wongsyrone / linuxnotes Goto Github PK
View Code? Open in Web Editor NEWSome Notes related to GNU/Linux here
Some Notes related to GNU/Linux here
DNSSEC validation and caching. Dnsmasq needs to be
compiled with this enabled, with
make dnsmasq COPTS=-DHAVE_DNSSEC
this add dependencies on the nettle crypto library and the
gmp maths library. It's possible to have these linked
statically with
make dnsmasq COPTS='-DHAVE_DNSSEC -DHAVE_DNSSEC_STATIC'
which bloats the dnsmasq binary, but saves the size of
the shared libraries which are much bigger.
To enable, DNSSEC, you will need a set of
trust-anchors. Now that the TLDs are signed, this can be
the keys for the root zone, and for convenience they are
included in trust-anchors.conf in the dnsmasq
distribution. You should of course check that these are
legitimate and up-to-date. So, adding
conf-file=/path/to/trust-anchors.conf
dnssec
to your config is all thats needed to get things
working. The upstream nameservers have to be DNSSEC-capable
too, of course. Many ISP nameservers aren't, but the
Google public nameservers (8.8.8.8 and 8.8.4.4) are.
When DNSSEC is configured, dnsmasq validates any queries
for domains which are signed. Query results which are
bogus are replaced with SERVFAIL replies, and results
which are correctly signed have the AD bit set. In
addition, and just as importantly, dnsmasq supplies
correct DNSSEC information to clients which are doing
their own validation, and caches DNSKEY, DS and RRSIG
records, which significantly improve the performance of
downstream validators. Setting --log-queries will show
DNSSEC in action.
If a domain is returned from an upstream nameserver without
DNSSEC signature, dnsmasq by default trusts this. This
means that for unsigned zone (still the majority) there
is effectively no cost for having DNSSEC enabled. Of course
this allows an attacker to replace a signed record with a
false unsigned record. This is addressed by the
--dnssec-check-unsigned flag, which instructs dnsmasq
to prove that an unsigned record is legitimate, by finding
a secure proof that the zone containing the record is not
signed. Doing this has costs (typically one or two extra
upstream queries). It also has a nasty failure mode if
dnsmasq's upstream nameservers are not DNSSEC capable.
Without --dnssec-check-unsigned using such an upstream
server will simply result in not queries being validated;
with --dnssec-check-unsigned enabled and a
DNSSEC-ignorant upstream server, _all_ queries will fail.
Note that DNSSEC requires that the local time is valid and
accurate, if not then DNSSEC validation will fail. NTP
should be running. This presents a problem for routers
without a battery-backed clock. To set the time needs NTP
to do DNS lookups, but lookups will fail until NTP has run.
To address this, there's a flag, --dnssec-no-timecheck
which disables the time checks (only) in DNSSEC. When dnsmasq
is started and the clock is not synced, this flag should
be used. As soon as the clock is synced, SIGHUP dnsmasq.
The SIGHUP clears the cache of partially-validated data and
resets the no-timecheck flag, so that all DNSSEC checks
henceforward will be complete.
The development of DNSSEC in dnsmasq was started by
Giovanni Bajo, to whom huge thanks are owed. It has been
supported by Comcast, whose techfund grant has allowed for
an invaluable period of full-time work to get it to
a workable state.
How to use irc and maillist communicating with other people and how to write an Email.
