Friday, September 16, 2011

fit-PC2i Initial Impressions

Note:  I like to write these "initial impression" postings in order to share what I've learned about a product.  All too often, I've discovered something a lot cooler or quite disappointing after having owned the product for a while.  Check back here for updates.

This review is of the CompuLab fit-PC2i Value:
  • 1.10 GHz Intel Atom Z510 CPU (single core, no hyperthreading)
  • 1 GB memory (DDR2-533)
  • Intel US15W SCH ("Poulsbo") Chipset
  • Dual Gigabit Ethernet ports (Realtek RTL8111-based)
  • Slot for a single 2.5" form-factor SATA hard disk
  • Mini-SD socket (note that this is related, but not the same as, the SD or MicroSD)
  • Intel GMA500 graphics chipset (video output via DVI adapter)
  • Realtek ALC662 audio chipset (not tested)
  • 4 USB 2.0 ports (two normal-size, two micro-size ports)
  • RS232 Serial port (micro port with adapter)
I equipped my unit with a  32GB OCZ Onyx SSD.

In Short

The good:
  • Small size 4" x 4.5" x 1.05" (per specifications)
  • Very low power consumption (5 Watts idle, 7 Watts under load measured using the Kill-a-Watt)
  • Made of metal (durable)
  • Power cord has a retaining screw to keep it from pulling out ("that's what she said")
  • Comes complete with necessary adapter cables
The not-so-good:
  • Cost (price tag for the "value" version is US$279.00)
  • Gets very warm (an add-on heat-sink is available)
  • Intel SCH chipset presents the SATA drive to the OS as a PATA drive
  • BIOS doesn't have a "serial console" mode
  • Documentation (particularly for some of the BIOS options) is somewhat lacking
My Goals

I was trying to find a small, very low power consumption system based on Intel architecture with two Ethernet ports that could be used as a sophisticated router/firewall and Asterisk PBX.  I was doing these functions on my server system, but as I added more functionality to the server, I got nervous about the idea of applications binding to the "outside" interface.  While this problem is mitigated by the use of a firewall, applications like NFS (RPC) that use unpredictable port numbers made me feel increasingly more uncomfortable running these on the same box that was my interface to the Internet.  What made this worse was that using Asterisk to interface to Google Voice meant opening an even wider range of outbound ports.  This was pretty much the last straw.

I first considered the idea of using a commodity consumer-grade wireless router with OpenWrt or something similar to do the same thing.  However, while the cost is good, OpenWrt is lacking some of the management flexibility I have come to enjoy with a full Linux distribution.  It's no wonder, too, being that these devices have a limited amount of flash memory.  They also are running a MIPS-based CPU rather than an Intel architecture (IA) CPU, which meant I needed a cross-platform development environment rather than using the native development environment on my server.  Since my time (and patience) is at a premium these days, I wanted something I could put together (running Gentoo Linux) and just have it work.  When I need to do updates, I can compile packages on my fast quad-core server in a chroot environment without the need for a sophisticated cross-compiler environment.

I wanted whatever system I used to be fanless (preferably, or a VERY quiet fan) and very low power consumption (on the order of what I could get from a consumer-grade router).

I chose the fit-PC2i Value because it met my criteria pretty well.  I was first scared away because of the cost, but when I factored-in my own time and decreasing patience level, the higher cost seemed worth it.  In order to keep the power consumption low and further eliminate any moving parts (read: not likely to fail anytime soon) in the design, I added a 32 GB OCZ Onyx SSD.  I chose this SSD because it was relatively inexpensive, and I knew I wasn't going to need much in the way of disk space.  I also had heard that the chipset in the fit-PC2i was not very high performance with respect to disk I/O, so there was no reason to get a really fast (and expensive) SSD.

I am using less than 4 GB of the 32 GB SSD (including a full Gentoo portage tree and package tarballs) using a conservative Gentoo install (no X windows, for sure).

Putting Things Together

Right from the start I could tell this was going to be a nifty little computer.  The initial configuration was done by doing my chroot package compile trick on my fast server.  I then attached the SSD to my server via a USB interface cord, and discovered quickly that even a cheap SSD on a cheap USB interface was impressively fast.

I had a bit of trouble on first boot because I neglected to learn anything about the Intel SCH chipset prior to building the kernel.  This was immediately remedied with a quick kernel reconfigure/recompile on the server.  Just keep in mind that (at least with the older Gentoo live media I used) the drivers were not loaded automatically for both the SCH chipset and the Realtek RTL8111 Ethernet adapters.

