Re: [gentoo-user] Re: CFLAGS CPU optimization question.
[digest-mode reply] Subject: Re: [gentoo-user] Re: CFLAGS CPU optimization question. From: Raphael Melo de Oliveira Bastos Sales [EMAIL PROTECTED] Date: Tue, 31 May 2005 15:08:30 -0300 To: gentoo-user@lists.gentoo.org Sorry for taking this long to answer. I suggest any unprivileged port that has no other service attached to it (I use 8022 on some machines). Script Kiddies won't event know it is there, or will try to hammer it with a wrong protocol, which will be useless. Of course, I might be wrong. If so, feel free to correct me. Hope this helps. 2005/5/27, Mark Shields [EMAIL PROTECTED]: What port do you suggest (sorry for hijacking this thread!)? On 5/27/05, Raphael Melo de Oliveira Bastos Sales [EMAIL PROTECTED] wrote: Change the sshd port, the hammering will be smaller... This is what I do -- have gotten hammered at a rate of 1,000s per 2-hour, never cracked yet ! (I also use RSA-type auth rather than password.) rgh. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
Sorry for taking this long to answer. I suggest any unprivileged port that has no other service attached to it (I use 8022 on some machines). Script Kiddies won't event know it is there, or will try to hammer it with a wrong protocol, which will be useless. Of course, I might be wrong. If so, feel free to correct me. ;) Hope this helps. 2005/5/27, Mark Shields [EMAIL PROTECTED]: What port do you suggest (sorry for hijacking this thread!)? On 5/27/05, Raphael Melo de Oliveira Bastos Sales [EMAIL PROTECTED] wrote: Change the sshd port, the hammering will be smaller... -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
What port do you suggest (sorry for hijacking this thread!)? On 5/27/05, Raphael Melo de Oliveira Bastos Sales [EMAIL PROTECTED] wrote: Change the sshd port, the hammering will be smaller... 2005/5/27, Mark Shields [EMAIL PROTECTED]: Walter, thanks for the useful tip. I've been looking to increase the efficiency of my server (Athlon XP (Thorton), 2400+ (2ghz), 133 fsb, 512mb pc2100), especially since now I've been looking at my log files I've noticed it's being hammered everyday by ssh break attempts. On 5/26/05, Julien Cayzac [EMAIL PROTECTED] wrote: On 5/26/05, Walter Dnes [EMAIL PROTECTED] wrote: One thing I haven't seen mentioned in this discussion is cpu-specific flags. Try doing a cat /proc/cpuinfo and see which of the flags are allowed in gcc. mmx, mmx2, sse, sse2, sse3 and various other stuff will speed things up. If you have any version of sse, remember -mfpmath=sse. In addition to being valid CFLAGS, some of these items are valid USE flags as well. Using -fpmath=sse on early athlon-xp cpus is known to produce unstable code, so beware :) Julien -- gentoo-user@gentoo.org mailing list -- - Mark Shields -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- - Mark Shields -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
On Friday 27 May 2005 12:16, Bastian Balthazar Bux wrote: Changing port is not about security, it save cpu (that can be true using RSA auth only too). The question, though, is whether changing the port is worth the hassle. If you're getting 1000 SSH attempts per day, and each connection takes .5 seconds of CPU time to fail, then you have to decide whether it's worth 500 seconds of saved time per day to move to a nonstandard setup. That may very well be the case, but a lot of people would probably decide that it's not. -- Kirk Strauser -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
On Fri, May 27, 2005 at 08:50:29AM -0400, Mark Shields wrote Walter, thanks for the useful tip. I've been looking to increase the efficiency of my server (Athlon XP (Thorton), 2400+ (2ghz), 133 fsb, 512mb pc2100), especially since now I've been looking at my log files I've noticed it's being hammered everyday by ssh break attempts. But wait, there's more (this is beginning to sound like a K-Tel commercial). Check /usr/portage/profiles/use.local.desc for package- specific USE flags that don't show up on the main master list of USE flags. -- Walter Dnes [EMAIL PROTECTED] An infinite number of monkeys pounding away on keyboards will eventually produce a report showing that Windows is more secure, and has a lower TCO, than linux. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
On 5/26/05, Walter Dnes [EMAIL PROTECTED] wrote: One thing I haven't seen mentioned in this discussion is cpu-specific flags. Try doing a cat /proc/cpuinfo and see which of the flags are allowed in gcc. mmx, mmx2, sse, sse2, sse3 and various other stuff will speed things up. If you have any version of sse, remember -mfpmath=sse. In addition to being valid CFLAGS, some of these items are valid USE flags as well. Using -fpmath=sse on early athlon-xp cpus is known to produce unstable code, so beware :) Julien -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
On 5/24/05, Thomas Kirchner [EMAIL PROTECTED] wrote: And for goodness sake, don't use the ridiculous CFLAGS suggested by some others. You'll have so many problems down the road you won't know what to do with your system. Good ole -O2 -march=whatever -fomit-frame-pointer produces fast, stable code. (Skip the frame-pointer section if you want debuggable code.) Ricing not necessary; neither is pulling your hair out because of random segfaults from badly optimized code. On which basis do you think they're ridiculous ? The *only* dangerous cflags in the list I wrote is -funsafe-math-optimizations. All other are only switches for gcc to choose a better method for doing things. And having a desktop about 20% more responsive is not ridiculous IMO. Not to mention that no devs (and few users) will help with anything if you use more CFLAGS. I wouldn't expect any support with the flag mentionned above switched on. However, I would at least expect a upstream resolution status on any bug submitted by a guy with -finline-functions or -funit-at-a-time or ... Julien. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
On Tue, 24 May 2005 08:54:54 +0200 Julien Cayzac [EMAIL PROTECTED] wrote: | Not to mention that no devs (and few users) will help with anything | if you use more CFLAGS. | | I wouldn't expect any support with the flag mentionned above switched | on. However, I would at least expect a upstream resolution status on | any bug submitted by a guy with -finline-functions or -funit-at-a-time | or ... No, you'll get an INVALID resolution. -- Ciaran McCreesh : Gentoo Developer (Vim, Shell tools, Fluxbox, Cron) Mail: ciaranm at gentoo.org Web : http://dev.gentoo.org/~ciaranm pgp7xUr9c90co.pgp Description: PGP signature
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
Thomas Kirchner wrote:
* On May 23 17:45, Walter Dnes (gentoo-user@lists.gentoo.org) wrote:
Currently, I use "-march=i686" for my 3 machines, a P4, a PIII, and a
PII (and a partridge in a pear trg).
