HP Workstation

The goal of this machine to experiment with mid-range video editing and/or be a monster Virtual Machine Server. It was refurbished, from PC Server Parts Certified Refurbished. It kept going in and out of stock. It arrived in a big box that was well packed with foam, and weighed in around 70 lbs. Once unpacked, the computer itself weighed in at 52 lbs. exactly.

Some facts on the CPU: the Intel Xeon E5-2680 v2 @ 2.80GHz is currently #537 on PassMark [12,530] [single thread 1,789] and is a FCLGA2011 at 115W. It first appeared on the charts 2013/Q2. It is a 10 core 20 thread model with turbo speed of 3.6GHz. The “Dual” PassMark for the E5-2680v2 is 20,678, which is #190 overall rank.

Notes on Ubuntu. The process starts with the 2.5″ to 3.5″ converter and a 1TB SSD. The HP has really nice 3.5″ internal bays, with a SATA backplane already wired for power and data. Just slide the new one in, slide out the 500GB SSD, and boot to the installation ISO. First challenge: WiFi did not “create the device” in the GUI, even though the device was recognized. To fix that, just push “+” in Network Connections, and the “Wi-Fi” section shows up. Then, in the upper-right, the wifi menu appears with “Select Network”.

Second challenge – Ubuntu Firefox fails to start – “serial 467 error_code 11 “BadAlloc”. (Hand installing chrome, that fails too with “gbm_wrapper.cc failed to export buffer to dma_buf“). As a temporary fix, start Firefox by hand with “firefox -safe-mode”. For the final fix, enter “Software & Updates”, go to tab “Additional Drivers”. Under NVIDIA Corporation GF100GL [Quadro 4000], the current selected driver is “Using X.Org X server – Nouveau display driver from xserver-xorg-video-nouveau”. Change that to the other option “Using NVIDIA driver metapackage from nvidia-driver-390 (proprietary, tested)”. Restart. Now firefox and google-chrome-stable both work. (Note: abandoned efforts to get NVIDIA “390” drivers – via “NVIDIA-Linux-x86_64-390.147.run” – to install. If you are reading this because you have a Quadro 4000 driver under linux, you may need this additional step.)

All product links are from the actual vendor.

SystemHP Z820 Workstation (Cached PDF)$1,289
CPU2x Intel Xeon E5-2680 v2 2.8Ghz, 10 cores eachincl.
RAM256GB (8x 16GB) DDR3 DRAMincl.
Power Supplysingleincl.
Video2x  Nvidia Quadro 4000 2GB, 1x DVI, 2x DPortincl.
SSD Drive512GB
HHD Drive2000GB Hitachiincl.
Wi-FiTP-Link AC1200 PCIe Dual Band$34
OSWindows 10 Proincl.
SSDSAMSUNG 870 EVO Series TB SATA 2.5″$138
ConverterSabrent 2.5″ HDD to Desktop 3.5″ Converter$13
OSUbuntu 22.04incl.

Posted in Computer Builds, Hardware | Comments Off on HP Workstation

Amazon S3 ETag Advanced Information

You are probably here because you looked at one of your S3 object’s ETag, and it had a dash character (“-“) in it. Most of your other ETag values are simple and correct md5sum hashes. But this one is weird.

Or, you’re here because one of your S3 object’s ETag ends with “-2”, and you’ve looked up multipart, and you’ve seen the multipart documentation around “multipart_threshold’ and ‘multipart_chunksize’, so you know that “-2” means the ETag was computed as two (2) chunks. But things are still not working out.

Or, you’re here because you know that “-2” means two (2) chunks, and you know the default chunk size is 8MB (8*1024*1024 bytes). Which is all super, except the object is 18MB in size – and 8+8 is only 16 – surely S3 is not throwing away chunks? What is going on here?