openSUSE 的 zyppr、Fedora 的 yum、Archlinux 的 pacman、Gentoo 的 emerge
@seltsnow if you have any suggestions, pls write them down. Thx
1.在网页界面添加一个静态路由:接口选vpn,ip填写8.8.8.8,掩码等其他一律保留空白,保存并应用。
2.把etc/dnsmasq.d/gfw.conf中所有的域名全部添加到etc/dnsmasq.d/server.conf。(格式为:server=/google.com/8.8.8.8)
3.把etc/dnsmasq.d/server.conf中的Open DNS,Nortorn DNS,Comodo DNS,DNS Advantage,Verizon DNS,NTT DNS的sever都注释掉。
4.重启网络服务。
PS: etc/firewall.user中的iptables过滤污染ip的指令可以注释掉了。
huihui@huihui-PC:~/openwrt/openwrt$ make V=99 2>&1 |tee build.log |grep -i error
HOSTCC tools/lib/libfdt/fdt_strerror.o
/home/huihui/openwrt/openwrt/build_dir/host/u-boot-2014.10/lib/rsa/rsa-sign.c:279:21: error: dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
make[5]: *** [tools/lib/rsa/rsa-sign.o] Error 1
make[4]: *** [tools-only] Error 2
make[3]: *** [/home/huihui/openwrt/openwrt/build_dir/host/u-boot-2014.10/.built] Error 2
make[2]: *** [tools/mkimage/compile] Error 2
make[1]: *** [/home/huihui/openwrt/openwrt/staging_dir/target-mips_34kc_musl-1.1.14/stamp/.tools_install_yynyynynynyyyyyyynyyyyyyyyyyyyynyyyyynnyynynyyyynnnyy] Error 2
make: *** [world] Error 2
Bash shell中的位置参数$#,$*,$@,$0,$1,$2...及特殊参数$?,$-等的含义
在Bash shell中经常会见到一些比较特殊的符号,本人现收集与此,以供查阅:
位置参数:
详见ABS(Advanced Bash Shell)中文翻译版103页第9章第一节内部变量,当然英文版ABS都一样啦
$1, $2, $3等等...
位置参数,从命令行传递给脚本,或者是传递给函数.或者赋职给一个变量.
此数目可以任意多,但只有前9个可以被访问,使用shift命令可以改变这个限制。
(具体见Example 4-5 和Example 11-15)
$0
$0表示当前执行的进程名,script 本身的名字,或者在正则表达式中表示整行输出
$#
命令行或者是位置参数的个数.(见Example 33-2)
$*
所有的位置参数,被作为一个单词.
注意:"$_"必须被""引用.
$@
与$_同义,但是每个参数都是一个独立的""引用字串,这就意味着参数被完整地传递,
并没有被解释和扩展.这也意味着,每个参数列表中的每个参数都被当成一个独立的单词.
注意:"$@"必须被""引用.
其他的特殊参数
$-
传递给脚本的falg(使用set 命令).参考Example 11-15.
显示shell使用的当前选项,与set命令功能相同
注意:这起初是ksh 的特征,后来被引进到Bash 中,但不幸的是,在Bash 中它看上去也不
能可靠的工作.使用它的一个可能的方法就是让这个脚本进行自我测试(查看是否是交
互的).
$!
在后台运行的最后的工作的PID(进程ID).
$_
保存之前执行的命令的最后一个参数.
$?
命令,函数或者脚本本身的退出状态(见Example 23-7)
用于检查上一个命令,函数或者脚本执行是否正确。(在Linux中,命令退出状态为0表示该命令正确执行,任何非0值表示命令出错。)
$$
脚本自身的进程ID.这个变量经常用来构造一个"unique"的临时文件名.
(参考Example A-13,Example 29-6,Example 12-28 和Example 11-25).
这通常比调用mktemp 来得简单.
注意事项:
[1] 当前运行的脚本的PID 为$$.
[2] "argument"和"parameter"这两个单词经常不加区分的使用.在这整本书中,这两个
单词的意思完全相同.(在翻译的时候就未加区分,统统翻译成参数)
退出和返回
退出状态(exit status)
函数返回一个被称为退出状态的值. 退出状态可以由return 来指定statement, 否则函数的
退出状态是函数最后一个执行命令的退出状态(0 表示成功,非0 表示出错代码). 退出状态
(exit status)可以在脚本中由$? 引用. 这个机制使脚本函数也可以像C 函数一样有一个"
返回值".
return
终止一个函数.return 命令[1]可选地带一个整数参数,这个整数作为函数的"返回值"返回
给调用此函数的脚本,并且这个值也被赋给变量$?.
while true可以写为while :
Example 23-7 两个数中的最大者
###################Start Script#################
!/bin/bash
max.sh: 两个整数中的最大者.
_PARAM_ERR=-198 # 如果传给函数的参数少于2 个时的返回值.
QUAL=-199 # 如果两个整数值相等的返回值.
任一个传给函数的参数值溢出
ax2 () # 返回两个整数的较大值.
