Running docker on Nexus 5

My Raspberry Pi 3 died. It was used for running Plex server. It was running inside docker before the Pi died. I was looking for replacement. I looked into my basement and I found two Google_Nexus_5_(lg-hammerhead) phones. Then the story began…


  • you are fairly familiar with how flashing works, e.g. fastboot stuff.
  • you’ve already running postmarketos on your phone
  • you know what docker is
  • you know that you are probably gonna remove all the fancy UIs from your phone, and switch to postmarketos-ui-fbkeyboard or some console only mode
  • you’d better have a LAN connection on your phone rather than wifi


I can only prove this is working on my phones for now.

1. Edit kernel config

NOTE: before you make any change to kernel, always backup ~/.local/var/pmbootstrap/cache_git/pmaports/main/linux-postmarketos-qcom-msm8974/config-postmarketos-qcom-msm8974.armv7


pmbootstrap kconfig edit postmarketos-qcom-msm8974

where qcom-msm8974 is for my Nexus 5. You need to figure out what’s for your phone.

You have 2 options to learn what to set when configuring the kernel:

You can see the changes I made to my kernel config at

BTW – I’ve got a Ugreen USB 2.0 network adapter hooked, so I took the chance and selected

Device Drivers => Network device support => <*> USB Network Adapters => <*> ASIX AX88xxx Based USB 2.0 Ethernet Adapters 

2. Build the kernel

pmbootstrap build linux-postmarketos-qcom-msm8974 --force

I had to add --force otherwise it won’t build.

If everything is successful, you should find something like below


3. Install the kernel

Get the linux-postmarketos-qcom-msm8974-5.9.0_rc4-r0.apk copied onto your phone and do

sudo apk add -u linux-postmarketos-qcom-msm8974-5.9.0_rc4-r0.apk

Just in case, I also copied /boot/boot.img-postmarketos-qcom-msm8974 to local as boot.img, boot to bootloader and did

fastboot flash boot boot.img

Reboot the phone and run again to see if anything missing. My experience is you don’t need everything enabled.

4. Install docker

Boot to your phone, assuming you have a pretty good internet connection, then do

sudo apk add docker

Not only this installs docker, but also an important service containerd.

5. Get docker daemon running


sudo service docker start

We are not there yet. This first-time boot is for creating files, directories, group it needs. The docker command won’t work because of couple things that have to happen at boot time below.

DO NOT make docker to start on boot or you will get “can’t load program: function not implemented: unknown.” error.

BTW – If you hate doing sudo docker... everytime, you can optionally add yourself to docker group by

sudo vi /etc/group

Now reboot so at least containerd service is effective, in terms of automatically mounting cgroup2 to /sys/fs/cgroup.

sudo reboot

After reboot, do

sudo service docker start

You should see something like

which you won’t see if you tried to start docker service before the reboot.

6. Verify things are good

health check
What’s next?

It’d be fun to have kubernetes running on this little device. Not sure if I should go with k3s or microk8s.


最近 Windows 10 的锁屏壁纸都很赞

顺便分享一下 wsl 下如何找到这些图片的命令:

$ for asset in `file -i $(wslpath $(cmd.exe /c "<nul set /p=%UserProfile%" 2>/dev/null))/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/* | grep png | awk -F':' '{print $1}'`; do echo cp $asset /tmp$asset.png; done

输出是一堆 cp 命令,需要执行的话把 echo 去掉就行了。

cp /mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/04f9bd3de104a427ca557d53f05747c382a62bc3efb2422a0ba9bbe8aa21e757 /tmp/mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/04f9bd3de104a427ca557d53f05747c382a62bc3efb2422a0ba9bbe8aa21e757.png
cp /mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/1181ec5a0c631705dcaded34f58a171b842ed6783274b4bc7122e66eaa498a67 /tmp/mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/1181ec5a0c631705dcaded34f58a171b842ed6783274b4bc7122e66eaa498a67.png
cp /mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/ffadc5cae56e18df849d64d219b374745eb3f046a01a7ff3316c0ce4eb5d3c64 /tmp/mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/ffadc5cae56e18df849d64d219b374745eb3f046a01a7ff3316c0ce4eb5d3c64.png


Relying on complex tools to manage and build your system is going to hurt the end users. […] “If you try to hide the complexity of the system, you’ll end up with a more complex system”. Layers of abstraction that serve to hide internals are never a good thing. Instead, the internals should be designed in a way such that they NEED no hiding.

