Wednesday, December 19, 2012

Compiz fullscreen unredirection - update

Update January 2013: Both Ubuntu 12.04 LTS and Ubuntu 12.10 now have this new feature enabled by default!

Here's an update to my previous entry. In summary, the Compiz update for Ubuntu 12.10 is now in the quantal-proposed updates, and enables unredirection by default for fullscreen applications like games. Happy gaming holidays! A new Compiz update enabling unredirection by default for Ubuntu 12.04 LTS users is in the SRU PPA.

Several changes have happened since the last update, addressing some potential issues uncovered by the people testing the updates (thanks to all!). Daniel has again done all the hard work with regards to actual development.

Changes affecting both 12.10 & 12.04 LTS:
  • Some drivers do not offer tear-free Xv output without a compositor (or glXSwapBuffers in general). Therefore there is a new option available, for which the default setting enables redirection exception in case of some common video players (eg. Adobe Flash plugin and Totem). The option is Composite -> Undirect Match (unredirect_match) available in the CompizConfig Settings Manager (ccsm). The most notable driver is intel on Intel SB/IVB. Those newer chips don't support the XvPreferOverlay xorg.conf option that would bring tear-free non-composited Xv video on earlier Intels.
  • The default setting for unredirect_match should be fine for existing users. But if you want to enable unredirection also for the common/default video players and risk tearing on some drivers and some applications, change the unredirect_match option to be just '(any)'. This might help with video playback on older/slower integrated graphics which are only barely powerful enough to play HD videos.
12.04 LTS only:
  • will not be uploaded to precise, it was just used for early testing. currently tested in the SRU PPA enables unredirection by default also on the 12.04 LTS release.
  • Intel and nouveau mesa drivers are now blacklisted from unredirection on Mesa 8.0 because of so far unresolved driver problems. The blacklist is however configurable in OpenGL -> unredirect_driver_blacklist. The default blacklist regexp is '(nouveau|Intel).*Mesa 8.0'. This does not affect other drivers or Mesa 9.0, so those intel and nouveau users that install 12.04.2 LTS after the end of January or opt-in into the 'LTS-Q' hardware enablement stack for existing installations around the same time will not be blacklisted anymore. Update January 2013: on 12.04 LTS (only), as a last minute change, also Mesa 9.0 in combination with Intel or Nouveau is blacklisted by default at least until LTS-Q stack is properly testable. You can modify the unredirect_driver_blacklist in CCSM -> OpenGL. It was found out that at least mesa 9.0 _only_ from x-updates is not enough - Intel has graphics display problems. It is probable that the problems go away with the full 12.04.2 stack (kernel,, libdrm, mesa) at which point the Intel/nouveau blacklisting can be removed.
  • The original unredirect_fullscreen_windows option is actually forced on now, because of potential gconf setting migration problems. Disabling unredirection can be done via the unredirect_match option above, by simply blanking the string in there, including removing the '(any)' part - everything will be redirected in that case.

Wednesday, November 28, 2012

Game performance improvement for Ubuntu available for testing

Unity, which uses Compiz and Nux for drawing, recently had a regression with full screen gaming speeds (LP: #1024304). While the performance of Compiz itself was improved significantly in Ubuntu 12.10, the big changes like full OpenGL ES support brought in some regressions at least from benchmarking point of view. Unity/Compiz has had a small performance impact also in Ubuntu 12.04 LTS depending on what it's being compared to. Any compositing method will necessarily bring some performance hit, but there's another option...

Many people know already about enabling the setting "Unredirect Fullscreen Windows" in Compiz's Composite plugin, but having to enable it manually meant that most people didn't get to use it. The feature detects when an application is running full screen, and simply takes compositing out of the equation, improving performance. Getting the feature work fluently has required fixes in both Compiz and drivers, which is why it hasn't been enabled by default before (LP: #1063690).

