“Is Linux a better choice for old devices?”

Jiong Lu

I have a year 2003 Dell Inspiron 5100 notebook sleeping in the closet for almost 15 years and she is going to turn 19 this year. Recently I took it out and was wondering what I can do with it.  And finally, I decided to do a small project: Find out “Is Linux a better choice for old devices?”.  While following modern path like creating a YouTube video might be quite sounding, I am indeed not confident in shooting or editing so I prefer to stick with the old school style by just writing this article. At least I can learn a lot from the whole experience.

And never forget to Disclaim: this is a very biased article written by a MS engineer, and the research covered just one PC that obviously does not have its statistical significance.   The proper title might be: Is Linux a better choice for an old device owned by a MS engineer?     If that makes us all feel better. LOL

CPU

My Inspiron 5100 comes with a Pentium 4 2.4G (Northwood) CPU.   It is a 32-bit desktop CPU installed on a notebook, hot, slow, and always hungry for power with average DLP of 59.8w.  Starting from 2020, a lot of Linux distros stopped releasing new 32bit versions.   I decided to pick Linux Mint 19.3 as it is Ubuntu 18.04 based and it is yet widely used 32-bit supported OS.

For Windows, since Pentium 4 has SSE2 instruction set (and Pentium III does not), Windows 7 can yet run on it.  And Windows 7 is arguably still supported by Microsoft with ESU licenses (which is a paid service though), as of today, January of 2022.  I have thought of running Windows 8.x or Windows 10/11.   But the video card limitation and the NX bit security requirement shut this option down.

Pentium 4

Technically you can install any kind of end-of-life obsoleted OS onto an old device.  But this is not the point of my test.  My point is to test use the old device in modern days, which requires the OS to at least be still supported, can be security patched.

Conclusion: When comes to Operating Systems choices for CPUs, Linux is not that picky.  For recent new CPUs, kernels can be compiled and optimized to utilize the new features provided by them. But at the same time Linux does not say no to old CPUs.  It just won’t perform as good.  On the other side, Windows does have requirements for CPUs especially NX Bit, SSE2 and SSE3 etc.  And this 19-year-old Dell PC can run Windows 7 at its best.  

Meltdown and Spectre

One interesting thing needs to be pointed out (not relevant to the topic of this article) is that, like most Intel CPUs developed before 2018, this Pentium 4 is vulnerable to Meldown or Spectre (v1, v2) attacks.   And what’s make it worse, is that Pentium 4 (Northwood) uses a 20-stage (for Pentium 4 Prescott model, it will be 31-stage) long pipeline, compared with modern CPUs that only have 14 stages or less.  The 20-stage speculative technology used was specially designed for Pentium 4’s high CPU frequency, so that it can run more instructions per second by putting more in its cache and predicting more to run them simultaneously.  Which made it even more vulnerable to Meldown or Spectre (v1, v2 etc.) attacks.  There are OS patches to mitigate these types of threats, but they have quite a performance hit for speculative technology, especially with those having long pipelines like Pentium 4.     I choose to turn this mitigation off (on both Linux and Windows) and keep telling myself not to store anything important/sensitive on this little old device.  And… it turns out that the performance difference can be felt by human beings.

Video Card

This Dell Inspiron 5100 has a very weak AGP type video card: ATI Mobility Radeon 7500c (RV200 on Linux).    After install Linux, video card hardware acceleration works on Linux Mint when the kernel version is at 5.0.x (or below), but when kernel gets upgraded to 5.4.y (or versions above), only software rendering (by CPU) is used by the display manager, which made the system not usable.  It does not matter what display manager I choose (Mate, Cinnamon, XFCE etc.), it is 100% the kernel that made such difference (well, that is what a kernel should be.  But worth confirming, isn’t it? :))