"i586 is equivalent to pentium and i686 is equivalent to pentiumpro."
Does this mean that I would get better optimization if I use "pentium2",
"pentium3" or "pentium4", as appropriate? I am using the available flags
(-mmmx, -msse, -msse2, -mfpmath=sse, etc) as appropriate.
Yes - proper march settings will give you nice benefits. Just use
-march=pentium{2,3,4} as appropriate. You don't need the other options,
they're implied by march where appropriate.
And for goodness sake, don't use the ridiculous CFLAGS suggested by some
others. You'll have so many problems down the road you won't know what
to do with your system. Good ole "-O2 -march=whatever
-fomit-frame-pointer" produces fast, stable code. (Skip the
frame-pointer section if you want debuggable code.) Ricing not
necessary; neither is pulling your hair out because of random segfaults
from badly optimized code.
Not to mention that no devs (and few users) will help with anything if
you use more CFLAGS.
Tom
Put -pipe in there too, it speeds up compiling (or so I've heard).
Right now I use CFLAGS="-march=athlon-xp -O2 -pipe
-fomit-frame-pointer". -O3 isn't worth it. It would give you no more
than a few percent (around 2-3) faster binaries, but they would compile
longer (confirmed by a friend, he recently switched to -O2) and be
larger.
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
On Tuesday 24 May 2005 03:04 am, Ciaran McCreesh wrote: -funit-at-a-time For what it's worth, according to man gcc, -O2 turns on -funit-at-a-time. Robert Crawford -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
On 5/24/05, Robert Crawford [EMAIL PROTECTED] wrote: For what it's worth, according to man gcc, -O2 turns on -funit-at-a-time. Yup. Too bad every single Makefile in the world compiles c/c++ source files one by one :-/ Julien. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
Julien Cayzac wrote: On 5/24/05, Robert Crawford [EMAIL PROTECTED] wrote: For what it's worth, according to man gcc, -O2 turns on -funit-at-a-time. Yup. Too bad every single Makefile in the world compiles c/c++ source files one by one :-/ Wouldn't MAKEOPTS set to at least -j2 attempt to compile in parallel? -- Colin -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
Colin wrote: Julien Cayzac wrote: On 5/24/05, Robert Crawford [EMAIL PROTECTED] wrote: For what it's worth, according to man gcc, -O2 turns on -funit-at-a-time. Yup. Too bad every single Makefile in the world compiles c/c++ source files one by one :-/ Wouldn't MAKEOPTS set to at least -j2 attempt to compile in parallel? How is that supposed to help -funit-at-a-time? From info gcc: The compiler performs optimization based on the knowledge it has of the program. Using the `-funit-at-a-time' flag will allow the compiler to consider information gained from later functions in the file when compiling a function. Compiling multiple files at once to a single output file (and using `-funit-at-a-time') will allow the compiler to use information gained from all of the files when compiling each of them. So -funit-at-a-time performs best when multiple C/C++ files are compiled by a single invocation of GCC. As Julien said, no makefiles in use today (AFAIK) support this. -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: CFLAGS CPU optimization question.
Richard Fish wrote: Colin wrote: Julien Cayzac wrote: On 5/24/05, Robert Crawford [EMAIL PROTECTED] wrote: For what it's worth, according to man gcc, -O2 turns on -funit-at-a-time. Yup. Too bad every single Makefile in the world compiles c/c++ source files one by one :-/ Wouldn't MAKEOPTS set to at least -j2 attempt to compile in parallel? How is that supposed to help -funit-at-a-time? From info gcc: The compiler performs optimization based on the knowledge it has of the program. Using the `-funit-at-a-time' flag will allow the compiler to consider information gained from later functions in the file when compiling a function. Compiling multiple files at once to a single output file (and using `-funit-at-a-time') will allow the compiler to use information gained from all of the files when compiling each of them. So -funit-at-a-time performs best when multiple C/C++ files are compiled by a single invocation of GCC. As Julien said, no makefiles in use today (AFAIK) support this. Oh, sorry. I thought -funit-at-a-time did parallel compilations. Well, at least I learned something. ^_^U -- Colin -- gentoo-user@gentoo.org mailing list
