How to Setup TigerVNC on Jetson Nano

After spending time getting the native Vino VNC server running, I could not believe how crappy the screen response time was. Mouse clicks took forever, let alone the lag from trying to type something into the Terminal or Microsoft Code without misspelling it. This felt wrong; VNC is usually very responsive, especially inside a local network. This aggravation led me to to comb through blog and forum posts searching for a complete walkthru on how to set up TigerVNC. I could not find one.

Standing on the shoulders of others, I present this end-to-end guide to you. Its the synthesis of other posts into one complete document that you can follow to get TigerVNC working and have a VERY responsive, smooth VNC server at the end to get real work done.

I did most of this work via SSH command line, but it may be helpful for you to do this at the console of the Nano itself. Your choice. Note that after you complete this, you do not need to have an HDMI cable plugged into the Nano; I only have power, Ethernet, and a webcam plugged in, and both VNC and SSH work perfectly. I have found VNC Connect from RealVNC to be a great VNC client for the Mac (and other platforms).

A few system housekeeping updates before we get started to ensure everything is up-to-date. I also install Nano here for text editing:
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install nano

Install Tiger VNC itself:
$ sudo apt install tigervnc-standalone-server

Set a password for VNC. You don’t need a view-only password.
$ $ vncpasswd

Install the software that allows copy/paste to and from server and client
$ sudo apt-get install autocutsel

Change to the ~/.vnc directory and create your xstartup file:
$ cd ~/.vnc
$ sudo nano xstartup

Add the following contents to your xstartup file where <user> is your home directory name:
export XDG_RUNTIME_DIR=/run/user/1000
xrdb /home/<user>/.Xresources
xsetroot -solid grey
# copy/paste enablement
vncconfig -nowin &
autocutsel -forkgnome-session &
startlxde &

Make the xstartup file executable:
$ sudo chmod 755 ~/.vnc/xstartup

Check to see if the .Xresources file is present where <user> is your home directory:
$ ls -al /home/<user>/.Xresources

Create the .Xresources file if it does not already exist
$touch /home/<user>/.Xresources

Set VNC to start automatically. Change to the correct systemd directory:
$ cd /etc/systemd/system
Create a file called vncserver@.service (yes, that @ symbol is required)
$ sudo nano vncserver@.service

Add the text below into the file, changing the user, group, and home directory to reflect your installation. Change the monitor resolution in the ExecStart line to your preferred resolution (mine is 2560×1400, but I also included a sample for 1080P resolution that is commented out for your convenience).

Description=Start TigerVNC Server at startup

User=<your username>
Group=<your group name>
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver :%i -depth 24 -geometry 1920×1080 -nolisten tcp
# ExecStart=/usr/bin/vncserver :%i -depth 24 -geometry 2560×1400 -nolisten tcp
ExecStop=/usr/bin/vncserver -kill :%i


Check the /etc/vnc.conf and ensure VNC server access is enabled from more than just localhost:
$ sudo nano /etc/vnc.conf

Inside the vnc.conf file, ensure that the following line is uncommented:
$localhost = “no”;

Configure auto-login with GDM3 (if not already configured you created your Nano installation:
$ sudo nano /etc/gdm3/custom.conf

In the custom.conf file, uncomment or add the following lines:
AutomaticLogin=<your username>

Add vnc to start at reboot by running the following two commands. One restarts the daemons, and the other creates a symlink to the vncserver@.service you created earlier.

$ sudo systemctl daemon-reload
$ sudo systemctl enable vncserver@1
Created symlink /etc/systemd/system/ → /etc/systemd/system/vncserver@.service.

Test that the VNC service starts and review its status before rebooting
$ sudo systemctl start vncserver@1
$ sudo systemctl enable vncserver@1

Check for any errors that show up here.