The TL;DR answer is – S3 uses both 8MB and 16MB as the “default” chunk size (and, I assume, 32MB, 64MB, etc. Once you break the rules, nothing stops you from doing it again.) As a concrete example – the object size was 17,325,568 bytes and the ETag was “c44bfa98b2c188777ed18cb9190e304b-2”. I used aws cli (aws-cli/2.0.50 Python/3.7.3 Linux) for this upload, so it should have used 8MB chunks, which means the ETag should end in “-3”, not “-2”. Running the code (below) shows that 16MB chunks creates a matching ETag using the local file.

I used “calculate_s3_etag” from this stackoverflow post by hypernot [which seems to be in github – but I used the stackoverflow code, not the github code]. I have confirmed the stackoverflow code works with my 30,000+ files – after trying 8MB, then trying 16MB – to compute the ETag from a local file.

Other references:

  • Seems to indicate only 8MB and 16MB are chunk sizes (8MB for aws cli aka boto3, and 16MB for s3cmd). Since I’ve only used ‘aws s3 sync …’ to upload files, and I’ve seen ETags “right next to each other” where one uses 8MB and the other uses 16MB, I know this is not a rule. Maybe it’s a “guideline”.
  • Another stackoverflow has the code in python, go, powershell, etc. This article also mentions – but I have not tried this yet:
aws configure set default.s3.multipart_threshold 64MB
  • Pypi has a page that talks about defaults of 5MB, 8MB, 15MB and 16MB
  • This teppen.io post has some information (but the description doesn’t agree with any S3 documentation)
  • This savjee.be post has the implementation in Bash.

Posted in Software Engineering, Storage | Comments Off on Amazon S3 ETag Advanced Information

Dell 3020 SFF

The goal of this machine was to buy a complete (monitor included) machine for less than $300, taxes and shipping included. It was refurbished, from Blair Technology, “on sale” from $480. It arrived in a big box that contained two other big boxes, and was very well packed. The NewEgg page claims its “Date First Available” is “August 25, 2021”. The CPU was “First Seen” in 2013.

Note that Windows 10 Pro OEM itself sells for approximately $145.

Some facts on the CPU: the Core i5-4570@3.2GHz is currently #1103 on PassMark [5,175] and is a LGA1150 at 84W. It is a 4 core 4 thread model with turbo speed of 3.6GHz.

All product links are from the actual vendor.

SystemDell OptiPlex 3020 SFF Computer$279
CPUIntel Core i5-4570 3.2Ghzincl.
RAM8GB (2x 4GB) DDR3 DRAMincl.
Power Supplyincl.
VideoIntel graphicsincl.
DVD/CDThin form factor DVD (broken)incl.
SSD Drivenone
HHD Drive500GB WDincl.
MonitorAcer 22″ LCD, DVI and VGAincl.
Wi-FiUSB wi-fi adapterincl.
Keyboard/MousePhillips wireless bluetooth keyboard and mouseincl.
OSWindows 10 Proincl.
Posted in Computer Builds, Hardware | Comments Off on Dell 3020 SFF


This is a prebuilt machine purchase. Asus Model G15CE-B9. (Price comparisons: newegg is selling it for $1,944 via Coldriver20; amazon is selling it for $1,815 via J-Tech Digital).

Some facts on the CPU: it is currently #202 on PassMark [21,574, single thread 3,376] cpubenchmark.net. For a “bundle” CPU, this is pretty good.

All product links are from the actual vendor. More vendor information to follow on RAM/MB/SSD/HDD/etc.

MachineASUS – ROG Gaming Desktop Model G15CE-B9, 2021 release$1,649
CPUIntel Core i7-11700F 11th Gen 2.5Ghz LGA1200 65W Eight-Core Desktop, 16 threads($310)
RAM16GB (2 x 8GB) DDR4 DRAM Desktop Memory
Motherboard ASUS LGA 1200 Intel
Power Supply Bronze certified
VideoASUS RTX 3070 ($500+)
CaseASUS Mid Tower Case (Black)
SD Drive512GB
HD Drive1000GB
OSWindows 11 Home($127)