{ # 注意: 参与比较的数必须小于257.
if [ -z "$2" ]
then
return $E_PARAM_ERR
fi
if [ "$1" -eq "$2" ]
then
return $EQUAL
else
if [ "$1" -gt "$2" ]
then
return $1
else
return $2
fi
fi
}
max2 33 34
return_val=$?
if [ "$return_val" -eq $E_PARAM_ERR ]
then
echo "Need to pass two parameters to the function."
elif [ "$return_val" -eq $EQUAL ]
then
echo "The two numbers are equal."
else
echo "The larger of the two numbers is $return_val."
fi
exit 0
# 练习 (容易):
# ---------------
# 把这个脚本转化成交互式的脚本,
#+ 也就是说,让脚本可以要求调用者输入两个整数.
#####################End Script##################
会编程的可以不看,要实现所有功能,象PHP一百多行代码就可全部实现.本方法只针对不会编程的同学,涉及四个工具的使用:EXCEL,pingInfoView,火车头采集器,ultraedit类似的文本编辑器.
下面简单说下步骤,不介绍详细工具使用,自己百度工具使用,都很简单.
1.利用EXCEL把IP段产生具体的IP网址.
利用EXCEL下拉鼠标可以批量产生连续数字这一特点,可以快速把IP段的网址都产生出来.比如:
xxx.xxx.xxx.23-xxx.xxx.xxx.135
你可以把xxx.xxx.xxx.23放在一个表格中,在下面一格中填入xxx.xxx.xxx.24,然后下拉鼠标往下拉,一直到产生xxx.xxx.xxx.135为直,这样所有IP都出来了,再把所有IP粘贴到ULTRAEDIT或者写字板中.
2.利用PinginfoView先过滤掉PING不通IP.
工具虽然是英文的,但使用比较简单,基本就是把IP网址复制粘贴进去,点击开始等待一会,就先产生PING的各种数据,可以根据各种数据进行排序,这样你可以根据结果重新排序后,把适合的结果复制,直接粘贴到EXCEL中,再从EXCEL把合适的IP列粘贴到ULTRAEDIT中,就把能PING通的IP过滤出来了.
3.利用火车头采集器来快速判断GGC的IP是GOOGLE.COM的
具体用法自己百度,这应该算是玩网络的人的常用工具了.先用EXCEL插入一列,在过滤的所有IP前加入https://,然后复制粘贴到ULTRAEDIT中,把所有制表空格替换为空格.然后把网址导入火车头,采集规则就只采集默认的<title>就行,其他采集规则可删除,HTTP请求时间把默认的30秒改为5秒,这样可以大量节省采集时间
然后在"发布内容设置"中设定发布结果成文本,文本模板填入"[采集页网址]======[标签:title]",就行,剩下就是等待批量采集,能正确生成的文本格式如下:
https://xxx.xxx.xxx.23======Google
https://xxx.xxx.xxx.110======Google
...
剩下就是利用URLTRAEDIT,把多余的"===GOOGLE","https://"等字符替换成空格,剩下的IP就全部是能PING通的GOOGLE.COM的IP了.把这些IP保存在一个文本中长期保存
4.再次利用pingInfoView来挑选最快的IP.
由于各地电信,联通运营PING的速度不一样,可以把步骤3保存的IP文本利用pingInfoView在不同地点上网随时批量PING,挑选响应时间最短的几个到十个IP左右,加入到配置文件的[IPLIST]中,重启GOA,这样速度基本就会快不少.我就是这样只用了五分钟就把四百多IP全部过滤完的.
http://buildbot.openwrt.org:8010/
You can check whether it's really a compile bug on your side.
tracepath www.hostloc.com
mtr www.hostloc.com 實時
dotfiles and some issue solutions
and dtb, dts, dtsi related info(?)
必须先选择好目标(target)类型才能执行 make defconfig
这里没说如何选择目标,例如 ar71xx
echo CONFIG_TARGET_ar71xx=y > .config
那些要装搜狗输入法装不上的,还有装了以后总是乱码的,请看这里!!
