Global

Sun, Apr 29th, 2012

Medwinz's Notes posted in Indonesia at 17:38

Member

slowhand

Traffic Shaping - Bagian 2

Pada bagian ini kita akan mendiskusikan bagaimana mengklasifikasikan paket dan kemudian melakukan penandaan paket (packet marking) berdasarkan TOS field paket di linux kernel. Jadi kita akan menyerahkan klasifikasi paket untuk dilakukan oleh iptables selanjutnya HTB akan melakukan queueing berdasarkan penandaan oleh iptables. Secara singkat TOS (Type of Service, kudu dimengerti oleh pengguna linux yang berminat pada networking dan Quality of Service) merupakan bagian dari paket yang menentukan prioritas dari paket. TOS terdiri dari 8 bit (octet), bit 0, 1, 2 adalah precedence, bit 3, 4, 5, 6 adalah TOS, dan bit 7 adalah bit MBZ (Must Be Zero).

Secara default nilai dari TOS bits adalah sebagai berikut:

1000 (binary)      8 (decimal)       Minimize delay (md)

0100 (binary)    4 (decimal) Maximize throughput (mt)

0010 (binary)      2 (decimal)       Maximize reliability (mr)

0001 (binary)    1 (decimal) Minimize monetary cost (mmc)

0000 (binary)    0 (decimal) Normal service

Untuk mengetahui lebih jauh tentang TOS silakan membaca RFC1349 dan RFC2474.

Dengan iptables kita dapat melakukan penandaan paket (packet marking) berdasarkan TOS bits dan inilah yang akan kita lakukan dengan script yang kita buat. Header dari paket akan dibongkar (mangle) oleh iptables dan disisipi tanda (mark) sesuai keinginan kita. (Thanks to Rusty Russel, Harald Welte, Patrick McHardy etc to make iptables as a nice userland for linux communites. ~~Sekitar 2 tahun lalu~~ Tahun 2006 kebetulan saya pernah kerja bareng dengan salah satu kontributor iptables/netfilter Fabrice Marie, dia salah satu pembuat howto nya netfilter, orangnya sangat down to earth, ramah dan mau berbagi ilmu. Saat itu saya gak tahu kalau dia salah satu kontributornya……..)

Pada script yang saya berikan (pada tulisan sebelumnya) perhatikan bagian

tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12
tc filter add dev eth1 parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13
tc filter add dev eth1 parent 1:0 protocol ip prio 5 handle 5 fw classid 1:14
tc filter add dev eth1 parent 1:0 protocol ip prio 6 handle 6 fw classid 1:15

Pada tulisan sebelumnya kita sudah membuat 6 class htb qdisc tetapi belum melakukan klasifikasi paket, sehingga seluruh paket upload dari network kita akan melalui class 1:15 (kita mendefinisikan tc qdisc add dev eth1 root handle 1: htb default 15). Sekarang kita harus mengklasifikasikan paket agar paket tertentu akan masuk kedalam class htb qdisc tertentu pula. Script di atas adalah filter yang akan membagi paket kedalam class tertentu berdasarkan klasifikasi paket oleh iptables. Penggunaan iptables sangat dianjurkan karena sangat fleksibel, menghitung paket untuk setiap rule dengan cepat, dan juga dengan adanya RETURN target paket tidak perlu menjelajah ke semua rule.

Perintah yang dilakukan pada script di atas adalah memberitahu kernel bahwa paket dengan nilai spesifik FWMARK (handle x fw) harus masuk ke class tertentu (classid x:xy).

Bagi anda yang belum memahami cara kerja iptables silakan download howtonya di sini, atau setidaknya pahami diagram dari Jan Engelhardt (jengelh adalah pengguna openSUSE, dia salah satu kontributor di openSUSE Build Service).

Misalkan ip lokal anda 192.168.0.0/24 dan ip public anda 202.170.1.2, maka jalankan NAT dengan iptables (untuk pengguna SuSEfirewall tidak perlu menjalankan perintah iptables ini, tetapi ikuti langkah untuk SuSEfirewall di paragraf berikutnya. Saya pengguna SuSEfirewall juga).

ech0 1 > /proc/sys/net/ipv4/ip_forward

iptables – t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 -j SNAT –to-source 202.170.1.2

Untuk pengguna SuSEfirewall, buka file /etc/sysconfig/SuSEfirewall2 dan lengkapi bagian di bawah ini:

FW_DEV_EXT=’eth1′ ——> sesuaikan dengan eth ip publik
FW_DEV_INT=’eth2′ ——> sesuaikan dengan eth ip lokal
FW_ROUTE=”yes”
FW_MASQUERADE=”yes”
FW_MASQ_DEV=”zone:ext”
FW_MASQ_NETS=”192.168.0.0/24″
FW_CUSTOMRULES=”/etc/sysconfig/scripts/SuSEfirewall2-custom”

Kemudian mulailah menambahkan rule untuk PREROUTING chain pada tabel mangle:

iptables -t mangle -A PREROUTING -p icmp -j MARK –set-mark 0×1
iptables -t mangle -A PREROUTING -p icmp -j RETURN
iptables -t mangle -A PREROUTING -m tos –tos Minimize-Delay -j MARK –set-mark 0×1
iptables -t mangle -A PREROUTING -m tos –tos Minimize-Delay -j RETURN
iptables -t mangle -A PREROUTING -m tos –tos Minimize-Cost -j MARK –set-mark 0×5
iptables -t mangle -A PREROUTING -m tos –tos Minimize-Cost -j RETURN
iptables -t mangle -A PREROUTING -m tos –tos Maximize-Throughput -j MARK –set-mark 0×6
iptables -t mangle -A PREROUTING -m tos –tos Maximize-Throughput -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp –sport 22 -j MARK –set-mark 0×1
iptables -t mangle -A PREROUTING -p tcp -m tcp –sport 22 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp –dport 22 -j MARK –set-mark 0×1
iptables -t mangle -A PREROUTING -p tcp -m tcp –dport 22 -j RETURN
iptables -t mangle -I PREROUTING -p tcp -m tcp –tcp-flags SYN,RST,ACK SYN -j MARK –set-mark 0×1
iptables -t mangle -I PREROUTING -p tcp -m tcp –tcp-flags SYN,RST,ACK SYN -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp –dport 587 -j MARK –set-mark 0×5
iptables -t mangle -A PREROUTING -p tcp -m tcp –dport 587 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp –dport 993 -j MARK –set-mark 0×5
iptables -t mangle -A PREROUTING -p tcp -m tcp –dport 993 -j RETURN
iptables -t mangle -A PREROUTING -j MARK –set-mark 0×6

Maksud dari script di atas adalah:

menandai traffic ICMP dengan FWMARK 0×1
-j RETURN untuk trafik ICMP dimana ICMP tidak akan masuk ke rule lain dibawahnya
menandai semua trafik TOS minimize delay sebagai FWMARK 0×1
-j RETURN untuk trafik TOS minimize delay, dimana trafik TOS minimize delay tidak akan masuk ke rule lain dibawahnya
menandai semua trafik TOS minimize cost sebagai FWMARK 0×5
-j RETURN untuk trafik TOS minimize cost, dimana trafik TOS minimize cost tidak akan masuk ke rule lain dibawahnya
menandai semua trafik TOS maximize throughput sebagai FWMARK 0×6
-j RETURN untuk trafik TOS maximize throughput, dimana trafik TOS maximize throughput tidak akan masuk ke rule lain dibawahnya
menandai trafik yang berasal dari port SSH dengan FWMARK 0×1
-j RETURN untuk trafik yang berasal dari port SSH dimana trafik yang berasal dari port SSH tidak akan masuk ke rule lain dibawahnya
menandai trafik yang menuju port SSH dengan FWMARK 0×1
-j RETURN untuk trafik yang menuju port SSH dimana trafik yang menuju port SSH tidak akan masuk ke rule lain dibawahnya
menandai trafik yang memiliki SYN flag dengan FWMARK 0×1
-j RETURN untuk trafik yang memilik SYN flag dimana trafik yang memiliki SYN flag tidak akan masuk ke rule lain dibawahnya
menandai trafik yang menuju port 587 dengan FWMARK 0×5
-j RETURN untuk trafik yang menuju port 587 dimana trafik yang menuju port 587 tidak akan masuk ke rule lain dibawahnya
menandai trafik yang menuju port 993 dengan FWMARK 0×5
-j RETURN untuk trafik yang menuju port 993 dimana trafik yang menuju port 993 tidak akan masuk ke rule lain dibawahnya
trafik yang tidak termasuk dalam klasifikasi sebelumnya akan ditandai dengan FWMARK 0×6 dan akan masuk ke class 1:15

Kemudian lakukan hal yang sama untuk OUTPUT chain. Ulangi script tabel mangle untuk PREROUTING, dan ganti semua kata PREROUTING dengan OUTPUT. Kegunaannya adalah agar semua trafik yang dihasilkan secara lokal di server tempat script ini terletak juga akan diklasifikasi. Tetapi bagian paling akhir dari script diganti dengan: iptables -t mangle -A OUTPUT -j MARK –set-mark 0×3. Hal ini membuat lokal trafik akan mempunyai prioritas lebih tinggi dan akan masuk ke class 1:12.

Masukan script OUTPUT chain dan PREROUTING chain dalam iptables script yang selama ini anda gunakan. Untuk pengguna SuSEfirewall, edit file /etc/sysconfig/scripts/SuSEfirewall2-custom, dan masukkan script tersebut pada bagian before antispoofing seperti dibawah ini

fw_custom_before_antispoofing(){
iptables -t mangle -A PREROUTING -p icmp -j MARK –set-mark 0×1
iptables -t mangle -A PREROUTING -p icmp -j RETURN
…….. dan seterusnya
iptables -t mangle -A PREROUTING -j MARK –set-mark 0×6
iptables -t mangle -A OUTPUT -p icmp -j MARK –set-mark 0×1
iptables -t mangle -A OUTPUT -p icmp -j RETURN
…….. dan seterusnya
iptables -t mangle -A OUTPUT -j MARK –set-mark 0×3
true
}

Jalankan script yang saya berikan dan restart SuSEfirewall atau iptables, dan coba jalankan perintah :

tc -s class show dev eth1

Sekarang perhatikan bahwa jumlah paket akan meningkat di setiap class. Jika ada class yang kosong berarti anda musti mengatur ulang priority atau FWMARK yang diberikan, karena hal ini berbeda disetiap network tergantung dari karakteristik pengunaan network oleh user. Selain itu sekiranya ada class yang penuh terus, maka perlu ditambahkan queuing dicipline lain supaya pembagian bandwidth lebih fair. Hal ini dilakukan dengan sfq (stochastic fairness queueing). Pada contoh script saya tambahkan class sebagai berikut:

tc qdisc add dev eth1 parent 1:12 handle 120: sfq perturb 10
tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10
tc qdisc add dev eth1 parent 1:14 handle 140: sfq perturb 10
tc qdisc add dev eth1 parent 1:15 handle 150: sfq perturb 10

Maksudnya adalah menambahkan queueing disc sfq pada class 1:12 (dan seterusnya) dengan nama handle 120 (dan seterusnya) dengan hashing dilakukan setiap 10 detik. SFQ akan mengatur bandwidth dibagi secara fair untuk setiap paket trafik. Untuk kasus di tempat anda mungkin berbeda tetapi script ini dapat dijadikan dasar untuk anda mengkonfigurasi di network anda.

