

availparse = apt_pkg.TagFile(availfile)

ParseTagFile is deprecated in Debian, so you'll need to do a bit of impromptu patching:

sudo sed -i 's/ParseTagFile/TagFile/g' /usr/share/system-config-kickstart/*.py
sudo sed -i 's/availparse.Step/availparse.step/g' /usr/share/system-config-kickstart/*.py
sudo sed -i 's/availparse.Section/availparse.section/g' /usr/share/system-config-kickstart/*.py

Then start with

gksu system-config-kickstart

426 Multibooting Windows XP, Vista and Debian

This post will most likely not be particularly interesting to anyone. It's basically just a collection of notes of me putting XP, Vista and Debian on the same box. Turns out that it's actually pretty straightforward -- the lack of drama in this post is what makes it a bit dull. Maybe the chief value of this post is to reassure anyone wanting to do the same of its feasibility.

Anyway.

I've decided to revive an old Dell C521 from 2007 (I accidentally blew the PSU when moving to Oz from the US, I've upgraded the graphics card, and put a 1 Tb hdd in it) and since I don't have any windows machines and it isn't useful for anything high-powered (dual core Athlon), I figure I might as well use it for a bit of experimentation.

This isn't going to be a detailed step-by-step how-to guide -- it's more of an overview of how to set up triplebooting with vista in case I need to help someone at a later point (parents/parents-in-law, I'm looking at you).

I have no real desire to use windows, but I could see the usefulness of having a windows box around. Partly because I'd like to do my bit to help Windows users move towards using FOSS instead of the usual commercial fare (familiarity with the software ecosystem on linux will presumably help adoption). Partly because I haven't played Halo 2 for years...

I'm bracing myself for experiencing the pain of vista again...XP I can just about tolerate -- it's a decade old, so I can accept that it has some limitations.

Anyway, triple-booting Vista, XP and Debian seems ambitious enough for a blog post, given what a pain Vista (and 7) are in terms of playing nicely with other OS:s.

Looking at this post:

When dual-booting, you always install the old OS first, then the new.

Sounds about right...Debian last then ;)

Note that the hard disk was unpartitioned at the beginning. The screen was connected via a KVM switch to the NS210 graphics card (via the VGA port). The on-board ethernet port was connected to a router set up with dhcp.

The remaining original hardware is as follows:
AMD Athlon 64 X2 3800+ 2.0 GHz
2048 Mb DDR2 RAM
Broadcom 440x 10/100

The added bits are:
Realtek RTL8169/8110 Family PCI Gigabit ethernet
MSI NF210 (Geforce 210)
Western Digital Green 1 Tb 3.5"

---

Installing XP (32 bit):
First I had to burn a CD from an iso from my university. I don't have any cd writer on my desktop, but happen to have one on one of my nodes (an old work computer). So I copied the iso via nfs, and then burned it with

sudo burn -I -n WinXP\ Pro\ US\ with\ SP1\ \&\ MS03-39.iso

There isn't much to say about installing XP, other than me making a partition at the beginning of the disk with 50,000 Mb space. I made the paritition using the windows installation program (as part of the install), chose quick format (ntfs).

The reboot step during XP installs gets me every time and I always hit a key to boot from CD automatically. Don't do that.

I only installed XP. I didn't bother chasing down drivers etc. Those who complain about hardware support in linux don't realise what it's like setting up windows on a computer using a vanilla installation disk....

XP didn't have working internet (didn't recognize either network card) and the video resolution was 640x480. Once the network had been sorted out (R149798; downloaded in Vista and moved to the XP partition)I downloaded SP3, after which I could install the nvidia drivers. Luckily, most of the remaining drivers could be downloaded from Dell (nVidia_SMBus_A02_R132919, R132395, R133065)).

Setting up multiple ethernet cards was...fun. The challenge was the routing, which required a registry change and reboot. And I never knew XP had 'shutdown -r'. It's like a whole new OS to me now.

---

Installing Vista (32 bit):
Once XP was installed I popped in the Dell DVD (yes, once upon a time you actually got the installation CDs with your computer...) and rebooted.

Select install, and choose custom. Click on the unallocated space, select Drive Options (advanced), then click on New. I set the size to 100,000 Mb (visa is a space hog, but I don't really plan on actually using it so...). Click Apply. A new partition (Disk 0 Partition 2; Primary) should appear. Note that because windows set everything to primary and because GPT only can handle four primary partitions, you become somewhat limited in the number of OSs you can install (there are reasonably simple ways around it though). Click Next and let Vista have a go at your HDD.

The vista installation wasn't too bad, and there was decent hardware support on boot. Note that this was installed using the Vista DVD that came with the Dell I just installed it on i.e. the drivers were presumably included on the DVD.

Both network cards were detected (ipconfig) and I had a working internet connection (ping google.com). The default resolution was 800x600 pixels (display settings), but it was easily changed to 1024x768.

The device manager had an exclamation point next to Standard VGA Graphics Adapter under Display Adapters. The 'Windows Experience Index' was 1.0  due to poor Graphics and Gaming Graphics.

My post install steps consisted of installing Google Chrome, then allowing windows to install updates (451 Mb). Among those updates was GF210 support. Simply downloading 451 Mb took an hour (!) even though I'm on a university connection (i.e. fast -- typically +3M/s). Installing the updates took another hour after that. And that wasn't the end of it.

The nvidia was recognised after the reboot, and I now had a 4.1 "experience rating", and I could set the resolution to 1280x960.

I had another revelation (I've been gone from Windows for a while): I plugged in an Airlink101 USB wlan dongle (rtl8187b), and downloaded the driver from CNET. The installer tried to install two pieces of software without clearly advertising that it was doing so (top arcade something, and 7 wonders something else), then wanted to throw in zonealarm and change my home page. I seem to remember cnet being one of the reasonably trustworthy sites? I don't remember it bundling junk/spy-ware. Huh. Anyway, turns out the drivers got installed via windows update anyway.

Anyway, sorting out the updates was a PITA since a number of them kept failing. Download was slow (microsoft's servers pretty awful -- maybe they should switch to linux or bsd?) and installation takes forever. In the end I had to download SP1 and SP2 manually from the 'service pack center' and install them.

And LINUX is the one they call difficult? Good riddance.

---

Installing Debian:
While jigdo has worked well for me in the past, I was lazy and simply downloaded an iso. Because of university restrictions I could not use bit torrent.

wget http://cdimage.debian.org/debian-cd/7.0.0/amd64/iso-cd/debian-7.0.0-amd64-CD-1.iso
sudo burn -I -n debian-7.0.0-amd64-CD-1.iso

I popped the CD in the drive, and booted. Manual partition: 100 Gb for / (primary), 200 Gb for /home (logical) and 2 Gb for swap (logical). I used a local network mirror to install.

I installed the GRUB boot-loader to the MBR

Note that only Vista shows up in grub -- if you select Vista in GRUB, you get the Vista boot manager ('loader'), and can select 'Earlier versions of Windows' i.e. XP.

On booting into Debian the full GNOME 3 experience was available i.e. the nouveau driver for GeForce 210 is apparently good enough that we don't need to install the nvidia drivers. glxgears looks really pretty too, with over 700 FPS. Sweet!

Anyway, that's it.

I expected it to be a bit trickier, but even Vista behaved itself and didn't throw a fit on debian being installed.

---

424. NWChem 6.3 on Debian Wheezy

Update 23 May 2013: The execution times are pretty much the same as for 6.1.1 with a new patch. I've updated the instructions below to incorporate this new patch (http://www.nwchem-sw.org/images/Iswtch.patch.gz)

Update 21 May 2013: The execution times can be improved considerably by setting

ARMCI_NETWORK=SOCKETS

They are still ca 30% longer than 6.1.1 though due to slower SCF convergence. See http://www.nwchem-sw.org/index.php/Special:AWCforum/st/id834/Nwchem_6.3_running_2-5_times_slo....html

Update 20 May 2013: I did a bit of basic benchmarking. NWChem 6.3 is incredibly slow (ca 190s vs 40s for the 8 core, 3.6 GHz benchmark in http://verahill.blogspot.com.au/2013/05/414-frequency-vs-cores-crude.html). It's parallellising properly from what I can see (i.e. it is not running 8 serial jobs). I've repeated the calc with an unpatched version of nwchem 6.3, and it is just as slow.
 I'll post updates here if I figure this one out.

Original post:
NWChem 6.3 is just out. Here's how to build it for CPU computations.

To build on CentOS 5.6, see http://verahill.blogspot.com.au/2013/05/421-nwchem-63-on-rocks-543centos-56.html

---

Math library:
Use either openblas (for intel or AMD) or ACML (for AMD).

• To set up Openblas, see here:
 http://verahill.blogspot.com.au/2013/05/423-openblas-on-debian-wheezy.html

• To set up ACML, see here:
 http://verahill.blogspot.com.au/2013/05/422-set-up-acml-on-linux.html

---

My GabEdit/Python NWChem patch
This is NOT the patch alluded to in the 23 May update and is optional. It enables python support, and makes the output more verbose so that gabedit can be used as an alternative to ECCE. Hence, it is required if, but only if, you want to enable python and to be able to use GabEdit to open output files.