Posted in Computer Builds | Comments Off on ASUS ROG

Video Card Relative Benchmarks

NameBench markCUDA coresTensor coresNotes
RTX 307021,9265888384$500 release price 2020/oct, sold out still in 2021/nov
RTX 208018,685
RTX 207016,2392560320$500 current 2021/may
GTX 108014,800
GTX 9709,639
RADEON 5706,967
GTX 1050Ti6,332$240 release price;
$300 in 2021/nov
GTX 750Ti3,921
GTS 250613
GeForce 8400GS115

Posted in Hardware | Comments Off on Video Card Relative Benchmarks

Core i5-10400

This is a rebuild of the Core 4770k machine. The machine started spontaneously shutting off, then entering a “power-on for 3 seconds and power-off” loop. After cooling down, it would stay running for ~20 minutes, then shutdown. BIOS says the CPU only hit 34C. 1st troubleshoot: replace the PSU. 2nd troubleshoot: dust blow out. 3rd troubleshoot: replace thermal paste on CPU. 4th troubleshoot: manually set the CPU fan to +250% speed.

Some facts on the CPU: it is currently #437 on PassMark [12,375] cpubenchmark.net. Once again, CPUs in the top-50 are just no longer in reach. (The first sub-$500 CPU is #59 [32,898] AMD Ryzen 9 3900XT. The first sub-$500 Intel is #126 [25,150] Intel Core i7-11700K at $390). Plus, this was a “budget choice” for a “general purpose computer”. It currently serves mostly as an email station.

The CPU, motherboard and RAM were changed out. The other pieces stayed the same as the Core 4770K. Using budget-priced pieces, the rebuild still cost $360.

On the topic of upgrades – somewhere in the last 8 years, the OS was upgraded to Windows 10.

All product links are from the actual vendor.

Item Product Cost
CPU Intel Core i5-10400 10th Gen 2.9Ghz (4.3GHz Turbo) Socket LGA1200 65W Six-Core Desktop $165
RAM Corsair Vengeance LPX 16GB (2 x 8GB) DDR4 DRAM 3200 Desktop Memory CMK16GX4M2B3200C16 $76
Motherboard ASUS Prime B560-PLUS LGA 1200 Intel 11th/10th Gen USB 3.2 $120
Power Supply Corsair Enthusiast TX650 Bronze certified $65
Video Gigabyte Radeon HD 7950 3GB 384-bit GDDR5 PCI Express 3.0 DVI/HDMI/DisplayPort Graphics Card, GV-R795WF3-3GD $225
Case Corsair Carbide 300R Mid Tower Case (Black) CC-9011014-WW $55
SD Drive Samsung 840 Pro 256GB SATA 6GB/s MZ-7PD256BW $224
HD Drive Western Digital 1TB Caviar Black WD1002FAEX $85
BD/DVD/CD Samsung Optical Drive SH-224DB/BEBE $21
OS Windows 10 Professional 64bit $127
Total $1405
WiFi TP-LINK TL-WDN4800 N900 Wireless Dual Band PCI Express Adapter $32
Posted in Computer Builds, Core-i5, Uncategorized | Comments Off on Core i5-10400

Kubernetes and Buildah and microk8s

Kubernetes is awesome. But it is very annoying to be halfway through a guide just to have that guide “drop into” docker. Kubernetes _can_ use docker, but it doesn’t _need_ docker. In particular, this is true of microk8s. If you have your kubernetes cluster because of microk8s, you won’t have docker installed.

As an alternative to “docker build”, you can use buildah – “a tool that builds Open Container Initiative (OCI) container images”. All that needs done is (1) translate those “docker xxx” commands to buildah, and (2) navigate the registries so that your buildah-built image ends up somewhere that your kubectl can use it.

Dockerfile – original
FROM openjdk:11-jre-slim
COPY target/java-hello-world-0.0.1.jar java-hello-world.jar
ENTRYPOINT ["java", "-jar", "/app/java-hello-world.jar"]

(Gads – a little side note here: WordPress by default allows .doc file types, but denies .txt file types “for security reasons”. It brings into doubt WordPress’s concept of ‘security’. )

Note: there are two machines here: “bld$” is the prompt of the buildah machine. “k8s$” is the prompt of the microk8s kubernetes machine.

