Category Archives: Uncategorized

How to compile your own kernel for Debian/Ubuntu – without paying $20 and violating GPL

Update: there’s a tutorial I found on this same topic that covers a lot of the same ground, you should check it out too!

Turns out there’s a company that provides expensiveish linux-next-built .debs for Ubuntu/Debian with some .config improvements – proprietary, of course. You need to pay $20 per machine or something, I haven’t even checked the website, really, who cares. It’s not clear if they’re violating GPLv2 by not providing the source because nobody seems to have asked for it yet, but something tells me they won’t just give you the sourcecode if you buy it. They are definitely violating GPLv2 by having you accept an EULA before you can use the kernel, and their way of bundling OpenZFS is specifically the way that big players avoid because it’d violate GPLv2… I feel pretty safe saying that’s a triple violation of GPLv2, and I’m not even a doctor… or whoever you need to be to diagnose GPL violations.

If you’d like to bother with asking them for source code – there’s “free trial” kernels that shut down your PC after 3 hours of runtime, you can download that kernel, then email them and request sourcecode for that kernel, they’re required by GPLv3 to provide it to you after you download the trial kernel and then message them requesting the sourcecode. I won’t bother, but you – knock yourself out! If you succeed (lol, good luck), please do post it online, you’re allowed to – I wouldn’t mind looking at their EULA check code, for one.

I’ve found an interesting comment, from a user who seems to have just created their account and only used it for this one comment under this specific post. Here it goes:

Is someone forcing you? Do you have the ability to build such a kernel and with such capabilities? Not? Then don’t bother people. A bunch of talkers can not to compiled kernel.

Thanks to assholes like you, they made their project non-public. Now are you going to compiled the kernels for us?

Not implying they’re a throwaway created by someone involved in the project who’s mad at this post or whatever. Let’s address the substance – can I compile a kernel that requires an EULA, does a hardware-fingerprinted license check and shuts down the machine after 3 hours of use? And then violate GPLv2 thrice while distributing it? Probably not – point taken.

Am I going to compile kernels for everyone? No, I certainly don’t have neither the processing power nor time, so they got me there, too.

What I can certainly do is show you how you can compile your own, latest, kernel with minimal effort – nicely .deb-packaged, no less! Only takes 7 commands and about 10 minutes of preparation + however long it’d take your machine to build a kernel (total of 40 minutes for my Ryzen 3500U laptop), and then you can just “dpkg -i” three packages and reboot.


Make a separate directory inside which you’d do all the work. It’s $HOME/kernel for me, you can just cd $HOME && mkdir kernel && cd kernel. This is needed to avoid cluttering your $HOME with .debs – you will see, just trust me, ok?


Go to , right click on the latest “stable” kernel’s “Tarball” link and use “Copy link”. I know, this is not a command, but bear with me.

1. Wget it:


2. Untar it:

tar xf linux-5.12.8.tar.xz

3. Cd into it:

cd linux-5.12.8/

4. Copy your current config over:

cp /boot/config-$(uname -r) .config

5. Update the config:

make oldconfig

This will present you with a slew of configuration options that got added in the time period between releases of your current kernel and the one you’re going to install. My own strategy is – answer “m” where that’s an option, answer “y” otherwise unless it’s a CONFIG_DEBUG option of some kind. Use ? and your search engine of choice liberally if you’d like to know what the options you’re adding actually stand for.

BTW, if you need to add some kernel patches – that’s an option and this is the step where you can do it.

6. Build it as .deb

nice -n10 make -j8 bindeb-pkg

Vary the nice -n (process scheduling priority) and the make -j (thread count) parameters up/down if you’d like (lower niceness for higher priority, range is from 20 to -20), these two are just what I use on my 4c8t Ryzen 3500U so that my music playing in a YouTube tab doesn’t stutter.

7. Install the .deb files

Now that you’ve finished compiling, you have three .debs to install. Provided you’re installing a 5.12.8 kernel like this example mentions, do this to install them all in one go:

sudo dpkg -i *5.12.8*.deb

Now reboot and you will have a new kernel that you will booted with when using your default grub entry, you can use ‘uname -a’ in console to check it’s really the new kernel after you’ve booted with it – and you can use the grub menu to boot with an earlier version in case booting the new kernel fails – it never does for me, but it’s an option if you need it..

