All posts by donn

Fix kubernetes: oci runtime error: applying cgroup configuration for process caused mountpoint for devices not found

Can’t build or push docker container?


oci runtime error: applying cgroup configuration for process caused mountpoint for devices not found

Try restarting docker. If you then get:

Error starting daemon: Devices cgroup isn't mounted

Then it may be time to shutdown and cold-start the machine.

In my case, I didn’t have to install or config anything new. Docker was running fine before this failure. Try restarting docker (eg. systemctl restart docker). If it fails, shutdown and cold-boot the machine. Ensure docker is running. After 129 days of uptime, my docker just got in a weird, bad state.

See also:

Monitor for C64: S-Video in, 4:3 ratio, Soundbar

I was searching for a flat-panel LCD monitor for my Commodore 64, and read the Dell 2001FP is very popular. Just make sure you get one manufactured June 2005 or earlier because Dell changed their panel supplier in July 2005, and people have reported the older panels work better with the C64.

Dell 2001FP (Craigslist) with AX510PA soundbar (eBay).

In addition to being one of the best monitors in its day, it’s equipped with three analog ports: S-Video, Composite, and VGA 15-pin D-sub. Its single digital input port is DVI (DVI-D). I’m using an 8-pin DIN to s-video cable to connect the C64 to the 2001FP. The cable also breaks-out C64 mono audio to left & right “RCA-style” audio connectors. The 4:3 aspect ratio that matches these old computers is getting harder to find.

And it gets better: To my surprise, the 2001FP also has a 12V power OUTPUT port that is used to power an optional AX510PA soundbar (many for sale on eBay). This provides a clean, integrated audio system for the C64. You just need a cable (or adapter) that converts your C64’s audio to a 3.5mm stereo port (mono to stereo as necessary depending on your C64 cable).  The “PA” in AX510PA stands for Power Adapter. The power adapter is a AC to DC wall wart that powers the soundbar, because some Dell monitors did not have an onboard 12V DC that the 2001FP has. So for the 2001FP the power adapter is not necessary; the onboard 12V means less cabling & a neater appearance!

Soundbar is powered by the 2001FP. Love it.

One thing surprised me when I was testing the soundbar: The soundbar emits audio only when the monitor detects a video signal, which in retrospect makes sense and saves electricity. No reason to power the soundbar when nothing is displayed on the monitor.  It’s just that when I was testing the soundbar, I had the monitor powered on (but no computer attached) and naively expected the soundbar to emit audio from my attached iPhone.  Hint: the soundbar has white led in the center (hidden behind the grill) to indicate when it is on.

Verdict: Excellent monitor for retro computing thanks to its s-video and composite inputs. Optional soundbar looks great with clean integration of power fed by the host 2001FP.

Footnote: There’s a round dial on the soundbar’s right side for volume control (see first photo). When the volume dial is at the minimum setting, the dial clicks pleasantly to power-off the soundbar, nice!

Footnote2: The soundbar simply slides into 2 small slots on the bottom portion of the 2001FP.  There is a satisfying click after it is fully slid into place. No tools are necessary.

Footnote3: The stand is very good. Not all monitor stands raise & lower the screen vertically. That is, some rely on tilt for adjusting vertical view. This stand has pan, tilt, and telescopic raise/lower. It also has rotation (if you want the screen in portrait-mode instead of the common landscape-mode). See diagram item #8 below, which unlocks the vertical height adjustment.

Footnote4: There are four USB-A “downstream” ports (2 rear, 2 side). This is basically a USB hub for your peripherals. One USB-B “upstream” port in the rear is where you connect your PC.

Footnote5: The power-in port is a rather unexpected 4-pin, round. Try to find a 2001FP with the power adapter, else you’ll have to buy one off eBay.

Footnote6: C64 video looks WAY better (crisper, less blurry) via the s-video port than the composite port. This was expected, but I was surprised how unbearable composite seemed when compared to s-video; thought they would be closer in quality. Make sure the chroma pin on the 8-pin DIN connector has a 300-ohm (or 330-ohm) resistor, else the color signal will be too strong (results in bad color bleed/distortion). Adding ~300-ohms to the C64’s chroma output results in a video signal closer to the s-video standard, hence better quality.

Footnote7: Very early C64’s had a 5-pin DIN port, instead of the more common 8-pin DIN port.

Dell 2001FP Diagram
Legend for Dell 2001FP port diagram.
2001FP rear ports: 2x USB-A downstream to peripherals, USB-B upstream to PC, soundbar power-out, VGA, DVI, S-video, composite, monitor power-in.  There are two more USB-A downstream ports on the side of the monitor.