依赖复杂的工具来管理整个系统的结果是给最终用户带来恶化的体验。[…] “如果你尝试隐藏系统的复杂性,于是就得到一个更加复杂的系统。” 为了隐藏内部机制而设置抽象层并非良好的架构方法,而应该把内部机制设计得精良而无需隐藏。

— Aaron Griffin

在 k8s 中开一个 shell

经常需要一个远程临时的 shell 做些什么事,比如实验一下某个需要运行一晚上的脚本,用完环境就扔了。在 AWS 或者 Azure 上开一个新的 VM 总是感觉不够快捷,也不想专门浪费一个 VM 的资源为这个目的留着。

还好我有个 Kubernetes 下创建 pod 的权限,这下就方便多了。

首先创建一个 shell.yaml 来描述一个可以运行 bash shell 的 pod(容器镜像用的是官方的 bash 镜像):

apiVersion: v1
kind: Pod
  name: shell
    purpose: shell
  - name: shell
    image: bash
    command: ["tail"]
    args: ["-f", "/dev/null"]
  restartPolicy: OnFailure

然后执行下面的命令来创建这个 pod:

$ kubectl apply -f shell.yaml
pod/shell created

成功之后,就可以通过下面的命令获得一个远程的 shell 环境了:

$ kubectl exec -it shell -- bash --login

这个新创建的环境是基于 alpine linux 的,自然什么工具都没有自带。需要什么工具,只要用 apk add 命令安装就好了。我因为工作需要一般都会安装下面这些工具:

apk add git
apk add nodejs-current
apk add npm
apk add python3

如果想从或者向这个 pod/shell 复制文件的话,用下面的命令就好了:

kubectl cp ... ...


人们总是说迈出第一步是最难的。其实不对——最难的是第二步。往往接触一个新事物的时候,人的好奇和兴奋大于紧张和恐惧。各种名人传记里说第一步难的,都是得瑟,真的。而当第二个机遇摆在面前的时候,却早已习惯了第一步驻足在的地方。习惯了那里的人和物,习惯了各种形色,再也迈不出那双肥腿。《Inception》 里说,当在一个梦里久了,你会忘记当年梦想,然后“困”在那个层次,很难再走出来,直到死亡。现实也是如此。一个人从学校里出来的时候,两手空空。只有怀揣一把子冲劲,从一个结束走向另外一个开始。如果没有想过计划下一个结束和开始,那么一定有一天会突然惊醒,然后“掐指一算,都已是风烛残年1”。

今天看新闻,说 Google 换 CEO 了。Eric 在给这个公司贡献了十年之后,回到了二把手。人们早已习惯了 Google 各种创意的鬼点子,结果前进变成了定格,匀速发展成为了静止。当习惯成为了主导,丢失的就是方向。那么一切改变都是必要的,无论好坏。





Life is Like a Boat


Nobody knows who I really am
I never felt this empty before
And if I ever need someone to come along,
Who’s gonna comfort me, and keep me strong?

We are all rowing the boat of fate
The waves keep on coming and we can’t escape
But if we ever get lost on our way
The waves would guide you through another day

Far away, I’m breathing, as if I were transparent
It would seem I was in the dark, but I was only blindfolded

I give a prayer as I wait for the new day
Shining vividly up to the edge of that sea

Nobody knows who I really am
Maybe they just don’t give a damn
But if I ever need someone to come along
I know you would follow me, and keep me strong

People’s hearts change and sneak away from them
The moon in its new cycle leads the boats again

And every time I see your face
The ocean heaves up to my heart
You make me wanna strain at the oars, and soon
I can see the shore

Oh, I can see the shore
When will I see the shore?

