bisko.be - Dev

Running Ollama with older GPUs on CachyOS

Sat, 28 Feb 2026 00:00:00 GMT

TL;DR;

ollama-cuda on CachyOS comes (at this point in time) with support only for compute >= 7.5.

If you have older GPUs with earlier compute, you HAVE TO do one of 2 things:

Build ollama-cuda from source, with support for the older compute targets
Install ollama-vulkan

I chose ollama-vulkan and it’s working perfectly!

Story time

Today I had the inspiration to finally shut down my Windows 11 VM and migrate it to Linux.

The requirements were to be able to run:

Ollama - for local model magic
Docker - for remote development
Steam - for playing games
Jellyfin - for home videos archive

Now I am going to focus only on Ollama as it was an interesting experience and it got me wondering why things are not more obvious.

The machine has 2 GPUs in it:

GTX 1070 - 8GB
GTX 970 - 4GB

I wanted to run Ollama on them, to play around with local models and how I could integrate it in some projects. For example - anonymizing data locally, doing a non-destructive OpenClaw implementation that is fit for my use-cases, local OCR for documents that I scan with my phone, automating some things in the everyday management of a home.

So naturally I installed ollama and ollama-cuda as I have 2 Nvidia GPUs in there, expecting that it would work fine, as it was working on Windows just a few minutes prior.

I started Ollama, loaded qwen3:8b for the quick experiment and… it was running on CPU 🤔

The GPUs were perfectly capable to hold it in VRAM, but for some reason Ollama was choosing to run them on CPU.

After trying to figure it out from logs, I asked Claude to help out a bit and it came up with the pretty daunting finding:

The logs tell the story clearly. Both your GPUs are detected but then filtered out because they fail CUDA initialization:

  "filtering device which didn't fully initialize" id=GPU-eb132a13-b9f4-40e3-d85d-60f211dfd21e ... library=CUDA
  "filtering device which didn't fully initialize" id=GPU-550263c8-37e2-2a25-c0b6-10cc7511ed20 ... library=CUDA

  The reason is the CUDA library bundled with Ollama 0.17.4 was compiled for these architectures only:

  CUDA.0.ARCHS=750,800,860,870,880,890,900,1000,1030,1100,1200,1210

  The minimum supported compute capability is 7.5 (Turing / RTX 20xx series). Your GPUs are older than that:

  ┌──────────┬────────────────────┬──────────────┐
  │   GPU    │ Compute Capability │ Architecture │
  ├──────────┼────────────────────┼──────────────┤
  │ GTX 1070 │ 6.1                │ Pascal       │
  ├──────────┼────────────────────┼──────────────┤
  │ GTX 970  │ 5.2                │ Maxwell      │
  └──────────┴────────────────────┴──────────────┘

  Neither is in the supported list, so CUDA initialization fails for both, and Ollama falls back to CPU-only inference.

  Your options:

  1. Downgrade Ollama to an older version that still included Pascal/Maxwell support (pre-0.6.x era had broader arch coverage, but check release notes for specifics).
  2. Build Ollama from source with CUDA_ARCHITECTURES="52;61;75;80;86" to include your GPU architectures.
  3. Upgrade GPUs to at least an RTX 2060 or newer (compute 7.5+).

Now, this was kind of a letdown for me, as I want to use the GPUs as much as possible, before moving on to a new one.

I didn’t want to actually rebuild Ollama from source, as it should support things out of the box and I was very confused why it would not, even though the Windows install it supported those architectures.

These cards were also shown on Ollama’s website as supported!

To cut a long story of Googling short:

Turns out that ollama-cuda comes with just the requirements listed above… and the suggestion was to install ollama-vulkan.

After doing that, everything started working very smoothly!

[Linux] Recovering a disconnected `apt dist-upgrade` session

Wed, 23 Oct 2024 00:00:00 GMT

Today I was updating my Proxmox install remotely via the built-in console, but forgot what I was doing and closed the tab mid-way.

This resulted in me being unable to connect again as the packages were already being updated in the background and the upgrade has asked a question to replace a file and waiting for my input.

So I could SSH in, but not do anything, as it was still waiting for input on a console that I could not connect to, as it was not opening the UI.

After a quick look around, I stumbled upon a Serverfault thread mentioning using reptyr to take over the terminal session over SSH.