Mudah-mudahan penjelasan singkat ini bisa dimengerti. Pada tulisan berikutnya akan saya jelaskan bagian script yang lain.

Medwinz's Notes posted in Indonesia at 17:00

Member

slowhand

Traffic Shaping - Bagian 1

Pertanyaan paling mendasar adalah mengapa perlu pengaturan trafik atau traffic shaping?

Anda pakai speedy office di rumah anda untuk 3 komputer. Anda tidak butuh traffic shapping.
Anda pakai fastnet 384 kbps di rumah untuk 3 komputer. Anda tidak butuh traffic shapping.
Kalau user anda sedikit dan bandwidth anda besar, katakan user anda 100, bandwidth anda 8 Mbps symmetris, anda sepertinya gak butuh traffic shaping (debatable juga sih apalagi kalau dipakai voip atau video conference).
Kalau user anda hanya 1 sampai 5 orang bisa dikatakan anda tidak perlu traffic shaping, karena bandwidth anda masih memadai untuk melayani user anda. Tapi bagaimana kalau user anda lebih dari 15 orang dan masing-masing melakukan koneksi remote ssh, selain tentunya browsing dan download. Bisa dikatakan anda akan mengalami masalah, kalau anda tidak men-shape trafik upload dan membuat policy untuk downlink anda. Saya mengalaminya sendiri dengan sekitar 60 user yang haus bandwidth.
Menjaga low latency untuk trafik interaktif. Artinya proses download dan upload harus tidak mengganggu SSH, telnet dan sejenisnya. Hal ini yang paling penting. Dengan latency 200ms cukup membuat bekerja dengan SSH sangat tidak nyaman.
Menjaga agar user dapat tetap membrowse internet dengan kecepatan yang nyaman sementara melakukan proses upload atau download.
Memastikan bahwa proses upload tidak mengorbankan proses download dan sebaliknya. Perlu dipahami bahwa adanya queue yang besar di device seperti modem ADSL atau kabel modem akan membuat upload, download dan trafik interaktif akan saling bertanding satu sama lain.

Di bawah ini adalah script yang dapat digunakan untuk melakukan traffic shaping di openSUSE (well, juga untuk distribusi linux lain). Sekarang saya akan menjelaskan apa maksud dari script tersebut. Ketika dulu pertama kali mempelajari tc, ip, dan HTB saya menyadari bahwa hal inilah yang paling susah.

#!/bin/sh

#
#
# /etc/init.d/mebwshaper_eth1
#
### BEGIN INIT INFO
# Provides:          mebwshaper_eth1
# Required-Start:    $network
# Should-Start:
# Required-Stop:
# Should-Stop:
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: Custom bandwidth shaping by medwinz@gmail.com
# Description:       Custom bandwidth shaping by medwinz@gmail.com
### END INIT INFO
#

test -s /etc/rc.status && . /etc/rc.status && rc_reset

case "$1" in
start )
# script bandwidth shaping for openSUSE by medwinz@gmail.com
# silakan dicopy atau diubah-ubah
#

echo -n "Starting bandwidth shaping HTB qdiscs in eth1"

DOWNLINK=968
UPLINK=110

# hapus existing downlink and uplink qdiscs, umpetin errors
tc qdisc del dev eth1 root    2> /dev/null > /dev/null
sleep 2
tc qdisc del dev eth1 ingress 2> /dev/null > /dev/null
sleep 1

# ngebuat qdisc
tc qdisc add dev eth1 root handle 1: htb default 15
tc class add dev eth1 parent 1: classid 1:1 htb rate ${UPLINK}kbit ceil ${UPLINK}kbit
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 36kbit ceil 36kbit prio 0
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 36kbit ceil ${UPLINK}kbit prio 1
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 9kbit ceil ${UPLINK}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 9kbit ceil ${UPLINK}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 11kbit ceil ${UPLINK}kbit prio 3
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 9kbit ceil ${UPLINK}kbit prio 3
tc qdisc add dev eth1 parent 1:12 handle 120: sfq perturb 10
tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10
tc qdisc add dev eth1 parent 1:14 handle 140: sfq perturb 10
tc qdisc add dev eth1 parent 1:15 handle 150: sfq perturb 10

tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12
tc filter add dev eth1 parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13
tc filter add dev eth1 parent 1:0 protocol ip prio 5 handle 5 fw classid 1:14
tc filter add dev eth1 parent 1:0 protocol ip prio 6 handle 6 fw classid 1:15

# attach ingress policer;
# ngelambatin download sedikit
tc qdisc add dev eth1 handle ffff: ingress

# lambatin semua paket yang datang terlalu cepat
tc filter add dev eth1 parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1

rc_status -v
;;

stop)
# hapus existing downlink and uplink qdiscs, umpetin errors

echo -n "Delete all HTB qdiscs on eth1"

tc qdisc del dev eth1 root    2> /dev/null > /dev/null
sleep 3
tc qdisc del dev eth1 ingress 2> /dev/null > /dev/null
sleep 2
rc_status -v
;;

restart)
## Berhentiin service dan tanpa perduli dia jalan atau nggak
## Start lagi.
$0 stop
$0 start

# inget status dan tenang aja
rc_status
;;

*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;

esac
rc_exit

Penjelasan

DOWNLINK=968

Ini adalah kecepatan download. ISP mengatakan 1024 kbps, tapi saya kecilkan menjadi sekitar 94% saja. Hal ini perlu agar tidak terjadi kongesti.

UPLINK=110

Demikian pula dengan upload. ISP menyatakan sebesar 128 kbps, tapi hanya 86% yang saya alokasikan.