Convert .CAP file into a BIOS (UEFI) image you can use with an SPI programmer

So, you got a .CAP file and you want to flash over SPI. CAP file format is a universal format for sharing UEFI BIOS images that people can program through a BIOS menu, DOS prompt, or using a manufacturer-approved flash tool – some manufacturers are using this format already, let’s hope it catches on since finally having some standards is good. What if your motherboard’s BIOS is already dead or doesn’t support the CPU you’re trying to boot with, though? You need to boot the computer to flash a new .CAP, however, you can’t boot your computer until you flash that .CAP. You can use an SPI programmer to flash it, all using free and open-source software (flashrom) – on the hardware side, a Raspberry Pi will work, so will a CH341-based programmer from eBay. I use my Pi Zero-powered ZeroPhone for this since it already has all the tools and breaks out all the SPI pins needed.

But first, you need to extract the firmware file from the .CAP file. You can do that through Linux command-line:

dd bs=1024 skip=2 if=YOURFILE.CAP of=image.bin

Some insight:

root@zerophone-prototype:/home/pi/z370# ls
190701-first.bin TUF-Z370-PRO-GAMING-ASUS-2102.CAP
# "first" is a working BIOS image dumped from the SPI flash
# let's run dd on the .CAP file
root@zerophone-prototype:/home/pi/z370# dd bs=1024 skip=2 if=TUF-Z370-PRO-GAMING-ASUS-2102.CAP of=trimmed.bin
16384+0 records in
16384+0 records out
16777216 bytes (17 MB, 16 MiB) copied, 0.922419 s, 18.2 MB/s
# trimmed file size in bytes
root@zerophone-prototype:/home/pi/z370# du -B1 trimmed.bin
16777216        trimmed.bin
# original file size in bytes
root@zerophone-prototype:/home/pi/z370# du -B1 190701-first.bin
16781312        190701-first.bin
# the CAP file size
root@zerophone-prototype:/home/pi/z370# du -B1 TUF-Z370-PRO-GAMING-ASUS-2102.CAP
16785408        TUF-Z370-PRO-GAMING-ASUS-2102.CAP
# Interesting, the trimmed image is said to be 8192 bytes smaller than .CAP.
# Also, it's said to be 4096 bytes smaller than the original image
# Can we trust the du output here?
# Let's strip 3 blocks instead of 2 and check.
root@zerophone-prototype:/home/pi/z370# dd bs=1024 skip=3 if=TUF-Z370-PRO-GAMING-ASUS-2102.CAP
16383+0 records in
16383+0 records out
16776192 bytes (17 MB, 16 MiB) copied, 0.818545 s, 20.5 MB/s
root@zerophone-prototype:/home/pi/z370# du -B1 3.bin
16777216        3.bin
# I guess the answer is no.
# Let's check the signature, at least?
root@zerophone-prototype:/home/pi/z370# xxd 190701-first.bin | head
00000000: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000010: 5aa5 f00f 0300 0400 0802 105a 3003 3100  Z..........Z0.1.
00000020: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000030: f500 5c12 2142 60ad b7b9 c4c7 ffff ffff  ..\.!B`.........
00000040: 0000 0000 8002 ff0f 0300 7f02 0100 0200  ................
00000050: ff7f 0000 ff7f 0000 ff7f 0000 ff7f 0000  ................
00000060: ff7f 0000 ff7f 0000 ffff ffff ffff ffff  ................
00000070: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000080: 000f a000 000d 4000 0009 8000 0000 0000  ......@.........
00000090: 0001 0110 0000 0000 ffff ffff ffff ffff  ................
# This has the proper binary image signature. What about the trimmed file?
root@zerophone-prototype:/home/pi/z370# xxd trimmed.bin |head
00000000: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000010: 5aa5 f00f 0300 0400 0802 105a 3003 3100  Z..........Z0.1.
00000020: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000030: f500 5c12 2142 60ad b7b9 c4c7 ffff ffff  ..\.!B`.........
00000040: 0000 0000 8002 ff0f 0300 7f02 0100 0200  ................
00000050: ff7f 0000 ff7f 0000 ff7f 0000 ff7f 0000  ................
00000060: ff7f 0000 ff7f 0000 ffff ffff ffff ffff  ................
00000070: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000080: 000f a000 000d 4000 0009 8000 0000 0000  ......@.........
00000090: 0001 0110 0000 0000 ffff ffff ffff ffff  ................
# Looks like we have what we need!

du issues notwithstanding, this file, once flashed into the chip using an SPI programmer, actually booted the motherboard. For a good measure, I then used the BIOS built-in flasher tool to flash the .CAP over this file, just in case there are actually some differences.