Adding here what exactly was done, to be able the session back and finish the upgrade:

From this comment:

git clone https://github.com/nelhage/reptyr
cd reptyr
make install

This installed reptyr on the machine.

Then I looked for all the open sessions with ps ax | grep pts to find the process I was looking for.

Then I found the parent-most process in the call tree that has pts assigned to it and attached to it via it’s PID:

reptyr -T 1390511

Then I could finish the upgrade! 🎉

[Linux] Syncthing – read-only file system when running as service

Wed, 06 Apr 2022 00:00:00 GMT

I’ve been using Syncthing for a while to synchronize my working copy with a local dev server for a few months.

At first I was using it by logging in and running it manually through the CLI. It was working well, so I didn’t think twice when I moved to run it as a service. It started, it synced some data, everything was fine.

Until it wasn’t, of course! 🙂

Turns out that I didn’t notice a bunch of errors cropping up in the logs mentioning that the filesystem on the dev server is read-only and it was causing Syncthing to not sync anything.

I thought it was a bug and it was just showing Out of Sync for the folders, but it was actually syncing. Well I was wrong.

After debugging for a few hours and not finding any clues whatsoever in the forums through a few Google searches, I landed on an Syncthing article on the ArchWiki, mentioning my exact case:

read-only file system error on /etc although run as root

This was my exact usecase, apart from the problematic folder not being /etc, but /usr/local/src.

Well, after reading what it said, it turns out that if you run Syncthing (or anything) via systemd and you have ProtectSystem set for the service to full, it will make some directories read-only by default. /usr is one of those paths.

To fix it, you need to add a new line in the service config and restart the service (and daemon-reload):

ReadWritePaths=/usr/local/src

After this Syncthing should work fine.

[Linux] Running multiple commands on multiple servers in parallel

Mon, 19 Apr 2021 00:00:00 GMT

I have a cluster of Raspberry Pi’s at home running Docker Swarm. To keep up with things, they’re using the same configuration – users, Docker versions, etc.

Sometimes some of the updates require running the same thing on all the nodes of the cluster – for example – creating a new Docker macvlan network.

To do this, one has to either run the same commands on all the nodes manually, by ssh-ing in each and every one, running the commands and moving on to the next one.

Since I’m trying to reduce my work in the long run and to make things as organized as possible, I started looking into ways to run commands on all the nodes at the same time.

Iteration 1: Custom Python script

The first iteration of doing this was to create a custom Python script. One side of this was to learn Python a bit better, the other side was that I couldn’t find a good way to run commands in more native way.

As one can expect (hey, still having little experience in the language 🙂 ), it became bloated mess pretty quickly and was very prone to breakage.

I had to find another way to do this, without having to re-learn what I did 3 weeks ago and what broke the last time.

Iteration 2: `pssh`

Googling around I stumbled upon [pssh](https://linux.die.net/man/1/pssh) that can run things in parallel via SSH.

All things considered, it was pretty easy to get it up and running.

The problem was that to run some of the things I needed to be able to do them via sudo. Passing passwords around wasn’t the best, so I had to search around again to figure out how to send the sudo password when the remote server asked for it.

Turns out it’s pretty easy if you stumble upon the right StackOverflow comment.

The TL;DR; version is:

stty -echo; printf "Password: "; read PASS; stty echo; echo "${PASS}" | \
pssh -h <HOSTFILE> -o /tmp/output -t 0 -I "`cat ./commands.sh`"

The -I "`cat ./commands.sh`" is required to be done like this (surrounded in quotes and backcquotes like this), otherwise it doesn’t properly run the commands. The password is going to be sent as a command separately and not picked up as an input to sudo.

The other catch is that because of the way this is set up, one needs to run sudo with the -S parameter, to pick the password input properly.

Guessing a numeric zip file password only with command-line utilities

Mon, 14 Sep 2020 00:00:00 GMT

Today I received my monthly invoice from my internet provider and something struck me as weird.

The invoice, contained in the mail was in a ZIP file with a password.

Not to say how strange it was to receive an attachment as a ZIP file in these days and times (spam, malware, phishing, etc.), the password they chose struck me as very weak.

It’s the account holder birthday in the format YYMMDD.

I ran a very crude calculation in my mind while at the gym and it came out as very few possible combinations. After using an online tool to calculate how many days have passed (since not all combinations would result in a valid date) since 1900-01-01, turns out the combinations are just 44,075 (until 2020-09-14).

