Category Archives: Linux

Ubuntu 18.04 on MacBook Pro 11.5 – a sad state of affairs

There was an extra MacBook Pro 11.5 lurking around so I decided to install Ubuntu 18.04 on it and try to setup a usable workstation.

A culmination of several issues prompted me to not pursue this setup further. Linux drivers and MacBook hardware just don’t play along very well.

Display flickering/corruption on main display

The bottom part of the HiDPI screen is experiencing some kind of flickering as tracked by this bug. Changing desktop environment, distros and X server configuration did not result in any improvements. For a moment Wayland seemed to have solved the issue only to reappear on next boot.

Since I also connected 3 external monitors this was not a deal breaker. External monitors did not display this issue.

Fan going at 100% most of the time

Even at idle or low load the fans would spin at 100%. Thermald was not doing it’s job for whatever reason. It is hard to say why since most temperature sensors seem to be working fine and report acceptable temperatures.

I found a simple but great project called mbpfan which stopped the fans immediately after being started and still kept temperatures seemingly in check. I increased the minimum fan speed in mbpfan config just to avoid any potential overheating problems. With this setup I was getting 70-80 degrees with no overheating problems and a quiet fan.

CPU is in constant low frequency state (dealbreaker)

After installing cpufreq gnome extension I figured out that CPU is always at 800MHz. Mbpfan was not the cause since the same lack of scaling appeared when it was turned off.

First I tried to disable Intel p_state driver but the lack of scaling continued. Using userspace driver in cpufreq, I was unable to change min/max frequencies or force a specific frequency via cpupower.

As per ArchWiki, I gifured out that BIOS was enforcing this state via

After ignoring ppc via

the CPU instantly started to scale as expected. Unfortunately this was not the final solution since the low state  would randomly reappear again for long periods of time with small time windows of scaling working as expected. Therefore, even with ignore_ppc I would still get 800MHz most of the time with temps reported around 70 degrees.

In this state Gnome Shell would lag and everything was half-usable.

Something in hardware was throttling CPU and I wasn’t able to overcome it.

Bcmwl driver very spotty

WiFi bcmwl driver is very spotty. It would connect to Android hotspot no problem but it failed to connect to WiFi router. Small sample of 50% reliability.

Display positions not remembered after reboot

I had to rearrange the external monitors on each reboot since Gnome would not remember their positions. I had to come up with xrandr script to run after login to remedy this sad state of affairs.

No per-monitor scaling

Gnome still does not support setting the scale factors per monitor. Again, I had to come up with xrandr script to achieve 200% scaling on HiDPI and regular scaling on external monitors (1900×1200).

Broken scaling under Wayland

Apparently if you set the scale factor to default in Wayland session, things should “just work” across HiDPI and non-HiDPI displays. Don’t believe these people, they are liars.

I set the scaling to default but that made HiDPI desktop tiny while external monitors were fine. Increasing the scaling to 200% made HiDPI fine while external monitors scaled also.

There is also no xrandr under Wayland so you can’t help yourself with that.

Broken rendering of electron apps on external monitors

If using Postman on an external monitor, parts of the dialog boxes would simply disappear, making the tool unusable. Using Postman on main display did not have this issue. Weird.


The bottom line: get a Dell or a Lenovo for your Linux workstation needs.


Xrandr framebuffer and per-display scaling

Ubuntu 18.04 LTS came out recently with Gnome desktop as default. Unfortunately even in 2018, it won’t remember the external monitor positioning after reboot and has no support in display settings to set per-display scaling. Year of the Linux desktop, anyone?

Xrandr is a powerful Linux tool to manipulate displays. Unfortunately, the man page is very sparse on information with badly explained flags and various Linux guides are no better.

This example will create a triple monitor setup with HiDPI laptop display at the bottom of the array.

Xrandr command:


Gnome scaling is set to 200% so our HiDPI native display looks normal. Unfortunately this also means non-HiDPI displays have this scaling applied which is not what we want.

Framebuffer is the full outer rectangle which must be able to contain our display setup as a whole.

Since external displays are scaled 2×2 (zoom out), they take twice the size of their actual resolution in our framebuffer. Meaning their sizes in fb are actually 3840×2400.

Y of the framebuffer is therefore 2400+1800=4200 (HiDPI display is scaled 1×1 so it takes the same amount of space in the framebuffer as it’s resolution).

X of the framebuffer is 3*3840=11520.

–fbmm specifies the full framebuffer size

–pos specifies the position of the display in the buffer. 0x0 position starts on top-left corner.

–mode sets the actual display resolution

–output specifies the display output (run xrandr to list all available)

–scale specifies “zooming” in (<1) or out (>1)


The end result has some invisible area on the bottom-left and bottom-right corners so it is not ideal. I have yet to figure out if it is possible to specify fencing around that area.

