Tag: fedora

2.6.7-8 default window scaling settings

My new Fedora installation was playing up with certain web sites resulting in *very* slow download (I could see the words drawing on my screen one by one). A ethereal dump showed a nice big window size, but max 120 byte packets and an ack for each one!

Well it turns out since about kernel 2.6.7, the default tcp_window_scale setting has been 7. The problem is, as was with ECN, there are lots of broken routers out there which break window scaling (they strip the TCP options, which is totally against RFC, and common sense). So the other end doesn’t know you’re scaling, so it’ll think you set (or you think it set) a tiny ikle window size.

Anyway I fixed it for now with a ‘net.ipv4.tcp_default_win_scale = 0’ in my /etc/sysctl.conf, but there is a new kernel patch floating around which seems to be a bit cleverer and will be due in the next kernel.

yum/up2date suck, new job

I’ve come to the realisation that yum and up2date completely and utter suck. Why is it yum has spent the last 20mins downloading rpm headers from the dag repository? Why is it up2date can’t search properly? why does yum return search results in an unreadable way? why do both of them, at the mere hint of something going wrong, spurt out a big python backtrace that is very little use to very many people. Why are these tools SO BAD? How difficult IS THE PROBLEM? Debian have got it right with apt. Headers are downloaded in 30 seconds, search supports regular expressions! There is even an RPM ENABLED version of apt. Why wasn’t this used in Fedora? Why up2date with it’s crappy secretive SSL and XML and SOAP and crapness.

I can only imagine it’s due to RedHat wanting the world to develop their Enterprise updatering system for free. Well I’m not contributing until I at least see that either a) I’m doing something wrong and it can all be fixed with an option. or b) someone can explain the good reason why these tools exist.

Also, I have a new job. It’s lots of fun. I’m responsible for the security of some 30 million UK NHS patient records.

RedHat, Firestorm, 802.11b and rpm2html

I’ve been working on my qmail rpms for RedHat ES/AS/Fedora. I’ve even started some documentation. It’s all on my RedHat page.

I’ve also been working on Firestorm, improving the arp decoder and developing my macwatch arpwatch clone. Hopefully this will appear in the latest Firestorm tree soon.

I recently ditched my aging Linux wireless bridge/router/firewall in favour of a little Linksys device that cost no more than 60 pounds, uses considerably less electricity and makes almost no noise. The price is impressive and even the device seems to work ok. One thing it can’t deal with properly at all is the TCP ECN flag. The web admin port just sends a RST. Can you believe a Cisco company would make this mistake? Yes. I can.

Also, I’ve created an rpm2html index of all the RPMs in my downloads tree. Some are old crap I’ve not bothered deleting yet, but there is some stuff in there that will be useful to someone (not just google).

Gianni will be home from Luxembourg soon.


RedHat have reannounced the dropping support for some old versions (ands April 2004, still lots of warning). I say reannounced due to the fact they originally announced this December 2002. And have had it on their website ever since (very clearly). If you want a supported RedHat distro now (by supported I mean the fixing of security and functional bugs) you either neeed to pay for and use one of the RedHat Enterprise Linuxes, or use the Fedora Project distro. The RHEL versions are released every 18 months and supported for 5 years. Fedora looks to be an ongoing thing, but community supported. Lots of freeloaders are moaning and complaining. They don’t seem to understand that if you don’t have the skills to pay the bills (and patch, fix and recompile software yourself) you pay somebody else to do it for you. This support system is how people are expected to make money from GPL/open source software (and yes, people ARE allowed to make money). It sounds like it’s mostly coming from morons who list “cost” as the main benefit of using GNU/Linux as a server operating system. Get a clue.