Mosh with iTerm2’s Tmux Integration


NOTE! Don’t follow this article, just use Eternal Terminal (et) instead of mosh (and instead of ssh).  It works flawlessly with iTerm2 and tmux.

I have found terminal/shell nirvana on my Mac with mosh + tmux + iTerm2 Tmux Integration, but it wasn’t easy.

My dream setup was these 3 running together:

1) mosh: Runs on client and on server. An ssh replacement that is secured with AES-128 and ssh. Virtually indestructible ssh-like sessions that remain “live” even after you change IP addresses (ie. physical locations), VPNs, or network interfaces. I can login to a server and never need to re-login for *months*. Whenever I open my macbook, my shell sessions are exactly where they were before and ready for the next command.  If your IP address changes while you commute (eg. train) or you are on VPN a lot, you really should use mosh instead of ssh. It’s not just for unreliable connections, I use mosh everywhere because it saves me time.

2) tmux: Runs on the server. Replacement for the old ‘screen’ utility. It allows you to keep active windows (and panes) in a session that remains alive even after you disconnect from the remote server.

3) iTerm2’s Tmux Integration: Runs on Mac. Very cool iTerm2 feature that renders your tmux windows as native iTerm2 tabs. Allows you to scroll back through your tmux window with Macbook touchpad gestures and iTerm hotkeys. Supports iTerm2’s very quick & capable Cmd-F (Find) instead of tmux’s Find.  Supports intuitive text selection and advanced text selection (discontiguous select & copy) built into iTerm. Switching between tabs with keyboard shortcuts. Basically everything you can do in iTerm2 regular tabs, you can probably do with your tmux session rendered by iTerm2’s Tmux Integration. It rocks.


The Problem

The problem is iTerm’s Tmux integration works fine when using ssh, but not when using mosh.


The Solution

With this howto, you can build a patched version of mosh (client and server) that is compatible with iTerm’s Tmux Integration.  Mosh is a small program, so the build is very quick.

Moreover, this howto allows you to try the patched mosh binaries without touching your existing mosh installation. This is done by specifying the ‘–client’ and ‘–server’ options when running mosh.

Once you are happy with how the patched mosh is working, you can move the patched mosh to a location in your path (need to do this on both client and server).

Note, if you are on wifi all the time, you can use Eternal Terminal instead of this howto. I use hard-wired ethernet at my desk and wifi when I leave my desk (eg. walking to a meeting). It so happens, this switching of network interfaces seems to break Eternal Terminal and close my session (in my testing).

In my setup I have a macbook (mosh client) connecting to an ubuntu 16.04 server (mosh server).

First, we’ll build mosh on the Macbook (mosh-client).


Build patched mosh-client on Macbook

Create a directory for the code:

dlee-mbp:~ donn$ mkdir -pv ~/workspace/git/

dlee-mbp:~ donn$ cd ~/workspace/git/

Grab the code:

dlee-mbp:rledisez donn$ git clone

dlee-mbp:rledisez donn$ cd mosh

Checkout the patched mosh branch called “localScrollback-1.3.2”:

dlee-mbp:mosh donn$ git checkout -b localScrollback-1.3.2 origin/localScrollback-1.3.2


Use Homebrew to install dependencies:

dlee-mbp:mosh donn$ brew install protobuf automake pkg-config


Build patched mosh binaries:

dlee-mbp:mosh donn$ ./ installing ‘./ar-lib’ installing ‘./compile’ installing ‘./install-sh’ installing ‘./missing’

src/crypto/ installing ‘./depcomp’

parallel-tests: installing ‘./test-driver’



<See many lines of output>



<See many lines of output>


You don’t have to do ‘make install’ at this point. You can try the binary without installing it (see below).


But, we also need a patched mosh on the server, so next…


Build mosh on ubuntu server

Install debian package dependencies:

Note: Boost (libboost-dev) not needed for mosh 1.2+ so I didn’t install it.

sudo apt-get install automake libtool g++ protobuf-compiler libprotobuf-dev libutempter-dev libncurses5-dev zlib1g-dev libio-pty-perl libssl-dev pkg-config

Build mosh-client and mosh-server:

git clone

cd mosh

git checkout -b localScrollback-1.3.2 origin/localScrollback-1.3.2





Again, you don’t have to ‘make install’ if you just want to try things out.


Running the patched mosh

Locate the path to patched mosh-client on my Macbook:


Locate the path to patched mosh-server on my ubuntu server:



With this info, I can try my first iTerm + tmux + mosh session:

The ‘mosh’ command is found in the ‘scripts’ subdirectory of the source code directory.


dlee-mbp:mosh donn$ scripts/mosh \
--client=/Users/donn/workspace/git/ \


After logging in to, start tmux on remote host:

remote_host$ tmux -CC

[or ‘tmux -CC a’ if resuming an existing tmux session]


… and then see iTerm2 window with Tmux Integration enabled.  Cmd-T to open a new tab.