Anda harus mencari dengan trial and error sampai didapatkan angka maksimum untuk DOWNLINK dan UPLINK dimana traffic tidak menyebabkan kongesti pada sambungan ADSL anda. Perlu untuk diketahui bahwa ISP menerapkan queueing pada banyak sekali server mereka, kita tidak dapat mengkontrol queueing di sisi ISP. Karena itu tujuan utama dari traffic shapping ini adalah memindahkan queueing pada server kita agar kita bisa mengaturnya. Sehingga traffic yang mencapai ISP tidak di queuing lagi oleh ISP (idealnya seperti itu). Pada setting di tempat saya, saya menggunakan angka UPLINK 110 kbit/s. Angka ini adalah angka maksimum sebelum latency mulai meningkat (walaupun Speedy mengatakan uploadnya 128 kbit/s) yang disebabkan mulai penuhnya buffer pada router atau modem (whatever..) antara server saya dengan remote host.

tc qdisc del dev eth1 root 2> /dev/null > /dev/null
sleep 2

Baris di atas merupakan perintah tc untuk menghapus semua root qdisc downlink yang mungkin ada sebelumnya di device eth1, selanjutnya menunggu selama 2 detik.

tc qdisc del dev eth1 ingress 2> /dev/null > /dev/null
sleep 1

Baris ini merupakan perintah tc untuk menghapus semua ingress qdisc uplink yang mungkin ada sebelumnya di device eth1, selanjutnya menunggu selama 1 detik. Baris-baris berikutnya adalah inti dari script ini yaitu membuat beberapa qdisc baru untuk mengatur trafik upload,

tc qdisc add dev eth1 root handle 1: htb default 15
tc class add dev eth1 parent 1: classid 1:1 htb rate ${UPLINK}kbit ceil ${UPLINK}kbit
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 36kbit ceil 36kbit prio 0
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 36kbit ceil ${UPLINK}kbit prio 1
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 9kbit ceil ${UPLINK}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 9kbit ceil ${UPLINK}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 11kbit ceil ${UPLINK}kbit prio 3
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 9kbit ceil ${UPLINK}kbit prio 3

Hal di atas adalah membuat beberapa qdisc dimana trafik akan diklasifikasikan. ada 6 htb qdisc yang dibuat dengan prioritas tertinggi pada class 1:10 dan terendah pada class 1:15. Secara default semua trafik akan masuk ke class 1:15 ( tc qdisc add dev eth1 root handle 1: htb default 15). Maksud dari baris-baris di atas adalah membagi root class 1: upload menjadi 6 class 1:10, 1:11, 1:12, 1:13, 1:14 dan 1:15 dengan rate minimal masing-masing 36 kbit, 36 kbit, 9 kbit, 9 kbit, 11 kbit dan 9 kbit. Setiap class dapat menggunakan bandwidth yang tidak terpakai oleh class lainnya. Class dengan priority yang lebih tinggi (prio 1 prioritasnya lebih tinggi dari prio 3) akan mendapatkan alokasi bandwidth lebih dulu.

classid 1:10 htb rate 36kbit ceil 36kbit prio 0

Ini adalah class dengan prioritas tertinggi. Paket dalam class ini akan memiliki delay terkecil dan akan mendapatkan excess bandwidth pertama kali, sehingga saya membatasinya sampai angka 36 kbit/s. Paket yang akan dikirimkan melalui class ini adalah paket yang membutuhkan delay yang kecil, seperti trafik interaktif yaitu: ssh, telnet, dns, irc, dan paket dengan SYN flag.

classid 1:11 htb rate 36kbit ceil ${UPLINK}kbit prio 1

Kelas ini adalah kelas pertama dimana sebagian besar trafik (bulk traffic) akan diletakkan. Trafik di sini sebagian besar adalah web trafik dari lokal web server (web server di mesin lokal) serta trafik web keluar: source port 80 dan destination port 80.

classid 1:12 htb rate 9kbit ceil ${UPLINK}kbit prio 2

Dalam kelas ini saya letakkan trafik dengan nilai bit TOS Maximize-Throughput dan trafik lain yang berasal dari proses lokal (trafik yang sumbernya dari server) ke internet. Class ini hanya akan berisi trafik yang di-route melalui server (tempat script ini di jalankan).

classid 1:13 htb rate 9kbit ceil ${UPLINK}kbit prio 2

Class ini diperuntukkan bagi trafik untuk mesin-mesin yang di- NAT, yang membutuhkan prioritas bagi trafik bulk-nya.

classid 1:14 htb rate 11kbit ceil ${UPLINK}kbit prio 3

Class ini untuk trafik email (SMTP, POP3, IMAP, dll) serta paket dengan nilai bit TOS Minimize-Cost.

classid 1:15 htb rate 9kbit ceil ${UPLINK}kbit prio 3

Class terakhir ini adalah class default dimana bulk traffic dari mesin-mesin yang di NAT akan dimasukkan. Trafik yang masuk di sini seperti kazaa, edonkey, dan yang sejenisnya.

Penjelasan singkat ini silakan dicerna dulu. Dibaca, dimengerti dan dibawa mimpi. Saya akan lanjutkan pada tulisan berikutnya bagaimana menghubungkan script ini dengan iptables.

Tor Lillqvist posted in English at 09:42

You know your workflow is really optimized...

... when make spends maybe 15 CPU minutes thinking really hard, with no output, and then says Nothing to be done for `slowcheck'. The mind boggles at how slow it might have been otherwise.

Sat, Apr 28th, 2012

Medwinz's Notes posted in Indonesia at 18:50

Member

slowhand

FInally Promo DVD 12.1 Come to Indonesia

Talking about bureaucracy, Indonesia maybe one of the worst case in the world. Sometimes officials cannot differentiate what is "commercial thing" and what is "social thing". Their head and brain full of how to monetizing something. Long story short when openSUSE 11.4 was out, SUSE sent 300 pieces promo DVD for me on August 2011 that I should then distribute again for free with my own time and money to spread the free open source software here in Indonesia.