Once I got everything booted, the first thing I noticed that it seemed pretty fast given the configuration of the system (see more about this below).

Looking at the hardware this is not a system that you're going to try to run everyday software on.  Okay, someone may do that, but I'm not sure it's beefy enough for anything even near that serious.  Not serious enough, in my opinion, to justify a DVI port on a monitor.  Okay, but that's not much of a problem.  What I was surprised about, given the fit-PC2's leaning toward an embedded device is why the BIOS didn't have an option to redirect console output to the serial port.  I intend to run with no keyboard and no monitor, but getting to a console is really helpful when I put something dumb in iptables and lock myself out of the network.  What I ended up doing was simply to tell grub to output both to the serial port and DVI console, and have the default Linux boot option use a serial console.


The fit-PC2i Value is actually pretty responsive even with a 1.1 GHz Atom CPU.  However, be forewarned that this system is not going to come close to running a firewall at full Gigabit Ethernet speeds!  Running very little and acting primarily as a firewall, I saw the idle CPU down just below 50% measured by "top" when I started streaming Netflix on the Roku.  All of the utilization was in the interrupt stack, indicating that the Ethernet chips were effectively gobbling up the system.  Now that being said, that Atom CPU still has plenty of cycles left, but I'm a bit concerned what would happen if I had an Internet connection that exceeded 15 Mbits/sec.  To be sure, the Linux driver may be slightly at fault, but my guess is that the RTL8111 Ethernet chip is simply not very efficient.

Everything else on the system was plenty responsive during management and running normal system applications.  I haven't tried to run Asterisk on it yet while the unit was doing its firewall/routing application.  Once I do that, I will have a better feel for how well it performs under load.

One thing to note is that the unit runs very warm...I would almost say hot.  CompuLab sells a heat sink that snaps on the case, but that shouldn't be necessary under normal circumstances.  My guess, from looking at the specs, is that the warm-hot aluminum case is okay and won't affect the PC's electronics.  However it is for this reason that I would caution against installing a regular (mechanical) laptop hard disk into the unit.  I anticipate early failure of the bearings in a normal hard drive due to excessive heating of the spindle lubricant, so for longevity's sake I would recommend using a SSD as I did.

Final Initial Thoughts

There's something cool about having a system that fits in the palm of your hand that performs like a system that, just a few years ago, took-up a significant part of your desk.  This is such a system.  It's important to understand its limitations -- you're not going to be using this as a home theater PC or something to run MythTV on.  Why?  Because while these applications may run on this kind of a system, they are not likely to run well.

I'd like to see a version of this with a newer Atom processor and a more efficient Ethernet chip.  However, I don't have any reason to suspect (yet) that the current hardware will be a bottleneck in my application.  Seriously, I haven't seen any small system that doesn't suffer from some degree of this.

The power consumption (or lack of it) is fantastic.  CompuLab's motto, "do without wasting," is very applicable here.  Likewise, not wasting space is also a virtue of this system.  I wish I could do this without spending so much money.

I really like being able to ssh into a Linux system and do what I always do when I administer a box and not get caught-up in fancy web interfaces and other stuff like that.  The fit-PC2i really works for this, so far.  I have no reason to believe that it will have trouble running a pretty full-featured Asterisk installation as well, although I wouldn't expect it to be a PBX for anything bigger than a fairly small business.  It should be well-suited to running a PBX that will be an interface to Google Voice and some other things.  I will soon find out if I'm right.

Update:  September 18, 2011

I had a problem tonight with the Ethernet interfaces (both of them) simultaneously going down in the middle of watching a Netflix video on the Roku, with no other indication except the following in the log:

Sep 17 22:12:29 neuron klogd: r8169 0000:03:00.0: eth1: link up
Sep 17 22:12:29 neuron klogd: r8169 0000:02:00.0: eth0: link up

This was weird since there was no indication that the link even went down.  Doing some googling turned-up that there appears to be a bug in the r8169 driver with the links spontaneously going down on RTL8111/8168B chips on some recent versions of the Linux kernel (I am running 2.6.39), with the fix being to go to the Realtek driver (source is available from their site).  I created a Gentoo ebuild for the r8168 driver from Realtek and that seems to be working.  This also seems to have addressed the high CPU interrupt utilization (which is now about 25%, leaving the CPU 75% idle) when stressed.  There were also some network performance issues while viewing some HD YouTube videos with the Roku that caused the Roku to step-down to a lower-quality video.  This seems to be solved with the new driver.  What is also interesting is that my server system uses the same chipset, and while I haven't seen this issue with 2.6.39 on that system, I am tempted to install the Realtek driver anyway as a proactive measure.