0. Diversion – create the target/java-hello-world-0.0.1.jar file by installing java, cloning source from github. You can skip this step if you already have a java .jar file.

Diversion: install java, create java-hello-world-0.0.1.jar
bld$ sudo apt install openjdk-11-jdk-headless
bld$ git clone https://github.com/bmuschko/ckad-study-guide.git
bld$ cd ckad-study-guide/ch02/containerized-java-app
bld$ ./mvnw  package spring-boot:repackage
bld$ ls -hl target/java-hello-world-0.0.1.jar
-rw-rw-r-- 17M Jun  8 23:53 target/java-hello-world-0.0.1.jar

1. Install buildah, fix the Dockerfile, and create the container image.

Command: install buildah and java
bld$ sudo apt-get -y install buildah
Dockerfile – fixed for buildah
FROM docker.io/openjdk:11-jre-slim
COPY target/java-hello-world-0.0.1.jar java-hello-world.jar
ENTRYPOINT ["java", "-jar", "/app/java-hello-world.jar"]
Command: build with buildah
bld$ buildah bud -t java-hello-world:1.0.0 . 

-- NOTE: "buildah images" is the correct command to list images
bld$ buildah images
REPOSITORY                    TAG           IMAGE ID       CREATED          SIZE
localhost/java-hello-world    1.0.0         a24b49859451   7 weeks ago      241 MB

-- Note: "buildah list" == "buildah containers" == not the correct command
--       at this step in the process.  kept here only for historical purposes.
bld$ buildah list
39d1427e4dad     *     a24b49859451 localhost/java-hello-world:1.0.0 java-hello-world-working-container

At this time, you have a OCI container image.

  • (Diversion – create a registry using “buildah run”. Push the container image.)
Diversion: running a registry with buildah run
# NOTE: these steps are not required.  The goal is to get it to your microk8s registry, not to create another registry as done here:
bld$ registry=$(buildah from registry)
bld$ buildah run $registry
bld$ buildah push --tls-verify=false java-hello-world:1.0.0 docker://localhost:5000/java-hello-world/java-hello-world:1.0.0

2. Start microk8s registry, collect IP information

Command: Start the microk8s registry
k8s$ microk8s enable registry
The registry will be created with the default size of 20Gi.
You can use the "size" argument while enabling the registry, eg microk8s.enable registry:size=30Gi
Addon storage is already enabled.
Applying registry manifest
namespace/container-registry created
persistentvolumeclaim/registry-claim created
deployment.apps/registry created
service/registry created
configmap/local-registry-hosting configured
The registry is enabled

$ kubectl get po -A | grep registry
container-registry   registry-9b57d9df8-hp79v                     1/1     Running   0          3d19h
k8s$ kubectl get po --namespace=container-registry registry-9b57d9df8-hp79v                  -o wide
NAME                       READY   STATUS    RESTARTS   AGE     IP             NODE                NOMINATED NODE   READINESS GATES
registry-9b57d9df8-hp79v   1/1     Running   0          3d19h   ub2004microk8stwo              
k8s$ echo is not "externally available"
k8s$ kubectl get no -o wide | grep ub2004microk8stwo
ub2004microk8stwo     Ready       211d   v1.19.10-34+8f8eec7c3f1428             Ubuntu 20.04 LTS   5.4.0-72-generic   containerd://1.3.7
Command: Push from buildah machine to microk8s registry
bld$ buildah push --tls-verify=false java-hello-world:1.0.0 ${REGISTRY}/java-hello-world:1.0.0
Command: Confirm the image is in the registry
k8s$ curl http://$REGISTRY/v2/_catalog
k8s$ curl http://$REGISTRY/v2/java-hello-world/tags/list

deployment.yaml – using minik8s registry as image source
apiVersion: apps/v1
kind: Deployment
  name: exported-java-deployment
    app: exportedjava
      app: exportedjava
        app: exportedjava
      - name: java-hello-world
        image: localhost:32000/java-hello-world:1.0.0      
        imagePullPolicy: Never
        - containerPort: 8080
Command: Apply the deployment
k8s$ kubectl apply -f deployment.yaml 
Command: Test deployment
k8s$ kubectl get po -o wide
NAME                                        READY   STATUS    RESTARTS   AGE    IP             NODE                NOMINATED NODE   READINESS GATES
exported-java-deployment-54cbc44997-ttgxc   1/1     Running   0          103s   ub2004microk8stwo              
k8s$ curl
Hello World!