First create a patch file, e.g. diff.patch.

diff -rupN src.original/config/makefile.h src/config/makefile.h
--- src.original/config/makefile.h 2013-04-15 12:41:45.016853322 +1000
+++ src/config/makefile.h 2013-04-15 12:38:44.933319544 +1000
@@ -2039,7 +2039,7 @@ endif
 
      ifeq ($(BUILDING_PYTHON),python)
 #   EXTRA_LIBS += -ltk -ltcl -L/usr/X11R6/lib -lX11 -ldl
-     EXTRA_LIBS +=    -lnwcutil  -lpthread -lutil -ldl
+     EXTRA_LIBS +=    -lnwcutil  -lpthread -lutil -ldl -lssl -lz
   LDOPTIONS = -Wl,--export-dynamic 
      endif
 ifeq ($(NWCHEM_TARGET),CATAMOUNT)
diff -rupN src.original/ddscf/movecs_pr_anal.F src/ddscf/movecs_pr_anal.F
--- src.original/ddscf/movecs_pr_anal.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/movecs_pr_anal.F 2013-04-15 12:23:28.100409225 +1000
@@ -195,7 +195,7 @@ c
  22         format(1x,2('  Bfn.  Coefficient  Atom+Function  ',5x))
             write(LuOut,23)
  23         format(1x,2(' ----- ------------  ---------------',5x))
-            do klo = 0, min(n-1,9), 2
+            do klo = 0, min(n-1,199), 2
                khi = min(klo+1,n-1)
                write(LuOut,2) (
      $              int_mb(k_list+k)+1, 
diff -rupN src.original/ddscf/rohf.F src/ddscf/rohf.F
--- src.original/ddscf/rohf.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/rohf.F 2013-04-15 12:23:28.100409225 +1000
@@ -153,7 +153,7 @@ c
             ilo = 1
             ihi = nmo
          endif
-         call movecs_print_anal(basis, ilo, ihi, 0.15d0, g_movecs, 
+         call movecs_print_anal(basis, ilo, ihi, 0.01d0, g_movecs, 
      $        'ROHF Final Molecular Orbital Analysis', 
      $        .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      $        .true., dbl_mb(k_occ))
diff -rupN src.original/ddscf/scf_vec_guess.F src/ddscf/scf_vec_guess.F
--- src.original/ddscf/scf_vec_guess.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/scf_vec_guess.F 2013-04-15 12:23:28.100409225 +1000
@@ -511,19 +511,19 @@ c
          nprint = min(nclosed+nopen+30,nmo)
          if (scftype.eq.'RHF' .or. scftype.eq.'ROHF') then
             call movecs_print_anal(basis, 1,
-     &           nprint, 0.15d0, g_movecs, 
+     &           nprint, 0.01d0, g_movecs, 
      &           'ROHF Initial Molecular Orbital Analysis', 
      &           .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      &           .true., dbl_mb(k_occ))
          else
             nprint = min(nalpha+20,nmo)
             call movecs_print_anal(basis, max(1,nbeta-20),
-     &           nprint, 0.15d0, g_movecs, 
+     &           nprint, 0.01d0, g_movecs, 
      &           'UHF Initial Alpha Molecular Orbital Analysis', 
      &           .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      &           .true., dbl_mb(k_occ))
             call movecs_print_anal(basis, max(1,nbeta-20),
-     &           nprint, 0.15d0, g_movecs(2), 
+     &           nprint, 0.01d0, g_movecs(2), 
      &           'UHF Initial Beta Molecular Orbital Analysis', 
      &           .true., dbl_mb(k_eval+nbf), oadapt, int_mb(k_irs+nmo),
      &           .true., dbl_mb(k_occ+nbf))
diff -rupN src.original/ddscf/uhf.F src/ddscf/uhf.F
--- src.original/ddscf/uhf.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/uhf.F 2013-04-15 12:23:28.096409414 +1000
@@ -144,11 +144,11 @@ C
          enddo
          ihi = max(ihi-1,1)
  9611    continue
-         call movecs_print_anal(basis, ilo, ihi, 0.15d0, g_movecs, 
+         call movecs_print_anal(basis, ilo, ihi, 0.01d0, g_movecs, 
      $        'UHF Final Alpha Molecular Orbital Analysis', 
      $        .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      $        .true., dbl_mb(k_occ))
-         call movecs_print_anal(basis, ilo, ihi, 0.15d0, g_movecs(2), 
+         call movecs_print_anal(basis, ilo, ihi, 0.01d0, g_movecs(2), 
      $        'UHF Final Beta Molecular Orbital Analysis', 
      $        .true., dbl_mb(k_eval+nbf), oadapt, int_mb(k_irs+nmo),
      $        .true., dbl_mb(k_occ+nbf))
diff -rupN src.original/mcscf/mcscf.F src/mcscf/mcscf.F
--- src.original/mcscf/mcscf.F 2013-04-15 12:41:45.000854073 +1000
+++ src/mcscf/mcscf.F 2013-04-15 12:23:23.748613695 +1000
@@ -719,7 +719,7 @@ c
       if (util_print('final vectors analysis', print_default))
      $     call movecs_print_anal(basis, 
      $     max(1,nclosed-10), min(nbf,nclosed+nact+10),
-     $     0.15d0, g_movecs, 'Analysis of MCSCF natural orbitals',
+     $     0.01d0, g_movecs, 'Analysis of MCSCF natural orbitals',
      $     .true., dbl_mb(k_evals), .true., int_mb(k_sym), 
      $     .true., dbl_mb(k_occ))
 c     
diff -rupN src.original/nwdft/scf_dft/dft_mxspin_ovlp.F src/nwdft/scf_dft/dft_mxspin_ovlp.F
--- src.original/nwdft/scf_dft/dft_mxspin_ovlp.F 2013-04-15 12:41:45.604825677 +1000
+++ src/nwdft/scf_dft/dft_mxspin_ovlp.F 2013-04-15 12:23:28.228403211 +1000
@@ -184,14 +184,14 @@ c
       call ga_sync()
 c
       call movecs_print_anal(basis,int_mb(k_non),int_mb(k_non)
-     & ,0.15d0,g_alpha,'Alpha Orbitals without Beta Partners',
+     & ,0.01d0,g_alpha,'Alpha Orbitals without Beta Partners',
      &   .false., 0.0 ,.false., 0 , .false., 0 )
 c
       if (nct.GE.2) then
       do i = 2,nct
       ind = int_mb(k_non+i-1)
       call movecs_print_anal(basis,ind,ind
-     & ,0.15d0,g_alpha,' ',
+     & ,0.01d0,g_alpha,' ',
      &   .false., 0.0 ,.false., 0 , .false., 0 )
       enddo
       endif
@@ -350,7 +350,7 @@ c      endif
 c      endif
 c 9990 format(/,18x,'THERE ARE',i3,1x,'UN-PARTNERED ALPHA ORBITALS')
 c
-       call movecs_print_anal(basis, 1, nalp, 0.15d0, g_ualpha,
+       call movecs_print_anal(basis, 1, nalp, 0.01d0, g_ualpha,
      & 'Alpha Orb. w/o Beta Partners (after maxim. alpha/beta overlap)',
      &   .false., 0.0 ,.false., 0 , .false., 0 )
 c
diff -rupN src.original/nwdft/scf_dft/dft_scf.F src/nwdft/scf_dft/dft_scf.F
--- src.original/nwdft/scf_dft/dft_scf.F 2013-04-15 12:41:45.608825490 +1000
+++ src/nwdft/scf_dft/dft_scf.F 2013-04-15 12:23:28.228403211 +1000
@@ -1774,7 +1774,7 @@ c
             else
                blob='DFT Final Beta Molecular Orbital Analysis' 
             endif
-            call movecs_print_anal(ao_bas_han, ilo, ihi, 0.15d0, 
+            call movecs_print_anal(ao_bas_han, ilo, ihi, 0.01d0, 
      &           g_movecs(ispin), 
      &           blob, 
      &           .true., dbl_mb(k_eval(ispin)), oadapt, 
diff -rupN src.original/nwdft/scf_dft_cg/dft_cg_solve.F src/nwdft/scf_dft_cg/dft_cg_solve.F
--- src.original/nwdft/scf_dft_cg/dft_cg_solve.F 2013-04-15 12:41:45.612825303 +1000
+++ src/nwdft/scf_dft_cg/dft_cg_solve.F 2013-04-15 12:23:28.220403588 +1000
@@ -183,7 +183,7 @@ c
             blob = 'DFT Final Beta Molecular Orbital Analysis'
           endif
           call movecs_fix_phase(g_movecs(ispin))
-          call movecs_print_anal(basis, ilo, ihi, 0.15d0,
+          call movecs_print_anal(basis, ilo, ihi, 0.01d0,
      &         g_movecs(ispin),blob,
      &         .true., dbl_mb(k_eval+(ispin-1)*nbf),
      &         oadapt, int_mb(k_irs+(ispin-1)*nbf),

---

Compile NWChem
This examples uses the ACML libs. See e.g. this post for openblas settings.

sudo apt-get install build-essential gfortran python2.7-dev libopenmpi-dev openmpi-bin
sudo mkdir /opt/nwchem
sudo chown $USER:$USER /opt/nwchem
cd /opt/nwchem/
wget http://www.nwchem-sw.org/download.php?f=Nwchem-6.3-src.2013-05-17.tar.gz
mv download.php\?f\=Nwchem-6.3-src.2013-05-17.tar.gz Nwchem-6.3-src.2013-05-17.tar.gz
tar xvf Nwchem-6.3-src.2013-05-17.tar.gz
cd nwchem-6.3-src.2013-05-17/
patch -p0 < diff.patch

patching file src/config/makefile.h
patching file src/ddscf/movecs_pr_anal.F
patching file src/ddscf/rohf.F
patching file src/ddscf/scf_vec_guess.F
patching file src/ddscf/uhf.F
patching file src/mcscf/mcscf.F
patching file src/nwdft/scf_dft/dft_mxspin_ovlp.F
patching file src/nwdft/scf_dft/dft_scf.F
patching file src/nwdft/scf_dft_cg/dft_cg_solve.F

cd src/
wget http://www.nwchem-sw.org/images/Iswtch.patch.gz
gzip -d Iswtch.patch
patch -p0 < Iswtch.patch
cd ../
export LARGE_FILES=TRUE
export TCGRSH=/usr/bin/ssh
export NWCHEM_TOP=`pwd`
export NWCHEM_TARGET=LINUX64
export NWCHEM_MODULES="all python"
export PYTHONVERSION=2.7
export PYTHONHOME=/usr
export BLASOPT="-L/opt/acml/acml5.3.1/gfortran64_int64/lib -lacml"

export USE_MPI=y
export USE_MPIF=y
export USE_MPIF4=y
export MPI_LOC=/usr/lib/openmpi/lib
export MPI_INCLUDE=/usr/lib/openmpi/include
export LIBRARY_PATH="$LIBRARY_PATH:/usr/lib/openmpi/lib:/opt/acml/acml5.3.1/gfortran64_int64/lib"
export LIBMPI="-lmpi -lopen-rte -lopen-pal -ldl -lmpi_f77 -lpthread"

export ARMCI_NETWORK=SOCKETS

cd $NWCHEM_TOP/src
make clean
make nwchem_config
make FC=gfortran 1> make.log 2>make.err
cd $NWCHEM_TOP/contrib
export FC=gfortran
./getmem.nwchem