The HiDPI display is also not perfectly aligned with the top display but that could be corrected with fractional scaling. It didn’t really bother me to fiddle with that.

Finally, you should run this command with a startup script so you get the correct monitor positioning and scaling after login.


Running multiple PHP versions and compiling from source

We had a peculiar situation where both PHP5 and PHP7 were needed at the same time on a FreeBSD server. It was also prohibitive to get root or sudo access on the managing account. The solution was to compile PHP from source with fpm, run fpm on a UNIX socket and wire the specific domain which needed PHP7 through Nginx.

Compiling from source

Compiling PHP is pretty straightforward but you can easily forget crucial configure flags. First get the source archive. After trial and error, this appears to be “good enough” for Laravel 5.6 requirements.

Followed by

copy php.ini-development file from source to the –with-config-file-path directory and call it php.ini.  In PREFIX/bin confirm that php binary is loading your ini file by running

If you made a mistake in your configure run, you have to make clean first or the changed options won’t be picked up.

Configuring fpm

In your PREFIX/etc folder, check php-fpm.conf. The only lines I bothered to verify and edit were pid, error_log and include, the rest can be left as is.

Inside folder php-fpm.d create a config file like my.subdomain.conf and add something like

You can study fpm config in great details but this is enough to get you going.

Now you can run your PHP7 fpm process in PREFIX/sbin with

Since we don’t have any init scripts in this case, we must be able to kill it also. Find it with

and kill with

Make sure it says php-fpm: master process in the ps output, killing children doesn’t do anything, just respawns them.

Now you just need to wire up your Nginx to use this fpm instead of the PHP5 system one by specifying

We now have PHP dualstack with some web apps running on system provided PHP5 and some on our own built PHP7. We did not need root for this process, except possibly for configuring Nginx.

One obvious downside is that you now have to take care of updating your PHP version on your own but that is one view we had to sacrifice. Updates should be relatively easy and fast since make install won’t remove your config files in existing installation and compiling PHP takes just a few minutes.



Centos Docker unable to unmount on stop/start

Error looks something like

Error response from daemon: driver “overlay” failed to remove root filesystem for 805c245dad451542b44bb1b58c60887fa98a64a61f2f0b8de32fa5b13ccc8ce4: remove /var/lib/docker/overlay/8f666b802f418f4a3dc4a6cafbefa79afc81491a5cb23da8084dd14e33afbea0/merged: device or resource busy

It usually appears when stopping and starting a container. It results in Docker container not being able to start or starts in a weird dead/removed state. Issue is presumably fixed in Centos 7.4 as per this github issue, but a workaround exists:

1. Grep by part of ID:

it shows which process is holding up the mount in busy state


2. Kill the process



Lib packaging for your own repo

This is a note to self about the release procedure and distro packaging of a development library.

This instructions expect aptly and createrepo to be preinstalled on your repo server together with a valid GPG key.

Packaging a .deb

1. Checkout the release tag and build the deb according to README. Each build should be done on the same machine as the target distribution. If I am packaging for Centos 6 I am also building on Centos 6. If CMake and CPack are set up correctly it usually boils down to:

If the project is missing CMake, refuse to package it.

2. Check that deb info is correct:

3. Rename it to distro you are building on, then scp to your repo server

4. If aptly repo does not exist yet, create it

Ideally you only create the repo the first time, for future updates you create a snapshot of it, add a package, then switch the repo to new snapshot. See aptly docs for more.

Alternatively, you can just add more packages and update the repo with


5. Add package to repo

6. Publish repo

7. On target machine, add repo to /etc/apt/sources.list and fetch public key

8. Update and then check if package info is correct

9. If big mistakes were made

..and start over. Repeat for Debian 8 etc.

Packaging an .rpm

1. See the previous #1. The only difference is

2. Check that rpm info is correct

3. Rename it to distro you are building on, then scp to your repo server

4. Make sure you have .rpmmacros file in home dir with uid of gpg signing key (check out your keys with gpg –list-keys). If you don’t have one, generate it. Entry in the file should look like:

5. Sign rpm

4. Move to appropriate repo that was created by createrepo earlier (see createrepo docs)

5. Update repo metadata

6. Add your repo on the target machine

Since createrepo is pretty much just an http server you can simply delete an rpm and update the metadata in case things go south.

Repeat for Centos 6 etc.


Bashmagic collection vol1

Keep only last X lines of a file (shrink).

Deploy maven artefact to a specific repo without specifying it in pom.xml (format repoId:default:repoUrl). Repo should be specified in your .m2 settings.xml with any necessary credentials.

One liner to set password for default PostgreSQL user after initial install.

Run command inside a screen and save all output to a file

Scroll around inside a screen.