At that time the combination of stupid person on forwarder side and corrupted-mind officials made me cannot took the DVD from Customs.

When openSUSE 11.1 out a couple of years ago I can easily got my openSUSE DVD sent from SUSE to Jakarta. So we are talking about declining quality of Indonesian Customs here after government always talking about good governance. Shame on them isn't it?

On March 2012 openSUSE sent me 500 pieces promo DVD of openSUSE 12.1 and this time SUSE change the stupid forwarder. The new forwarder asks me to prepare some documents that should be submitted through government offices, Ministry of Justice and Ministry of Commerce prior to go to Customs office. Previous forwarder not clearly explain this new thing to me. The new forwarder also doesn't allow me to bring the documents to Customs office, they will do it for me. I just only come to the Customs in the end of the process to claim the goods. So in April 26, 2012 three months after the release date I get the openSUSE 12.1 Promo DVD here in Jakarta. Huh...
I will distribute the DVD to school teachers and facilitators in Yogyakarta province in Indonesia, and also for Indonesia Translation Team for openSUSE Documentation.

PS:
Officials if you read this rambling "shit" don't get me wrong, I'm 100% Indonesian, I love this beautiful country very much so please don't ruin that. Please serve Indonesian citizen better because that's your only duty as a civil servants.
For capitalist company please train your staff and fire your in-competence people!

Nagappan Alagappan posted in English at 04:52

Renamed WinLDTP project as Cobra

Cobra can be used to test GUI applications on Windows platform with the same API set as Linux Desktop Testing Project.

During our testing at VMware it works on Windows XP SP3 / Windows 7 SP1 / Windows 8 development version with Python >= 2.5.

Features supported:

* Most of the widget types are supported and respective actions are supported

* i18n tests can be executed

* CPU / Memory of any application can be monitored

Fri, Apr 27th, 2012

Pascal Bleser posted in English at 22:42

Member

yaloki

Packman haz buttcrackerz

Bugtracker! I meant to say "bugtracker", I swear!

So, the oh so popular and useful Packman project finally has a proper bugtracker, how awesome is that? Yes, truckloads of awesome. More seriously, it was about time and I finally just decided to do it.

From now on, please use our bugtracker to submit bugs, package requests, etc..., rather than using the mailing-list, although the latter is still fine for discussions and such, obviously.

Using a bugtracker will make it a lot easier for everyone to keep up with what needs to be done, for the packagers to pick things to do when they're bored (hah! right... I had to look up that word in the dictionary), and to make it clear once more that we definitely need more packagers to join and help out.

One needs to create a user account to be able to file a bug/request, but that's quick and doesn't involve any pain. We cannot use openSUSE accounts (as on .opensuse.org), sadly.

In case you didn't notice from the links above, the URL of the Packman bugtracker is https://bugs.links2linux.org.

Genix Info posted in Português at 00:39

World IPv6 Launch - Lançamento Mundial do IPv6 em 2012

http://www.worldipv6launch.org/wp-content/themes/ipv6/downloads/World_IPv6_launch_banner_512.png

Os principais provedores de Internet (ISPs), fabricantes de equipamentos e provedores de conteúdos do mundo inteiro estão juntando-se para ativar em caráter permanente o IPv6 em seus principais serviços e produtos a partir de 6/6/2012.

Fonte: http://ipv6.terra.com.br/blog/index.php/2012/01/world-ipv6-launch/

IPv6:

http://en.wikipedia.org/wiki/IPv6

World IPv6 Day:

http://en.wikipedia.org/wiki/World_IPv6_Day

Testes IPv6

Quer saber se seu computador já opera com IPv6? Utilize este teste: http://test-ipv6.com.br ou http://www.wireshark.org/tools/v46status.html.

Quer saber se um site na internet já está usando o IPv6? Utilize este teste: http://validador.ipv6.br.

Veja onde o site que você acessa, está hospedado:

http://www.whoishostingthis.com/

NTP.br - A hora certa do Brasil

IPv6.br - A nova geração do Protocolo Internet

Visite:

CEPTRO: PTT Metro Brasil, NTP.br, IPv6.br entre outros serviços e projetos:

http://www.ceptro.br/CEPTRO/ServicosProjetos

CGI.br: por uma Internet brasileira cada vez melhor:

http://www.cgi.br/br.htm

Mapas da Qualidade da Internet no Brasil:

http://simet.nic.br/mapas/ baseado nas medições do SIMET.

http://www.ceptro.br/CEPTRO/MapaQualidade

SIMET: Teste a sua conexão de Internet dentro do Brasil.

SIMET é um medidor de velocidade com a internet, usando uma engine própria feita em Java.

SPEEDTEST: Teste a sua conexão de Internet dentro e fora do Brasil, é um medidor de velocidade com a internet mais confiável que o SIMET ou os Mapas da Qualidade da Internet no Brasil (http://simet.nic.br/mapas/ e o http://www.ceptro.br/CEPTRO/MapaQualidade), fazendo o teste entre dois servidores dentro do Brasil é rápido, pois tem a ajuda do PTT Metro Brasil.