Warning: if the motherboard works (i.e. you just can’t boot it using the current CPU and you don’t have another CPU), please dump the original flash image before proceeding. Another warning: you might lose your MAC address, but there are tutorials available showing you how to add it, and there are also tutorials showing how to extract it from the original image if you need that.

Interested to know more about .CAP format? This article helped me a lot, it’s in Russian, so if you don’t know it, use your online/browser-builtin translation service of choice.

SSD1332 65K 96×64 Color OLED sample code + pinout + simplest Eagle breakout

So, I’ve searched for this display’s files for two weeks. Those are cheap (3$ on eBay), but unlike all those SSD1332 displays with green ribbon of uniform width (and available drivers and breakouts). I’m not even sure if this display is SSD1332 based, and I’m not sure I care after many frustrating unsuccessful attempts to get it working. It’s cheap, however, but you do get a bare panel with a controller.

Apparently, these displays are produced by RiTDisplay. They weren’t that helpful with datasheets though and it’s not even listed on their page. Also, apparently, it’s discontinued now. The display has 27 pins, with SPI and 8-bit interface both available. I found it listed as RGS10096064FR004 on one site but the datasheet seemed to be behind the paywall.

Recently, I found the datasheet (more or less accessible), pinout information (found it before somewhere too, but it was hard) AND SAMPLE CODE! I haven’t yet checked it, but since it was hard to find, I’m sharing it with others.

Dropbox link

RGHost link

Yandex Disk link

Also, I’m sharing the simple board I’ve made in Eagle. It’s in no way complete –  no annotations, some jumpers might be missing for your purpose and you’ll have to check the pinout for your driving mode, but the FPC pitch is right and all the pins you’d need are broken out on headers. I also plan to transfer it to KiCad quite soon, so expect it to be available as well.




Yandex Disk

The sudo fraud

Ilya's blog

Dear systems engineers,

It really amazes me how people are fine with typing sudo all the time. A kitten is denied a new toy for another day when you do this!


Typing sudo locally all the time

Is it really simpler for you to type sudo all the time rather than having one terminal tab open with a root shell? Besides, some systems even ask for a password when you run a sudo command. Be honest with yourself, are you a masochist?

Using sudo on servers


Intro: each Amazon image comes with standard username for logging in. Never seen anyone changing that username.

Supposedly, the attacker would need to know the username in addition to your stolen private key. Right… and it’s not one of these: ubuntu, admin, ec2-user, centos … and looking at your ssh banner won’t give any clue as to which username is used:


View original post 220 more words

CTRL-EVENT-REGDOM-CHANGE on latest Raspbian Jessie Lite

I’d get following errors when I ran wpa_supplicant to connect to my home network from Raspbian Jessie Lite (using CLI, of course)

wlan0: SME: Trying to authenticate with 0c:xx:xx:xx:xx:xx (SSID=’MYSSID’ freq=2412 MHz)
wlan0: Trying to associate with 0c:xx:xx:xx:xx:xx (SSID=’MYSSID’ freq =2412 MHz)
wlan0: Associated with 0c:xx:xx:xx:xx:xx
wlan0: CTRL-EVENT-DISCONNECTED bssid=0c:xx:xx:xx:xx:xx reason=3 locally_generate d=1

It turns out that wpa_supplicant runs as a service and is to be controlled through wpa_cli. You can go that way, or you can simply killall wpa_supplicant if you’re in a hurry and run  the usual command line, and the errors will go away.

The software awards scam

Well, that’s another example of how it goes.

Successful Software

software awardI put out a new product a couple of weeks ago. This new product has so far won 16 different awards and recommendations from software download sites. Some of them even emailed me messages of encouragement such as “Great job, we’re really impressed!”. I should be delighted at this recognition of the quality of my software, except that the ‘software’ doesn’t even run. This is hardly surprising when you consider that it is just a text file with the words “this program does nothing at all” repeated a few times and then renamed as an .exe. The PAD file that described the software contains the description “This program does nothing at all”. The screenshot I submitted (below) was similarly blunt and to the point:


Even the name of the software, “awardmestars”, was a bit of a giveaway. And yet it still won 16 ‘awards’. Here they are:


Some of them…

View original post 1,089 more words