But things are progressing now. The Unity team's SRU PPA now has a test build of the new Compiz for Ubuntu 12.10, which enables this feature by default:


Since Phoronix is a frequent reporter on Linux gaming performance, I (very) quickly run phoronix-test-suite's Open Arena test on my Sandy Bridge machine with the stock Ubuntu 12.10 (quantal) Compiz and with Compiz upgraded from the PPA: 18% increase in fps! (test1_1 has older compiz, test1_2 the newer, no settings touched)

The idea is to get the new Compiz into quantal-proposed after the previous snapshot release 1: gets its bug fixes properly verified via the Stable Release Updates process. Note that also this previous snapshot contains all the needed fixes for unredirecting fullscreen windows, the final tagged version just switches the default to be enabled.

For Ubuntu 12.04 LTS (precise) there will be two steps. First of all, Daniel van Vugt has just backported the required Compiz fixes to the 0.9.7 branch of Compiz that the 12.04 LTS uses and tagged the release. Also in the case of precise, there is an earlier snapshot release in the SRU system, but that one does not yet include the needed backports even though it includes many other fixes. The will be available in the same SRU PPA soon. Secondly, once the fixes are in but the feature is not yet enabled by default, the driver team will need to look at additional fixes for the drivers before enabling the Unredirect Fullscreen Windows by default. But after that, Ubuntu 12.04 LTS should also see a Compiz release with this feature turned on by default.

Sunday, October 28, 2012

UDS GTA04 Hacking

I'm sitting at the Bella Sky lobby bar while UDS people keep pouring in. I guess I have to start this UDS with some hacking (and a little beer)! I bootstrapped an Ubuntu armhf rootfs and coupled it with QtMoko's kernel already earlier after I received my GTA04 but it didn't boot right away so I had nothing to report. I wanted armhf so I chose QtMoko's 'experimental' Debian armhf rootfs + boot files as the reference to look at while working on the Ubuntu rootfs. I now went through again some of the configuration files, and voilĂ :

Now running apt-get install unity over SSH :) It will require OpenGL ES 2.0 hw acceleration to run, now that the support was integrated in Ubuntu 12.10. I will therefore need to tinker what kind of OMAP3 armhf binary blobs there are available, and what's again the situation with DDX driver as well. I always feel that the fun starts at this point for me, when I've the device booting and I can SSH in. That's why I'm happy the work from Golden Delicious GmbH and QtMoko helped me to get here...

Saturday, October 13, 2012

OpenPhoenux GTA04

Postman was on a kind mood yesterday. My OpenPhoenux GTA04 arrived! I had my newer Neo FreeRunner upgraded via the service from Golden Delicious.

First, something rare to behold in phones nowadays - Made in Bavaria:

As a sidenote, also rare now - my Nokia N9 is one of the last phones that had this:

It's sad that's now a thing of the past for both hardware assembly and software! But that's just a hint for new companies to step in.

But back to GTA04 - a quick boot to the pre-installed Debian w/ LXDE:

And then as a shortcut unpacked and booted into QtMoko (well, it's also Debian) instead to test that phone functionality also works - and it does:

Next up: brewing something of my own!

Saturday, October 06, 2012

Light-weight security, Grub2 password setup problems 1.99 vs 2.00

I believe I'm not the only one who thinks that use case oriented Grub2 documentation is hard to find, and a lot of the documentation is obsolete or wrong. My main cause for writing this blog post is a currently unanswered question regarding 2.00, but meanwhile it seems months have passed and still most 1.99 documentation is wrong as well, which might be interesting to some.

The aim is to prevent grub entries from being edited, while not restricting actual booting. This protection is meant for computers not having any confidential stuff, but just wanting to do some light weight security with the assumption that the computer isn't physically opened.

Common setup

You will obviously want to disable any automatically generated root access giving entries, by for example uncommenting GRUB_DISABLE_RECOVERY="true" in /etc/default/grub on Debian or Ubuntu. Also you would disable allowing any external boot devices to be used in BIOS/EFI/coreboot, which you would also have protected with a password. And that often means you need to also disable USB legacy support, since some BIOSes tend to offer all USB devices as bootable without password otherwise (note that I guess that could also cause problems accessing setup on desktop computers if your only keyboard is USB).


