How to stole ssh session when you’re root

It happen to me all the time that one of developers notifies me about some kind of problem that I can’t confirm from my account. Sometimes it was because of bad ssh keys configuration, other times file permissions, mostly such stuff. It’s sometimes convenient to “enter into someone’s shoes” to see what’s going on there.

If you’re root on machine you may do that like this:

su developer -

Easy one but that’s not enough for all cases. When you use bastion host (or similar solutions) sometimes users have connection problems and it’s harder to check. When such user have ForwardAgent ssh option enabled you may stole this session to check login problems. After you switch to such user, you may wan’t to hide history (it’s optional 😉 ) – disable history like that:

export HISTFILESIZE=0
export HISTSIZE=0
unset HISTFILE

Now you may stole ssh session, but first check if you have your dev is logged on:

$ ls -la /tmp/ | grep ssh
drwx------   2 root     root          4096 Apr 27 20:56 ssh-crYKv29798
drwx------   2 developer developer    4096 Apr 27 18:03 ssh-cVXFo28108

Export SSH_AUTH_SOCK with path to developer’s agent socket:

SSH_AUTH_SOCK=/tmp/ssh-cVXFo28108/agent.28108

Finally you may try to login via ssh as developer and see with his eyes what’s now working.

pip – uninstall package with dependencies

Virtualenvs in python are cheap but from time to time you will install something with pip on your system and when time comes removing all this crap could be difficult. I found this bash snippet that will uninstall package with all dependencies:

for dep in $(pip show python-neutronclient | grep Requires | sed 's/Requires: //g; s/,//g') ; do sudo pip uninstall -y $dep ; done
pip uninstall -y python-neutronclient

Source: http://stackoverflow.com/a/32698209/4828478

Daily MySQL backups with xtrabackup

I’ve been using standard MySQL dumps as backup technique on my VPS for few years. It works fine and backups were usable few times when I needed them. But in other places I’m using xtrabackup. It’s faster when crating backups and a lot faster when restoring them – they’re binary so there is no need to reevaluate all SQL create tables/inserts/etc. Backups also include my.cnf config file so restoring on other machine should be easy.

After I switched from MariaDB to Percona I have Percona repos configured, so I will use latest version of xtrabackup.

apt-get install -y percona-xtrabackup

Prerequisities

xtrabackup requires configured user to be able to make backups. One way is to write user and password in plaintext in ~/.my.cnf. Another is using mysql_config_editor to generate ~/.mylogin.cnf file with encrypted credentials. To be honest I didn’t check what kind of security provides this encryption but it feels better than keeping password in plaintext.

I do not want to create new user for this task – I just used debian-sys-maint user. Check password for this user like this:

grep password /etc/mysql/debian.cnf

Now create encrypted file:

mysql_config_editor set --login-path=client --host=localhost --user=debian-sys-maint --password

Hit enter and copy/paste password. File .mylogin.cnf should be created with binary content. We may check this with:

# mysql_config_editor print 
[client]
user = debian-sys-maint
password = *****
host = localhost

Looks OK.

Backuping

Now backup script. I placed it directly in cron.daily dir ex: /etc/cron.daily/zz-percona-backup with content:

#!/bin/bash
DATE=`date +%F-%H%M%S`
DIR=/backup/xtrabackup
DST=$DIR/${DATE}.tar.xz

# this will produce directories with compresses files
# mkdir -p $DST
# xtrabackup --backup --compress --target-dir=$DST

# this will produce tar.xz archives
xtrabackup --backup --stream=tar | xz -9 > $DST

# delete files older than 30 days
find $DIR -type f -mtime +30 -delete

I prefer to have single archive with backup because I’m transferring those files to my NAS (for security). But for local backups directories are more convenient and faster when restoring. Also tar archives have to be decompressed with -ioption.

