Running docker on Nexus 5

My Raspberry Pi 3 died. It was used for running Plex server. It was running inside docker before the Pi died. I was looking for replacement. I looked into my basement and I found two Google_Nexus_5_(lg-hammerhead) phones. Then the story began…


  • you are fairly familiar with how flashing works, e.g. fastboot stuff.
  • you’ve already running postmarketos on your phone
  • you know what docker is
  • you know that you are probably gonna remove all the fancy UIs from your phone, and switch to postmarketos-ui-fbkeyboard or some console only mode
  • you’d better have a LAN connection on your phone rather than wifi


I can only prove this is working on my phones for now.

1. Edit kernel config

NOTE: before you make any change to kernel, always backup ~/.local/var/pmbootstrap/cache_git/pmaports/main/linux-postmarketos-qcom-msm8974/config-postmarketos-qcom-msm8974.armv7


pmbootstrap kconfig edit postmarketos-qcom-msm8974

where qcom-msm8974 is for my Nexus 5. You need to figure out what’s for your phone.

You have 2 options to learn what to set when configuring the kernel:

You can see the changes I made to my kernel config at

BTW – I’ve got a Ugreen USB 2.0 network adapter hooked, so I took the chance and selected

Device Drivers => Network device support => <*> USB Network Adapters => <*> ASIX AX88xxx Based USB 2.0 Ethernet Adapters 

2. Build the kernel

pmbootstrap build linux-postmarketos-qcom-msm8974 --force

I had to add --force otherwise it won’t build.

If everything is successful, you should find something like below


3. Install the kernel

Get the linux-postmarketos-qcom-msm8974-5.9.0_rc4-r0.apk copied onto your phone and do

sudo apk add -u linux-postmarketos-qcom-msm8974-5.9.0_rc4-r0.apk

Just in case, I also copied /boot/boot.img-postmarketos-qcom-msm8974 to local as boot.img, boot to bootloader and did

fastboot flash boot boot.img

Reboot the phone and run again to see if anything missing. My experience is you don’t need everything enabled.

4. Install docker

Boot to your phone, assuming you have a pretty good internet connection, then do

sudo apk add docker

Not only this installs docker, but also an important service containerd.

5. Get docker daemon running


sudo service docker start

We are not there yet. This first-time boot is for creating files, directories, group it needs. The docker command won’t work because of couple things that have to happen at boot time below.

DO NOT make docker to start on boot or you will get “can’t load program: function not implemented: unknown.” error.

BTW – If you hate doing sudo docker... everytime, you can optionally add yourself to docker group by

sudo vi /etc/group

Now reboot so at least containerd service is effective, in terms of automatically mounting cgroup2 to /sys/fs/cgroup.

sudo reboot

After reboot, do

sudo service docker start

You should see something like

Sudo service docker start.png

which you won’t see if you tried to start docker service before the reboot.

6. Verify things are good

Docker info.png
health check
Docker run hello world.png
Docker run fedora.png

What’s next?

It’d be fun to have kubernetes running on this little device. Not sure if I should go with k3s or microk8s.


最近 Windows 10 的锁屏壁纸都很赞

顺便分享一下 wsl 下如何找到这些图片的命令:

$ for asset in `file -i $(wslpath $(cmd.exe /c "<nul set /p=%UserProfile%" 2>/dev/null))/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/* | grep png | awk -F':' '{print $1}'`; do echo cp $asset /tmp$asset.png; done

输出是一堆 cp 命令,需要执行的话把 echo 去掉就行了。

cp /mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/04f9bd3de104a427ca557d53f05747c382a62bc3efb2422a0ba9bbe8aa21e757 /tmp/mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/04f9bd3de104a427ca557d53f05747c382a62bc3efb2422a0ba9bbe8aa21e757.png
cp /mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/1181ec5a0c631705dcaded34f58a171b842ed6783274b4bc7122e66eaa498a67 /tmp/mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/1181ec5a0c631705dcaded34f58a171b842ed6783274b4bc7122e66eaa498a67.png
cp /mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/ffadc5cae56e18df849d64d219b374745eb3f046a01a7ff3316c0ce4eb5d3c64 /tmp/mnt/c/Users/xiaoh/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets/ffadc5cae56e18df849d64d219b374745eb3f046a01a7ff3316c0ce4eb5d3c64.png


Relying on complex tools to manage and build your system is going to hurt the end users. […] “If you try to hide the complexity of the system, you’ll end up with a more complex system”. Layers of abstraction that serve to hide internals are never a good thing. Instead, the internals should be designed in a way such that they NEED no hiding.