I also installed Asterisk this afternoon with very promising results.  I held a conversation with my parents for over an hour through Google Voice with excellent audio quality.  No complaints at all.  While not fit-PC-related, it may help someone out there looking to use Google Voice on Asterisk for my firewall rules.  If you limit your RTP ports to ports 10000-20000, you need to make sure that the following are opened outbound:  tcp/5222, udp/{10000-20000}, udp/3478, and udp/443.  That last one was a bit of a surprise, but it seems that it is used in the STUN code with Google Voice.

Update September 21, 2011

Well, it seems that the Ethernet problem has surfaced again.  This time only eth0 went down, but that is still annoying.  This time it was when I was VPN'd into work.  The connection dropped for about 5 minutes or so.

I am actually at wits end.  I went onto the fit-PC forums and was disappointed to see that CompuLab's answer to hardware issues with a Linux OS that they haven't tested is:  We don't support that OS (it was RedHat, as I recall) - in order to get support load Ubuntu on it.  Thanks, CompuLab, for that overwhelming feeling of support (said dripping in sarcasm).

What I did see and was worth a try was going into the BIOS and disabling "C-States" and only enabling GV3 support (per this forum article and this forum article).  I also disabled hyperthreading and anything else that this box didn't support, in the hopes that this would prevent any potential issues from that from surfacing.  I'm not sure I have any other ideas at this stage.

If the Ethernet ports are not stable, my only recourse is to dump this idea and go to a more power-hungry and more standard PC.  The whole idea of running this is to support a reliable network router/firewall/PBX.  If that doesn't work, then I am wasting my time with this system.

This is why I think I should wait a few weeks before posting my "initial impressions" even though that seems to be dishonest.

Update October 8, 2011

It seems that the BIOS change made above worked, and I am no longer seeing problems with the Ethernet ports.

Aside from the temperature issue (that doesn't seem to negatively affect the operation of the computer), the fit-PC2i is working great.  Let's hope it stays that way for a long time!

Sunday, September 11, 2011

Reflections On 9/11- 10th Anniversary

Like everyone else, I have felt compelled to reflect on what happened on September 11, 2001 on this 10th anniversary of that event.

I had gotten to work on an otherwise uneventful morning.  Someone mentioned that an airplane had crashed into the World Trade Center.  There was a lot of speculation as to what happened.  While nobody at that time openly considered that this was an intentional act,  I felt right away that this was done on purpose.  A short time later the second airplane hit the other tower, and then the news came in that there was some kind of an explosion at The Pentagon (it was a while before it was confirmed that it, too, had been a suicide mission using an airplane).  By then, it was pretty much felt that this was an intentional attack.  Was it a domestic attack like what Timothy McVeigh did in Oklahoma City, or was it an attack from an extremist group like Al Qaeda?  Of course, we now know it's the latter.

My brother had been interning at a business in the WTC only a few weeks earlier, and my sister-in-law worked near the towers in Manhattan.  I remember calling my parents to find out whether they were OK.  It was a stressful time.  Thankfully everyone in my immediate family were safe, but I know of people who weren't as lucky.  To me, it was a horrific and needless way for over 3,000 people to die.  Immediately following the attack, I shared the sentiments of most Americans who wanted to see the people responsible brought to justice (the definition of "justice" at the time meaning "just desserts").

A few weeks later I flew to New York to visit my family, and while I was in New York I took a trip out to Manhattan to see the wreckage.  The air was thick from the dust and smoke, and it was hard to breathe.  There were piles of dust and debris on the visors on the traffic lights in the area.  It was sad to see the remains of a building that once stood proud and where business was conducted every day.  It was even more sad to consider that the people who worked in these buildings were no longer with us.

They say to never forget, and these images and experiences will be forever engraved in my memory.

What followed was, in my opinion, some of the worst handling of such an event that I could have ever imagined.  Out of one side of their mouths, our government said that the best way to tell "the terrorists" that this didn't stop us was to carry-on as usual and show them that our liberty and way of life could not be stopped like this.  Then the same government carried out some of the most intrusive abuses of the liberties of its own citizens that I have ever seen.  They used the event and political spin to justify a war with Iraq that, while it probably needed to happen, had nothing to do with the events of September 11.  It spawned two terms that I have come to detest:  "weapons of mass destruction (WMDs)" and "war on terror."

