Firejail and symlink pointing outside of home directory

I normally move /home/user/Downloads off /home/user to a secondary mechanical drive and then symlink it back to /home/user.
Firejail for security reasons does not allow whitelisting directories residing outside of the home directory, the simplest solution I found is mount Download directory using mount –bind.

sudo mount --bind /mnt/data/Downloads/ /home/user/Downloads

To make the change permanent edit fstab:

/mnt/data/Downloads     /home/user/Downloads   none    bind

Free Suunto Ambit3 from the botnet

Suunto makes some solid sport-watches, problem is that the management software is comprised of a closed source synchronization program (compatible with Windows and OSX only) and some cancerous cloud web interface accessible directly from their website.
Even putting aside my personal aversion for closed source software, it is clear that this approach is retarded because an internet connection is required to be able to download any kind of data from the watch.
What if I don’t have any signal? What if I don’t want to upload my data to Suunto’s servers?
Luckily some good lads reverse engineered the communication protocol used by the watch to “speak” with the PC synchronization client, and even more, they also wrote an open source Linux compatible tool that can be used to download data from the watch.
This tool is called: Openambit
The version included in Fedora 27 repositories is not up to date and does not support the Ambit3 Run I own, luckily the github version does.

.:. Compile Openambit from source
First of all install some libraries that are required in order to successfully compile Openambit:

$ dnf install qt5-qtbase-devel qt5-linguist systemd-devel

Clone Openambit’s official git repository:

$ git clone https://github.com/openambitproject/openambit.git

Run the commands one by one in a terminal or run the following script to automagically compile and install openambit.

#!/bin/sh

# git repo: https://github.com/openambitproject/openambit.git
# deps: qt5-qtbase-devel qt5-linguist systemd-devel

SRC_DIR="$(pwd)/openambit"
INSTALL_DIR="/opt/openambit"
DEBUG=0
FIRST_INSTALL=0
CORE_N=17

# compile #
cd $SRC_DIR
git pull
rm -rf build && mkdir build && cd build
if [ $DEBUG -eq "1" ]
then
   cmake -DUSE_QT5=1 CMAKE_BUILD_TYPE=Debug .DEBUG_PRINT_INFO=1 ..
else
   cmake -DUSE_QT5=1 ..
fi
time make -j$CORE_N

# install #
sudo rm -rf $INSTALL_DIR && sudo mkdir $INSTALL_DIR
sudo cp -r $SRC_DIR/build/src/* $INSTALL_DIR
sudo cp -r $SRC_DIR/tools/openambit2tcx-lap.py $INSTALL_DIR
sudo chmod 755 $INSTALL_DIR/openambit2gpx.py
if [ $FIRST_INSTALL -eq "1" ]
then
   sudo ln -s $INSTALL_DIR/openambit/openambit /usr/sbin/openambit
   sudo cp $SRC_DIR/src/libambit/libambit.rules /etc/udev/rules.d/
   sudo ln -s $INSTALL_DIR/openambit2tcx-lap.py /usr/sbin/openambit2tcx-lap.py
   sudo cp $SRC_DIR/icon.png $INSTALL_DIR
fi

.:. Compile GoldenCheetah from source
GoldenCheetah is not present in Fedora 27 repositories, installing it from source is the best option.
First of all, let’s add some required packages and clone the official git repository:

$ dnf install bison flex byacc qt5-qtbase-devel qt5-qtserialport-devel qt5-qtmultimedia-devel qt5-qtwebkit-devel qt5-qtcharts-devel qt5-qtsvg-devel qt5-qtconnectivity-devel openssl-devel
$ git clone https://github.com/GoldenCheetah/GoldenCheetah.git

The following script atomatically compile and install the program:

#!/bin/sh

# git repo: https://github.com/GoldenCheetah/GoldenCheetah.git
# deps: bison flex byacc qt5-qtbase-devel qt5-qtserialport-devel qt5-qtmultimedia-devel qt5-qtwebkit-devel qt5-qtcharts-devel qt5-qtsvg-devel qt5-qtconnectivity-devel openssl-devel