(Miscellaneous commands – query running containers for image names and sizes)

Command: Show running images – names and sizes
k8s$ kubectl get nodes -o json | jq '.items[].status.images[] | .names[1], .sizeBytes'
Command: Alternative way to copy/import image

-- FAILS, wrong way to "push"/export the image
bld$ buildah push 1bb7f7cb0d2c dir:/tmp/1bb7f7cb0d2c
Getting image source signatures
Copying blob 40093787e10f done  
Copying blob e1929b65aa97 done  
Copying blob 1b739069a094 done  
Copying blob 2655e3fdba88 done  
Copying blob d32026d4252e done  
Copying blob c76dc6af9411 done  
Copying blob 89efdf5cc8ae done  
Copying blob d9b44548153b done  
Copying blob 8f2b297d408f done  
Copying blob 89f7fb50be94 done  
Copying config 1bb7f7cb0d done  
Writing manifest to image destination
Storing signatures
$bld tar cvf 1bb7f7cb0d2c.tar ./1bb7f7cb0d2c/
$bld scp 1bb7f7cb0d2c.tar k8s:~

k8s$ mkcrok8s ctr image import 1bb7f7cb0d2c.tar
ctr: unrecognized image format
--   Fail.

-- Correct way to 'buildah push", but incorrect way to create .tar file, FAILS:
bld$ buildah push 1bb7f7cb0d2c oci:/tmp/oci-path:localhost/mysimpleapi:1.0.0
bld$ cd /tmp
bld$ tar cvf oci-path.tar  ./oci-path
k8s$ microk8s ctr image import oci-path.tar
ctr: unrecognized image format

-- Correct way to create the .tar file:  WORKS:
bld$ cd /tmp
bld$ cd oci-path
bld$ tar cvf ../mysimpleapi.tar .
bld$ scp
k8s$ microk8s ctr image import mysimpleapi.tar
unpacking localhost/mysimpleapi:1.0.0 (sha256:xxxxxx)...done
k8s$ microk8s ctr image list -q | grep mysimpleapi

Posted in Software Engineering | Comments Off on Kubernetes and Buildah and microk8s

Naming and Security

Came across an interesting configuration file pattern today:

      insecure: true
      insecure: true
      insecure: true
      insecure: true
      verify_ssl: false

The interesting thing is that 4 “subprojects” choose the key “insecure”, yet the barbican subproject choose the correct key “verify_ssl”. The flag in question here does exactly what the barbican configuration says: it still uses SSL (hence, it is still secure), but the verify (host) check has been disabled. The others incorrectly imply that all security is lost, which is not the case. They still use encrypted communications. The key “insecure” is would only be correct if that configuration item would switch between “http:” and “https:” connections. None of the configuration items here do that – when set to “false”, the only difference is that the server’s certificate will not be validated.

The fun thing to consider here is the various cultures that exist in projects, teams and countries. If OpenStack operated as a “Cancel Culture”, the “verify_ssl” would be cancelled for showing the courage to be (a) different and (b) correct. Because ‘Cancel Culture’ emphasizes agreement over accuracy, consensus over truth, perception over reality.

Posted in Software Engineering | Comments Off on Naming and Security

WordPress Comment Spam

A quick note on WordPress spam in comments – Starting 2020 November 26th and continuing until 2020 December 17th, a spammer created a bunch of comments on the one page that had accidentally allowed comments – “About”

In total, there were 33,389 spam comments created. This was caused by (1) migrating this blog from the previous (amateurish) hosting company, and (2) WordPress creating one post by default with “Comments” still active. It was easy enough to stop new comments (edit Post, Discussion, uncheck “Allow Comments”). To remove 33,389 comments, I used the plugin “Delete All Comments of wordpress” by Navneet Soni.

