Today I installed the new Apollo Iso via offline-install XFCE version on a very old machine:
Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
What I found was, the boot-up process (after a quite slow install process) took unusually long. After logging in to the XFCE desktop, the mouse pointer kept showing it’s ‘busy’ icon for up to 2 minutes!
What I did to solve this:
firewalld, according to EOS instructions given.
As I do not want my machine to be connectable from outside, neither via ssh, nor ipv6.
Why is EOS firewalld configured that way?
and openconnect , along with their dependencies vpnc pcsclite and stoken.
from being included in the boot-up process. Spice-vdagent
Installed and enabled ufw.
Now it boots like a charm, much quicker than before!
Why are these packages (see 1. - 3.) part of the general EOS installation?
Or, am I missing an important point?
Because the distribution maintainers included them?
You want me to click on “Solution”, ey?
Sorry, it’s just a question that comes up every time for every edition of every distribution: “why are the defaults the defaults?”
a very old machine
It’s a very old machine. What boot-up time are you expecting?
You removed one firewall and installed another.
VPN clients. Possibly useful for people connecting to VPNs.
Thing for running in virtual machines.
So - you’re asking why there is a firewall, VPN client software, and support for running in virtual machines included by default?
So that those things work.
In case you may have noticed, the questions come from a security standpoint, although I hung the topic up on system-speed, for first-glancers only…
I must have missed that standpoint in your original post. Not sure it was obvious.
IPv6 is something that needs to be implemented, not to be avoided.
If services are not running by default then there’s nothing listening so it doesn’t make any difference if there is an open port.
On the other hand, firewalls enabled by default that block everything means that people install software that doesn’t work (e.g. printing) and they don’t understand why. However, if there is no firewall enabled then people complain (even though having no services enabled by default, and running on a LAN, means a firewall is all but pointless, but SECURITY!!!).
I have various Arch partitions on that machine running much faster than EOS out of the box.
And what’s the difference between the configurations?
You can’t just say “this is slower than another thing” without any context or further information.
What are you comparing to what?
You also changed four things in combination rather than one thing at a time. Of the multiple things you changed, only the vdagent might make any difference to boot time, but without any data it’s difficult to say.
Maybe so in nftables, which are used by firewalld. Networkmanager and ufw don’t bother about this at all. I guess this was the my main point in gaining boot-speed.
All firewalls work in exactly the same way. Not sure what you mean here.
Firewalld isn’t going to affect boot speed.
If it did that would be a huge bug, so again comparison data would be very useful here.
Arch linux XFCE with ufw to EOS XFCE with firewalld on the same machine.
Effectively apples to oranges, then?
“This unspecified software configuration boots faster than this other unspecified software configuration”
Apples to oranges, then?
Perhaps. It was my first EOS install on this old machine. And I’m glad I found a way to improve it (for this old thing).
Indeed, that’s good news.
can you return
sudo systemd-analyze blame
$ inxi -Fza:
Kernel: 5.17.5-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 11.2.0
lsm=landlock,lockdown,yama,apparmor,bpf loglevel=3 nowatchdog
Desktop: Xfce v: 4.16.0 tk: Gtk v: 3.24.29 info: xfce4-panel wm: xfwm
v: 4.16.1 dm: LightDM v: 1.30.0 Distro: EndeavourOS base: Arch Linux
Type: Laptop System: FUJITSU SIEMENS product: AMILO Li3710 v: 10600987610
serial: <filter> Chassis: type: 10 v: 30_ serial: <filter>