Mobility Radeon 7500

As a long-time Windows user, I am not familiar with how Linux kernel handles hardware support. But I decided to do further research because Linux is open source. Yeah, why not!   And after some Bing search and code reading, I found it.  Yes, there it is!  I at least found where the driver support difference occurs:  The AGP card support for ATI Mobility Radeon 7500c was dropped by Linux Kernel starting from version 5.4.24.   You may find the details from these 2 patches: [PATCH 5.4 079/152] and [PATCH 5.4 080/152].   The 079 patch removes the AGP card support for amdgpu driver and the 080 patch removes the same for radeon driver.  The approval date of these 2 patches was Mar 03, 2020.  If you also have an AGP type of AMD video card and want to use it on Linux, you will very likely face the same issue.  I didn’t test the same for any AGP type of NVIDIA card though (edited 1/20: there are articles saying AGP support for both AMD and NVIDIA is dropped, around early 2020).  From all the work done above, I really learned a lot on how Linux community manages source codes, their modification histories, and the review / approval procedures.  Very impressive.   And this might also lead to another future project: what if I recompile the kernel to bring the AGP card support back? Edited 1/20: don’t get me wrong, I am not saying reverting these 2 patches will be all needed to do to bring AGP back. There are codes relating to it which do the real work and I am sure there will be quit a lot of them and almost everywhere. The Linux community said that it is difficult to keep maintaining AGP so that’s why it is dropped. Bringing it back will be easy to say, very difficult to do. But it is still on my list for exploring.

Code Change in Linux Kernel 5.4.24

Now, how about Windows then?   Mobility Radeon 7500c on my Inspiron 5100 has only 32M dedicated ram and it only supports DirectX up to version 7.  The most important thing is that the official vendor support just provides the driver for Windows XP.  There is no official driver for Vista or Windows 7.   But it does not prevent you from installing the XP driver onto Windows 7, you get all basic functions but not those Windows 7 dedicated visual effects like aero.   This is called a XDDM driver.   And those official Windows 7 video cards should be using WDDM drivers (supporting DirectX 9 or above, and at least 128m ram).   Starting from Windows 8 and all versions after it, XDDM drivers are no longer supported.  Hence Windows 7 is the highest version this Inspiron 5100 can run (sort of).

Conclusion: This weak AGP card seems not working well on either Windows or Linux, and for Linux it is already not supported.   In terms of performance, it worked better on Windows 7, compared with cinnamon (on Linux Mint).  On cinnamon, a process called “cinnamon –replace” keeps popping up even at idle which shows that CPU assistance is always required for the DM to render the desktop.  Browsing (with hardware acceleration) is already too much work for this video card on both OS, not to mention opening heavy sites like YouTube.  I did try XFCE or BionicPup32 (Ubuntu based 32-bit Puppy Linux), which runs smoother, but yeah, you can argue the same for using Windows XP to show performance as well. I have also thought of replacing the card with something else, but, nope, that’s just it is (a Radeon 9000 card won’t make much difference either and you cannot go any further).

Wi-Fi Card

The Inspiron 5100 is equipped with an 802.11b/g Dell Truemobile 1150 card (Broadcom chip BCM4306/v2) that requires drivers on both Windows and Linux.   On Windows, the official driver had several version updates, and the latest version enables 802.11b/g/n (for 11n, it is with standard level compatibility but not its speed) so I can turn on 11n mode (for 2.4G) on my Access Point and the card still can communicate with it properly.

On the other hand, Linux driver support was a total headache. The BCM4306/v2 is only supported by b43legacy driver but it is so basic that if I turn on 11n mode (for 2.4G) on the AP, the card just refuses to connect, no matter what channel I assign to it.  Even after I change the AP to 11b mode, the card is so reluctant to work well, keeps dropping packet or returns a ping at level of hundred milli-seconds (it could be because 2.4G channels are so full at my apartment).  And “NO, a NDISWrapper won’t work either” before some of readers may point out.

MiniPCI Wi-Fi Card and MiniPCIe Wi-Fi Card

But the good news is, after I spent less than 5 USD bought a Qualcomm AR9220 Wi-Fi card and plug it in, both Windows and Linux are very happy with it.  No drivers needed and it is 802.11a/b/g/n.  It is just great. Problem solved.  For those who may think these Wi-Fi cards look the same as of today, it is not.  They are all MiniPCI type, which is nearly 4x the size of a modern Mini-PCIe Wi-Fi card.  That is history, in 20 years.  (But wait! If you have an IBM, Toshiba, or some other notebooks, don’t assume a new Wi-Fi card will always work because these makers have locked the Mini-PCI cards using whitelist in their BIOS).

Conclusion: For Wi-Fi devices, Windows and Linux are happy with a lot of old Qualcomm chip equipped cards. When comes to the old legacy Broadcom chip, Windows needed a 3rd party driver, Linux just said no.