As I have discussed in a past blog entry, there is no such thing as a war on terror.  "Terror" is a tactical way of fighting an enemy.  You can't wage war against a tactic.  You can only wage war against a specific group of people or ideology.  In my opinion this so-called "war on terror" is just a big political snow-job that is a justification to do things that a government has no business doing without a much stronger justification.  All I want is the U.S. government to tell us, the people who they represent, the truth.  If you're fighting Al Qaeda, then that makes sense.  If you're waging war against a dangerous dictator (Saddam Hussein) who used chemical weapons against his own citizens, then just say so.  Using September 11 and "the war on terror" as justification for such actions is dishonest and just cheapens the lives that were lost.  As much as I love this country, I feel that our government has sacrificed much of our liberties that our forefathers fought so hard to gain for a false sense of security that has really moved our political system away from a representative republic and toward a more authoritarian system.  This needs to be fixed.

This week I also saw an episode of NOVA on PBS that was about the usage of the land where the former WTC was located.  There is a large memorial and museum to respect those who lost their lives, and a new, modern, and safe office building is also being erected.  In the program they mentioned that some of the materials for the memorial and/or building were manufactured in other countries (one portion specifically in China).  I find it very ironic and almost insulting that the materials to build at this location cannot be entirely of U.S. manufacture and supplies.  You'd think that the best way to honor those who lost their lives would be to show that the United States still can stand on its own.  I would rather have seen a smaller memorial with the materials being all of U.S. origin than to have a large memorial with foreign materials (particularly from China).  The program also glossed-over the bitching session that has taken place over the previous 9 years over what was going on the WTC site and what the memorial and new building would consist of.

There was also recent talk about a Christian cross being placed on the site of the WTC memorial.  This has come under criticism because it leaves-out other faiths of the people who died on September 11.  The memorial is not a religious symbol, but rather a way for we, those who survived September 11, to honor and respect those who lost their lives that day.  It seems that people have forgotten the motivations for the attack on September 11.  The attack was perpetrated by a group of Muslim extremists who feel, in the eyes of their belief system, that the United States and its people are evil since they do not subscribe to what is in the Qur'an and they feel that our influence in the Middle East has interfered with their culture.  Their beliefs are a justification to work toward eliminating us and our society.  Our strength comes from our political system being overall neutral to personal religious practices.  When our government starts respecting a single religion more than others, no matter what the prevailing majority practices, it starts us on the slippery slope toward becoming a theocracy, much like the one our forefathers also fought to break-away from.  Worse, though, is that we are promulgating the same kind of behavior that fueled the acts of September 11,  Basically it's an "our god is better than your god" argument.

To me, it's not enough to just say, "Never surrender...Never forget."  Yes, we all experienced September 11, 2001 in our own way.  Those experiences are important to history, for sure.  However, if we are to learn anything from the tragedy that happened 10 years ago, then it requires that we understand the motivations involved.  It means we don't just feel sad for those who lost their lives, but we also understand what it means to be American and the value of the liberties we have as a result.

Saturday, September 3, 2011

General Annoyances I

It's time for some new rants, I'm afraid.  Here are some things that the world needs to know:

I.  Use your OWN picture for your facebook profile picture

There are a whole bunch of people who, for whatever reason, find it necessary to use their kid, their pet, their spouse, a celebrity, or something just plain stupid as their profile picture.  If I'm looking for you, I want to see what you look like.  If you have someone else's picture in there, how in heck am I supposed to know if it's you or not?

If you want to highlight things about your kid, give 'em their own facebook page and put it there.  If you're so obsessed with your kids that you have to replace your own picture with their's, then maybe it's time for a bit of therapy.  Seriously, perhaps you've forgotten that your kids do not define you (or they shouldn't, anyway) and that you're important as well.  Substitute "pet" and "spouse" and "celebrity" for "kid" and read this paragraph again.

I'll give some slack to those who are genuinely uncomfortable with having their picture available for people to look at.  Still, in this case, pick an avatar (one that resembles you would be cool) and stick with it.

PS: Yes, I know that my Blogger profile picture has been my cat and is certainly not looking entirely like me right now.  That's a privacy issue...  It's not what I do on facebook.

II.  Too much information (TMI) on facebook

It seems that many people are convinced that every single thing that they do is worthy of broadcasting to everyone they know.  They broadcast nearly every place they go.  Everyone they see.  Every single thought they have.  Sometimes, the thoughts have absolutely no context.

When facebook asks, "What's on your mind," it doesn't necessarily mean that you must elaborate on every single thing you're doing or thinking.  Have we all become so narcissistic that we truly believe that everyone with whom we're associating truly wants, in real-time, to know every single thing we do or thing?  This is one reason I like a blog-style format.  It doesn't demand the level of attention that a facebook "News Feed" stream does.