---

Settings
Create /opt/nwchem/default.nwchemrc

nwchem_basis_library /opt/nwchem/nwchem-6.3-src.2013-05-17/src/basis/libraries/
ffield amber
amber_1 /opt/nwchem/nwchem-6.3-src.2013-05-17/src/data/amber_s/
amber_2 /opt/nwchem/nwchem-6.3-src.2013-05-17/src/data/amber_x/
amber_3 /opt/nwchem/nwchem-6.3-src.2013-05-17/src/data/amber_q/
amber_4 /opt/nwchem/nwchem-6.3-src.2013-05-17/src/data/amber_u/
amber_5 /opt/nwchem/nwchem-6.3-src.2013-05-17/src/data/custom/
spce /opt/nwchem/nwchem-6.3-src.2013-05-17/src/data/solvents/spce.rst
charmm_s /opt/nwchem/nwchem-6.3-src.2013-05-17/src/data/charmm_s/
charmm_x /opt/nwchem/nwchem-6.3-src.2013-05-17/src/data/charmm_x/

Symmlink to this file in each user's home:

ln -s /opt/nwchem/default.nwchemrc ~/.nwchemrc

423. Openblas on Debian Wheezy

Update 23 May 2013: the url for the openblas tarball has been updated and a tab has been removed from the lapack url.

Note that the links to the openblas file tends to die after a while, so you might have to download it manually.

Original post:
I need more modular posts. I've covered how to build openblas several times before, but I need a simple post I can use as a reference. So here it is:

openblas

sudo mkdir /opt/openblas
sudo chown ${USER} /opt/openblas
cd ~/tmp
wget http://github.com/xianyi/OpenBLAS/tarball/v0.2.6

tar xvf v0.2.6
cd xianyi-OpenBLAS-87b4d0c

wget http://www.netlib.org/lapack/lapack-3.4.1.tgz
make all BINARY=64 CC=/usr/bin/gcc FC=/usr/bin/gfortran USE_THREAD=0 INTERFACE64=1 1> make.log 2>make.err
make PREFIX=/opt/openblas install

nm: '/lib/libpthread.so*': No such file
make -j 2 -f Makefile.install install
make[1]: Entering directory `/home/me/tmp/xianyi-OpenBLAS-87b4d0c'
Generating openblas_config.h in /opt/openblas/include
Generating f77blas.h in /opt/openblas/include
Generating cblas.h in /opt/openblas/include
Copying LAPACKE header files to /opt/openblas/lib
Copy the static library to /opt/openblas/lib
cp: cannot stat `libopenblas_opteronp-r0.2.6.a': No such file or directory
make[1]: *** [install] Error 1
make[1]: Leaving directory `/home/me/tmp/xianyi-OpenBLAS-87b4d0c'
make: *** [install] Error 2

Don't worry about the errors -- as long as you have libopenblas_PROCESSOR_rX.X.X.so, you're fine.

cp lib*.* /opt/openblas/lib

add

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/openblas/lib

to your ~/.bashrc, and/or add

/opt/openblas/lib

to your /etc/ld.so.conf

422. Set up ACML on linux

These are the same instructions as in post 409B. However, I've decided it's better to do the posts the unix/linux way -- have the do one thing, and do that thing well. It makes life easier for me if I can simply refer back to more modular posts.

Anyway, here's how to set up the ACML libs on debian.

ACML
Download both the 'regular' and the int64 gfortran packages from AMD:
http://developer.amd.com/tools-and-sdks/cpu-development/amd-core-math-library-acml/acml-downloads-resources/#download

tar xvf acml-5-3-1-gfortran-64bit-int64.tgz
tar xvf acml-5-3-1-gfortran-64bit.tgz
sh install-acml-5-3-1-gfortran-64bit-int64.sh

Where do you want to install ACML?  Press return to use
the default location (/opt/acml5.3.1), or enter an alternative path.
The directory will be created if it does not already exist.
> /opt/acml/acml5.3.1

sh install-acml-5-3-1-gfortran-64bit.sh

Where do you want to install ACML?  Press return to use
the default location (/opt/acml5.3.1), or enter an alternative path.
The directory will be created if it does not already exist.
> /opt/acml/acml5.3.1

You'll get something like this:

/opt/acml/acml5.3.1
|-- Doc
|-- gfortran64
|-- gfortran64_fma4
|-- gfortran64_fma4_int64
|-- gfortran64_fma4_mp
|-- gfortran64_fma4_mp_int64
|-- gfortran64_int64
|-- gfortran64_mp
|-- gfortran64_mp_int64
`-- util

where
*  fma4 is for cpus with FMA4 support (use util/cpuid to check)
*  int64 is for double-precision float (integer*8) I think
*  mp is for openmp. For MPI do not use the _mp_ libraries!

Pick your library/ies and add them to the LD_LIBRARY_PATH, e.g.:

echo 'export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/acml/acml5.3.1/gfortran64_int64/lib' >> ~/.bashrc
source ~/.bashrc

416. Compiling Wine 1.5.30 in a chroot (fixed)

Update 2, 22 May 2013: Thanks to the Anonymous poster who pointed out that wine 1.5.30 was broken! Anyway, I've updated this post with instructions how to patch the wine 1.5.30 sources so that it includes libwine in the final .deb package.

(I normally attached a screenshot of the winecfg about tab, but not this time -- had I done that I would've realised something was wrong. )

It's fixed now. Wine 1.5.30 is OK again.

---

Update 22 May 2013: libwine.so.1 doesn't get included in the deb package, which causes severely reduced functionality. I've confirmed that Wine 1.5.28 built as shown in http://verahill.blogspot.com.au/2013/04/387-compiling-wine-1528-in-i386-chroot.html works fine though.

I'll update here when I've figured out why the compiled libraries don't get included.

It's similar to what is mentioned in these bug reports:
https://bugs.archlinux.org/task/35189
https://bugs.archlinux.org/task/35190
https://bugs.archlinux.org/task/35191

There's a fix here: http://bugs.winehq.org/attachment.cgi?id=44422

---

Original post:
While it'd be absolutely fair to accuse me of recycling posts, I have a reasonably good reason for doing so: posting build instructions for the latest version -- even if identical to instructions for earlier versions -- confirms that it 'works'. Also, it shows that the instructions are current.

I'm too much of a hoarder to go back and update old posts.

Anyway, here's a generic way of building wine which works for 1.5.30 (and 1.5.28 and everything in between). And yes, I've copy/pasted from my old 1.5.28 post...

See here for information about 3D acceleration using libGL/U: http://verahill.blogspot.com.au/2013/05/429-briefly-wine-libglliubglu-blender.html

Getting started:
If you set up a chroot to build 1.5.28 before, you don't need to set up a new chroot to build 1.5.30. In that case, skip the set-up step below and instead re-enter your existing chroot like this:

sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32
su sandbox

cd ~/tmp

Setting up the Chroot

sudo apt-get install debootstrap
mkdir $HOME/tmp/architectures/wine32 -p
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:

apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Replace 'beryllium' with the name your host system (it's just to suppress error messages)

---

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it -- you don't actually need it):

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential

mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.30.tar.bz2
tar xvf wine-1.5.30.tar.bz2
cd wine-1.5.30/
wget http://bugs.winehq.org/attachment.cgi?id=44422 -O diff.patch
patch -p1 < diff .patch

patching file configure
patching file configure.ac
patching file libs/wine/Makefile.in

./configure
time make -j3
sudo checkinstall --install=no

checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran
           This software is released under the GNU GPL.


The package documentation directory ./doc-pak does not exist. 
Should I create a default set of package docs?  [y]: 

Preparing package documentation...OK

Please write a description for the package.
End your description with an empty line or EOF.
>> wine 1.5.30-2
>> 

*****************************************
**** Debian package creation selected ***
*****************************************

This package will be built according to these values: 

0 -  Maintainer: [ root@beryllium ]
1 -  Summary: [ wine 1.5.30-2 ]
2 -  Name:    [ wine ]
3 -  Version: [ 1.5.30-2 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ i386 ]
8 -  Source location: [ wine-1.5.30 ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ wine ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Compilation took ca 13 minutes with three threads. Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

---

Installing Wine

Exit the chroot

sandbox@beryllium:~/tmp/wine-1.5.30$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$ 

On your host system
 Enable multiarch* and install ia32-libs, since you've built a proper 32 bit binary:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

*At some point I think ia32-libs may be replaced by proper multiarch packages, but maybe not. So we're kind of doing both here.