Restoring

First time I saw it it scared me a little but after all worked fine and without problems…

service mysql stop
rm -rf /var/lib/mysql
mkdir /var/lib/mysql

Now prepare backup, if you used directory backups it’s easy, ex:

xtrabackup --decompress --target-dir=/backup/xtrabackup/2016-03-14-214233
xtrabackup --prepare --target-dir=/backup/xtrabackup/2016-03-14-214233
xtrabackup  --copy-back --target-dir=/backup/xtrabackup/2016-03-14-214233

But if you used tar archives it’s little more messy… You have to create temporary dir and extract archive there:

mkdir /tmp/restore
tar -xvif /backup/xtrabackup/2016-03-14-214233.tar.xz -C /tmp/restore
xtrabackup --prepare --target-dir=/tmp/restore
xtrabackup  --copy-back --target-dir=/tmp/restore

We have to fix ownership of restored files and db may be started:

chown -R mysql:mysql /var/lib/mysql
service mysql start

If your backup is huge you should reorder commands to shutdown database after backup decompression

Source: https://www.percona.com/doc/percona-xtrabackup/2.3/xtrabackup_bin/xtrabackup_binary.html http://dev.mysql.com/doc/refman/5.7/en/mysql-config-editor.html https://www.percona.com/doc/percona-xtrabackup/2.1/innobackupex/streaming_backups_innobackupex.html

Use bastion host with Ansible

When you deploy your application in cloud you don’t need and don’t want your hosts exposed via SSH to the world. Malware scans whole network for easy SSH access and when find something will try some brute force attacks, overloading such machines. It’s easier to have one exposed, but secured host, that doesn’t host anything and is used as proxy/gateway to access our infrastructure- it’s called bastion host.

Ansible is quite easy to integrate with bastion host configuration. We will need custom ansible.cfg and ssh_config file. So let’s start with ssh_config:

Host bastion
  Hostname ip.xxx.xxx.xxx.xxx.or.host.name
  User ubuntu
  IdentityFile ~/.ssh/id_rsa
  PasswordAuthentication no
  ForwardAgent yes
  ServerAliveInterval 60
  TCPKeepAlive yes
  ControlMaster auto
  ControlPath ~/.ssh/ansible-%r@%h:%p
  ControlPersist 15m
  ProxyCommand none
  LogLevel QUIET

Host *
  User ubuntu
  IdentityFile ~/.ssh/id_rsa
  ServerAliveInterval 60
  TCPKeepAlive yes
  ProxyCommand ssh -q -A ubuntu@bastion nc %h %p
  LogLevel QUIET
  StrictHostKeyChecking no

Now I will describe what most important options mean. For bastion:

  • User – I’m using Ubuntu kickstarted on cloud as bastion host with it’s default user. Never use root here – you don’t need that
  • ForwardAgent yes – we want to forward our ssh keys through bastion to destination hosts,
  • ServerAliveInterval 60 – this is like keepalive connection, ssh will send small ping/pong packets every 60 seconds so your connection won’t hung/terminate after long time,
  • ControlMaster auto – we will open one connection to bastion host and multiplex other ssh connections through it, connection will be opened for ControlPersist time,
  • ControlPath – this have to be configured same way like in ansible.cfg,
  • ProxyCommand none – we’re setting ProxyCommand for all hosts but we need it disabled for bastion,

Default hosts configuration:

  • ProxyCommand ssh -q -A ubuntu@bastion nc %h %p – this is what makes all magic, it will pipe your ssh connection via bastion to destination host,
  • StrictHostKeyChecking no – this options shouldn’t be there for production but it’s useful at beginning when you create and destroy machines few times before you test everything. Normally this will cause notifications about ssh key changes, but you’re aware of that – you just recreated those machines.

I’ve found examples without netcat but was unable to get them working – this one worked for me really well.

To test if connections work fine use this configuration like:

ssh -F ssh_config bastion
ssh -F ssh_config other.host.behind.bastion

And now ansible.cfg:

[defaults]
forks=20

[ssh_connection]
ssh_args = -F ./ssh_config -o ControlMaster=auto -o ControlPersist=5m -o LogLevel=QUIET
control_path = ~/.ssh/ansible-%%r@%%h:%%p
pipelining=True

Most important section here is in ssh_args where we’re pointing to ssh_config file in current dir with -F option. I also have to reenter configuration for multiplexing here – it wasn’t working with ssh only configuration. control_path option have to use same paths like ssh_config (% signs are escaped with %%).