Knowing that optimized tools that use GPU power to crack hashes can make guesses in the millions per second, I wanted to see how quickly the password can be guessed without using them and using just the Linux/macOS CLI (as I only had access to a VPS in the gym).

I came up with the following code that works on macOS:

echo {1..44000} | xargs -P 16 -n 1 -I{} date -v "-{}d" +"%y%m%d" | xargs -P 16 -I{} sh -c 'unzip -qqoP "{}" 0417160508.zip && echo "{}" && exit 255'

The command is pretty simple in it’s workings, even though it seems complicated.

echo {1..44000} generates the numbers from 1 to 44,000 and passes them on to the next step.

xargs -P 16 -n 1 -I{} date -v "-{}d" +"%y%m%d" – takes the input from the first step and generates dates in the format YYMMDD by leveraging date‘s functionality to “augment” a date with specific amount. In this case it would take out X days from the current date. Where X is the number generated in the first step. This way we can generate dates from today back to 1900s.

The third step is the more interesting, so I’m going to split it in two parts:

xargs -P 16 -I{} sh -c '...'

This takes the generated dates from step 2 and runs a command on each of those dates. -P 16 here means that it’s going to run this in 16 parallel processes, to make sifting through the data faster. The same trick is applied to step 2 to speed up the date generation.

The second part is where the guesses happen:

unzip -qqoP "{}" 0417160508.zip && echo "{}" && exit 255

What this does is it first tries to decompress the zip file using the password generated in step 2. If it’s successful it would print out (echo) the guessed password and then exit 255 forces xargs to stop running. We don’t want to continue guessing if the password was found.

All in all, it was pretty bad decision to choose this as the password for the file, because running the above command takes only about 10 seconds to guess the correct password for my invoice. Not much more for anyone else.

Dealing with spaghetti code in PHP: Using anonymous functions to extract pieces of template code

Sat, 08 Aug 2020 00:00:00 GMT

Recently I’ve been helping out a friend with trying to make sense of some code and how to modify it to work well with asynchronous calls to the backend. A bonus would be to be able to write it in a more modular and reusable way.

The code is a WordPress plugin that was written with very legacy approach – mix of business and frontend logic in one place. Data manipulations done in the middle of template code and such.

Basically what you’ve seen in PHP sites back in the early 2000s before all the awesome OOP additions to the language and bunch of mature frameworks.

The case I was chipping away on today was the following – you have a table that shows bunch of entries. We needed to add several filters to the table and make it work via AJAX to quickly refresh the UI, without reloading the whole WordPress Admin page.

Filtering the data was easy – a quick inline array_filter to filter the data before it was passed down to the template code (to keep the same code style this was also in the template file 😇).

The problem came when we started working on making the table renderable over AJAX.

It’s in the middle of a bunch of other template and business code. If we wanted to limit the output via AJAX only to the table we had only a few ways to achieve that.

The first way would be to wrap the HTML before and after the table in HUGE if statements to make sure it’s not rendered.

Another way would be to extract the template in a separate file and to include it in the AJAX action that we would define in plugin’s code.

Anonymous functions to the rescue!

Thinking of how to deal with this in the easiest possible way, I tried defining a normal PHP function that would contain the table code, but there was a problem.

The code runs contained in a class method. There are references to $this in the table template. If we don’t want to change the code too much, we would want to pass $this as a function argument. Well that doesn’t quite work as you can’t pass $this as parameter 🤷‍♂️.

I was a bit disappointed that we’ll have to rewrite bunch of stuff in the template and there were quite a few references that we wanted to be aware of, so it keeps working.

Then I remembered that the site doesn’t run on PHP5.2, but PHP7 and anonymous functions would be supported.

And they have the nifty feature where you can define what variables from the calling scope will be passed down to the function when it’s called. For example:

$table_function = function() use ( $pages, $current_page, $items ) {
    // ... Table render code
}

This will allow you to directly reference $pages or $items in the function body.

The awesome feature here is that you can also pass $this as a variable in the function scope!

Now we were able to fully extract the table rendering code in a separate function that we can call in isolation during the AJAX call!

Of course one must be very careful about the variables used inside the function body as they have to be defined, so be careful where the AJAX function can be called.

For us, this would mean that we will add a tiny action in the main class that would still require the file, but we’ll have more control on disabling all the other outputs that will happen.