RAM

Inspiron 5100 can take up to 2G of RAM if its BIOS gets upgraded to version A32 (latest).   They are the first generation of DDR ram, running at 266Mhz and can work under dual channel (1G each).  They cost me about USD 9 in total. Both Linux Mint and Windows 7 are fine with that 2G of RAM.  At least, they were not the bottleneck. 

It worth mention that the only broken part of this PC after I took her out from the closet, was one of the old RAM sticks (512M).   It caused a BSoD on Windows 7.   I personally have never met with a broken RAM so that was a nice cool experience, which also cost me several further tests to troubleshoot, isolate (make sure it’s not motherboard) and identify which one was bad. And I am not complaining.   One more interesting thing is that the Dell Inspiron 5100 tested the RAM after that crash and decided to lower the capacity of that RAM to just 192M.   I never know that BIOS will do this type of thing, it was funny but yeah, makes sense.

Broken RAM caused a BSoD

HDD or SSD?

The original storage on this device was a 4800rpm 40G Hitachi hard disk.  It is of IDE type (or PATA).  And it is extremely slow. I spent about USD 19 in total bought a 120G mSATA SSD and an adapter to make it work with PATA interface.

mSATA SSD with IDE adapter

This combination works quite well on both Windows 7 and Linux Mint 19.3.  I had to do similar configuration changes on both sides like enabling TRIM, enabling cache, stop disk defragmentation job etc.   But they are fine with all these changes.   The only complain, which was already expected, is that the SSD does not perform because of the IDE interface and/or the bus.  Read/Write peaks at around 20MB/s-ish, and there is not much we can do with it.   Old hardware is just old hardware and changing the motherboard will be considered going too far for these types of projects.

Both Windows 7 and Linux Mint are installed (dual boot) on the SSD.   They became friends.

Conclusion

OK, time to wrap the test up.   If you ask me “Is Linux a better choice for old devices?”, the answer is complicated (yeah, I hate myself saying that):

At least, Linux is not always the last to drop support for old hardware.  In a lot of cases, they drop earlier than Windows do. We cannot just assume Linux or Windows will work on certain old hardware, because very often they don’t.   If you have a Pentium III PC, the experience would be very very different.

There is never anything other than hardware failure that will prevent you install an outdated obsoleted OS to an old device.   You just don’t get security updates and they may lack ability to work with modern standards like Wi-Fi 4+, TLS 1.2, DirectX etc.  

The performance for an old PC to run “Supported” operating system is, honestly, not good.  I can’t think of many use scenarios for them, other than: Run old single-person games / Keep the PC working until they become antiquities.

While these might be considered as total waste of time, for me, it was still a GREAT experience.  Because it gives me opportunity to learn things from the timeline table: where they come from, how do they work, and what they will change into.   Because of it, I started to learn Linux kernel and who are developing and maintaining them. 

This was a FUN project to start 2022.  And all best wishes to you too!

用现成设备做一个复古红白游戏机

又是春雨绵绵时,困在家里的爸爸们想不想为孩子们做一个小项目呢?先看看家里都有什么吧。 如果你家里碰巧有下面这个设备(已经收在抽屉里的就更好了):
小米盒子 (1,1s或者2,…. 越老版的就越开心)
可选:能连接USB的老游戏机手柄 (比如PS3的,等等)

那不妨一起动手把它变成一个复古的任天堂游戏机吧。  额外需要的工具包括:
安卓手机
Wifi (让手机和小米盒子都设定用同一个Wifi)

第一步: 在安卓手机上安装 “小米电视助手”, 于浏览器点按: https://app.mi.com/details?id=com.xiaomi.mitv.phone.tvassistant (来自小米官网),并且选择安装。 您也可以从各大应用商店搜索“小米电视助手”并予安装。

第二步:在手机上下载 “小鸡模拟器TV版”。 于浏览器点按:
http://dl.xiaoji001.com/download/tv/xiaoji_V1.1.9.apk (此为小鸡官网)。 注意: 不要在手机上安装这个应用,这个是为小米盒子准备的。

第三步,在小米盒子上安装“小鸡模拟器TV版”

  1. 先让小米盒子和安卓手机进入同一个Wifi
  2. 在打开手机上打开小米电视助手,并且和小米盒子连接 (在右上角点击电视图标)
搜索盒子
  1. 进入应用管理, 选择本地应用安装, 然后选择安装“小鸡模拟器TV版”