You should be able to run ansible/ansible-playbook commands normally now – all traffic will be forwarded through bastion.

It’s good time now to install fail2ban on bastion and maybe reconfigure it to run ssh on crazy high port 🙂

Source:
http://alexbilbie.com/2014/07/using-ansible-with-a-bastion-host/ http://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing

Tweaking ASUS Zenbook UX305CA on Linux

Lately I was searching for mobile notebook that I could use for remote work. I checked f ThinkPad series but they were huge bricks that have nothing in common with ‘mobile’ word. Then I saw ASUS Zenbook that I didn’t take into account before and it was exactly what I was searching for.

Configuration of Skylake based notebook right now is not straightforward – there are still glitches and small bugs that are waiting to be fixed. I want to sum up what I’ve done after installation. I started with fresh Ubuntu 16.04 to get Debian based distro with possibly latest kernel and patches.

Some SSD tweaks

Change mount options for filesystems on SSD from:

/dev/mapper/ubuntu--vg-root / ext4 errors=remount-ro 0 1

to:

/dev/mapper/ubuntu--vg-root / ext4 discard,noatime,errors=remount-ro 0 1

And move /tmp to RAM with this additional line in /etc/fstab:

tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0

Now add deadline scheduler for root disk – edit /etc/rc.local and add this line before exit 0:

echo deadline > /sys/block/sda/queue/scheduler
echo 1 > /sys/block/sda/queue/iosched/fifo_batch

I have configured swap but I don’t want to use it too much and setting low swappines sysctl option will help. Run this as root:

echo "vm.swappiness = 1" > /etc/sysctl.d/90-swappines.conf
sysctl -p /etc/sysctl.d/90-swappines.conf

Power usage tweaks

I’ve installed laptop-mode-tools to achieve lower power usage on battery. So:

apt-get install -y laptop-mode-tools

By default it’s cutting hard CPU performance on battery (half performance, no turbo) so I fixed this by changing /etc/laptop-mode/conf.d/intel_pstate.conf section On battery:

#On battery
BATT_INTEL_PSTATE_PERF_MIN_PCT=0 # Minimum performance, in percent
BATT_INTEL_PSTATE_PERF_MAX_PCT=100 # Maximum performance, in percent
BATT_INTEL_PSTATE_NO_TURBO=0 # Disable "Turbo Boost"?

Laptop mode tools won’t start automatically so we may integrate them with pm-utils (that are already installed on Ubuntu) to get it running when needed. We have to create new config file:

sudo touch /etc/pm/sleep.d/10-laptop-mode-tools
sudo chmod a+x /etc/pm/sleep.d/10-laptop-mode-tools

with content like this:

case $1 in
    hibernate)
        /etc/init.d/laptop-mode stop
        ;;
    suspend)
        /etc/init.d/laptop-mode stop
        ;;
    thaw)
        /etc/init.d/laptop-mode start
        ;;
    resume)
        /etc/init.d/laptop-mode start
        ;;
    *)
        echo Something is not right.
        ;;
esac

Now I will enable ALPM for SATA in AHCI mode optimizations:

echo SATA_ALPM_ENABLE=true | sudo tee /etc/pm/config.d/sata_alpm

And some kernel parameters in /etc/default/grub:

GRUB_CMDLINE_LINUX="pcie_aspm=force"

(config with additional drm.vblankoffdelay=1 i915.semaphores=1 worked for me on Ubuntu 16.04 but on 16.10 caused system stability problems so I don’t recommend it now)

After changes update grub with:

update-grub

You may use powertop to nail power heavy processes. There is also powerstat to benchmark power usage through time – I have:

sudo pm-powersave true
powerstat

......

Summary:
System: 4.49 Watts on average with standard deviation 0.46 

It’s really nice. I should be able to run about 8~9h! Sweet!