Arduino/ESP32: Disabling the task watchdog

Wed, 29 Apr 2020 00:00:00 GMT

Recently I’ve been playing around with ESP32’s multicore functionality and task pinning to specific cores.

I was using AutoConnect to support WiFi connection without storing credentials in the code and provide OTA updates via the web UI.

This was for a project that was going to control some CPU 4-pin PWM fans that are in my server closet, to cool the air inside. For that I wanted to split the logic in two tasks.

One task to handle API’s, sensor reading, updates, WiFi, etc. and one task to handle the interrupt and PWM control of the fans.

All was good, tasks were created, but when running the code, if I get the ESP32 in the mode where you need to connect to it to tell it to connect to your WiFi network, it started exhibiting a strange behavior – it started to reset the controller every few seconds and I couldn’t make the connection work.

That was annoying time, having to unmount the controller from it’s place and connect it to USB to flash a new firmware.

After doing the above I noticed that the error was coming from the watchdog:

Task watchdog got triggered. The following tasks did not feed the watchdog in time:

IDLE (CPU 1)
Tasks currently running:
CPU 0: ManageTask
CPU 1: ControllerTask

Looking around, it seems that this is triggered by the ESP32’s Task Watchdog, which makes sure the tasks get their turn to execute on the CPU.

And it also seemed that AutoConnect wasn’t very flexible when working in a Task context, compared to running outside of one, directly with all the other code and functionality.

Digging around a bit and trying different things, it seems that the easiest way to get oneself out of this situation is to just disable the watchdog and hope that things get executed in time 🙂 The task is not mission-critical, so it’s fine to wait more time for it to complete what it’s doing.

To disable the watchdog, you need to do two things:

First is to Include the esp_task_wdt.h header. To do that, add #include <esp_task_wdt.h> to your include section

Second, make the watchdog not reset the controller and wait more time. To do this, you need to add esp_task_wdt_init(30, false); at the start of your Task code.

void manage_core_task(void *pv_parameters) {
    esp_task_wdt_init(30, false);
    // .... rest of the code ...
}

This will set the watchdog timeout to 30 SECONDS and disable the controller reset if it’s triggered.

If you want to have the controller still reset after the watchdog is triggered, change the second parameter of the function call from false to true.

Setting up a YubiKey for Git commit signing

Wed, 08 Jan 2020 00:00:00 GMT

I’ve been using a YubiKey as a 2-Factor Authentication key and to sign my Git commits. Until a few days ago I’ve been using a YubiKey 4. Since my current computer doesn’t have any USB-A ports, I’ve been juggling a USB-A-to-USB-C adapters in my backpack and using the key has been a hassle for the last year. That’s why I decided it’s time to move to my “new” YubiKey 5C to gain the benefit of not having to juggle those adapters.

I’ve actually had the key for a while, as I ordered it together with a replacement YubiKey 4 that I got because of the Infineon TPM issue they identified, but only now I decided it’s time to move to the new key.

The other reason to do it now is because my old GPG keys expired and I had to reissue them, so I can use the key to sign my Git commits.

GPG madness

If you’ve dealt with GPG keys in the past (or currently) you know that it can be pretty hard to get it up and running properly and safely for someone who’s never done it before. Keeping master keys offline, shuffling public keys, reissuing keys after they expire, possibly signing them with previous keys to verify them, revoking keys… It’s not easy to follow the best practices even in theory. When it comes to following them in practice, things get extremely complicated.

Most tutorials online refer to using the CLI to generate your keys, navigating menus with a non-common design pattern and are general pain to get them up and running. Most tutorials say use an offline machine like a Raspberry PI and/or generate the master keys and sub-keys while offline and keep the master key off your computer.

🤯

I’ve been dealing with this each start of January for the past almost 4 years. I dread the moment when I get the following error, noting that my signing keys have expired.

error: gpg failed to sign the data
fatal: failed to write commit object

This year I decided it’s time to try to make this process much easier and to use the in-built certificate generation and avoid the whole hassle with dealing with GPG key generations and such.

YubiKey on-key keys generation

With this we still have to use the CLI UI, but it’s a bit more obvious as it has fewer steps.

First we have to set up our card/device.