So to first fix the false instructions in various places - no, setting the superuser in 00_header as instructed is not enough. It might be, but does not apply if eg. old kernels are put into submenu (Ubuntu bug 718670, Fedora bug 836259). The protection from editing does not apply there. And if you remove all but one kernel so that there is no submenu, a submenu will be automatically created when there is a new kernel installed via security updates. I didn't need the submenu feature anyway, so I used to comment out the following lines in /etc/grub.d/10_linux:

  #if [ "$list" ] && ! $in_submenu; then
    #echo "submenu \"Previous Linux versions\" {"
#if $in_submenu; then
#  echo "}"

I hope that was useful. I can imagine it causing a couple of family battles if the commonly instructed setup was the only protection used and there's for example a case of two computer savvy siblings that are eager to get to each others' computers...

2.00 & The Question

The problem with 2.00 is that the superusers setup yields a non-bootable system, ie. password is required for booting. But Google wasn't smiling at me today! Terrible. Can you help me (and others) with 2.00? The aim would be to have a 1.99-like setup where superuser password protects all entries from editing, but booting is fine without any passwords.

Update: Thanks, problem solved, see comments! Find the following line in /etc/grub.d/10_linux:

      echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"

And add --unrestricted there. Don't mix the line with the another menuentry line two lines earlier. The submenu problem doesn't exist anymore in 2.00.

Sunday, July 01, 2012

Where computing takes you...

Do you ever have those afternoons you get a ”great” idea and you've all the evening time for that task. The task is a relaxing one and won't need much attention, and you can watch a movie or something.  But then, it happens that the evening turns into night as you realize a couple of little details adding complexity to the idea, and the task turns out to be much more invasive to your evening than you thought?

In this example, I got the great idea to upgrade my Debian running NAS device (thanks Martin for everything!) to use ext4 instead of ext3. The kind of idea that takes a long time for relatively little practical benefit, but it just feels like a nice thing do when you've the extra amounts of nerd time available. It's basically just opening the NAS device up, mounting its hard disk to a laptop via external case, running the tune2fs and fsck then putting the disk back. It just takes a long time for the initial fsck (to make sure everything's intact) and then the required fsck run to get ext4 mountable.

Only in this situation, it would have been beneficial to have the ext4 support in the flashed initramfs before the migration. So... before the photo below, I've already:
  1. done the ext4 migration and fsck:s
  2. screwed the disk back to the NAS case, attached cables and found that it doesn't boot
  3. (on the laptop with the hard disk attached again tried manually unpacking initramfs and adding ext4 module... also had time to bind mount everything and chroot into the ARM system to run update-initramfs manually... also tried booting with those... until remembered the simple fact that the /boot partition is only for show and also the initramfs is loaded directly from flash)
  4. copied the main root filesystem content from the original disk to another external disk with ext3 partition
  5. attached the another disk (with same UUID:s) to the QNAP NAS device, booted, double-checked that I have now ext4 specified under /etc/initramfs-tools/modules, reconfigured the linux image that also regenerates initramfs and flashes it
And in the photo, what's happening is that:
  1. I've again the original disk reattached and system booted with the initramfs generated and flashed from the ext3 disk
  2. the NAS device is hanging in the air, cover open, from the closet where I've things stuffed in (normally secured with cable ties), and I need to support it with a knee or one hand since the 2TB disk is much heavier than the small SSD I used as the ext3 disk so the power cable and RJ-45 cable would have pretty heavy load
  3. Since I've only one hand in use and can't use a laptop, I'm logging in via my Nokia N9 and then reflashing the kernel + initramfs from this original disk, just to make sure everything is now alright and also after that flashing it still boots (it does!). Note that I feel like the setup is secure enough for non-interrupted flashing so that I can indeed support the NAS with a knee, use one hand to keep N9 and another hand to take a photo with a camera.