Source:
https://www.reddit.com/r/linux/comments/3ia8ta/review_of_ubuntu_on_asus_ux305fa/
https://help.ubuntu.com/community/PowerManagement/ReducedPower#Using_less_power_with_laptop-mode-tools
https://help.ubuntu.com/community/AsusZenbook
https://wiki.ubuntu.com/Kernel/PowerManagementALPM

Disable touchpad when writing

It’s crazy annoying when you tap touchpad during writing text and lose focus on editor window. There is solution for that, it’s even installed by default on Ubuntu and it’s called: syndaemon. It’s started by default like this:


syndaemon -i 1.0 -t -K -R

1 second feels too small for me. I will adjust it to 2s. There is no easy way to do this. I created script to run on login:


#!/bin/bash
killall syndaemon
syndaemon -d -i 2.0 -t -K -R

Now better 🙂

VD-PAU

I installed vdpauinfo tool to see if it’s working:

apt-get install -y vdpauinfo

It wasn’t:

# vdpauinfo 
display: :0   screen: 0
Failed to open VDPAU backend libvdpau_va_gl.so: cannot open shared object file: No such file or directory
Error creating VDPAU device: 1

I checked this library and couldn’t find it – it wasn’t installed. Easy fix:

apt-get install -y libvdpau-va-gl1

Check again:

# vdpauinfo 
display: :0   screen: 0
libva info: VA-API version 0.39.0
libva info: va_getDriverName() returns 0
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so
libva info: Found init function __vaDriverInit_0_39
libva info: va_openDriver() returns 0
API version: 1
Information string: OpenGL/VAAPI/libswscale backend for VDPAU

Video surface:

name   width height types
-------------------------------------------
420     1920  1080  NV12 YV12 UYVY YUYV Y8U8V8A8 V8U8Y8A8 
422     1920  1080  NV12 YV12 UYVY YUYV Y8U8V8A8 V8U8Y8A8 
444     1920  1080  NV12 YV12 UYVY YUYV Y8U8V8A8 V8U8Y8A8 

Decoder capabilities:

name                        level macbs width height
----------------------------------------------------
MPEG1                          --- not supported ---
MPEG2_SIMPLE                   --- not supported ---
MPEG2_MAIN                     --- not supported ---
H264_BASELINE                  51 16384  2048  2048
H264_MAIN                      51 16384  2048  2048
H264_HIGH                      51 16384  2048  2048
VC1_SIMPLE                     --- not supported ---
VC1_MAIN                       --- not supported ---
VC1_ADVANCED                   --- not supported ---
MPEG4_PART2_SP                 --- not supported ---
MPEG4_PART2_ASP                --- not supported ---
DIVX4_QMOBILE                  --- not supported ---
DIVX4_MOBILE                   --- not supported ---
DIVX4_HOME_THEATER             --- not supported ---
DIVX4_HD_1080P                 --- not supported ---
DIVX5_QMOBILE                  --- not supported ---
DIVX5_MOBILE                   --- not supported ---
DIVX5_HOME_THEATER             --- not supported ---
DIVX5_HD_1080P                 --- not supported ---
H264_CONSTRAINED_BASELINE      51 16384  2048  2048
H264_EXTENDED                  --- not supported ---
H264_PROGRESSIVE_HIGH          --- not supported ---
H264_CONSTRAINED_HIGH          --- not supported ---
H264_HIGH_444_PREDICTIVE       --- not supported ---
HEVC_MAIN                      --- not supported ---
HEVC_MAIN_10                   --- not supported ---
HEVC_MAIN_STILL                --- not supported ---
HEVC_MAIN_12                   --- not supported ---
HEVC_MAIN_444                  --- not supported ---

Output surface:

name              width height nat types
----------------------------------------------------
B8G8R8A8          8192  8192    y  
R8G8B8A8          8192  8192    y  
R10G10B10A2       8192  8192    y  
B10G10R10A2       8192  8192    y  
A8                8192  8192    y  

Bitmap surface:

name              width height
------------------------------
B8G8R8A8          8192  8192
R8G8B8A8          8192  8192
R10G10B10A2       8192  8192
B10G10R10A2       8192  8192
A8                8192  8192