 Copy the .deb package and install it

sudo cp wine32/home/sandbox/tmp/wine-1.5.30/wine_1.5.30-1_i386.deb .
sudo chown $USER wine_1.5.30-1_i386.deb
sudo dpkg -i wine_1.5.30-1_i386.deb

---

409.A.GAMESS US with GPU support on debian wheezy. This works (probably).

Update 27/6/2013:
Please note that Kirill Berezovsky has published a series of posts on GAMESS US, including how to compile it for both CPU and GPU use. See
http://biochemicalmatters.blogspot.com.au/2013/06/gamess-us-frequently-asked-questions_26.html
http://biochemicalmatters.blogspot.ru/2013/06/gamess-us-frequently-asked-questions_1687.html
http://biochemicalmatters.blogspot.ru/2013/06/gamess-us-frequently-asked-questions_1447.html
http://biochemicalmatters.blogspot.com.au/2013/06/gamess-us-frequently-asked-questions.html


Update 21 May 2013: See the comments below this post. This approach most likely works -- what has been confusing me is the lack of reports of GPU timings in the output, but this doesn't necessarily mean that the GPU isn't being used. The poster below this post, using nvidia-smi, observed GPU usage, although the speed-up was not major.

Update 10/05/2013: fixed libcchem compile.

Everything compiles fine and computations run fine and fast. To date there's only one other detailed step-by-step example of successful compilation of GAMESS with GPU support out there. At least based on google.

For various reasons I'm beginning to suspect that ATLAS isn't working out for me -- I've had issues getting things to converge with ATLAS, but which work fine with ACML (see post B).

I was in part following http://combichem.blogspot.com.au/2011/02/compiling-gamess-with-cuda-gpu-support.html and ./libcchem/aaa.readme.1st

This took a while to hammer out, so the write-up is a bit messy.

---

Set up

sudo apt-get install libboost-all-dev build-essential g++ gfortran automake nvidia-cuda-toolkit python-cheetah openmpi-bin libopenmpi-dev zlib1g-dev checkinstall
mkdir ~/tmp

Get gamess (see e.g. http://verahill.blogspot.com.au/2012/09/compiling-and-testing-gamess-us-on.html).

Put gamess-current.tar.gz in  ~/tmp

cd ~/tmp
tar xvf gamess-current.tar.gz
sudo mv gamess /opt/gamess_cuda
sudo chown $USER:$USER /opt/gamess_cuda -R


Preparing Boost

Edit /usr/include/boost/mpl/aux_/integral_wrapper.hpp

47 // other compilers (e.g. MSVC) are not particulary happy about it
 48 #if BOOST_WORKAROUND(__EDG_VERSION__, <= 238) || defined(__CUDACC__)
 49     typedef struct AUX_WRAPPER_NAME type;

Edit /usr/include/boost/mpl/size_t_fwd.hpp

20 
 21 BOOST_MPL_AUX_ADL_BARRIER_NAMESPACE_OPEN
 22 #if defined(__CUDACC__)
 23    typedef std::size_t std_size_t;
 24    template< std_size_t N > struct size_t;
 25 #else
 26    template< std::size_t N > struct size_t;
 27 #endif
 28 
 29 BOOST_MPL_AUX_ADL_BARRIER_NAMESPACE_CLOSE

Edit /usr/include/boost/mpl/size_t.hpp

 19 #if defined(__CUDACC__)
 20   #define AUX_WRAPPER_VALUE_TYPE std_size_t
 21   #define AUX_WRAPPER_NAME size_t    
 22   #define AUX_WRAPPER_PARAMS(N) std_size_t N
 23 #else 
 24   #define AUX_WRAPPER_VALUE_TYPE std::size_t
 25   #define AUX_WRAPPER_NAME size_t
 26   #define AUX_WRAPPER_PARAMS(N) std::size_t N
 27 #endif
 28 

---

HDF5
You'll have to compile that yourself for now since H5Cpp.h missing in the debian packages.(i.e. cxx support)

mkdir ~/tmp
cd ~/tmp
wget http://www.hdfgroup.org/ftp/HDF5/current/src/hdf5-1.8.10-patch1.tar.gz
tar xvf hdf5-1.8.10-patch1.tar.gz
cd hdf5-1.8.10-patch1/
export CC=/usr/bin/gcc-4.6 && export CXX=/usr/bin/g++-4.6
./configure --prefix=/opt/gamess_cuda/hdf5 --with-pthread --enable-cxx --enable-threadsafe --enable-unsupported
make
mkdir /opt/gamess_cuda/hdf5/lib -p
mkdir /opt/gamess_cuda/hdf5/include -p
sudo checkinstall

This package will be built according to these values: 

0 -  Maintainer: [ root@neon ]
1 -  Summary: [ hdf5-cxx]
2 -  Name:    [ hdf5-1.8.10 ]
3 -  Version: [ 1.8.10-1 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ amd64 ]
8 -  Source location: [ hdf5-1.8.10-patch1 ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ hdf5-1.8.10 ]
12 - Conflicts: [  ]
13 - Replaces: [  ]


Make sure to edit the Version field since Patch-1 leads to an error (must start with digit).


Openmpi 1.6

Can't remember why I ended up compiling it myself instead of using the stock debian version. From here.

sudo apt-get install build-essential gfortran
wget http://www.open-mpi.org/software/ompi/v1.6/downloads/openmpi-1.6.tar.bz2
tar xvf openmpi-1.6.tar.bz2
cd openmpi-1.6/

sudo mkdir /opt/openmpi/
sudo chown ${USER} /opt/openmpi/
./configure --prefix=/opt/openmpi/1.6/ --with-sge

make
make install



compiling libcchem

cd /opt/gamess_cuda/libcchem

edit /opt/gamess_cuda/libcchem/rysq/src/externals/boost/cuda/device_ptr.hpp

  4 #include <cstdlib>
  5 #include <iterator>
  6 #include <stddef.h>
  7 
  8 namespace boost {

Edit /opt/gamess_cuda/libcchem/src/externals/boost/cuda/device_ptr.hpp

  4 #include <cstdlib>
  5 #include <iterator>
  6 #include <stddef.h>
  7 
  8 namespace boost {
  9 namespace cuda {

./configure --with-gamess --with-hdf5=/opt/gamess_cuda/hdf5 CPPFLAGS="-I/opt/gamess_cuda/hdf5/include" --with-cuda=/usr --disable-openmp --prefix=/opt/gamess_cuda/libcchem --with-gpu=fermi --with-integer8 --with-cublas
make
make install

Configure Gamess US

Mainly follow this: http://verahill.blogspot.com.au/2012/09/compiling-and-testing-gamess-us-on.html

cd /opt/gamess_cuda
./config


please enter your target machine name: linux64

GAMESS directory? [/opt/gamess_cuda] /opt/gamess_cuda

Setting up GAMESS compile and link for GMS_TARGET=linux64
GAMESS software is located at GMS_PATH=/opt/gamess_cuda
 
Please provide the name of the build locaation.
This may be the same location as the GAMESS directory.
 
GAMESS build directory? [/home/me/tmp/gamess] 

Please provide a version number for the GAMESS executable.
This will be used as the middle part of the binary's name,
for example: gamess.00.x

Version? [00] 12r2

Please enter your choice of FORTRAN: gfortran

gfortran is very robust, so this is a wise choice.

Please type 'gfortran -dumpversion' or else 'gfortran -v' to
detect the version number of your gfortran.
This reply should be a string with at least two decimal points,
such as 4.1.2 or 4.6.1, or maybe even 4.4.2-12.
The reply may be labeled as a 'gcc' version,
but it is really your gfortran version.
Please enter only the first decimal place, such as 4.1 or 4.6:  
4.6


Enter your choice of 'mkl' or 'atlas' or 'acml' or 'none': atlas

Please enter the Atlas subdirectory on your system: /opt/ATLAS/lib

Math library 'atlas' will be taken from /opt/ATLAS
 

If you have an expensive but fast network like Infiniband (IB), and
if you have an MPI library correctly installed,
     choose 'mpi'.
 
communication library ('sockets' or 'mpi')? mpi

Enter MPI library (impi, mvapich2, mpt, sockets): openmpi



Please enter your openmpi's location: /opt/openmpi/1.6

---

Build Gamess US

cd /opt/gamess_cuda/ddi/
./compddi
cd ../

Edit comp

872 #          see ~/gamess/libcchem/aaa.readme.1st for more information
 873 set GPUCODE=true
 874 if ($GPUCODE == true) then

and

1663 #           -fno-whole-file suppresses argument's data type checking
1664       set OPT='-O0'
1665       if (".$GMS_DEBUG_FLAGS" != .) set OPT="$GMS_DEBUG_FLAGS"

./compall

Edit lked

69 #
  70 set GPUCODE=true
  71 #
  72 #   5. optional MPQC interface

and

958             case openmpi:
 959                set MPILIBS="-L$GMS_MPI_PATH/lib"
 960                set MPILIBS="$MPILIBS -lmpi -lpthread"
 961                breaksw

and

1214 if ($GPUCODE == true) then
1215    echo "   Using 'libcchem' add-in C++ codes for Nvidia/CUDA GPUs."
1216    set GPU_LIBS="-L/opt/gamess_cuda/libcchem/lib -lcchem_gamess -lcchem -lrysq"
1217    set GPU_LIBS="$GPU_LIBS -lcudart -lcublas"
1218    ### GPU_LIBS="$GPU_LIBS -lcudart -lcublas"
1219    set GPU_LIBS="$GPU_LIBS /usr/lib/libboost_thread.a"
1220    set GPU_LIBS="$GPU_LIBS /opt/gamess_cuda/hdf5/lib/libhdf5.a"
1221    set GPU_LIBS="$GPU_LIBS /opt/gamess_cuda/hdf5/lib/libhdf5_cpp.a"
1222    set GPU_LIBS="$GPU_LIBS /opt/gamess_cuda/hdf5/lib/libhdf5_hl.a"
1223    set GPU_LIBS="$GPU_LIBS /opt/gamess_cuda/hdf5/lib/libhdf5.a"
1224    set GPU_LIBS="$GPU_LIBS /opt/ATLAS/lib/libcblas.a"
1225    set GPU_LIBS="$GPU_LIBS -lz"
1226    set GPU_LIBS="$GPU_LIBS -lstdc++"
1227    ### GPU_LIBS="$GPU_LIBS -lgomp"
1228    set GPU_LIBS="$GPU_LIBS -lpthread"
1229    echo "   libcchem GPU code's libraries are"
1230    echo "$GPU_LIBS"
1231 else