Card/device setup

Run gpg --card-status in the terminal and you should see something like this:

Reader ………..: Yubico Yubikey 4 OTP U2F CCID
Application ID …: <Serial number>
Version ……….: 2.1
Manufacturer …..: Yubico
Serial number ….: <Device serial number>
Name of cardholder: unspecified
Language prefs …: en
Sex …………..: unspecified
URL of public key : \[not set\]
Login data …….: <e-mail or nothing>
Signature PIN ….: not forced
Key attributes …: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 9

If you see something similar and no errors show up, you should be fine to continue.

Run gpg --card-edit

You will land in a CLI UI, showing the same information at the start and then a command prompt at the bottom gpg/card>.

Type admin and press return/enter.

You can now type help to figure out how to change the owner information and PINs for the card.

One thing that you MUST do is change the default PINs for the card. There are two of those. The first one is the PIN key you use to access the keys on the card. The second one is the “Admin” PIN or PUK (Personal Unblocking Code).

To do this type passwd and you will see a menu:

gpg/card> passwd  
gpg: OpenPGP card no. <Serial number> detected

1 - change PIN  
2 - unblock PIN  
3 - change Admin PIN  
4 - set the Reset Code  
Q - quit

Type 1 and follow the prompts to update your pin. The default PIN is 123456.

After completing that, choose 3 to change the Admin PIN. The default is 12345678.

After having both pins changed, go back to the main menu to finish updating the key information.

The commands you can use are:

name – to change the cardholder name
login – to change the cardholder e-mail address or login

After that we can move on to the actual key generation.

Key generation

Now it’s time to actually generate the keys.

To do that, type generate.

You will be asked Make off-card backup of encryption key? (Y/n), but as mentioned in YubiKey’s documentation, this is only a shim backup and it will not create a full backup of the secret keys, so it doesn’t matter if you reply Yes or No. I reply with No(n).

If there are stored keys on the card you will be asked if you want to replace them:

gpg: Note: keys are already stored on the card!

Replace existing keys? (y/N)

Make sure you’re not going to replace something important that you don’t have backup of and continue with Y. If there’s something important, better to quit the whole process with Ctrl+C.

You will be asked for your card PIN you set earlier.

Then you will have to chose how long the keys will be valid for:

Please specify how long the key should be valid.
        0 = key does not expire
      <n> = key expires in n days
     <n>w = key expires in n weeks
     <n>m = key expires in n months
     <n>y = key expires in n years
 Key is valid for? (0)

If you want the keys to be valid for only 1 year, type 1y.

You will be asked to confirm the expiration date. Check if everything is correct and confirm.

Then you will be asked to enter information about the key owner:

Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: <Your name>
Email address: <Your e-mail>
Comment: <Comment is optional>
 You selected this USER-ID:
     "<Your name> <comment> <your e-mail>
 Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

Type `O` to confirm if everything seems correct.

Then you will be asked for your Admin PIN or PUK. This is required as it will perform a write action on the card.

Then if everything is correct, the YubiKey will start blinking and continue to do so for a while (for me it takes about five minutes or so).

After it’s done you will see the following message

gpg: key <Short ID> marked as ultimately trusted
gpg: revocation certificate stored as '/Users/bisko/.gnupg/openpgp-revocs.d/<LONG ID>.rev' public and secret key created and signed.

Take a note of the <Short ID> as we’ll be using this later.

At this point you can quit the GPG prompt with quit or Ctrl+C.

Now it’s time to save the public key, so we can reuse the key on another computer.

To do so, run the following command:

gpg --armor --export <Short ID> > <Short ID>.asc

This will export the public key to a file named <Short ID>.asc. This will be used in the future if you want to be able to use the YubiKey on another computer or if you lose your GPG configuration.

To restore the public key in your keyring, you need to do:

gpg --import < <Short ID>.asc
gpg: key <Short ID>: public key "Your Name <your@email>" imported
gpg: Total number processed: 1
gpg: imported: 1

A very important note here. If this is a new GPG install or another computer, GPG won’t recognize the keys on the card by itself. You need to run gpg --card-status so it can read the card and pick up the keys on the card.

Setting up Git for signing

To set up Git to sign your commits you need to add the following to your ~/.gitconfig.

Under the [user] section, you need to add (or update) the following line:

signingkey = 0x<Short ID>

Then if you want to sign all your commits, add the following at the end of the file:

[gpg]
  program = /usr/local/bin/gpg
[commit]
  gpgsign = true

This will make Git sign all your commits.