Video mixer:

feature name                    sup
------------------------------------
DEINTERLACE_TEMPORAL             -
DEINTERLACE_TEMPORAL_SPATIAL     -
INVERSE_TELECINE                 -
NOISE_REDUCTION                  -
SHARPNESS                        -
LUMA_KEY                         -
HIGH QUALITY SCALING - L1        -
HIGH QUALITY SCALING - L2        -
HIGH QUALITY SCALING - L3        -
HIGH QUALITY SCALING - L4        -
HIGH QUALITY SCALING - L5        -
HIGH QUALITY SCALING - L6        -
HIGH QUALITY SCALING - L7        -
HIGH QUALITY SCALING - L8        -
HIGH QUALITY SCALING - L9        -

parameter name                  sup      min      max
-----------------------------------------------------
VIDEO_SURFACE_WIDTH              -  
VIDEO_SURFACE_HEIGHT             -  
CHROMA_TYPE                      -  
LAYERS                           -  

attribute name                  sup      min      max
-----------------------------------------------------
BACKGROUND_COLOR                 -  
CSC_MATRIX                       -  
NOISE_REDUCTION_LEVEL            -  
SHARPNESS_LEVEL                  -  
LUMA_KEY_MIN_LUMA                -  
LUMA_KEY_MAX_LUMA                -

Looks better now… But not impressive, there’s only H264 support.

I’ve tried it in VLC but it was crashing from time to time the whole VLC (leaving it running in background). Time to test VA-API 🙂

VA-API

Like earlier I have to install one tool to see what we have: vainfo

apt-get install -y vainfo

Checking what we have on system:


$ vainfo 
libva info: VA-API version 0.39.0
libva info: va_getDriverName() returns 0
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so
libva info: Found init function __vaDriverInit_0_39
libva info: va_openDriver() returns 0
vainfo: VA-API version: 0.39 (libva 1.7.0)
vainfo: Driver version: Intel i965 driver for Intel(R) Skylake - 1.7.0
vainfo: Supported profile and entrypoints
      VAProfileMPEG2Simple            :	VAEntrypointVLD
      VAProfileMPEG2Simple            :	VAEntrypointEncSlice
      VAProfileMPEG2Main              :	VAEntrypointVLD
      VAProfileMPEG2Main              :	VAEntrypointEncSlice
      VAProfileH264ConstrainedBaseline:	VAEntrypointVLD
      VAProfileH264ConstrainedBaseline:	VAEntrypointEncSlice
      VAProfileH264Main               :	VAEntrypointVLD
      VAProfileH264Main               :	VAEntrypointEncSlice
      VAProfileH264High               :	VAEntrypointVLD
      VAProfileH264High               :	VAEntrypointEncSlice
      VAProfileH264MultiviewHigh      :	VAEntrypointVLD
      VAProfileH264MultiviewHigh      :	VAEntrypointEncSlice
      VAProfileH264StereoHigh         :	VAEntrypointVLD
      VAProfileH264StereoHigh         :	VAEntrypointEncSlice
      VAProfileVC1Simple              :	VAEntrypointVLD
      VAProfileVC1Main                :	VAEntrypointVLD
      VAProfileVC1Advanced            :	VAEntrypointVLD
      VAProfileNone                   :	VAEntrypointVideoProc
      VAProfileJPEGBaseline           :	VAEntrypointVLD
      VAProfileJPEGBaseline           :	VAEntrypointEncPicture
      VAProfileVP8Version0_3          :	VAEntrypointVLD
      VAProfileVP8Version0_3          :	VAEntrypointEncSlice
      VAProfileHEVCMain               :	VAEntrypointVLD
      VAProfileHEVCMain               :	VAEntrypointEncSlice

It requires package i965-va-driver to work but on my system it was instal(ed (probably during VDPAU installation as dependency).