Reboot the Nano. You should now be able to connect via a VNC client to the Nano by using a connection string that looks like this:

Here my Nano has the IP address and its connecting to the :1 instance of VNC. If you are unable to connect, login to the Nano via SSH and begin troubleshooting:

Check to see that the VNC process is actually running:
$ ps -ax |grep vnc
5590 ? Sl 0:20 /usr/bin/Xtigervnc :1 -desktop nvidia-desktop:1 (cosjef) -auth /home/cosjef/.Xauthority -geometry 1920×1080 -depth 24 -rfbwait 30000 -rfbauth /home/cosjef/.vnc/passwd -rfbport 5901 -pn -SecurityTypes VncAuth,TLSVnc -nolisten tcp
13789 pts/3 S+ 0:00 grep –color=auto vnc

Check to see if the VNC server is listening on ALL ports, as designated by the IP address with port 5901 active. It should look something like this:
$ netstat -pantl | grep LISTEN
tcp 0 0* LISTEN 5590/Xtigervnc
tcp 0 0* LISTEN –
tcp 0 0* LISTEN –
tcp 0 0* LISTEN –
tcp 0 0* LISTEN –
tcp 0 0* LISTEN –
tcp 0 0* LISTEN –
tcp6 0 0 :::5901 :::* LISTEN 5590/Xtigervnc
tcp6 0 0 :::111 :::* LISTEN –
tcp6 0 0 ::1:53 :::* LISTEN –
tcp6 0 0 :::22 :::* LISTEN –
tcp6 0 0 ::1:2947 :::* LISTEN –

Check the actual log files that TigerVNC writes for any specific errors. A success operation will look something like the logfile below:
$ cat ~/.vnc/nvidia-desktop:1.log
Sat Apr 3 20:32:32 2021
Connections: accepted:
SConnection: Client needs protocol version 3.8
SConnection: Client requests security type VncAuth(2)
VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888
VNCSConnST: Client pixel format depth 6 (8bpp) rgb222
VNCSConnST: Client pixel format depth 24 (32bpp) little-endian rgb888

Sat Apr 3 20:32:34 2021
Connections: closed: (Clean disconnection)
EncodeManager: Framebuffer updates: 3
EncodeManager: ZRLE:
EncodeManager: Indexed RLE: 34 rects, 2.07486 Mpixels
EncodeManager: 82.4463 KiB (1:24.6181 ratio)
EncodeManager: Full Colour: 34 rects, 2.07403 Mpixels
EncodeManager: 2.07756 MiB (1:3.8084 ratio)
EncodeManager: Total: 68 rects, 4.14889 Mpixels
EncodeManager: 2.15808 MiB (1:4.58478 ratio)

Disable Thumbd Daemon on Synology DiskStation

I have no need for the FileStation app to generate thumbnails of the content I store on my Synology Diskstation NAS, but when I looked at what was running, it spun up several daemons anyway:

6790 ? Ssl 0:00 /var/packages/FileStation/target/sbin/thumbd
6792 ? Ss 0:00 /var/packages/FileStation/target/sbin/thumbd
6793 ? Ss 0:00 /var/packages/FileStation/target/sbin/thumbd
6818 ? Ssl 0:13 /var/packages/CloudSync/target/sbin/syno-cloud-syncd /volume1/@cloudsync/config/daemon.conf
6987 ? Ss 0:00 /var/packages/FileStation/target/sbin/thumbd
6988 ? Ss 0:00 /var/packages/FileStation/target/sbin/thumbd
6989 ? Ss 0:00 /var/packages/FileStation/target/sbin/thumbd
6990 ? Ss 0:00 /var/packages/FileStation/target/sbin/thumbd
6991 ? Ss 0:00 /var/packages/FileStation/target/sbin/thumbd
6992 ? Ss 0:00 /var/packages/FileStation/target/sbin/thumbd
6993 ? Ss 0:00 /var/packages/FileStation/target/sbin/thumbd
6994 ? Ss 0:00 /var/packages/FileStation/target/sbin/thumbd

You cannot disable or turn off the FileStation functionality without breaking some core GUI items that are required for normal functioning in the web interface. But, you can stop the thumbd service from running and chewing up unnecessary system resources. Here’s how:

  1. Browse to the /var/packages/FileStation/target/etc/conf directory.
  2. Issue this command to rename the thumbd.conf file:   mv thumbd.conf thumbd.conf.orig
  3. Reboot the Synology device.
  4. SSH into the device and you should no longer see any instance of the thumbd

Disabling Indexing On the Synology DS216+

After 6 years, I finally upgraded my Synology DS209 to a DS216j, and still find indexing to be a problem service that I want to turn off. A few things I found out about how the indexing service is setup on the newer DS216j:

1) Finding the running index processes:
ps ax|grep index
6291 ? SNs 0:00 /usr/syno/sbin/synoindexd
6788 ? SN 0:00 /usr/syno/sbin/synoindexscand
6789 ? SN 0:00 /usr/syno/sbin/synoindexworkerd
6790 ? SN 0:00 /usr/syno/sbin/synoindexplugind
22715 pts/3 S+ 0:00 grep –color=auto index