To set up GitHub, you need to add your public key to your profile. To do so, go to GitHub -> Settings -> SSH and GPG keys -> New GPG key.

Then you will see a text box, where you need to paste the whole content of the <Short ID>.asc file we generated above.

If you want to copy the contents of the file (on macOS) you can do:

cat <Short ID>.asc | pbcopy

This will copy the contents of the whole file in the clipboard.

Paste that into the text box on GitHub and click the Add GPG key button.

After that you can try to commit and push to GitHub and you should see the pretty Verified label.

Debugging

Sometimes things don’t work outright. To be able to gather more information you can try the following:

Signing with GPG

First try to sign something with the key:

gpg -s <file>

If this fails, try to figure out why it fails, I’m no expert to help there.

Check out Git’s outputGIT_TRACE=1 git commit -am “test”

This would give you the exact things Git does while it tries to perform the commit and sign it. It would give you a hint why the signing might fail.

From this you can also see that Git executes the following command:

/usr/local/bin/gpg --status-fd=2 -bsau <Key ID>

You can try running this manually to see if it will give you a better error.

e1000e eth0: Detected Hardware Unit Hang

Wed, 18 Dec 2019 00:00:00 GMT

Recently my home server and VM host randomly started losing network connectivity. On the outside it seems that it was still working, but I was unable to access it in any remote way. The ethernet adapter seemed to be on, according to the switch, so the issue must have been somewhere in software.

It wouldn’t be the first time a driver would be the issue of hanging network connection. In the past I’ve been burned by buggy WiFi drivers on Linux and Windows computers.

After digging a bit into the system logs, I stumbled on the following:

vmhost kernel: e1000e 0000:00:1f.6 eth0: Detected Hardware Unit Hang:
vmhost kernel: TDH <0>
vmhost kernel: TDT <1>
vmhost kernel: next_to_use <1>
vmhost kernel: next_to_clean <0>
vmhost kernel: buffer_info[next_to_clean]:
vmhost kernel: time_stamp <10fbc2f81>
vmhost kernel: next_to_watch <0>
vmhost kernel: jiffies <10fbc3871>
vmhost kernel: next_to_watch.status <0>
vmhost kernel: MAC Status <40080083>
vmhost kernel: PHY Status <796d>
vmhost kernel: PHY 1000BASE-T Status <7800>
vmhost kernel: PHY Extended Status <3000>
vmhost kernel: PCI Status <10>
vmhost kernel: e1000e 0000:00:1f.6 eth0: Reset adapter unexpectedly
vmhost kernel: vmbr0: port 1(eth0) entered disabled state

Then it would reset the network adapter and after a bit do it again, until the machine completely goes offline.

Looking for answers online I stumbled upon this ServerFault thread.

Cause

Reading upon different sources and bug reports list, it seems the best way to reproduce the issue is to have high-bandwidth situation on the device, i.e. streaming large amounts of data that would saturate the interface.

In my case it was usually happening when I’m streaming media from the local Plex server to a device. Due to the way the network is set up, the Windows VM that runs the Plex instance has to fetch the media file from a NFS network share on a separate device, transcode it in the VM and then send it to the playback device.

This adds up to a lot of network traffic, usually ~40-100mbit/s, depending on the device that plays the media file and the source media file quality.

The same issue manifested itself when streaming games via Steam Link to our Apple TV. The connection is wired, but it’s not uncommon for the network to drop. I think it’s correlated with the same issue, but will keep an eye for it to see if it will happen in the future after the fix.

Possible fix

Seems a possible fix would be to disable GSO (Generic Segmentation Offload), TSO (TCP Segmentation Offload) and GRO (Generic Receive Offload) on the network interface*:

ethtool -K eth0 gso off gro off tso off

I have applied this to my setup and I’m waiting to see if this will actually solve the issue in the long run.

Footnotes

* These options are related to offloading package segmentation to the network interface controller to reduce CPU usage on the machine. More details can be found in this Wikipedia article.

Snippets: Running a local/private swarm Docker image registry

Fri, 11 Oct 2019 00:00:00 GMT

Today I was trying to generate a Docker image from a Node.js project and I wanted to deploy it on my local test swarm.

Unfortunately if one builds a local Docker image, this image is stored and accessible only to the node it was created on and the other swarm nodes can’t access it.

The way to fix this is to push the image to a Docker registry where it can be pulled from by all the nodes in the swarm.

