# Resolve Ubiquiti Router Web Console HTTPS Certificate Issue

Having been bothered by Ubiquiti’s HTTPS certificate issue for years, today I finally find some time to resolve this. There are multiple ways to resolve this, but I’m not able to find a perfect solution on the internet, so I write down my solution here.

I’m not going to use a public domain name, neither will I issue a certificate through a public issuer, for example, letencrypt, which I’ve been vasively used for my public websites. The reason is for me, I don’t want my router to be exposed to the public internet, and the less exposion, the better. Setting up a letsencrypt certificate, most probably I need verify I own this domain name and the server, which means I will reveal my public IP address for my router, and that is not my intension.

With that, I’m going to generate a self signed certificate with a generated CA on a domain name I generated dedicated for my router (router.local). Then I will import my CA to my devices that need to access the router. Finally I’ll redirect my router’s local IP address to a local domain name (router.local).

# Mod Supermicro Motherboard BIOS to Support NVME

Sometimes when we think something is too hard to begin, the only reason is that we don’t understand it. With a little determination, we can archive something that we could never believe we were able to.

I kept telling myself not to modify/re-program BIOS/UEFI for a long time. Why? I thought the stability of a motherboard is super important. If I did, could it break it? Besides, if the power gets shut down while flashing a new version of BIOS, I could permanently lose a motherboard. Do I have to buy a UPS before that? I’m not that rich to buy UPS without considering the cost. If you would like to sponsor one, please let me know.

These days, I’m playing some Supermicro motherboards. One of the most important reasons I like Supermicro is IPMI/BMC. With IPMI, I don’t need to physically connect my monitor to the machine anymore. I can do anything, install a new operating system for the computer, change BIOS settings, or even upgrade the BIOS version remotely.

IPMI gives me confidence that I can play with BIOS now. Even if I flash with a corrupt BIOS file, then I can flash it back. So there is nothing to worry about.

# MikroTik vs Ubiquiti

Talking about router and switch, we have 2 markets, the enterprise one, and the consumer one. In the enterprise market, Cisco is a dominant player. Cisco devices are costly, but companies would like to pay for them, mostly for the service. Whenever an issue happens, a phone call gets human tech support at 24x7. On the other side, in the consumer market, users have no intention to pay for such service, but would instead buy hardware and resolve issues by themselves.

Now today, I want to talk about equipment across the 2 markets, MikroTik and Ubiquiti. They have enterprise quality without real-time tech support, which is perfect for technical people who have a pursuit of quality and speed.

So what would you consider for choosing a router or switch? I don’t know you, but I would consider (from most important to least important): Security > Reliability > Noise Level > Performance (Throughput) > Hardware Interface > Scalability > User Experience > Power Source > Power Cost > Technical Support > Rack Mount

# Caveat: Use Ubiquiti ER-X in China

After reading some articles about Ubiquiti EdegeRouter X, I realize this is a device I have no resistance not to buy it. Gigabyte Ethernet, multi-WAN, configurable by CLI (thus a lot of fun), reasonable price, and most importantly, high reliability. I enjoy exploring configurations, and in the meantime, it’s a double-edge knife, if not configured well, it could have a very negative effect on your network performance. In this article, I will describe 2 configurations that could severely affect the performance when using it in China.

# From GPU Computing to Cryptocurrency Miner

OpenCL (Open Computing Language) is a new framework for writing programs that execute in parallel on different computing devices (such as CPUs and GPUs) from different vendors (AMD, Intel, ATI, Nvidia etc.). The framework defines a language to write “kernels” in. These kernels are the functions which are to run on the different computing devices. In this post, I explain how to get started with OpenCL and how to make a small OpenCL program that will compute the sum of two lists in parallel. After that, I will show you how to write a GPU Cryptocurrency miner with the help of OpenCL based on the knowledge we just learned.

# Southeast Asia's Diversity in Language.

English, Bahsa Indonesia, Bahasa Malaysia, Burmese (Zawgyi), Thai, Vietnamese, Chinese, Khmer.