2) Indexing is controlled through an Upstart job located at /usr/syno/sbin/synoindexd
You can review all Upstart jobs by issuing the command “initctl list”

3) If you want to look at the index job specifically, issue the “initctl show-config synoindexd” command to reveal the specifics of the job:

start on started pgsql-adapter
stop on stopping pgsql-adapter

4) If you want to review the script itself, open the /etc/init/synoindexd.conf file:

description “configure network device”
author “Web Application Team”

start on started pgsql-adapter
stop on stopping pgsql-adapter

expect fork

respawn limit 5 10

pre-start script

# make sure pgsql is running
if /usr/syno/sbin/synoservice –is-enabled pgsql > /dev/null 2>&1; then
echo “PGSQL service is disabled. Skip…”
exit 1

end script

exec /usr/syno/sbin/synoindexd

post-stop script
echo “Stopping Synology Index Daemon…”
killall synoindexscand > /dev/null 2>&1 || true
killall synoindexworkerd > /dev/null 2>&1 || true
killall synoindexplugind > /dev/null 2>&1 || true
killall synomediaparserd > /dev/null 2>&1 || true
end script


Notice that the index script is tied to the Postgresql database start. If you try killing the index service with a “kill -9” command it will kill the process, and then restart it. I have not yet tried, but perhaps the best way to stop the index service is to edit the /etc/init/synoindexd.conf file and change the “start on started pgsql-adapter” line to “stop on started pgsql-adapter.”

I will update this post as I try this solution.


Installing WS02 API Manager On Ubuntu Linux 14.04

There are official instructions to installing WSO2 API Manager that can be found here, but I found them lacking in critical details. The walkthrough below lays out the detailed steps for doing this.  I spun up the cheapest $5/month VM at Digital Ocean to keep costs down as I experimented. These VMs have 20GB of hard disk and 512MB of RAM, which are FAR below the recommended sizing for API Manager. I  recommend adhering to those guidelines if you are deploying to production.

  1. Login to Digital Ocean and spin up a preconfigured Ubuntu 14.4 x64 Droplet.
  2. Once provisioned, update the Droplet to have the latest packages (sudo apt-get update, sudo-apt-get upgrade,sudo apt-get dist upgrade) and reboot into the latest Linux kernel.
  3. I like to install HTOP for a more visual understanding of how a server is consuming resources: sudo apt-get install htop
  4. Install Oracle Java 7 (NOT a newer version – the official documents explicitly state this)
    (UPDATE: the latest API Manager 1.10 fully supports JDK 1.8)

    1. sudo apt-get install python-software-properties
    2. sudo add-apt-repository ppa:webupd8team/java
    3. sudo apt-get install oracle-java7-installer
    4. Check that Java was installed properly with the “java -version” command:
      java version “1.7.0_80”
      Java(TM) SE Runtime Environment (build 1.7.0_80-b15)
      Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed mode)
    5.  sudo apt-get clean all
  5. Create a 2GB swapfile to ensure you can start WSO2 in a memory-constrained environment:
    1. Create a swapfile:
      1. sudo swapoff /swapfile
        sudo dd if=/dev/zero of=/swapfile bs=1024 count=1024
        sudo dd if=/dev/zero of=/swapfile bs=2048 count=2048
        sudo mkswap /swapfile
        sudo swapon /swapfile
        sudo chown root:root /swapfile
        sudo chmod 0600 /swapfile
        sudo nano /etc/fstab
        /swapfile none swap sw 0 0
  6. Edit the /etc/environment file to point two variables to their proper places:
    1. Add the following:
      1. JAVA_HOME=”/usr/lib/jvm/java-7-oracle/”
      2. source /etc/environment
      3. Test the variables:  echo #JAVA_HOME
  7. WSO2 needs a backing MYSQL server to run. Here is how you install it:
    1. sudo apt-get install mysql-server
    2. Set a password: mysqladmin -u root password (password)
    3. Change the max_connections variable from 100 to 2 in /etc/mysql/my.conf
      max_connections = 2
    4. Import the WSO2 database schema in MySQL:
      1. mysql -u root -p WSO2AM_STATS_DB < /usr/local/opt/wso2am-1.10.0/dbscripts/stat/sql/mysql.sql
  8. Download the WS02 zipped binary from here, and copy it to the Droplet. Its 381Mb in size, so it may take awhile to download.
  9. Once the file is on the server, unzip it to the /usr/local/opt directory:
    1. mkdir -p /usr/local/opt
    2. cp /usr/local/opt
    3. unzip
  10. Note that logs for the server are kept in the /usr/local/opt/wso2am-1.10.0/repository/logs directory if you need to review them. The wso2carbon.log contains a great deal of useful information.
  11. Edit the server startup script (, adding the same variables you added to /etc/environment to the top of the file:
    1. sudo nano /usr/local/opt/wso2am-1.10.0/bin/
    2. JAVA_HOME=”/usr/lib/jvm/java-7-oracle/”
  12. Edit the server startup script ( to alter the JVM size parameters:
    1. sudo nano /usr/local/opt/wso2das-3.0.0/bin/
    2. Scroll down to approximately line 294
    3. Change the parameters to read: -Xms256m -Xmx1024m -XX:MaxPermSize=256m \
  13. Start the server: /usr/local/opt/wso2am-1.10.0/bin/ start
    1. Note that it takes AWHILE to startup the server, as a number of applications have to be deployed. Be patient and expect high CPU usage.
    2. You can tail the wso2carbon.log file to watch startup happen:   tail -f /usr/local/opt/wso2am-1.10.0/repository/logs/wso2carbon.log
    3. Stopping the server is done via the same command: /usr/local/opt/wso2am-1.10.0/bin/ stop
  14. If everything started successfully, you will see the assertions below in the wso2carbon.log

