Sunday, October 8, 2017

Enable FIDO U2F on Linux

By default, only root can access the FIDO U2F device on Linux.  To change this:

  • Insert the U2F device.  Note the device number and execute the following command to print out the info. e.g.
sudo udevadm info -a /dev/usb/hiddev1

  • Take note of the attributes. e.g. for my HyperFIDO device:

ATTRS{product}=="HyperFIDO Token"

  • Create a new rule file under /etc/udev/rules.d and grant permission to all users. e.g. create a file named "10-fido-key.rules" and add the followings:
SUBSYSTEMS=="usb", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", TAG+="uaccess"

  • Re-insert the U2F device.

Sunday, October 1, 2017

Let's Encrypt with Google Cloud Platform

Assuming you already have an application deployed to Google App Engine with a custom domain. Now you want to add https with certificates generated from Let's Encrypt.  Here are the steps on how to do it.

(1) Setup your Let's Encrypt client:
git clone

(2) Generate the certificate.  For example, to get a certificate for
sudo ./letsencrypt-auto certonly --manual -d

Answer a few questions and the script will pause.  You will then need to upload a validation file to to confirm that you indeed own the domain.
Create a file containing just this data:
And make it available on your web server at this URL:
Press Enter to Continue
(3) Create and upload the file to App Engine.  Create the folder .well-know/acme-challenge in your application tree.  Then create the specified file and content. In this example, the file name  is

and the content is _Pwd8uL9_Joz0O2HNlbyb5nBnrcqvmGj02gX2PfJYhw.XOAQHxnBJFCW1KHWhsYsaRmc_BaKnwNpuNYbS8o2gdY

In your app.yaml file, include the /.well-know folder as static content:

- url: /.well-known
  static_dir: .well-known

Then deploy your app:
gcloud app deploy app.yaml

(4) (Optional) Test the URL with your browser that the validation file is deployed successfully.

(5) Go back to the console where the Let's Encrypt client is paused.  Press Enter to continue the execution.  If everything worked out, the certificate and private key will be generated.

(6) Deploy the certificate to GCP.  In your browser, go to the GCP console > App Engine > Settings.  Select "SSL certificates".  Click "Upload a new certificate".

Dump the content of the certificate and paste it in the text area:
sudo cat /etc/letsencrypt/live/

For the private key, you will need to convert the format to RSA before pasting:
sudo openssl rsa -in /etc/letsencrypt/live/

Finally, check the box to enable this certificate with your custom domain.

Wednesday, September 6, 2017

OpenSUSE Tumbleweed on AMD APU Kabini

In order to have Tumbleweed GUI working on Kabini, one needs to install the kernel-firmware package.

Recently moved my Linux workstation to an old AMD APU platform with Kabini (Athlon 5350). The installation completed successfully, but the console goes blank and X cannot use the radeon driver and fallback to VESA.

After some digging​, found that although the radeon and amdgpu modules are loaded, there are error messages in dmesg saying that some firmwares cant be loaded.

The problem can be easily fixed by installing the kernel firmware:

sudo zypper install kernel-firmware

Saturday, September 2, 2017

Shrinking the Linux guest storage file of VirtualBox

Shrinking the dynamic storage file of VirtualBox used to be tedious.  First need to zero out the free space in the guest and then compacting the file from host.

With Linux supporting TRIM and VirtualBox supporting DISCARD, it can be done much easier within the guest.

First, on the host, prepare the storage file with DISCARD support:

VBoxManage storageattach "Ubuntu server" --storagectl "SATA" --port 0 --discard on --nonrotational on

- "Ubuntu server" is the VM name
- use "--storagectrl" and "--port" to specify the storage controller

Then whenever the storage file needs to be compacted, execute fstrim in the guest. e.g.

sudo fstrim -v /

where "/" is the mount point.

Tuesday, June 20, 2017

Compiling Nvidia 340.102 driver for Linux 4.11.x kernel

Further to the patch for compiling 340.102 driver on 4.10.x kernel, to compile for 4.11.x kernel, add the following patch on kernel/nv-drm.c too.


static int nv_drm_unload(
    struct drm_device *dev


static int nv_drm_unload(
static void nv_drm_unload(
    struct drm_device *dev

Saturday, June 17, 2017

A Java stream approach on testing triangular Fibonacci numbers

Read this interesting blog post on testing triangular Fibonacci numbers.  And I decided to implement a similar test in Java.

First, a Java Stream to produce triangular numbers.

    public static Stream<BigInteger> stream() {
        return Stream
                i -> i.add(BigInteger.ONE))
            .map(i -> i.multiply(i.add(BigInteger.ONE)).divide(TWO));

And a Stream for Fibonacci sequence.

    public static Stream<BigInteger> stream() {
        return Stream
                new BigInteger[] { BigInteger.ONE, BigInteger.ONE },
                p -> new BigInteger[] { p[1], p[0].add(p[1]) })
            .map(p -> p[0]);

Now, a simple and naive way to test for a triangular Fibonacci number is to loop the Fibonacci sequence while testing for the number's existence in the stream of triangular numbers.

        Iterator<BigInteger> fib =;
        Iterator<BigInteger> tri =;
        BigInteger t =;
        List<BigInteger> result = new ArrayList<BigInteger>();
        while (fib.hasNext()) {
            BigInteger f =;
            while (t.compareTo(f) <= 0) {
                if (t.equals(f)) {
                t =;

But since the Fibonacci sequence grows so quickly, it is a waste of CPU time to generate all those triangular numbers.  A quicker way is to ditch the triangular number stream and implement a test function for triangular number.  We then use that function to filter the Fibonacci stream.

        List<BigInteger> result = FibonacciNum
            .filter(f -> TriangularNum.isTriangular(f))

Testing the first 70 Fibonacci numbers, the time diff between the two approaches is huge (24ms vs 4s).

And with the fast approach, on an i5 4210 machine, testing the first 50,000 Fibonacci numbers will take 93s.

See source below or on GitHub.

Saturday, May 6, 2017

Compiling Nvidia 340.102 driver for Linux 4.10.x kernel

Upgraded my Tumbleweed to kernel 4.10.x and Nvidia 340 driver won't build.  Until Nvidia fix it, here are steps to patch the 340.102 driver to make it works.

Download the 340.102 driver from Nvidia:

Unpack the driver:
./ -x

Apply patch for kernel 4.9.x:

Apply patch for kernel 4.10.x:

Proceed to install. Note that the unified memory module can't be built with this patch, so we are disabling it:
sudo ./nvidia-installer --no-unified-memory

Sunday, January 8, 2017

Face recognition with OpenCV 3.x

Here is another experiment with OpenCV face detection and recognition.  Full source code is available on GitHub.

The picture below is the recognition program running on my Windows laptop and the webcam is feeding live images to the program. My phone is in front of the webcam showing a photo.

The face recognizer was trained with ~10 photos each for Obama, Trump, and Trudeau that I found on internet.

To increase the accuracy, a simple transformation step was added to level the face images when training the recognizer.