Author Archives: henry

Process Substitution <(LIST) >(LIST)

Process substitution is supported on systems that support named pipes (FIFOs) or the /dev/fd method of naming open files. It takes the form of

<(list)
or
>(list)

The process list is run with its input or output connected to a FIFO or some file in /dev/fd. The name of this file is passed as an argument to the current command as the result of the expansion. If the >(list) form is used, writing to the file will provide input for list. If the <(list) form is used, the file passed as an argument should be read to obtain the output of list. Note that no space may appear between the < or > and the left parenthesis, otherwise the construct would be interpreted as a redirection.

For example:
$ cat < <(ls)
$ (echo "YES")> >(read str; echo "1:${str}:first";)> >(read sstr; echo "2:$sstr:two")> >(read ssstr; echo "3:$ssstr:three")

See also:

Bash Reference Manual
Bash Hackers Wiki

Invisible characters mess js and css up

Some invisible characters may cause program fault, and it’s hard to locate.

For example UTF-8 BOM in the middle of css file may interrupt the css parser, you can find it by
find . -name '*.js' -type f -print0 | xargs -0 grep -r $'\xEF\xBB\xBF'

UTF-8 Line Separator may cause the debugger misunderstand the right line, you can find it by
find . -name '*.js' -type f -print0 | xargs -0 grep -r $'\xe2\x80\xa8'

And you also can cat to display all non-printing characters
BSD cat
cat -evt file
GNU cat
cat -A file

Or sed (better for multi-byte characters)
sed -n "l" file

Fix rtl8192cu monitor mode on raspberry pi

The rtlwifi(for Wifi chips such as those based on Realtek’s 8192cu) is the upstream driver and rtl8192cu is the out-of-stream driver, and the rtlwifi driver seems to be rather unstable on the Raspberry PI (It works fine on x86 machines), so it doesn’t generally get included in most distributions, in the commit 6d4d3a978afbc332af02e548bd0e8ced16dff296 non-mainline source for rtl8192cu wireless driver
is added and rtlwifi is disabled for stabilization. The result is you can not use monitor mode any more.


$ sudo iwconfig wlan0 mode monitor
Error for wireless request "Set Mode" (8B06) :
SET failed on device wlan0 ; Invalid argument.

The only way to solve it is to build your own kernel… (T▽T)

Follow the raspberry manual to build kernel, notice you should change some files before compiling.

Enable the rtlwifi

Uncomment this line in drivers/net/wireless/Makefile

#obj-$(CONFIG_RTLWIFI) += rtlwifi/

Also uncomment this line in drivers/net/wireless/Kconfig
#source “drivers/net/wireless/rtlwifi/Kconfig”

Fixing the regulatory domain (CRDA)

The rtlwifi driver ignores the regulatory set by the CRDA service. Cause of that the card will only have channels 1 to 11 and runs at maximum 20 dBm. This is the world standard of CRDA.
The easiest way is to modified the world standard definition in the driver.
Changing this line

#define RTL819x_2GHZ_CH01_11 \
REG_RULE(2412-10, 2462+10, 40, 0, 20, 0)

To

#define RTL819x_2GHZ_CH01_11 \
REG_RULE(2412-10, 2484+10, 40, 0, 33, 0)

The REG_RULE function is defined as follow:
REG_RULE(min_freq, max_freq, kHz, max_dbm_with_antenna, max_dbm, flags)
So the value I changed will make them to use all 14 channels available worldwide and to use a maximum dBm of 33 (what is about 2000 mW). Of course you can change it to any value reasonable.

Then you can compile the kernel, after that, you have to add the 8192cu to blacklist avoiding the supplied driver. modify or add /etc/modprobe.d/8192cu.conf

blacklist 8192cu

Ok, that’s all I fixed.
I do not find any wrong using the old rtlwifi driver so far, but if you wanna recover to the original driver, just comment the blacklist in the 8192cu.conf.

搭设 OpenConnect VPN for IOS

OpenConnect server, also known as ocserv, is a VPN server that communicates over SSL. By design, its goal is to become a secure, lightweight, and fast VPN server. OpenConnect server uses the OpenConnect SSL VPN protocol. At the time of writing, it also has experimental compatibility with clients that use the AnyConnect SSL VPN protocol.
Why AnyConnect? Although any connect protocol is simple for GFW to discover, it has been used for many large companies having relation of GDP. So right now it’s more safe than pptp openvpn and some other VPN protocols.


Update On Jan 2018
新建了一个可以快速搭建Docker镜像,可以不读下面冗长的内容了。


这里主要讲一下debian系统搭建ocserv的方式方法。

Continue reading

How to create an accesspoint using a RealTek 8192cu Usb Wifi Dongle In RPI1 B+

8192cu is now supplied in default kernel, but it is not working when running as an access point. So I need to recompile the driver.

1.get the kernel’s headers

You have to get the kernel’s header files, the common way is

sudo apt-get install linux-headers-...

But in RPI, the easiest way is rpi-source.

sudo wget https://raw.githubusercontent.com/notro/rpi-source/master/rpi-source -O /usr/bin/rpi-source && sudo chmod +x /usr/bin/rpi-source && /usr/bin/rpi-source -q --tag-update

The kernel is compiled by gcc-4.8.3+, so if you have the gcc below 4.8.3, you have to install it.
first add

deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi

in /etc/apt/sources.list, and then

sudo apt-get install -t jessie gcc-4.8 g++-4.8

maybe you want to manage multi gcc versions

sudo update-alternatives --remove-all gcc
sudo update-alternatives --remove-all g++
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.6 20
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.8 50
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.6 20
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.8 50

also you need curses for make menuconfig

sudo apt-get install libncurses5-dev

Continue reading

搭建翻墙Host

翻墙的方法有很多,譬如PPTP,SSH-D,SOCK5,但是终究需要在客户端安装一些软件,而且如果提供给其他人使用又会有安全问题,比如暴露密码。有一种翻墙的方法最容易,那就是Host,通过修改客户端的Host文件、路由的自定义Host或者局域网DNS服务,来达到翻墙的目的。
譬如我想翻 www.google.com 那么只需要配置

x.x.x.x www.google.com

甚至如果你在路由设置好这个,访问该路由的人都自然而然的翻墙了。

Continue reading

Weighted Round Robin In Nodejs

Round-robin (RR) is one of the algorithms employed by schedulers in computing. Jobs are assigned to each worker in circular order, It’s simple but useful.

I have a web server writing by node just for front-end display, APIs are most holding by back-end servers. So I have 2 functions supporting my structure. The first is health check helping me check whether the back-end server is ready; and the other one is round robin scheduling, to ensure an even distribution.
Continue reading

GFW拦截socks5诡异的规则

GFW会拦截socks5明文的包,今天发现一个诡异的现象,就是有些包虽然含有一些敏感词,譬如google.com还是能通过,所以就跟了一下,发现和初始化socks5有关。
初始化socks5连接的时候客户端会发送一个“我能接受何种验证的包”,格式大概为
05 02 00 02
05意思为socks5版本,02支持两种验证格式,后两位就是两种验证格式,所有的验证格式如下

  1. 0x00: No authentication
  2. 0x01: GSSAPI[12]
  3. 0x02: Username/Password[13]
  4. 0x03–0x7F: methods assigned by IANA[14]
  5. 0x80–0xFE: methods reserved for private use

如果支持的验证方式包含GSSAPI,即便最终的交互没有用到这种方式,那么后续正文内容的包就不会被扫描拦截。
也就是如果一旦是
05 03 00 01 02
GFW就休息了。
煞是奇怪。起码最近是这样。所以为了自由一点,所以还是stunnel吧