./lked gamess gpu.12

Create gpurun

#!/bin/csh
set TARGET=mpi
set SCR=$HOME/scratch
set USERSCR=/scratch
set GMSPATH=/opt/gamess_cuda
set JOB=$1
set VERNO=$2
set NCPUS=$3

   @ NUMGPU=1
   if ($NUMGPU > 0) then
      @ NUMCPU = $NCPUS - 1
      echo libcchem kernels will use $NUMCPU cores and $NUMGPU GPUs per node...
      set echo
      setenv CCHEM_PROFILE 1
      setenv NUM_THREADS $NCPUS
      #--if ($NUMGPU == 0) setenv GPU_DEVICES -1
      #--if ($NUMGPU == 2) setenv GPU_DEVICES 0,1
      #--if ($NUMGPU == 4) setenv GPU_DEVICES 0,1,2,3
      #setenv LD_LIBRARY_PATH /share/apps/cuda/lib64:$LD_LIBRARY_PATH
      ###### LD_LIBRARY_PATH /usr/local/cuda/lib64:$LD_LIBRARY_PATH
      unset echo
   else
      setenv GPU_DEVICES -1
   endif


if ( $JOB:r.inp == $JOB ) set JOB=$JOB:r
echo "Copying input file $JOB.inp to your run's scratch directory..."
cp $JOB.inp $SCR/$JOB.F05

setenv TRAJECT $USERSCR/$JOB.trj
setenv RESTART $USERSCR/$JOB.rst
setenv INPUT $SCR/$JOB.F05
setenv PUNCH $USERSCR/$JOB.dat
if ( -e $TRAJECT ) rm $TRAJECT
if ( -e  $PUNCH ) rm $PUNCH
if ( -e  $RESTART ) rm $RESTART
source $GMSPATH/gms-files.csh

setenv LD_LIBRARY_PATH /opt/openmpi/lib:$LD_LIBRARY_PATH
set path= ( /opt/openmpi/bin $path )
mpiexec -n $NCPUS $GMSPATH/gamess.gpu.$VERNO.x|tee $JOB.out
cp $PUNCH .

echo 'export PATH=$PATH:/opt/gamess_cuda' >> ~/.bashrc
source ~/.bashrc
chmod +x gpurun
cd test/standard/
 gpurun exam44 12 2

The only evidence of GPU usage in the output is e.g. in exam44.out:

388           -----------------------
389           MP2 CONTROL INFORMATION
390           -----------------------
391           NACORE =        6  NBCORE =        6
392           LMOMP2 =        F  AOINTS = DUP
393           METHOD =        2  NWORD  =               0
394           MP2PRP =        F  OSPT   = NONE
395           CUTOFF = 1.00E-09  CPHFBS = BASISAO
396           CODE   = GPU
397 
398           NUMBER OF CORE -A-  ORBITALS =     6
399           NUMBER OF CORE -B-  ORBITALS =     6

but in the summary only CPU utilisation is mentioned.

---

I modified rungms:

me@neon:/opt/gamess_cuda/tests/standard$ diff /opt/gamess_cuda/gpurungms /opt/gamess/rungms 
59,62c59,62
< set TARGET=mpi
< set SCR=$HOME/scratch
< set USERSCR=/scratch
< set GMSPATH=/opt/gamess_cuda
---
> set TARGET=sockets
> set SCR=/scr/$USER
> set USERSCR=~$USER/scr
> set GMSPATH=/u1/mike/gamess
67d66
< set NNODES=1
513c512
< set PPN=$3
---
>    set PPN=$4
601c600
<          @ PPN2 = $PPN
---
>          @ PPN2 = $PPN + $PPN
742c741
<    @ NUMGPU=1
---
>    @ NUMGPU=0
752c751
< #      setenv LD_LIBRARY_PATH /share/apps/cuda/lib64:$LD_LIBRARY_PATH
---
>       setenv LD_LIBRARY_PATH /share/apps/cuda/lib64:$LD_LIBRARY_PATH
793c792,793
<       /opt/openmpi/1.6/bin/mpiexec -n $NPROCS $GMSPATH/gamess.$VERNO.x < /dev/null
---
>       mpiexec.hydra -f $PROCFILE -n $NPROCS \
>             /home/mike/gamess/gamess.$VERNO.x < /dev/null

408. Briefly: Tor on Debian -- the quick option

Tor can -- under the right conditions -- be used to anonymize your connection. Encryption, anonymity etc. is a minefield is you want to do it right, and I won't pretend to be an expert, so do your own reading.

Anyway.

In the process of looking at manually setting up Tor on Debian I came across the Tor browser bundle. Using it is pretty straightforward, but given that linux users are at varying skill-levels, a step by step guide with pictures can't hurt (and another post for me...).

sudo mkdir /opt/torbundle
sudo chown $USER:$USER /opt/torbundle
cd /opt/torbundle
wget https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-x86_64-2.3.25-6-dev-en-US.tar.gz
tar xvf tor-browser-gnu-linux-x86_64-2.3.25-6-dev-en-US.tar.gz
echo "alias torbrowser='/opt/torbundle/tor-browser_en-US/./start-tor-browser'" >> ~/.bashrc
source ~/.bashrc

Start by typing

torbrowser

Vidalia will open, and once you're connected to the tor network a browser session will automatically open.

Vidalia

403. Kernel 3.9 on Debian Wheezy/Testing

Kernel 3.9 is out now -- here's how to build it on debian wheezy. Nothing odd in comparison to earlier versions and it barely warrants a separate post.

* To compile a kernel under Arch linux, see here: http://verahill.blogspot.com.au/2013/03/355-kernel-382-on-arch-linux-exploration.html

* To compile a kernel without kernel-package on debian, see here: http://verahill.blogspot.com.au/2013/02/344-compile-kernel-38-without-using-kpkg.html

So it begins

sudo apt-get install kernel-package fakeroot build-essential ncurses-dev
mkdir ~/tmp
cd ~/tmp
wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.9.tar.bz2
tar xvf linux-3.9.tar.bz2
cd linux-3.9/
cat /boot/config-`uname -r`>.config
make oldconfig

You will be asked a lot of questions -- how many depends on what version you upgrade from. If in doubt, pick the default answer (i.e. hit enter). If really in doubt, use google.

Then continue:

make-kpkg clean

Do

make menuconfig

if you want to make any specific changes to the kernel (e.g. add support for certain devices)

Then continue:

time fakeroot make-kpkg -j4 --initrd kernel_image kernel_headers

As usual 4 is the number of threads you wish to launch -- make it equal to the number of cores that you have for optimum performance during compilation (more about that here).

Install:

sudo dpkg -i ../linux-image-3.9.0_3.9.0-10.00.Custom_amd64.deb ../linux-headers-3.9.0_3.9.0-10.00.Custom_amd64.deb

---

The new stuff
I know it's a bit lazy to simply post the questions as I do below, but...well, I don't have much of an excuse other than you having to figure out for yourself what you want to enable, and what you don't.:

  2. Full dynticks CPU time accounting (VIRT_CPU_ACCOUNTING_GEN) (NEW)
Intel Low Power Subsystem Support (X86_INTEL_LPSS) [N/y/?] (NEW) 
Early load microcode (MICROCODE_INTEL_EARLY) [Y/n/?] (NEW) 
  PCI slot detection driver (ACPI_PCI_SLOT) [N/y/?] (NEW) 
  Container and Module Devices (ACPI_CONTAINER) [Y/?] (NEW) y
Intel P state control (X86_INTEL_PSTATE) [N/y/?] (NEW) 
  "bpf" match support (NETFILTER_XT_MATCH_BPF) [N/m/?] (NEW) 
  "connlabel" match support (NETFILTER_XT_MATCH_CONNLABEL) [N/m/?] (NEW) 
  VLAN filtering (BRIDGE_VLAN_FILTERING) [N/y/?] (NEW) 
  MVRP (Multiple VLAN Registration Protocol) support (VLAN_8021Q_MVRP) [N/y/?] (NEW) 
Virtual Socket protocol (VSOCKETS) [N/m/y/?] (NEW) 
  Enable LED triggers for Netlink based drivers (CAN_LEDS) [N/y/?] (NEW) 
  8 devices USB2CAN interface (CAN_8DEV_USB) [N/m/?] (NEW) 
Fallback user-helper invocation for firmware loading (FW_LOADER_USER_HELPER) [Y/n/?] (NEW) 
  Command line partition table parsing (MTD_CMDLINE_PARTS) [N/m/?] (NEW) 
  IBM FlashSystem 70/80 PCIe SSD Device Driver (BLK_DEV_RSXX) [N/m/y/?] (NEW) 
Device driver for Atmel SSC peripheral (ATMEL_SSC) [N/m/y/?] (NEW) 
Lattice ECP3 FPGA bitstream configuration via SPI (LATTICE_ECP3_CONFIG) [N/m/y/?] (NEW) 
VMware VMCI Driver (VMWARE_VMCI) [N/m/y/?] (NEW) 
    SATA Zero Power Optical Disc Drive (ZPODD) support (SATA_ZPODD) [N/y/?] (NEW) 
    Cache target (EXPERIMENTAL) (DM_CACHE) [N/m/?] (NEW) 
      Broadcom 578xx and 57712 SR-IOV support (BNX2X_SRIOV) [Y/n/?] (NEW) 
      Intel(R) PCI-Express Gigabit adapters HWMON support (IGB_HWMON) [Y/n/?] (NEW) 
  ASIX AX88179/178A USB 3.0/2.0 to Gigabit Ethernet (USB_NET_AX88179_178A) [M/n/?] (NEW) 
    Intel Wireless WiFi MVM Firmware support (IWLMVM) [N/m/?] (NEW) 
  Cypress APA I2C Trackpad support (MOUSE_CYAPA) [N/m/?] (NEW) 
  Support 8250_core.* kernel options (DEPRECATED) (SERIAL_8250_DEPRECATED_OPTIONS) [Y/n/?] (NEW) 
Support for Synopsys DesignWare 8250 quirks (SERIAL_8250_DW) [N/m/y/?] (NEW) 
Comtrol RocketPort EXPRESS/INFINITY support (SERIAL_RP2) [N/m/y/?] (NEW) 
  STMicroelectronics ST33 I2C TPM (TCG_ST33_I2C) [N/m/?] (NEW) 
Intel iSMT SMBus Controller (I2C_ISMT) [N/m/?] (NEW) 
  PXA2xx SSP SPI master (SPI_PXA2XX) [N/m/y/?] (NEW) 
  Intel Lynxpoint GPIO support (GPIO_LYNXPOINT) [N/y/?] (NEW) 
Dual Channel Addressable Switch 0x3a family support (DS2413) (W1_SLAVE_DS2413) [N/m/?] (NEW) 
  Goldfish battery driver (BATTERY_GOLDFISH) [N/m/y/?] (NEW) 
  Maxim MAX6697 and compatibles (SENSORS_MAX6697) [N/m/?] (NEW) 
  TI / Burr Brown INA209 (SENSORS_INA209) [N/m/?] (NEW) 
  Fair-share thermal governor (THERMAL_GOV_FAIR_SHARE) [N/y/?] (NEW) 
  Step_wise thermal governor (THERMAL_GOV_STEP_WISE) [Y/?] (NEW) y
  User_space thermal governor (THERMAL_GOV_USER_SPACE) [N/y/?] (NEW) 
  Thermal emulation mode support (THERMAL_EMULATION) [N/y/?] (NEW) 
  Intel PowerClamp idle injection driver (INTEL_POWERCLAMP) [N/m/?] (NEW) 
  TI LP8755 High Performance PMU driver (REGULATOR_LP8755) [N/m/?] (NEW) 
  V4L2 int device (DEPRECATED) (VIDEO_V4L2_INT_DEVICE) [N/m/?] (NEW) 
    Support for various USB DVB devices v2 (DVB_USB_V2) [N/m/?] (NEW) 
      Cypress firmware helper routines (DVB_USB_CYPRESS_FIRMWARE) [N/m] (NEW) 
      Afatech AF9015 DVB-T USB2.0 support (DVB_USB_AF9015) [N/m/?] (NEW) 
      Afatech AF9035 DVB-T USB2.0 support (DVB_USB_AF9035) [N/m/?] (NEW) 
      Anysee DVB-T/C USB2.0 support (DVB_USB_ANYSEE) [N/m/?] (NEW) 
      Alcor Micro AU6610 USB2.0 support (DVB_USB_AU6610) [N/m/?] (NEW) 
      AzureWave 6007 and clones DVB-T/C USB2.0 support (DVB_USB_AZ6007) [N/m/?] (NEW) 
      Intel CE6230 DVB-T USB2.0 support (DVB_USB_CE6230) [N/m/?] (NEW) 
      E3C EC168 DVB-T USB2.0 support (DVB_USB_EC168) [N/m/?] (NEW) 
      Genesys Logic GL861 USB2.0 support (DVB_USB_GL861) [N/m/?] (NEW) 
      ITE IT913X DVB-T USB2.0 support (DVB_USB_IT913X) [N/m/?] (NEW) 
      MxL111SF DTV USB2.0 support (DVB_USB_MXL111SF) [N/m/?] (NEW) 
      Realtek RTL28xxU DVB USB support (DVB_USB_RTL28XXU) [N/m/?] (NEW) 
NXP Semiconductors TDA998X HDMI encoder (DRM_I2C_NXP_TDA998X) [N/m/?] (NEW) 
  Enable userspace modesetting on radeon (DEPRECATED) (DRM_RADEON_UMS) [N/y/?] (NEW) 
  Goldfish Framebuffer (FB_GOLDFISH) [N/m/y/?] (NEW) 
    Support new DSP code for CA0132 codec (SND_HDA_CODEC_CA0132_DSP) [N/y/?] (NEW) 
Steelseries SRW-S1 steering wheel support (HID_STEELSERIES) [N/m/?] (NEW) 
ThingM blink(1) USB RGB LED (HID_THINGM) [N/m/?] (NEW) 
  Xsens motion tracker serial interface driver (USB_SERIAL_XSENS_MT) [N/m/?] (NEW) 
  USB3503 HSIC to USB20 Driver (USB_HSIC_USB3503) [N/m/?] (NEW) 
  OMAP USB3 PHY Driver (OMAP_USB3) [N/m/y/?] (NEW) 
  OMAP CONTROL USB Driver (OMAP_CONTROL_USB) [N/m/y/?] (NEW) 
  Epson RX-4581 (RTC_DRV_RX4581) [N/m/y/?] (NEW) 
  HID Sensor Time (RTC_DRV_HID_SENSOR_TIME) [N/m/?] (NEW) 
  Synopsys DesignWare AHB DMA support (DW_DMAC) [N/m/y/?] (NEW) 
  Chrome OS Laptop (CHROMEOS_LAPTOP) [N/m/?] (NEW) 
Mailbox Hardware Support (MAILBOX) [N/y/?] (NEW) 
  Step_wise thermal governor (THERMAL_GOV_STEP_WISE) [Y/?] (NEW) y
Intel Non-Transparent Bridge support (NTB) [N/m/y/?] (NEW) 
  Register efivars backend for pstore (EFI_VARS_PSTORE) [Y/n/?] (NEW) 
    Disable using efivars as a pstore backend by default (EFI_VARS_PSTORE_DEFAULT_DISABLE) [N/y/?] (NEW) 
    Enable notifications for userspace key wrap/unwrap (ECRYPT_FS_MESSAGING) [N/y/?] (NEW) 
  Create a snapshot trace buffer (TRACER_SNAPSHOT) [N/y/?] (NEW) 
  CRC32 CRC algorithm (CRYPTO_CRC32) [N/m/y/?] (NEW) 
  CRC32 PCLMULQDQ hardware acceleration (CRYPTO_CRC32_PCLMUL) [N/m/y/?] (NEW) 

---

Links to this post:
http://www.itnews.com.au/News/342158,debian-70-debuts-with-private-cloud-deployment-tools.aspx
http://www.neowin.net/forum/topic/1158614-ubuntu-or-linux-mint/page__st__15

400. XpressConnect on Debian, Arch: step by step

Here's a step-by-step write-up of this post: http://verahill.blogspot.com.au/2013/04/393-not-fix-xpressconnect-on-ubuntu-vs.html

The 'problem' with running Xpress Connect on non-Ubuntu linux distributions is entirely artificial -- XpressConnect checks whether you are using Ubuntu, and if you're not, it refuses to run.

So the solution is simply to pretend that you are using ubuntu, however annoying that is. I wish universities would take this into account and end their association with Cloudpath, or to force them to support other distributions.

Note: XpressConnect is completely superfluous -- it doesn't do anything other than set up your wireless connection, which is something you could easily do by hand. See e.g. here for eduroam: http://verahill.blogspot.com.au/2013/04/394-eduroam-using-wicd-and-network.html

---

How-to get XpressConnect running
1. Create the file /etc/lsb-release and put the following in it

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.4 LTS"

If you are completely new to linux, one way of creating the file is to run

gksu gedit /etc/lsb-release

Alternatively, if you're not using gnome, try

sudo nano /etc/lsb-release 

2. Install lshw and iwlist

On debian (and clones like mint, ubuntu etc.):

sudo apt-get install lshw wireless-tools

On arch linux

sudo pacman -S lshw wireless_tools

3. Run XpressConnect
This is the vanilla version -- replace http://hosted.cloudpath.net/Xavier/Production/tools/XpressConnect-Linux.tar with the link to your universities version.

cd ~/Downloads
wget http://hosted.cloudpath.net/Xavier/Production/tools/XpressConnect-Linux.tar
tar xvf XpressConnect-Linux.tar
./XpressConnect-DoubleClickToRun

That's it. Simple as that.

395. Compiling the ck-kernel 3.8.x on debian (and patching i915)

What is the ck kernel? In short it is a patch for the mainline kernel which is supposed to render it more responsive for desktop use. See here: https://wiki.archlinux.org/index.php/Linux-ck

I'm not going to try to 'benchmark' this against the stock kernel, since I'm not clear what a good metric would be -- how do you measure 'responsiveness'? Come to think of it -- what's a good, objective definition?