There is also the issue of boundaries:  There are some things about you or aspects of your life that I really don't need to know about because they're private.

Perhaps the correct fix for this is a fix an enhancement to facebook:  Through some word analysis and, maybe, some classification of various applications in facebook, there could provide a "level" of importance given to each status update (it would default to an assigned value from 1 to 4, and you could manually change it).  Anything from gowalla or indicating "I am here" or "I'm here with someone" or "my picture changed" or "I'm now friends with {blah}" could be assigned a 1.  Phrases that seem to be merely a sentence fragment that don't really appear to be anything more than a disconnected idea could be a 2.  An update with any religious, political, or current event could be a 3.  Everything else is a 4.  If Google can transcribe voicemail messages into text and facebook can do analysis on photographs and automatically tag people, then this priority system surely could be established.

III. I am not just browsing the web (and your site)

Perhaps I'm just too old fashioned, but not everything I do (on the computer) is related to the Internet, and some things I do on the Internet does not require a web browser.  My web browser is still oriented in a "portrait" (more tall than wide) manner, and it does not consume my entire computer screen.  I realize that, to some people, this concept is completely foreign, but I actually do more with a computer than browse web pages on the Internet.  You should try it sometime.

Message to web developers:  YOUR SITE IS NOT THE ONLY THING ON MY SCREEN.  So when you assume that I have an entire 1900x1080 pixel screen devoted entirely to your site, you are most sorely mistaken.  Likewise, I don't have a 1280x1024 pixel display or a 1024x768 pixel display or even a 1024x600 pixel (netbook) display entirely devoted to your web site.  To assume that I have devoted my complete and total attention to your web site is pretentious and insulting.  In fact, as I have been writing this blog entry, I have been opening up additional windows to look-up words and facts, or reference other things, or check to see if someone is trying to reach me, or monitor my computer system's health.

I have said this before with Flash, and I'll repeat it here for any other web content:  Web standards were developed so that you could develop content that would adapt to the user's environment, not the other way around.  I'm not asking that you design your site around a 320x240 pixel display, but for heaven's sake, most netbooks have a display that is 1024 pixels wide.  Considering that I would be using about 2/3rds of the display for my browser,  figure that your web page should generally be usable at 680 pixels wide ("usable" means that I may need to horizontally scroll once in a while, but not all the time).  Also remember that there are a variety of display heights (particularly with newer, 16:9 format displays).  This means that if you clutter the top with crap, then I'm going to be constantly vertically scrolling as well.

Shrink down your browser during development, and if you find yourself having to horizontally scroll frequently to get to navigation buttons, then you're pissing off a bunch of people.  Stop doing what Weather Underground does where they make it so if your browser is too narrow, even horizontally scrolling doesn't work right (the content simply disappears, permanently)...or some developers that verily piss me off and disable the horizontal scroll bar completely.  Yeah, you idiots, you know who  you are...

People who make web pages that have text that needs to be horizontally scrolled back and forth in order tor read it should be forced to endure some amount of torture (to-be-determined).  IMDB...warn your web developers.  I'm coming for them.

IV.  Soliciting information or soliciting religious preferences is still soliciting

I have a sign at my home's front door that says, "NO SOLICITING."  I bought that sign, and I put it there.  According to the dictionary, the word "soliciting" means:
1b. to approach with a request or plea
2. to urge (as one's cause) strongly
4. to try to obtain by usually urgent requests or pleas
So when I say, "NO SOLICITING," I mean that I don't want people knocking at my front door to:
  1. Sell things (that's the obvious one)
  2. Try to convert me to their religion or "save me" by religious conversion (I'm atheist, give it up)
  3. Request information (as in polls or surveys)
  4. Kids selling raffle tickets, candy, or the like
  5. Try to "save me money" (that's just trying to sell stuff in disguise)
In fact, the only solicitations I really am interested in are those from people who I know or care about in a time of serious need (which are likely not any of the above) or someone who I have arranged for a solicitation in advance.

No means no.  I don't generally care about your motivation.  Just because I don't have an electrified barbed-wire fence and an attack dog in my yard doesn't mean that I'm inviting you to come and disturb me.  If you see a "NO SOLICITING" sign at someone's door, it probably means they've had enough of people bothering them when they're in their pajamas trying to edit a blog entry on the computer.  Or something like that.  Ignoring the sign just pisses people off.

V.  People who's blog consists mostly of rants

Oh, crap, that's me...

[to be continued]