All of the comments had IP addresses from a very small block (5.188.211.x):, count=2997, count=3346, count=3004, count=2975, count=2985, count=3326, count=3007, count=3070, count=2990, count=3074, count=2615

Whois result:

% Information related to ' -'

% Abuse contact for ' -' is 'abuse@pindc.ru'

inetnum: -
netname:        inf-net
country:        RU
admin-c:        MK19775-RIPE
tech-c:         MK19775-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-PINSUPPORT
created:        2017-04-13T10:32:21Z
last-modified:  2017-04-13T10:32:21Z
source:         RIPE

person:         Makary Kwiatkowski
address:        ul. Zachodnia 20
address:        Bialystok 15-345
phone:          +48695689091
nic-hdl:        MK19775-RIPE
mnt-by:         MNT-PINSUPPORT
created:        2016-10-26T21:03:01Z
last-modified:  2016-10-26T21:14:53Z
source:         RIPE # Filtered

% Information related to ''
descr:          PIN DC
origin:         AS34665
mnt-by:         MNT-PIN
mnt-by:         MNT-PINSUPPORT
created:        2019-11-11T07:41:06Z
last-modified:  2019-11-11T07:41:06Z
source:         RIPE

Posted in Uncategorized | Comments Off on WordPress Comment Spam

RetroPie Raspberry Pi 4

Item Product Cost
Pi 4 CanaKit Raspberry Pi 4 Basic Kit 1.5GHz 64-bit quad core ARMv8, USB-C 3.5A Power, USB-C Power switch $55
MicroSD SanDisk 64GB Ultra microSDXC USH-I $12
Case RETROFLAG NESPi 4 Case with SSD Case, USB-C Power Supply, HDMI Adapter cooling Fan and heatsinks $40
HDMI Adapter Micro HDMI to HDMI Adapter 6.5ft $8
Controller Rii Game Controller, SNES Retro USB (x2) $9
Controller 8Bitdo SN30 Pro USB Gamepad, Wired $25
Tweezers Refine Tweezers Slant Tip, 3 count $5
SSD 500GB Samsung 860 EVO NZ076E500B/AM $70
OS RetroPie 4.6 for Raspberry Pi 4 and Retroflag-picase Safe Shutdown
OS NOOBS v3.5.0, 2329 MB
Total $224


  • Needed tweezers because the case only exposes 1/16″ inch of the microSD card
  • On this case, use the microHDMI furthest from the power. If you use the other port, you may not get video, and you definitely will not get audio-over-HDMI.
  • Started with the SNES controllers. These are authentic-looking, but they lack a bunch of buttons, including the all-important “Hotkey”, so upgraded to the 8Bitdo
  • The case has a “Safe Shutdown” switch. Use the fork (crcerror), not the original, github project code. After turning it off, changing the switch to “On”, booting, then installing the software and rebooting, the power/reset buttons change. The “Reset” button on the case now acts to (1) quit the game, (2) quit the emulator, and (3) restart Emulationstation itself. And now, the “Power” button will call “shutdown” instead of just turning off the power. The “power led” behavior changes a bit too – there is a delay on both power on and power off.
  • The case came with a small microHDMI adapter, but it was awkward, so purchased the microHDMI cable.
  • Ended up with two USB-C power supplies, because the PI case came with one too. CanaKit provied a 3.5W, the case provided a 3.0W
  • For the better controller, the triggers won’t register out-of-the-box. You have to compile the xboxdrv package (from RetroPie-Config, Manage Packages >> Manage Driver Packages >> xboxdrv). On a Raspberry Pi 4, this takes “a long time” (7 minutes). Remember to enable the driver as well.
Posted in Computer Builds | Comments Off on RetroPie Raspberry Pi 4