Para quem tem internet da Oi (antiga Telemar e Brasil Telecom) entre outras operadoras de internet que fazem apenas acordos bilaterais (ATB - Acordo de Troca de Tráfego Bilateral, só trocam tráfego apenas com quem interessa) ou só faz trânsito (só compra e vende trânsito com quem interessa), na minha opinião, são egoístas e atrasam o desenvolvimento da Internet no Brasil e isso é ruim, quando o certo é fazer acordo multilateral (ATM - Acordo de Troca de Tráfego Multilateral, trocam tráfego com todo mundo) como fazem a maioria das operadoras de internet, como no FIX que faz parte do PTT Metro de Brasília, a CTBC no PTT Metro de Brasília é um exemplo de boa (uma das melhores) operadora de internet por fazer todos os acordos possíveis: ATM - Acordo de Tráfego Multilateral, LG - Looking Glass, Trânsito e com suporte completo ao IPv6 only (nativo) e segue todas as regras do PTT Metro Brasil (http://www.ptt.br/regras.php) e do FIX (http://www.fix.org.br/), e a Documentação sobre o PTT Metro Brasil (http://ptt.br/documentacao.php), e o certo é também fazer todos os acordos de adesão possíveis do PTT Metro São Paulo, que deverão estar disponíveis em outros PTT Metro: Termo de conexão ao PTTMetro, Termo de adesão ao ATM -Acordo de Troca de Tráfego Multilateral (opcional) e o Termo de adesão ao Trânsito Experimental IPv6.

E o certo é descentralizar e criar redundâncias nas ligações dos PIX nas localidades (cidades) do PTT Metro pelo Brasil, exemplo: tem muitas operadoras de Internet que tem apenas uma ligação em apenas uma localidade (cidade) do PTT Metro em todo Brasil, de forma centralizada e sem redundância, é só olhar a lista de participantes do PTT Metro São Paulo, PTT Metro Brasília, PTT Metro Rio de Janeiro entre outros e comparar com outros PTT Metro pelo Brasil, quando o certo são as operadoras de internet no mínimo, é seguir esse esquema: criar um PIX com link de 10 Gb/s cada e se interligando entre si, em todas as capitais estaduais brasileiras, e em 7 cidades no interior desses estados, nas 5 regiões oficiais (Centro-Oeste, Nordeste, Norte, Sudeste e Sul) do Brasil (tudo isso, incluindo o Distrito Federal), e depois ir aumentando este número, sempre de forma descentralizada e redundante, no mesmo esquema.

Seguindo o esquema citado antes, continuar com a criação dos PIXs em todas as capitais brasileiras incluindo o Distrito Federal, passar para as regiões metropolitanas e depois para as cidades do interior dos estados brasileiros até ter um PIX de cada operadora de internet para cada cidade em todo o Brasil. E se a CTBC também estiver seguindo todas as Boas práticas para peering no PTTMetro, a CTBC, assim como outras operadoras que fizerem o mesmo, e se também fizerem tudo o que eu falei antes, serão melhores do que já são e ainda estarão fazendo o certo e assim, contribuem para o desenvolvimento da Internet no Brasil.

Agora fora do Brasil o teste é lento, pois as rotas internacionais do Brasil com o resto do Mundo são lentas: Internet: Rotas Internacionais Lentas. Abuso mais isso deve melhorar com os cabos submarinos: WASACE e o SAex (o SAex se conecta a Atlantica-1/GlobeNet e a SEACOM), pois o Atlantis-2, entre outros cabos submarinos que ligam o Brasil ao resto do Mundo, precisam de reforço, para as transmissões da Copa do Mundo FIFA de 2014 e dos Jogos Olímpicos de Verão de 2016 .

O mapa do site Greg's Cable Map é uma tentativa de consolidar todas as informações disponíveis sobre a infra-estrutura de comunicações feita através de cabos submarinos, tem também o site: http://www.submarinecablemap.com/

Entenda como funcionam os cabos submarinos:

http://www1.folha.uol.com.br/folha/informatica/ult124u372939.shtml

Teleco, Cabos Submarinos no Brasil:

Inicial

Histórico

Cabos Submarinos no Brasil

Estrutura do Sistema

Estrutura do Cabo

Considerações Finais

Teste seu Entendimento

Cabos submarinos e a Internet:

http://www.hardware.com.br/dicas/cabos-submarinos.html

Torne-se um host do SPEEDTEST:

Na Speedtest.net, nossa meta é possuir servidores de teste de qualidade nas principais cidades do mundo. Junte-se a nós ainda hoje e torne-se parte do teste de velocidade de banda larga mais popular e abrangente do mundo!

Fonte e mais informações: http://www.speedtest.net/host.php

Coloque o SPEEDTEST em seu site ou blog, antes de fazer o teste, veja em que cidade o seu site ou blog está hospedado, depois escolha a cidade para fazer o teste: http://www.speedtest.net/mini.php

Teste de velocidade da Vivo: é um SIMET disfarçado, pois só testa com servidores dentro do Brasil:

http://www.euquerofibra.com.br/TesteVelocidade

http://www.brasilbandalarga.com.br/

Teste de velocidade da Copel: http://speedtest.copel.net/ é um SIMET disfarçado, pois só testa com servidores dentro do Brasil, ele testa da sua cidade ou do servidor do seu provedor, até o servidor da Copel no Paraná, usando uma engine do SPEEDTEST feita em Adobe Flash Player.

Teste de velocidade da GVT: http://demo.ookla.com/gvt/ é um SIMET disfarçado, pois só testa com servidores dentro do Brasil, ele testa da sua cidade ou do servidor do seu provedor, até o servidor da GVT no Paraná ou em outra cidade ou estado brasileiro, usando uma engine do SPEEDTEST feita em Adobe Flash Player.

A maioria das operadoras de internet no Brasil, usam medidores de velocidade, que testam a internet entre servidores dentro do Brasil.

PTT Metro Brasil

PTTMetro é o nome dado ao projeto do Comitê Gestor da Internet no Brasil (CGIbr), é um IX que promove e cria a infra-estrutura necessária (Ponto de Troca de Tráfego - PTT) para a interconexão direta entre as redes ("Autonomous Systems" - ASs) que compõem a Internet Brasileira. A atuação do PTTMetro volta-se às regiões metropolitanas no País que apresentam grande interesse de troca de tráfego Internet.