Even if we count Simplified Chinese and Traditional Chinese as one language, we still have eight languages that are widely used in Southeast Asia.

# What We Use Make Who We Are

For a start up, for a tech team, or for a community, what we use make who we are. They are the source of culture and they show what we believe.

Which operating system, Windows, Linux or OS X, do you use as the default developing environment? Which operating system do you use as the production environment, Debian based, Red hat based, or Gentoo? Which cloud server do you use, AWS or other? Which language do you use as the main backend language, Python, Ruby, Node.js, or Java, PHP, C++? Which infrastructure do you use?

# Integrate Everything Into Slack

Slack is gradually becoming the standard for modern office communication. While you may argue that technically Slack is no different than, say, IRC – the polished experience is what makes it stand out in the crowd of messaging services. Using less gentler words, Slack is killing email for office communications. And has built in support for code snippets with syntax highlighting. Boom.

Actually, Slack is more than just a communication tool. What makes it extraordinary is it provides the possibility to integrate everything and make your workflow complete. In this post we’re highlighting some of the most useful new workflows that Slack is enabling. All these are currently heavily in use in our team, and we find they are exceptionally helpful.

# Solve AutoCAD Chinese Question Mark Issue

This article describes a complicated issue when using AutoCAD, Chinese text shows as a question mark, and two common causes and a perfect solution.

# How to Be a Good Tech Lead for a Start Up

To be a good tech lead in a start up is totally different from being CTO at a mature big company. There are numerous theories and technologies about managment in big companies. Unfortunately, there are not so much knowledges about how to lead a technical start up. Today, I’m gonna to give my advices. Hope they will inspire you.

I’m gonna talk this in 9 respects. They are not all ordered by importances, even though some are.

# Cast Android and iPhone Screen Onto Macbook

This guides is for casting Android and iPhone Screen onto a Macbook or other computers through a USB cable. If you’re searching a wireless solution, this is not. Actually after searching a lot, I find no good solution for wireless cast, so I admit this is a compromise solution. After all, fluency and resolution are more important.

# Proxy All TCP Traffic on a Remote Server

Even though SOCKS is a higher level protocol and more appropriate for doing proxy thing, there are no easy solution for building a global proxy for a Linux server except doing that on a router. For a remote server, normally a cloud server, it’s not always convenient to access the router. So after several tries, I decide drop the SOCKS solution, and simply use Linux’s iptables.

The easiest way I find from my recent research is with shadowsocks-libev. Shadowsocks-libev is a lightweight secured SOCKS5 proxy for embedded devices and low-end boxes. Shadowsocks-libev is written in pure C and only depends on libev and OpenSSL or PolarSSL. The use of mbedTLS is added but still for testing, and it is not officially supported yet.

# 9 Most Useful Jenkins Plugins

To your disappointment, I’m not gonna to show up some theme plugins even though I do think there are much space for Jenkins to improve in this scope. I’m gonna to show you something that really really useful, much more useful than that kind of simple theme plugins.

#### Throttle Concurrent Builds Plugin

This plugin allows for throttling the number of concurrent builds of a project running per node or globally.

Bitbucket Server, Jira, Confluence, Crowd etc, so many excellent software come from a same company — Atlassian. Some of them are technically designed well (even though not best), so they are good study cases. These days I’m interested in the license generating algorithm, so I dig into them for studying. Its license algorithm is DSA. Theoritically, it’s impossible to know the private key, so the private key can be think as unknown and safe. Without private key, it’s impossible to generate the corresponding signature for raw text. In this way, it makes sure that every issued license is from the owner.

To better understand the relationship between orignal text and the license text, I write a Python code to uncover the original text from a license text.

# Modify Java .class in a .jar

Sometimes I need to know what’s inside to figure out a best solution, like modifying a Java .class file in a .jar file. After searching google and stack overflow for a while, I found this question is little cared, and almost all information is not complete. So I wrap them up and make the whole process runnable.