Download the kernel version that you need from http://kernel.org and the ck path from Con's web page at http://users.on.net/~ckolivas/kernel/

I also ended up applying this patch to sort out recent i915 issues:
http://verahill.blogspot.com.au/2013/03/368-slow-mouse-and-keyboard-triggered.html
https://bbs.archlinux.org/viewtopic.php?pid=1248190
http://forums.gentoo.org/viewtopic-p-7278760.html
https://bbs.archlinux.org/viewtopic.php?pid=1254285#p1254285

I did it by creating a file called i915.patch and placing it in the kernel source root:

--- drivers/gpu/drm/drm_crtc_helper.c   2013-04-26 10:24:07.987942008 +1000
+++ ../../linux-3.8.8/drivers/gpu/drm/drm_crtc_helper.c 2013-04-17 15:11:28.000000000 +1000
@@ -1067,7 +1067,7 @@ void drm_helper_hpd_irq_event(struct drm
        enum drm_connector_status old_status;
        bool changed = false;
 
-       if (!dev->mode_config.poll_enabled || !drm_kms_helper_poll)
+       if (!dev->mode_config.poll_enabled)
                return;
 
        mutex_lock(&dev->mode_config.mutex);

Note that as far as I know it doesn't solve the issue, but it does allow you to disable polling by editing /etc/default/grub and adding

GRUB_CMDLINE_LINUX_DEFAULT="quiet drm_kms_helper.poll=N"

followed by running

sudo update-grub

So far it's working fine (after testing for ca one hour).

Anyway, here's kernel 3.8.5 (should work on all 3.8.x):

sudo apt-get install kernel-package fakeroot build-essential ncurses-dev
mkdir ~/tmp
cd ~/tmp
wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.8.5.tar.xz
tar xvf linux-3.8.5.tar.xz
cd linux-3.8.5/
wget http://ck.kolivas.org/patches/3.0/3.8/3.8-ck1/patch-3.8-ck1.bz2
bunzip2 patch-3.8-ck1.bz2
patch -p1 < patch-3.8-ck1

patching file arch/powerpc/platforms/cell/spufs/sched.c
patching file Documentation/scheduler/sched-BFS.txt
patching file Documentation/sysctl/kernel.txt
patching file fs/proc/base.c
patching file include/linux/init_task.h
patching file include/linux/ioprio.h
patching file include/linux/sched.h
patching file init/Kconfig
patching file init/main.c
patching file kernel/delayacct.c
patching file kernel/exit.c
patching file kernel/posix-cpu-timers.c
patching file kernel/sysctl.c
patching file lib/Kconfig.debug
patching file include/linux/jiffies.h
patching file drivers/cpufreq/cpufreq.c
patching file drivers/cpufreq/cpufreq_ondemand.c
patching file drivers/cpufreq/cpufreq_conservative.c
patching file kernel/sched/bfs.c
patching file kernel/sched/Makefile
patching file include/uapi/linux/sched.h
patching file include/linux/swap.h
patching file mm/memory.c
patching file mm/swapfile.c
patching file mm/vmscan.c
patching file arch/x86/Kconfig
patching file kernel/Kconfig.hz
patching file kernel/Kconfig.preempt
patching file Makefile

patch -p0 -R < i915.patch

patching file drivers/gpu/drm/drm_crtc_helper.c
make-kpgk clean
cat /boot/config-`uname -r`>.config
make oldconfig
time fakeroot make-kpkg -j4 --initrd kernel_image kernel_headers
sudo dpkg -i ../linux*3.8.5-ck*.deb

where 4 is the number of cores on your machine (note: it only has to do with compiling -- you can use the compiled binaries on any number of cores).

That's it. Now all you have to do is reboot and you'll be using your new kernel. Simple, eh?

393. Solved: XpressConnect on Ubuntu vs Debian. Extra focus on Swinburne university (AU/Melbourne)

Update 4. It's fixed now. There are two fixes:
1. XpressConnect wants ubuntu and checks for it via /etc/lsb-release, a file that doesn't exist on debian. Set it up to pretend that you're using ubuntu, and XpressConnect works.
2. Just configure the network connection manually. This is by far the easiest, as long as you know the settings.

Either way you'll need network-manager, lshw and wireless-tools in order to use XpressConnect. See towards the end of the post for more details.

Presumably this should work on any distro (e.g. arch, centos, rhel, sles), not just debian.

Update 3: Someone at Swinburne managed to connect to the Wifi without using XpressConnect by simply manually configuring the network: http://forums.debian.net/viewtopic.php?f=10&t=103387&p=494412#p494145

Original post:

Until a few days ago I'd never heard of XpressConnect before, but apparently it's a program that sets up your wireless connection automatically, and is used by a number of universities ( http://lmgtfy.com/?q=xpressconnect+site%3A*.edu)

In short, it works on Ubuntu (32 bit 10.04 lts) but not Debian (64 bit wheezy, 32 or 64 bit squeeze). Note that Ubuntu 10.04 has Gnome 2, as does Squeeze. Wheezy has Gnome 3.

---

Description
You don't need to be anywhere near a uni network to reproduce the issue -- anyone, with or without a wireless card, can test it.

Note: I generated the logs with a copy of XpressConnect downloaded from Swinburne, not the generic version -- hence why it says swinwifi etc.

On debaian, first make sure to install lshw and wireless-tools, and to add /sbin to path in the terminal you're using.

sudo apt-get install lshw wireless-tools
export PATH=$PATH:/sbin

The 'installation' is simple

cd ~/Downloads
wget http://hosted.cloudpath.net/Xavier/Production/tools/XpressConnect-Linux.tar
tar xvf XpressConnect-Linux.tar
./XpressConnect-DoubleClickToRun 

Will download x64 version...
--2013-04-18 21:11:16--  http://hosted.cloudpath.net/Xavier/Production//tools/XpressConnect-x64.tar.bz2
Resolving hosted.cloudpath.net (hosted.cloudpath.net)... 72.18.151.75
Connecting to hosted.cloudpath.net (hosted.cloudpath.net)|72.18.151.75|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6266475 (6.0M) [application/x-bzip2]
Saving to: `/tmp/XpressConnect-x64.tar.bz2'

100%[==============================================================================================================================>] 6,266,475    780K/s   in 10s     

2013-04-18 21:11:27 (600 KB/s) - `/tmp/XpressConnect-x64.tar.bz2' saved [6266475/6266475]

files
files/logo.jpg
network_config.xml
resources.properties
XpressConnect-x64

XpressConnect-DoubleClickToRun is a simple shell script that determines whether system is 32 or 64 bit, downloads a tar file to /tmp, untars it and launches a pre-compiled binary, XpressConnect-x64.
You can also launch XpressConnect-x64 directly by going to /tmp and running it.

Anyway, XpressConnect-x64 then makes sure that you have network-manager running, and tries to determine what your network card is. Based on this, /tmp/netdata.txt is generated. Once this is done, XpressConnect allows you to enter your credentials and sets up your network connection.
Well, that's what happens if you use ubuntu. On Debian (or Arch) you get an error message about 'network configuration' missing.

Delving a bit deeper into it, the binary fails to generate the netdata.txt on debian (and arch), and it seems to have to do with network-manager (or dbus, possibly).

---

The logs:
XpressConnect-x64 generates a log file (/tmp/xpressconnect.log).

On ubuntu it looks like this:

Looking for id : 266
Looking for id : 259
Setting start page.
Moving to widget 0.
Loading configuration page.
Starting configuration parse thread.
Acquire processing lock.
Building NIC data.
Starting configuration parser.
Validating checksum.
Checking license.
License validation checked out properly.
Today is : 04/19/2013
License expires : 
The date validation checked out properly.
Checking for valid networks for this platform.
Only one network configuration found.  Auto-selecting it.
Auto-selected network 'swinwifi'.
Interface : /org/freedesktop/NetworkManager/Devices/0 is in state 8
Interface : /org/freedesktop/NetworkManager/Devices/1 is in state 3
There were no interfaces found that could be autodetected for use.  Checking that there are interfaces of the correct type available.
Found 1 possible interface(s).
Selected interface with object path of /org/freedesktop/NetworkManager/Devices/1
Int type : 2

Set profile index : 11

Going to page 3
Config parser terminated.
Set 'static' window labels.
---- Gathering Data ----
Parsing OS information...
Checking OS bit depth.
OS bits info : i686

OS is 32 bits.
Checking hardware information.
Looking for extra NIC data.
Found driver name for 'wlan0' from DBus.
   - Driver : rtl8187
Couldn't get capabilities from DBus, trying the hard way.
Attempting to release lock.
Release processing lock.
Set welcome banners.
Using DBus UUID for client ID.
Using DBus UUID for client ID.
Client ID : f3af3f95c2229c756e98556050ed0cc4
Session ID : 6980532961366355275
Upload value (1) : 0
Moving to widget 3.

And on Debian:

Looking for id : 266
Looking for id : 259
Setting start page.
Moving to widget 0.
Loading configuration page.
Starting configuration parse thread.
Acquire processing lock.
Building NIC data.
Starting configuration parser.
Validating checksum.
Checking license.
License validation checked out properly.
Today is : 04/22/2013
License expires : 
The date validation checked out properly.
Checking for valid networks for this platform.
No valid networks found in the configuration.
Config parser terminated.
Failed to parse configuration.
Set 'static' window labels.
---- Gathering Data ----
Parsing OS information...
Checking OS bit depth.
OS bits info : x86_64

OS is 64 bits.
Checking hardware information.
Looking for extra NIC data.
Found driver name for 'wlan0' from DBus.
   - Driver : rtl8187
Couldn't get capabilities from DBus, trying the hard way.
Attempting to release lock.
Release processing lock.
Set welcome banners.
Using DBus UUID for client ID.
Using DBus UUID for client ID.
Client ID : fe88ef3cf6716df910e7fa570000000b
Session ID : 13542037211366584788
Moving to widget 9.
User clicked 'Retry' on the bad config widget.
Moving to widget 1.
Selected network 'swinwifi'.
Going to page 9
Adding page 1
Moving to widget 9.

The platform bit bothers me -- is it checking for ubuntu vs other distros?