I want you to know who I really am
I never thought I’d feel this way towards you
And if you ever need someone to come along,
I will follow you, and keep you strong

And still the journey continues on quiet days as well
The moon in its new cycle shines on the boats again

I give a prayer as I wait for the new day
Shining vividly up to the edge of that sea

And every time I see your face
The ocean heaves up to my heart
You make me wanna strain at the oars, and soon
I can see the shore

We are rowing the boat of fate, but the waves keep attacking us
But isn’t that still a wonderful journey? Aren’t any of them a wonderful journey?

This is it…

24 号因为身体微恙,没有参加当天的全球 Thrill The World 的活动。排练了一个月,很可惜。所以今天把全部的致敬都放在了这部纪录片上。本来是 28 号首映,但是惊喜发现今晚九点就有第一场了。于是安静地呆在办公室里加班,准备到时间准时出发去影院。

多谢小 A 提前帮忙买了电影票,以防人多爆场没有位置。后来才发现这个担心是多余的。虽然观众人数跟其它好莱坞大片不能比,但是还是能看到一些粉丝。电影还没有开始,就四处发 MJ 的 Sticker 贴在身上。影院也贴心地制作了钥匙链当作首映的礼物。

本来一开始那些粉丝看上去还要准备映后唱歌跳舞一番以表达敬意,但是近两个小时的放映之后,看到的只有沉默。对于我这个 15 年的老麦粉来说,绝大部分排练都似曾相识。感觉看到的不是新鲜的抢夺眼球的舞台特效,反而有一种感觉,就是他曾经回来过。

一个人活了 50 岁,却一丝不苟地从事了一个职业 45 年。片中有一个演唱会合作的歌手评价说,没有任何一个瑕疵可以逃过 MJ 的眼睛和耳朵。任何一错误都要更正从新来过。一切都是为了 Fans。熟悉的舞蹈和旋律,让人感觉时间从来都没有前进过。然后突然地,他就走了。喜欢麦当娜在之前MTV ‘09 的颁奖开幕上说的:Michael Jackson 前无古人后无来者,他当之无愧的 King of Pop。


Timeless 可啦思刻

听方大同有一段时间了。一开始听那独具特色的转音还觉得不错,直到后来听到没感觉,甚至有些厌烦。只是在开高速时来不及换歌的时候,才勉强连续听几首不疼不痒的。今天偶然听了他的翻唱专辑《Timeless 可啦思刻》,皆因为其中那首翻唱 MJ 的《Bad》,然后觉得原来好听的歌应该是这样简单的。


1 – You Are The Sunshine Of My Life

第一次听这首,其实并不是 Stevie Wonder 的原唱。而是 MJ 在很小的时候翻唱过的录音。听大同的演绎,加上黄韵玲的那装嫩的 Background,感觉不俗。制作人蛮有心的,是接 MM 出去约会时人家款款坐入副驾时第一首应该听到的,很是浪漫。

2 – Nothing’s Gonna Change My Love For You

第一感觉是一个阳光沐浴的下午唱给 MM 听得一首歌。可惜编曲不是 Unplug,否则那突现的 Vocal 会更加迷人。有机会我要学会这首。

3 – Bad

从来没想过评价神的作品。听了只会让人难过。Gone too soon……

4 – 狂潮

这张专辑里唯一的一首粤语作品。说实话,可能是因为大同在夏威夷长大的原因,他的广东话的歌曲听起来从来都是带着西洋味的。能听得出来大同在这首歌的演绎里尽量减少那种 R&B 风,唱得很有诚意,应该会打动很多来自南方的 MM。

5 – La Bamba

最喜欢的南美风 + 爵士 + 不插电就是这首了,仿佛回到了圣地亚哥。到了后来萨克斯还有钢琴互咖的环节,让人完全有进入了一家高档墨西哥餐厅的感觉。其实,开车载 MM 兜风的时候听这首也不错。听不懂歌词,所以不做更多评价。