Add 4GB swap on Centos 7 with a stroke of a copy-paste.

Standard tcpdump.

Show listening ports with corresponding executables.

Show systemd logs for a specific service.

Freshly installed nginx configured as reverse proxy on Centos 7 getting “Permission denied” when connecting to backend service

Convert a certificate stored in a Java keystore to a PEM cert and key (for example, Tomcat to Nginx transition).

Disable git SSL verification per-repo.

Disable git SSL verification at clone time.

Clear git username and password cache for a repo (in case of password change or similar).

Give user sudo privileges.

Git submodule is added to an existing repo and is not resolving for you locally.

Print all TCP connections of a Docker container.

Nmap portscan.

Force JVM to use /dev/urandom instead of /dev/random (sometimes needed in low entropy environments like Docker).

Debug print all network activities on JVM level.

Create .htpasswd file for Nginx



Oh FileZilla…

I have encountered a weird problem when connecting to our FreeBSD server with FileZilla over SFTP. Either with password or key authentication I would get:

Error:    Server sent disconnect message
Error:    type 2 (protocol error):
Error:    “Too many authentication failures”

So let’s turn on debugging shall we?


Trace:    Pageant is running. Requesting keys.
Trace:    Pageant has 15 SSH-2 keys
Trace:    Successfully loaded 1 key pair from file
Trace:    Trying Pageant key #0
Trace:    Server refused our key
Trace:    Trying Pageant key #1
Trace:    Server refused our key
Trace:    Trying Pageant key #2
Trace:    Server refused our key
Trace:    Trying Pageant key #3
Trace:    Server refused our key
Trace:    Trying Pageant key #4
Trace:    Server refused our key
Trace:    Trying Pageant key #5
Trace:    Received disconnect message (protocol error)
Trace:    Disconnection message text: Too many authentication failures

So basically, I give Filezilla a specific keyfile but it tries all my keys anyway. Now let’s see what the bright minds on FileZilla issue tracker have to say about this bug. gives us a workaround:

which works nicely. A working workaround is a blessing if you really need to use someting that is essentially broken. The bug is marked as a duplicate of

This bug contains a brilliant comment by an apparent FileZilla developer:

This is by design, FileZilla uses the system’s SSH agent.

Just reconfigure the server to allow for more keys.

What the actual? The bug will apparently be solved via

which is marked as “fixed” and the comment 19 months ago says it will be in the “next version”. The latest version is 3.24.0 released on January 1st 2017 which is exactly what I have and guess what? Not fixed, after 7 years.


So at this point I’ll just safely assume that FileZilla might as well be the worst SFTP client in existence and just use something else. But guess what? There is more. The exact same problem exists in Gnome Files if you try to open an sftp:// location. The obvious reason is that Gnome Files does not ask you anything about keys or athenticaton type but just cycles through SSH keys to try and find the correct one. Why did nobody think about offering me a popup dialog to pick the correct key? Probably because Gnome likes to dumb down things, I can’t really find any other reason.


pgadmin4 on Fedora 25

You can now access the web interface at http://localhost:5050.

Unfortunately the standalone app does not currently work due to a bug in pgadmin4 package.

Fortunately the pgadmin4 standalone app is just a web wrapper so you are not missing much.


Fedora 25 on Lenoyo Y50

Everything except WiFi worked out of the box. To get the WiFi working:

Taken from here.

In your BIOS make sure you disable Secure Boot. Not UEFI, not Legacy mode, specifically the switch that disables secure boot and nothing else. After these steps, WiFi works. To enter BIOS on Y50, tap F2 after Lenovo splash screen.


Edit 7.2.2017: WiFi performance is unfortunately ABYSMAL. Will update this post if I find any solutions. Connection is super slow and constantly dropping.

Luckily, USB tethering from Android works like a charm so it’s not a deal breaker for now.

Edit 2: looks like blacklisting bcma driver makes things much much better:



OJDBC7 in a Docker container? Prepare for trouble

Scenario: A JDK8 Docker container using OJDBC7 to connect to the database. Sounds simple enough, what could go wrong?

Simptoms: Connecting to the database randomly takes several minutes, fails with a weird SqlRecoverableException: no more data to read from socket or just works fine as if there is no problem.

The same Docker image also works fine on some machine but fails consistently on other.

The reason is this. Docker is not good at /dev/random. Probably even more so if you run it in a VM, since it’s double isolated from actual entropy sources (my non scientific observation). For whatever reason, OJDBC defaults to /dev/random and this causes a block when connecting to the database due to high probability of /dev/random depletion.

Simple solution is to just mount /dev/urandom to /dev/random inside the Docker, in docker run command:

So.. if you ever want to use OJDBC inside Docker, remember this flag. It will save lives or at least spare you hours of useless debugging.