依赖复杂的工具来管理整个系统的结果是给最终用户带来恶化的体验。[…] “如果你尝试隐藏系统的复杂性,于是就得到一个更加复杂的系统。” 为了隐藏内部机制而设置抽象层并非良好的架构方法,而应该把内部机制设计得精良而无需隐藏。

— Aaron Griffin

在 k8s 中开一个 shell

经常需要一个远程临时的 shell 做些什么事,比如实验一下某个需要运行一晚上的脚本,用完环境就扔了。在 AWS 或者 Azure 上开一个新的 VM 总是感觉不够快捷,也不想专门浪费一个 VM 的资源为这个目的留着。

还好我有个 Kubernetes 下创建 pod 的权限,这下就方便多了。

首先创建一个 shell.yaml 来描述一个可以运行 bash shell 的 pod(容器镜像用的是官方的 bash 镜像):

apiVersion: v1
kind: Pod
  name: shell
    purpose: shell
  - name: shell
    image: bash
    command: ["tail"]
    args: ["-f", "/dev/null"]
  restartPolicy: OnFailure

然后执行下面的命令来创建这个 pod:

$ kubectl apply -f shell.yaml
pod/shell created

成功之后,就可以通过下面的命令获得一个远程的 shell 环境了:

$ kubectl exec -it shell -- bash --login

这个新创建的环境是基于 alpine linux 的,自然什么工具都没有自带。需要什么工具,只要用 apk add 命令安装就好了。我因为工作需要一般都会安装下面这些工具:

apk add git
apk add nodejs-current
apk add npm
apk add python3

如果想从或者向这个 pod/shell 复制文件的话,用下面的命令就好了:

kubectl cp ... ...


人们总是说迈出第一步是最难的。其实不对——最难的是第二步。往往接触一个新事物的时候,人的好奇和兴奋大于紧张和恐惧。各种名人传记里说第一步难的,都是得瑟,真的。而当第二个机遇摆在面前的时候,却早已习惯了第一步驻足在的地方。习惯了那里的人和物,习惯了各种形色,再也迈不出那双肥腿。《Inception》 里说,当在一个梦里久了,你会忘记当年梦想,然后“困”在那个层次,很难再走出来,直到死亡。现实也是如此。一个人从学校里出来的时候,两手空空。只有怀揣一把子冲劲,从一个结束走向另外一个开始。如果没有想过计划下一个结束和开始,那么一定有一天会突然惊醒,然后“掐指一算,都已是风烛残年1”。

今天看新闻,说 Google 换 CEO 了。Eric 在给这个公司贡献了十年之后,回到了二把手。人们早已习惯了 Google 各种创意的鬼点子,结果前进变成了定格,匀速发展成为了静止。当习惯成为了主导,丢失的就是方向。那么一切改变都是必要的,无论好坏。





Life is Like a Boat


Nobody knows who I really am
I never felt this empty before
And if I ever need someone to come along,
Who’s gonna comfort me, and keep me strong?

We are all rowing the boat of fate
The waves keep on coming and we can’t escape
But if we ever get lost on our way
The waves would guide you through another day

Far away, I’m breathing, as if I were transparent
It would seem I was in the dark, but I was only blindfolded

I give a prayer as I wait for the new day
Shining vividly up to the edge of that sea

Nobody knows who I really am
Maybe they just don’t give a damn
But if I ever need someone to come along
I know you would follow me, and keep me strong

People’s hearts change and sneak away from them
The moon in its new cycle leads the boats again

And every time I see your face
The ocean heaves up to my heart
You make me wanna strain at the oars, and soon
I can see the shore

Oh, I can see the shore
When will I see the shore?

I want you to know who I really am
I never thought I’d feel this way towards you
And if you ever need someone to come along,
I will follow you, and keep you strong

And still the journey continues on quiet days as well
The moon in its new cycle shines on the boats again

I give a prayer as I wait for the new day
Shining vividly up to the edge of that sea

And every time I see your face
The ocean heaves up to my heart
You make me wanna strain at the oars, and soon
I can see the shore

We are rowing the boat of fate, but the waves keep attacking us
But isn’t that still a wonderful journey? Aren’t any of them a wonderful journey?