乱码的原因是搜狗用的fcitx前端qimpanel和fcitx-frontend冲突,所以解决乱码问题以及解决总是只能输入“请使用qimpanel”提示的方法就是不安装fcitx-frontend。
强烈建议所有想要安装搜狗输入法的同志们把fcitx和你现在装的搜狗卸个干净先!
比如这样:sudo apt-get remove fcitx* sougou*
sudo apt-get autoremove
卸载干净以后,请看薄荷开源网的这篇文章:
同根生:Linux Mint Debian安装搜狗输入法
http://www.mintos.org/config/lmde-sogou-input.html
由于文章是为LMDE写的,所以与我们现在要做的有些出入:
1.添加PPA的步骤按照 @蝶舞异度 写的,
"添加官方维护的PPA安装最新版本的Fcitx(目前通过PPA安装的版本为4.2.8.3)。
sudo add-apt-repository ppa:fcitx-team/nightly"
鉴于咱们的版本问题,是一定会报错的。打开/etc/apt/sources.list.d/fcitx-team-nightly-trusty.list,将“main”前面的代号修改为saucy即可。这个文件记得要用sudo提升权限才可以改。
2.从sudo apt-get update开始,按照文章里面的内容往下走。
sudo apt-get install fcitx fcitx-table-wubi-large fcitx-ui-classic fcitx-module-kimpanel这一句里面的带有wubi的那一项是五笔,可以不用安装的,把fcitx-table-wubi-large去掉就可以。
3.下载的搜狗安装文件安装时不需要点两遍。“输入法”配置工具也是自带的,不需要再另行安装。
另外,说一下发现的问题。
1.在火狐浏览器里面输入的时候不能跟随光标。
2.可能是没有重启,只是注销的缘故,我的输入法托盘图标没有显示,等下次重启再看看。
3.偶尔会把单个的字母夹杂在文字当中打出来,就好像漏过去了。但是这种情况出现的比较少。
END.
compile VLC player on Ubuntu 12.04
vlc官方教程:
http://wiki.videolan.org/UnixCompile
git工程
http://wiki.videolan.org/Git
本次安装平台:
[vmware ubuntu10.04]
[vlc1.1.7]
sudo apt-get build-dep vlc
cd vlc-1.1.7
./bootstrap
./configure --enable-x11 --enable-xvideo --disable-gtk --enable-sdl --enable-avcodec --enable-avformat --enable-swscale --enable-mad --enable-libdvbpsi --enable-a52 --enable-libmpeg2 --enable-dvdnav --enable-faad --enable-vorbis --enable-ogg --enable-theora --enable-faac --enable-mkv --enable-freetype --enable-fribidi --enable-speex --enable-flac --enable-live555 --with-live555-tree=/usr/lib/live --enable-caca --enable-skins --enable-skins2 --enable-alsa --disable-kde --enable-qt4 --enable-ncurses --enable-release –enable-root
./compile
sudo make install
(2)No package 'xcb-shm' found
sudo apt-get install libx11-xcb-dev libxcb-shm0-dev libxcb-xv0
(3)安装后可能会出现vlc: error while loading shared libraries: libvlc.so.2: cannot open shared object file: No such file or directory
使用 whereis libvlc.so.2可以查看到当前系统中已经装了libvlc.so.2,
解决:输入:sudo /sbin/ldconfig即可,重新进行配置。
sudo apt-get install libhal-dev libdbus-1-dev
sudo apt-get install libmad0-dev
sudo apt-get install libavcodec-dev
sudo apt-get install libavformat-dev
sudo apt-get install libswscale-dev
sudo apt-get install libpostproc-dev
sudo apt-get install liba52-dev
sudo apt-get install libfribidi-dev libqt4-dev
sudo apt-get install libgcrypt-dev
sudo apt-get install libx11-xcb-dev
sudo apt-get install libxcb1 libxcb1-dev
sudo apt-get install lua4.0 lua5.1
待測試步驟
新立得卸載所有和vlc相關的
去qt官網下載x64 .run 安裝
檢查contrib 安裝附加addon
配置全的configure參數
編譯安裝
參考鏈接
https://wiki.videolan.org/
https://wiki.videolan.org/Category:Building/
https://wiki.videolan.org/Configure/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.