Creating the registry

To instantiate a registry service in the swarm, run:

docker service create —name registry —publish 5000:5000 registry:latest

This will create the registry service and run it in the swarm, making it accessible to all the nodes in the swarm.

Pushing an image to the registry

To push an image to the registry, you have to do two things – tag and then push the image.

Here’s an example on how to build and tag the image in one go:

docker build . -t localhost.localdomain:5000/:latest

And how to push it to the registry:

docker push localhost.localdomain:5000/:latestUsing the image in a service/container/etc

To use the image in a service or a container, you specify the full path from above, i.e. localhost.localdomain:5000/<image-name>:latest.

Swarm nodes will have access to the image and will be able to pull and run it.

Important note about the registry address

In most tutorials online, the registry URL is given as localhost:5000. Unfortunately this doesn’t work and usually it times out when trying to use it. If we change this to localhost.localdomain it will work!

Not sure why this happens when both localhost and localhost.localdomain resolve to 127.0.0.1.

Snippets: Map Apple Keyboard Section sign key to back quote ( § to ` )

Wed, 31 Jul 2019 00:00:00 GMT

I’ve been using the Apple keyboards for a while, but when you live in Europe it’s not easy to source the US layout ones that I’m used to.

On macOS there’s an “easy” way to remap the keyboard with just a terminal command:

watch -n1 -x hidutil property -m ’{“ProductID”:592, “VendorID”:1452}’ —set ’{“UserKeyMapping”:[{“HIDKeyboardModifierMappingSrc”:0x700000035,“HIDKeyboardModifierMappingDst”:0x700000064}]}’

What this piece of code does is to change the mapping of the Section key ( § ) to write out the backquote/tilde ( `/ ~ ) key.

The watch -n1 -x part does this every second as sometimes macOS likes to lose the setting, usually when the computer goes to sleep or when the keyboard is unplugged and plugged again.

Please note that on some versions of macOS the watch utility is not installed and needs to be pulled through something like Homebrew or MacPorts.

The above code works with the Apple External keyboard with USB and European layout with Bulgarian letters. It might need a slight adjustment to the hex values for keys for other types of keyboards.

A variation of the command works well for the same type of keyboard on the MacBook Pro itself. You just need to swap the position of the 0x700000035 and 0x700000064 values.

I’ve been thinking of writing a tool to automatically do that for me, but at this point I think it’s more worth it to invest and get a new keyboard with the proper layout 🙂

Resetting/Restarting Apple TV remote

Sun, 17 Feb 2019 00:00:00 GMT

Last night during a guest visit, I managed to submerge our Apple TV remote under water. Lack of sleep and unstable glasses result in accidents.

The remote was working well last night, but today it stopped working. Not responding to any actions. I tried bashing it in my hand, shaking water out of it. It didn’t help at all.

We thought that it’s gone and were looking for the rice pack in the cupboards.

I went online mostly as a joke to see if I can try to “restart” it.

A helpful guide pointed me to press and hold the Volume Up and Menu buttons for 2-3 seconds to reset the remote and get it into pairing mode.

I was really surprised when it actually worked!

So if something seems fishy, try to reset the remote first. If it doesn’t work, then you can try the rice and hardware intervention.

TL;DR;

Hold Menu + Volume Up for 2-3 seconds
Wait a few seconds
Try to interact with the Apple TV

bisko.be - Dev

Running Ollama with older GPUs on CachyOS

TL;DR;

Story time

[Linux] Recovering a disconnected `apt dist-upgrade` session

[Linux] Syncthing – read-only file system when running as service

[Linux] Running multiple commands on multiple servers in parallel

Iteration 1: Custom Python script

Iteration 2: pssh

The TL;DR; version is:

Guessing a numeric zip file password only with command-line utilities

Dealing with spaghetti code in PHP: Using anonymous functions to extract pieces of template code

Arduino/ESP32: Disabling the task watchdog

Setting up a YubiKey for Git commit signing

GPG madness

YubiKey on-key keys generation

Card/device setup

Key generation

Setting up Git for signing

Debugging

Signing with GPG

e1000e eth0: Detected Hardware Unit Hang

Snippets: Running a local/private swarm Docker image registry

Snippets: Map Apple Keyboard Section sign key to back quote ( § to ` )

Resetting/Restarting Apple TV remote

Iteration 2: `pssh`