这样就安装好了,小鸡模拟器TV版就会出现在小米盒子的应用清单里

然后可以考虑连接遥控器。 你可以通过USB的OTG线,将PS3的遥控器脸上。 笔者没有尝试其它类型的手柄,但是市面上的PC用手柄一般都能使用。 小鸡还有其自身推荐的手柄系类,有兴趣的朋友可以自己研究一下。

这是我下载的第一个回忆游戏

接下来,就把主导权交还给爸爸们。 在小鸡模拟器里,可以搜寻到大量红白机,甚至SFC等机器的游戏。  至于这个项目到底是为孩子们还是爸爸们准备的,不妨让妈妈们来评判就是了。

2021/02/27

北卡罗莱纳州立大学教授讲解 理性思考

对大多数人来讲,理性思考是一种奢侈。 对的,也包括我自己。 所以我们可能需要跳出以为的那种自负,从而可以理性地去思考:理性思维。 理性思维的第一步是承认自己并不总是理性。我们很容易接受“人类个体是非理性”的概念,却更多以为讲的是他人。发现自己并非总是理性这件事情,是跨向理性思维的第一步。

最后教授也提到,解决理性思维与否并非是问题的全部,发掘正确的制度往往效果更好。 或许,我们总有一天,并不需要再争论理性与否这个事情了。

视频来源:youtube

关于Office 365的Ring开发理念

今天的IT开发技术和以往大有不同,有一种被称为“Rings开发模型”正开始流行。 这种技术可以让开发团队能够不间断地更新他们的应用,提供最新的机能,并同时能够保证安全性,私密性和可靠性不被忘却。 如此一来,也让客户能够安心使用这些最新的技术。

当然,这一模式也带来一些挑战,特别是依赖于“传统规范的”标准和技术审核。这些标准与审核还存在一些旧的技术控制点,诸如要求“完全独立的测试环境”,“设置针对于‘大型’版本更新的测试基准以及对应的人工审核”等等。 很多控制点已经变得过于逆生产力,而且拥有较少空间可以让开发人员解释新技术实际上能够达到一样的控制目的,而是纠结于字面上的标准要求。

微软云技术将会继续和各大标准制定机构,认证组织以及业界同行们一起努力,争取正面影响到标准的制定以及后续认证审核的相关技术细节。

This is an old article but worth reading: Change Management for Microsoft 365. In today’s world, IT service providers use a new methodology of releasing features/updates called “Rings” which enable develop teams to release new features on continuous basis, while still maintaining a high-level of quality and security/privacy promises. And it gives our customers confidence to use latest new technologies.

However, at the same time, it brings challenges to “traditional-style” standards and audits, which yet stick on rules like “totally separated test environment”, “‘major’ release milestones and requirements of manual check-ins” etc. And some of these required controls may even become counter-productivity when there is limited room for service providers to show evidence that their original purposes are met with the same, if not higher, level of standard.

Microsoft will continue working with certification authorities, standard committees and IT partners trying to bring latest technology not only to services themselves but also to standards and audits.

为何我们说PIN比Password安全

自从移动设备成为我们日常生活和工作的主要工具之后,我们便习惯了使用PIN来登入自己的设备。很难想象有谁还会使用复杂密码来打开自己的电话。那么问题来了:4位,或者6位的PIN是不是就不安全了呢?从概率学上说:是的。 这也是为什么密码的复杂性是一直被强调的,一个符合现今密码复杂度的条件可能包括:至少8位长,有大小写字母和数字。用这些条件来看,PIN绝对是够不上条件的。

但是,微软怎么就跳出来说:“PIN其实要比Password安全”呢? 其实他说的不全面。 全面的说法应该是这个样子的:“在用户设备或者企业设备资产在受管理的情况下,用PIN登入这些设备访问资源特别是全局资源,要比使用密码登入更加安全。”

这句话其实也不好理解。 首先要解释何谓“受管理的设备”。 一个受管理的设备需要至少符合以下三个条件:一,全身加密,且只有在登入以后才可访问资源(需要TPM); 二,设备登记在册,在丢失的情况下有快速机制抹除数据并拒绝访问; 三,有防止暴力破解登入的机制。 比如企业用户可以使用Active Directory(或Azure Active Directory)强制所有设备在登记入域并且执行了上述三个条件以后才能访问全局资源。 大多数苹果iOS设备也缺省都会全局加密并且强制打开iCloud追踪机制,这些机制都保证设备是受管理的。