TID: [-1234] [] [2016-01-10 20:17:11,502] INFO {org.wso2.carbon.core.internal.StartupFinalizerServiceComponent} – Server : WSO2 API Manager-1.10.0 {org.wso2.carbon.core.internal.StartupFinalizerServiceComponent}
TID: [-1234] [] [2016-01-10 20:17:11,547] INFO {org.wso2.carbon.core.internal.StartupFinalizerServiceComponent} – WSO2 Carbon started in 106 sec {org.wso2.carbon.core.internal.StartupFinalizerServiceComponent}
TID: [-1234] [] [2016-01-10 20:17:13,710] INFO {org.wso2.carbon.ui.internal.CarbonUIServiceComponent} – Mgt Console URL : {org.wso2.carbon.ui.internal.CarbonUIServiceComponent}
TID: [-1234] [] [2016-01-10 20:17:13,715] INFO {org.wso2.carbon.ui.internal.CarbonUIServiceComponent} – API Publisher Default Context : {org.wso2.carbon.ui.internal.CarbonUIServiceComponent}
TID: [-1234] [] [2016-01-10 20:17:13,716] INFO {org.wso2.carbon.ui.internal.CarbonUIServiceComponent} – API Store Default Context : {org.wso2.carbon.ui.internal.CarbonUIServiceComponent}

15. You can also run the “netstat -pantl” command to verify all the ports are listening:

netstat -pantl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0* LISTEN 2373/java
tcp 0 0* LISTEN 2373/java
tcp 0 0* LISTEN 884/sshd
tcp 0 0* LISTEN 2373/java
tcp 0 0* LISTEN 2373/java
tcp 0 0* LISTEN 2373/java
tcp 0 0* LISTEN 2373/java
tcp 0 0* LISTEN 2373/java
tcp 0 0* LISTEN 2373/java
tcp 0 0* LISTEN 2373/java
tcp 0 0* LISTEN 2373/java

15. OPTIONAL: change the listener.

By default the server is set to only be accessible by localhost. This may be suboptimal if you want to make the server available on the Internet. Make this change in the /usr/local/opt/wso2am-1.10.0/repository/conf/carbon.xml file:

sudo nano -c carbon.xml
Change the <HostName> and (MgtHostName> elements to reflect either your Droplet’s external IP or DNS name:




16. Login to API Manager

Note that the product uses a self-signed SSL cert, and your browser will balk at it. Provision a legitimate cert or tell your browser to ignore the error. The former is recommended. Here is what that process looks like, which gets you to the main console:

2016-01-17_11-42-07  2016-01-17_11-43-03

17. The main login screen will look like the screenshot below. Note that I have deployed a sample API app.


This should get you up and running, deploying APIs with the product. Note that the API statistics portion of the API Manager product will not be available unless you install the DAS (Data Analytics Server) module on a separate server, as DAS provides that functionality. If you do not install DAS, you will not be able to view any statistics about your APIs, and will see the following soft error when you try to access the Statistics section:


Installing Mitmproxy on OSX Yosemite

There are only a few steps here, but they are important ones:

1) $ sudo easy_install pip
2) $ sudo pip install mitmproxy
3) $ mitmproxy –version
You are using an outdated version of pyOpenSSL: mitmproxy requires pyOpenSSL 0.14 or greater.
Your pyOpenSSL 0.13.1 installation is located at /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL

4) $ sudo easy_install –upgrade PyOpenSSL
5) $mitmproxy –version
mitmproxy 0.11.3

Upgrading Ruby To A New Patch Version

Ruby exploits are becoming more common. When one is found, it is often necessary to upgrade the Ruby in your Ruby-on-Rails  stack to the latest patch version to mitigate the vulnerability du jour. If you are using RVM, here’s how you do it:

1) Verify the latest, stable version of Ruby currently available for download at
Note the version number.

2) Check your current version of ruby.
$ rvm list
=* ruby-2.0.0-p247 [ x86_64 ]

3) Download and upgrade to the latest, stable version of RVM
$ rvm get stable

4) List the versions of Ruby that RVM knows about.
$ rvm list known
You are looking for the “MRI Rubies” section-scroll up to find it. Then ensure the Ruby version you found in step one is in the list:

5) Upgrade Ruby by passing in the name of your current version and the top-level version number.
rvm <your_current_version> 2.0.0
$ rvm upgrade 2.0.0-p247 2.0.0
You should see a confirmation message appear:
Are you sure you wish to upgrade from ruby-2.0.0-p247 to ruby-2.0.0-p353? (Y/n):

6) Select Yes to comments the upgrade. It may take some time to complete, as Ruby must be downloaded and compile, but finish without incident. Note that the installer will also offer to move your gems to the new version, while deleting them from the old version. It will also offer to move your aliases and wrappers. For convenience sake, its advisable to accept these choices.
Are you sure you wish to MOVE gems from ruby-2.0.0-p247 to ruby-2.0.0-p353?
This will overwrite existing gems in ruby-2.0.0-p353 and remove them from ruby-2.0.0-p247 (Y/n):
Do you wish to move over aliases? (Y/n): y
Do you wish to move over wrappers? (Y/n): y

7) Removing old, vulnerable version of Ruby.
It is also advisable to allow the installer to remove the older version of Ruby:
Do you also wish to completely remove ruby-2.0.0-p247 (inc. archive)? (Y/n):
Removing ruby-2.0.0-p247……..

8) If all has gone as expected, you will see a confirmation message.
Successfully migrated ruby-2.0.0-p247 to ruby-2.0.0-p353
Upgrade complete!

9) Set the upgraded version of Ruby as your RVM default.
$ rvm –default use 2.0.0

10) Verify you are running the new, patched version of Ruby:
$ rvm list
=* ruby-2.0.0-p353 [ x86_64 ]

Starting Chrome on a blank page.

As a new Chrome user, I wanted a plain, white blank page to start my web browsing. What I got by default was the Google tab view page. Here is how you set a blank startup page for Chrome:

1) Settings -> On Startup -> Open a specific page or set of pages.
2) Click Set pages to open Startup Pages window
3) Click the X to delete what you find there.
4) In the field for Add a New Page, enter: about:blank
5) Click OK to save the change.

Now completely close out of Chrome, and restart it. You should be brought to a blank page.

10 Steps to Ruby 2.x and Rails 4.x on Mountain Lion

1) Download and install Xcode Command Line Tools
Mountain Lion file name: xcode462_cltools_10_86938259a.dmg

2) Install GitHub for Mac
This also has an option to install the Git command-line tools. Choose that option.

3) Install RVM
$ curl -L | bash -s stable –ruby

4) Source rvm to open in the existing shell
$ source ~/.rvm/scripts/rvm

5) Set default Ruby version
$ rvm –default use 2.1.0

6) Update Gem manager
$ gem update –system

7) Use the global Gemset by default
$ rvm gemset use global

8) Update all Gems
$ gem update

9) Don’t download Gem documentation at install
$ echo “gem: –no-document” >> ~/.gemrc

10) Install Rails
$ gem install rails