This is it…

24 号因为身体微恙,没有参加当天的全球 Thrill The World 的活动。排练了一个月,很可惜。所以今天把全部的致敬都放在了这部纪录片上。本来是 28 号首映,但是惊喜发现今晚九点就有第一场了。于是安静地呆在办公室里加班,准备到时间准时出发去影院。

多谢小 A 提前帮忙买了电影票,以防人多爆场没有位置。后来才发现这个担心是多余的。虽然观众人数跟其它好莱坞大片不能比,但是还是能看到一些粉丝。电影还没有开始,就四处发 MJ 的 Sticker 贴在身上。影院也贴心地制作了钥匙链当作首映的礼物。

本来一开始那些粉丝看上去还要准备映后唱歌跳舞一番以表达敬意,但是近两个小时的放映之后,看到的只有沉默。对于我这个 15 年的老麦粉来说,绝大部分排练都似曾相识。感觉看到的不是新鲜的抢夺眼球的舞台特效,反而有一种感觉,就是他曾经回来过。

一个人活了 50 岁,却一丝不苟地从事了一个职业 45 年。片中有一个演唱会合作的歌手评价说,没有任何一个瑕疵可以逃过 MJ 的眼睛和耳朵。任何一错误都要更正从新来过。一切都是为了 Fans。熟悉的舞蹈和旋律,让人感觉时间从来都没有前进过。然后突然地,他就走了。喜欢麦当娜在之前MTV ‘09 的颁奖开幕上说的:Michael Jackson 前无古人后无来者,他当之无愧的 King of Pop。


Timeless 可啦思刻

听方大同有一段时间了。一开始听那独具特色的转音还觉得不错,直到后来听到没感觉,甚至有些厌烦。只是在开高速时来不及换歌的时候,才勉强连续听几首不疼不痒的。今天偶然听了他的翻唱专辑《Timeless 可啦思刻》,皆因为其中那首翻唱 MJ 的《Bad》,然后觉得原来好听的歌应该是这样简单的。


1 – You Are The Sunshine Of My Life

第一次听这首,其实并不是 Stevie Wonder 的原唱。而是 MJ 在很小的时候翻唱过的录音。听大同的演绎,加上黄韵玲的那装嫩的 Background,感觉不俗。制作人蛮有心的,是接 MM 出去约会时人家款款坐入副驾时第一首应该听到的,很是浪漫。

2 – Nothing’s Gonna Change My Love For You

第一感觉是一个阳光沐浴的下午唱给 MM 听得一首歌。可惜编曲不是 Unplug,否则那突现的 Vocal 会更加迷人。有机会我要学会这首。

3 – Bad

从来没想过评价神的作品。听了只会让人难过。Gone too soon……

4 – 狂潮

这张专辑里唯一的一首粤语作品。说实话,可能是因为大同在夏威夷长大的原因,他的广东话的歌曲听起来从来都是带着西洋味的。能听得出来大同在这首歌的演绎里尽量减少那种 R&B 风,唱得很有诚意,应该会打动很多来自南方的 MM。

5 – La Bamba

最喜欢的南美风 + 爵士 + 不插电就是这首了,仿佛回到了圣地亚哥。到了后来萨克斯还有钢琴互咖的环节,让人完全有进入了一家高档墨西哥餐厅的感觉。其实,开车载 MM 兜风的时候听这首也不错。听不懂歌词,所以不做更多评价。

6 – 红豆

菲的经典曲目,被大同一唱又是另外一番感觉。如果你会吉他的话,然后加上那么一点点他的灵乐口音,这又是一首泡妞的杀手锏曲目。虽然中间有一段让人又有了文首那种不痛不痒的感觉,但后来 Bridge 回来的那段效果还是蛮让人刮目的。帅哥们应该学会这首以后,在清晨 MM 还没醒的时候打电话过去唱,必杀。

7 – Georgia On My Mind

如果听完上面的 La Bamba 然后直接跳到这首舞曲,一定会有一种北上加州的感觉。除此之外,并没有太多其它感觉。开高速的时候会跳过吧。

8 – 记得

可能听歌不多的缘故吧,一开始听到这首竟然没有听出来是阿妹的歌。大同改的实在太多了,不过我要说改的不错。特别是从颓废启承转折到假音然后再到暇意的那种感觉,让人回想倒带再听一遍。应该是一首洗澡的时候或者装电灯炮的时候让 MM 听到的歌,必杀。