And so we have had a productive and educating afternoon/evening/night once again. Does this ever happen to you?

Wednesday, May 16, 2012

Tampere Ubuntu 12.04 LTS release party in pictures

A couple of photos from the Ubuntu release fest in Tampere yesterday.

People gathering up before presentations

Tieto's Markus Mannio

Again, continuing on how Ubuntu is used at Tieto

A cut to the end of presentations, Trine 2 game licenses from Frozenbyte being raffled. A great game available on Linux.

Tablets running KDE Plasma, and Ubuntu for Android being demoed.

Someone else probably has photos of my generic Ubuntu 12.04 LTS presentation (what's new, what's next), and likewise for the other presentations (Ubuntu for Android, uTouch) held. Those will be available as slides and videos later on, although do note the whole event was in the crypto-language called Finnish.

Thanks to the organizers, sponsors and everyone I met, it was a great event with nice little dinner and wine served at the end!

Monday, May 07, 2012

Ubuzen in the Bay Area

Enough said.

You can reach me most probably at the UDS on the Oakland side, and most directly via IRC if you don't see me.

Edit: Launch!

Tuesday, March 27, 2012

On brands, marketing and technical details

I have a few thoughts based on the yet another round of debate where marketing clashes with free software advocation and technical details. Nothing new in the debate itself, but I'm adding a couple of insights.

Marketing is not highly respected by many technical people, and neither by the people wanting more advocating than the messing up with facts and feelings that the marketing does. I'm all for advocating free software, but it's currently not something you can use for marketing to win big markets. If we advance to a world where free software is as wanted as the green values today are, it can be used in marketing as well similar to all the ecological (according to the market department at least) products today, but alas the benefits of free software are not yet as universally known. Since it doesn't say much that touches the masses, advocating has a negative marketing effect since it takes space away from the potentially "hitting" marketing moves, in those cases where you target the big masses in the first place. "Open" this and that has some marketing power in it nowadays, but it's a mess of different meanings that probably doesn't advance libre software freedoms as such. Wikipedia has probably been the biggest contributor to advancing general knowledge of software and culture libre. Disclaimer: I'm not a proper marketing person, some more professional might have better insights in this area. If I'd be a proper marketing person, I'd decorate this blog post with fancy pictures so that more people would actually read it.

Some of the marketing can be done without sacrificing any of the advocation. The fabulous Fedora campaigns, graphics, slogans and materials are a great example of those and do an important job, even though Fedora isn't reaching the big masses with it (and Fedora isn't targeted for OEMs to ship to millions either). But they do hopefully reach a lot of level people on the grassroots level. I hope as a Debian Developer that more people valuing the freedoms of free software would help also Debian as a project to reach more of its advocation potential and developers from the more proprietary world. But I'm happy that at least some free software projects have nowadays true graphical and marketing talent. Even though not as widely known, freedoms of the software users including for example privacy aspects are a potential good marketing tool toward a portion of the developer pool.

Let's not forget that Android conquered the mobile market without using the brand power of Linux. The 30+ million people who know Linux a bit deeper than just "I've heard it" already run a Linux distribution like Ubuntu, but we need hotter brands than a project name of a kernel to reach the bigger masses. Call it Ubuntu, Fedora, or something, but no matter do what it needs to ship it to millions. AFAIK mostly Ubuntu and SUSE are shipping currently via desktop/notebook OEMs, and more Ubuntu than SUSE. Others aren't concentrating on the market, which is a very difficult one. Ubuntu is doing a lot more mass population advocating for free software than Android has ever done. Note for example the time any user tries to play a video for the first time in a non-free format - Ubuntu will tell the user about the problems related to those formats and asking a permission to install a free software player for those (or buy licensed codecs), and the Ubuntu Help texts describe a lot of details about restricted formats, DRM et cetera. Not to mention what happens if the person actually wanders into the community, discovering Debian, other free software projects, free software licenses and so on. Meanwhile Android users never notice anything being wrong while watching H.264 videos or watching DRM Flash videos. Granted, like Boot2Gecko debate shows, it may be a partially similar situation on shipping desktop Linux variants as well, in order to actually ship them via partners.