Uma das principais vantagens deste modelo, é a racionalização dos custos, uma vez que os balanços de tráfego são resolvidos direta e localmente e não através de redes de terceiros, muitas vezes fisicamente distantes.

Outra grande vantagem é o maior controle que uma rede pode ter com relação a entrega de seu tráfego o mais próximo possível do seu destino, o que em geral resulta em melhor desempenho e qualidade para seus clientes e operação mais eficiente da Internet como um todo.

Um PTTMetro é, assim, uma interligação em área metropolitana de pontos de interconexão de redes (PIXes), comerciais e acadêmicos, sob uma gerência centralizada.

Fonte e mais informações:

http://ptt.br/intro.php

http://en.wikipedia.org/wiki/PTT_Metro

Como fazer parte do PTT Metro Brasil:

Como eu disse antes: Faça parte do PTT Metro Brasil, fazendo o certo e assim, contribuindo para o desenvolvimento da Internet no Brasil.

Primeiro Passo:

Envie um Formulário para Candidatura de sua Localidade (cidade) para o PTT Metro Brasil: http://ptt.br/localidades/register.php , caso a sua localidade (cidade), não seja participante do PTT Metro Brasil.

Segundo Passo:

Se a sua localidade (cidade) já é participante do PTT Metro Brasil, escolha uma das localidades (cidades) para se conectar, você pode fazer a sua adesão como um: AS (Autonomous System é o conjunto de rede com a mesma política de roteamento) e com um número de ASN (Autonomous System Number é o identificador único de 32bits para um AS. É normalmente alocado pelos RIRs).

Terceiro Passo:

Sendo um AS e com um número de ASN, você pode se tornar um PIX (Ponto de Interconexão ou ponto de acesso ao PTTMetro), mais informações: http://ptt.br/intro.php

Entenda como a Internet e os PTTs funcionam, Internet Revelada (Internet Revealed).

Demi Getschko na TV Estadão: IPv6, Neutralidade da Rede, PNBL, ...:

http://www.ceptro.br/CEPTRO/ArtigoNoticiaDemiTvEstadao

Membros da Euro-IX (IX da Europa):

https://www.euro-ix.net/member-list

Os vários IX no Mundo:

https://prefix.pch.net/applications/ixpdir/

Entre em contato com a Packet Clearing House (PCH), e crie um IX na sua cidade, estado ou país, que permita o public peering e que se possa fazer todos os acordos possíveis: ATM - Acordo de Tráfego Multilateral, LG - Looking Glass, Trânsito e com suporte completo ao IPv6 only (nativo), e como eu disse antes, as operadoras de internet quem que fazer o certo, o Brasil já tem o PTT Metro, outros IX no Brasil devem ser integrado ao PTT Metro, o mesmo deve ocorrer em países que já tem algum IX, eles tem que ser integrados em uma Matriz Regional Única (Matriz de troca de tráfego regional única).

MPLS:

http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching

SAN:

http://en.wikipedia.org/wiki/Storage_area_network

Tecnologia cloud da IBM, Cisco ou NEC em fibra óptica.

SPDY:

http://en.wikipedia.org/wiki/SPDY

Mozilla Firefox Brasil:

http://br.mozdev.org/

Ortografia Português/Brasil – Dicionário [pt-BR]:

https://addons.mozilla.org/pt-BR/firefox/addon/ortografia-br/

Por que o Ortografia Português/Brasil – Dicionário [pt-BR] foi criado?

Esta é a versão para programas Mozilla do dicionário pt-BR criado por Ricardo Ueda Karpischek. Não é atualizado desde 2002 e sua licença (GPL) não permite que ele já venha com o Firefox/Thunderbird.

O que vem por aí para o Ortografia Português/Brasil – Dicionário [pt-BR]

O recente relicenciamento do dicionário pt-PT (GPL/LGPL/MPL) permitirá uma adaptação para a ortografia pt-BR e também que ele já venha integrado com os programas Mozilla (sem precisar instalar).

Esse trabalho está em andamento e será concluído ainda em 2009, já com a nova ortografia. O atual dicionário pt-BR será removido.

Fonte e mais informações:
https://addons.mozilla.org/pt-BR/firefox/addon/ortografia-br/developers

IcedTea:

http://en.wikipedia.org/wiki/IcedTea

Gnash:

http://en.wikipedia.org/wiki/Gnash

Moonlight:

http://en.wikipedia.org/wiki/Moonlight_%28runtime%29

Mozilla Thunderbird Brasil:

http://br.mozdev.org/thunderbird/

LibreOffice:

http://en.wikipedia.org/wiki/LibreOffice

Corretor Gramatical CoGrOO:

http://pt-br.libreoffice.org/projetos/cogroo/

Projeto VERO - VERificador Ortográfico:

http://pt-br.libreoffice.org/projetos/projeto-vero-verificador-ortografico/

Comunidade dos Países de Língua Portuguesa (CPLP)

http://pt.wikipedia.org/wiki/Comunidade_dos_Pa%C3%ADses_de_L%C3%ADngua_Portuguesa

Se a sua cidade, estado ou país tem alguma ligação direta ou indireta com a língua portuguesa, ou tem muitos falantes de língua portuguesa, ele tem que fazer parte da Comunidade dos Países de Língua Portuguesa (CPLP), entre em contato com a CPLP: http://www.cplp.org/

Acordo Ortográfico da Língua Portuguesa de 1990

http://pt.wikipedia.org/wiki/Acordo_Ortogr%C3%A1fico_de_1990

As várias correntes de pensamento e de ações, para se ter uma Internet Banda Larga Melhor e Livre no Brasil