SRC_DIR="$(pwd)/GoldenCheetah"
INSTALL_DIR="/opt/GoldenCheetah"
FIRST_INSTALL=0
CORE_N=17

cd $SRC_DIR
cp qwt/qwtconfig.pri.in qwt/qwtconfig.pri
echo "QMAKE_CXXFLAGS += -O3
MAKE_LEX = flex
QMAKE_YACC = bison
LIBZ_LIBS = -lz
QMAKE_LRELEASE = /usr/bin/lrelease-qt5" > src/gcconfig.pri
make clean
qmake -recursive
time make -j$CORE_N

if [ $FIRST_INSTALL -eq 1 ]
then
   sudo mkdir $INSTALL_DIR
fi
sudo cp $SRC_DIR/src/GoldenCheetah $INSTALL_DIR
sudo cp $SRC_DIR/src/Resources/images/gc.png $INSTALL_DIR
if [ $FIRST_INSTALL -eq 1 ]
then
   sudo ln -s $INSTALL_DIR/GoldenCheetah /usb/sbin/GoldenCheetah
fi

.:. Converting Openambit logfiles to TCX format
Openambit logs are XML files but they are not recognized by GoldenCheetah so it is impossible to load them.
Openambit include a Python script to convert the logs to standard GPX files, unfortunately GPX does not store any kind of addition data other than GPU coordinates.
I could not find any existing program/script capable of converting Openambit logs into TCX files, so I wrote one.
The script can be found on my github, hopefully it will also be accepted into openambit official repo: openambit2tcx-lap.py

AMD Ryzen, DDR4 Dual Rank and BankGroupSwap

If I had to guess I would say that more than 90% of AMD Ryzen based builds use Single Rank memory sticks.
Finding any information regarding how Dual Rank DDR4 perform, how they react to overclock or even worse, what memory settings are the best is pretty much mission impossible.
Since I use Dual Rank DDR4, because, face it, it is 2017 and 16 GB of RAM does not cut it anymore, I had to dig in unexplored territories to find out what the best settings are.
What follows are my personal findings on the impact of BankGroupSwap setting on system performance.

.:. System specifications
– Ryzen 7 1700X
– Gigabyte X370 K7 (BIOS F7B)
– Crucial DDR4 2133 MHz CAS15 2×16 GB (part number: CT16G4DFD8213.C16FBR) – ICs: Micron C9BGN
The CPU overclocked to 4 GHz while the RAM are overclocked to 3066 MHz with main timings 16-19-14-14-36 1T and GearDownMode disabled.

.:. Testing methodology
To test the impact of BankGroupSwap I used two benchmarks:
1. “RyzenGraphic_27.blend” blender (version: 2.79.1) rendering, it can be downloaded at the following url: http://download.amd.com/demo/RyzenGraphic_27.blend
2. a bash script that automatically downloads the latest version of Linux kernel and compile it on RAM.

#!/bin/sh

WORKDIR='/dev/shm/tmp'
KERNEL_SRC='https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.13.12.tar.xz'
USER='user'
GROUP='user'

###############################################################################

SCRIPT='realpath $0'
SCRIPTPATH='dirname $SCRIPT'

rm -rf $WORKDIR
sudo mkdir $WORKDIR
sudo chown $USER:$GROUP $WORKDIR
cd $WORKDIR

wget $KERNEL_SRC -O leenux.tar.xz
mkdir leenux
tar --extract --file=leenux.tar.xz --strip-components=1 --directory=leenux
cd leenux

for i in {1..5}
do
   make clean
   make defconfig
   echo COMPILING ...
   (time make -j17) 2>> kernel-bench-ram-results.txt
   echo DONE
   sleep 10
done

mv kernel-bench-ram-results.txt $SCRIPTPATH

Each one of the two benchmark has been run five times in a row.

.:. Results

BANKGROUPSWAP |  on   |  off
   blender0   | 18.41 | 18.52
   blender1   | 18.35 | 18.39
   blender2   | 18.30 | 18.47
   blender3   | 18.37 | 18.46
   blender4   | 18.32 | 18.35
  RESULT AVG  | 18.35 | 18.438
			
BANKGROUPSWAP |   on   |  off
linux kernel0 | 67.782 | 67.700
linux kernel1 | 67.697 | 67.491
linux kernel2 | 67.558 | 67.471
linux kernel3 | 67.720 | 67.574
linux kernel4 | 67.724 | 67.538
  RESULT AVG  | 67.696 | 67.555

Looking at the results table it is clear that the difference is really abysmal; having BankGroupSwap enabled amount roughly to ~0.5% performance increase in Blender and ~0.2% performance decrease in Linux kernel compilation.