Jinwei Zhao clarkzjw

Bash Shortcuts

Moving

command	description
ctrl + a	Goto BEGINNING of command line

朴素VPN：一个纯内核级静态隧道

由于路由管控系统的建立，实时动态黑洞路由已成为最有效的封锁手段，TCP连接重置和DNS污染成为次要手段，利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。

朴素VPN只需要一次内核配置（Linux内核），即可永久稳定运行，不需要任何用户态守护进程。所有流量转换和加密全部由内核完成，原生性能，开销几乎没有。静态配置，避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT，移动的内网用户可以使用此方法。支持广泛，基于L2TPv3标准，Linux内核3.2+都有支持，其他操作系统原则上也能支持。但有两个局限：需要root权限；一个隧道只支持一个用户。

朴素VPN利用UDP封装的静态L2TP隧道实现VPN，内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN，但是这种协议无法穿越NAT，因此必须利用UDP封装。内核3.18将支持Foo-over-UDP，在UDP里面直接封装IP，与静态的L2TP-over-UDP很类似。

创建一个朴素VPN

How to setup your own CA with OpenSSL

For educational reasons I've decided to create my own CA. Here is what I learned.

First things first

Lets get some context first.

Setting up a SSL Cert from Comodo

I use Namecheap.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.

These are the steps I went through to set up an SSL cert.

	[General]
	bypass-system = true
	skip-proxy = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, localhost, *.local
	bypass-tun = 0.0.0.0/8, 1.0.0.0/9, 1.160.0.0/11, 1.192.0.0/11, 10.0.0.0/8, 14.0.0.0/11, 14.96.0.0/11, 14.128.0.0/11, 14.192.0.0/11, 27.0.0.0/10, 27.96.0.0/11, 27.128.0.0/9, 36.0.0.0/10, 36.96.0.0/11, 36.128.0.0/9, 39.0.0.0/11, 39.64.0.0/10, 39.128.0.0/10, 42.0.0.0/8, 43.224.0.0/11, 45.64.0.0/10, 47.64.0.0/10, 49.0.0.0/9, 49.128.0.0/11, 49.192.0.0/10, 54.192.0.0/11, 58.0.0.0/9, 58.128.0.0/11, 58.192.0.0/10, 59.32.0.0/11, 59.64.0.0/10, 59.128.0.0/9, 60.0.0.0/10, 60.160.0.0/11, 60.192.0.0/10, 61.0.0.0/10, 61.64.0.0/11, 61.128.0.0/10, 61.224.0.0/11, 100.64.0.0/10, 101.0.0.0/9, 101.128.0.0/11, 101.192.0.0/10, 103.0.0.0/10, 103.192.0.0/10, 106.0.0.0/9, 106.224.0.0/11, 110.0.0.0/7, 112.0.0.0/9, 112.128.0.0/11, 112.192.0.0/10, 113.0.0.0/9, 113.128.0.0/11, 113.192.0.0/10, 114.0.0.0/9, 114.128.0.0/11, 114.192.0.0/10, 115.0.0.0/8, 116.0.0.0/8, 117.0.0.0/9, 117.128.0.0/10, 118.0.0.0/11, 118.64.0.0/10, 118.128.0.0/9,

	#!/usr/bin/bash

	DIR=/path/to/www/public
	DATA=/path/to/pms5003.rrd

	TIME=$1
	time=$(date '+%H\:%M\:%S')

	rrdtool graph $DIR/pm-$TIME.svg \
	--imgformat SVG \

	#!/bin/sh
	# sudo ./install-shadowsocks-local-service.sh

	cp shadowsocks-local.default /etc/default/shadowsocks-local
	cp shadowsocks-local.init /etc/init.d/shadowsocks-local
	chmod +x /etc/init.d/shadowsocks-local
	ln -s ../init.d/shadowsocks-local /etc/rc0.d/K01shadowsocks-local
	ln -s ../init.d/shadowsocks-local /etc/rc1.d/K01shadowsocks-local
	ln -s ../init.d/shadowsocks-local /etc/rc2.d/K01shadowsocks-local
	ln -s ../init.d/shadowsocks-local /etc/rc3.d/K01shadowsocks-local

	# -- mode: ruby --
	# vi: set ft=ruby :

	# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
	VAGRANTFILE_API_VERSION = "2"

	Vagrant.configure(VAGRANTFILE_API_VERSION) do \|config\|
	# Create a private network, which allows host-only access to the machine
	# using a specific IP.
	config.vm.define "host1" do \|hostone\|

	// ==UserScript==
	// @id iitc-plugin-Mir
	// @name IITC plugin: Hawk Eyes
	// @category Misc
	// @version 1.0.20150105.03
	// @namespace https://github.com/jonatkins/ingress-intel-total-conversion
	// @updateURL https://git.depad.fr/ingress-res/iitc-plugins/raw/master/pad-plugin-hawk_eyes.user.js
	// @downloadURL https://git.depad.fr/ingress-res/iitc-plugins/raw/master/pad-plugin-hawk_eyes.user.js
	// @description See all portals, neutrals included, regardless of the zoom used.
	// @include https://www.ingress.com/intel*

	The Goals of this Gist are to:
	[1] Increase the GnuPG key size limit beyond 4096 bits.
	[2] Provide configuration files that maximize security and anonymity.

	For now, the ideal configuration files have been provided.
	The Debian_Linux_GnuPG_Compiler.bash script works to build GnuPG with the 4096 bit key size limit raised.

	Please provide input. Feedback and changes welcome.