It was working almost fine… In VLC on my machine VA-API on X11 was drawing through all desktops. VA-API DRM was working better… But crashed my X11 server after few minutes of watching ;/

OpenCL

You may thing: for what the hell you need OpenCL on such tiny machine? I doesn’t care – I want it 🙂

First install clinfo package:

apt-get install -y clinfo

And run it:

# clinfo 
Number of platforms                               0

Not too much 😀

For Intel GPU/CPU OpenCL support we will need beignet package:

apt-get install -y beignet

# clinfo 
Number of platforms                               1
  Platform Name                                   Intel Gen OCL Driver
  Platform Vendor                                 Intel
  Platform Version                                OpenCL 1.2 beignet 1.1.1
  Platform Profile                                FULL_PROFILE
  Platform Extensions                             cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_byte_addressable_store cl_khr_spir cl_khr_icd
  Platform Extensions function suffix             Intel

  Platform Name                                   Intel Gen OCL Driver
Number of devices                                 1
  Device Name                                     Intel(R) HD Graphics Skylake ULX GT2
  Device Vendor                                   Intel
  Device Vendor ID                                0x8086
  Device Version                                  OpenCL 1.2 beignet 1.1.1
  Driver Version                                  1.1.1
  Device OpenCL C Version                         OpenCL C 1.2 beignet 1.1.1
  Device Type                                     GPU
  Device Profile                                  FULL_PROFILE
  Max compute units                               24
  Max clock frequency                             1000MHz
  Device Partition                                (core)
    Max number of sub-devices                     1
    Supported partition types                     None, None, None
  Max work item dimensions                        3
  Max work item sizes                             512x512x512
  Max work group size                             512
  Preferred work group size multiple              16
  Preferred / native vector sizes                 
    char                                                16 / 8       
    short                                                8 / 8       
    int                                                  4 / 4       
    long                                                 2 / 2       
    half                                                 0 / 8        (cl_khr_fp16)
    float                                                4 / 4       
    double                                               0 / 2        (n/a)
  Half-precision Floating-point support           (cl_khr_fp16)
    Denormals                                     No
    Infinity and NANs                             Yes
    Round to nearest                              Yes
    Round to zero                                 No
    Round to infinity                             No
    IEEE754-2008 fused multiply-add               No
    Support is emulated in software               No
    Correctly-rounded divide and sqrt operations  No
  Single-precision Floating-point support         (core)
    Denormals                                     No
    Infinity and NANs                             Yes
    Round to nearest                              Yes
    Round to zero                                 No
    Round to infinity                             No
    IEEE754-2008 fused multiply-add               No
    Support is emulated in software               No
    Correctly-rounded divide and sqrt operations  No
  Double-precision Floating-point support         (n/a)
  Address bits                                    32, Little-Endian
  Global memory size                              2147483648 (2GiB)
  Error Correction support                        No
  Max memory allocation                           1073741824 (1024MiB)
  Unified memory for Host and Device              Yes
  Minimum alignment for any data type             128 bytes
  Alignment of base address                       1024 bits (128 bytes)
  Global Memory cache type                        Read/Write
  Global Memory cache size                        8192
  Global Memory cache line                        64 bytes
  Image support                                   Yes
    Max number of samplers per kernel             16
    Max size for 1D images from buffer            65536 pixels
    Max 1D or 2D image array size                 2048 images
    Max 2D image size                             8192x8192 pixels
    Max 3D image size                             8192x8192x2048 pixels
    Max number of read image args                 128
    Max number of write image args                8
  Local memory type                               Global
  Local memory size                               65536 (64KiB)
  Max constant buffer size                        134217728 (128MiB)
  Max number of constant args                     8
  Max size of kernel argument                     1024
  Queue properties                                
    Out-of-order execution                        No
    Profiling                                     Yes
  Prefer user sync for interop                    Yes
  Profiling timer resolution                      80ns
  Execution capabilities                          
    Run OpenCL kernels                            Yes
    Run native kernels                            Yes
    SPIR versions                                 
  printf() buffer size                            1048576 (1024KiB)
  Built-in kernels                                __cl_copy_region_align4;__cl_copy_region_align16;__cl_cpy_region_unalign_same_offset;__cl_copy_region_unalign_dst_offset;__cl_copy_region_unalign_src_offset;__cl_copy_buffer_rect;__cl_copy_image_1d_to_1d;__cl_copy_image_2d_to_2d;__cl_copy_image_3d_to_2d;__cl_copy_image_2d_to_3d;__cl_copy_image_3d_to_3d;__cl_copy_image_2d_to_buffer;__cl_copy_image_3d_to_buffer;__cl_copy_buffer_to_image_2d;__cl_copy_buffer_to_image_3d;__cl_fill_region_unalign;__cl_fill_region_align2;__cl_fill_region_align4;__cl_fill_region_align8_2;__cl_fill_region_align8_4;__cl_fill_region_align8_8;__cl_fill_region_align8_16;__cl_fill_region_align128;__cl_fill_image_1d;__cl_fill_image_1d_array;__cl_fill_image_2d;__cl_fill_image_2d_array;__cl_fill_image_3d;
  Device Available                                Yes
  Compiler Available                              Yes
  Linker Available                                Yes
  Device Extensions                               cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_khr_byte_addressable_store cl_khr_fp16 cl_khr_spir cl_khr_icd