# Transform All Files to UTF-8

I wrote a blog several years ago about transform all files in a folder recursively from one encoding to another. Today I decide to solve this issue more completely.

I wrap all this to a Python egg package, upload it to PyPi, and everyone who want to use this don’t need to copy & paste code any more. Just install it and use it.

pip install toutf8


This ships with a shell command, so after installing, just type

toutf8 FILENAME


to transform a single file to UTF-8 encoding, or

toutf8 PATHNAME


# POJ 1020 Anniversary Cake

This is a simple search problem. With some pruning job it’s sufficient to pass test cases.

The biggest possible area of cake is $$16 \times 10 \times 10$$, so the biggest possbile side of cake is $$40$$.

Image a cake as a matrix with rows and colums. Each element of this matrix is a 1x1 cell. The problem can be translated to if there exists a method to fill this matrix with squares.

Now fill the matrix in this order: find the lowest leftmost empty cell $$C_{i,j}$$. Find successive cells $$C_{i,j}, C_{i, j+1}, \dots, C_{i, j+w}$$ with the same height as $$C_{i,j}$$.

Choose a square and put it into an area with left upper cell as $$C_{i, j}$$. If this can not construct a solution, backtrack to use another squre, otherwise continue to the end and get a solution.

# Calculate Distance Between Latitude/Longitude Points

This page presents a variety of calculations for latitude/longitude points, with the formula and code fragments for implementing them.

All these formula are for calculations on the basis of a spherical earth (ignoring ellipsoidal effects) – which is accurate enough for most purposes [In fact, the earth is very slightly ellipsoidal; using a spherical model gives errors typically up to 0.3%].

### Distance

This uses the haversine formula to calculate the great-circle distance between two points – that is, the shortest distance over the earth’s surface – giving an “as-the-crow-flies” distance between the points (ignoring any hills they fly over, of course!).

Haversine formula: $$haversin{\left(\dfrac{d}{r}\right)} = haversin{\left(\phi_2-\phi_1\right)} + \cos{\phi_1}\cos{\phi_2}\,haversin{\left(\lambda_2-\lambda_1\right)}$$

where

$haversin(\theta) = \sin^2\left(\dfrac{\theta}{2}\right) = \dfrac{1-\cos(\theta)}{2}$

$$d$$ is the distance between the two points (along a great circle of the sphere)

$$r$$ is the radius of the sphere

$$\phi_1$$, $$\phi_2$$: latitude of point 1 and latitude of point 2

$$\lambda_1$$, $$\lambda_2$$: longitude of point 1 and longitude of point 2

# Downgrade MongoDB From 3.0 to 2.6

Due to a Meteor bug (actually it’s a bug from MongoDB nodejs driver, but the bug has already been fixed by the nodejs driver, while the issue is Meteor is referencing an old version of this driver), I have to downgrade MongoDB from 3.0.5 to 2.6.10. Normally this is a trival work, but it cost me a whole afternoon to do this, because there are serveral traps in there, so I decide to write this blog to help other people who meet the same issue with me.

The main problem is MongoDB 3.0 uses a new version of authentication algorithom SCRAM-SHA-1, while 2.6 uses an old version MONGODB-CR. Actually there are other methods besides these two. These two are the default configuration. If one upgrades MongoDB from 2.6 to 3.0, the authentication schema version can be upgraded by authSchemaUpgrade from 3 to 5, and in the same time the authentication algorithom will be upgraded from MONGODB-CR to SCRAM-SHA-1. However, when one downgrades MongoDB from 3.0 to 2.6, you can not use authSchemaUpgrade to downgrade the authentication schema, and it will remain in 5 and the authentication algorithm will remain in SCRAM-SHA-1, which are not supported by MongoDB 2.6. So yes, without additional work, you are not able to log into the database.

This article provides a method to solve this issue, which is not documented by MongoDB official website (and appearantly not documented in anywhere).