XpressConnect then generates a file called /tmp/netdata.txt:

*-network
       description: Ethernet interface
       product: 82540EM Gigabit Ethernet Controller
       vendor: Intel Corporation
       physical id: 3
       bus info: pci@0000:00:03.0
       logical name: eth0
       version: 02
       serial: 08:00:27:53:23:4c
       width: 32 bits
       clock: 66MHz
       capabilities: bus_master cap_list ethernet physical
       configuration: broadcast=yes driver=e1000 driverversion=7.3.21-k5-NAPI firmware=N/A ip=10.0.2.15 latency=64 mingnt=255 multicast=yes
       resources: irq:10 memory:f0000000-f001ffff ioport:d010(size=8)
  *-network
       description: Wireless interface
       physical id: 1
       logical name: wlan0
       serial: 00:11:a3:08:12:1d
       capabilities: ethernet physical wireless
       configuration: broadcast=yes multicast=yes wireless=IEEE 802.11bg

I also did a strace on both ubuntu and debian, but strace generates a lot of information. A major difference I observed was the presence of CLOCK_MONOTONIC in the ubuntu log, but this is to synchronize for the CA certificate (or something -- I don't know what I'm talking about). Anyway, it probably just indicates what we already know -- the binary doesn't detect the card on debian but it does on ubuntu.

ldd XpressConnect-x64 gives the following on ubuntu (32 bit):

linux-gate.so.1 =>  (0x006a3000)
 libdbus-1.so.3 => /lib/libdbus-1.so.3 (0x007b3000)
 libXrender.so.1 => /usr/lib/libXrender.so.1 (0x00c8b000)
 libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x008b8000)
 libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00da4000)
 libXext.so.6 => /usr/lib/libXext.so.6 (0x00225000)
 libX11.so.6 => /usr/lib/libX11.so.6 (0x00480000)
 libz.so.1 => /lib/libz.so.1 (0x00110000)
 libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x00125000)
 librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0x00665000)
 libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0x006f2000)
 libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00ac3000)
 libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0x002d8000)
 libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00129000)
 libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x002fe000)
 libexpat.so.1 => /lib/libexpat.so.1 (0x00148000)
 libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00a12000)
 /lib/ld-linux.so.2 (0x00637000)
 libXau.so.6 => /usr/lib/libXau.so.6 (0x00c7a000)
 libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x0096f000)

and this on debian (64 bit):

linux-vdso.so.1 =>  (0x00007fff50dfb000)
 libdbus-1.so.3 => /lib/libdbus-1.so.3 (0x00007f2bbb807000)
 libXrender.so.1 => /usr/lib/libXrender.so.1 (0x00007f2bbb5fd000)
 libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x00007f2bbb3c7000)
 libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00007f2bbb13f000)
 libXext.so.6 => /usr/lib/libXext.so.6 (0x00007f2bbaf2d000)
 libX11.so.6 => /usr/lib/libX11.so.6 (0x00007f2bbabf1000)
 libz.so.1 => /usr/lib/libz.so.1 (0x00007f2bba9da000)
 libdl.so.2 => /lib/libdl.so.2 (0x00007f2bba7d6000)
 librt.so.1 => /lib/librt.so.1 (0x00007f2bba5cd000)
 libpthread.so.0 => /lib/libpthread.so.0 (0x00007f2bba3b1000)
 libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f2bba09d000)
 libm.so.6 => /lib/libm.so.6 (0x00007f2bb9e1a000)
 libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f2bb9c04000)
 libc.so.6 => /lib/libc.so.6 (0x00007f2bb98a2000)
 libexpat.so.1 => /usr/lib/libexpat.so.1 (0x00007f2bb9679000)
 libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00007f2bb945d000)
 /lib64/ld-linux-x86-64.so.2 (0x00007f2bbba58000)
 libXau.so.6 => /usr/lib/libXau.so.6 (0x00007f2bb9259000)
 libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x00007f2bb9054000)

---

Evidence of evil and a fix

The evidence
Here's a snippet of the strace output from ubuntu

2200  write(8, "The date validation checked out "..., 42) = 42
2200  write(8, "Checking for valid networks for "..., 47) = 47
2200  open("/etc/lsb-release", O_RDONLY|O_LARGEFILE) = 15
2200  read(15, "DISTRIB_ID=Ubuntu\nDISTRIB_RELEAS"..., 8191) = 104
2200  read(15, "", 8191)                = 0
2200  close(15) 

and here's Debian:

3079  write(8, "The date validation checked out "..., 42) = 42
3079  write(8, "Checking for valid networks for "..., 47) = 47
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  write(8, "No valid networks found in the c"..., 46) = 46
3079  close(11)  

The evil is that it's highly misleading -- it's not checking for valid networks, it's checking whether you've got ubuntu. And it didn't fail to find a valid network -- it failed to find /etc/lsb-release.
Here's /etc/lsb-release from ubuntu

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.4 LTS"

The fix
Debian doesn't have an lsb-release file, so I simply copied the /etc/lsb-release file from ubuntu to debian. Guess what? XpressConnect now works on debian!

And no, having an empty /etc/lsb-release file doesn't work. Also, editing it (replacing 'ubuntu' with 'debian') also causes XpressConnect to stop working.

---

Another 'fix' -- manual Configuration:
XpressConnect does not do more than set up your wireless connection i.e. sets the required settings and installs the CA certificate for your particular network. In other words, you can just manually configure your network and you'll probably be fine.

Unfortunately, I haven't found a URL for the CA cert for Swinburne, which is the example that I'm working with (based on a forum post)

I managed to extract most of that by running it in an ubuntu VM. Note that I am nowhere near Swinburne, not staff/a student there and actually can't test this to completion.

ubuntu -- apparently it's no longer brown...

The settings are:

Security: WPA & WPA2 Enterprise
Authentication: Tunneled TLS
Anonymous identity: anonymous
CA certificate: swinwifi.der
Inner authentication: PAP
Username: ***@swinburne.edu
Pasword: ******

You'll need swinwifi.der. Because it is in binary I can't easily post it. However, you can generate it from the .pem file which is in ascii armour:

-----BEGIN CERTIFICATE-----
MIID9zCCA2CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCQVUx
ETAPBgNVBAgTCFZpY3RvcmlhMRIwEAYDVQQHEwlNZWxib3VybmUxKzApBgNVBAoT
IlN3aW5idXJuZSBVbml2ZXJzaXR5IG9mIFRlY2hub2xvZ3kxDDAKBgNVBAsTA0lU
UzEeMBwGA1UEAxMVcmFkaXVzLmNjLnN3aW4uZWR1LmF1MSMwIQYJKoZIhvcNAQkB
FhRuZXR3b3Jrc0Bzd2luLmVkdS5hdTAeFw0wNzAxMTcwMzU3MDVaFw0xNzAxMTQw
MzU3MDVaMIG0MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExEjAQBgNV
BAcTCU1lbGJvdXJuZTErMCkGA1UEChMiU3dpbmJ1cm5lIFVuaXZlcnNpdHkgb2Yg
VGVjaG5vbG9neTEMMAoGA1UECxMDSVRTMR4wHAYDVQQDExVyYWRpdXMuY2Muc3dp
bi5lZHUuYXUxIzAhBgkqhkiG9w0BCQEWFG5ldHdvcmtzQHN3aW4uZWR1LmF1MIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGwvfVz2DnKxFMYTG1k0QklSHC7vk5
kjIiDkdU3sRTdQ07cQUOI/8wFN4zZXowEz0DwlO1o/YWaZqw27EP85cp9XBndwRK
ZZpIv57zrxo8nxJV/mKBpOM7MHpkclju20XoEtrQ7FwTHPbWaaKmSuaMVitWcFVg
C3CIYkvQn9pozQIDAQABo4IBFTCCAREwHQYDVR0OBBYEFEo9WNtNMY7jUvvASrE9
Z/OdaeU9MIHhBgNVHSMEgdkwgdaAFEo9WNtNMY7jUvvASrE9Z/OdaeU9oYG6pIG3
MIG0MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExEjAQBgNVBAcTCU1l
bGJvdXJuZTErMCkGA1UEChMiU3dpbmJ1cm5lIFVuaXZlcnNpdHkgb2YgVGVjaG5v
bG9neTEMMAoGA1UECxMDSVRTMR4wHAYDVQQDExVyYWRpdXMuY2Muc3dpbi5lZHUu
YXUxIzAhBgkqhkiG9w0BCQEWFG5ldHdvcmtzQHN3aW4uZWR1LmF1ggEAMAwGA1Ud
EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEASFZ/5oRvTpgs0yQmdXxczUvJhUam
5KTP8MAb8owh1v65VkBFXLdJ27THEDt0SX3ZzwlYIvKcVMoiJcXjE6uLgZPI4AZv
7ogHIU5TOvQsYXWNeCqQMqOTnZtVQPvZmOcHcM1aqiBCAVX3YhIU1S04SccYdKBA
PaggsSjsagqoZvA=
-----END CERTIFICATE-----

openssl x509 -in swinwifi.pem -out swinwifi.der -outform DER

Put it in the folder ~/.certificates.

The md5sum should be

11843b7d38bc0b024e8356f11d4d7c42  swinwifi.der

I've also tried that java version of xpress connect.

Finally, do NOT as a rule download certificates from third parties! How can you trust that my intentions are good? At the moment you're choice is between trusting me and Shuttleworth though...

---

Why bother?
Because an increasing number of university networks have adopted this -- frankly broken -- piece of software, I think it's of some interest to users of other distros to investigate whether there are any simple solutions. This in particular since not all uni networks have instructions for manual configuration anymore. Besides, a challenge is a challenge.

---