glibc broken on openSUSE Tumbleweed aarch64 201803

The glibc on Tumbleweed was broken since the March 2018 release.  Any call to resolve IPv4 will cause core dump.  Seems to be hitting an ARM erratum.  Details discussion can be found here.

The glibc RPMs released on 2018-04-10 seems resolved the issue.  Since DNS won't work on the affected machine, will need to manually specify IP addresses in the hosts file or copy the files to the machine and run zypper to install updates.

Here are the steps for the second approach:

- Download the RPMs from repository to another machine

glibc-2.27-4.2.aarch64.rpm

glibc-devel-2.27-4.2.aarch64.rpm

glibc-extra-2.27-4.2.aarch64.rpm

glibc-locale-2.27-4.2.aarch64.rpm

- Copy the files to the affected machine via scp.  Then remote to the affected machine and execute the followings.

- Temporarily disable remote repositories to avoid auto refresh that will cause core dump when running zypper install.

sudo zypper lr  # list repositories

sudo zypper mr -d 1  # disable the first repository

sudo zypper mr -d 2  # disable the rest

......

- Install the RPMs

sudo zypper in glibc-2.27-4.2.aarch64.rpm glibc-devel-2.27-4.2.aarch64.rpm glibc-extra-2.27-4.2.aarch64.rpm glibc-locale-2.27-4.2.aarch64.rpm

- Re-enable remote repositories

sudo zypper mr -e 1  # disable the first repository

sudo zypper mr -e 2  # disable the rest

......

- Reboot and check.  Run "sudo zypper dup" to update other packages

Generate noise

Found this interesting post on generating noise using Linux command line.  Great way to burn-in headphone?

play -n synth brownnoise synth pinknoise mix synth sine amod 0.3 10

Running Monero miner with Mesa clover

Try to run Monero miner with OpenCL on my old Linux rig.  The xmr-stak supports the official AMD APP SDK.  But since I only have access to the relatively old hardware (AMD Kabini) running Mesa clover, a quick patch is needed to make it works.

Code changes available on github.  Basically the changes are:

(1) add detection for Mesa platform vendor
(2) modify the OpenCL kernel.  Mesa clover supports OpenCL 1.1 only.  Also, although cl_amd_media_ops and cl_amd_media_ops2 are defined, some functions are missing and need definitions.

Just for reference, on my AMD Kabini 5350, the hash rate on GPU is around 18H/s when running GPU only.  Once added CPU mining, the GPU hash rate drops to about 12H/s.  And the CPU hash rate is round 28H/s.

This rig definitely not suitable if mining for profit.  But OK to support the Monero network.

Config for GPU:

gpu_threads_conf" : [
  // gpu: AMD KABINI (DRM 2.50.0 / 4.14.15-2-default, LLVM 5.0.1) memory:1302
  // compute units: 2
  { "index" : 0,
    "intensity" : 128, "worksize" : 8,
    "affine_to_cpu" : true, "strided_index" : true
  },

],

Also note that the radeon module may complain about lockup when executing long running OpenCL kernels. Add "radeon.lockup_timeout=0" Linux kernel parameter to disable the watchdog.

User LEDs on Beaglebone Black running FreeBSD

According to the DTS, the GPIO pins for the four user LEDS are pin 21-24 under gpioc1.

So, to turn them on:

sudo gpioctl -f /dev/gpioc1 21 1
sudo gpioctl -f /dev/gpioc1 22 1
sudo gpioctl -f /dev/gpioc1 23 1
sudo gpioctl -f /dev/gpioc1 24 1

Or, access them via the led driver under /dev/led

% ls -lA /dev/led
total 0
crw-------  1 root  wheel  0x33 Feb  3 15:58 beaglebone:green:heartbeat
crw-------  1 root  wheel  0x34 Feb  3 15:58 beaglebone:green:mmc0
crw-------  1 root  wheel  0x35 Feb  3 23:44 beaglebone:green:usr2
crw-------  1 root  wheel  0x36 Feb  3 15:58 beaglebone:green:usr3

Running openSUSE Tumbleweed on Odroid C2

Testing out arm64 with openSUSE Tumbleweed on Odroid C2.  The installation is pretty simple.  Follow the steps to prepare the micro-sd card.  The latest image can be found here.

The device tree of openSUSE seems a bit different from other distributions.  e.g.:

- temperature: /sys/devices/platform/scpi/scpi:sensors/hwmon/hwmon0
- blue LED: /sys/devices/platform/leds/leds/c2:blue:alive

Enable FIDO U2F on Linux

By default, only root can access the FIDO U2F device on Linux.  To change this:

• Insert the U2F device.  Note the device number and execute the following command to print out the info. e.g.

sudo udevadm info -a /dev/usb/hiddev1

• Take note of the attributes. e.g. for my HyperFIDO device:

......