Switching to patched mosh permanently


Mac: Just put mosh and mosh-client in your path.  To see your installed version of mosh:

$ which mosh

$ which mosh-client


To see your path:

$ echo $PATH


Maybe copy your originals as mosh.orig, mosh-client.orig


Ubuntu server: Same thing but with mosh-server.  Maybe save your original as mosh-server.orig


From this point forward, be aware that normal, standard mosh clients will not be compatible with patched mosh on the server.  If you want to support both, then use the ‘–server’ option when starting a mosh session to specify which version of mosh-server will be run on the server (eg. mosh-server or mosh-server.orig).


Fixing Problems


If your session dies abruptly with an error like the following, it means your mosh-client or your mosh-server is not running the patched version of mosh; it is probably running your normal, installed version of mosh.


Assertion failed: (*i == *my_it), function diff_from, file, line 69.

Abort trap: 6




iTerm2’s Tmux Integration:


Build instructions for mosh:


Patched mosh that supports tmux control-mode (tmux -CC). Original patch by github user 4ast. Rebased on mosh 1.3.2 by rledisez:

At the time of this article, v1.3.2 was the latest stable version for download at


Original patched mosh:

Note: Commit d5bd1d31d86d4003705e69f87466aa7e10f9c5b9 “add support for resize events” is already part of mosh mainline.


“tmux integration hangs when logged in with mosh (ok w/ ssh)”


Homebrew package manager for Mac:

Bounty ($$$) for adding tmux control-mode support to mosh:


Postfix SMTP configuration: Sending (relay) email to Gmail and other Internet mail servers


Postfix Server diagram

This might be helpful for people like me who recently started learning Postfix:
If you want to eliminate the “red padlock” icon in Gmail, you do not need to get a certificate. Mail servers like Gmail don’t require you to have a certificate (aka client certificate) to connect to them over a secure TLS connection, and subsequently send mail to them (however, things like SPF TXT records and DKIM are needed to avoid Gmail marking your mail as spam).

To send mail to Gmail (and others) with TLS and get rid of the “red padlock”, you only need:

smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

…in /etc/postfix/

TLS-security-level “may” (“You *may* use TLS”) means your mail will be relayed even if the other mail server lacks TLS.  This is represented by the BLUE arrow in the diagram showing mail sent to “”. In other words, such mail will be sent unencrypted, but it will successfully reach

“smtp_*” are the parameters for the Postfix SMTP Client (the code that talks to public Internet mail servers like Gmail’s mail servers). The “smtpd_*” parameters are for the Postfix SMTP Server (the code that your users connect to when they need to send email to Gmail or some other public Internet mail server).

Make sure ca-certificates.txt exists in postfix’s chroot “jail” (on my ubuntu server it was: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt). This is a database of certs of well-known CAs that your postfix server needs to know when it connects to Gmail (or other mail server). When your postfix server connects to Gmail, Gmail will present to postfix *Gmail’s server cert*, and that server cert will be signed by one of these well-known CAs.

I’m running postfix 2.11.0 on ubuntu 14.04.

You may configure smtp_tls_ciphers and smtp_tls_protocols, but the defaults are OK and recommended. The default for smtp_tls_ciphers is ‘medium’. If you do ‘high’, there’s a (small) chance some of your mail won’t reach destinations that don’t support the strongest ciphers. The default for smtp_tls_protocols is ‘!SSLv2, !SSLv3’ (disable SSL v2 and v3), which is considered safe; it allows TLSv1.

Svenn ( wrote very helpful articles about how to use LetsEncrypt. Such certs are needed when *your* remote users (email clients) need to connect to your postfix server over a secure TLS connection. That’s another article.

OwnCloud SMTP config error: “A problem occurred while sending the email” (Authentication failed)

Problem: With correct login and password, and correct SMTP settings for Gmail SMTP, owncloud “Test email settings” button fails with:

  • A problem occurred while sending the email. Please revise your settings. (Error: Failed to authenticate on SMTP server with username “” using 1 possible authenticators)

Other symptom (and hint): Gmail login works fine at other locations, home vs. work, for example.

First, in your gmail account settings, change the “Allow less secure apps” setting to ON. This is found at in section “Signing in to Google”. NOTE: This makes your gmail account less secure so you might want to create a throwaway gmail account just for SMTP (that’s what I did). I would not use my valuable gmail accounts:

  • Allow less secure apps: ON

Other things to check:

  • Ensure your owncloud user profile (not owncloud admin settings, but your actual user’s account) has an email address set. This address will receive email from owncloud for password reset email messages and email notifications.  Find your user profile in the upper-right part of the web interface: your_name > Personal.