Mobo: FUJITSU SIEMENS model: EF7 v: Rev 1.0 serial: <filter>
BIOS: Phoenix v: 1.10 date: 08/21/2009
ID-1: BAT1 charge: 21.9 Wh (100.0%) condition: 21.9/48.8 Wh (44.9%)
volts: 12.5 min: 11.1 model: SIM-PAN Main type: Li-ion serial: N/A
Info: model: Intel Pentium Dual T3200 socket: U2E1 bits: 64 type: MCP
arch: Core Merom family: 6 model-id: 0xF (15) stepping: 0xD (13)
Topology: cpus: 1x cores: 2 smt: <unsupported> cache: L1: 128 KiB
desc: d-2x32 KiB; i-2x32 KiB L2: 1024 KiB desc: 1x1024 KiB
Speed (MHz): avg: 1000 min/max: 1000/2000 base/boost: 2000/2000 scaling:
driver: acpi-cpufreq governor: schedutil volts: 3.3 V ext-clock: 667 MHz
cores: 1: 1000 2: 1000 bogomips: 7979
Flags: ht lm nx pae sse sse2 sse3 ssse3
Type: itlb_multihit status: KVM: VMX unsupported
Type: l1tf mitigation: PTE Inversion
status: Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
Type: meltdown mitigation: PTI
Type: spec_store_bypass status: Vulnerable
mitigation: usercopy/swapgs barriers and __user pointer sanitization
Type: spectre_v2 mitigation: Retpolines, STIBP: disabled, RSB filling
Type: srbds status: Not affected
Type: tsx_async_abort status: Not affected
Device-1: Intel Mobile 4 Series Integrated Graphics
vendor: Fujitsu Solutions driver: i915 v: kernel ports: active: LVDS-1
empty: DP-1,VGA-1 bus-ID: 00:02.0 chip-ID: 8086:2a42 class-ID: 0300
Display: x11 server: X.Org v: 21.1.3 compositor: xfwm v: 4.16.1 driver:
X: loaded: intel unloaded: modesetting alternate: fbdev,vesa gpu: i915
display-ID: :0.0 screens: 1
Screen-1: 0 s-res: 1366x768 s-dpi: 96 s-size: 361x203mm (14.21x7.99")
s-diag: 414mm (16.31")
Monitor-1: LVDS-1 mapped: LVDS1 model: LG Display LP156WH1-TLA1
built: 2008 res: 1366x768 hz: 60 dpi: 102 gamma: 1.2
size: 340x190mm (13.39x7.48") diag: 395mm (15.5") ratio: 16:9
OpenGL: renderer: Mesa Mobile Intel GM45 Express (CTG) v: 2.1 Mesa 22.0.3
direct render: Yes
Device-1: Intel 82801I HD Audio vendor: Fujitsu Solutions
driver: snd_hda_intel v: kernel bus-ID: 00:1b.0 chip-ID: 8086:293e
Sound Server-1: ALSA v: k5.17.5-zen1-1-zen running: yes
Sound Server-2: PulseAudio v: 15.0 running: no
Sound Server-3: PipeWire v: 0.3.51 running: yes
Device-1: Realtek RTL810xE PCI Express Fast Ethernet
vendor: Fujitsu Solutions driver: r8169 v: kernel pcie: gen: 1
speed: 2.5 GT/s lanes: 1 port: 3000 bus-ID: 07:00.0 chip-ID: 10ec:8136
IF: enp7s0 state: up speed: 100 Mbps duplex: full mac: <filter>
Device-2: Realtek RTL8187B Wireless 802.11g 54Mbps Network Adapter
type: USB driver: rtl8187 bus-ID: 1-5:2 chip-ID: 0bda:8189 class-ID: 0000
IF: wlan0 state: down mac: <filter>
Local Storage: total: 465.76 GiB used: 18.73 GiB (4.0%)
ID-1: /dev/sda maj-min: 8:0 vendor: Toshiba model: MQ01ABD050
family: 2.5" HDD MQ01ABD... size: 465.76 GiB block-size: physical: 4096 B
logical: 512 B sata: 2.6 speed: 3.0 Gb/s type: HDD rpm: 5400
serial: <filter> rev: 1U temp: 42 C scheme: MBR
SMART: yes state: enabled health: PASSED on: 343d 17h cycles: 3236
Old-Age: UDMA CRC errors: 197
ID-1: / raw-size: 150.79 GiB size: 147.37 GiB (97.73%)
used: 7.54 GiB (5.1%) fs: ext4 block-size: 4096 B dev: /dev/sda3
Kernel: swappiness: 60 (default) cache-pressure: 100 (default)
ID-1: swap-1 type: partition size: 7.68 GiB used: 0 KiB (0.0%)
priority: -2 dev: /dev/sda5 maj-min: 8:5
System Temperatures: cpu: 59.0 C mobo: N/A
Fan Speeds (RPM): N/A
Processes: 161 Uptime: 40m wakeups: 1 Memory: 3.67 GiB
used: 1.39 GiB (37.8%) Init: systemd v: 250 tool: systemctl Compilers:
gcc: 11.2.0 Packages: pacman: 832 lib: 219 Shell: Bash (su) v: 5.1.16
running-in: xfce4-terminal inxi: 3.3.15
$ sudo systemd-analyze blame:
For better readability, please format the pasted text by highlighting it an clicking on </> button.
Thanks, I’d forgotten, how to do that!
Check the size of your journal logs and see if it needs to be limited a bit:
If you don’t use LVM, you could disable its related services and sockets.
may give some more insights.
This thread seems to have gone off on a tangent about how to try and optimise the “fixed” configuration?