Anyway, the best example of brands is MeeGo. Even the LWN editor does not get into dissecting the meaning of MeeGo on Nokia N9, because "there has been no real agreement on that in the past", but just uses the brand name as is. That is  the power of brands. Technical people debate that it's not really MeeGo, it's maemo GNU/Linux with a special permission from Linux Foundation to use the MeeGo brand name, and then counter-argument with that the MeeGo is an API and maemo matches the MeeGo 1.2 API which is actually just Qt 4.7 API. And actually, as proven by the LWN example, it's not even "technical people". For most of technical people Nokia N9 is MeeGo as well. Only the people who have actually worked on it plus the couple of other people migrated from maemo and communities to Mer project understand the legacy, history and the complete difference between the Maemo Harmattan platform and what was. Yet at the same time like all GNU/ distributions, they are 95% same code, just all the infrastructure and packaging and polishing and history is different.

For 99.9% of people who know what MeeGo is, MeeGo is the cool Nokia smartphone, one of its kind and not sold in some of the major western markets, and/or the colorful sweet characters of shown at one time on a couple of netbooks. That is the brand, and the technical details do not matter even to the technical people unless they actually get into working on the projects directly.

To most people, the Linux brand is a mess of a lot of things, while other brands have the possibility at least to have a more differentiating and unique appearance.

Wednesday, March 07, 2012

GNOME 3.4 Finnish translation weekend

Just a quick note that the merry Finnish localization folks are organizing an (extended) localization weekend, starting today. As a nice step towards ease of use, they're utilizing the long developed, maybe even underused platform, or to be precise a separate instance of it. is used by MediaWiki (Wikimedia Foundation), StatusNet and other high profile projects. Co-incidentally the main developer of is Finnish as well.

Anyway enough of the platform, join the translation frenzy at, but do make sure to read the notes at

I've promised to help in upstreaming those to on Sunday. There is additionally a new report about Ubuntu 12.04 LTS translations schedule (to which these GNOME contributions will find their way as well) at the ubuntu-l10n-fin mailing list by Jiri.

Ja sama suomeksi.

Friday, January 06, 2012

I have a new GPG key

Hash: SHA1,SHA512


I'm transitioning from my 2003 GPG key to a new one.

The old key will continue to be valid for some time, but I eventually 
plan to revoke it, so please use the new one from now on. I would also 
like this new key to be re-integrated into the web of trust. This message 
is signed by both keys to certify the transition.

The old key was:

pub   1024D/FC7F6D0F 2003-07-10
      Key fingerprint = E6A8 8BA0 D28A 3629 30A9  899F 82D7 DF6D FC7F 6D0F

The new key is:

pub   4096R/90BDD207 2012-01-06
      Key fingerprint = 6B85 4D46 E843 3CD7 CDC0  3630 E0F7 59F7 90BD D207

To fetch my new key from a public key server, you can simply do:

  gpg --keyserver --recv-key 90BDD207

If you already know my old key, you can now verify that the new key is 
signed by the old one:

  gpg --check-sigs 90BDD207

If you don't already know my old key, or you just want to be double 
extra paranoid, you can check the fingerprint against the one above:

  gpg --fingerprint 90BDD207

If you are satisfied that you've got the right key, and the UIDs match 
what you expect, I'd appreciate it if you would sign my key:

  gpg --sign-key 90BDD207

Lastly, if you could send me these signatures, i would appreciate it. 
You can either send me an e-mail with the new signatures by attaching 
the following file:

  gpg --armor --export 90BDD207 > timojyrinki.asc

Or you can just upload the signatures to a public keyserver directly:

  gpg --keyserver --send-key 90BDD207

Please let me know if there is any trouble, and sorry for the inconvenience.

(this post has been modified from the example at

Version: GnuPG v1.4.11 (GNU/Linux)