6 – 红豆

菲的经典曲目,被大同一唱又是另外一番感觉。如果你会吉他的话,然后加上那么一点点他的灵乐口音,这又是一首泡妞的杀手锏曲目。虽然中间有一段让人又有了文首那种不痛不痒的感觉,但后来 Bridge 回来的那段效果还是蛮让人刮目的。帅哥们应该学会这首以后,在清晨 MM 还没醒的时候打电话过去唱,必杀。

7 – Georgia On My Mind

如果听完上面的 La Bamba 然后直接跳到这首舞曲,一定会有一种北上加州的感觉。除此之外,并没有太多其它感觉。开高速的时候会跳过吧。

8 – 记得

可能听歌不多的缘故吧,一开始听到这首竟然没有听出来是阿妹的歌。大同改的实在太多了,不过我要说改的不错。特别是从颓废启承转折到假音然后再到暇意的那种感觉,让人回想倒带再听一遍。应该是一首洗澡的时候或者装电灯炮的时候让 MM 听到的歌,必杀。

9 – Wonderful Tonight

终于有一首感觉像 KTV 应该点到的歌了。像一开始的评价那样,简单的歌才好听。生日、婚宴、派对、追 MM 的晚上唱这首应该蛮应景的吧。

10 – Moon River

对我来说听歌名次数最多,听歌曲本身次数最少的一首歌。应该算是名曲吧,可是一直没有什么感觉。不过让他这么一唱,还是听出点味道的。Background 那个 Jazz 吹得挺赞。早上唱完《红豆》,晚上应该唱这首催 MM 睡觉了。



过去若干个星期对自己的人生意义不同凡响,一个最直接的改变就是我需要更加充分地利用时间,这样才可以早日完成学业。同时,还需要分配一定的课余来学习新的知识,为明年的大挑战作准备。前些天做了一张壁纸贴在了电脑的桌面上(不支持Internet Explorer 7和Windows Vista以下版本),不知道未来的我听不听使唤。


From Main Street To Shen Nan Dao

It’s kind of interesting to find that is useful for gathering people with same topics together.

Douban is a website that allow people to exchange ideas, opinions and other information related to books, music and movies. By using the statistical data from user rankings, top popular publications are iterated in its frontpage, so good songs, novels and movies are introduced. In other words, the contents of the website is an outcome of community collaboration. By specifying one’s location or interest, related audio-visual product or publications which might be interesting to the user are recommended. It guesses your taste!

life on main street

Other than that, it integrates discussion boards and social networking into itself. Are you from Shenzhen and living abroad? Come to join From Main Street To Shen Nan Dao at Douban. Leave your footprint there.

向下一个 Milestone 进发

教授昨天告之我的毕业论文上线了。打开那 404 页的 PDF,我有点不认识这是我的成果。404 是个很有意义的数字,所以花了不短的功夫把家里以前写论文用的草稿全都丢掉,然后也不再每天背着笔记本电脑去图书馆奋战。感觉一切如梦。

最近有几次开车去 Bellevue 的时候,经常会下意识地转到图书馆那个方向。往往看到了一些熟悉的路标,才尴尬地发现走错了路。几次如此之后,慢慢开始怀念有书在手的那些日子。也许,我还是应该找些东西来学的。

image实际上,确实还有很多东西要学。刚入行的时候,经理给了一本《How We Test Software At Microsoft》,却一直没有时间看。另外还有太多太多培训文档在电子邮箱里还是未读。想想两年来没有花太多心思在工作上,真的是错过了很多东西。

一直把这个公司当成另外一所大学,特别是 Project 这个团队,有着独特的资源。一方面是在产品测试过程中在技术上的磨练,一方面是产品本身所包含的项目管理上的知识。同时这两方面又相互结合,以自己的产品做狗粮,把项目管理应用在自身,成为难得的理论与实践的沙盘。