New Apollo Install on old Laptop

Hi there.

Today I installed the new Apollo Iso via offline-install XFCE version on a very old machine:

  • Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
  • 4GB Ram

What I found was, the boot-up process (after a quite slow install process) took unusually long. After logging in to the XFCE desktop, the mouse pointer kept showing it’s ‘busy’ icon for up to 2 minutes!

What I did to solve this:

  1. Uninstalled firewalld, according to EOS instructions given.
    As I do not want my machine to be connectable from outside, neither via ssh, nor ipv6.
    Why is EOS firewalld configured that way?

  2. Uninstalled openconnect and vpnc, along with their dependencies pcsclite and stoken.

  3. Also, disabled Spice-vdagent from being included in the boot-up process.

  4. Installed and enabled ufw.

Now it boots like a charm, much quicker than before!

My question:
Why are these packages (see 1. - 3.) part of the general EOS installation?

Or, am I missing an important point?

Because the distribution maintainers included them?

You want me to click on “Solution”, ey? :beers:

Sorry, it’s just a question that comes up every time for every edition of every distribution: “why are the defaults the defaults?”

It’s a very old machine. What boot-up time are you expecting?

You removed one firewall and installed another.

VPN clients. Possibly useful for people connecting to VPNs.

Thing for running in virtual machines.

So - you’re asking why there is a firewall, VPN client software, and support for running in virtual machines included by default?

So that those things work.

3 Likes

In case you may have noticed, the questions come from a security standpoint, although I hung the topic up on system-speed, for first-glancers only…

I must have missed that standpoint in your original post. Not sure it was obvious.

IPv6 is something that needs to be implemented, not to be avoided.

If services are not running by default then there’s nothing listening so it doesn’t make any difference if there is an open port.

On the other hand, firewalls enabled by default that block everything means that people install software that doesn’t work (e.g. printing) and they don’t understand why. However, if there is no firewall enabled then people complain (even though having no services enabled by default, and running on a LAN, means a firewall is all but pointless, but SECURITY!!!).

3 Likes

I have various Arch partitions on that machine running much faster than EOS out of the box.

And what’s the difference between the configurations?

You can’t just say “this is slower than another thing” without any context or further information.

What are you comparing to what?

You also changed four things in combination rather than one thing at a time. Of the multiple things you changed, only the vdagent might make any difference to boot time, but without any data it’s difficult to say.

2 Likes

Maybe so in nftables, which are used by firewalld. Networkmanager and ufw don’t bother about this at all. I guess this was the my main point in gaining boot-speed.

All firewalls work in exactly the same way. Not sure what you mean here.

Firewalld isn’t going to affect boot speed.

If it did that would be a huge bug, so again comparison data would be very useful here.

1 Like

Arch linux XFCE with ufw to EOS XFCE with firewalld on the same machine.

Effectively apples to oranges, then?

“This unspecified software configuration boots faster than this other unspecified software configuration”

2 Likes

Perhaps. It was my first EOS install on this old machine. And I’m glad I found a way to improve it (for this old thing).

Indeed, that’s good news.

can you return

inxi -Fza
sudo systemd-analyze blame 

$ inxi -Fza:

System:
  Kernel: 5.17.5-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 11.2.0
    parameters: BOOT_IMAGE=/boot/vmlinuz-linux-zen
    root=UUID=e53bef65-4b75-4f21-a254-30f1b9225878 rw
    lsm=landlock,lockdown,yama,apparmor,bpf loglevel=3 nowatchdog
    nvme_load=YES
  Desktop: Xfce v: 4.16.0 tk: Gtk v: 3.24.29 info: xfce4-panel wm: xfwm
    v: 4.16.1 dm: LightDM v: 1.30.0 Distro: EndeavourOS base: Arch Linux
Machine:
  Type: Laptop System: FUJITSU SIEMENS product: AMILO Li3710 v: 10600987610
    serial: <filter> Chassis: type: 10 v: 30_ serial: <filter>
  Mobo: FUJITSU SIEMENS model: EF7 v: Rev 1.0 serial: <filter>
    BIOS: Phoenix v: 1.10 date: 08/21/2009
Battery:
  ID-1: BAT1 charge: 21.9 Wh (100.0%) condition: 21.9/48.8 Wh (44.9%)
    volts: 12.5 min: 11.1 model: SIM-PAN Main type: Li-ion serial: N/A
    status: full
CPU:
  Info: model: Intel Pentium Dual T3200 socket: U2E1 bits: 64 type: MCP
    arch: Core Merom family: 6 model-id: 0xF (15) stepping: 0xD (13)
    microcode: 0xA4
  Topology: cpus: 1x cores: 2 smt: <unsupported> cache: L1: 128 KiB
    desc: d-2x32 KiB; i-2x32 KiB L2: 1024 KiB desc: 1x1024 KiB
  Speed (MHz): avg: 1000 min/max: 1000/2000 base/boost: 2000/2000 scaling:
    driver: acpi-cpufreq governor: schedutil volts: 3.3 V ext-clock: 667 MHz
    cores: 1: 1000 2: 1000 bogomips: 7979
  Flags: ht lm nx pae sse sse2 sse3 ssse3
  Vulnerabilities:
  Type: itlb_multihit status: KVM: VMX unsupported
  Type: l1tf mitigation: PTE Inversion
  Type: mds
    status: Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
  Type: meltdown mitigation: PTI
  Type: spec_store_bypass status: Vulnerable
  Type: spectre_v1
    mitigation: usercopy/swapgs barriers and __user pointer sanitization
  Type: spectre_v2 mitigation: Retpolines, STIBP: disabled, RSB filling
  Type: srbds status: Not affected
  Type: tsx_async_abort status: Not affected
Graphics:
  Device-1: Intel Mobile 4 Series Integrated Graphics
    vendor: Fujitsu Solutions driver: i915 v: kernel ports: active: LVDS-1
    empty: DP-1,VGA-1 bus-ID: 00:02.0 chip-ID: 8086:2a42 class-ID: 0300
  Display: x11 server: X.Org v: 21.1.3 compositor: xfwm v: 4.16.1 driver:
    X: loaded: intel unloaded: modesetting alternate: fbdev,vesa gpu: i915
    display-ID: :0.0 screens: 1
  Screen-1: 0 s-res: 1366x768 s-dpi: 96 s-size: 361x203mm (14.21x7.99")
    s-diag: 414mm (16.31")
  Monitor-1: LVDS-1 mapped: LVDS1 model: LG Display LP156WH1-TLA1
    built: 2008 res: 1366x768 hz: 60 dpi: 102 gamma: 1.2
    size: 340x190mm (13.39x7.48") diag: 395mm (15.5") ratio: 16:9
    modes: 1366x768
  OpenGL: renderer: Mesa Mobile Intel GM45 Express (CTG) v: 2.1 Mesa 22.0.3
    direct render: Yes
Audio:
  Device-1: Intel 82801I HD Audio vendor: Fujitsu Solutions
    driver: snd_hda_intel v: kernel bus-ID: 00:1b.0 chip-ID: 8086:293e
    class-ID: 0403
  Sound Server-1: ALSA v: k5.17.5-zen1-1-zen running: yes
  Sound Server-2: PulseAudio v: 15.0 running: no
  Sound Server-3: PipeWire v: 0.3.51 running: yes
Network:
  Device-1: Realtek RTL810xE PCI Express Fast Ethernet
    vendor: Fujitsu Solutions driver: r8169 v: kernel pcie: gen: 1
    speed: 2.5 GT/s lanes: 1 port: 3000 bus-ID: 07:00.0 chip-ID: 10ec:8136
    class-ID: 0200
  IF: enp7s0 state: up speed: 100 Mbps duplex: full mac: <filter>
  Device-2: Realtek RTL8187B Wireless 802.11g 54Mbps Network Adapter
    type: USB driver: rtl8187 bus-ID: 1-5:2 chip-ID: 0bda:8189 class-ID: 0000
    serial: <filter>
  IF: wlan0 state: down mac: <filter>
Drives:
  Local Storage: total: 465.76 GiB used: 18.73 GiB (4.0%)
  ID-1: /dev/sda maj-min: 8:0 vendor: Toshiba model: MQ01ABD050
    family: 2.5" HDD MQ01ABD... size: 465.76 GiB block-size: physical: 4096 B
    logical: 512 B sata: 2.6 speed: 3.0 Gb/s type: HDD rpm: 5400
    serial: <filter> rev: 1U temp: 42 C scheme: MBR
  SMART: yes state: enabled health: PASSED on: 343d 17h cycles: 3236
    Old-Age: UDMA CRC errors: 197
Partition:
  ID-1: / raw-size: 150.79 GiB size: 147.37 GiB (97.73%)
    used: 7.54 GiB (5.1%) fs: ext4 block-size: 4096 B dev: /dev/sda3
    maj-min: 8:3
Swap:
  Kernel: swappiness: 60 (default) cache-pressure: 100 (default)
  ID-1: swap-1 type: partition size: 7.68 GiB used: 0 KiB (0.0%)
    priority: -2 dev: /dev/sda5 maj-min: 8:5
Sensors:
  System Temperatures: cpu: 59.0 C mobo: N/A
  Fan Speeds (RPM): N/A
Info:
  Processes: 161 Uptime: 40m wakeups: 1 Memory: 3.67 GiB
  used: 1.39 GiB (37.8%) Init: systemd v: 250 tool: systemctl Compilers:
  gcc: 11.2.0 Packages: pacman: 832 lib: 219 Shell: Bash (su) v: 5.1.16
  running-in: xfce4-terminal inxi: 3.3.15

$ sudo systemd-analyze blame:

11.188s dev-sda3.device
10.169s apparmor.service
 7.063s systemd-journal-flush.service
 5.819s NetworkManager-wait-online.service
 3.746s systemd-sysusers.service
 3.334s systemd-random-seed.service
 3.307s ufw.service
 3.172s systemd-udevd.service
 2.648s power-profiles-daemon.service
 2.324s lvm2-monitor.service
 2.061s polkit.service
 1.741s NetworkManager.service
 1.555s upower.service
 1.141s ldconfig.service
  891ms udisks2.service
  798ms accounts-daemon.service
  782ms systemd-fsck@dev-disk-by\x2duuid-6da29be0\x2d9da1\x2d4ea0\x2d9292\x2db4e31dc2cbdc.service
  617ms systemd-sysctl.service
  586ms systemd-udev-trigger.service
  535ms avahi-daemon.service
  507ms dbus.service
  505ms systemd-logind.service
  487ms systemd-tmpfiles-setup-dev.service
  476ms user@1000.service
1 Like

For better readability, please format the pasted text by highlighting it an clicking on </> button.

1 Like

Thanks, I’d forgotten, how to do that! :blush:

1 Like

https://wiki.archlinux.org/title/Apparmor#Speed-up_AppArmor_start_by_caching_profiles

Check the size of your journal logs and see if it needs to be limited a bit:

https://wiki.archlinux.org/title/Journal#Journal_size_limit

If you don’t use LVM, you could disable its related services and sockets.

Also:


systemd-analyze critical-chain

may give some more insights.

4 Likes

This thread seems to have gone off on a tangent about how to try and optimise the “fixed” configuration?