OwnCloud admin config for smtp:

Send mode: smtp
Encryption: TLS
From address: bob
@ (domain):
Authentication method: Login
Authentication required: [checked]
Server address:
: (port) 587
Credentials:, mypassword

If you don’t use the webui, Owncloud’s {$owncloud_dir}/config/config.php has these text configuration lines for smtp:

 'mail_smtpmode' => 'smtp',
 'mail_smtpsecure' => 'tls',
 'mail_from_address' => 'bob',
 'mail_domain' => '',
 'mail_smtpauthtype' => 'LOGIN',
 'mail_smtpauth' => 1,
 'mail_smtpport' => '587',
 'mail_smtphost' => '',
 'mail_smtpname' => '',
 'mail_smtppassword' => 'mypassword',

Still doesn’t work?  I had to also do the following:

Basically, google is smart and treats logins from different geographical locations with different security restrictions (blocks).  In my case, my owncloud server was a VPS thousands of miles away from my laptop location.  So I guessed that google didn’t like that some random location (my vps) was trying to access my gmail account (even though I had “Allow less secure apps” enabled.

I found a big hint that you can “unlock” or re-auth your google account with the following url:

So basically, to prove to google that my VPS’s IP address is legit, I had to do this UnlockCaptcha from my VPS. BUT, I have no web browser (gui) on my VPS!  Except for ‘lynx’, the shell/cli based web browser!  Lynx does work for passing the UnlockCaptcha url 🙂


Juniper SSG 5 Error when upgrading via USB flash device

Problem: SSG5 (SSG 20) doesn’t upgrade via it’s usb port and reports error “USB flash is not existed. Please insert USB first!”

Solution: You need to use a usb flash drive/stick that is 4GB OR SMALLER!  And formatted FAT (aka FAT16).  FAT32 will probably work too (I haven’t tried).

More detail:

If you are on the SSG’s console, you will see the following error if you attempt to use a usb flash device bigger than 4GB:

“Usb disk size is larger than 4G.Mount failed!”

When you use a 4GB or smaller usb flash disk, you will see success:

“usb device (usb) ready.”

Again, this is on the SSG’s console.

Then you can upgrade via usb (put the *unzipped* screenos image in the *root* directory of the FAT usb drive):

ssg5-> save soft from usb ssg5ssg20.6.3.0r21.0 to flash

Then reboot:

ssg5-> reset

SSG5/SSG20 is a legacy Netscreen ScreenOS firewall/router.


My reaction to “Warren Buffett: Why stocks beat gold and bonds”

Warren Buffett recently argued for stocks vs. gold (and vs. bonds/currency) in

My take is that, yes, I like to diversify, so I have equities in my portfolio. Some equities are like hard resources and thus similar to gold. Eg. XOM and WMT have physical assets, distribution, and business that is not easy to replicate overnight (or over a decade even). Income producing real estate (and your house) is also a real, physical asset. My goal is to reduce exposure to fiat money and its related risk, and so gold and some stocks are in my portfolio.

I should add that my own personal experience is that it is difficult and risky to think I, or any "experts", can predict what products people will want and subsequently exchange for "what they produce" [as Buffett wrote]. Especially when companies fall out of favor. This is the inherent risk in stocks. When the iphone was released, I thought Blackberry was toast, but there are always "experts" and people who argue the iphone will be a flop; so I cannot be sure my crystal ball is better than theirs. Moreover, when data is released that Blackberry’s market share dropped last quarter, it’s too late to react because the market reflects such news in microseconds.

Anyone can claim that stocks are "the best" but that is because they are using a perfect crystal ball: the past performance of stocks they have cherry-picked to make their argument. This is basically what Buffett and others are doing.

It would be better if such "experts" like Buffett make a FUTURE prediction on a basket of stocks, and then we use a time machine to zip 10-20 years into the future and see if they are right. Expanding on this exercise, we ask them to also declare when they will shift in & out of each stock and how much. The fact they cannot and will not do this, shows the risk of stock investing. Even still, I invest in stocks to the best of my ability by trying to predict the things people will want in the future. Good luck to you and the "experts" in doing the same.

Where Buffett is wrong: Gold has been money to humans consistently for some 3000 years.  His attempt to group it with tulips, seashells, and the like is rather sophomoric.  Because he has been alive for only a few decades and not during the entire 3000 year span, we must give him some slack: He doesn’t have a lot of personal experience with things other than "modern" instruments like paper money and shares.