ATTRS{idProduct}=="0880"

ATTRS{idVendor}=="096e"

ATTRS{ltm_capable}=="no"

ATTRS{manufacturer}=="HS"

ATTRS{maxchild}=="0"

ATTRS{product}=="HyperFIDO Token"

......

• Create a new rule file under /etc/udev/rules.d and grant permission to all users. e.g. create a file named "10-fido-key.rules" and add the followings:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", TAG+="uaccess"

• Re-insert the U2F device.

Let's Encrypt with Google Cloud Platform

Assuming you already have an application deployed to Google App Engine with a custom domain. Now you want to add https with certificates generated from Let's Encrypt.  Here are the steps on how to do it.

(1) Setup your Let's Encrypt client:
git clone https://github.com/letsencrypt/letsencrypt

(2) Generate the certificate.  For example, to get a certificate for www.acme.com:
sudo ./letsencrypt-auto certonly --manual -d www.acme.com

Answer a few questions and the script will pause.  You will then need to upload a validation file to www.acme.com to confirm that you indeed own the domain.

Create a file containing just this data:
_Pwd8uL9_Joz0O2HNlbyb5nBnrcqvmGj02gX2PfJYhw.XOAQHxnBJFCW1KHWhsYsaRmc_BaKnwNpuNYbS8o2gdY
And make it available on your web server at this URL:
http://www.acme.com/.well-known/acme-challenge/_Pwd8uL9_Joz0O2HNlbyb5nBnrcqvmGj02gX2PfJYhw
-------------------------------------------------------------------------------
Press Enter to Continue

(3) Create and upload the file to App Engine.  Create the folder .well-know/acme-challenge in your application tree.  Then create the specified file and content. In this example, the file name  is
_Pwd8uL9_Joz0O2HNlbyb5nBnrcqvmGj02gX2PfJYhw

and the content is _Pwd8uL9_Joz0O2HNlbyb5nBnrcqvmGj02gX2PfJYhw.XOAQHxnBJFCW1KHWhsYsaRmc_BaKnwNpuNYbS8o2gdY

In your app.yaml file, include the /.well-know folder as static content:

handler:
......
- url: /.well-known
  static_dir: .well-known
......

Then deploy your app:
gcloud app deploy app.yaml

(4) (Optional) Test the URL with your browser that the validation file is deployed successfully.

(5) Go back to the console where the Let's Encrypt client is paused.  Press Enter to continue the execution.  If everything worked out, the certificate and private key will be generated.

(6) Deploy the certificate to GCP.  In your browser, go to the GCP console > App Engine > Settings.  Select "SSL certificates".  Click "Upload a new certificate".

Dump the content of the certificate and paste it in the text area:
sudo cat /etc/letsencrypt/live/www.acme.com/fullchain.pem

For the private key, you will need to convert the format to RSA before pasting:
sudo openssl rsa -in /etc/letsencrypt/live/www.acme.com/privkey.pem

Finally, check the box to enable this certificate with your custom domain.

OpenSUSE Tumbleweed on AMD APU Kabini

In order to have Tumbleweed GUI working on Kabini, one needs to install the kernel-firmware package.

Recently moved my Linux workstation to an old AMD APU platform with Kabini (Athlon 5350). The installation completed successfully, but the console goes blank and X cannot use the radeon driver and fallback to VESA.

After some digging​, found that although the radeon and amdgpu modules are loaded, there are error messages in dmesg saying that some firmwares cant be loaded.

The problem can be easily fixed by installing the kernel firmware:

sudo zypper install kernel-firmware

Shrinking the Linux guest storage file of VirtualBox

Shrinking the dynamic storage file of VirtualBox used to be tedious.  First need to zero out the free space in the guest and then compacting the file from host.

With Linux supporting TRIM and VirtualBox supporting DISCARD, it can be done much easier within the guest.

First, on the host, prepare the storage file with DISCARD support:

VBoxManage storageattach "Ubuntu server" --storagectl "SATA" --port 0 --discard on --nonrotational on

- "Ubuntu server" is the VM name
- use "--storagectrl" and "--port" to specify the storage controller

Then whenever the storage file needs to be compacted, execute fstrim in the guest. e.g.

sudo fstrim -v /

where "/" is the mount point.

Compiling Nvidia 340.102 driver for Linux 4.11.x kernel

Further to the patch for compiling 340.102 driver on 4.10.x kernel, to compile for 4.11.x kernel, add the following patch on kernel/nv-drm.c too.

From:

static int nv_drm_unload(

    struct drm_device *dev
)

to

#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 11, 0)
static int nv_drm_unload(
#else
static void nv_drm_unload(
#endif
    struct drm_device *dev
)