9 – Wonderful Tonight

终于有一首感觉像 KTV 应该点到的歌了。像一开始的评价那样,简单的歌才好听。生日、婚宴、派对、追 MM 的晚上唱这首应该蛮应景的吧。

10 – Moon River

对我来说听歌名次数最多,听歌曲本身次数最少的一首歌。应该算是名曲吧,可是一直没有什么感觉。不过让他这么一唱,还是听出点味道的。Background 那个 Jazz 吹得挺赞。早上唱完《红豆》,晚上应该唱这首催 MM 睡觉了。


Stupid Me

Just found that the blocking list in my hotmail account is full of many non-spam email addresses and some of them are even from my friends. I don’t remember why their email addresses are blocked and I am pretty sure it’s really accidental. If you’ve sent any email and heard no reply from me because of this, please let me know and I give you permission to kick my butt for free.


Having just watched the video Lego teams up with Microsoft Robotics on Channel 10, it reminds me the Lego project in my final year of undergraduate and the AIBO Dog Project I have done during the Summers of 2003 and 2004.


There were 6 people in the team for Lego project and I was the main developer. It is a wheel based robotic vehicle built using Lego Mindstorms, and it is able to travel through a maze using its light sensors at two sides and one touch senser in the front. The algorithm in the vehicle keep obtaining sensor information repeatly, once initiated. It compares the data from two light sensors and aligns itself in the middle of the road. The touch sensor basically tells if it is blocked. Click image on the left or here for the video.
2 software engineering principles was targeted when doing the implementation:

  1. Something bad will never happen.
  2. Something good will eventually happen.

To ensure this, the algorithm checks the timer and counts how long has elapsed since the touch sensor last triggered. Since the maze is finite and it is impossible the vehicle is not blocked forever. If so, the only possibility is that the vehicle is stucked, causing running forward no more. Thus, if the waiting time is long enough, a time out will be signaled and the vehicle will move back a little bit and try a different angle in a random degree. Therefore, something bad (blocked forever) will never happen, and something good (escaped when stucked) will eventually happen.

The first video image send from AIBO camera.In contrast, AIBO Dog Project is more interesting. I created an software suite for the AIBO robot system which allows to do several things, such as

  • Head controlling in real-time by pointing devices.
  • Motion playing back, such as walking forward, backward, turning, etc.
  • Audio streaming and full screen video streaming

The suite contains a server, to be run on AIBO, and a client, to be run on the remote PC. They communicate in TCP/IP once the server is connected by a client. Unforunately, there is no video for the project. Pictures are here:


Today, from iRobot to Canada Arm; from manual controlled to fully automated, robots are not just a focus in education and entertainment. The potential robot market is slowly opening and there are companies interested in this new business, such as Robotics Studio just announced from Microsoft. Who else?



Booso一个有意思的地方,是6e提出的“网页信噪比”的概念。具体是什么不太清楚,感觉起来NB1。搜了一下 ,结果如下:

Result for




1 NB = Not Bad
2 NB = 牛X

Comments on Microsoft and H1-B Visa

By reading Priya’s post [Technical Careers @ Microsoft] today, it seems that the quota on H1-B visa for working in U.S. this is getting this software giant more head ache. Actually on May 25, 2006, its chairman Bill Gates had already made a statement regarding this issue. I suspect there are many other U.S. companies which are highly demanding on technology professionals are suffering from this problem too.

While there are many talented attorneys at Microsoft are working very hard on many petitions, I am wondering if Microsoft has ever thought about an alternative solution to get smart people without restricted by limitations such as visa quota. Inspired by the fact that Microsoft has settled R&D departments in China and India, an idea has came to me: Why not set up another R&D department in Vancouver, BC, Canada?

By checking a map, we see that it is only 2~3 hours driving from Redmond to Vancouver. This is very different from other R&D departments far away from United States, that the advantage of distance can make the corporate communication very tight. Yes, you are right that Microsoft is well known of long distance collaboration and there are many cases that the developers in Shanghai and Redmond working together seamlessly. But what is suggested here is more of an extension to the headquarter rather than another subsidairy company.

The most important point is that, obtaining a working visa in Canada is much less time consuming than doing the same thing in U.S., which make it a solution to the current visa quota. Intuitively, such change is going to accelerate the overall product development with no doubt. There are many products out there are develop to help the collaborative development, such as its own product Live Meeting.

I believe there must be some other people share the similar idea with me, but certainly I am not familiar with laws and other limitation involved in this idea . So, correct me if I am wrong. =)