Operadoras de banda larga deverão fornecer um medidor de velocidade:

http://www.hardware.com.br/noticias/2012-02/operadoras-bandalarga-medidor.html

Operadoras de internet no Brasil, tem até Julho de 2012 para adicionar o suporte completo ao IPv6 only (nativo), segundo o cronograma de implantação:

http://www.ipv6.br/cronograma/

http://www.ipv6.br/pub/IPV6/ForumImplementadores/16h05-cronograma-milton.pdf

http://www.isoc.org.br/component/content/article/1-novidades-noticias/101-ipv6launch

DTVi: TV Digital (HDTV) interativa no Brasil

A prioridade, no momento, é padronizar:

1 - LSB x86-64 4.x (ou superior):

http://pt.wikipedia.org/wiki/Linux_Standard_Base

Resumindo: É uma certificação para as Distribuições Linux, http://pt.wikipedia.org/wiki/Distribui%C3%A7%C3%A3o_Linux a versão em inglês é mais imparcial, http://en.wikipedia.org/wiki/Linux_distribution

2 - IPv6 support Ready Logo Phase 2:

http://www.ipv6ready.org/?page=phase-2

Resumindo: É uma certificação para o uso do IPv6, http://pt.wikipedia.org/wiki/IPv6

LDP-BR Projeto de Documentação do Linux - Brasil:

Site oficial: http://trac.watter.net/ldp-br/wiki

Lista de E-mails do LDP-Brasil:

https://lists.sourceforge.net/lists/listinfo/ldpbr-translation

Boas práticas para peering no PTTMetro:

http://www.slideshare.net/LuisBalbinot/boas-prticas-para-peering-no-pttmetro

PTT.br - Infraestrutura Crítica - São Paulo - 5º PTT Fórum - 29 Nov 2011 (Espero que essa solução definitiva, prevista para 2014, se estenda a todos os PTTMetro (http://ptt.br/) em todo o Brasil): http://ptt.br/doc/pttforum/5/ptt.br.5pttforum.infraestrutura_critica_spo.20111129.pdf

Faça troca de tráfego (peering), em ATM e LG, com suporte ao IPv6 (http://ipv6.br/), no:

PTTMetro São Paulo (http://sp.ptt.br/particip.html),

FIX (http://www.fix.org.br/),

ANSP (http://www.ansp.br/) e

Terremark Brasil (http://www.terremark.com.br/).

Faça como o Comitê Gestor da Internet no Brasil (CGIbr), seja contra o: SOPA e também seja contra o: PIPA e ACTA, ou qualquer outra coisa que tire qualquer tipo de liberdade da internet, pois a internet tem que ser livre em todos os sentidos.

Avise se algum erro for encontrado nesse artigo.

O conteúdo desse artigo pode ser modificado ou atualizado, por isso, visite essa página constantemente e mantenha-se atualizado.

Thu, Apr 26th, 2012

Klaas Freitag posted in English at 00:00

Member

dragotin

ownCloud Client 1.0.1

This week we prepared another ownCloud sync client (oCC) release for you. oCC is released together with csync 0.50.5, the underlying library on which shoulders oCC stands. Find packages for your distribution.

Only a couple of weeks after the first release we could come up with a quite long changelog, larger than for a maintainance release.

First and foremost, oCC now supports SSL connections and does not store passwords any more, well, in clear text in a config file. Still there is no strong encryption for the password in (as that’s a non trivial if not impossible thing) but its not clear text any more, so accidents should not longer happen. For those who really care and put security over convenience there now is the option to not store the password at all but provide it at startup. The whole password storage will get more attention soon, I did some work on that already, also using kwallet, more on that in another post.

The whole start process of oCC, which is more complex as it might seem as libcsync expects a nice environment with a verified connection to the ownCloud, was cleaned and matured. I had to learn about QNAM but now we seem to be friends.

Efforts also went into the following areas:

Error handling: People got confused about error messages from oCC which were not accurate here and than. I added more fine granular error reporting to libcsync so that oCC now can give even more helpful error messages.
MacOSX: On the sprint weekend in Stuttgart, we made good progress on that platform, will also soon get a release. Domme got the most out of cmake to get dmg image building going, thanks, you rock!
Qt 4.6: As usual one has to learn that current distributions ship not so current Qt versions. Thanks to Thomas, he put quite some effort in porting back to Qt 4.6 - so that Debians friends can also use oCC now.
Packages: Check out the community repo on OBS: We now can provide packages for way more platforms including Ubuntu and Debian. Still your help would be appreciated in maintaining.

Speaking about the recent sprint in Stuttgart: It was great to be there, ownCloud has an open, friendly and welcoming community in which you really feel the spirit of working on something new and interesting with cool potential. I really enjoy being here,. Thanks guys for all your work and feedback :-)

Wed, Apr 25th, 2012

Lukas Ocilka posted in English at 15:10

kobliha

SUSE is Looking for Designers and Web Developers

SUSE Studio and Systems Management teams are looking for designers and web-developers!

You've always loved SUSE and wanted to join the team? You can do it now. There are several positions open at the SUSE careers page.

Learn more about SUSE Studio positions also here.

Priyanka Menghani posted in English at 14:17

Accepted to GSoC 2012

I got selected for GSoC 2012 to work with OpenSUSE. I will be mentored by Michal Hrusecky and my project involves developing a Karma plugin for OpenSUSE Connect.

This Plugin will reward people with Karma points on reporting bugs, making bug fixes, Wiki entries, posts on OpenSUSE planet, promoting OpenSUSE events on twitter etc. People will also be rewarded with badges on attainment of specific levels of Karma points, and they can also send across positive Karma to others, to show appreciation towards their work.

Have a look at my proposal:http://www.google-melange.com/gsoc/proposal/review/google/gsoc2012/priyankam/18002#

This summer will be a great experience with GSoC and OpenSUSE.