回到PIN登入机制本身,PIN登入其实都是跟随设备的,且在设备本身完成,每一台设备都需要单独设定PIN。 用户在登入一台受管理的设备之后,如果需要访问全局资源,那么被访问的资源不仅要看用户是不是用户本人,还要看他/她是不是从一台受管理可信赖的设备访问的。 这种方式是一种天然的双因子认证的机制。 相对而言,密码则是并不跟随设备的。一旦密码被窃,它可以被使用在其他设备上进行认证。 这也是密码在今天的网络环境下的一大难题。 根据调查,绝大多数密码被他人冒用登入的安全事件并不是因为密码复杂度不够所造成的,而是因为用户到处使用同一个密码登入,而其中一个网站或系统被人破解或恶意泄露造成的。

所以,我们说PIN更加安全,完全是建立在两个现今网络安全机制基础上而言的: 1) 在受管理可信赖的安全设备上,PIN登入更加安全 2) PIN登入更能够保护全局资源,比如云储存的数据和企业的数据。

当然,4位的PIN还是不足以应对暴力破解,所以一般会要求6位或更严格的PIN位数。 另外,说到PIN,不妨也提一提指纹认证,还有颜值认证等等。 这些认证机制,原则上和PIN一样,是在设备本身完成,再由设备向服务器请求认证的。 但这一切都基于正确的设计,也还只有Windows和iOS在这方面严格执行并且考虑到了用户相关的隐私需求。

IIS Redirect HTTP to HTTPS

Setting up an HTTP/HTTPS redirect in IIS

Once the SSL certificate is installed, your site still remains accessible via a regular insecure HTTP connection. To connect securely, visitors must specify the https:// prefix manually when entering your site’s address in their browsers.

In order to force a secure connection on your website, it is necessary to set up a certain HTTP/HTTPS redirection rule. This way, anyone who enters your site using a link like “yourdomain.com” will be redirected to “https://yourdomain.com” or “https://www.yourdomain.com” (depending on your choice) making the traffic encrypted between the server and the client side.

Below are steps to setup a IIS HTTPS redirect:

  1. Download and install the URL Rewrite module.
  2. Open the IIS Manager console and select the website you would like to apply the redirection to in the left-side menu:
  1. Double-click on the URL Rewrite icon.
  2. Click Add Rule(s) in the right-side menu.
  3. Select Blank Rule in the Inbound section, then press OK.
  1. Enter any rule name you wish.
  2. In the Match URL section:- Select Matches the Pattern in the Requested URL drop-down menu
    – Select Regular Expressions in the Using drop-down menu
    – Enter the following pattern in the Match URL section: (.*)
    – Check the Ignore case box
  1. In the Conditions section, select Match all under the Logical Grouping drop-down menu and press Add.
  2. In the prompted window:
    – Enter {HTTPS} as a condition input
    – Select Matches the Pattern from the drop-down menu
    – Enter ^OFF$ as a pattern
    – Press OK
  1. In the Action section, select Redirect as the action type and specify the following for Redirect URL:https://{HTTP_HOST}{REQUEST_URI}
  2. Un-check the Append query string box.
  3. Select the Redirection Type of your choice. The whole Action section should look like this:
NOTE: There are 4 redirect types of the redirect rule that can be selected in that menu:
– Permanent (301) – preferable type in this case, which tells clients that the content of the site is permanently moved to the HTTPS version. Good for SEO, as it brings all the traffic to your HTTPS website making a positive effect on its ranking in search engines.
– Found (302) – should be used only if you moved the content of certain pages to a new place *temporarily*. This way the SEO traffic goes in favour of the previous content’s location. This option is generally not recommended for a HTTP/HTTPS redirect.
– See Other (303) – specific redirect type for GET requests. Not recommended for HTTP/HTTPS.
– Temporary (307) – HTTP/1.1 successor of 302 redirect type. Not recommended for HTTP/HTTPS.

OPTION 2: Specify the Redirect Rule as https://{HTTP_HOST}/{R:1} and check the Append query string box. The Action type is also to be set as Redirect.
  1. Click on Apply on the right side of the Actions menu.