NULL platform behavior
  clGetPlatformInfo(NULL, CL_PLATFORM_NAME, ...)  Intel Gen OCL Driver
  clGetDeviceIDs(NULL, CL_DEVICE_TYPE_ALL, ...)   Success [Intel]
  clCreateContext(NULL, ...) [default]            Success [Intel]
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_CPU)  No devices found in platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_GPU)  Success (1)
    Platform Name                                 Intel Gen OCL Driver
    Device Name                                   Intel(R) HD Graphics Skylake ULX GT2
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_ACCELERATOR)  No devices found in platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_CUSTOM)  No devices found in platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_ALL)  Success (1)
    Platform Name                                 Intel Gen OCL Driver
    Device Name                                   Intel(R) HD Graphics Skylake ULX GT2

ICD loader properties
  ICD loader Name                                 OpenCL ICD Loader
  ICD loader Vendor                               OCL Icd free software
  ICD loader Version                              2.2.8
  ICD loader Profile                              OpenCL 1.2
	NOTE:	your OpenCL library declares to support OpenCL 1.2,
		but it seems to support up to OpenCL 2.1 too.

Source:
https://wiki.archlinux.org/index.php/GPGPU#Intel

Suspend/Hibernate on lid close

Default configuration of Ubuntu 16.04 was that after I close lid screen was blocked and LCD disabled. But system was still working normally – I strongly prefer to hibernate in such case and use no battery at all.

I achieved that with systemd-logind. Edit /etc/systemd/logind.conf and uncomment line with HandleLidSwitch:

[Login]
HandleLidSwitch=suspend
HandleLidSwitchDocked=ignore

Now restart systemd-logind service with:

systemctl restart systemd-logind.service 

Problem with function keys

Function keys were mostly working but not always like I expected. For example when I disable touchpad – it’s not disabled 🙂

I found that module asus-nb-wmi is responssible for that and it’s still buggy. So I disabled it at all with:

echo "blacklist asus-nb-wmi" > /etc/modprobe.d/blacklist-ux305.conf

Volume UP/DOWN/MUTE are still working fine – that’s enough for me. Rest could be configured with some keyboard shortcuts – more info here.

TODO/Issues

I still face some bugs:

  • I could see occasional flickering from time to time. Rather after running notebook for some time than overheating/overloading it. This may be driver issue or maybe SNA acceleration method – I have to experiment a little to get this solved.
    Looks like disabling Virtualization support and VT-d in BIOS helped. It’s not final solution but for now I don’t need it… A lot 😉
  • Tapping sometimes behave strange, for ex. tap to click stops to work and I have to use touchpad buttons for that. I think this may be related to syndaemon configuration because it started after I tuned it.
    It was that. My hack for syndaemon broke touchpad. I will play with this a little more later.
  • I like to use copy by selection and paste by middle click on my desktop – I’m addicted to this option but it’s not working on my laptop. I’m not sure if this will be convenient enough on touchpad to use.
    To right click just tap with two fingers, to middle click (third button) tap with three fingers. Copy/paste is again easy like before.

If you found errors in my text of know better solutions for described problems, please tell in comments.